Top Preguntas de examen AZ-305 para lograr Microsoft Certified: Azure Solutions Architect Expert Certification

1. You plan to migrate App1 to Azure. The solution must meet the authentication and authorization requirements.

Which type of endpoint should App1 use to obtain an access token?

2. 1.Topic 1, Litware, Inc



Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.



To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.



At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.



To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.



Overview. General Overview

Litware, Inc. is a medium-sized finance company.



Overview. Physical Locations

Litware has a main office in Boston.



Existing Environment. Identity Environment

The network contains an Active Directory forest named Litware.com that is linked to an Azure Active Directory (Azure AD) tenant named Litware.com. All users have Azure Active Directory Premium P2 licenses.



Litware has a second Azure AD tenant named dev.Litware.com that is used as a development environment.



The Litware.com tenant has a conditional acess policy named capolicy1. Capolicy1 requires that when users manage the Azure subscription for a production environment by

using the Azure portal, they must connect from a hybrid Azure AD-joined device.



Existing Environment. Azure Environment

Litware has 10 Azure subscriptions that are linked to the Litware.com tenant and five Azure subscriptions that are linked to the dev.Litware.com tenant. All the subscriptions are in an Enterprise Agreement (EA).



The Litware.com tenant contains a custom Azure role-based access control (Azure RBAC) role named Role1 that grants the DataActions read permission to the blobs and files in Azure Storage.



Existing Environment. On-premises Environment

The on-premises network of Litware contains the resources shown in the following table.







Existing Environment. Network Environment

Litware has ExpressRoute connectivity to Azure.



Planned Changes and Requirements. Planned Changes

Litware plans to implement the following changes:

✑ Migrate DB1 and DB2 to Azure.

✑ Migrate App1 to Azure virtual machines.

✑ Deploy the Azure virtual machines that will host App1 to Azure dedicated hosts.



Planned Changes and Requirements. Authentication and Authorization Requirements



Litware identifies the following authentication and authorization requirements:

✑ Users that manage the production environment by using the Azure portal must connect from a hybrid Azure AD-joined device and authenticate by using Azure Multi-Factor Authentication (MFA).

✑ The Network Contributor built-in RBAC role must be used to grant permission to all the virtual networks in all the Azure subscriptions.

✑ To access the resources in Azure, App1 must use the managed identity of the virtual machines that will host the app.

✑ Role1 must be used to assign permissions to the storage accounts of all the Azure subscriptions.

✑ RBAC roles must be applied at the highest level possible.



Planned Changes and Requirements. Resiliency Requirements

Litware identifies the following resiliency requirements:

✑ Once migrated to Azure, DB1 and DB2 must meet the following requirements:

- Maintain availability if two availability zones in the local Azure region fail.

- Fail over automatically.

- Minimize I/O latency.



✑ App1 must meet the following requirements:

- Be hosted in an Azure region that supports availability zones.

- Be hosted on Azure virtual machines that support automatic scaling.

- Maintain availability if two availability zones in the local Azure region fail.



Planned Changes and Requirements. Security and Compliance Requirements

Litware identifies the following security and compliance requirements:

✑ Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.

✑ On-premises users and services must be able to access the Azure Storage account that will host the data in App1.

✑ Access to the public endpoint of the Azure Storage account that will host the App1 data must be prevented.

✑ All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.

✑ App1 must not share physical hardware with other workloads.



Planned Changes and Requirements. Business Requirements

Litware identifies the following business requirements:

✑ Minimize administrative effort.

✑ Minimize costs.



HOTSPOT

You need to ensure that users managing the production environment are registered for Azure MFA and must authenticate by using Azure MFA when they sign in to the Azure portal. The solution must meet the authentication and authorization requirements.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

3. HOTSPOT

You design a solution for the web tier of WebApp1 as shown in the exhibit.





For each of the following statements, select Yes if the statement is true. Otherwise, select No.

4. HOTSPOT

You plan to migrate App1 to Azure.

You need to estimate the compute costs for App1 in Azure. The solution must meet the security and compliance requirements.

What should you use to estimate the costs, and what should you implement to minimize the costs? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

5. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.

Several VMs are exhibiting network connectivity issues.

You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.

Solution: Use Azure Network Watcher to run IP flow verify to analyze the network traffic

Does the solution meet the goal?

6. You migrate App1 to Azure. You need to ensure that the data storage for App1 meets the security and compliance requirement

What should you do?

7. You are designing a microservices architecture that will support a web application.

The solution must meet the following requirements:

✑ Allow independent upgrades to each microservice

✑ Deploy the solution on-premises and to Azure

✑ Set policies for performing automatic repairs to the microservices

✑ Support low-latency and hyper-scale operations

You need to recommend a technology.

What should you recommend?

8. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant.

You plan to use Azure Monitor to monitor user sign-ins and generate alerts based on specific user sign-in events.

You need to recommend a solution to trigger the alerts based on the events.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

9. You are developing a sales application that will contain several Azure cloud services and will handle different components of a transaction. Different cloud services will process customer orders, billing, payment, inventory, and shipping.

You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using REST messages.

What should you include in the recommendation?

10. HOTSPOT

Your company deploys an Azure App Service Web App.

During testing the application fails under load. The application cannot handle more than 100 concurrent user sessions. You enable the Always On feature. You also configure auto-scaling to increase counts from two to 10 based on HTTP queue length.

You need to improve the performance of the application.

Which solution should you use for each application scenario? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

11. Topic 2, Fabrikam, inc Case Study A



Overview:

Existing Environment

Fabrikam, Inc. is an engineering company that has offices throughout Europe. The company has a main office in London and three branch offices in Amsterdam Berlin, and Rome.



Active Directory Environment:

The network contains two Active Directory forests named corp.fabnkam.com and rd.fabrikam.com. There are no trust relationships between the forests. Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication. Rd.fabrikam.com is used by the research and development (R&D) department only. The R&D department is restricted to using on-premises resources only.



Network Infrastructure:

Each office contains at least one domain controller from the corp.fabrikam.com domain.

The main office contains all the domain controllers for the rd.fabrikam.com forest.

All the offices have a high-speed connection to the Internet.

An existing application named WebApp1 is hosted in the data center of the London office. WebApp1 is used by customers to place and track orders. WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.

The IT department currently uses a separate Hyper-V environment to test updates to WebApp1.

Fabrikam purchases all Microsoft licenses through a Microsoft Enterprise Agreement that includes Software Assurance.



Problem Statement:

The use of Web App1 is unpredictable. At peak times, users often report delays. At other times, many resources for WebApp1 are underutilized.



Requirements:

Planned Changes:

Fabrikam plans to move most of its production workloads to Azure during the next few years.

As one of its first projects, the company plans to establish a hybrid identity model, facilitating an upcoming Microsoft Office 365 deployment All R&D operations will remain on-premises.

Fabrikam plans to migrate the production and test instances of WebApp1 to Azure.



Technical Requirements:

Fabrikam identifies the following technical requirements:

• Web site content must be easily updated from a single point.

• User input must be minimized when provisioning new app instances.

• Whenever possible, existing on premises licenses must be used to reduce cost.

• Users must always authenticate by using their corp.fabrikam.com UPN identity.

• Any new deployments to Azure must be redundant in case an Azure region fails.

• Whenever possible, solutions must be deployed to Azure by using platform as a service (PaaS).

• An email distribution group named IT Support must be notified of any issues relating to the directory synchronization services.

• Directory synchronization between Azure Active Directory (Azure AD) and corp.fabhkam.com must not be affected by a link failure between Azure and the on premises network.



Database Requirements:

Fabrikam identifies the following database requirements:

• Database metrics for the production instance of WebApp1 must be available for analysis so that database administrators can optimize the performance settings.

• To avoid disrupting customer access, database downtime must be minimized when databases are migrated.

• Database backups must be retained for a minimum of seven years to meet compliance requirement



Security Requirements:

Fabrikam identifies the following security requirements:

* Company information including policies, templates, and data must be inaccessible to anyone outside the company

* Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.

* Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials.

* All administrative access to the Azure portal must be secured by using multi-factor authentication.

* The testing of WebApp1 updates must not be visible to anyone outside the company.



You need to recommend a strategy for the web tier of WebApp1. The solution must minimize What should you recommend?

12. You architect a solution that calculates 3D geometry from height-map data.

You have the following requirements:

Perform calculations in Azure.

Each node must communicate data to every other node.

Maximize the number of nodes to calculate multiple scenes as fast as possible.

Require the least amount of effort to implement.

You need to recommend a solution.

Which two actions should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

13. You are planning an Azure IoT Hub solution that will include 50,000 IoT devices.

Each device will stream data, including temperature, device ID, and time data. Approximately 50,000 records will be written every second. The data will be visualized in near real time.

You need to recommend a service to store and query the data.

Which two services can you recommend? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

14. HOTSPOT

You plan to migrate App1 to Azure.

You need to recommend a high-availability solution for App1. The solution must meet the resiliency requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

15. DRAG DROP

A company has an existing web application that runs on virtual machines (VMs) in Azure.

You need to ensure that the application is protected from SQL injection attempts and uses a layer-7 load balancer. The solution must minimize disruption to the code for the existing web application.

What should you recommend? To answer, drag the appropriate values to the correct items. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

16. You need to recommend a solution to meet the database retention requirement .

What should you recommend?

17. You need to deploy resources to host a stateless web app in an Azure subscription.

The solution must meet the following requirements:

• Provide access to the full .NET framework.

• Provide redundancy if an Azure region fails.

• Grant administrators access to the operating system to install custom application dependencies.

Solution: You deploy an Azure virtual machine to two Azure regions, and you deploy an Azure Application Gateway.

Does this meet the goal?

18. You have an Azure subscription that contains a storage account.

An application sometimes writes duplicate files to the storage account.

You have a PowerShell script that identifies and deletes duplicate files in the storage account. Currently, the script is run manually after approval from the operations manager.

You need to recommend a serverless solution that performs the following actions:

✑ Runs the script once an hour to identify whether duplicate files exist

✑ Sends an email notification to the operations manager requesting approval to delete the duplicate files

✑ Processes an email response from the operations manager specifying whether the deletion was approved

✑ Runs the script if the deletion was approved

What should you include in the recommendation?

19. HOTSPOT

You need to recommend a solution to ensure that App1 can access the third-party credentials and access strings. The solution must meet the security requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

20. HOTSPOT

You plan to deploy an Azure web app named Appl that will use Azure Active Directory (Azure AD) authentication.

App1 will be accessed from the internet by the users at your company. All the users have computers that run Windows 10 and are joined to Azure AD.

You need to recommend a solution to ensure that the users can connect to App1 without being prompted for authentication and can access App1 only from company-owned computers.

What should you recommend for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

21. DRAG DROP

You need to configure an Azure policy to ensure that the Azure SQL databases have TDE enabled. The solution must meet the security and compliance requirements.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

22. HOTSPOT

Your on-premises network contains a file server named Server1 that stores 500 GB of data.

You need to use Azure Data Factory to copy the data from Server1 to Azure Storage.

You add a new data factory.

What should you do next? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

23. HOTSPOT

You have an Azure Load Balancer named LB1 that balances requests to five Azure virtual machines.

You need to develop a monitoring solution for LB1.

The solution must generate an alert when any of the following conditions are met:

✑ A virtual machine is unavailable.

✑ Connection attempts exceed 50,000 per minute.

Which signal should you include in the solution for each condition? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

24. You plan provision a High Performance Computing (HPC) cluster in Azure that will use a third-party scheduler.

You need to recommend a solution to provision and manage the HPC cluster node.

What should you include in the recommendation?

25. HOTSPOT

You need to design an Azure policy that will implement the following functionality:

• For new resources, assign tags and values that match the tags and values of the resource group to which the resources are deployed.

• For existing resources, identify whether the tags and values match the tags and values of the resource group that contains the resources.

• For any non-compliant resources, trigger auto-generated remediation tasks to create missing tags and values.

The solution must use the principle of least privilege.

What should you include in the design? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

26. You have an Azure subscription that contains a Windows Virtual Desktop tenant.

You need to recommend a solution to meet the following requirements:

✑ Start and stop Windows Virtual Desktop session hosts based on business hours.

✑ Scale out Windows Virtual Desktop session hosts when required.

✑ Minimize compute costs.

What should you include in the recommendation?

27. HOTSPOT

How should the migrated databases DB1 and DB2 be implemented in Azure?

28. HOTSPOT

You have the Free edition of a hybrid Azure Active Directory (Azure AD) tenant. The tenant uses password hash synchronization.

You need to recommend a solution to meet the following requirements:

✑ Prevent Active Directory domain user accounts from being locked out as the result of brute force attacks targeting Azure AD user accounts.

✑ Block legacy authentication attempts to Azure AD integrated apps.

✑ Minimize costs.

What should you recommend for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

29. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company deploys several virtual machines on-premises and to Azure. ExpressRoute is being deployed and configured for on-premises to Azure connectivity.

Several virtual machines exhibit network connectivity issues.

You need to analyze the network traffic to identify whether packets are being allowed or denied to the virtual machines.

Solution: Use Azure Traffic Analytics in Azure Network Watcher to analyze the network traffic.

Does this meet the goal?

30. HOTSPOT

You are planning an Azure Storage solution for sensitive data. The data will be accessed daily. The data set is less than 10 GB.

You need to recommend a storage solution that meets the following requirements:

• All the data written to storage must be retained for five years.

• Once the data is written, the data can only be read. Modifications and deletion must be prevented.

• After five years, the data can be deleted, but never modified.

• Data access charges must be minimized

What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

31. You have SQL Server on an Azure virtual machine. The databases are written to nightly as part of a batch process.

You need to recommend a disaster recovery solution for the data.

The solution must meet the following requirements:

✑ Provide the ability to recover in the event of a regional outage.

✑ Support a recovery time objective (RTO) of 15 minutes.

✑ Support a recovery point objective (RPO) of 24 hours.

✑ Support automated recovery.

✑ Minimize costs.

What should you include in the recommendation?

32. DRAG DROP

You need to design an architecture to capture the creation of users and the assignment of roles. The captured data must be stored in Azure Cosmos DB.

Which Azure services should you include in the design? To answer, drag the appropriate services to the correct targets. Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

33. A company named Contoso, Ltd. has an Azure Active Directory (Azure AD) tenant that is integrated with Microsoft Office 365 and an Azure subscription.

Contoso has an on-premises identity infrastructure. The infrastructure includes servers that run Active Directory Domain Services (AD DS), and Azure AD Connect

Contoso has a partnership with a company named Fabrikam, Inc. Fabrikam has an Active Directory forest and an Office 365 tenant. Fabrikam has the same on-premises identity infrastructure as Contoso.

A team of 10 developers from Fabrikam will work on an Azure solution that will be hosted in the Azure subscription of Contoso. The developers must be added to the Contributor role for a resource in the Contoso subscription.

You need to recommend a solution to ensure that Contoso can assign the role to the 10 Fabrikam developers. The solution must ensure that the Fabrikam developers use their existing credentials to access resources.

What should you recommend?

34. HOTSPOT

You have an on-premises file server that stores 2 TB of data files.

You plan to move the data files to Azure Blob Storage In the West Europe Azure region,

You need to recommend a storage account type to store the data files and a replication solution for the storage account.

The solution must meet the following requirements:

• Be available if a single Azure datacenter fails.

• Support storage tiers.

• Minimize cost.

What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

35. You use Azure virtual machines to run a custom application that uses an Azure SQL database on the back end.

The IT apartment at your company recently enabled forced tunneling,

Since the configuration change, developers have noticed degraded performance when they access the database

You need to recommend a solution to minimize latency when accessing the database. The solution must minimize costs

What should you include in the recommendation?

36. HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.





You create an Azure SQL database named DB1 that is hosted in the East US region.

To DB1, you add a diagnostic setting named Settings1. Settings1 archives SQLInsights to storage1 and sends SQLInsights to Workspace1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selections is worth one point.

37. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company has deployed several virtual machines (VMs) on-premises and to Azure.

Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.

Several VMs are exhibiting network connectivity issues.

You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.

Solution: Use the Azure Traffic Analytics solution in Azure Log Analytics to analyze the network traffic.

Does the solution meet the goal?

38. You are designing an Azure solution.

The network traffic for the solution must be securely distributed by providing the following features:

✑ HTTPS protocol

✑ Round robin routing

✑ SSL offloading

You need to recommend a load balancing option.

What should you recommend?

39. Your company develops Azure applications.

You need to recommend a solution for the deployment of Azure subscriptions.

The solution must meet the following requirements:

What should you include in the recommendation?

40. Your company has 300 virtual machines hosted in a VMware environment. The virtual machines vary in size and have various utilization levels.

You plan to move all the virtual machines to Azure.

You need to recommend how many and what size Azure virtual machines will be required to move the current workloads to Azure. The solution must minimize administrative effort.

What should you use to make the recommendation?

41. What should you include in the identity management strategy to support the planned changes?

42. HOTSPOT

You plan to migrate App1 to Azure.

You need to recommend a storage solution for App1 that meets the security and compliance requirements.

Which type of storage should you recommend, and how should you recommend configuring the storage? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

43. You have to deploy an Azure SQL database named db1 for your company. The databases must meet the following security requirements

When IT help desk supervisors query a database table named customers, they must be able to see the full number of each credit card

When IT help desk operators query a database table named customers, they must only see the last four digits of each credit card number

A column named Credit Card rating in the customers table must never appear in plain text

in the database system. Only client applications must be able to decrypt the information that is stored in this column

Which of the following can be implemented for the Credit Card rating column security requirement?

44. HOTSPOT

You have an Azure subscription that contains 300 Azure virtual machines that run Windows Server 2016.

You need to centrally monitor all warning events in the System logs of the virtual machines.

What should you include in the solutions? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

45. Your company, named Contoso, Ltd, implements several Azure logic apps that have HTTP triggers: The logic apps provide access to an on-premises web service.

Contoso establishes a partnership with another company named Fabrikam, Inc.

Fabrikam does not have an existing Azure Active Directory (Azure AD) tenant and uses third-party OAuth 2.0 identity management to authenticate its users.

Developers at Fabrikam plan to use a subset of the logics apps to build applications that will integrate with the on-premises web service of Contoso.

You need to design a solution to provide the Fabrikam developers with access to the logic apps.

The solution must meet the following requirements:

✑ Requests to the logic apps from the developers must be limited to lower rates than the requests from the users at Contoso.

✑ The developers must be able to rely on their existing OAuth 2.0 provider to gain access to the logic apps.

✑ The solution must NOT require changes to the logic apps.

✑ The solution must NOT use Azure AD guest accounts.

What should you include in the solution?

46. Your company plans to publish APIs for its services by using Azure API Management.

You discover that service responses include the AspNet-Version header.

You need to recommend a solution to remove AspNet-Version from the response of the published APIs.

What should you include in the recommendation?

47. Topic 5, Misc. Questions



You plan to deploy 10 applications to Azure. The applications will be deployed to two Azure Kubernetes Service (AKS) clusters. Each cluster will be deployed to a separate Azure region.

The application deployment must meet the following requirements:

• Ensure that the applications remain available if a single AKS cluster fails.

• Ensure that the connection traffic over the internet is encrypted by using SSL without having to configure SSL on each container.

Which service should you include in the recommendation?

48. You need to recommend a data storage strategy for WebApp1.

What should you include in in the recommendation?

49. You need to implement the Azure RBAC role assignments for the Network Contributor role.

The solution must meet the authentication and authorization requirements.

What is the minimum number of assignments that you must use?

50. A company has an on-premises file server cbflserver that runs Windows Server 2019.

Windows Admin Center manages this server. The company owns an Azure subscription.

You need to provide an Azure solution to prevent data loss if the file server fails.

Solution: You decide to create an Azure Recovery Services vault. You then decide to install the Azure Backup agent and then schedule the backup.

Would this meet the requirement?

51. You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group'. Group i is configured Tor assigned membership. Group I has 50 members. including 20 guest users.

You need To recommend a solution for evaluating the member ship of Group1.

The solution must meet the following requirements:

• The evaluation must be repeated automatically every three months

• Every member must be able to report whether they need to be in Group1

• Users who report that they do not need to be in Group 1 must be removed from Group1 automatically

• Users who do not report whether they need to be m Group1 must be removed from Group1 automatically.

What should you include in me recommendation?

52. You need to recommend an App Service architecture that meets the requirements for Appl.

The solution must minimize costs.

What should few recommend?

53. You need to recommend a solution that meets the data requirements for App1.

What should you recommend deploying to each availability zone that contains an instance of App1?

54. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Storage account that contains two 1-GB data files named File1 and File2. The data files are set to use the archive access tier.

You need to ensure that File1 is accessible immediately when a retrieval request is initiated.

Solution: For File1, you set Access tier to Cool.

Does this meet the goal?

55. A company is planning on deploying an application onto Azure. The application will be based on the .Net core programming language. The application would be hosted using Azure Web apps. Below is part of the various requirements for the application

Give the ability to correlate Azure resource usage and the performance data with the actual application configuration and performance data

Give the ability to visualize the relationships between application components

Give the ability to track requests and exceptions to specific lines of code from within the application Give the ability to actually analyse how uses return to an application and see how often they only select a particular drop-down value

Which of the following service would be best suited for fulfilling the requirement of “Give the ability to correlate Azure resource usage and the performance data with the actual application configuration and performance data”

56. HOTSPOT

You are evaluating whether to use Azure Traffic Manager and Azure Application Gateway to meet the connection requirements for App1.

What is the minimum numbers of instances required for each service? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

57. CORRECT TEXT

You need to recommend a solution that meets the data requirements for App1.

What should you recommend deploying to each availability zone that contains an instance of App1?

58. HOTSPOT

Your company has the divisions shown in the following table.





You plan to deploy a custom application to each subscription.

The application will contain the following:

✑ A resource group

✑ An Azure web app

✑ Custom role assignments

✑ An Azure Cosmos DB account

You need to use Azure Blueprints to deploy the application to each subscription.

What is the minimum number of objects required to deploy the application? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

59. You need to recommend a notification solution for the IT Support distribution group.

What should you include in the recommendation?

60. DRAG DROP

You are designing a virtual machine that will run Microsoft SQL Server and will contain two data disks. The first data disk will store log files, and the second data disk will store data. Both disks are P40 managed disks.

You need to recommend a caching policy for each disk. The policy must provide the best overall performance for the virtual machine.

Which caching policy should you recommend for each disk? To answer, drag the appropriate policies to the correct disks. Each policy may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

61. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.

Several VMs are exhibiting network connectivity issues.

You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.

Solution: Use the Azure Traffic Analytics solution in Azure Log Analytics to analyze the network traffic.

Does the solution meet the goal?

62. HOTSPOT

You have an Azure App Service web app that uses a system-assigned managed identity.

You need to recommend a solution to store their settings of the web app as secrets in an Azure key vault.

The solution must meet the following requirements:

• Minimize changes to the app code,

• Use the principle of least privilege.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

63. HOTSPOT

You plan to migrate on-premises Microsoft SQL Server databases to Azure.

You need to recommend a deployment and resiliency solution that meets the following requirements:

✑ Supports user-initiated backups

✑ Supports multiple automatically replicated instances across Azure regions

✑ Minimizes administrative effort to implement and maintain business continuity

What should you recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

64. You have an Azure subscription.

You need to deploy an Azure Kubernetes Service (AKS) solution that will use Linux nodes.

The solution must meet the following requirements:

✑ Minimize the time it takes to provision compute resources during scale-out operations.

✑ Support autoscaling of Linux containers.

✑ Minimize administrative effort.

Which scaling option should you recommend?

65. You plan to migrate App1 to Azure.

You need to recommend a network connectivity solution for the Azure Storage account that will host the App1 data. The solution must meet the security and compliance requirements.

What should you include in the recommendation?

66. HOTSPOT

You plan to create an Azure Storage account that will host file shares. The shares will be accessed from on-premises applications that are transaction-intensive.

You need to recommend a solution to minimize latency when accessing the file shares.

The solution must provide the highest-level of resiliency for the selected storage tier.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

67. You need to recommend a strategy for migrating the database content of WebApp1 to Azure .

What should you include in the recommendation?

68. You have an Azure subscription that contains a storage account.

An application sometimes writes duplicate files to the storage account.

You have a PowerShell script that identifies and deletes duplicate files in the storage account. Currently, the script is run manually after approval from the operations manager.

You need to recommend a serverless solution that performs the following actions:

✑ Runs the script once an hour to identify whether duplicate files exist

✑ Sends an email notification to the operations manager requesting approval to delete the duplicate files

✑ Processes an email response from the operations manager specifying whether the deletion was approved

✑ Runs the script if the deletion was approved

What should you include in the recommendation?

69. You ate designing a SQL database solution. The solution will include 20 databases that will be 20 GB each and have varying usage patterns. You need to recommend a database platform to host the databases.

The solution must meet the following requirements:

• The compute resources allocated to the databases must scale dynamically.

• The solution must meet an SLA of 99.99% uptime.

• The solution must have reserved capacity.

• Compute charges must be minimized.

What should you include in the recommendation?

70. Topic 4, HABInsurance



Case Study

An insurance company, HABInsurance, operates in three states and provides home, auto, and boat insurance. Besides the head office, HABInsurance has three regional offices.



Current environment

General

An insurance company, HABInsurance, operates in three states and provides home, auto, and boat insurance. Besides the head office, HABInsurance has three regional offices. Technology assessment

The company has two Active Directory forests: main.habinsurance.com and region.habinsurance.com. HABInsurance's primary internal system is Insurance Processing System (IPS). It is an ASP.Net/C# application running on IIS/Windows Servers hosted in a data center. IPS has three tiers: web, business logic API, and a datastore on a back end. The company uses Microsoft SQL Server and MongoDB for the backend. The system has two parts: Customer data and Insurance forms and documents. Customer data is stored in Microsoft SQL Server and Insurance forms and documents ― in MongoDB.

The company also has 10 TB of Human Resources (HR) data stored on NAS at the head office location. Requirements



General

HABInsurance plans to migrate its workloads to Azure. They purchased an Azure subscription. Changes

During a transition period, HABInsurance wants to create a hybrid identity model along with a Microsoft Office 365 deployment. The company intends to sync its AD forests to Azure AD and benefit from Azure AD administrative units functionality.

HABInsurance needs to migrate the current IPSCustomers SQL database to a new fully managed SQL database in Azure that would be budget-oriented, balanced with scalable compute and storage options. The management team expects the Azure database service to scale the database resources dynamically with minimal downtime. The technical team proposes implementing a DTU-based purchasing model for the new database. HABInsurance wants to migrate Insurance forms and documents to Azure database service. HABInsurance plans to move IPS first two tiers to Azure without any modifications. The technology team discusses the possibility of running IPS tiers on a set of virtual machines instances. The number of instances should be adjusted automatically based on the CPU utilization. An SLA of 99.95% must be guaranteed for the compute infrastructure. The company needs to move HR data to Azure File shares.

In their new Azure ecosystem, HABInsurance plans to use internal and third-party applications. The company considers adding user consent for data access to the registered applications

Later, the technology team contemplates adding a customer self-service portal to IPS and deploying a new IPS to multi-region ASK. But the management team is worried about performance and availability of the multi-region AKS deployments during regional outages.



What two parameters would you recommend set up to ensure that the new IPSCustomers database will scale to meet the workload demands?

71. HOTSPOT

To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

72. Your company has an Azure Web App that runs via the Premium App Service Plan. A development team will be using the Azure Web App. You have to configure the Azure Web app so that it can fulfil the below requirements.

Provide the ability to switch the web app from the current version to a newer version

Provide developers with the ability to test newer versions of the application before the switch to the newer version occurs

Ensure that the application version can be rolled back

Minimize downtime

Which of the following can be used for this requirement?

73. HOTSPOT

What should you implement to meet the identity requirements? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

74. HOTSPOT

You are evaluating the components of the migration to Azure that require you to provision an Azure Storage account.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

75. Topic 3, Contoso



Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.



To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.



At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.



To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.



Existing Environment: Technical Environment

The on-premises network contains a single Active Directory domain named contoso.com.

Contoso has a single Azure subscription.



Existing Environment: Business Partnerships

Contoso has a business partnership with Fabrikam, Inc. Fabrikam users access some Contoso applications over the internet by using Azure Active Directory (Azure AD) guest accounts.



Requirements: Planned Changes

Contoso plans to deploy two applications named App1 and App2 to Azure.



Requirements: App1

App1 will be a Python web app hosted in Azure App Service that requires a Linux runtime.

Users from Contoso and Fabrikam will access App1.



App1 will access several services that require third-party credentials and access strings.

The credentials and access strings are stored in Azure Key Vault.



App1 will have six instances: three in the East US Azure region and three in the West Europe Azure region.



App1 has the following data requirements:

✑ Each instance will write data to a data store in the same availability zone as the instance.

✑ Data written by any App1 instance must be visible to all App1 instances.



App1 will only be accessible from the internet. App1 has the following connection requirements:

✑ Connections to App1 must pass through a web application firewall (WAF).

✑ Connections to App1 must be active-active load balanced between instances.

✑ All connections to App1 from North America must be directed to the East US region. All other connections must be directed to the West Europe region.



Every hour, you will run a maintenance task by invoking a PowerShell script that copies files from all the App1 instances. The PowerShell script will run from a central location.



Requirements: App2

App2 will be a NET app hosted in App Service that requires a Windows runtime.

App2 has the following file storage requirements:

✑ Save files to an Azure Storage account.

✑ Replicate files to an on-premises location.

✑ Ensure that on-premises clients can read the files over the LAN by using the SMB protocol.



You need to monitor App2 to analyze how long it takes to perform different transactions within the application. The solution must not require changes to the application code.



Application Development Requirements

Application developers will constantly develop new versions of App1 and App2.

The development process must meet the following requirements:

✑ A staging instance of a new application version must be deployed to the application host before the new version is used in production.

✑ After testing the new version, the staging version of the application will replace the production version.

✑ The switch to the new application version from staging to production must occur without any downtime of the application.



Identity Requirements

Contoso identifies the following requirements for managing Fabrikam access to resources:

✑ uk.co.certification.simulator.questionpool.PList@1863e940

✑ The solution must minimize development effort.



Security Requirement

All secrets used by Azure services must be stored in Azure Key Vault.

Services that require credentials must have the credentials tied to the service instance. The credentials must NOT be shared between services.



DRAG DROP

You need to recommend a solution that meets the file storage requirements for App2.

What should you deploy to the Azure subscription and the on-premises network? To answer, drag the appropriate services to the correct locations. Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

76. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service instances will be deployed at the same time as the Azure SQL databases.

The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region.

You need to recommend a solution to meet the regulatory requirement.

Solution: You recommend creating resource groups based on locations and implementing resource locks on the resource groups.

Does this meet the goal?

77. A company has an on-premises file server cbflserver that runs Windows Server 2019.

Windows Admin Center manages this server. The company owns an Azure subscription.

You need to provide an Azure solution to prevent data loss if the file server fails.

Solution: You decide to register Windows Admin Center in Azure and then configure Azure Backup.

Would this meet the requirement?

78. HOTSPOT

You have five .NET Core applications that run on 10 Azure virtual machines in the same subscription.

You need to recommend a solution to ensure that the applications can authenticate by using the same Azure Active Directory (Azure AD) identity.

The solution must meet the following requirements:

✑ Ensure that the applications can authenticate only when running on the 10 virtual machines.

✑ Minimize administrative effort.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

79. HOTSPOT

You plan to migrate DB1 and DB2 to Azure.

You need to ensure that the Azure database and the service tier meet the resiliency and business requirements.

What should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

80. HOTSPOT

You have an Azure subscription that contains a virtual network named VNET1 and 10 virtual machines. The virtual machines are connected to VNET1.

You need to design a solution to manage the virtual machines from the internet.

The solution must meet the following requirements:

• Incoming connections to the virtual machines must be authenticated by using Azure Multi-Factor Authentication (MFA) before network connectivity is allowed.

• Incoming connections must use TLS and connect to TCP port 443.

• The solution must support RDP and SSH.

What should you Include In the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.