AZ-305試験無料問題集「Microsoft Designing Microsoft Azure Infrastructure Solutions 認定」
How should the migrated databases DB1 and DB2 be implemented in Azure?
正解:
Explanation:
Box 1: SQL Managed Instance
Scenario: Once migrated to Azure, DB1 and DB2 must meet the following requirements:
* Maintain availability if two availability zones in the local Azure region fail.
* Fail over automatically.
* Minimize I/O latency.
The auto-failover groups feature allows you to manage the replication and failover of a group of databases on a server or all databases in a managed instance to another region. It is a declarative abstraction on top of the existing active geo-replication feature, designed to simplify deployment and management of geo-replicated databases at scale. You can initiate a geo-failover manually or you can delegate it to the Azure service based on a user-defined policy. The latter option allows you to automatically recover multiple related databases in a secondary region after a catastrophic failure or other unplanned event that results in full or partial loss of the SQL Database or SQL Managed Instance availability in the primary region.
Box 2: Business critical
SQL Managed Instance is available in two service tiers:
General purpose: Designed for applications with typical performance and I/O latency requirements.
Business critical: Designed for applications with low I/O latency requirements and minimal impact of underlying maintenance operations on the workload.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/auto-failover-group-overview
https://docs.microsoft.com/en-us/azure/azure-sql/managed-instance/sql-managed-instance-paas-overview
Topic 2, Fabrikam inc Case Study A
Overview:
Existing Environment
Fabrikam, Inc. is an engineering company that has offices throughout Europe. The company has a main office in London and three branch offices in Amsterdam Berlin, and Rome.
Active Directory Environment:
The network contains two Active Directory forests named corp.fabnkam.com and rd.fabrikam.com. There are no trust relationships between the forests. Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication. Rd.fabrikam.com is used by the research and development (R&D) department only. The R&D department is restricted to using on-premises resources only.
Network Infrastructure:
Each office contains at least one domain controller from the corp.fabrikam.com domain. The main office contains all the domain controllers for the rd.fabrikam.com forest.
All the offices have a high-speed connection to the Internet.
An existing application named WebApp1 is hosted in the data center of the London office. WebApp1 is used by customers to place and track orders. WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.
The IT department currently uses a separate Hyper-V environment to test updates to WebApp1.
Fabrikam purchases all Microsoft licenses through a Microsoft Enterprise Agreement that includes Software Assurance.
Problem Statement:
The use of Web App1 is unpredictable. At peak times, users often report delays. At other times, many resources for WebApp1 are underutilized.
Requirements:
Planned Changes:
Fabrikam plans to move most of its production workloads to Azure during the next few years.
As one of its first projects, the company plans to establish a hybrid identity model, facilitating an upcoming Microsoft Office 365 deployment All R&D operations will remain on-premises.
Fabrikam plans to migrate the production and test instances of WebApp1 to Azure.
Technical Requirements:
Fabrikam identifies the following technical requirements:
* Web site content must be easily updated from a single point.
* User input must be minimized when provisioning new app instances.
* Whenever possible, existing on premises licenses must be used to reduce cost.
* Users must always authenticate by using their corp.fabrikam.com UPN identity.
* Any new deployments to Azure must be redundant in case an Azure region fails.
* Whenever possible, solutions must be deployed to Azure by using platform as a service (PaaS).
* An email distribution group named IT Support must be notified of any issues relating to the directory synchronization services.
* Directory synchronization between Azure Active Directory (Azure AD) and corp.fabhkam.com must not be affected by a link failure between Azure and the on premises network.
Database Requirements:
Fabrikam identifies the following database requirements:
* Database metrics for the production instance of WebApp1 must be available for analysis so that database administrators can optimize the performance settings.
* To avoid disrupting customer access, database downtime must be minimized when databases are migrated.
* Database backups must be retained for a minimum of seven years to meet compliance requirement Security Requirements:
Fabrikam identifies the following security requirements:
*Company information including policies, templates, and data must be inaccessible to anyone outside the company
*Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.
*Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials.
*All administrative access to the Azure portal must be secured by using multi-factor authentication.
*The testing of WebApp1 updates must not be visible to anyone outside the company.
You have a resource group named RG1 that contains the objects shown in the following table.
You need to configure permissions so that App1 can copy all the secrets from KV1 to KV2. App1 currently has the Get permission for the secrets in KV1.
Which additional permissions should you assign to App1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure permissions so that App1 can copy all the secrets from KV1 to KV2. App1 currently has the Get permission for the secrets in KV1.
Which additional permissions should you assign to App1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: List
Get: Gets the specified Azure key vault.
List: The List operation gets information about the vaults associated with the subscription.
Box 2: Create
Create Or Update: Create or update a key vault in the specified subscription.
Reference:
https://docs.microsoft.com/en-us/rest/api/keyvault/
You have an Azure web app named App1 and an Azure key vault named KV1.
App1 stores database connection strings in KV1.
App1 performs the following types of requests to KV1:
* Get
* List
* Wrap
* Delete
* Unwrap
* Backup
* Decrypt
* Encrypt
You are evaluating the continuity of service for App1.
You need to identify the following if the Azure region that hosts KV1 becomes unavailable:
* To where will KV1 fail over?
* During the failover, which request type will be unavailable?
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
App1 stores database connection strings in KV1.
App1 performs the following types of requests to KV1:
* Get
* List
* Wrap
* Delete
* Unwrap
* Backup
* Decrypt
* Encrypt
You are evaluating the continuity of service for App1.
You need to identify the following if the Azure region that hosts KV1 becomes unavailable:
* To where will KV1 fail over?
* During the failover, which request type will be unavailable?
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Explanation:
Box 1: A server in the same paired region
The contents of your key vault are replicated within the region and to a secondary region at least 150 miles away, but within the same geography to maintain high durability of your keys and secrets.
Box 2: Delete
During failover, your key vault is in read-only mode. Requests that are supported in this mode are:
* List certificates
* Get certificates
* List secrets
* Get secrets
* List keys
* Get (properties of) keys
* Encrypt
* Decrypt
* Wrap
* Unwrap
* Verify
* Sign
* Backup
ence:
https://docs.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidance
You plan to deploy an app that will use an Azure Storage account.
You need to deploy the storage account. The solution must meet the following requirements:
* Store the data of multiple users.
* Encrypt each user's data by using a separate key.
* Encrypt all the data in the storage account by using Microsoft keys or customer-managed keys.
What should you deploy?
You need to deploy the storage account. The solution must meet the following requirements:
* Store the data of multiple users.
* Encrypt each user's data by using a separate key.
* Encrypt all the data in the storage account by using Microsoft keys or customer-managed keys.
What should you deploy?
正解:B
解答を投票する
You have an on-premises network that uses on IP address space of 172.16.0.0/16 You plan to deploy 25 virtual machines to a new azure subscription.
You identity the following technical requirements.
* All Azure virtual machines must be placed on the same subnet subnet1.
* All the Azure virtual machines must be able to communicate with all on premises severs.
* The servers must be able to communicate between the on-premises network and Azure by using a site to site VPN.
You need to recommend a subnet design that meets the technical requirements.
What should you include in the recommendation? To answer, drag the appropriate network addresses to the correct subnet. Each network address may be used once, more than once or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You identity the following technical requirements.
* All Azure virtual machines must be placed on the same subnet subnet1.
* All the Azure virtual machines must be able to communicate with all on premises severs.
* The servers must be able to communicate between the on-premises network and Azure by using a site to site VPN.
You need to recommend a subnet design that meets the technical requirements.
What should you include in the recommendation? To answer, drag the appropriate network addresses to the correct subnet. Each network address may be used once, more than once or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have an Azure subscription.
You plan to deploy a monitoring solution that will include the following:
* Azure Monitor Network Insights
* Application Insights
* Microsoft Sentinel
* VM insights
The monitoring solution will be managed by a single team.
What is the minimum number of Azure Monitor workspaces required?
You plan to deploy a monitoring solution that will include the following:
* Azure Monitor Network Insights
* Application Insights
* Microsoft Sentinel
* VM insights
The monitoring solution will be managed by a single team.
What is the minimum number of Azure Monitor workspaces required?
正解:B
解答を投票する
You have an on-premises datacenter named Site1. Site1 contains a VMware vSphere cluster named Cluster1 that hosts 100 virtual machines. Cluster1 is managed by using VMware vCenter.
You have an Azure subscription named Sub1.
You plan to migrate the virtual machines from Cluster1 to Sub1.
You need to identify which resources are required to run the virtual machines in Azure. The solution must minimize administrative effort.
What should you configure? To answer, drag the appropriate resources to the correct targets. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have an Azure subscription named Sub1.
You plan to migrate the virtual machines from Cluster1 to Sub1.
You need to identify which resources are required to run the virtual machines in Azure. The solution must minimize administrative effort.
What should you configure? To answer, drag the appropriate resources to the correct targets. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You are planning an Azure Storage solution for sensitive data. The data will be accessed daily. The data set is less than 10 GB.
You need to recommend a storage solution that meets the following requirements:
* All the data written to storage must be retained for five years.
* Once the data is written, the data can only be read. Modifications and deletion must be prevented.
* After five years, the data can be deleted, but never modified.
* Data access charges must be minimized
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to recommend a storage solution that meets the following requirements:
* All the data written to storage must be retained for five years.
* Once the data is written, the data can only be read. Modifications and deletion must be prevented.
* After five years, the data can be deleted, but never modified.
* Data access charges must be minimized
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: General purpose v2 with Archive acce3ss tier for blobs
Archive - Optimized for storing data that is rarely accessed and stored for at least 180 days with flexible latency requirements, on the order of hours.
Cool - Optimized for storing data that is infrequently accessed and stored for at least 30 days.
Hot - Optimized for storing data that is accessed frequently.
Box 2: Storage account resource lock
As an administrator, you can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. The lock overrides any permissions the user might have.
Note: You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.
* CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource.
* ReadOnly means authorized users can read a resource, but they can't delete or update the resource.
Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers
You have an app that generates 50,000 events daily.
You plan to Stream the events to an Azure event hub and use Event Hubs Capture to implement cold path processing Of the events Output Of Event Hubs Capture will be consumed by a reporting system.
You reed to identify which type of Azure storage must be provisioned to support Event Hubs Capture, and which inbound data format the reporting system must support.
What should you identity? To answer. select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You plan to Stream the events to an Azure event hub and use Event Hubs Capture to implement cold path processing Of the events Output Of Event Hubs Capture will be consumed by a reporting system.
You reed to identify which type of Azure storage must be provisioned to support Event Hubs Capture, and which inbound data format the reporting system must support.
What should you identity? To answer. select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server
2022 and Linux.
You need to use Azure Monitor to design an alerting strategy for security-related events.
Which Azure Monitor Logs tables should you query? To answer, drag the appropriate tables to the correct log types. Each table may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
2022 and Linux.
You need to use Azure Monitor to design an alerting strategy for security-related events.
Which Azure Monitor Logs tables should you query? To answer, drag the appropriate tables to the correct log types. Each table may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
正解:
Explanation:
You are designing a cost-optimized solution that uses Azure Batch to run two types of jobs on Linux nodes.
The first job type will consist of short-running tasks for a development environment. The second job type will consist of long-running Message Passing Interface (MPI) applications for a production environment that requires timely job completion.
You need to recommend the pool type and node type for each job type. The solution must minimize compute charges and leverage Azure Hybrid Benefit whenever possible.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
The first job type will consist of short-running tasks for a development environment. The second job type will consist of long-running Message Passing Interface (MPI) applications for a production environment that requires timely job completion.
You need to recommend the pool type and node type for each job type. The solution must minimize compute charges and leverage Azure Hybrid Benefit whenever possible.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
The accounting department at your company migrates to a new financial accounting software. The accounting department must keep file-based database backups for seven years for compliance purposes. It is unlikely that the backups will be used to recover data.
You need to move the backups to Azure. The solution must minimize costs.
Where should you store the backups?
You need to move the backups to Azure. The solution must minimize costs.
Where should you store the backups?
正解:C
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You manage a database environment for a Microsoft Volume Licensing customer named Contoso, Ltd.
Contoso uses License Mobility through Software Assurance.
You need to deploy 50 databases. The solution must meet the following requirements:
* Support automatic scaling.
* Minimize Microsoft SQL Server licensing costs.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Contoso uses License Mobility through Software Assurance.
You need to deploy 50 databases. The solution must meet the following requirements:
* Support automatic scaling.
* Minimize Microsoft SQL Server licensing costs.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: vCore
Virtual core (vCore)-based purchasing model (recommended). This purchasing model provides a choice between a provisioned compute tier and a serverless compute tier. With the provisioned compute tier, you choose the exact amount of compute resources that are always provisioned for your workload. With the serverless compute tier, you specify the autoscaling of the compute resources over a configurable compute range Box 2: An Azure SQL Database Elastic pool Azure SQL Database provides the following deployment options for a database:
* Single database represents a fully managed, isolated database.
* Elastic pool is a collection of single databases with a shared set of resources, such as CPU or memory.
Single databases can be moved into and out of an elastic pool.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/purchasing-models
You have 15 on-premises Hyper-V virtual machines.
You have an Azure subscription that contains an Azure Migrate project named Project 1.
You need to assess the virtual machines for migration to Azure by using Project 1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure subscription that contains an Azure Migrate project named Project 1.
You need to assess the virtual machines for migration to Azure by using Project 1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation:
1. Download the VHD of the Azure Migrate appliance.
2. Create an appliance virtual machine.
3. Configure the virtual machine for the appliance.
4. Register the virtual machine for the appliance.
* Step 1: You need to get the VHD of the Azure Migrate appliance.
* Step 2: Use this VHD to create a new virtual machine, which will serve as the appliance.
* Step 3: Configure the appliance VM with the appropriate settings.
* Step 4: Register the appliance with the Azure Migrate project so it can discover the on-premises Hyper- V virtual machines.
You need to design an architecture to capture the creation of users and the assignment of roles. The captured data must be stored in Azure Cosmos DB.
Which Azure services should you include in the design? To answer, drag the appropriate services to the correct targets. Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Which Azure services should you include in the design? To answer, drag the appropriate services to the correct targets. Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
1. AAD audit log -> Event Hub (other two choices, LAW, storage, but not available in this question)
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-azure-monitor-stream- logs-to-event-hub
2. Azure function has the Event hub trigger and Cosmos output binding
a. Event Hub trigger for function
https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-event-hubs-trigger?tabs=csharp
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Install and configure the Microsoft Monitoring Agent and the Dependency Agent on all VMs. Use the Wire Data solution in Azure Monitor to analyze the network traffic.
Does the solution meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Install and configure the Microsoft Monitoring Agent and the Dependency Agent on all VMs. Use the Wire Data solution in Azure Monitor to analyze the network traffic.
Does the solution meet the goal?
正解:A
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
Your company has offices in New York City, Sydney, Paris, and Johannesburg.
The company has an Azure subscription.
You plan to deploy a new Azure networking solution that meets the following requirements:
* Connects to ExpressRoute circuits in the Azure regions of East US, Southeast Asia, North Europe, and South Africa
* Minimizes latency by supporting connections in three regions
* Supports Site-to-Site VPN connections
* Minimizes costs
You need to identify the minimum number of Azure Virtual WAN hubs that you must deploy, and which virtual WAN SKU to use. What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
The company has an Azure subscription.
You plan to deploy a new Azure networking solution that meets the following requirements:
* Connects to ExpressRoute circuits in the Azure regions of East US, Southeast Asia, North Europe, and South Africa
* Minimizes latency by supporting connections in three regions
* Supports Site-to-Site VPN connections
* Minimizes costs
You need to identify the minimum number of Azure Virtual WAN hubs that you must deploy, and which virtual WAN SKU to use. What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
