microsoft az-305 practice test

Designing Microsoft Azure Infrastructure Solutions

Last exam update: May 13 ,2024
Page 1 out of 25. Viewing questions 1-10 out of 252

Question 1

You are designing a microservices architecture that will support a web application.
The solution must meet the following requirements:
Deploy the solution on-premises and to Azure.
Support low-latency and hyper-scale operations.

Allow independent upgrades to each microservice.
Set policies for performing automatic repairs to the microservices.
You need to recommend a technology.
What should you recommend?

  • A. Azure Container Instance
  • B. Azure Logic App
  • C. Azure Service Fabric
  • D. Azure virtual machine scale set
Answer:

c

User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%

Azure Service Fabric enables you to create Service Fabric clusters on premises or in other clouds.
Azure Service Fabric is low-latency and scales up to thousands of machines.
Reference:
https://azure.microsoft.com/en-us/services/service-fabric/

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

You have an Azure AD tenant named contoso.com that has a security group named Group1. Group1 is configured for assigned memberships. Group1 has 50 members, including 20 guest users.

You need to recommend a solution for evaluating the membership of Group1. The solution must meet the following requirements:

The evaluation must be repeated automatically every three months.
Every member must be able to report whether they need to be in Group1.
Users who report that they do not need to be in Group1 must be removed from Group1 automatically.
Users who do not report whether they need to be in Group1 must be removed from Group1 automatically.

What should you include in the recommendation?

  • A. Implement Azure AD Identity Protection.
  • B. Change the Membership type of Group1 to Dynamic User.
  • C. Create an access review.
  • D. Implement Azure AD Privileged Identity Management (PIM).
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

HOTSPOT Your company has 20 web APIs that were developed in-house.
The company is developing 10 web apps that will use the web APIs. The web apps and the APIs are registered in the company s Azure Active Directory (Azure
AD) tenant. The web APIs are published by using Azure API Management.
You need to recommend a solution to block unauthorized requests originating from the web apps from reaching the web APIs. The solution must meet the following requirements:
Use Azure AD-generated claims.
Minimize configuration and management effort.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Box 1: Azure AD -
Grant permissions in Azure AD.

Box 2: Azure API Management -
Configure a JWT validation policy to pre-authorize requests.
Pre-authorize requests in API Management with the Validate JWT policy, by validating the access tokens of each incoming request. If a request does not have a valid token, API Management blocks it.
Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad

Discussions
0 / 1000

Question 4

You need to recommend a solution for the App1 maintenance task. The solution must minimize costs.
What should you include in the recommendation?

  • A. an Azure logic app
  • B. an Azure function
  • C. an Azure virtual machine
  • D. an App Service WebJob
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%

Every hour, you will run a maintenance task by invoking a PowerShell script that copies files from all the App1 instances. The PowerShell script will run from a central location.
App1 will have six instances: three in the East US Azure region and three in the West Europe Azure region.
You can create and manage workflows with Azure PowerShell in Azure Logic Apps.
You can create a Consumption logic app in multi-tenant Azure Logic Apps by using the JSON file for a logic app workflow definition. You can then manage your logic app by running the cmdlets in the Az.LogicApp PowerShell module.
Reference:
https://docs.microsoft.com/en-us/azure/logic-apps/quickstart-logic-apps-azure-powershell

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service instances will be deployed at the same time as the Azure SQL databases.
The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region.
You need to recommend a solution to meet the regulatory requirement.
Solution: You recommend using the Regulatory compliance dashboard in Microsoft Defender for Cloud.
Does this meet the goal?

  • A. Yes
  • B. No
Answer:

b

User Votes:
A
50%
B
50%

Instead; you should recommend using an Azure Policy initiative to enforce the location
Note: Azure Resource Policy Definitions can be used which can be applied to a specific Resource Group with the App Service instances.
In Azure Policy, we offer several built-in policies that are available by default. For example:
* Allowed Locations (Deny): Restricts the available locations for new resources. Its effect is used to enforce your geo-compliance requirements.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview

Discussions
vote your answer:
A
B
0 / 1000

Question 6

You need to design a highly available Azure SQL database that meets the following requirements:

Failover between replicas of the database must occur without any data loss.
The database must remain available in the event of a zone outage.
Costs must be minimized.

Which deployment option should you use?

  • A. Azure SQL Database Hyperscale
  • B. Azure SQL Database Premium
  • C. Azure SQL Database Basic
  • D. Azure SQL Database Serverless
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

After you migrate App1 to Azure, you need to enforce the data modification requirements to meet the security and compliance requirements.
What should you do?

  • A. Create an access policy for the blob service.
  • B. Implement Azure resource locks.
  • C. Create Azure RBAC assignments.
  • D. Modify the access level of the blob service.
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%

Scenario: Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.
As an administrator, you can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. The lock overrides any permissions the user might have.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

You have an Azure virtual machine named VM1 that runs Windows Server 2019 and contains 500 GB of data files.
You are designing a solution that will use Azure Data Factory to transform the data files, and then load the files to Azure Data Lake Storage.
What should you deploy on VM1 to support the design?

  • A. the On-premises data gateway
  • B. the Azure Pipelines agent
  • C. the self-hosted integration runtime
  • D. the Azure File Sync agent
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%

The integration runtime (IR) is the compute infrastructure that Azure Data Factory and Synapse pipelines use to provide data-integration capabilities across different network environments.
A self-hosted integration runtime can run copy activities between a cloud data store and a data store in a private network. It also can dispatch transform activities against compute resources in an on-premises network or an Azure virtual network. The installation of a self-hosted integration runtime needs an on-premises machine or a virtual machine inside a private network.
Reference:
https://docs.microsoft.com/en-us/azure/data-factory/create-self-hosted-integration-runtime

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

You have data files in Azure Blob Storage.
You plan to transform the files and move them to Azure Data Lake Storage.
You need to transform the data by using mapping data flow.
Which service should you use?

  • A. Azure Databricks
  • B. Azure Storage Sync
  • C. Azure Data Factory
  • D. Azure Data Box Gateway
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%

You can copy and transform data in Azure Data Lake Storage Gen2 using Azure Data Factory or Azure Synapse Analytics.
Reference:
https://docs.microsoft.com/en-us/azure/data-factory/connector-azure-data-lake-storage

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

You have an Azure subscription.
You need to recommend a solution to provide developers with the ability to provision Azure virtual machines. The solution must meet the following requirements:
Only allow the creation of the virtual machines in specific regions.
Only allow the creation of specific sizes of virtual machines.
What should you include in the recommendation?

  • A. Attribute-based access control (ABAC)
  • B. Azure Policy
  • C. Conditional Access policies
  • D. role-based access control (RBAC)
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%

Azure Policies allows you to specify allowed locations, and allowed VM SKUs.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage

Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2