Dependable AZ-305 Exam Dumps to Become Microsoft Certified
Get Ready with AZ-305 Exam Dumps (2024)
NEW QUESTION # 170
You plan to migrate App1 to Azure.
You need to estimate the compute costs for App1 in Azure. The solution must meet the security and compliance requirements.
What should you use to estimate the costs, and what should you implement to minimize the costs? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://azure.microsoft.com/en-us/pricing/tco/
https://azure.microsoft.com/en-us/pricing/hybrid-benefit/
NEW QUESTION # 171
Your company has the infrastructure shown in the following table.
The on-premises Active Directory domain syncs to Azure Active Directory (Azure AD).
Server1 runs an application named Appl that uses LDAP queries to verify user identities in the on-premises Active Directory domain.
You plan to migrate Server1 to a virtual machine in Subscription1.
A company security policy states that the virtual machines and services deployed to Subscription1 must be prevented from accessing the on-premises network.
You need to recommend a solution to ensure that Appl continues to function after the migration. The solution must meet the security policy.
What should you include in the recommendation?
- A. Azure AD Domain Services (Azure AD DS)
- B. the Active Directory Domain Services role on a virtual machine
- C. Azure AD Application Proxy
- D. an Azure VPN gateway
Answer: A
Explanation:
Explanation
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/overview Azure Active Directory Domain Services (Azure AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication Azure AD Domain Services (Azure AD DS) - This one could work since AAD DS will bring in the existing accounts from Azure AD which in turn are synchronised from on-premise AD over AD connect. However, you would probably need to reconfigure the app and update the LDAP connection Azure Active Directory (Azure AD) supports LDAP Authentication via Azure AD Domain Services (AD DS).
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/auth-ldap
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/synchronization
NEW QUESTION # 172
You plan to deploy a custom database solution that will have multiple instances as shown in the following table.
Client applications will access database servers by using db.contoso.com.
You need to recommend load balancing services for the planned deployment. The solution must meet the following requirements:
Access to at least one database server must be maintained in the event of a regional outage.
The virtual machines must not connect to the internet directly.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview
NEW QUESTION # 173
You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server 2016 and Linux.
You need to use Azure Log Analytics design an alerting strategy for security-related events.
Which Log Analytics tables should you query? To answer, drag the appropriate tables to the correct log types. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 174
Your company has the divisions shown in the following table.
You plan to deploy a custom application to each subscription. The application will contain the following:
A resource group
An Azure web app
Custom role assignments
An Azure Cosmos DB account
You need to use Azure Blueprints to deploy the application to each subscription.
What is the minimum number of objects required to deploy the application? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 175
You need to ensure that users managing the production environment are registered for Azure MFA and must authenticate by using Azure MFA when they sign in to the Azure portal. The solution must meet the authentication and authorization requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies
NEW QUESTION # 176
You design a solution for the web tier of WebApp1 as shown in the exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Explanation:
Explanation
Box 1: Yes
Any new deployments to Azure must be redundant in case an Azure region fails.
Traffic Manager uses DNS to direct client requests to the most appropriate service endpoint based on a traffic-routing method and the health of the endpoints. An endpoint is any Internet-facing service hosted inside or outside of Azure. Traffic Manager provides a range of traffic-routing methods and endpoint monitoring options to suit different application needs and automatic failover models. Traffic Manager is resilient to failure, including the failure of an entire Azure region.
Box 2: Yes
Recent changes in Azure brought some significant changes in autoscaling options for Azure Web Apps (i.e.
Azure App Service to be precise as scaling happens on App Service plan level and has effect on all Web Apps running in that App Service plan).
Box 3: No
Traffic Manager provides a range of traffic-routing methods and endpoint monitoring options to suit different application needs and automatic failover models. Traffic Manager is resilient to failure, including the failure of an entire Azure region.
Reference:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
https://blogs.msdn.microsoft.com/hsirtl/2017/07/03/autoscaling-azure-web-apps/
NEW QUESTION # 177
You have an on-premises database that you plan to migrate to Azure.
You need to design the database architecture to meet the following requirements:
* Support scaling up and down.
* Support geo-redundant backups.
* Support a database of up to 75 TB.
* Be optimized for online transaction processing (OLTP).
What should you include in the design? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Azure SQL Database
Azure SQL Database:
Database size always depends on the underlying service tiers (e.g. Basic, Business Critical, Hyperscale).
It supports databases of up to 100 TB with Hyperscale service tier model.
Active geo-replication is a feature that lets you to create a continuously synchronized readable secondary database for a primary database. The readable secondary database may be in the same Azure region as the primary, or, more commonly, in a different region. This kind of readable secondary databases are also known as geo-secondaries, or geo-replicas.
Azure SQL Database and SQL Managed Instance enable you to dynamically add more resources to your database with minimal downtime.
Box 2: Hyperscale
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/active-geo-replication-overview
https://medium.com/awesome-azure/azure-difference-between-azure-sql-database-and-sql-server-on-vm-compar
NEW QUESTION # 178
You have an Azure subscription that contains an Azure key vault named KV1 and a virtual machine named VM1. VM1 runs Windows Server 2022: Azure Edition.
You plan to deploy an ASP.NET Core-based application named App1 to VM1.
You need to configure App1 to use a system-assigned managed identity to retrieve secrets from KV1. The solution must minimize development effort.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 179
A company has an on-premises file server cbflserver that runs Windows Server 2019. Windows Admin Center manages this server. The company owns an Azure subscription. You need to provide an Azure solution to prevent data loss if the file server fails.
Solution: You decide to create an Azure Recovery Services vault. You then decide to install the Azure Backup agent and then schedule the backup. Would this meet the requirement?
- A. Yes
- B. No
Answer: A
NEW QUESTION # 180
You have the Free edition of a hybrid Azure Active Directory (Azure AD) tenant. The tenant uses password hash synchronization.
You need to recommend a solution to meet the following requirements:
* Prevent Active Directory domain user accounts from being locked out as the result of brute force attacks targeting Azure AD user accounts.
* Block legacy authentication attempts to Azure AD integrated apps.
* Minimize costs.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Graphical user interface, text, application Description automatically generated
Box 1: Smart lockout
Smart lockout helps lock out bad actors that try to guess your users' passwords or use brute-force methods to get in. Smart lockout can recognize sign-ins that come from valid users and treat them differently than ones of attackers and other unknown sources. Attackers get locked out, while your users continue to access their accounts and be productive.
Box 2: Conditional access policies
If your environment is ready to block legacy authentication to improve your tenant's protection, you can accomplish this goal with Conditional Access.
How can you prevent apps using legacy authentication from accessing your tenant's resources? The recommendation is to just block them with a Conditional Access policy. If necessary, you allow only certain users and specific network locations to use apps that are based on legacy authentication.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smart-lockout
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication
NEW QUESTION # 181
You have the resources shown in the following table.
You create a new resource group in Azure named RG2.
You need to move the virtual machines to RG2.
What should you use to move each virtual machine? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 182
You are designing an application that will use Azure Linux virtual machines to analyze video files. The files will be uploaded from corporate offices that connect to Azure by using ExpressRoute.
You plan to provision an Azure Storage account to host the files.
You need to ensure that the storage account meets the following requirements:
* Supports video files of up to 7 TB
* Provides the highest availability possible
* Ensures that storage is optimized for the large video files
* Ensures that files from the on-premises network are uploaded by using ExpressRoute How should you configure the storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 183
The accounting department at your company migrates to a new financial accounting software. The accounting department must keep file-based database backups for seven years for compliance purposes. It is unlikely that the backups will be used to recover data.
You need to move the backups to Azure. The solution must minimize costs.
Where should you store the backups?
- A. Azure Blob storage that uses the Cool tier
- B. Azure Blob storage that uses the Archive tier
- C. Azure SQL Database
- D. a Recovery Services vault
Answer: B
Explanation:
Azure Front Door enables you to define, manage, and monitor the global routing for your web traffic by optimizing for best performance and instant global failover for high availability. With Front Door, you can transform your global (multi-region) consumer and enterprise applications into robust, high-performance personalized modern applications, APIs, and content that reaches a global audience with Azure.
Front Door works at Layer 7 or HTTP/HTTPS layer and uses anycast protocol with split TCP and Microsoft's global network for improving global connectivity.
Reference:
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-overview
NEW QUESTION # 184
You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server
2016 and Linux.
You need to use Azure Log Analytics design an alerting strategy for security-related events.
Which Log Analytics tables should you query? To answer, drag the appropriate tables to the correct log types.
Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Graphical user interface, table Description automatically generated with medium confidence
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent Windows Event logs --> Information sent to the Windows event logging system. Syslog --> Information sent to the Linux event logging system.
NEW QUESTION # 185
You have the Azure resources shown in the following table.
You need to deploy a new Azure Firewall policy that will contain mandatory rules for all Azure Firewall deployments. The new policy will be configured as a parent policy for the existing policies.
What is the minimum number of additional Azure Firewall policies you should create?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: A
Explanation:
Explanation
Firewall policies work across regions and subscriptions.
Place all your global configurations in the parent policy.
Note: Policies can be created in a hierarchy. You can create a parent/global policy that will contain configurations and rules that will apply to all/a number of firewall instances. Then you create a child policy that inherits from the parent; note that rules changes in the parent instantly appear in the child. The child is associated with a firewall and applies configurations/rules from the parent policy and the child policy instantly to the firewall.
Reference:
https://aidanfinn.com/?p=22006
NEW QUESTION # 186
You plan to migrate DB1 and DB2 to Azure.
You need to ensure that the Azure database and the service tier meet the resiliency and business requirements.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 187
You need to recommend a solution that meets the data requirements for App1.
What should you recommend deploying to each availability zone that contains an instance of App1?
- A. an Azure Storage account that uses geo-zone-redundant storage (GZRS)
- B. an Azure Cosmos DB that uses multi-region writes
- C. an Azure SQL database that uses active geo-replication
- D. an Azure Data Lake store that uses geo-zone-redundant storage (GZRS)
Answer: B
Explanation:
Scenario: App1 has the following data requirements:
Each instance will write data to a data store in the same availability zone as the instance.
Data written by any App1 instance must be visible to all App1 instances.
Azure Cosmos DB: Each partition across all the regions is replicated. Each region contains all the data partitions of an Azure Cosmos container and can serve reads as well as serve writes when multi-region writes is enabled.
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/high-availability
Topic 4, HABInsurance
Current environment
General
An insurance company, HABInsurance, operates in three states and provides home, auto, and boat insurance. Besides the head office, HABInsurance has three regional offices.
Technology assessment
The company has two Active Directory forests: main.habinsurance.com and region.habinsurance.com. HABInsurance's primary internal system is Insurance Processing System (IPS). It is an ASP.Net/C# application running on IIS/Windows Servers hosted in a data center. IPS has three tiers: web, business logic API, and a datastore on a back end. The company uses Microsoft SQL Server and MongoDB for the backend. The system has two parts: Customer data and Insurance forms and documents. Customer data is stored in Microsoft SQL Server and Insurance forms and documents - in MongoDB. The company also has 10 TB of Human Resources (HR) data stored on NAS at the head office location. Requirements General HABInsurance plans to migrate its workloads to Azure. They purchased an Azure subscription. Title Changes During a transition period, HABInsurance wants to create a hybrid identity model along with a Microsoft Office 365 deployment. The company intends to sync its AD forests to Azure AD and benefit from Azure AD administrative units functionality.
HABInsurance needs to migrate the current IPSCustomers SQL database to a new fully managed SQL database in Azure that would be budget-oriented, balanced with scalable compute and storage options. The management team expects the Azure database service to scale the database resources dynamically with minimal downtime. The technical team proposes implementing a DTU-based purchasing model for the new database.
HABInsurance wants to migrate Insurance forms and documents to Azure database service. HABInsurance plans to move IPS first two tiers to Azure without any modifications. The technology team discusses the possibility of running IPS tiers on a set of virtual machines instances. The number of instances should be adjusted automatically based on the CPU utilization. An SLA of 99.95% must be guaranteed for the compute infrastructure.
The company needs to move HR data to Azure File shares.
In their new Azure ecosystem, HABInsurance plans to use internal and third-party applications. The company considers adding user consent for data access to the registered applications Later, the technology team contemplates adding a customer self-service portal to IPS and deploying a new IPS to multi-region ASK. But the management team is worried about performance and availability of the multi-region AKS deployments during regional outages.
NEW QUESTION # 188
You are designing an Azure web app.
You plan to deploy the web app to the North Europe Azure region and the West Europe Azure region.
You need to recommend a solution for the web app. The solution must meet the following requirements:
Users must always access the web app from the North Europe region, unless the region fails.
The web app must be available to users if an Azure region is unavailable.
Deployment costs must be minimized.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods#priority-traffic-routing-method
NEW QUESTION # 189
......
Microsoft AZ-305 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
Download Exam AZ-305 Practice Test Questions with 100% Verified Answers: https://www.vce4dumps.com/AZ-305-valid-torrent.html
Realistic AZ-305 Dumps are Available for Instant Access: https://drive.google.com/open?id=1bcrKW6sQmCakdGenTjxHR66JdvPxIi1l