Microsoft Microsoft Azure AZ-305 Questions & Answers

• Question 41:

  HOTSPOT

  You have an Azure Active Directory (Azure AD) tenant.

  You plan to use Azure Monitor to monitor user sign-ins and generate alerts based on specific user sign-in events.

  You need to recommend a solution to trigger the alerts based on the events.

  What should you include in the recommendation? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 42:

  HOTSPOT

  Your company deploys an Azure App Service Web App.

  During testing the application fails under load. The application cannot handle more than 100 concurrent user sessions. You enable the Always On feature. You also configure auto- scaling to increase counts from two to 10 based on HTTP

  queue length.

  You need to improve the performance of the application.

  Which solution should you use for each application scenario? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Graphical user interface, text

  Description automatically generated with medium confidence

  Box 1: Content Delivery Network A content delivery network (CDN) is a distributed network of servers that can efficiently deliver web content to users. CDNs store cached content on edge servers in point-of- presence (POP) locations that are close to end users, to minimize latency.

  Azure Content Delivery Network (CDN) offers developers a global solution for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world. Azure CDN can also accelerate dynamic content, which cannot be cached, by leveraging various network optimizations using CDN POPs. For example, route optimization to bypass Border Gateway Protocol (BGP).

  Box 2: Azure Redis Cache Azure Cache for Redis is based on the popular software Redis. It is typically used as a cache to improve the performance and scalability of systems that rely heavily on backend data-stores. Performance is improved by temporarily copying frequently accessed data to fast storage located close to the application. With Azure Cache for Redis, this fast storage is located in-memory with Azure Cache for Redis instead of being loaded from disk by a database.

  References: https://docs.microsoft.com/en-us/azure/azure-cache-for-redis/cache-overview

• Question 43:

  HOTSPOT

  You have an Azure subscription that is linked to an Azure Active Directory Premium Plan 2 tenant The tenant has multi-factor authentication (MFA) enabled for all users.

  You have the named locations shown in the following table.

  

  You have the users shown in the following table.

  

  You plan to deploy the Conditional Access policies shown in the following table.

  

  For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 44:

  HOTSPOT

  Your company deploys several Linux and Windows virtual machines (VMs) to Azure. The VMs are deployed with the Microsoft Dependency Agent and the Microsoft Monitoring Agent installed by using Azure VM extensions. On-premises connectivity has been enabled by using Azure ExpressRoute.

  You need to design a solution to monitor the VMs.

  Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Explanation:

  Box 1: Azure Network Watcher

  Traffic Analytics is a cloud-based solution that provides visibility into user and application activity in cloud networks. Traffic analytics analyzes Network Watcher network security group (NSG) flow logs to provide insights into traffic flow in your

  Azure cloud. With traffic analytics, you can:

  Identify security threats to, and secure your network, with information such as open-ports, applications attempting internet access, and virtual machines (VM) connecting to rogue networks.

  Visualize network activity across your Azure subscriptions and identify hot spots.

  Understand traffic flow patterns across Azure regions and the internet to optimize your network deployment for performance and capacity.

  Pinpoint network misconfigurations leading to failed connections in your network.

  Box 2: Azure Service Map

  Service Map automatically discovers application components on Windows and Linux systems and maps the communication between services. With Service Map, you can view your servers in the way that you think of them: as interconnected

  systems that deliver critical services. Service Map shows connections between servers, processes, inbound and outbound connection latency, and ports across any TCP-connected architecture, with no configuration required other than the

  installation of an agent.

  Reference:

  https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics

  https://docs.microsoft.com/en-us/azure/azure-monitor/insights/service-map

• Question 45:

  HOTSPOT

  You have an Azure Load Balancer named LB1 that balances requests to five Azure virtual machines.

  You need to develop a monitoring solution for LB1. The solution must generate an alert when any of the following conditions are met:

  A virtual machine is unavailable.

  Connection attempts exceed 50,000 per minute.

  Which signal should you include in the solution for each condition? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Explanation:

  Box 1: Data path availability

  Standard Load Balancer continuously exercises the data path from within a region to the load balancer front end, all the way to the SDN stack that supports your VM. As long as healthy instances remain, the measurement follows the same

  path as your application's load-balanced traffic. The data path that your customers use is also validated. The measurement is invisible to your application and does not interfere with other operations.

  Note: Load balancer distributes inbound flows that arrive at the load balancer's front end to backend pool instances. These flows are according to configured load-balancing rules and health probes. The backend pool instances can be Azure

  Virtual Machines or instances in a virtual machine scale set.

  Box 2: SYN count

  SYN (synchronize) count: Standard Load Balancer does not terminate Transmission Control Protocol (TCP) connections or interact with TCP or UDP packet flows. Flows and their handshakes are always between the source and the VM

  instance. To better troubleshoot your TCP protocol scenarios, you can make use of SYN packets counters to understand how many TCP connection attempts are made. The metric reports the number of TCP SYN packets that were received.

  Incorrect Answers:

  Health probe status: Standard Load Balancer uses a distributed health-probing service that monitors your application endpoint's health according to your configuration settings. This metric provides an aggregate or per-endpoint filtered view of

  each instance endpoint in the load balancer pool. You can see how Load Balancer views the health of your application, as indicated by your health probe configuration.

  Packet count: Standard Load Balancer reports the packets processed per front end.

  Byte Count: Standard Load Balancer reports the data processed per front end. You may notice that the bytes are not distributed equally across the backend instances. This is expected as Azure's Load Balancer algorithm is based on flows

  Reference:

  https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-diagnostics

• Question 46:

  HOTSPOT

  You plan to migrate on-premises Microsoft SQL Server databases to Azure.

  You need to recommend a deployment and resiliency solution that meets the following requirements:

  Supports user-initiated backups

  Supports multiple automatically replicated instances across Azure regions

  Minimizes administrative effort to implement and maintain business continuity

  What should you recommend? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Explanation:

  Box 1: An Azure SQL Database single database.

  SQL Server Managed instance versus SQL Server Virtual Machines

  Active geo-replication is not supported by Azure SQL Managed Instance.

  Box 2: Active geo-replication

  Active geo-replication is a feature that lets you to create a continuously synchronized readable secondary database for a primary database. The readable secondary database may be in the same Azure region as the primary, or, more

  commonly, in a different region. This kind of readable secondary databases are also known as geo-secondaries, or geo-replicas.

  Incorrect Answers:

  A Zone-redundant deployment is within a single region.

  Auto-failover groups support geo-replication of all databases in the group to only one secondary server or instance in a different region. If you need to create multiple Azure SQL Database geo-secondary replicas (in the same or different

  regions) for the same primary replica, use active geo-replication.

  Reference:

  https://docs.microsoft.com/en-us/azure/azure-sql/database/active-geo-replication-overview

• Question 47:

  HOTSPOT

  You have an Azure subscription named Subscription1 that is linked to a hybrid Azure Active Directory (Azure AD) tenant.

  You have an on-premises datacenter that does NOT have a VPN connection to Subscription1. The datacenter contains a computer named Server1 that has Microsoft SQL Server 2016 installed. Server1 is prevented from accessing the

  internet.

  An Azure logic app named LogicApp1 requires write access to a database on Server1.

  You need to recommend a solution to provide LogicApp1 with the ability to access Server1.

  What should you recommend deploying on-premises and in Azure? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Box 1: An on-premises data gateway

  For logic apps in global, multi-tenant Azure that connect to on-premises SQL Server, you need to have the on-premises data gateway installed on a local computer and a data gateway resource that's already created in Azure.

  Box 2: A connection gateway resource

  Reference:

  https://docs.microsoft.com/en-us/azure/connectors/connectors-create-api-sqlazure

• Question 48:

  HOTSPOT

  You need to implement the Azure RBAC role assignment. The solution must meet the authentication and authorization requirements.

  How many assignment should you configure for the Network Contributor role for Role1? To answer, select appropriate in the answer area.

  Hot Area:

  

  Correct Answer:

  

• Question 49:

  HOTSPOT

  You are designing an Azure web app.

  You plan to deploy the web app to the North Europe Azure region and the West Europe Azure region.

  You need to recommend a solution for the web app. The solution must meet the following requirements:

  1.

  Users must always access the web app from the North Europe region, unless the region fails.

  2.

  The web app must be available to users if an Azure region is unavailable.

  3.

  Deployment costs must be minimized.

  What should you include in the recommendation? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 50:

  HOTSPOT

  You are designing a software as a service (SaaS) application that will enable Azure Active Directory (Azure AD) users to create and publish online surveys. The SaaS application will have a front-end web app and a back-end web API. The web app will rely on the web API to handle updates to customer surveys.

  You need to design an authorization flow for the SaaS application. The solution must meet the following requirements:

  1.

  To access the back-end web API, the web app must authenticate by using OAuth 2 bearer tokens.

  2.

  The web app must authenticate by using the identities of individual users.

  What should you include in the solution? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Reference: https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-dotnet-webapi