• Home
  • Articles
  • AZ-305 Pre-Exam Practice Tests (Updated 316 Questions) [Q150-Q172]

AZ-305 Pre-Exam Practice Tests (Updated 316 Questions) [Q150-Q172]

Share

AZ-305 Pre-Exam Practice Tests | (Updated 316 Questions)

Valid AZ-305 Exam Q&A PDF - One Year Free Update


Microsoft AZ-305 exam covers a wide range of topics, such as Azure compute, storage, networking, and security, as well as hybrid and migration scenarios. Candidates must be familiar with Azure services and features, such as Azure Virtual Machines, Azure App Service, Azure Functions, Azure Storage, Azure VPN Gateway, and Azure Active Directory. AZ-305 exam also tests the candidate's ability to design and implement solutions that integrate with on-premises infrastructure, as well as third-party services and applications. Passing the Microsoft AZ-305 exam demonstrates that the candidate has the skills and knowledge necessary to design and implement secure, scalable, and resilient solutions on Microsoft Azure.


Microsoft AZ-305 exam consists of various topics that cover the design and implementation of Azure infrastructure solutions. These topics include designing and deploying Azure compute infrastructure, designing and deploying Azure storage solutions, and designing and implementing Azure networking solutions. AZ-305 exam also covers the design and implementation of Azure security and identity solutions, as well as the design and management of Azure resources.

 

NEW QUESTION # 150
You are designing an app that will be hosted on Azure virtual machines that run Ubuntu. The app will use a third-party email service to send email messages to users. The third-party email service requires that the app authenticate by using an API key.
You need to recommend an Azure Key Vault solution for storing and accessing the API key. The solution must minimize administrative effort.
What should you recommend using to store and access the key? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 151
Your company, named Contoso, Ltd, implements several Azure logic apps that have HTTP triggers: The logic apps provide access to an on-premises web service.
Contoso establishes a partnership with another company named Fabrikam, Inc.
Fabrikam does not have an existing Azure Active Directory (Azure AD) tenant and uses third-party OAuth
2.0 identity management to authenticate its users.
Developers at Fabrikam plan to use a subset of the logics apps to build applications that will integrate with the on-premises web service of Contoso.
You need to design a solution to provide the Fabrikam developers with access to the logic apps. The solution must meet the following requirements:
* Requests to the logic apps from the developers must be limited to lower rates than the requests from the users at Contoso.
* The developers must be able to rely on their existing OAuth 2.0 provider to gain access to the logic apps.
* The solution must NOT require changes to the logic apps.
* The solution must NOT use Azure AD guest accounts.
What should you include in the solution?

  • A. Azure AD Application Proxy
  • B. Azure AD business-to-business (B2B)
  • C. Azure Front Door
  • D. Azure API Management

Answer: D

Explanation:
API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services.
You can secure API Management using the OAuth 2.0 client credentials flow.
Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts
https://docs.microsoft.com/en-us/azure/api-management/api-management-features
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with- aad#enable-oauth-20-user-authorization-in-the-developer-console


NEW QUESTION # 152
You plan to deploy an Azure App Service web app that will have multiple instances across multiple Azure regions.
You need to recommend a load balancing service for the planned deployment. The solution must meet the following requirements:
* Maintain access to the app in the event of a regional outage.
* Support Azure Web Application Firewall (WAF).
* Support cookie-based affinity.
* Support URL routing.
What should you include in the recommendation?

  • A. Azure Traffic Manager
  • B. Azure Application Gateway
  • C. Azure Front Door
  • D. Azure Load Balancer

Answer: C

Explanation:
Explanation
Azure Traffic Manager performs the global load balancing of web traffic across Azure regions, which have a regional load balancer based on Azure Application Gateway. This combination gets you the benefits of Traffic Manager many routing rules and Application Gateway's capabilities such as WAF, TLS termination, path-based routing, cookie-based session affinity among others.
Reference:
https://docs.microsoft.com/en-us/azure/application-gateway/features


NEW QUESTION # 153
You are planning an Azure Storage solution for sensitive data. The data will be accessed daily. The data set is less than 10 GB.
You need to recommend a storage solution that meets the following requirements:
* All the data written to storage must be retained for five years.
* Once the data is written, the data can only be read. Modifications and deletion must be prevented.
* After five years, the data can be deleted, but never modified.
* Data access charges must be minimized
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation
Graphical user interface, text, application Description automatically generated

Box 1: General purpose v2 with Archive acce3ss tier for blobs
Archive - Optimized for storing data that is rarely accessed and stored for at least 180 days with flexible latency requirements, on the order of hours.
Cool - Optimized for storing data that is infrequently accessed and stored for at least 30 days.
Hot - Optimized for storing data that is accessed frequently.
Box 2: Storage account resource lock
As an administrator, you can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. The lock overrides any permissions the user might have.
Note: You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.
* CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource.
* ReadOnly means authorized users can read a resource, but they can't delete or update the resource.
Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers


NEW QUESTION # 154
You have multiple on-premises locations. The locations host loT endpoints that generate real-time telemetry data.
You have an Azure subscription.
You need to process the telemetry data and provide real-time insights. The solution must minimize development effort.
What should you use?

  • A. Azure Data Factory
  • B. Azure Stream Analytics
  • C. Azure Data Lake Analytics
  • D. Log Analytics

Answer: B


NEW QUESTION # 155
Your company has an app named App1 that uses data from the on-premises Microsoft SQL Server databases shown in the following table.

App1 and the data are used on the first day of the month only. The data is not expected to grow more than 3% each year.
The company is rewriting App1 as an Azure web app and plans to migrate all the data to Azure.
You need to migrate the data to Azure SQL Database. The solution must minimize costs.
Which service tier should you use?

  • A. DTU-based Standard
  • B. vCore-based General Purpose
  • C. vCore-based Business Critical
  • D. DTU-based Basic

Answer: A

Explanation:
Explanation
DTU-based Standard supports databases up to 1 TB in size.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/service-tiers-dtu


NEW QUESTION # 156
Your company plans to publish APIs for its services by using Azure API Management.
You discover that service responses include the AspNet-Version header.
You need to recommend a solution to remove AspNet-Version from the response of the published APIs.
What should you include in the recommendation?

  • A. a new policy
  • B. a new revision
  • C. a new product
  • D. a modification to the URL scheme

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/azure/api-management/transform-api


NEW QUESTION # 157
You have an Azure web app named App1 and an Azure key vault named KV1.
App1 stores database connection strings in KV1.
App1 performs the following types of requests to KV1:
* Get
* List
* Wrap
* Delete
* Unwrap
* Backup
* Decrypt
* Encrypt
You are evaluating the continuity of service for App1.
You need to identify the following if the Azure region that hosts KV1 becomes unavailable:
* To where will KV1 fail over?
* During the failover, which request type will be unavailable?
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation
Table Description automatically generated

Box 1: A server in the same paired region
The contents of your key vault are replicated within the region and to a secondary region at least 150 miles away, but within the same geography to maintain high durability of your keys and secrets.
Box 2: Delete
During failover, your key vault is in read-only mode. Requests that are supported in this mode are:
* List certificates
* Get certificates
* List secrets
* Get secrets
* List keys
* Get (properties of) keys
* Encrypt
* Decrypt
* Wrap
* Unwrap
* Verify
* Sign
* Backup
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidance


NEW QUESTION # 158
You have an Azure subscription that contains the SQL servers shown in the following table.

The subscription contains the storage accounts shown in the following table.

You create the Azure SQL databases shown in the following table.

Answer:

Explanation:

Explanation:
Box 1: Yes
Be sure that the destination is in the same region as your database and server.
Box 2: No
Box 3: Yes
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing
https://docs.microsoft.com/en-us/previous-versions/azure/dn741340(v=azure.100)?redirectedfrom=MSDN


NEW QUESTION # 159
You plan to create an Azure environment that will contain a root management group and 10 child management groups. Each child management group will contain five Azure subscriptions. You plan to have between 10 and 30 resource groups in each subscription.
You need to design an Azure governance solution. The solution must meet the following requirements:
* Use Azure Blueprints to control governance across all the subscriptions and resource groups.
* Ensure that Blueprints-based configurations are consistent across all the subscriptions and resource groups.
* Minimize the number of blueprint definitions and assignments.
What should you include in the solution? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 160
You have an Azure subscription that contains the SQL servers shown in the following table.

The subscription contains the storage accounts shown in the following table.

You create the Azure SQL databases shown in the following table.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing
https://docs.microsoft.com/en-us/previous-versions/azure/dn741340(v=azure.100)?redirectedfrom=MSDN


NEW QUESTION # 161
You plan to migrate DB1 and DB2 to Azure.
You need to ensure that the Azure database and the service tier meet the resiliency and business requirements.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation


NEW QUESTION # 162
You have an Azure subscription that contains 300 Azure virtual machines that run Windows Server 2016.
You need to centrally monitor all warning events in the System logs of the virtual machines.
What should you include in the solutions? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows


NEW QUESTION # 163
You have five .NET Core applications that run on 10 Azure virtual machines in the same subscription.
You need to recommend a solution to ensure that the applications can authenticate by using the same Azure Active Directory (Azure AD) identity. The solution must meet the following requirements:
Ensure that the applications can authenticate only when running on the 10 virtual machines.
Minimize administrative effort.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 164
You have an Azure subscription that contains a virtual network named VNET1 and 10 virtual machines. The virtual machines are connected to VNET1.
You need to design a solution to manage the virtual machines from the internet. The solution must meet the following requirements:
* Incoming connections to the virtual machines must be authenticated by using Azure Multi-Factor Authentication (MFA) before network connectivity is allowed.
* Incoming connections must use TLS and connect to TCP port 443.
* The solution must support RDP and SSH.
What should you Include In the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 165
You plan to deploy multiple containerized microservice-based apps to Azure Kubernetes Service (AKS).
You need to recommend a solution that implements the following functions:
* State management
* Pub/sub messaging
* Traffic routing and splitting
The solution must minimize administrative effort.
What should you include in the recommendation for each function? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 166
You need to recommend a solution to ensure that App1 can access the third-party credentials and access strings. The solution must meet the security requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/authentication


NEW QUESTION # 167
A company named Contoso, Ltd. has an Azure Active Directory (Azure AD) tenant that is integrated with Microsoft Office 365 and an Azure subscription.
Contoso has an on-premises identity infrastructure. The infrastructure includes servers that run Active Directory Domain Services (AD DS), and Azure AD Connect Contoso has a partnership with a company named Fabrikam, Inc. Fabrikam has an Active Directory forest and an Office 365 tenant. Fabrikam has the same on-premises identity infrastructure as Contoso.
A team of 10 developers from Fabrikam will work on an Azure solution that will be hosted in the Azure subscription of Contoso. The developers must be added to the Contributor role for a resource in the Contoso subscription.
You need to recommend a solution to ensure that Contoso can assign the role to the 10 Fabrikam developers.
The solution must ensure that the Fabrikam developers use their existing credentials to access resources.
What should you recommend?

  • A. Configure an organization relationship between the Office 365 tenants of Fabrikam and Contoso.
  • B. In the Azure AD tenant of Contoso, use MIM to create guest accounts for the Fabrikam developers.
  • C. Configure a forest trust between the on-premises Active Directory forests of Contoso and Fabrikam.
  • D. Configure an AD FS relying party trust between the fabrikam and Contoso AD FS infrastructures.

Answer: B

Explanation:
Explanation
Trust configurations - Configure trust from managed forests(s) or domain(s) to the administrative forest
* A one-way trust is required from production environment to the admin forest.
* Selective authentication should be used to restrict accounts in the admin forest to only logging on to the appropriate production hosts.
References:
https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-


NEW QUESTION # 168
You have an Azure web app named App1 and an Azure key vault named KV1.
App1 stores database connection strings in KV1.
App1 performs the following types of requests to KV1:
Get
List
Wrap
Delete
Unwrap
Backup
Decrypt
Encrypt
You are evaluating the continuity of service for App1.
You need to identify the following if the Azure region that hosts KV1 becomes unavailable:
To where will KV1 fail over?
During the failover, which request type will be unavailable?
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidance


NEW QUESTION # 169
You have the Azure resources shown in the following table.

You need to deploy a new Azure Firewall policy that will contain mandatory rules for all Azure Firewall deployments. The new policy will be configured as a parent policy for the existing policies.
What is the minimum number of additional Azure Firewall policies you should create?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: B

Explanation:
Explanation
Firewall policies work across regions and subscriptions.
Place all your global configurations in the parent policy.
Note: Policies can be created in a hierarchy. You can create a parent/global policy that will contain configurations and rules that will apply to all/a number of firewall instances. Then you create a child policy that inherits from the parent; note that rules changes in the parent instantly appear in the child. The child is associated with a firewall and applies configurations/rules from the parent policy and the child policy instantly to the firewall.
Reference:
https://aidanfinn.com/?p=22006


NEW QUESTION # 170
You plan to deploy an application named App1 that will run on five Azure virtual machines. Additional virtual machines will be deployed later to run App1.
You need to recommend a solution to meet the following requirements for the virtual machines that will run App1:
* Ensure that the virtual machines can authenticate to Azure Active Directory (Azure AD) to gain access to
* an Azure key vault, Azure Logic Apps instances, and an Azure SQL database.
* Avoid assigning new roles and permissions for Azure services when you deploy additional virtual machines.
* Avoid storing secrets and certificates on the virtual machines.
Which type of identity should you include in the recommendation?

  • A. a service principal that is configured to use a client secret
  • B. a system-assigned managed identity
  • C. a user-assigned managed identity
  • D. a service principal that is configured to use a certificate

Answer: C

Explanation:
Managed identities for Azure resources is a feature of Azure Active Directory.
User-assigned managed identity can be shared. The same user-assigned managed identity can be associated with more than one Azure resource.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview


NEW QUESTION # 171
You are evaluating whether to use Azure Traffic Manager and Azure Application Gateway to meet the connection requirements for App1.
What is the minimum numbers of instances required for each service? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Topic 4, HABInsurance
Current environment
General
An insurance company, HABInsurance, operates in three states and provides home, auto, and boat insurance. Besides the head office, HABInsurance has three regional offices.
Technology assessment
The company has two Active Directory forests: main.habinsurance.com and region.habinsurance.com. HABInsurance's primary internal system is Insurance Processing System (IPS). It is an ASP.Net/C# application running on IIS/Windows Servers hosted in a data center. IPS has three tiers: web, business logic API, and a datastore on a back end. The company uses Microsoft SQL Server and MongoDB for the backend. The system has two parts: Customer data and Insurance forms and documents. Customer data is stored in Microsoft SQL Server and Insurance forms and documents - in MongoDB. The company also has 10 TB of Human Resources (HR) data stored on NAS at the head office location. Requirements General HABInsurance plans to migrate its workloads to Azure. They purchased an Azure subscription. Changes During a transition period, HABInsurance wants to create a hybrid identity model along with a Microsoft Office 365 deployment. The company intends to sync its AD forests to Azure AD and benefit from Azure AD administrative units functionality.
HABInsurance needs to migrate the current IPSCustomers SQL database to a new fully managed SQL database in Azure that would be budget-oriented, balanced with scalable compute and storage options. The management team expects the Azure database service to scale the database resources dynamically with minimal downtime. The technical team proposes implementing a DTU-based purchasing model for the new database.
HABInsurance wants to migrate Insurance forms and documents to Azure database service. HABInsurance plans to move IPS first two tiers to Azure without any modifications. The technology team discusses the possibility of running IPS tiers on a set of virtual machines instances. The number of instances should be adjusted automatically based on the CPU utilization. An SLA of 99.95% must be guaranteed for the compute infrastructure.
The company needs to move HR data to Azure File shares.
In their new Azure ecosystem, HABInsurance plans to use internal and third-party applications. The company considers adding user consent for data access to the registered applications Later, the technology team contemplates adding a customer self-service portal to IPS and deploying a new IPS to multi-region ASK. But the management team is worried about performance and availability of the multi-region AKS deployments during regional outages.


NEW QUESTION # 172
......

Designing Microsoft Azure Infrastructure Solutions Free Update Certification Sample Questions: https://prep4tests.pass4sures.top/Microsoft-Azure-Solutions-Architect-Expert/AZ-305-testking-braindumps.html

Related Articles

more
Microsoft AZ-305 Certification Practice Exam