Ask Question
AZ-305: Designing Microsoft Azure Infrastructure Solutions
The Microsoft Certified: Designing Microsoft Azure Infrastructure Solutions (AZ-305) exam is a crucial certification for anyone aiming to advance their career in cloud infrastructure on Microsoft Azure. Our topic is your ultimate resource for AZ-305 practice test shared by individuals who have successfully passed the exam. These practice tests provide real-world scenarios and invaluable insights to help you ace your preparation.
Why Use AZ-305 Practice Test?
-
Real Exam Experience: Our practice test accurately replicates the format and difficulty of the actual Microsoft AZ-305 exam, providing you with a realistic preparation experience.
-
Identify Knowledge Gaps: Practicing with these tests helps you identify areas where you need more study, allowing you to focus your efforts effectively.
-
Boost Confidence: Regular practice with exam-like questions builds your confidence and reduces test anxiety.
-
Track Your Progress: Monitor your performance over time to see your improvement and adjust your study plan accordingly.
Key Features of AZ-305 Practice Test:
-
Up-to-Date Content: Our community ensures that the questions are regularly updated to reflect the latest exam objectives and technology trends.
-
Detailed Explanations: Each question comes with detailed explanations, helping you understand the correct answers and learn from any mistakes.
-
Comprehensive Coverage: The practice test covers all key topics of the Microsoft AZ-305 exam, including identity and governance, data storage, business continuity, and infrastructure solutions.
-
Customizable Practice: Create your own practice sessions based on specific topics or difficulty levels to tailor your study experience to your needs.
Exam number: AZ-305
Exam name: Designing Microsoft Azure Infrastructure Solutions
Length of test: 120 minutes
Exam format: Multiple-choice and multiple-response questions.
Exam language: English
Number of questions in the actual exam: Maximum of 40-60 questions
Passing score: 700/1000
Use the member-shared Microsoft AZ-305 Practice Test to ensure you’re fully prepared for your certification exam. Start practicing today and take a significant step towards achieving your certification goals!
Related questions
You have 100 servers that run Windows Server 2012 R2 and host Microsoft SQL Server 2012 R2 instances. The instances host databases that have the following characteristics:
The largest database is currently 3 TB. None of the databases will ever exceed 4 TB.
Stored procedures are implemented by using CLR.
You plan to move all the data from SQL Server to Azure.
You need to recommend an Azure service to host the databases. The solution must meet the following requirements:
Whenever possible, minimize management overhead for the migrated databases.
Minimize the number of database changes required to facilitate the migration.
Ensure that users can authenticate by using their Active Directory credentials.
What should you include in the recommendation?
Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instanceSQL Managed Instance allows existing SQL Server customers to lift and shift their on-premisesapplications to the cloud with minimal application and database changes. At the same time, SQLManaged Instance preserves all PaaS capabilities (automatic patching and version updates,automated backups, high availability) that drastically reduce management overhead and TCO. https://docs.microsoft.com/en-us/azure/azure-sql/managed-instance/transact-sql-tsql-differencessql-server#clr https://docs.microsoft.com/en-gb/azure/azure-sql/database/transact-sql-tsql-differences-sqlserver#transact-sql-syntax-not-supported-in-azure-sql-database
You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group'. Group i is configured Tor assigned membership. Group I has 50 members. including 20 guest users. You need To recommend a solution for evaluating the member ship of Group1. The solution must meet the following requirements:
• The evaluation must be repeated automatically every three months
• Every member must be able to report whether they need to be in Group1
• Users who report that they do not need to be in Group 1 must be removed from Group1 automatically
• Users who do not report whether they need to be m Group1 must be removed from Group1 automatically.
What should you include in me recommendation?
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviewsoverview#learn-about-access-reviewsHave reviews recur periodically: You can set up recurring access reviews of users at set frequenciessuch as weekly, monthly, quarterly or annually, and the reviewers will be notified at the start of eachreview. Reviewers can approve or deny access with a friendly interface and with the help of smartrecommendations. An administrator creates an access review of Group C with 50 member users and 25 guest users.
Makes it a self-review. 50 licenses for each user as self-reviewers.* https://docs.microsoft.com/enus/azure/active-directory/governance/access-reviews-overview#example-license-scenariosThere are 4 requirements and every single one is only met by access reviews.
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviewsoverview#when-should-you-use-access-reviewsDynamic User is needed if a user must be automatically granted access on base of its attributes (department, jobtitle, location, etc.) https://techcommunity.microsoft.com/t5/itops-talkblog/dynamic-groups-in-azure-ad-and-microsoft-365/ba-p/2267494Implementing Azure AD PIM is no solution and absolutely not necessary for access reviews.
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviewsoverview#where-do-you-create-reviews
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity. Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs. Solution: Use Azure Network Watcher to run IP flow verify to analyze the network traffic Does the solution meet the goal?
The Network Watcher Network performance monitor is a cloud-based hybrid network monitoring solution that helps you monitor network performance between various points in your network infrastructure. It also helps you monitor network connectivity to service and application endpoints and monitor the performance of Azure ExpressRoute.
Note:
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment. IP flow verify looks at the rules for all Network Security Groups (NSGs) applied to the network interface, such as a subnet or virtual machine NIC. Traffic flow is then verified based on the configured settings to or from that network interface. IP flow verify is useful in confirming if a rule in a Network Security Group is blocking ingress or egress traffic to or from a virtual machine.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company deploys several virtual machines on-premises and to Azure. ExpressRoute is being deployed and configured for on-premises to Azure connectivity. Several virtual machines exhibit network connectivity issues.
You need to analyze the network traffic to identify whether packets are being allowed or denied to the virtual machines. Solution: Use Azure Traffic Analytics in Azure Network Watcher to analyze the network traffic.
Does this meet the goal?
Instead use Azure Network Watcher IP Flow Verify, which allows you to detect traffic filtering issues at a VM level. Note: IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics
You have an on-premises network and an Azure subscription. The on-premises network has several branch offices. A branch office in Toronto contains a virtual machine named VM1 that is configured as a file server.
Users access the shared files on VM1 from all the offices.
You need to recommend a solution to ensure that the users can access the shares files as quickly as possible if the Toronto branch office is inaccessible. What should you include in the recommendation?
Use Azure File Sync to centralize your organization's file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms Windows Server into a quick cache of your Azure file share.
You need an Azure file share in the same region that you want to deploy Azure File Sync.
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide
You are designing an Azure Cosmos DB solution that will host multiple writable replicas in multiple Azure regions. You need to recommend the strongest database consistency level for the design. The solution must meet the following requirements:
Provide a latency-based Service Level Agreement (SLA) for writes.
Support multiple regions.
Which consistency level should you recommend?
Each level provides availability and performance tradeoffs. The following image shows the different consistency levels as a spectrum.
Note: The service offers comprehensive 99.99% SLAs which covers the guarantees for throughput, consistency, availability and latency for the Azure Cosmos DB Database Accounts scoped to a single Azure region configured with any of the five Consistency Levels or Database Accounts spanning multiple Azure regions, configured with any of the four relaxed Consistency Levels.
Reference:
https://azure.microsoft.com/en-us/support/legal/sla/cosmos-db/v1_3/
https://docs.microsoft.com/en-us/azure/cosmos-db/consistency-levels#consistency-levels-andlatency
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company plans to deploy various Azure App Service instances that will use Azure SQL databases.
The App Service instances will be deployed at the same time as the Azure SQL databases.
The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region. You need to recommend a solution to meet the regulatory requirement.
Solution: You recommend using the Regulatory compliance dashboard in Azure Security Center.
Does this meet the goal?
The Regulatory compliance dashboard in Azure Security Center is not used for regional compliance.
Note: Instead Azure Resource Policy Definitions can be used which can be applied to a specific Resource Group with the App Service instances. Note 2: In the Azure Security Center regulatory compliance blade, you can get an overview of key portions of your compliance posture with respect to a set of supported standards. Currently supported standards are Azure CIS, PCI DSS 3.2, ISO 27001, and SOC TSP.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview
https://azure.microsoft.com/en-us/blog/regulatory-compliance-dashboard-in-azure-security-centernow-available/
You have an Azure subscription that contains a custom application named Application was developed by an external company named fabric, Ltd. Developers at Fabrikam were assigned role-based access control (RBAV) permissions to the Application components. All users are licensed for the Microsoft 365 E5 plan.
You need to recommends a solution to verify whether the Faricak developers still require permissions to Application1. The solution must the following requirements. * To the manager of the developers, send a monthly email message that lists the access permissions to Application1. * If the manager does not verify access permission, automatically revoke that permission.
* Minimize development effort.
What should you recommend?
https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-user-access-withaccess-reviewsAzure Active Directory (Azure AD) access reviews enable organizations to efficiently manage groupmemberships, access to enterprise applications, and role assignments. User's access can be reviewedon a regular basis to make sure only the right people have continued access. Have reviews recurperiodically: You can set up recurring access reviews of users at set frequencies such as weekly,monthly, quarterly or annually, and the reviewers will be notified at the start of each review. Reviewers can approve or deny access with a friendly interface and with the help of smart recommendations. Why are access reviews important?
"Azure AD enables you to collaborate with users from inside your organization and with external users. Users can join groups, invite guests, connect to cloud apps, and work remotely from their work or personal devices. The convenience of using self-service has led to a need for better access management capabilities."
You are designing an order processing system in Azure that will contain the Azure resources shown in the following table.
The order processing system will have the following transaction flow:
A customer will place an order by using App1.
When the order is received, App1 will generate a message to check for product availability at vendor 1 and vendor 2. An integration component will process the message, and then trigger either Function1 or Function2 depending on the type of order. Once a vendor confirms the product availability, a status message for App1 will be generated by Function1 or Function2. All the steps of the transaction will be logged to storage1.
Which type of resource should you recommend for the integration component?
A data factory can have one or more pipelines. A pipeline is a logical grouping of activities that together perform a task. The activities in a pipeline define actions to perform on your data.
Data Factory has three groupings of activities: data movement activities, data transformation activities, and control activities. Azure Functions is now integrated with Azure Data Factory, allowing you to run an Azure function as a step in your data factory pipelines.
Reference:
https://docs.microsoft.com/en-us/azure/data-factory/concepts-pipelines-activities
You have an Azure Active Directory (Azure AD) tenant that syncs with an on-premises Active Directory domain. You have an internal web app named WebApp1 that is hosted on-premises. WebApp1 uses Integrated Windows authentication. Some users work remotely and do NOT have VPN access to the on-premises network.
You need to provide the remote users with single sign-on (SSO) access to WebApp1.
Which two features should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A: Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Application Proxy includes both the Application Proxy service which runs in the cloud, and the Application Proxy connector which runs on an on-premises server.
You can configure single sign-on to an Application Proxy application.
C: Microsoft recommends using Application Proxy with pre-authentication and Conditional Access policies for remote access from the internet. An approach to provide Conditional Access for intranet use is to modernize applications so they can directly authenticate with AAD.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-config-ssohow-to https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-deploymentplan
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Practice Tests
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question