Design and implement an MLOps infrastructure
Drill 20 practice questions focused entirely on Design and implement an MLOps infrastructure for the Microsoft AI-300 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.
Your team's security policy prohibits storing storage account access keys or SAS tokens anywhere in the Azure Machine Learning workspace. Data scientists must still be able to read training data from an existing Azure Data Lake Storage Gen2 container through a registered datastore. Users each have their own Microsoft Entra ID identity. What should you configure when registering the datastore so that data access is authorized using the user's own identity rather than stored credentials?
Your team provisions a new Azure Machine Learning workspace inside a resource group named 'rg-ml-prod' that also contains the associated storage account, key vault, and container registry. A group of ML engineers needs Contributor-level permissions on the workspace and every dependent resource, and you want to minimize the number of role assignments you have to manage as more supporting resources are added to the group over time. Which approach should you take?
Your team runs Azure Machine Learning training jobs that read from an Azure Blob Storage account. Security policy prohibits storing storage account keys or SAS tokens in the workspace. You register the storage as a datastore and need the compute cluster to authenticate to the blob container without embedded credentials. What should you do?
Your team stores large training datasets in an Azure Data Lake Storage Gen2 account that has hierarchical namespace enabled. You need to register this storage as a datastore in your Azure Machine Learning workspace using the Azure CLI (v2) so data scientists can reference paths in their jobs. Which datastore type should you specify in the YAML definition?
Your team has an existing Azure Blob Storage account that already contains curated training data in a container named 'training-data'. You need to make this data accessible from your Azure Machine Learning workspace so data scientists can reference it by name in jobs, without moving or copying the data. Credentials must be stored securely in the workspace and reused across jobs. What should you do?
Your team maintains Azure Machine Learning infrastructure using Bicep templates stored in a GitHub repository. You need to configure a GitHub Actions workflow that deploys the workspace and its resources to Azure automatically on every merge to the main branch. Company security policy prohibits storing long-lived service principal secrets in GitHub. What should you configure to allow the workflow to authenticate to Azure?
Your team must provision an Azure Machine Learning workspace using Bicep as part of a GitHub Actions pipeline. Company security policy requires that the workspace and its associated resources (storage account, key vault) not be reachable from the public internet, and that all traffic flow through the corporate virtual network. Which combination should you configure in the Bicep template to meet this requirement?
Your team runs intermittent training jobs on an Azure Machine Learning workspace. Costs are high because a dedicated compute cluster stays allocated even when no jobs are queued. You must minimize cost while ensuring capacity is available automatically when jobs are submitted. Which compute cluster configuration should you apply?
Your team runs training jobs in an Azure Machine Learning workspace using the Python SDK v2 from a compute instance. Compliance requires that every submitted job be traceable to the exact commit of the training code. The code lives in an Azure DevOps Git repository that is already cloned onto the compute instance. What is the simplest way to ensure the Git commit hash and repository details are automatically captured with each job?
Your data science team needs a reproducible training environment in Azure Machine Learning that includes scikit-learn plus two internal Python packages hosted on a private Azure Artifacts feed. The environment must be versioned as a reusable asset so that all training jobs reference the exact same dependency set. Which approach should you use to create and register this environment?
Your team wants to standardize a data preprocessing step so it can be reused across multiple Azure Machine Learning pipelines built by different data scientists. You need to define this step as a versioned, shareable asset in the workspace using the Azure ML CLI (v2). Which asset type should you create and register for the preprocessing step?
Your team's Azure Machine Learning workspace is configured with a private endpoint and public network access disabled. When you submit a job that references a custom environment defined by a Dockerfile, the environment image build fails because the default build process cannot reach the workspace's container registry over the public network. You need to allow custom environment images to build successfully while keeping the workspace isolated from the public internet. What should you do?
You manage an Azure Machine Learning workspace shared by a data science team. A new contractor must be able to create and run training jobs, register models, and read datastores in this workspace, but must NOT be allowed to delete the workspace, modify its networking configuration, or change role assignments. You want to follow the principle of least privilege while minimizing custom configuration effort. What should you do?
Your organization has 40 data scientists who need identical access to an Azure Machine Learning workspace. New team members join every month, and departing members must lose access immediately. You want to minimize ongoing administrative overhead while following Microsoft identity best practices. How should you assign access to the workspace?
Your team runs a production Azure Kubernetes Service (AKS) cluster that must also host real-time inference endpoints managed from your Azure Machine Learning workspace. You need to make the existing AKS cluster available as a compute target in the workspace so that data scientists can deploy managed online endpoints against it, while ensuring the cluster remains usable for the team's other non-ML services. What should you do?
Your team provisions an Azure Machine Learning workspace configured with a managed virtual network in allow-only-approved-outbound mode. Training jobs on a compute cluster fail because they cannot reach a third-party Python package index at 'pkgs.contoso-partner.com' over HTTPS to install dependencies. You must enable this specific outbound connection while keeping the network locked down. What should you do?
Your team is standardizing Azure Machine Learning workspace deployments through Bicep templates checked into a Git repository. Security policy requires that each workspace use a pre-created user-assigned managed identity (rather than a system-assigned identity) so that the same identity can be granted permissions on shared storage and Key Vault resources before the workspace exists. In the Microsoft.MachineLearningServices/workspaces Bicep resource, how should you configure the identity to meet this requirement?
Your team is deploying a new Azure Machine Learning workspace with Azure CLI (ml extension). You must create a datastore that connects to an existing Azure Data Lake Storage Gen2 container using a service principal. Company policy forbids storing the client secret in any YAML file, Bicep template, or command-line argument that could end up in source control. How should you supply the service principal credential when running 'az ml datastore create'?
Your data engineering team already operates an Apache Spark pool inside an Azure Synapse Analytics workspace. Data scientists in your Azure Machine Learning workspace need to run interactive feature-engineering jobs on that existing Spark pool from within Machine Learning notebooks, reusing the pool's configured node sizes. You want to expose the Synapse Spark pool as a compute target in the Machine Learning workspace with the least ongoing management overhead. What should you do?
Your team stores raw training images in a folder within an existing Azure Machine Learning datastore named 'trainingdata'. You need to register this folder as a reusable, versioned data asset so that pipeline jobs can reference it by name and version. You want to accomplish this using the Azure CLI (ml extension) with a YAML definition. Which asset type should you specify in the YAML file?
More AI-300 practice
Keep going with the other Microsoft Machine Learning Operations Engineer Associate domains, or take a full timed mock exam.
← Back to AI-300 overview