Online Questions - Valid Practice To your AZ-305 Exam (Updated 211 Questions)
Practice To AZ-305 - Remarkable Practice On your Designing Microsoft Azure Infrastructure Solutions Exam
The Microsoft AZ-305 also known as Designing Microsoft Azure Infrastructure Solutions is intended for experienced candidates with developed skills and a comprehensive knowledge of IT operations, which include networking, secure, visualization, disaster recovery, identity, business continuity, and governance. The candidates should be able to take a decision and assess the consequences, as well as consider how it affects the common decision. They also should be experienced in Azure development and administration, as well as in DevOps processes. What you need to know more is that this test along with the Microsoft Certified: Azure Administrator Associate certification leads to the Microsoft Certified: Azure Solutions Architect Expert accreditation. The second variant you can choose is to pass exam AZ-303 (retires in March, 2022) together with the AZ-305 test.
Exam Details
In brief, the Microsoft AZ-305 exam is designed to assess your ability to monitor solutions, design identity, and governance, create data storage solutions, business continuity, and infrastructure solutions. It will include from 40 to 60 questions of different types, and will last either 100 or 120 minutes (depends on the inclusion of labs). If it includes labs, then its duration will be longer. To pass the exam you should score at least 700 points out of 1000. And of course, you need to pay an exam fee, which is now $165.
Ways to Prepare
Preparation is an essential process before taking the actual Microsoft exam. On the vendor’s website, you can find free and paid options to choose from. The free option represents a collection of learning paths each of which is dedicated to a specific topic covered in the exam. Among the learning paths you can choose from “AZ-305: Design identity, governance, and monitor solutions”, which consists of 3 modules, “AZ-305: Design business continuity solutions” (2 modules), or“AZ-305: Design data storage solutions” (3 modules), to name a few.
The paid training is known as the “Designing Microsoft Azure Infrastructure Solutions” course. This course is led by the instructor and equips candidates with the necessary skills required to design infrastructure solutions.
Using books in your preparation process is also a good idea. It will help you to get a thorough understanding of the concepts tested and get the explanation of what is unclear to you. Thus, on the Amazon website, you can find the “Azure Solutions Architect Expert” book for the AZ-305 exam written by Saransh Paliwal. It covers the roles of the Azure Solutions Architect Expert, exam topics included in the test, and offers your questions with answers and explanations. This book is an effective way to harness your skills in the exam topics, and get a passing score in the final exam. So, put it on the list of your training materials that you will definitely use in your prep process.
NEW QUESTION 82
You need to recommend a solution that meets the data requirements for App1.
What should you recommend deploying to each availability zone that contains an instance of App1?
- A. an Azure Cosmos DB that uses multi-region writes
- B. an Azure SQL database that uses active geo-replication
- C. an Azure Data Lake store that uses geo-zone-redundant storage (GZRS)
- D. an Azure Storage account that uses geo-zone-redundant storage (GZRS)
Answer: A
NEW QUESTION 83
You need to design a storage solution for an app that will store large amounts of frequently used dat a. The solution must meet the following requirements:
Maximize data throughput.
Prevent the modification of data for one year.
Minimize latency for read and write operations.
Which Azure Storage account type and storage service should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/archive-blob
NEW QUESTION 84
You have an application named App1. App1 generates log files that must be archived for five years. The log files must be readable by App1 but must not be modified.
Which storage solution should you recommend for archiving?
- A. Use an Azure file share that has access control enabled
- B. Ingest the log files into an Azure Log Analytics workspace
- C. Use an Azure Blob storage account and a time-based retention policy
- D. Use an Azure Blob storage account configured to use the Archive access tier
Answer: C
Explanation:
Immutable storage for Azure Blob storage enables users to store business-critical data objects in a WORM (Write Once, Read Many) state.
Immutable storage supports:
Time-based retention policy support: Users can set policies to store data for a specified interval. When a time-based retention policy is set, blobs can be created and read, but not modified or deleted. After the retention period has expired, blobs can be deleted but not overwritten.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage
NEW QUESTION 85
You plan to migrate App1 to Azure.
You need to recommend a storage solution for App1 that meets the security and compliance requirements.
Which type of storage should you recommend, and how should you recommend configuring the storage? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/data-protection-overview
NEW QUESTION 86
Your company has the divisions shown in the following table.
You plan to deploy a custom application to each subscription. The application will contain the following:
A resource group
An Azure web app
Custom role assignments
An Azure Cosmos DB account
You need to use Azure Blueprints to deploy the application to each subscription.
What is the minimum number of objects required to deploy the application? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 87
You need to design a storage solution for an app that will store large amounts of frequently used dat a. The solution must meet the following requirements:
Maximize data throughput.
Prevent the modification of data for one year.
Minimize latency for read and write operations.
Which Azure Storage account type and storage service should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/archive-blob
NEW QUESTION 88
Your company currently has an application that is hosted on their on-premises environment. The application currently connects to two databases in the on-premises environment. The databases are named whizlabdb1 and whizlabdb2.
You have to move the databases onto Azure. The databases have to support server-side transactions across both of the databases.
Solution: You decide to deploy the databases to an Azure SQL database-managed instance.
Would this fulfill the requirement?
- A. No
- B. Yes
Answer: B
NEW QUESTION 89
You have an Azure subscription. The subscription has a blob container that contains multiple blobs. Ten users in the finance department of your company plan to access the blobs during the month of April. You need to recommend a solution to enable access to the blobs during the month of April only. Which security solution should you include in the recommendation?
- A. shared access signatures (SAS)
- B. certificates
- C. access keys
- D. conditional access policies
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview This allows for limited-time fine grained access control to resources. So you can generate URL, specify duration (for month of April) and disseminate URL to 10 team members. On May 1, the SAS token is automatically invalidated, denying team members continued access.
NEW QUESTION 90
You have an Azure subscription that contains an Azure Blob storage account named store1.
You have an on-premises file server named Setver1 that runs Windows Sewer 2016. Server1 stores 500 GB of company files.
You need to store a copy of the company files from Server 1 in store1.
Which two possible Azure services achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point
- A. Azure Data factory
- B. an integration account
- C. an On-premises data gateway
- D. an Azure Import/Export job
- E. an Azure Batch account
Answer: A,D
Explanation:
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-from-blobs
https://docs.microsoft.com/en-us/answers/questions/31113/fastest-method-to-copy-500gb-table-from-on-premise.html
NEW QUESTION 91
You have an Azure subscription that is linked to an Azure Active Directory Premium Plan 2 tenant The tenant has multi-factor authentication (MFA) enabled for all users.
You have the named locations shown in the following table.
You have the users shown in the following table.
You plan to deploy the Conditional Access policies shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 92
You have an Azure App Service web app that uses a system-assigned managed identity.
You need to recommend a solution to store their settings of the web app as secrets in an Azure key vault The solution must meet the following requirements:
* Minimize changes to the app code,
* Use the principle of least privilege.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
Answer:
Explanation:
NEW QUESTION 93
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use the Azure Traffic Analytics solution in Azure Log Analytics to analyze the network traffic.
Does the solution meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
Instead use Azure Network Watcher to run IP flow verify to analyze the network traffic.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
NEW QUESTION 94
You have an Azure Active Directory (Azure AD) tenant.
You plan to use Azure Monitor to monitor user sign-ins and generate alerts based on specific user sign-in events.
You need to recommend a solution to trigger the alerts based on the events.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://4sysops.com/archives/how-to-create-an-azure-ad-admin-login-alert/
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-log
NEW QUESTION 95
You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group'. Group i is configured Tor assigned membership. Group I has 50 members. including 20 guest users.
You need To recommend a solution for evaluating the member ship of Group1. The solution must meet the following requirements:
* The evaluation must be repeated automatically every three months
* Every member must be able to report whether they need to be in Group1
* Users who report that they do not need to be in Group 1 must be removed from Group1 automatically
* Users who do not report whether they need to be m Group1 must be removed from Group1 automatically.
What should you include in me recommendation?
- A. Implement Azure AD Privileged Identity Management.
- B. Create an access review.
- C. Change the Membership type of Group1 to Dynamic User.
- D. implement Azure AU Identity Protection.
Answer: B
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview#learn-about-access-reviews Have reviews recur periodically: You can set up recurring access reviews of users at set frequencies such as weekly, monthly, quarterly or annually, and the reviewers will be notified at the start of each review. Reviewers can approve or deny access with a friendly interface and with the help of smart recommendations.
An administrator creates an access review of Group C with 50 member users and 25 guest users. Makes it a self-review. 50 licenses for each user as self-reviewers.* https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview#example-license-scenarios There are 4 requirements and every single one is only met by access reviews. https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview#when-should-you-use-access-reviews Dynamic User is needed if a user must be automatically granted access on base of its attributes (department, jobtitle, location, etc.) https://techcommunity.microsoft.com/t5/itops-talk-blog/dynamic-groups-in-azure-ad-and-microsoft-365/ba-p/2267494 Implementing Azure AD PIM is no solution and absolutely not necessary for access reviews. https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview#where-do-you-create-reviews
NEW QUESTION 96
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service instances will be deployed at the same time as the Azure SQL databases.
The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region.
You need to recommend a solution to meet the regulatory requirement.
Solution: You recommend creating resource groups based on locations and implementing resource locks on the resource groups.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
Resource locks are not used for compliance purposes. Resource locks prevent changes from being made to resources.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
NEW QUESTION 97
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Install and configure the Microsoft Monitoring Agent and the Dependency Agent on all VMs. Use the Wire Data solution in Azure Monitor to analyze the network traffic.
Does the solution meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
Instead use Azure Network Watcher to run IP flow verify to analyze the network traffic.
Note: Wire Data looks at network data at the application level, not down at the TCP transport layer. The solution doesn't look at individual ACKs and SYNs.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
NEW QUESTION 98
You have five .NET Core applications that run on 10 Azure virtual machines in the same subscription.
You need to recommend a solution to ensure that the applications can authenticate by using the same Azure Active Directory (Azure AD) identity. The solution must meet the following requirements:
Ensure that the applications can authenticate only when running on the 10 virtual machines.
Minimize administrative effort.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 99
You need to implement the Azure RBAC role assignments for the Network Contributor role. The solution must meet the authentication and authorization requirements.
What is the minimum number of assignments that you must use?
- A. 0
- B. 1
- C. 2
- D. 3
- E. 4
Answer: C
Explanation:
Scenario: The Network Contributor built-in RBAC role must be used to grant permissions to the network administrators for all the virtual networks in all the Azure subscriptions.
RBAC roles must be applied at the highest level possible.
NEW QUESTION 100
You plan to create an Azure Storage account that will host file shares. The shares will be accessed from on-premises applications that are transaction-intensive.
You need to recommend a solution to minimize latency when accessing the file shares. The solution must provide the highest-level of resiliency for the selected storage tier.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-planning
NEW QUESTION 101
You plan to deploy an Azure App Service web app that will have multiple instances across multiple Azure regions.
You need to recommend a load balancing service for the planned deployment. The solution must meet the following requirements:
Maintain access to the app in the event of a regional outage.
Support Azure Web Application Firewall (WAF).
Support cookie-based affinity.
Support URL routing.
What should you include in the recommendation?
- A. Azure Application Gateway
- B. Azure Traffic Manager
- C. Azure Front Door
- D. Azure Load Balancer
Answer: D
Explanation:
Azure Traffic Manager performs the global load balancing of web traffic across Azure regions, which have a regional load balancer based on Azure Application Gateway. This combination gets you the benefits of Traffic Manager many routing rules and Application Gateway's capabilities such as WAF, TLS termination, path-based routing, cookie-based session affinity among others.
Reference:
https://docs.microsoft.com/en-us/azure/application-gateway/features
NEW QUESTION 102
A company has an existing web application that runs on virtual machines (VMs) in Azure.
You need to ensure that the application is protected from SQL injection attempts and uses a layer-7 load balancer. The solution must minimize disruption to the code for the existing web application.
What should you recommend? To answer, drag the appropriate values to the correct items. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-faq
https://docs.microsoft.com/en-us/azure/application-gateway/waf-overview
NEW QUESTION 103
You are developing a sates application that will contain several Azure cloud services and handle different components of a transaction. Different cloud services will process customer orders, billing, payment inventory, and shipping.
You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using XML messages.
What should you include in the recommendation?
- A. Azure Notification Hubs
- B. Azure Data Lake
- C. Azure Service Fabric
- D. Azure Queue Storage
Answer: C
NEW QUESTION 104
You manage a database environment for a Microsoft Volume Licensing customer named Contoso, Ltd. Contoso uses License Mobility through Software Assurance.
You need to deploy 50 databases. The solution must meet the following requirements:
Support automatic scaling.
Minimize Microsoft SQL Server licensing costs.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/purchasing-models
NEW QUESTION 105
You need to recommend a strategy for migrating the database content of WebApp1 to Azure. What should you include in the recommendation?
- A. Use Azure Site Recovery to replicate the SQL servers to Azure.
- B. Copy the BACPAC file that contains the Azure SQL database file to Azure Blob storage.
- C. Copy the VHD that contains the Azure SQL database files to Azure Blob storage
- D. Use SQL Server transactional replication.
Answer: C
Explanation:
Before you upload a Windows virtual machine (VM) from on-premises to Azure, you must prepare the virtual hard disk (VHD or VHDX).
Scenario: WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhd-image
Topic 2, Litware, Inc
General Overview
Litware, Inc. is a medium-sized finance company.
Overview
Physical Locations
Litware has a main office in Boston.
Existing Environment
Identity Environment
The network contains an Active Directory forest named Litware.com that is linked to an Azure Active Directory (Azure AD) tenant named Litware.com. All users have Azure Active Directory Premium P2 licenses.
Litware has a second Azure AD tenant named dev.Litware.com that is used as a development environment.
The Litware.com tenant has a conditional access policy named capolicy1. Capolicy1 requires that when users manage the Azure subscription for a production environment by using the Azure portal, they must connect from a hybrid Azure AD-joined device.
Existing Environment. Azure Environment
Litware has 10 Azure subscriptions that are linked to the Litware.com tenant and five Azure subscriptions that are linked to the dev.Litware.com tenant. All the subscriptions are in an Enterprise Agreement (EA).
The Litware.com tenant contains a custom Azure role-based access control (Azure RBAC) role named Role1 that grants the DataActions read permission to the blobs and files in Azure Storage.
Existing Environment. On-premises Environment
The on-premises network of Litware contains the resources shown in the following table.
Existing Environment. Network Environment
Litware has ExpressRoute connectivity to Azure.
Planned Changes and Requirements. Planned Changes
Litware plans to implement the following changes:
Migrate DB1 and DB2 to Azure.
Migrate App1 to Azure virtual machines.
Deploy the Azure virtual machines that will host App1 to Azure dedicated hosts.
Planned Changes and Requirements.
Authentication and Authorization Requirements
Litware identifies the following authentication and authorization requirements:
Users that manage the production environment by using the Azure portal must connect from a hybrid Azure AD-joined device and authenticate by using Azure Multi-Factor Authentication (MFA).
The Network Contributor built-in RBAC role must be used to grant permission to all the virtual networks in all the Azure subscriptions.
To access the resources in Azure, App1 must use the managed identity of the virtual machines that will host the app.
Role1 must be used to assign permissions to the storage accounts of all the Azure subscriptions.
RBAC roles must be applied at the highest level possible.
Planned Changes and Requirements. Resiliency Requirements
Litware identifies the following resiliency requirements:
Once migrated to Azure, DB1 and DB2 must meet the following requirements:
- Maintain availability if two availability zones in the local Azure region fail.
- Fail over automatically.
- Minimize I/O latency.
App1 must meet the following requirements:
- Be hosted in an Azure region that supports availability zones.
- Be hosted on Azure virtual machines that support automatic scaling.
- Maintain availability if two availability zones in the local Azure region fail.
Planned Changes and Requirements. Security and Compliance Requirements
Litware identifies the following security and compliance requirements:
Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.
On-premises users and services must be able to access the Azure Storage account that will host the data in App1.
Access to the public endpoint of the Azure Storage account that will host the App1 data must be prevented.
All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.
App1 must not share physical hardware with other workloads.
Planned Changes and Requirements. Business Requirements
Litware identifies the following business requirements:
Minimize administrative effort.
Minimize costs.
NEW QUESTION 106
......
True AZ-305 Exam Extraordinary Practice For the Exam: https://www.pass4training.com/AZ-305-pass-exam-training.html
Get 100% Passing Success With True AZ-305 Exam: https://drive.google.com/open?id=16R4__bPIDnyyx1Ji8f919APRvgNBNZcj
