ExamGecko
Search Search Login
Home Home / Microsoft / AZ-305

Microsoft AZ-305 Practice Test - Questions Answers, Page 10

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service instances will be deployed at the same time as the Azure SQL databases. The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region. You need to recommend a solution to meet the regulatory requirement. Solution: You recommend using an Azure policy initiative to enforce the location. Does this meet the goal?
Your company, named Contoso, Ltd., implements several Azure logic apps that have HTTP triggers. The logic apps provide access to an on-premises web service. Contoso establishes a partnership with another company named Fabrikam. IncL Fabrikam does not have an existing Azure Active Directory (Azure AD) tenant and uses third-party OAuth 2.0 identity management to authenticate its users. I Developers at Fabrikam plan to use a subset of the logic apps to build applications that will integrate with the on-premises web service of Contoso. You need to design a solution to provide the Fabrikam developers with access to the logic apps. The solution must meet the following requirements: • Requests to the logic apps from the developers must be limited to lower rates than the requests from the users at Contoso. • The developers must be able to rely on their existing OAuth 2.0 provider to gain access to the logic apps. • The solution must NOT require changes to the logic apps. • The solution must NOT use Azure AD guest accounts. What should you include in the solution?
You have an Azure subscription. You need to recommend an Azure Kubernetes service (AKS) solution that will use Linux nodes. The solution must meet the following requirements: • Minimize the time it takes to provision compute resources during scale-out operations. • Support autoscaling of Linux containers. • Minimize administrative effort. Which scaling option should you recommend?
You have 100 servers that run Windows Server 2012 R2 and host Microsoft SQL Server 2012 R2 instances. The instances host databases that have the following characteristics: The largest database is currently 3 TB. None of the databases will ever exceed 4 TB. Stored procedures are implemented by using CLR. You plan to move all the data from SQL Server to Azure. You need to recommend an Azure service to host the databases. The solution must meet the following requirements: Whenever possible, minimize management overhead for the migrated databases. Minimize the number of database changes required to facilitate the migration. Ensure that users can authenticate by using their Active Directory credentials. What should you include in the recommendation?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity. Several VMs are exhibiting network connectivity issues. You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs. Solution: Use Azure Network Watcher to run IP flow verify to analyze the network traffic Does the solution meet the goal?
You are designing an Azure Cosmos DB solution that will host multiple writable replicas in multiple Azure regions. You need to recommend the strongest database consistency level for the design. The solution must meet the following requirements: Provide a latency-based Service Level Agreement (SLA) for writes. Support multiple regions. Which consistency level should you recommend?
You are designing an order processing system in Azure that will contain the Azure resources shown in the following table. The order processing system will have the following transaction flow: A customer will place an order by using App1. When the order is received, App1 will generate a message to check for product availability at vendor 1 and vendor 2. An integration component will process the message, and then trigger either Function1 or Function2 depending on the type of order. Once a vendor confirms the product availability, a status message for App1 will be generated by Function1 or Function2. All the steps of the transaction will be logged to storage1. Which type of resource should you recommend for the integration component?
You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager resource deployment in your subscription. What should you include in the recommendation?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company deploys several virtual machines on-premises and to Azure. ExpressRoute is being deployed and configured for on-premises to Azure connectivity. Several virtual machines exhibit network connectivity issues. You need to analyze the network traffic to identify whether packets are being allowed or denied to the virtual machines. Solution: Use Azure Traffic Analytics in Azure Network Watcher to analyze the network traffic. Does this meet the goal?
You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group'. Group i is configured Tor assigned membership. Group I has 50 members. including 20 guest users. You need To recommend a solution for evaluating the member ship of Group1. The solution must meet the following requirements: • The evaluation must be repeated automatically every three months • Every member must be able to report whether they need to be in Group1 • Users who report that they do not need to be in Group 1 must be removed from Group1 automatically • Users who do not report whether they need to be m Group1 must be removed from Group1 automatically. What should you include in me recommendation?

Question 91

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that is linked to an Azure Active Directory Premium Plan 2 tenant The tenant has multi-factor authentication (MFA) enabled for all users.

You have the named locations shown in the following table.

You have the users shown in the following table.

You plan to deploy the Conditional Access policies shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 91
Correct answer: Question 91

Question 92

Report
Export
Collapse

HOTSPOT

You have an Azure Load Balancer named LB1 that balances requests to five Azure virtual machines.

You need to develop a monitoring solution for LB1. The solution must generate an alert when any of the following conditions are met:

A virtual machine is unavailable.

Connection attempts exceed 50,000 per minute.

Which signal should you include in the solution for each condition? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Question 92
Correct answer: Question 92

Explanation:

Box 1: Data path availability

Standard Load Balancer continuously exercises the data path from within a region to the load balancer front end, all the way to the SDN stack that supports your VM. As long as healthy instances remain, the measurement follows the same path as your application's load-balanced traffic. The data path that your customers use is also validated. The measurement is invisible to your application and does not interfere with other operations. Note: Load balancer distributes inbound flows that arrive at the load balancer's front end to backend pool instances. These flows are according to configured load-balancing rules and health probes. The backend pool instances can be Azure Virtual Machines or instances in a virtual machine scale set.

Box 2: SYN count

SYN (synchronize) count: Standard Load Balancer does not terminate Transmission Control Protocol

(TCP) connections or interact with TCP or UDP packet flows. Flows and their handshakes are always between the source and the VM instance. To better troubleshoot your TCP protocol scenarios, you can make use of SYN packets counters to understand how many TCP connection attempts are made.

The metric reports the number of TCP SYN packets that were received.

Reference:

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-diagnostics

Question 93

Report
Export
Collapse

HOTSPOT

Your company deploys several Linux and Windows virtual machines (VMs) to Azure. The VMs are deployed with the Microsoft Dependency Agent and the Microsoft Monitoring Agent installed by using Azure VM extensions. On-premises connectivity has been enabled by using Azure ExpressRoute.

You need to design a solution to monitor the VMs.

Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area. NOTE: Each correct selection is worth one point.


Question 93
Correct answer: Question 93

Explanation:

Box 1: Azure Network Watcher

Traffic Analytics is a cloud-based solution that provides visibility into user and application activity in cloud networks. Traffic analytics analyzes Network Watcher network security group (NSG) flow logs to provide insights into traffic flow in your Azure cloud. With traffic analytics, you can:

Identify security threats to, and secure your network, with information such as open-ports, applications attempting internet access, and virtual machines (VM) connecting to rogue networks. Visualize network activity across your Azure subscriptions and identify hot spots.

Understand traffic flow patterns across Azure regions and the internet to optimize your network deployment for performance and capacity. Pinpoint network misconfigurations leading to failed connections in your network.

Box 2: Azure Service Map

Service Map automatically discovers application components on Windows and Linux systems and maps the communication between services. With Service Map, you can view your servers in the way that you think of them: as interconnected systems that deliver critical services. Service Map shows connections between servers, processes, inbound and outbound connection latency, and ports across any TCP-connected architecture, with no configuration required other than the installation of an agent.

Reference:

https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics

https://docs.microsoft.com/en-us/azure/azure-monitor/insights/service-map

Question 94

Report
Export
Collapse

HOTSPOT

You manage a database environment for a Microsoft Volume Licensing customer named Contoso, Ltd. Contoso uses License Mobility through Software Assurance. You need to deploy 50 databases. The solution must meet the following requirements:

Support automatic scaling.

Minimize Microsoft SQL Server licensing costs.

What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Question 94
Correct answer: Question 94

Explanation:

Box 1: vCore

Virtual core (vCore)-based purchasing model (recommended). This purchasing model provides a choice between a provisioned compute tier and a serverless compute tier. With the provisioned compute tier, you choose the exact amount of compute resources that are always provisioned for your workload. With the serverless compute tier, you specify the autoscaling of the compute resources over a configurable compute range Box 2: An Azure SQL Database Elastic pool Azure SQL Database provides the following deployment options for a database:

Single database represents a fully managed, isolated database.

Elastic pool is a collection of single databases with a shared set of resources, such as CPU or memory. Single databases can be moved into and out of an elastic pool.

Reference:

https://docs.microsoft.com/en-us/azure/azure-sql/database/purchasing-models

Question 95

Report
Export
Collapse

HOTSPOT

You plan to deploy a custom database solution that will have multiple instances as shown in the following table.

Client applications will access database servers by using db.contoso.com.

You need to recommend load balancing services for the planned deployment. The solution must meet the following requirements:

Access to at least one database server must be maintained in the event of a regional outage.

The virtual machines must not connect to the internet directly.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Question 95
Correct answer: Question 95

Explanation:

Box 1: Azure Traffic Manager

Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions, while providing high availability and responsiveness. Because Traffic Manager is a DNS-based load-balancing service, it load balances only at the domain level. For that reason, it can't fail over as quickly as Front Door, because of common challenges around DNS caching and systems not honoring DNS TTLs.

Reference:

https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancingoverview

Question 96

Report
Export
Collapse

HOTSPOT

You have a resource group named RG1 that contains the objects shown in the following table.

You need to configure permissions so that App1 can copy all the secrets from KV1 to KV2. App1 currently has the Get permission for the secrets in KV1. Which additional permissions should you assign to App1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Question 96
Correct answer: Question 96

Explanation:

Box 1: List

Get: Gets the specified Azure key vault.

List: The List operation gets information about the vaults associated with the subscription.

Box 2: Create

Create Or Update: Create or update a key vault in the specified subscription.

Reference:

https://docs.microsoft.com/en-us/rest/api/keyvault/

Question 97

Report
Export
Collapse

HOTSPOT

You have an Azure Active Directory (Azure AD) tenant.

You plan to use Azure Monitor to monitor user sign-ins and generate alerts based on specific user sign-in events. You need to recommend a solution to trigger the alerts based on the events.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Question 97
Correct answer: Question 97

Explanation:

Box 1: An Azure Log Analytics workspace

To be able to create an alert we send the Azure AD logs to An Azure Log Analytics workspace.

Note: You can forward your AAD logs and events to either an Azure Storage Account, an Azure Event Hub, Log Analytics, or a combination of all of these. Box 2: Log

Ensure Resource Type is an analytics source like Log Analytics or Application Insights and signal type as Log.

Reference:

https://4sysops.com/archives/how-to-create-an-azure-ad-admin-login-alert/

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-log

Question 98

Report
Export
Collapse

HOTSPOT

You configure OAuth2 authorization in API Management as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.


Question 98
Correct answer: Question 98

Explanation:

Box 1: Web applications

The Authorization Code Grant Type is used by both web apps and native apps to get an access token after a user authorizes an app. Note: The Authorization Code grant type is used by confidential and public clients to exchange an authorization code for an access token. After the user returns to the client via the redirect URL, the application will get the authorization code from the URL and use it to request an access token. Incorrect Answers:

Not Headless device authentication:

A headless system is a computer that operates without a monitor, graphical user interface (GUI) or peripheral devices, such as keyboard and mouse. Headless computers are usually embedded systems in various devices or servers in multi-server data center environments. Industrial machines, automobiles, medical equipment, cameras, household appliances, airplanes, vending machines and toys are among the myriad possible hosts of embedded systems.

Box 2: Client Credentials

How to include additional client data

In case you need to store additional details about a client that don't fit into the standard parameter set the custom data parameter comes to help:

POST /c2id/clients HTTP/1.1

Host: demo.c2id.com

Content-Type: application/json

Authorization: Bearer ztucZS1ZyFKgh0tUEruUtiSTXhnexmd6

{

"redirect_uris" : [ "https://myapp.example.com/callback" ],

"data" : { "reg_type" : "3rd-party",

"approved" : true,

"author_id" : 792440 }

}

The data parameter permits arbitrary content packaged in a JSON object. To set it you will need the master registration token or a one-time access token with a client-reg:data scope. Incorrect Answers:

Authorization protocols provide a state parameter that allows you to restore the previous state of your application. The state parameter preserves some state object set by the client in the Authorization request and makes it available to the client in the response.

Reference:

https://developer.okta.com/blog/2018/04/10/oauth-authorization-code-grant-type

https://connect2id.com/products/server/docs/guides/client-registration

Question 99

Report
Export
Collapse

HOTSPOT

You plan to develop a new app that will store business critical dat a. The app must meet the following requirements:

Prevent new data from being modified for one year.

Minimize read latency.

Maximize data resiliency.

You need to recommend a storage solution for the app.

What should you recommend? To answer, select the appropriate options in the answer area.


Question 99
Correct answer: Question 99

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview

https://docs.microsoft.com/en-us/azure/storage/common/storageredundancy?toc=/azure/storage/blobs/toc.json

Question 100

Report
Export
Collapse

HOTSPOT

You have the Free edition of a hybrid Azure Active Directory (Azure AD) tenant. The tenant uses password hash synchronization. You need to recommend a solution to meet the following requirements:

Prevent Active Directory domain user accounts from being locked out as the result of brute force attacks targeting Azure AD user accounts. Block legacy authentication attempts to Azure AD integrated apps.

Minimize costs.

What should you recommend for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


Question 100
Correct answer: Question 100

Explanation:

Box 1: Smart lockout

Smart lockout helps lock out bad actors that try to guess your users' passwords or use brute-force methods to get in. Smart lockout can recognize sign-ins that come from valid users and treat them differently than ones of attackers and other unknown sources. Attackers get locked out, while your users continue to access their accounts and be productive. Box 2: Conditional access policies

If your environment is ready to block legacy authentication to improve your tenant's protection, you can accomplish this goal with Conditional Access. How can you prevent apps using legacy authentication from accessing your tenant's resources? The recommendation is to just block them with a Conditional Access policy. If necessary, you allow only certain users and specific network locations to use apps that are based on legacy authentication.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smartlockout

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacyauthentication

Total 299 questions
Go to page: of 30
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms