Deploying and Configuring Azure Resources, Exams of Computer Science

Various azure services and configurations, including azure virtual machines, azure kubernetes service, azure active directory, azure firewall, azure sql database, azure service bus, and azure migrate. It addresses topics such as network connectivity, security, data storage, and high-performance computing. Solutions to common azure deployment and management challenges, ensuring compliance with company policies and meeting specific requirements. It covers a wide range of azure services and features, making it a valuable resource for azure administrators, architects, and developers who need to design and implement robust azure-based solutions.

Typology: Exams

2024/2025

Available from 10/03/2024

Academician
Academician 🇺🇸

3.8

(21)

5K documents

1 / 6

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
AZ-305 Complete Questions And Answers With Verified Tests
Your company has users who work remotely from laptops. You plan to move some of
the applications accessed by the remote users to Azure virtual machines. The users will
access the applications in Azure by using a point-to-site VPN connection. You will use
certificates generated from an on-premises-based Certification authority (CA). You need
to recommend which certificates are required for the deployment. What should you
include in the recommendation? ✔✔Trusted Root Certification Authorities Certificate
store on each laptop: A root certificate that has the public key only
The users Personal store on each laptop: A user certificate that has the private key
The Azure VPN gateway: A user certificate that has the public key only
You are designing a large Azure environment that will contain many subscriptions. You
plan to use Azure Policy as part of a governance solution. To which three scopes can
you assign Azure Policy definitions? ✔✔A. management groups
B. subscriptions
D. resource groups
You are designing a micro services architecture that will be hosted in an Azure
Kubernetes Service (AKS) cluster. Apps that will consume the microservices will be
hosted on Azure virtual machines. The virtual machines and the AKS cluster will reside
on the same virtual network. You need to design a solution to expose the microservices
to the consumer apps. The solution must meet the following requirements: Ingress
access to the microservices must be restricted to a single private IP address and
protected by using mutual TLS authentication. The number of incoming microservice
calls must be rate-limited. ✔✔B. Azure API Management Premium tier with virtual
network connection
You have an Azure Active Directory (Azure AD) tenant that syncs with an on-premises
Active Directory domain. You have an internal web app named WebApp1 that is hosted
on-premises. WebApp1 uses Integrated Windows authentication. Some users work
remotely and do NOT have VPN access to the on-premises network. You need to
provide the remote users with single sign-on (SSO) access to WebApp1.Which two
features should you include in the solution? Each correct answer presents part of the
solution. ✔✔A. Azure AD Application Proxy
E. Azure AD enterprise applications
Note:
Your company deploys several virtual machines on-premises and to Azure.
ExpressRoute is being deployed and configured for on-premises to Azure connectivity.
Several virtual machines exhibit network connectivity issues. You need to analyze the
network traffic to identify whether packets are being allowed or denied to the virtual
machines. ✔✔Solution: Use Azure Network Watcher to run IP flow verify to analyze the
network traffic.
pf3
pf4
pf5

Partial preview of the text

Download Deploying and Configuring Azure Resources and more Exams Computer Science in PDF only on Docsity!

AZ- 305 Complete Questions And Answers With Verified Tests

Your company has users who work remotely from laptops. You plan to move some of the applications accessed by the remote users to Azure virtual machines. The users will access the applications in Azure by using a point-to-site VPN connection. You will use certificates generated from an on-premises-based Certification authority (CA). You need to recommend which certificates are required for the deployment. What should you include in the recommendation? ✔✔Trusted Root Certification Authorities Certificate store on each laptop: A root certificate that has the public key only The users Personal store on each laptop: A user certificate that has the private key The Azure VPN gateway: A user certificate that has the public key only You are designing a large Azure environment that will contain many subscriptions. You plan to use Azure Policy as part of a governance solution. To which three scopes can you assign Azure Policy definitions? ✔✔A. management groups B. subscriptions D. resource groups You are designing a micro services architecture that will be hosted in an Azure Kubernetes Service (AKS) cluster. Apps that will consume the microservices will be hosted on Azure virtual machines. The virtual machines and the AKS cluster will reside on the same virtual network. You need to design a solution to expose the microservices to the consumer apps. The solution must meet the following requirements:✑ Ingress access to the microservices must be restricted to a single private IP address and protected by using mutual TLS authentication.✑ The number of incoming microservice calls must be rate-limited. ✔✔B. Azure API Management Premium tier with virtual network connection You have an Azure Active Directory (Azure AD) tenant that syncs with an on-premises Active Directory domain. You have an internal web app named WebApp1 that is hosted on-premises. WebApp1 uses Integrated Windows authentication. Some users work remotely and do NOT have VPN access to the on-premises network. You need to provide the remote users with single sign-on (SSO) access to WebApp1.Which two features should you include in the solution? Each correct answer presents part of the solution. ✔✔A. Azure AD Application Proxy E. Azure AD enterprise applications Note: Your company deploys several virtual machines on-premises and to Azure. ExpressRoute is being deployed and configured for on-premises to Azure connectivity. Several virtual machines exhibit network connectivity issues. You need to analyze the network traffic to identify whether packets are being allowed or denied to the virtual machines. ✔✔Solution: Use Azure Network Watcher to run IP flow verify to analyze the network traffic.

You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server 2016 and Linux. You need to use Azure Monitor to design an alerting strategy for security-related events. Which Azure Monitor Logs tables should you query? To answer, drag the appropriate tables to the correct log types. Each table may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. ✔✔Evnets from Windows Event Logs: Event Events from Linux System Logging: Syslog You are designing a large Azure environment that will contain many subscriptions.You plan to use Azure Policy as part of a governance solution.To which three scopes can you assign Azure Policy definitions? Each correct answer presents a complete solution. ✔✔C. subscriptions E. resource groups F. management groups You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager (ARM) resource deployments in your Azure subscription. What should you include in the recommendation? ✔✔A. Azure Activity Log You have 100 servers that run Windows Server 2012 R2 and host Microsoft SQL Server 2014 instances. The instances host databases that have the following characteristics:✑ Stored procedures are implemented by using CLR.✑ The largest database is currently 3 TB. None of the databases will ever exceed 4 TB.You plan to move all the data from SQL Server to Azure.You need to recommend a service to host the databases. The solution must meet the following requirements:✑ Whenever possible, minimize management overhead for the migrated databases.✑ Ensure that users can authenticate by using Azure Active Directory (Azure AD) credentials.✑ Minimize the number of database changes required to facilitate the migration.What should you include in the recommendation? ✔✔B. Azure SQL Managed Instance You have an Azure subscription that contains an Azure Blob Storage account named store1.You have an on-premises file server named Server1 that runs Windows Server

  1. Server1 stores 500 GB of company files.You need to store a copy of the company files from Server1 in store1.Which two possible Azure services achieve this goal? Each correct answer presents a complete solution. ✔✔B. an Azure Import/Export job C. Azure Data Factory You have an Azure subscription that contains two applications named App1 and App2. App1 is a sales processing application. When a transaction in App1 requires shipping, a message is added to an Azure Storage account queue, and then App2 listens to the queue for relevant transactions.In the future, additional applications will be added that will process some of the shipping requests based on the specific details of the transactions.You need to recommend a replacement for the storage account queue to ensure that each additional application will be able to read the relevant transactions.What should you recommend? ✔✔Azure Service Bus topic

✑ Ingress access to the microservices must be restricted to a single private IP address and protected by using mutual TLS authentication.✑ The number of incoming microservice calls must be rate-limited. ✑ Costs must be minimized. What should you include in the solution? ✔✔D. Azure API Management Premium tier with virtual network connection Note: Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network.You need to enable single sign-on (SSO) for company users. ✔✔Solution: Install and configure an Azure AD Connect server to use password hash synchronization and select the Enable single sign-on option. Solution: Install and configure an Azure AD Connect server to use pass-through authentication and select the Enable single sign-on option. You need to design a storage solution for an app that will store large amounts of frequently used data. The solution must meet the following requirements:✑ Maximize data throughput.✑ Prevent the modification of data for one year.✑ Minimize latency for read and write operations.Which Azure Storage account type and storage service should you recommend? ✔✔Storage account Type: SV2 With Preminum Storage Service: Blob You plan to move a web app named App1 from an on-premises datacenter to Azure.App1 depends on a custom COM component that is installed on the host server. You need to recommend a solution to host App1 in Azure. The solution must meet the following requirements: App1 must be available to users if an Azure datacenter becomes unavailable. Costs must be minimized. What should you include in the recommendation? ✔✔C. Deploy a load balancer and a virtual machine scale set across two availability zone You have an Azure subscription that contains a Basic Azure virtual WAN named VirtualWAN1 and the virtual hubs shown in the following table. You have an ExpressRoute circuit in the US East Azure region. You need to create an ExpressRoute association to VirtualWAN1.What should you do first? ✔✔A. Upgrade VirtualWAN1 to Standard. You have an Azure subscription that contains a storage account.An application sometimes writes duplicate files to the storage account.You have a PowerShell script that identifies and deletes duplicate files in the storage account. Currently, the script is run manually after approval from the operations manager.You need to recommend a serverless solution that performs the following actions:✑ Runs the script once an hour to identify whether duplicate files exist✑ Sends an email notification to the operations

manager requesting approval to delete the duplicate files✑ Processes an email response from the operations manager specifying whether the deletion was approved✑ Runs the script if the deletion was approved What should you include in the recommendation? ✔✔B. Azure Logic Apps and Azure Functions The on-premises Active Directory domain syncs with Azure Active Directory (Azure AD).Server1 runs an application named App1 that uses LDAP queries to verify user identities in the on-premises Active Directory domain.You plan to migrate Server1 to a virtual machine in Subscription1.A company security policy states that the virtual machines and services deployed to Subscription1 must be prevented from accessing the on-premises network.You need to recommend a solution to ensure that App continues to function after the migration. The solution must meet the security policy.What should you include in the recommendation? ✔✔D. Azure AD Domain Services (Azure AD DS) You need to design a solution that will execute custom C# code in response to an event routed to Azure Event Grid. The solution must meet the following requirements:✑ The executed code must be able to access the private IP address of a Microsoft SQL Server instance that runs on an Azure virtual machine.✑ Costs must be minimized. What should you include in the solution? ✔✔B. Azure Functions in the Premium plan You have an on-premises network and an Azure subscription. The on-premises network has several branch offices. A branch office in Toronto contains a virtual machine named VM1 that is configured as a file server. Users access the shared files on VM1 from all the offices. You need to recommend a solution to ensure that the users can access the shared files as quickly as possible if the Toronto branch office is inaccessible. What should you include in the recommendation? ✔✔D. an Azure file share and Azure File Sync You are designing a microservices architecture that will be hosted in an Azure Kubernetes Service (AKS) cluster. Apps that will consume the microservices will be hosted on Azure virtual machines. The virtual machines and the AKS cluster will reside on the same virtual network.You need to design a solution to expose the microservices to the consumer apps. The solution must meet the following requirements:✑ Ingress access to the microservices must be restricted to a single private IP address and protected by using mutual TLS authentication.✑ The number of incoming microservice calls must be rate-limited.✑ Costs must be minimized.What should you include in the solution? ✔✔D. Azure API Management Premium tier with virtual network connection Hide Solution You have a .NET web service named Service1 that has the following requirements:✑ Must read and write temporary files to the local file system.✑ Must write to the Application event log.You need to recommend a solution to host Service1 in Azure. The solution must meet the following requirements:✑ Minimize maintenance overhead.✑