[Jan-2023] Get 100% Real AZ-305 Free Online Practice Test
BEST Verified Microsoft AZ-305 Exam Questions (2023)
Microsoft AZ-305 Exam Syllabus Topics:
| Topic | Details |
|---|---|
Design Identity, Governance, and Monitoring Solutions (25-30%) | |
| Design a solution for logging and monitoring | - design a log routing solution - recommend an appropriate level of logging - recommend monitoring tools for a solution |
| Design authentication and authorization solutions | - recommend a solution for securing resources with role-based access control - recommend an identity management solution - recommend a solution for securing identities |
| Design governance | - recommend an organizational and hierarchical structure for Azure resources - recommend a solution for enforcing and auditing compliance |
| Design identities and access for applications | - recommend solutions to allow applications to access Azure resources - recommend a solution that securely stores passwords and secrets - recommend a solution for integrating applications into Azure Active Directory (Azure AD) - recommend a user consent solution for applications |
Design Data Storage Solutions (25-30%) | |
| Design a data storage solution for relational data | - recommend database service tier sizing - recommend a solution for database scalability - recommend a solution for encrypting data at rest, data in transmission, and data in use |
| Design data integration | - recommend a solution for data integration - recommend a solution for data analysis |
| Recommend a data storage solution | - recommend a solution for storing relational data - recommend a solution for storing semi-structured data - recommend a solution for storing non-relational data |
| Design a data storage solution for non-relational data | - recommend access control solutions to data storage - recommend a data storage solution to balance features, performance, and cost - design a data solution for protection and durability |
Design Business Continuity Solutions (10-15%) | |
| Design a solution for backup and disaster recovery | - recommend a recovery solution for Azure, hybrid, and on-premises workloads that meets recovery objectives (Recovery Time Objective [RTO], Recovery Level Objective [RLO], Recovery Point Objective [RPO]) - understand the recovery solutions for containers - recommend a backup and recovery solution for compute - recommend a backup and recovery solution for databases - recommend a backup and recovery solution for unstructured data |
| Design for high availability | - identify the availability requirements of Azure resources - recommend a high availability solution for compute - recommend a high availability solution for non-relational data storage - recommend a high availability solution for relational data storage |
Design Infrastructure Solutions (25-30%) | |
| Design a compute solution | - recommend a virtual machine-based compute solution - recommend an appropriately sized compute solution based on workload requirements - recommend a container-based compute solution - recommend a serverless-based compute solution |
NEW QUESTION 102
You are evaluating the components of the migration to Azure that require you to provision an Azure Storage account.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Topic 1, Fabrikam, Inc
Existing Environment
Fabrikam, Inc. is an engineering company that has offices throughout Europe. The company has a main office in London and three branch offices in Amsterdam Berlin, and Rome.
Active Directory Environment:
The network contains two Active Directory forests named corp.fabnkam.com and rd.fabrikam.com. There are no trust relationships between the forests. Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication. Rd.fabrikam.com is used by the research and development (R&D) department only. The R&D department is restricted to using on-premises resources only.
Network Infrastructure:
Each office contains at least one domain controller from the corp.fabrikam.com domain. The main office contains all the domain controllers for the rd.fabrikam.com forest.
All the offices have a high-speed connection to the Internet.
An existing application named WebApp1 is hosted in the data center of the London office. WebApp1 is used by customers to place and track orders. WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.
The IT department currently uses a separate Hyper-V environment to test updates to WebApp1.
Fabrikam purchases all Microsoft licenses through a Microsoft Enterprise Agreement that includes Software Assurance.
Problem Statement:
The use of Web App1 is unpredictable. At peak times, users often report delays. At other times, many resources for WebApp1 are underutilized.
Requirements:
Planned Changes:
Fabrikam plans to move most of its production workloads to Azure during the next few years.
As one of its first projects, the company plans to establish a hybrid identity model, facilitating an upcoming Microsoft Office 365 deployment All R&D operations will remain on-premises.
Fabrikam plans to migrate the production and test instances of WebApp1 to Azure.
Technical Requirements:
Fabrikam identifies the following technical requirements:
* Web site content must be easily updated from a single point.
* User input must be minimized when provisioning new app instances.
* Whenever possible, existing on premises licenses must be used to reduce cost.
* Users must always authenticate by using their corp.fabrikam.com UPN identity.
* Any new deployments to Azure must be redundant in case an Azure region fails.
* Whenever possible, solutions must be deployed to Azure by using platform as a service (PaaS).
* An email distribution group named IT Support must be notified of any issues relating to the directory synchronization services.
* Directory synchronization between Azure Active Directory (Azure AD) and corp.fabhkam.com must not be affected by a link failure between Azure and the on premises network.
Database Requirements:
Fabrikam identifies the following database requirements:
* Database metrics for the production instance of WebApp1 must be available for analysis so that database administrators can optimize the performance settings.
* To avoid disrupting customer access, database downtime must be minimized when databases are migrated.
* Database backups must be retained for a minimum of seven years to meet compliance requirement Security Requirements:
Fabrikam identifies the following security requirements:
*Company information including policies, templates, and data must be inaccessible to anyone outside the company
*Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.
*Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials.
*All administrative access to the Azure portal must be secured by using multi-factor authentication.
*The testing of WebApp1 updates must not be visible to anyone outside the company.
NEW QUESTION 103
You need to recommend a solution to meet the database retention requirement. What should you recommend?
- A. Configure Azure Site Recovery.
- B. Use automatic Azure SQL Database backups.
- C. Configure geo replication of the database.
- D. Configure a long-term retention policy for the database.
Answer: D
Explanation:
Explanation
https://docs.microsoft.com/en-us/azure/azure-sql/database/long-term-retention-overview In Azure SQL Database, you can configure a database with a long-term backup retention policy (LTR) to automatically retain the database backups in separate Azure Blob storage containers for up to 10 years
NEW QUESTION 104
You have an Azure subscription.
You need to deploy an Azure Kubernetes Service (AKS) solution that will use Windows Server 2019 nodes.
The solution must meet the following requirements:
Minimize the time it takes to provision compute resources during scale-out operations.
Support autoscaling of Windows Server containers.
Which scaling option should you recommend?
- A. horizontal pod autoscaler
- B. cluster autoscaler
- C. Virtual nodes with Virtual Kubelet ACI
- D. Kubernetes version 1.20.2 or newer
Answer: C
Explanation:
Explanation
Azure Container Instances (ACI) lets you quickly deploy container instances without additional infrastructure overhead. When you connect with AKS, ACI becomes a secured, logical extension of your AKS cluster. The virtual nodes component, which is based on Virtual Kubelet, is installed in your AKS cluster that presents ACI as a virtual Kubernetes node. Kubernetes can then schedule pods that run as ACI instances through virtual nodes, not as pods on VM nodes directly in your AKS cluster.
Your application requires no modification to use virtual nodes. Deployments can scale across AKS and ACI and with no delay as cluster autoscaler deploys new nodes in your AKS cluster.
Diagram Description automatically generated
Note: AKS clusters can scale in one of two ways:
* The cluster autoscaler watches for pods that can't be scheduled on nodes because of resource constraints.
The cluster then automatically increases the number of nodes.
* The horizontal pod autoscaler uses the Metrics Server in a Kubernetes cluster to monitor the resource demand of pods. If an application needs more resources, the number of pods is automatically increased to meet the demand.
Reference:
https://docs.microsoft.com/en-us/azure/aks/concepts-scale5
NEW QUESTION 105
You have an Azure subscription that contains the storage accounts shown in the following table.
You plan to implement two new apps that have the requirements shown in the following table.
Which storage accounts should you recommend using for each app? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 106
You need to recommend a strategy for the web tier of WebApp1. The solution must minimize What should you recommend?
- A. Create a runbook that resizes virtual machines automatically to a smaller size outside of business hours.
- B. Configure the Scale Out settings for a web app.
- C. Configure the Scale Up settings for a web app.
- D. Deploy a virtual machine scale set that scales out on a 75 percent CPU threshold.
Answer: A
NEW QUESTION 107
Your on-premises network contains a file server named Server1 that stores 500 GB of data.
You need to use Azure Data Factory to copy the data from Server1 to Azure Storage.
You add a new data factory.
What should you do next? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/machine-learning/team-data-science-process/move-sql-azure-adf
https://docs.microsoft.com/pl-pl/azure/data-factory/tutorial-hybrid-copy-data-tool
NEW QUESTION 108
You have an Azure subscription. The subscription has a blob container that contains multiple blobs. Ten users in the finance department of your company plan to access the blobs during the month of April. You need to recommend a solution to enable access to the blobs during the month of April only. Which security solution should you include in the recommendation?
- A. conditional access policies
- B. shared access signatures (SAS)
- C. access keys
- D. certificates
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview
This allows for limited-time fine grained access control to resources.
So you can generate URL, specify duration (for month of April) and disseminate URL to 10 team members.
On May 1, the SAS token is automatically invalidated, denying team members continued access.
NEW QUESTION 109
You have an on-premises file server that stores 2 TB of data files.
You plan to move the data files to Azure Blob Storage In the West Europe Azure region, You need to recommend a storage account type to store the data files and a replication solution for the storage account. The solution must meet the following requirements:
* Be available if a single Azure datacenter fails.
* Support storage tiers.
* Minimize cost.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 110
You have an Azure subscription. The subscription has a blob container that contains multiple blobs. Ten users in the finance department of your company plan to access the blobs during the month of April. You need to recommend a solution to enable access to the blobs during the month of April only. Which security solution should you include in the recommendation?
- A. conditional access policies
- B. shared access signatures (SAS)
- C. access keys
- D. certificates
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview
NEW QUESTION 111
You need to design a storage solution for an app that will store large amounts of frequently used dat a. The solution must meet the following requirements:
Maximize data throughput.
Prevent the modification of data for one year.
Minimize latency for read and write operations.
Which Azure Storage account type and storage service should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/archive-blob
NEW QUESTION 112
You have an Azure Active Directory (Azure AD) tenant.
You plan to use Azure Monitor to monitor user sign-ins and generate alerts based on specific user sign-in events.
You need to recommend a solution to trigger the alerts based on the events.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://4sysops.com/archives/how-to-create-an-azure-ad-admin-login-alert/
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-log
NEW QUESTION 113
You plan to migrate on-premises Microsoft SQL Server databases to Azure.
You need to recommend a deployment and resiliency solution that meets the following requirements:
Supports user-initiated backups
Supports multiple automatically replicated instances across Azure regions Minimizes administrative effort to implement and maintain business continuity What should you recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/active-geo-replication-overview
NEW QUESTION 114
To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
1
1
0
NEW QUESTION 115
You have an Azure subscription.
You need to deploy an Azure Kubernetes Service (AKS) solution that will use Linux nodes. The solution must meet the following requirements:
Minimize the time it takes to provision compute resources during scale-out operations.
Support autoscaling of Linux containers.
Minimize administrative effort.
Which scaling option should you recommend?
- A. AKS virtual nodes
- B. horizontal pod autoscaler
- C. cluster autoscaler
- D. Virtual Kubelet
Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/aks/virtual-nodes
NEW QUESTION 116
You have an application that is used by 6,000 users to validate their vacation requests. The application manages its own credential Users must enter a username and password to access the application. The application does NOT support identity providers.
You plan to upgrade the application to use single sign-on (SSO) authentication by using an Azure Active Directory (Azure AD) application registration.
Which SSO method should you use?
- A. SAML
- B. password-based
- C. OpenID Connect
- D. header-based
Answer: A
NEW QUESTION 117
You are designing an application that will aggregate content for users.
You need to recommend a database solution for the application. The solution must meet the following requirements:
Support SQL commands.
Support multi-master writes.
Guarantee low latency read operations.
What should you include in the recommendation?
- A. Azure SQL Database that uses active geo-replication
- B. Azure Cosmos DB SQL API
- C. Azure Database for PostgreSQL
- D. Azure SQL Database Hyperscale
Answer: B
Explanation:
With Cosmos DB's novel multi-region (multi-master) writes replication protocol, every region supports both writes and reads. The multi-region writes capability also enables:
Unlimited elastic write and read scalability.
99.999% read and write availability all around the world.
Guaranteed reads and writes served in less than 10 milliseconds at the 99th percentile.
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/distribute-data-globally
NEW QUESTION 118
You have an Azure subscription that contains a storage account.
An application sometimes writes duplicate files to the storage account.
You have a PowerShell script that identifies and deletes duplicate files in the storage account. Currently, the script is run manually after approval from the operations manager.
You need to recommend a serverless solution that performs the following actions:
* Runs the script once an hour to identify whether duplicate files exist
* Sends an email notification to the operations manager requesting approval to delete the duplicate files
* Processes an email response from the operations manager specifying whether the deletion was approved
* Runs the script if the deletion was approved
What should you include in the recommendation?
- A. Azure Logic Apps and Azure Functions
- B. Azure Logic Apps and Azure Event Grid
- C. Azure Functions and Azure Batch
- D. Azure Pipelines and Azure Service Fabric
Answer: A
Explanation:
Explanation
You can schedule a powershell script with Azure Logic Apps.
When you want to run code that performs a specific job in your logic apps, you can create your own function by using Azure Functions. This service helps you create Node.js, C#, and F# functions so you don't have to build a complete app or infrastructure to run code. You can also call logic apps from inside Azure functions.
Azure Functions provides serverless computing in the cloud and is useful for performing tasks such as these examples:
Reference:
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-azure-functions
NEW QUESTION 119
What should you include in the identity management strategy to support the planned changes?
- A. Deploy a new Azure AD tenant for the authentication of new R&D projects.
- B. Deploy domain controllers for corp.fabrikam.com to virtual networks in Azure.
- C. Deploy domain controllers for the rd.fabrikam.com forest to virtual networks in Azure.
- D. Move all the domain controllers from corp.fabrikam.com to virtual networks in Azure.
Answer: B
Explanation:
Explanation
Directory synchronization between Azure Active Directory (Azure AD) and corp.fabrikam.com must not be affected by a link failure between Azure and the on-premises network. (This requires domain controllers in Azure) Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.
(This requires domain controllers on-premises)
Topic 3, Contoso
Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the button to return to the question.
Existing Environment: Technical Environment
The on-premises network contains a single Active Directory domain named contoso.com.
Contoso has a single Azure subscription.
Existing Environment: Business Partnerships
Contoso has a business partnership with Fabrikam, Inc. Fabrikam users access some Contoso applications over the internet by using Azure Active Directory (Azure AD) guest accounts.
Requirements: Planned Changes
Contoso plans to deploy two applications named App1 and App2 to Azure.
Requirements: App1
App1 will be a Python web app hosted in Azure App Service that requires a Linux runtime. Users from Contoso and Fabrikam will access App1.
App1 will access several services that require third-party credentials and access strings. The credentials and access strings are stored in Azure Key Vault.
App1 will have six instances: three in the East US Azure region and three in the West Europe Azure region.
App1 has the following data requirements:
* Each instance will write data to a data store in the same availability zone as the instance.
* Data written by any App1 instance must be visible to all App1 instances.
App1 will only be accessible from the internet. App1 has the following connection requirements:
* Connections to App1 must pass through a web application firewall (WAF).
* Connections to App1 must be active-active load balanced between instances.
* All connections to App1 from North America must be directed to the East US region. All other connections must be directed to the West Europe region.
Every hour, you will run a maintenance task by invoking a PowerShell script that copies files from all the App1 instances. The PowerShell script will run from a central location.
Requirements: App2
App2 will be a NET app hosted in App Service that requires a Windows runtime. App2 has the following file storage requirements:
* Save files to an Azure Storage account.
* Replicate files to an on-premises location.
* Ensure that on-premises clients can read the files over the LAN by using the SMB protocol.
You need to monitor App2 to analyze how long it takes to perform different transactions within the application. The solution must not require changes to the application code.
Application Development Requirements
Application developers will constantly develop new versions of App1 and App2. The development process must meet the following requirements:
* A staging instance of a new application version must be deployed to the application host before the new version is used in production.
* After testing the new version, the staging version of the application will replace the production version.
* The switch to the new application version from staging to production must occur without any downtime of the application.
Identity Requirements
Contoso identifies the following requirements for managing Fabrikam access to resources:
* Every month, an account manager at Fabrikam must review which Fabrikam users have access permissions to App1. Accounts that no longer need permissions must be removed as guests.
* The solution must minimize development effort.
Security Requirement
All secrets used by Azure services must be stored in Azure Key Vault.
Services that require credentials must have the credentials tied to the service instance. The credentials must NOT be shared between services.
NEW QUESTION 120
You need to design an Azure policy that will implement the following functionality:
* For new resources, assign tags and values that match the tags and values of the resource group to which the resources are deployed.
* For existing resources, identify whether the tags and values match the tags and values of the resource group that contains the resources.
* For any non-compliant resources, trigger auto-generated remediation tasks to create missing tags and values.
The solution must use the principle of least privilege.
What should you include in the design? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects
https://docs.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects#modify
NEW QUESTION 121
You have an on-premises Microsoft SQL Server database named SQL1.
You plan to migrate SQL 1 to Azure.
You need to recommend a hosting solution for SQL1. The solution must meet the following requirements:
* Support the deployment of multiple secondary, read-only replicas.
* Support automatic replication between primary and secondary replicas.
* Support failover between primary and secondary replicas within a 15-minute recovery time objective (RTO).
Answer:
Explanation:
NEW QUESTION 122
......
AZ-305 Exam Dumps, Practice Test Questions BUNDLE PACK: https://www.testsimulate.com/AZ-305-study-materials.html