Microsoft Microsoft Azure AZ-305 Questions & Answers

• Question 11:

  Your company deploys several virtual machines on-premises and to Azure. ExpressRoute is deployed and configured for on-premises to Azure connectivity.

  Several virtual machines exhibit network connectivity issues.

  You need to analyze the network traffic to identify whether packets are being allowed or denied from Azure to the virtual machines.

  Solution: Install and configure the Azure Monitoring agent and the Dependency Agent on all the virtual machines. Use VM insights in Azure Monitor to analyze the network traffic.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

• Question 12:

  What should you recommend to meet the monitoring requirements for App2?

  A. VM insights

  B. Azure Application Insights

  C. Microsoft Sentinel

  D. Container insights

  Correct Answer: B

  Scenario: You need to monitor App2 to analyze how long it takes to perform different transactions within the application. The solution must not require changes to the application code.

  Unified cross-component transaction diagnostics.

  The unified diagnostics experience automatically correlates server-side telemetry from across all your Application Insights monitored components into a single view. It doesn't matter if you have multiple resources. Application Insights detects

  the underlying relationship and allows you to easily diagnose the application component, dependency, or exception that caused a transaction slowdown or failure.

  Note: Components are independently deployable parts of your distributed/microservices application. Developers and operations teams have code-level visibility or access to telemetry generated by these application components.

  Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/app/transaction-diagnostics

• Question 13:

  You are developing an app that will read activity logs for an Azure subscription by using Azure Functions.

  You need to recommend an authentication solution for Azure Functions. The solution must minimize administrative effort.

  What should you include in the recommendation?

  A. an enterprise application in Azure AD

  B. system-assigned managed identities

  C. shared access signatures (SAS)

  D. application registration in Azure AD

  Correct Answer: B

  Azure App Service provides built-in authentication and authorization capabilities (sometimes referred to as "Easy Auth"), so you can sign in users and access data by writing minimal or no code in your web app, RESTful API, and mobile back end, and also Azure Functions.

  Azure App Service provides built-in authentication and authorization capabilities (sometimes referred to as "Easy Auth"), so you can sign in users and access data by writing minimal or no code in your web app, RESTful API, and mobile back end, and also Azure Functions.

  *

  Microsoft Identity Platform

  *

  Facebook

  *

  Google

  *

  Twitter

  *

  Any OpenID Connect provider

  Note:

  A managed identity from Azure Active Directory (Azure AD) allows your app to easily access other Azure AD-protected resources such as Azure Key Vault. The identity is managed by the Azure platform and does not require you to provision

  or rotate any secrets. For more about managed identities in Azure AD, see Managed identities for Azure resources.

  Your application can be granted two types of identities:

  A system-assigned identity is tied to your application and is deleted if your app is deleted. An app can only have one system-assigned identity. A user-assigned identity is a standalone Azure resource that can be assigned to your app. An app

  can have multiple user-assigned identities.

  Reference: https://learn.microsoft.com/en-us/azure/app-service/overview-authentication-authorization https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity

• Question 14:

  HOTSPOT

  You plan to migrate App1 to Azure.

  You need to recommend a high-availability solution for App1. The solution must meet the resiliency requirements.

  What should you include in the recommendation? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Box 1: 3

  Scenario: App1 must meet the following requirements:

  1.

  Be hosted in an Azure region that supports availability zones.

  2.

  Maintain availability if two availability zones in the local Azure region fail.

  A host group is a resource that represents a collection of dedicated hosts. You create a host group in a region and an availability zone, and add hosts to it.

  Use Availability Zones for fault isolation

  Availability zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking.

  A host group is created in a single availability zone. Once created, all hosts will be placed within that zone. To achieve high availability across zones, you need to create multiple host groups (one per zone) and spread your hosts accordingly.

  Box 2: 1

  Scenario: App1 must meet the following requirements:

  Be hosted on Azure virtual machines that support automatic scaling.

  An Azure virtual machine scale set can automatically increase or decrease the number of VM instances that run your application. This automated and elastic behavior reduces the management overhead to monitor and optimize the

  performance of your application.

• Question 15:

  HOTSPOT

  You plan to migrate App1 to Azure.

  You need to estimate the compute costs for App1 in Azure. The solution must meet the security and compliance requirements.

  What should you use to estimate the costs, and what should you implement to minimize the costs? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Box 1: The Azure Total Cost of Ownership (TCO) Calculator

  The Total Cost of Ownership (TCO) Calculator estimates the cost savings you can realize by migrating your workloads to Azure.

  Note: The TCO Calculator recommends a set of equivalent services in Azure that will support your applications. Our analysis will show each cost area with an estimate of your on-premises spend versus your spend in Azure. There are several

  cost categories that either decrease or go away completely when you move workloads to the cloud.

  Box 2: Azure Hybrid Benefit

  Azure Hybrid Benefit is a licensing benefit that helps you to significantly reduce the costs of running your workloads in the cloud. It works by letting you use your on-premises Software Assurance-enabled Windows Server and SQL Server

  licenses on Azure. And now, this benefit applies to RedHat and SUSE Linux subscriptions, too.

  Scenario:

  Litware identifies the following security and compliance requirements:

  1.

  Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.

  2.

  On-premises users and services must be able to access the Azure Storage account that will host the data in App1.

  3.

  Access to the public endpoint of the Azure Storage account that will host the App1 data must be prevented.

  4.

  All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.

  5.

  App1 must not share physical hardware with other workloads.

• Question 16:

  HOTSPOT

  You plan to migrate App1 to Azure.

  You need to recommend a storage solution for App1 that meets the security and compliance requirements.

  Which type of storage should you recommend, and how should you recommend configuring the storage? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Box 1: Standard general-purpose v2

  Standard general-purpose v2 supports Blob Storage.

  Azure Storage provides data protection for Blob Storage and Azure Data Lake Storage Gen2.

  Scenario:

  Litware identifies the following security and compliance requirements:

  Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.

  On-premises users and services must be able to access the Azure Storage account that will host the data in App1.

  Access to the public endpoint of the Azure Storage account that will host the App1 data must be prevented.

  All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.

  App1 must NOT share physical hardware with other workloads.

  Box 2: NFSv3

  Scenario: Plan: Migrate App1 to Azure virtual machines.

  Blob storage now supports the Network File System (NFS) 3.0 protocol. This support provides Linux file system compatibility at object storage scale and prices and enables Linux clients to mount a container in Blob storage from an Azure

  Virtual Machine (VM) or a computer on-premises.

  Reference:

  https://docs.microsoft.com/en-us/azure/storage/blobs/data-protection-overview

• Question 17:

  HOTSPOT

  You plan to migrate DB1 and DB2 to Azure.

  You need to ensure that the Azure database and the service tier meet the resiliency and business requirements.

  What should you configure? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Box 1: SQL Managed Instance

  Scenario: Once migrated to Azure, DB1 and DB2 must meet the following requirements:

  1.

  Maintain availability if two availability zones in the local Azure region fail.

  2.

  Fail over automatically.

  3.

  Minimize I/O latency.

  The auto-failover groups feature allows you to manage the replication and failover of a group of databases on a server or all databases in a managed instance to another region. It is a declarative abstraction on top of the existing active georeplication feature, designed to simplify deployment and management of geo-replicated databases at scale. You can initiate a geo-failover manually or you can delegate it to the Azure service based on a user-defined policy. The latter option

  allows you to automatically recover multiple related databases in a secondary region after a catastrophic failure or other unplanned event that results in full or partial loss of the SQL Database or SQL Managed Instance availability in the

  primary region.

  Box 2: Business critical

  SQL Managed Instance is available in two service tiers:

  General purpose: Designed for applications with typical performance and I/O latency requirements.

  Business critical: Designed for applications with low I/O latency requirements and minimal impact of underlying maintenance operations on the workload.

  Reference:

  https://docs.microsoft.com/en-us/azure/azure-sql/database/auto-failover-group-overview

  https://docs.microsoft.com/en-us/azure/azure-sql/managed-instance/sql-managed-instance-paas-overview

• Question 18:

  HOTSPOT

  To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 19:

  HOTSPOT

  You are evaluating the components of the migration to Azure that require you to provision an Azure Storage account. For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 20:

  HOTSPOT

  You design a solution for the web tier of WebApp1 as shown in the exhibit.

  

  For each of the following statements, select Yes if the statement is true. Otherwise, select

  Hot Area:

  

  Correct Answer:

  

  Box 1: Yes

  Any new deployments to Azure must be redundant in case an Azure region fails.

  Traffic Manager uses DNS to direct client requests to the most appropriate service endpoint based on a traffic-routing method and the health of the endpoints. An endpoint is any Internet-facing service hosted inside or outside of Azure. Traffic

  Manager provides a range of traffic-routing methods and endpoint monitoring options to suit different application

  needs and automatic failover models. Traffic Manager is resilient to failure, including the failure of an entire Azure region.

  Box 2: Yes

  Recent changes in Azure brought some significant changes in autoscaling options for Azure Web Apps (i.e. Azure App Service to be precise as scaling happens on App Service plan level and has effect on all Web Apps running in that App

  Service plan).

  Box 3: No

  Traffic Manager provides a range of traffic-routing methods and endpoint monitoring options to suit different application needs and automatic failover models. Traffic Manager is resilient to failure, including the failure of an entire Azure region.