Microsoft AZ-305 Online Practice Questions and Exam Preparation

Microsoft AZ-305 Online Questions & Answers

• Question 291:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have an app named App1 that uses data from two on-premises Microsoft SQL Server databases named DB1 and DB2.

  You plan to move DB1 and DB2 to Azure.

  You need to implement Azure services to host DB1 and DB2. The solution must support server-side transactions across DB1 and DB2.

  Solution: You deploy DB1 and DB2 as Azure SQL databases on the same Azure SQL Database server.

  Does this meet the goal?

  A. Yes
  B. No
  B. No

  ---

  Explanation

  Instead deploy DB1 and DB2 to SQL Server on an Azure virtual machine.

  Note: Understanding distributed transactions.

  When both the database management system and client are under the same ownership (e.g. when SQL Server is deployed to a virtual machine), transactions are available and the lock duration can be controlled.

  References:

  https://docs.particular.net/nservicebus/azure/understanding-transactionality-in-azure

• Question 292:

  DRAG DROP

  Your on-premises network contains a server named Server1 that runs an ASP.NET application named App1.

  You have a hybrid deployment of Azure Active Directory (Azure AD). You need to recommend a solution to ensure that users sign in by using their Azure AD account and Azure Multi-Factor Authentication (MFA) when they connect to App1 from the internet.

  Which three Azure services should you recommend be deployed and configured in sequence?

  To answer, move the appropriate services from the list of services to the answer area and arrange them in the correct order.

  Select and Place:

  

  

• Question 293:

  You have an Azure subscription that contains the resources shown in the following table.

  

  You create peering between VNet1 and VNet2 and between VNet1 and VNet3.

  The virtual machines host an HTTPS-based client/server application and are accessible only via the private IP address of each virtual machine.

  You need to implement a load balancing solution for VM2 and VM3. The solution must ensure that if VM2 fails, requests will be routed automatically to VM3, and if VM3 fails, requests will be routed automatically to VM2.

  What should you include in the solution?

  A. Azure Firewall Premium
  B. Azure Application Gateway v2
  C. a cross-region load balancer
  D. Azure Front Door Premium
  D. Azure Front Door Premium

  ---

  Explanation

  References:

  https://learn.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview

• Question 294:

  HOTSPOT

  You have an Azure App Service web app that uses a system-assigned managed identity.

  You need to recommend a solution to store their settings of the web app as secrets in an Azure key vault.

  The solution must meet the following requirements:

  1. Minimize changes to the app code,

  2. Use the principle of least privilege.

  What should you include in the recommendation? To answer, select the appropriate options in the answer area.

  

  

  ---

  Box 1: Key Vault references in Application settings Source Application Settings from Key Vault.

  Key Vault references can be used as values for Application Settings, allowing you to keep secrets in Key Vault instead of the site config. Application Settings are securely encrypted at rest, but if you need secret management capabilities, they should go into Key Vault.

  To use a Key Vault reference for an app setting, set the reference as the value of the setting. Your app can reference the secret through its key as normal. No code changes are required.

  Box 2:

  Secrets: Get

  In order to read secrets from Key Vault, you need to have a vault created and give your app permission to access it.

  1. Create a key vault by following the Key Vault quickstart.

  2. Create a managed identity for your application.

  3. Key Vault references will use the app's system assigned identity by default, but you can specify a user-assigned identity.

  4. Create an access policy in Key Vault for the application identity you created earlier. Enable the "Get" secret permission on this policy.

  References:

  https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-referenceshttps://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references

• Question 295:

  You have an on-premises Microsoft SQL Server 2016 database named DB1.

  You have an Azure subscription.

  You need to migrate DB1 to an Azure SQL database by using the Azure SQL Migration extension for Azure Data Studio.

  What should you do first?

  A. Configure a Site-to-Site (S2S) VPN connection.
  B. Define the schema for the Azure SQL database.
  C. Create a user-assigned managed identity.
  D. Upgrade DB1.
  A. Configure a Site-to-Site (S2S) VPN connection.

• Question 296:

  You have an app named App1 that uses an on-premises Microsoft SQL Server database named DB1.

  You plan to migrate DB1 to an Azure SQL managed instance.

  You need to enable customer-managed Transparent Data Encryption (TDE) for the instance. The solution must maximize encryption strength.

  Which type of encryption algorithm and key length should you use for the TDE protector?

  A. AES256
  B. RSA4096
  C. RSA2048
  D. RSA3072
  D. RSA3072

• Question 297:

  HOTSPOT

  You have an Azure subscription that is linked to an Azure Active Directory Premium Plan 2 tenant.

  The tenant has multi-factor authentication (MFA) enabled for all users.

  You have the named locations shown in the following table.

  

  You have the users shown in the following table.

  

  You plan to deploy the Conditional Access policies shown in the following table.

  

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  

  

• Question 298:

  You have to deploy an Azure SQL database named db1 for your company. The databases must meet the following security requirements.

  When IT help desk supervisors query a database table named customers, they must be able to see the full number of each credit card.

  When IT help desk operators query a database table named customers, they must only see the last four digits of each credit card number.

  A column named Credit Card rating in the customers table must never appear in plain text in the database system.

  Only client applications must be able to decrypt the information that is stored in this column Which of the following can be implemented for the Credit Card rating column security requirement?

  A. Always Encrypted
  B. Azure Advanced Threat Protection
  C. Transparent Data Encryption
  D. Dynamic Data Masking
  A. Always Encrypted

  ---

  Explanation

  https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine?view=sql-server-ver15

• Question 299:

  HOTSPOT

  You have an Azure subscription that contains the resources shown in the following table.

  

  You need to recommend an authorization mechanism for controlling access to blob1. The solution must ensure that access to blob1 can be configured without affecting the other resources in storage1.

  What should you recommend? To answer, select the appropriate options in the answer area.

  

  

  ---

  Box 1: A stored access policy and a service shared access signature (SAS)

  A stored access policy provides an additional level of control over service-level shared access signatures (SAS) on the server side. Establishing a stored access policy serves to group shared access signatures and to provide additional restrictions for signatures that are bound by the policy.

  The following storage resources support stored access policies:

  1. Blob containers

  2. File shares

  3. Queues

  4.

  Tables Box 2: Modify the stored access signature (SAS)

  You can use a stored access policy to change the start time, expiry time, or permissions for a signature, or to revoke it after it has been issued.

  References:

  https://docs.microsoft.com/en-us/rest/api/storageservices/define-stored-access-policy

• Question 300:

  You are designing an application that will aggregate content for users.

  You need to recommend a database solution for the application. The solution must meet the following requirements:

  1. Support SQL commands.

  2. Support multi-master writes.

  3. Guarantee low latency read operations.

  What should you include in the recommendation?

  A. Azure Cosmos DB SQL API
  B. Azure SQL Database that uses active geo-replication
  C. Azure SQL Database Hyperscale
  D. Azure Database for PostgreSQL
  A. Azure Cosmos DB SQL API

  ---

  Explanation

  With Cosmos DB's novel multi-region (multi-master) writes replication protocol, every region supports both writes and reads. The multi-region writes capability also enables:

  1. Unlimited elastic write and read scalability.

  2. 99.999% read and write availability all around the world.

  3. Guaranteed reads and writes served in less than 10 milliseconds at the 99th percentile.

  References:

  https://docs.microsoft.com/en-us/azure/cosmos-db/distribute-data-globally