AZ-305 V1

HOTSPOT

You plan to deploy an Azure web app named Appl that will use Azure Active Directory (Azure AD) authentication.

App1 will be accessed from the internet by the users at your company. All the users have computers that run Windows 10 and are joined to Azure AD.

You need to recommend a solution to ensure that the users can connect to App1 without being prompted for authentication and can access App1 only from company-owned computers.

What should you recommend for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

View Answer

Answer:

Explanation:

Graphical user interface, text, application, chat or text message

Description automatically generated

Box 1: An Azure AD app registration

Azure active directory (AD) provides cloud based directory and identity management services. You can use azure AD to manage users of your application and authenticate access to your applications using azure active directory.

You register your application with Azure active directory tenant.

Box 2: A conditional access policy

Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action.

By using Conditional Access policies, you can apply the right access controls when needed to keep your organization secure and stay out of your user’s way when not needed.

Timeline

Description automatically generated

HOTSPOT

You have an on-premises file server that stores 2 TB of data files.

You plan to move the data files to Azure Blob Storage In the West Europe Azure region,

You need to recommend a storage account type to store the data files and a replication solution for the storage account.

The solution must meet the following requirements:

• Be available if a single Azure datacenter fails.

• Support storage tiers.

• Minimize cost.

What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

View Answer

Answer:

Explanation:

Account Type: StorageV2

Replication solution: Zone-redundant storage (ZRS)

https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy

https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy#supported-azure-storage-services

https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview#types-of-storage-accounts

Data must be available if a single Azure datacenter fails. It means the storage account must support ZRS replication. Also, solution should support storage tiers. Only General-purpose V2 supports ZRS and storage tiers. https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers

HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.

You create an Azure SQL database named DB1 that is hosted in the East US region.

To DB1, you add a diagnostic setting named Settings1. Settings1 archives SQLInsights to storage1 and sends SQLInsights to Workspace1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selections is worth one point.

View Answer

Answer:

Explanation:

Box 1: Yes

Box 2: Yes

Box 3: Yes

For more information on Azure SQL diagnostics, you can visit the below link https://docs.microsoft.com/en-us/azure/azure-sql/database/metrics-diagnostic-telemetry-logging-streaming-export-configure

HOTSPOT

You plan to migrate App1 to Azure.

You need to recommend a storage solution for App1 that meets the security and compliance requirements.

Which type of storage should you recommend, and how should you recommend configuring the storage? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

View Answer

Answer:

Explanation:

Text, table

Description automatically generated

Box 1: Standard general-purpose v2

Standard general-purpose v2 supports Blob Storage.

Azure Storage provides data protection for Blob Storage and Azure Data Lake Storage Gen2.

Scenario:

Litware identifies the following security and compliance requirements:

✑ Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.

✑ On-premises users and services must be able to access the Azure Storage account that will host the data in App1.

✑ Access to the public endpoint of the Azure Storage account that will host the App1 data must be prevented.

✑ All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.

✑ App1 must NOT share physical hardware with other workloads.

Box 2: NFSv3

Scenario: Plan: Migrate App1 to Azure virtual machines.

Blob storage now supports the Network File System (NFS) 3.0 protocol. This support provides Linux file system compatibility at object storage scale and prices and enables Linux clients to mount a container in Blob storage from an Azure Virtual Machine (VM) or a computer on-premises.

CORRECT TEXT

You need to recommend a solution that meets the data requirements for App1.

What should you recommend deploying to each availability zone that contains an instance of App1?
A . an Azure Cosmos DB that uses multi-region writes
B . an Azure Storage account that uses geo-zone-redundant storage (GZRS)
C . an Azure Data Lake store that uses geo-zone-redundant storage (GZRS)
D . an Azure SQL database that uses active geo-replication

View Answer

Answer: A

Explanation:

Scenario: App1 has the following data requirements:

✑ Each instance will write data to a data store in the same availability zone as the instance.

✑ Data written by any App1 instance must be visible to all App1 instances.

Azure Cosmos DB: Each partition across all the regions is replicated. Each region contains all the data partitions of an Azure Cosmos container and can serve reads as well as serve writes when multi-region writes is enabled.

HOTSPOT

You plan to migrate App1 to Azure.

You need to estimate the compute costs for App1 in Azure. The solution must meet the security and compliance requirements.

What should you use to estimate the costs, and what should you implement to minimize the costs? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

View Answer

Answer:

Explanation:

Text

Description automatically generated

Box 1: The Azure Total Cost of Ownership (TCO) Calculator

The Total Cost of Ownership (TCO) Calculator estimates the cost savings you can realize by migrating your workloads to Azure.

Note: The TCO Calculator recommends a set of equivalent services in Azure that will support your applications. Our analysis will show each cost area with an estimate of your on-premises spend versus your spend in Azure. There are several cost categories that either decrease or go away completely when you move workloads to the cloud.

Box 2: Azure Hybrid Benefit

Azure Hybrid Benefit is a licensing benefit that helps you to significantly reduce the costs of running your workloads in the cloud. It works by letting you use your on-premises Software Assurance-enabled Windows Server and SQL Server licenses on Azure. And now, this benefit applies to RedHat and SUSE Linux subscriptions, too.

Scenario:

Litware identifies the following security and compliance requirements:

✑ Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.

✑ On-premises users and services must be able to access the Azure Storage account that will host the data in App1.

✑ Access to the public endpoint of the Azure Storage account that will host the App1 data must be prevented.

✑ All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.

✑ App1 must not share physical hardware with other workloads.

HOTSPOT

You have an Azure subscription that contains 300 Azure virtual machines that run Windows Server 2016.

You need to centrally monitor all warning events in the System logs of the virtual machines.

What should you include in the solutions? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

View Answer

Answer:

Explanation:

Graphical user interface, text, application, email

Description automatically generated

References:

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows

You are designing an Azure solution.

The network traffic for the solution must be securely distributed by providing the following features:

✑ HTTPS protocol

✑ Round robin routing

✑ SSL offloading

You need to recommend a load balancing option.

What should you recommend?
A . Azure Load Balancer
B . Azure Traffic Manager
C . Azure Internal Load Balancer (ILB)
D . Azure Application Gateway

View Answer

Answer: D

Explanation:

If you are looking for Transport Layer Security (TLS) protocol termination ("SSL offload") or per-HTTP/HTTPS

request, application-layer processing, review Application Gateway.

Application Gateway is a layer 7 load balancer, which means it works only with web traffic (HTTP, HTTPS, WebSocket, and HTTP/2). It supports capabilities such as SSL termination, cookie-based session affinity, and round robin for load-balancing traffic. Load Balancer load-balances traffic at layer 4 (TCP or UDP).

References: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-faq

You have an Azure subscription that contains a storage account.

An application sometimes writes duplicate files to the storage account.

You have a PowerShell script that identifies and deletes duplicate files in the storage account. Currently, the script is run manually after approval from the operations manager.

You need to recommend a serverless solution that performs the following actions:

✑ Runs the script once an hour to identify whether duplicate files exist

✑ Sends an email notification to the operations manager requesting approval to delete the duplicate files

✑ Processes an email response from the operations manager specifying whether the deletion was approved

✑ Runs the script if the deletion was approved

What should you include in the recommendation?
A . Azure Logic Apps and Azure Functions
B . Azure Pipelines and Azure Service Fabric
C . Azure Logic Apps and Azure Event Grid
D . Azure Functions and Azure Batch

View Answer

Answer: A

Explanation:

You can schedule a powershell script with Azure Logic Apps.

When you want to run code that performs a specific job in your logic apps, you can create your own function by using Azure Functions. This service helps you create Node.js, C#, and F# functions so you don’t have to build a complete app or infrastructure to run code. You can also call logic apps from inside Azure functions. Azure Functions provides serverless computing in the cloud and is useful for performing tasks such as these examples:

Reference: https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-azure-functions

Your company has an Azure Web App that runs via the Premium App Service Plan. A development team will be using the Azure Web App. You have to configure the Azure Web app so that it can fulfil the below requirements.

Provide the ability to switch the web app from the current version to a newer version

Provide developers with the ability to test newer versions of the application before the switch to the newer version occurs

Ensure that the application version can be rolled back

Minimize downtime

Which of the following can be used for this requirement?
A . Create a new App Service Plan
B . Make use of deployment slots
C . Map a custom domain
D . Backup the Azure Web App

View Answer

Answer: B