Practice Free AZ-305 Exam Online Questions
You ate designing an Azure governance solution.
All Azure resources must be easily identifiable based on the following operational information environment, owner, department and cost center
You need 10 ensure that you can use the operational information when you generate reports for the Azure resources.
What should you include in the solution?
- A . Azure Active Directory (Azure AD) administrative units
- B . an Azure data catalog that uses the Azure REST API as a data source
- C . an Azure policy that enforces tagging rules
- D . an Azure management group that uses parent groups to create a hierarchy
C
Explanation:
You use Azure Policy to enforce tagging rules and conventions. By creating a policy, you avoid the scenario of resources being deployed to your subscription that don’t have the expected tags for your organization. Instead of manually applying tags or searching for resources that aren’t compliant, you create a policy that automatically applies the needed tags during deployment.
Note: Organizing cloud-based resources is a crucial task for IT, unless you only have simple deployments. Use naming and tagging standards to organize your resources for these reasons:
Resource management: Your IT teams will need to quickly locate resources associated with specific workloads, environments, ownership groups, or other important information. Organizing resources is critical to assigning organizational roles and access permissions for resource management.
Reference:
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/decision-guides/resource-tagging
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-policies
You deploy two instances of an Azure web app. One instance is in the East US Azure region and the other instance is in the West US Azure region. The web app uses Azure Blob storage to deliver large files to end users.
You need to recommend a solution for delivering the files to the users.
The solution must meet the following requirements:
✑ Ensure that the users receive files from the same region as the web app that they access.
✑ Ensure that the files only need to be updated once.
✑ Minimize costs.
What should you include in the recommendation?
- A . Azure File Sync
- B . Distributed File System (DFS)
- C . read-access geo-redundant storage (RA-GRS)
- D . geo-redundant storage (GRS)
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.
Your company, named Contoso, Ltd., has a Microsoft Entra tenant named contoso.com that uses Privileged Identity Management (PIM) and is linked to an Azure subscription named Sub 1.
You use Azure Backup to back up all the resources in Sub! to a Recovery Services vault named Vault 1.
An external company named Fabrikam, Inc. provides security management services to Contoso.
Fabrikam has a Microsoft Entra tenant named fabrikam.com and an Azure subscription.
You need to prevent a compromised administiator account in contoso.com from modifying backup policies in and deleting backups from Sub 1.
Solution: You configure Multi-user authorization (MUA) in Sub1 by using a Resource Guard from fabiikam.com.
Does this meet the goal?
- A . Yes
- B . No
Your network contains an on-premises Active Directory forest.
You discover that when users change jobs within your company, the membership of the user groups are not being updated. As a result, the users can access resources that are no longer relevant to their job.
You plan to integrate Active Directory and Azure Active Directory (Azure AD) by using Azure AD Connect.
You need to recommend a solution to ensure that group owners are emailed monthly about the group memberships they manage.
What should you include in the recommendation?
- A . conditional access policies
- B . Tenant Restrictions
- C . Azure AD access reviews
- D . Azure AD Identity Protection
C
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview
You plan to deploy multiple instances of an Azure web app across several Azure regions.
You need to design an access solution for the app.
The solution must meet the following replication requirements;
• Support rate limiting.
• Balance requests between all instances.
• Ensure that users can access the app in the event of a regional outage.
Solution: You use Azure Traffic Manager to provide access to the app.
Does this meet the goal?
- A . Yes
- B . No
HOTSPOT
You plan to migrate App1 to Azure.
You need to recommend a high-availability solution for App1. The solution must meet the resiliency requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: 3
Scenario: App1 must meet the following requirements:
✑ Be hosted in an Azure region that supports availability zones.
✑ Maintain availability if two availability zones in the local Azure region fail.
A host group is a resource that represents a collection of dedicated hosts. You create a host group in a region and an availability zone, and add hosts to it.
Use Availability Zones for fault isolation
Availability zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. A host group is created in a single availability zone. Once created, all hosts will be placed within that zone. To achieve high availability across zones, you need to create multiple host groups (one per zone) and spread your hosts accordingly.
Box 2: 1
Scenario: App1 must meet the following requirements:
✑ Be hosted on Azure virtual machines that support automatic scaling.
An Azure virtual machine scale set can automatically increase or decrease the number of VM instances that run your application. This automated and elastic behavior reduces the management overhead to monitor and optimize the performance of your application.
Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/dedicated-hosts
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-autoscale-overview
Your company has an app named App1 that uses data from the on-premises Microsoft SQL Server databases shown in the following table.
App1 and the data are used on the first day of the month only. The data is not expected to grow more than 3% each year.
The company is rewriting App1 as an Azure web app and plans to migrate all the data to Azure.
You need to migrate the data to Azure SQL Database. The solution must minimize costs.
Which service tier should you use?
- A . vCore-based Business Critical
- B . vCore-based General Purpose
- C . DTU-based Standard
- D . DTU-based Basic
B
Explanation:
DTU-based Standard supports databases up to 1 TB in size.
Reference: https://docs.microsoft.com/en-us/azure/azure-sql/database/service-tiers-dtu
You need to recommend a notification solution for the IT Support distribution group.
What should you include in the recommendation?
- A . Azure Network Watcher
- B . an action group
- C . a SendGrid account with advanced reporting
- D . Azure AD Connect Health
D
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-operations
You plan to deploy an application named App1 that will run on five Azure virtual machines.
Additional virtual machines will be deployed later to run App1.
You need to recommend a solution to meet the following requirements for the virtual machines that will run App1:
Ensure that the virtual machines can authenticate to Azure Active Directory (Azure AD) to gain access to
an Azure key vault, Azure Logic Apps instances, and an Azure SQL database.
Avoid assigning new roles and permissions for Azure services when you deploy additional virtual machines.
Avoid storing secrets and certificates on the virtual machines.
Which type of identity should you include in the recommendation?
- A . a service principal that is configured to use a certificate
- B . a system-assigned managed identity
- C . a service principal that is configured to use a client secret
- D . a user-assigned managed identity
D
Explanation:
Managed identities for Azure resources is a feature of Azure Active Directory.
User-assigned managed identity can be shared. The same user-assigned managed identity can be associated with more than one Azure resource.
Incorrect Answers:
B: System-assigned managed identity cannot be shared. It can only be associated with a single Azure resource.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview