AZ-301 Microsoft Azure Architect Design exam is a hot Microsoft certification exam, Exam4Training offers you the latest free online AZ-301 dumps to practice. You can get online training in the following questions, all these questions are verified by Microsoft experts. If this exam changed, we will share new update questions.
You plan to configure the Diagnostics settings on the databases as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
In the exhibit, the SQL Insights data is configured to be stored in Azure Log Analytics for 90 days.
However, the question is asking for the “maximum” amount of time that the data can be stored which is 730 days.
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains several administrative user accounts.
You need to recommend a solution to identify which administrative user accounts have NOT signed in during the previous 30 days.
Which service should you include in the recommendation? A . Azure AD Identity Protection B . Azure Activity Log C . Azure Advisor D . Azure AD Privileged Identity Management (PIM)
You need to design a solution for securing access to the historical transaction data.
What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You deploy Azure service by using Azure Resources Manager templates. The template reference secrets are stored in Azure key Vault.
You need to recommend a solution for accessing the secrets during deployments.
The solution must prevent the users who are performing the deployments from accessing the secrets in the key vault directly.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: An advanced access policy for the key vaults
Note: This question is a part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains a group named Group1. Group1 contains all the administrative user accounts.
You discover several login attempts to the Azure portal from countries where administrative users do NOT
work.
You need to ensure that all login attempts to the Azure portal from those countries require Azure Multi-Factor Authentication (MFA).
Your company has the offices shown in the following table.
The network contains an Active Directory domain named contoso.com that is synced to Azure Active Directory (Azure AD).
All users connect to an application hosted in Microsoft 365. You need to recommend a solution to ensure that all the users use Azure Multi-Factor Authentication (MFA) to connect to the application from one of the offices.
What should you include in the recommendation? A . a named location and two Microsoft Cloud App Security policies B . a conditional access policy and two virtual networks C . a virtual network and two Microsoft Cloud App Security policies D . a conditional access policy and two named locations
You have an Azure subscription that contains several resource groups, including a resource group named RG1. RG1 contains several business-critical resources.
A user named admin1 is assigned the Owner role to the subscription.
You need to prevent admin1 from modifying the resources in RG1. The solution must ensure that admin1 can manage the resources in the other resource groups.
What should you use? A . a management group B . an Azure policy C . a custom role D . an Azure blueprint
Answer: C
Explanation:
Role-based access control (RBAC) focuses on user actions at different scopes. You might be added to the contributor role for a resource group, allowing you to make changes to that resource group.
Incorrect Answers:
A: If your organization has many subscriptions, you may need a way to efficiently manage access, policies, and compliance for those subscriptions. Azure management groups provide a level of scope above subscriptions.
B: There are a few key differences between Azure Policy and role-based access control (RBAC). Azure Policy focuses on resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources. Unlike RBAC, Azure Policy is a default allow and explicit deny system.
D: Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements.
You have an Azure App Service Web App that includes Azure Blob storage and an Azure SQL Database instance. The application is instrumented by using the Application Insights SDK.
You need to design a monitoring solution for the web app.
Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Note: You can select Logs from either the Azure Monitor menu or the Log Analytics workspaces menu.
Note: This question is a part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Install and configure the Microsoft Monitoring Agent and the Dependency Agent on all VMs. Use the Wire Data solution in Azure Monitor to analyze the network traffic.
Does the solution meet the goal? A . Yes B . No
Answer: B
Explanation:
Instead use Azure Network Watcher to run IP flow verify to analyze the network traffic.
Note: Wire Data looks at network data at the application level, not down at the TCP transport layer. The solution doesn’t look at individual ACKs and SYNs.
You have an on-premises Active Directory forest and an Azure Active Directory (Azure AD) tenant. All Azure AD users are assigned a Premium P1 license.
You deploy Azure AD Connect.
Which two features are available in this environment that can reduce operational overhead for your company’s help desk? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A . Azure AD Privileged Identity Management policies B . access reviews C . self-service password reset D . Microsoft Cloud App Security Conditional Access App Control E . password writeback
