시험덤프
매달, 우리는 1000명 이상의 사람들이 시험 준비를 잘하고 시험을 잘 통과할 수 있도록 도와줍니다.
  / AZ-305 덤프  / AZ-305 문제 연습

Microsoft AZ-305 시험

Designing Microsoft Azure Infrastructure Solutions 온라인 연습

최종 업데이트 시간: 2024년11월08일

당신은 온라인 연습 문제를 통해 Microsoft AZ-305 시험지식에 대해 자신이 어떻게 알고 있는지 파악한 후 시험 참가 신청 여부를 결정할 수 있다.

시험을 100% 합격하고 시험 준비 시간을 35% 절약하기를 바라며 AZ-305 덤프 (최신 실제 시험 문제)를 사용 선택하여 현재 최신 245개의 시험 문제와 답을 포함하십시오.

 / 6

Question No : 1


Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure.
Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use the Azure Traffic Analytics solution in Azure Log Analytics to analyze the network traffic.
Does the solution meet the goal?

정답:
Explanation:
Instead use Azure Network Watcher to run IP flow verify to analyze the network traffic.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview

Question No : 2


HOTSPOT
You plan to deploy an Azure web app named Appl that will use Azure Active Directory (Azure AD) authentication.
App1 will be accessed from the internet by the users at your company. All the users have computers that run Windows 10 and are joined to Azure AD.
You need to recommend a solution to ensure that the users can connect to App1 without being prompted for authentication and can access App1 only from company-owned computers.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.



정답:


Explanation:
Graphical user interface, text, application, chat or text message
Description automatically generated
Box 1: An Azure AD app registration
Azure active directory (AD) provides cloud based directory and identity management services. You can use azure AD to manage users of your application and authenticate access to your applications using azure active directory.
You register your application with Azure active directory tenant.
Box 2: A conditional access policy
Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action.
By using Conditional Access policies, you can apply the right access controls when needed to keep your organization secure and stay out of your user's way when not needed.



Timeline
Description automatically generated

Question No : 3


You are designing a microservices architecture that will support a web application.
The solution must meet the following requirements:
✑ Allow independent upgrades to each microservice
✑ Deploy the solution on-premises and to Azure
✑ Set policies for performing automatic repairs to the microservices
✑ Support low-latency and hyper-scale operations
You need to recommend a technology.
What should you recommend?

정답:
Explanation:
https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-overview

Question No : 4


You have an Azure subscription that contains a storage account.
An application sometimes writes duplicate files to the storage account.
You have a PowerShell script that identifies and deletes duplicate files in the storage account. Currently, the script is run manually after approval from the operations manager.
You need to recommend a serverless solution that performs the following actions:
✑ Runs the script once an hour to identify whether duplicate files exist
✑ Sends an email notification to the operations manager requesting approval to delete the duplicate files
✑ Processes an email response from the operations manager specifying whether the deletion was approved
✑ Runs the script if the deletion was approved
What should you include in the recommendation?

정답:
Explanation:
You can schedule a powershell script with Azure Logic Apps.
When you want to run code that performs a specific job in your logic apps, you can create your own function by using Azure Functions. This service helps you create Node.js, C#, and F# functions so you don't have to build a complete app or infrastructure to run code. You can also call logic apps from inside Azure functions. Azure Functions provides serverless computing in the cloud and is useful for performing tasks such as these examples:
Reference: https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-azure-functions

Question No : 5


Your company has an Azure Web App that runs via the Premium App Service Plan. A development team will be using the Azure Web App. You have to configure the Azure Web app so that it can fulfil the below requirements.
Provide the ability to switch the web app from the current version to a newer version
Provide developers with the ability to test newer versions of the application before the switch to the newer version occurs
Ensure that the application version can be rolled back
Minimize downtime
Which of the following can be used for this requirement?

정답:

Question No : 6


Your company, named Contoso, Ltd, implements several Azure logic apps that have HTTP triggers: The logic apps provide access to an on-premises web service.
Contoso establishes a partnership with another company named Fabrikam, Inc.
Fabrikam does not have an existing Azure Active Directory (Azure AD) tenant and uses third-party OAuth 2.0 identity management to authenticate its users.
Developers at Fabrikam plan to use a subset of the logics apps to build applications that will integrate with the on-premises web service of Contoso.
You need to design a solution to provide the Fabrikam developers with access to the logic apps.
The solution must meet the following requirements:
✑ Requests to the logic apps from the developers must be limited to lower rates than the requests from the users at Contoso.
✑ The developers must be able to rely on their existing OAuth 2.0 provider to gain access to the logic apps.
✑ The solution must NOT require changes to the logic apps.
✑ The solution must NOT use Azure AD guest accounts.
What should you include in the solution?

정답:
Explanation:
API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services.
You can secure API Management using the OAuth 2.0 client credentials flow.
Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts
https://docs.microsoft.com/en-us/azure/api-management/api-management-features
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#enable-oauth-20-user-authorization-in-the-developer-console

Question No : 7


DRAG DROP
You need to design an architecture to capture the creation of users and the assignment of roles. The captured data must be stored in Azure Cosmos DB.
Which Azure services should you include in the design? To answer, drag the appropriate services to the correct targets. Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.



정답:


Explanation:
Diagram
Description automatically generated

Question No : 8


Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage account that contains two 1-GB data files named File1 and File2. The data files are set to use the archive access tier.
You need to ensure that File1 is accessible immediately when a retrieval request is initiated.
Solution: For File1, you set Access tier to Cool.
Does this meet the goal?

정답:
Explanation:
The data in the cool tier is "considered / intended to be stored for 30 days". But this is not a must. You can store data indefinitely in the cool tier. The mentioned reference (see below) even gives an example of large scientific or otherwise large data which is stored for long duration in the cool tier.
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers?tabs=azure-portal

Question No : 9


HOTSPOT
You have an Azure subscription that contains a virtual network named VNET1 and 10 virtual machines. The virtual machines are connected to VNET1.
You need to design a solution to manage the virtual machines from the internet.
The solution must meet the following requirements:
• Incoming connections to the virtual machines must be authenticated by using Azure Multi-Factor Authentication (MFA) before network connectivity is allowed.
• Incoming connections must use TLS and connect to TCP port 443.
• The solution must support RDP and SSH.
What should you Include In the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.



정답:

Question No : 10


Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service instances will be deployed at the same time as the Azure SQL databases.
The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region.
You need to recommend a solution to meet the regulatory requirement.
Solution: You recommend creating resource groups based on locations and implementing resource locks on the resource groups.
Does this meet the goal?

정답:
Explanation:
Resource locks are not used for compliance purposes. Resource locks prevent changes from being made to resources.
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources

Question No : 11


Your company develops Azure applications.
You need to recommend a solution for the deployment of Azure subscriptions.
The solution must meet the following requirements:
What should you include in the recommendation?

정답:
Explanation:
✑ Resource groups: You can scope your deployment to a resource group. You use an Azure Resource Manager template (ARM template) for the deployment.
✑ Regions: If you have a template spec in one region and want to move it to new region, you can export the template spec and redeploy it.
✑ RBAC: Azure role-based access control (Azure RBAC) is the authorization system you use to manage access to Azure resources. To grant access, you assign roles to users, groups, service principals, or managed identities at a particular scope. In addition to using Azure PowerShell or the Azure CLI, you can assign roles using Azure Resource Manager templates. Templates can be helpful if you need to deploy resources consistently and repeatedly
✑ You can setup Virtual machines and virtual network configurations in an Azure Resource Manager template.
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/overview
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/microsoft-resources-move-regions
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-template
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/template-description

Question No : 12


You have SQL Server on an Azure virtual machine. The databases are written to nightly as part of a batch process.
You need to recommend a disaster recovery solution for the data.
The solution must meet the following requirements:
✑ Provide the ability to recover in the event of a regional outage.
✑ Support a recovery time objective (RTO) of 15 minutes.
✑ Support a recovery point objective (RPO) of 24 hours.
✑ Support automated recovery.
✑ Minimize costs.
What should you include in the recommendation?

정답:
Explanation:
Replication with Azure Site Recover:
✑ RTO is typically less than 15 minutes.
✑ RPO: One hour for application consistency and five minutes for crash consistency.
Reference: https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-sql

Question No : 13


Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use Azure Network Watcher to run IP flow verify to analyze the network traffic
Does the solution meet the goal?

정답:
Explanation:
The Network Watcher Network performance monitor is a cloud-based hybrid network monitoring solution that helps you monitor network performance between various points in your network infrastructure. It also helps you monitor network connectivity to service and application endpoints and monitor the performance of Azure ExpressRoute.
Note:
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
IP flow verify looks at the rules for all Network Security Groups (NSGs) applied to the network interface, such as a subnet or virtual machine NIC. Traffic flow is then verified based on the configured settings to or from that network interface. IP flow verify is useful in confirming if a rule in a Network Security Group is blocking ingress or egress traffic to or from a virtual machine.
Reference: https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview

Question No : 14


HOTSPOT
You are planning an Azure Storage solution for sensitive data. The data will be accessed daily. The data set is less than 10 GB.
You need to recommend a storage solution that meets the following requirements:
• All the data written to storage must be retained for five years.
• Once the data is written, the data can only be read. Modifications and deletion must be prevented.
• After five years, the data can be deleted, but never modified.
• Data access charges must be minimized
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.



정답:


Explanation:
Graphical user interface, text, application
Description automatically generated
Box 1: General purpose v2 with Archive acce3ss tier for blobs
Archive - Optimized for storing data that is rarely accessed and stored for at least 180 days with flexible latency requirements, on the order of hours.
Cool - Optimized for storing data that is infrequently accessed and stored for at least 30 days.
Hot - Optimized for storing data that is accessed frequently.
Box 2: Storage account resource lock
As an administrator, you can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources.
The lock overrides any permissions the user might have.
Note: You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.
✑ CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource.
✑ ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.

Question No : 15


You use Azure virtual machines to run a custom application that uses an Azure SQL database on the back end.
The IT apartment at your company recently enabled forced tunneling,
Since the configuration change, developers have noticed degraded performance when they access the database
You need to recommend a solution to minimize latency when accessing the database. The solution must minimize costs
What should you include in the recommendation?

정답:
Explanation:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview

 / 6