ExamGecko
Search Search Login
Home Home / Microsoft / AZ-305

Microsoft AZ-305 Practice Test - Questions Answers

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service instances will be deployed at the same time as the Azure SQL databases. The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region. You need to recommend a solution to meet the regulatory requirement. Solution: You recommend using an Azure policy initiative to enforce the location. Does this meet the goal?
Your company, named Contoso, Ltd., implements several Azure logic apps that have HTTP triggers. The logic apps provide access to an on-premises web service. Contoso establishes a partnership with another company named Fabrikam. IncL Fabrikam does not have an existing Azure Active Directory (Azure AD) tenant and uses third-party OAuth 2.0 identity management to authenticate its users. I Developers at Fabrikam plan to use a subset of the logic apps to build applications that will integrate with the on-premises web service of Contoso. You need to design a solution to provide the Fabrikam developers with access to the logic apps. The solution must meet the following requirements: • Requests to the logic apps from the developers must be limited to lower rates than the requests from the users at Contoso. • The developers must be able to rely on their existing OAuth 2.0 provider to gain access to the logic apps. • The solution must NOT require changes to the logic apps. • The solution must NOT use Azure AD guest accounts. What should you include in the solution?
You have an Azure subscription. You need to recommend an Azure Kubernetes service (AKS) solution that will use Linux nodes. The solution must meet the following requirements: • Minimize the time it takes to provision compute resources during scale-out operations. • Support autoscaling of Linux containers. • Minimize administrative effort. Which scaling option should you recommend?
You have 100 servers that run Windows Server 2012 R2 and host Microsoft SQL Server 2012 R2 instances. The instances host databases that have the following characteristics: The largest database is currently 3 TB. None of the databases will ever exceed 4 TB. Stored procedures are implemented by using CLR. You plan to move all the data from SQL Server to Azure. You need to recommend an Azure service to host the databases. The solution must meet the following requirements: Whenever possible, minimize management overhead for the migrated databases. Minimize the number of database changes required to facilitate the migration. Ensure that users can authenticate by using their Active Directory credentials. What should you include in the recommendation?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity. Several VMs are exhibiting network connectivity issues. You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs. Solution: Use Azure Network Watcher to run IP flow verify to analyze the network traffic Does the solution meet the goal?
You are designing an order processing system in Azure that will contain the Azure resources shown in the following table. The order processing system will have the following transaction flow: A customer will place an order by using App1. When the order is received, App1 will generate a message to check for product availability at vendor 1 and vendor 2. An integration component will process the message, and then trigger either Function1 or Function2 depending on the type of order. Once a vendor confirms the product availability, a status message for App1 will be generated by Function1 or Function2. All the steps of the transaction will be logged to storage1. Which type of resource should you recommend for the integration component?
You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager resource deployment in your subscription. What should you include in the recommendation?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company deploys several virtual machines on-premises and to Azure. ExpressRoute is being deployed and configured for on-premises to Azure connectivity. Several virtual machines exhibit network connectivity issues. You need to analyze the network traffic to identify whether packets are being allowed or denied to the virtual machines. Solution: Use Azure Traffic Analytics in Azure Network Watcher to analyze the network traffic. Does this meet the goal?
You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group'. Group i is configured Tor assigned membership. Group I has 50 members. including 20 guest users. You need To recommend a solution for evaluating the member ship of Group1. The solution must meet the following requirements: • The evaluation must be repeated automatically every three months • Every member must be able to report whether they need to be in Group1 • Users who report that they do not need to be in Group 1 must be removed from Group1 automatically • Users who do not report whether they need to be m Group1 must be removed from Group1 automatically. What should you include in me recommendation?
You have an Azure subscription. The subscription has a blob container that contains multiple blobs. Ten users in the finance department of your company plan to access the blobs during the month of April. You need to recommend a solution to enable access to the blobs during the month of April only. Which security solution should you include in the recommendation?

Question 1

Report
Export
Collapse

You have an Azure subscription that contains a custom application named Application was developed by an external company named fabric, Ltd. Developers at Fabrikam were assigned role-based access control (RBAV) permissions to the Application components. All users are licensed for the Microsoft 365 E5 plan.

You need to recommends a solution to verify whether the Faricak developers still require permissions to Application1. The solution must the following requirements. * To the manager of the developers, send a monthly email message that lists the access permissions to Application1. * If the manager does not verify access permission, automatically revoke that permission.

* Minimize development effort.

What should you recommend?

A.
In Azure Active Directory (AD) Privileged Identity Management, create a custom role assignment for the Application1 resources
A.
In Azure Active Directory (AD) Privileged Identity Management, create a custom role assignment for the Application1 resources
Answers
B.
Create an Azure Automation runbook that runs the Get-AzureADUserAppRoleAssignment cmdlet
B.
Create an Azure Automation runbook that runs the Get-AzureADUserAppRoleAssignment cmdlet
Answers
C.
Create an Azure Automation runbook that runs the Get-AzureRmRoleAssignment cmdlet
C.
Create an Azure Automation runbook that runs the Get-AzureRmRoleAssignment cmdlet
Answers
D.
In Azure Active Directory (Azure AD), create an access review of Application1
D.
In Azure Active Directory (Azure AD), create an access review of Application1
Answers
Suggested answer: D

Explanation:

https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-user-access-withaccess-reviewsAzure Active Directory (Azure AD) access reviews enable organizations to efficiently manage groupmemberships, access to enterprise applications, and role assignments. User's access can be reviewedon a regular basis to make sure only the right people have continued access. Have reviews recurperiodically: You can set up recurring access reviews of users at set frequencies such as weekly,monthly, quarterly or annually, and the reviewers will be notified at the start of each review. Reviewers can approve or deny access with a friendly interface and with the help of smart recommendations. Why are access reviews important?

"Azure AD enables you to collaborate with users from inside your organization and with external users. Users can join groups, invite guests, connect to cloud apps, and work remotely from their work or personal devices. The convenience of using self-service has led to a need for better access management capabilities."

Question 2

Report
Export
Collapse

You have an Azure subscription. The subscription has a blob container that contains multiple blobs. Ten users in the finance department of your company plan to access the blobs during the month of April. You need to recommend a solution to enable access to the blobs during the month of April only. Which security solution should you include in the recommendation?

A.
shared access signatures (SAS)
A.
shared access signatures (SAS)
Answers
B.
access keys
B.
access keys
Answers
C.
conditional access policies
C.
conditional access policies
Answers
D.
certificates
D.
certificates
Answers
Suggested answer: A

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overviewThis allows for limited-time fine grained access control to resources. So you can generate URL,specify duration (for month of April) and disseminate URL to 10 team members. On May 1, the SAStoken is automatically invalidated, denying team members continued access.

Question 3

Report
Export
Collapse

You have an Azure Active Directory (Azure AD) tenant that syncs with an on-premises Active Directory domain. You have an internal web app named WebApp1 that is hosted on-premises. WebApp1 uses Integrated Windows authentication. Some users work remotely and do NOT have VPN access to the on-premises network.

You need to provide the remote users with single sign-on (SSO) access to WebApp1.

Which two features should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A.
Azure AD Application Proxy
A.
Azure AD Application Proxy
Answers
B.
Azure AD Privileged Identity Management (PIM)
B.
Azure AD Privileged Identity Management (PIM)
Answers
C.
Conditional Access policies
C.
Conditional Access policies
Answers
D.
Azure Arc
D.
Azure Arc
Answers
E.
Azure AD enterprise applications
E.
Azure AD enterprise applications
Answers
F.
Azure Application Gateway
F.
Azure Application Gateway
Answers
Suggested answer: A, C

Explanation:

A: Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Application Proxy includes both the Application Proxy service which runs in the cloud, and the Application Proxy connector which runs on an on-premises server.

You can configure single sign-on to an Application Proxy application.

C: Microsoft recommends using Application Proxy with pre-authentication and Conditional Access policies for remote access from the internet. An approach to provide Conditional Access for intranet use is to modernize applications so they can directly authenticate with AAD.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-config-ssohow-to https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-deploymentplan

Question 4

Report
Export
Collapse

You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group'. Group i is configured Tor assigned membership. Group I has 50 members. including 20 guest users. You need To recommend a solution for evaluating the member ship of Group1. The solution must meet the following requirements:

• The evaluation must be repeated automatically every three months

• Every member must be able to report whether they need to be in Group1

• Users who report that they do not need to be in Group 1 must be removed from Group1 automatically

• Users who do not report whether they need to be m Group1 must be removed from Group1 automatically.

What should you include in me recommendation?

A.
implement Azure AU Identity Protection.
A.
implement Azure AU Identity Protection.
Answers
B.
Change the Membership type of Group1 to Dynamic User.
B.
Change the Membership type of Group1 to Dynamic User.
Answers
C.
Implement Azure AD Privileged Identity Management.
C.
Implement Azure AD Privileged Identity Management.
Answers
D.
Create an access review.
D.
Create an access review.
Answers
Suggested answer: D

Explanation:

https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviewsoverview#learn-about-access-reviewsHave reviews recur periodically: You can set up recurring access reviews of users at set frequenciessuch as weekly, monthly, quarterly or annually, and the reviewers will be notified at the start of eachreview. Reviewers can approve or deny access with a friendly interface and with the help of smartrecommendations. An administrator creates an access review of Group C with 50 member users and 25 guest users.

Makes it a self-review. 50 licenses for each user as self-reviewers.* https://docs.microsoft.com/enus/azure/active-directory/governance/access-reviews-overview#example-license-scenariosThere are 4 requirements and every single one is only met by access reviews.

https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviewsoverview#when-should-you-use-access-reviewsDynamic User is needed if a user must be automatically granted access on base of its attributes (department, jobtitle, location, etc.) https://techcommunity.microsoft.com/t5/itops-talkblog/dynamic-groups-in-azure-ad-and-microsoft-365/ba-p/2267494Implementing Azure AD PIM is no solution and absolutely not necessary for access reviews.

https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviewsoverview#where-do-you-create-reviews

Question 5

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company deploys several virtual machines on-premises and to Azure. ExpressRoute is being deployed and configured for on-premises to Azure connectivity. Several virtual machines exhibit network connectivity issues.

You need to analyze the network traffic to identify whether packets are being allowed or denied to the virtual machines. Solution: Use Azure Traffic Analytics in Azure Network Watcher to analyze the network traffic.

Does this meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

Instead use Azure Network Watcher IP Flow Verify, which allows you to detect traffic filtering issues at a VM level. Note: IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.

Reference:

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview

https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics

Question 6

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity. Several VMs are exhibiting network connectivity issues.

You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs. Solution: Use the Azure Advisor to analyze the network traffic.

Does the solution meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

Instead use Azure Network Watcher to run IP flow verify to analyze the network traffic.

Note: Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, high availability, and security of your Azure resources. With Advisor, you can:

Get proactive, actionable, and personalized best practices recommendations.

Improve the performance, security, and high availability of your resources, as you identify opportunities to reduce your overall Azure spend. Get recommendations with proposed actions inline.

Reference:

https://docs.microsoft.com/en-us/azure/advisor/advisor-overview

Question 7

Report
Export
Collapse

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity. Several VMs are exhibiting network connectivity issues.

You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs. Solution: Use Azure Network Watcher to run IP flow verify to analyze the network traffic Does the solution meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: A

Explanation:

The Network Watcher Network performance monitor is a cloud-based hybrid network monitoring solution that helps you monitor network performance between various points in your network infrastructure. It also helps you monitor network connectivity to service and application endpoints and monitor the performance of Azure ExpressRoute.

Note:

IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment. IP flow verify looks at the rules for all Network Security Groups (NSGs) applied to the network interface, such as a subnet or virtual machine NIC. Traffic flow is then verified based on the configured settings to or from that network interface. IP flow verify is useful in confirming if a rule in a Network Security Group is blocking ingress or egress traffic to or from a virtual machine.

Reference:

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview

Question 8

Report
Export
Collapse

You are designing a large Azure environment that will contain many subscriptions.

You plan to use Azure Policy as part of a governance solution.

To which three scopes can you assign Azure Policy definitions? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

A.
management groups
A.
management groups
Answers
B.
subscriptions
B.
subscriptions
Answers
C.
Azure Active Directory (Azure AD) tenants
C.
Azure Active Directory (Azure AD) tenants
Answers
D.
resource groups
D.
resource groups
Answers
E.
Azure Active Directory (Azure AD) administrative units
E.
Azure Active Directory (Azure AD) administrative units
Answers
F.
compute resources
F.
compute resources
Answers
Suggested answer: A, D, E

Explanation:

Azure Policy evaluates resources in Azure by comparing the properties of those resources to business rules. Once your business rules have been formed, the policy definition or initiative is assigned to any scope of resources that Azure supports, such as management groups, subscriptions, resource groups, or individual resources.

Reference:

https://docs.microsoft.com/en-us/azure/governance/policy/overview

Question 9

Report
Export
Collapse

You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager resource deployment in your subscription. What should you include in the recommendation?

A.
Azure Analysis Services
A.
Azure Analysis Services
Answers
B.
Application Insights
B.
Application Insights
Answers
C.
Azure Monitor action groups
C.
Azure Monitor action groups
Answers
D.
Azure Log Analytics
D.
Azure Log Analytics
Answers
Suggested answer: D

Explanation:

Activity logs are kept for 90 days. You can query for any range of dates, as long as the starting date isn't more than 90 days in the past. Through activity logs, you can determine: what operations were taken on the resources in your subscription who started the operation when the operation occurred the status of the operation the values of other properties that might help you research the operation

Reference:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs

https://docs.microsoft.com/en-us/azure/automation/change-tracking

Question 10

Report
Export
Collapse

You have 100 servers that run Windows Server 2012 R2 and host Microsoft SQL Server 2012 R2 instances. The instances host databases that have the following characteristics:

The largest database is currently 3 TB. None of the databases will ever exceed 4 TB.

Stored procedures are implemented by using CLR.

You plan to move all the data from SQL Server to Azure.

You need to recommend an Azure service to host the databases. The solution must meet the following requirements:

Whenever possible, minimize management overhead for the migrated databases.

Minimize the number of database changes required to facilitate the migration.

Ensure that users can authenticate by using their Active Directory credentials.

What should you include in the recommendation?

A.
Azure SQL Database single databases
A.
Azure SQL Database single databases
Answers
B.
Azure SQL Database Managed Instance
B.
Azure SQL Database Managed Instance
Answers
C.
Azure SQL Database elastic pools
C.
Azure SQL Database elastic pools
Answers
D.
SQL Server 2016 on Azure virtual machines
D.
SQL Server 2016 on Azure virtual machines
Answers
Suggested answer: B

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instanceSQL Managed Instance allows existing SQL Server customers to lift and shift their on-premisesapplications to the cloud with minimal application and database changes. At the same time, SQLManaged Instance preserves all PaaS capabilities (automatic patching and version updates,automated backups, high availability) that drastically reduce management overhead and TCO. https://docs.microsoft.com/en-us/azure/azure-sql/managed-instance/transact-sql-tsql-differencessql-server#clr https://docs.microsoft.com/en-gb/azure/azure-sql/database/transact-sql-tsql-differences-sqlserver#transact-sql-syntax-not-supported-in-azure-sql-database

Total 299 questions
Go to page: of 30
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms