Microsoft AZ-305 Online Practice Questions and Exam Preparation

Microsoft AZ-305 Online Questions & Answers

• Question 211:

  You need to recommend a data storage solution that meets the following requirements:

  1. Ensures that applications can access the data by using a REST connection

  2. Hosts 20 independent tables of varying sizes and usage patterns

  3. Automatically replicates the data to a second Azure region

  Minimizes costs

  What should you recommend?

  A. an Azure SQL Database elastic pool that uses active geo-replication
  B. tables in an Azure Storage account that use geo-redundant storage (GRS)
  C. tables in an Azure Storage account that use read-access geo-redundant storage (RA-GRS)
  D. an Azure SQL database that uses active geo-replication
  B. tables in an Azure Storage account that use geo-redundant storage (GRS)

  ---

  Explanation

  The Table service offers structured storage in the form of tables. The Table service API is a REST API for working with tables and the data that they contain.

  Geo-redundant storage (GRS) has a lower cost than read-access geo-redundant storage (RA-GRS).

  References:

  https://docs.microsoft.com/en-us/rest/api/storageservices/table-service-rest-apihttps://docs.microsoft.com/en-us/azure/storage/common/geo-redundant-design

• Question 212:

  HOTSPOT

  You plan to deploy a network-intensive application to several Azure virtual machines.

  You need to recommend a solution that meets the following requirements:

  Minimizes the use of the virtual machine processors to transfer data Minimizes network latency

  Which virtual machine size and feature should you use? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  References:

  https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-hpc#h-series

• Question 213:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have an app named App1 that uses data from two on-premises Microsoft SQL Server databases named DB1 and DB2.

  You plan to move DB1 and DB2 to Azure.

  You need to implement Azure services to host DB1 and DB2. The solution must support server-side transactions across DB1 and DB2.

  Solution: You deploy DB1 and DB2 to an Azure SQL Database managed instance.

  Does this meet the goal?

  A. Yes
  B. No
  B. No

  ---

  Explanation

  Instead deploy DB1 and DB2 to SQL Server on an Azure virtual machine.

  Note: Understanding distributed transactions.

  When both the database management system and client are under the same ownership (e.g. when SQL Server is deployed to a virtual machine), transactions are available and the lock duration can be controlled.

  References:

  https://docs.particular.net/nservicebus/azure/understanding-transactionality-in-azure

• Question 214:

  HOTSPOT

  You have several Azure App Service web apps that use Azure Key Vault to store data encryption keys. Several departments have the following requests to support the web app:

  

  Which service should you recommend for each department's request?

  To answer, configure the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

• Question 215:

  You plan to deploy an application named App1 that will run on five Azure virtual machines. Additional virtual machines will be deployed later to run App1.

  You need to recommend a solution to meet the following requirements for the virtual machines that will run App1:

  1. Ensure that the virtual machines can authenticate to Azure Active Directory (Azure AD) to gain access to an Azure key vault, Azure Logic Apps instances, and an Azure SQL database.

  2. Avoid assigning new roles and permissions for Azure services when you deploy additional virtual machines.

  3. Avoid storing secrets and certificates on the virtual machines.

  Which type of identity should you include in the recommendation?

  A. a service principal that is configured to use a certificate
  B. a system-assigned managed identity
  C. a service principal that is configured to use a client secret
  D. a user-assigned managed identity
  D. a user-assigned managed identity

  ---

  Explanation

  Managed identities for Azure resources is a feature of Azure Active Directory. User-assigned managed identity can be shared. The same user-assigned managed identity can be associated with more than one Azure resource.

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

• Question 216:

  HOTSPOT

  You have an Azure subscription that contains an Azure key vault named KV1 and a virtual machine named VM1. VM1 runs Windows Server 2022: Azure Edition.

  You plan to deploy an ASP.Net Core-based application named App1 to VM1.

  You need to configure App1 to use a system-assigned managed identity to retrieve secrets from KV1. The solution must minimize development effort.

  What should you do? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Client Credentials flow

  Client Credentials flow - The only flow that does not require immediate user interaction, usually used when the OAuth client is acting on-behalf of itself, when user-consent doesn't make sense, or when authorization primitives could be configured out-of-band (for instance via Azure AD)

  Note: Authenticating to Azure Services Local machines don't support managed identities for Azure resources. As a result, the Microsoft.Azure.Services.AppAuthentication library uses your developer credentials to run in your local development environment. When the solution is deployed to Azure, the library uses a managed identity to switch to an OAuth 2.0 client credential grant flow. This approach means you can test the same code locally and remotely without worry.

  Incorrect:

  Authorization code flow - Requires user interaction and consent, typically via the web browser, to get a code which is then used to issue an access token.

  Implicit grant flow - Created for single page web / mobile webview apps, where token creation and handling is done entirely from the front end.

  Box 2: OAuth 2.0 access token endpoint of Azure AD

  Example: Issuing & inspecting our first OAuth token

  At this stage, we should be able to issue tokens to Service A, on behalf of Service B - let's see that in action.

  In Azure AD application registration blade, go to Service B (as shown in previous steps) In the Overview blade, Click on the 'Endpoints' button at the command bar In the opened Endpoints blade, copy the OAuth 2.0 token endpoint (v2) URL Issue a HTTP POST call for the given URL with the following parameters

  $> curl -s -XPOST <token-v2-endpoint> \

  -d grant_type=client_credentials \

  -d client_id=<service-b-app-id> \

  -d client_secret=<service-b-client-secret> \

  -d scope=<service-a-application-id-uri>/.default

  5. Etc.

  References:

  https://medium.com/@dany74q/service-to-service-auth-with-azure-ad-msi-oauth-2-0-step-by-step-a1aed196b1e1https://learn.microsoft.com/en-us/dotnet/api/overview/azure/service-to-service-authentication

• Question 217:

  You need to recommend a data storage strategy for WebApp1.

  What should you include in in the recommendation?

  A. an Azure SQL Database elastic pool
  B. a vCore-based Azure SQL database
  C. an Azure virtual machine that runs SQL Server
  D. a fixed-size DTU AzureSQL database.
  B. a vCore-based Azure SQL database

• Question 218:

  You have an application that is hosted across multiple Azure regions.

  You need to ensure that users connect automatically to their nearest application host based on network latency.

  What should you implement?

  A. Azure Application Gateway
  B. Azure Load Balancer
  C. Azure Traffic Manager
  D. Azure Bastion
  C. Azure Traffic Manager

  ---

  Explanation

  Azure Traffic Manager is a DNS-based traffic load balancer. This service allows you to distribute traffic to your public facing applications across the global Azure regions. Traffic Manager also provides your public endpoints with high availability and quick responsiveness.

  Incorrect Answers:

  Option A: Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications.

  Option B: An Azure load balancer is a Layer-4 (TCP, UDP) load balancer that provides high availability by distributing incoming traffic among healthy VMs.

  Option D: Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP and SSH access to your virtual machines directly through the Azure Portal.

  References:

  https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview

• Question 219:

  DRAG DROP

  You have an Azure AD tenant that contains an administrative unit named MarketingAU. MarketingAU contains 100 users.

  You create two users named User1 and User2.

  You need to ensure that the users can perform the following actions in MarketingAU:

  User1 must be able to create user accounts.

  User2 must be able to reset user passwords.

  Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  

  ---

  Box 1: User Administrator for the MarketingAU User1 must be able to create user accounts.

  User Administrator

  Can manage all aspects of users and groups, including resetting passwords for limited admins.

  Create users

  Etc.

  Roles that can be assigned with administrative unit scope

  The following Azure AD roles can be assigned with administrative unit scope.

  * Helpdesk Administrator

  * User Administrator

  * Etc.

  Box 2: Helpdesk Administrator for the MarketingAU User2 must be able to reset user passwords.

  Helpdesk Administrator

  Can reset passwords for non-administrators and Helpdesk Administrators.

  Administrative units restrict permissions in a role to any portion of your organization that you define. You could, for example, use administrative units to delegate the Helpdesk Administrator role to regional support specialists, so they can manage users only in the region that they support.

  References:

  https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-referencehttps://learn.microsoft.com/en-us/azure/active-directory/roles/admin-units-assign-roles

• Question 220:

  You need to design a solution that will execute custom C# code in response to an event routed to Azure Event Grid. The solution must meet the following requirements:

  1. The executed code must be able to access the private IP address of a Microsoft SQL Server instance that runs on an Azure virtual machine.

  2. Costs must be minimized.

  What should you include in the solution?

  A. Azure Logic Apps in the integrated service environment
  B. Azure Functions in the Dedicated plan and the Basic Azure App Service plan
  C. Azure Logic Apps in the Consumption plan
  D. Azure Functions in the Consumption plan
  D. Azure Functions in the Consumption plan

  ---

  Explanation

  When you create a function app in Azure, you must choose a hosting plan for your app. There are three basic hosting plans available for Azure Functions: Consumption plan, Premium plan, and Dedicated (App Service) plan.

  For the Consumption plan, you don't have to pay for idle VMs or reserve capacity in advance.

  Connect to private endpoints with Azure Functions As enterprises continue to adopt serverless (and Platform-as-a-Service, or PaaS) solutions, they often need a way to integrate with existing resources on a virtual network. These existing resources could be databases, file storage, message queues or event streams, or REST APIs.

  References:

  https://docs.microsoft.com/en-us/azure/azure-functions/functions-scalehttps://techcommunity.microsoft.com/t5/azure-functions/connect-to-private-endpoints-with-azure-functions/ba-p/1426615https://docs.microsoft.com/en-us/azure/azure-functions/functions-scale#hosting-plans-comparison