Practice Test #1

Correct: C (getContext().getRequest();). In a Cosmos DB JavaScript trigger, you access the current operation (create/replace) through the request object. For a pre-trigger, you read and modify the document being written via request.getBody() and request.setBody(). That is exactly what you need to ensure the tip property exists and is numeric before the write is committed. Why others are wrong: - A (__.value();) is not a Cosmos DB trigger API call. - B (__.readDocument('item');) is not the right pattern for a trigger that modifies the incoming document; reading an existing document is more typical in stored procedures or when you need to fetch related data, and the option shown is not the standard trigger call signature. - D (getContext().getResponse();) is used mainly in post-triggers to shape the response after the operation, not to enforce required properties before persistence.

The trigger must ensure that the tip property is present and contains a numeric value. Option C correctly checks whether tip is not a number or is null, which covers invalid values and allows the trigger to assign a default numeric value such as 0. Option A only checks whether the property is missing and does not handle cases where tip exists but is non-numeric, which violates the requirement. Options B and D use APIs or patterns that are not valid for Cosmos DB JavaScript triggers in this scenario.

Correct: A (setBody(i);). In a pre-trigger, after you modify the incoming document (for example, adding i.tip = 0 when missing), you must write the updated document back into the request pipeline using request.setBody(i). This ensures Cosmos DB persists the modified version of the document. Why others are wrong: - B (setValue(i);) is not the Cosmos DB trigger method for updating the request body. - C (upsertDocument(i);) and D (replaceDocument(i);) are document write operations typically used in stored procedures (and sometimes in triggers for side effects), but they are not the correct mechanism to modify the document currently being created/replaced. Using them could also cause unintended extra writes, RU consumption, and potential recursion/complexity. The exam-expected pattern for enforcing/normalizing fields on the incoming document is request.setBody().

Azure Function code does not belong to a KEDA CRD. KEDA CRDs (such as ScaledObject, ScaledJob, TriggerAuthentication, ClusterTriggerAuthentication) describe autoscaling rules and authentication mechanisms, not application code. When you migrate an Azure Function to Kubernetes, the function code is packaged into a container image (including the Functions runtime and your function binaries) and deployed using standard Kubernetes resources like a Deployment (or potentially a Job/CronJob depending on the pattern). KEDA then targets that Deployment to scale it. So, if the prompt is asking whether “Azure Function code belongs to which CRD type,” the correct interpretation is that it does not belong to a KEDA CRD at all. It belongs to the container image and Kubernetes workload resources. This is a common exam trap: KEDA is an autoscaler, not an application packaging mechanism.

Polling interval is configured in the KEDA ScaledObject (or ScaledJob) CRD. For event sources like Azure Storage Queues, KEDA uses a polling loop to query the external system for the metric (for example, queue length). The pollingInterval setting controls how frequently KEDA checks the trigger source. This directly affects responsiveness and cost/load on the external system. In KEDA, ScaledObject is the CRD that binds a scale target (e.g., a Deployment) to one or more triggers and includes scaling-related parameters such as pollingInterval, cooldownPeriod, minReplicaCount, and maxReplicaCount. TriggerAuthentication is only for providing credentials/auth configuration and does not define polling behavior. Therefore, polling interval belongs with ScaledObject configuration.

The Azure Storage connection string is handled via KEDA authentication configuration, typically using TriggerAuthentication (or ClusterTriggerAuthentication) referencing a Kubernetes Secret. While KEDA triggers require connection information to access Azure Storage, best practice is not to embed secrets directly in the ScaledObject manifest. Instead, you store the connection string in a Kubernetes Secret and then configure TriggerAuthentication to reference that secret (for example, secretTargetRef). The ScaledObject trigger then references the authentication object. This approach aligns with security best practices and the Azure Well-Architected Framework (protect secrets, rotate credentials, least exposure). In many KEDA examples for Azure Storage Queue, the trigger metadata includes queueName, and the credentials are supplied via TriggerAuthentication. Hence, the connection string belongs to the authentication CRD path rather than the scaling rule itself.

The correct indexing policy uses the "compositeIndexes" property because Cosmos DB requires a composite index for an ORDER BY on multiple fields. The query orders by p.name ascending by default and p.city descending explicitly, so the composite index must be [{"path":"/name","order":"ascending"},{"path":"/city","order":"descending"}] in that exact sequence. The image currently shows /name as descending, which would not support the query as written. Options like "orderBy" and "sortOrder" are not valid indexing policy property names in Cosmos DB.

Bounded staleness is the only option that explicitly supports a time-based tolerance window while still preserving ordering guarantees. With bounded staleness, reads can lag behind writes by at most K versions or T time (here, 5 seconds), but clients will never see out-of-order updates (it provides consistent prefix plus bounded lag). This matches the requirement to process reservations in sequence while allowing a maximum five-second tolerance window. Strong consistency (A) would provide the strictest ordering/linearizability, but it typically increases latency and can reduce availability in multi-region scenarios because it requires coordination/quorum across replicas; it also doesn’t align with the stated tolerance window (it’s stricter than needed). Consistent prefix (C) preserves order but does not bound staleness, so it cannot guarantee the “maximum five-second” requirement. Eventual consistency (B) provides the weakest guarantees and can return out-of-order results, which risks overbooking and violates the sequencing requirement.

The requirement explicitly says to provision a SQL API Cosmos DB account, which in Azure CLI is created with --kind 'GlobalDocumentDB'. This option selects the Core (SQL) API account type. --enable-automatic-failover true improves resiliency, but it does not specify the API kind and therefore does not fit this blank. --kind 'MongoDB' is the wrong API, and virtual network enablement is unrelated to the account type requirement.

To achieve 99.99% availability and tolerate localized outages, you should deploy the Cosmos DB account to multiple regions. The --locations ‘southcentralus=0 eastus=1 westus=2’ option configures multi-region replication with explicit failover priorities (0 is highest priority). This supports low latency (clients can read from nearer regions depending on configuration) and high availability (service can fail over if a region is unavailable). Option D (--locations ‘southcentralus=0’) is single-region and generally won’t meet the 99.99% availability expectation tied to multi-region configurations, nor does it satisfy the “accept reservations even when localized network outages occur” as robustly. Options A and B specify only one region without failover priorities and don’t establish a multi-region footprint. In combination with bounded staleness (max interval 5) and automatic failover, multi-region locations best satisfy the reliability and availability requirements while keeping latency low.

No. The code does not configure the queue message lock/visibility duration. In Azure Storage Queues, the “lock” concept is implemented as a visibility timeout: when you call GetMessageAsync(), the message becomes invisible for a period so other consumers don’t process it concurrently. However, this duration is not configured in the shown code. GetMessageAsync() has overloads that allow specifying a visibilityTimeout (and sometimes a server timeout), but the parameterless call uses the service default visibility timeout for that receive operation. Also, there is no queue-level property being set here; Storage Queues don’t support a permanent per-queue lock duration configuration in this code path. Therefore, nothing in the snippet explicitly sets or configures the lock duration.

Yes. The last message read remains in the queue after the code runs. PeekMessageAsync() never removes a message; it only returns a copy of the message content and metadata without changing visibility or dequeue count. Then GetMessageAsync() retrieves a message and makes it temporarily invisible (for the visibility timeout). This is not the same as deleting it. A message is only removed from an Azure Storage Queue when DeleteMessageAsync() is called with the message’s Id and PopReceipt returned by GetMessageAsync(). Since the code does not call DeleteMessageAsync(), the message remains in the queue and will become visible again after the visibility timeout expires. This behavior supports at-least-once delivery and requires idempotent processing to handle potential reprocessing.

Yes. The storage queue remains in the storage account after the code runs. The code calls GetQueueReference("appqueue") and then CreateIfNotExistsAsync(). This ensures the queue exists; if it already exists, nothing changes; if it does not exist, it is created. There is no call to delete the queue (such as DeleteAsync() or DeleteIfExistsAsync()). In Azure Storage, queues are durable resources and persist in the storage account until explicitly deleted. Reading, peeking, or receiving messages does not remove the queue itself. Therefore, after the code completes, the queue resource will still exist in the storage account.

Correct answer: B (4). You have four customers and the requirement states: “Each instance of the WebJob processes data for a single customer and must run as a singleton instance.” In App Service, if you scale out to multiple instances, a continuous WebJob will normally run on each instance, which can cause duplicate processing unless you design for singleton behavior. The question implies you will map one WebJob instance to one customer, so you need four worker instances available to host four singleton WebJob executions (one per customer). Why not 2? With only two instances, you cannot have four distinct singleton WebJob instances concurrently (you would have to multiplex customers per instance, which contradicts the stated requirement). Why not 8 or 16? Those exceed the requirement and increase cost. Since “Azure costs must be minimized,” you choose the smallest instance count that satisfies the singleton-per-customer requirement, which is 4.

Correct answer: A (Isolated). The decisive requirement is: “Azure resources must be located in an isolated network.” For Azure App Service, true network isolation is provided by App Service Environment (ASE), which deploys App Service into a dedicated, isolated environment associated with a virtual network. ASE runs only on the Isolated pricing tier. Standard and Premium tiers can use VNet Integration for outbound access and can restrict inbound via Private Endpoint (for some scenarios), but they are not the same as hosting the App Service in an isolated network boundary with dedicated infrastructure. The exam typically maps “isolated network” for App Service to ASE/Isolated. Consumption is for Azure Functions (serverless) and does not apply to App Service plans for Web Apps/WebJobs, and it also wouldn’t meet the isolation requirement. Isolated also supports deployment slots, satisfying the pre-production testing requirement.