AZ-305試験無料問題集「Microsoft Designing Microsoft Azure Infrastructure Solutions 認定」
You need to recommend a solution to integrate Azure Cosmos DB and Azure Synapse. The solution must meet the following requirements:
* Traffic from an Azure Synapse workspace to the Azure Cosmos D8 account must be sent via the Microsoft backbone network.
* Traffic from the Azure Synapse workspace to the Azure Cosmos DB account must NOT be routed over the internet.
* Implementation effort must be minimized.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
* Traffic from an Azure Synapse workspace to the Azure Cosmos D8 account must be sent via the Microsoft backbone network.
* Traffic from the Azure Synapse workspace to the Azure Cosmos DB account must NOT be routed over the internet.
* Implementation effort must be minimized.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You plan to migrate on-premises MySQL databases to Azure Database for MySQL Flexible Server.
You need to recommend a solution for the Azure Database for MySQL Flexible Server configuration. The solution must meet the following requirements:
* The databases must be accessible if a datacenter fails.
* Costs must be minimized.
Which compute tier should you recommend?
You need to recommend a solution for the Azure Database for MySQL Flexible Server configuration. The solution must meet the following requirements:
* The databases must be accessible if a datacenter fails.
* Costs must be minimized.
Which compute tier should you recommend?
正解:B
解答を投票する
You have five Azure subscriptions. Each subscription is linked to a separate Azure AD tenant and contains virtual machines that run Windows Server 2022.
You plan to collect Windows security events from the virtual machines and send them to a single Log Analytics workspace.
You need to recommend a solution that meets the following requirements:
* Collects event logs from multiple subscriptions
* Supports the use of data collection rules (DCRs) to define which events to collect What should you recommend for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You plan to collect Windows security events from the virtual machines and send them to a single Log Analytics workspace.
You need to recommend a solution that meets the following requirements:
* Collects event logs from multiple subscriptions
* Supports the use of data collection rules (DCRs) to define which events to collect What should you recommend for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
正解:
Explanation:
You configure OAuth2 authorization in API Management as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: Web applications
The Authorization Code Grant Type is used by both web apps and native apps to get an access token after a user authorizes an app.
Note: The Authorization Code grant type is used by confidential and public clients to exchange an authorization code for an access token.
After the user returns to the client via the redirect URL, the application will get the authorization code from the URL and use it to request an access token.
Reference:
https://developer.okta.com/blog/2018/04/10/oauth-authorization-code-grant-type
https://connect2id.com/products/server/docs/guides/client-registration
You plan to migrate App1 to Azure.
You need to recommend a network connectivity solution for the Azure Storage account that will host the App1 data. The solution must meet the security and compliance requirements.
What should you include in the recommendation?
You need to recommend a network connectivity solution for the Azure Storage account that will host the App1 data. The solution must meet the security and compliance requirements.
What should you include in the recommendation?
正解:D
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You need to design a highly available Azure SQL database that meets the following requirements:
* Failover between replicas of the database must occur without any data loss.
* The database must remain available in the event of a zone outage.
* Costs must be minimized.
Which deployment option should you use?
* Failover between replicas of the database must occur without any data loss.
* The database must remain available in the event of a zone outage.
* Costs must be minimized.
Which deployment option should you use?
正解:C
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service instances will be deployed at the same time as the Azure SQL databases.
The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region.
You need to recommend a solution to meet the regulatory requirement.
Solution: You recommend using an Azure policy to enforce the resource group location.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service instances will be deployed at the same time as the Azure SQL databases.
The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region.
You need to recommend a solution to meet the regulatory requirement.
Solution: You recommend using an Azure policy to enforce the resource group location.
Does this meet the goal?
正解:B
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have an Azure subscription. The subscription contains 100 virtual machine that am Windows Server.
You need to recommend a solution that will provide monitoring and an audit trail of the following modifications:
* Changes to the Windows registry on the virtual machines
* Changes to the DNS settings of the virtual machines
The solution must minimize administrative effort.
What should you recommend using for each change? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to recommend a solution that will provide monitoring and an audit trail of the following modifications:
* Changes to the Windows registry on the virtual machines
* Changes to the DNS settings of the virtual machines
The solution must minimize administrative effort.
What should you recommend using for each change? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have an Azure subscription that contains a virtual network named VNET1 and 10 virtual machines. The virtual machines are connected to VNET1.
You need to design a solution to manage the virtual machines from the internet. The solution must meet the following requirements:
* Incoming connections to the virtual machines must be authenticated by using Azure Multi-Factor Authentication (MFA) before network connectivity is allowed.
* Incoming connections must use TLS and connect to TCP port 443.
* The solution must support RDP and SSH.
What should you Include In the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to design a solution to manage the virtual machines from the internet. The solution must meet the following requirements:
* Incoming connections to the virtual machines must be authenticated by using Azure Multi-Factor Authentication (MFA) before network connectivity is allowed.
* Incoming connections must use TLS and connect to TCP port 443.
* The solution must support RDP and SSH.
What should you Include In the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
* Provide access to the full .NET framework.
* Provide redundancy if an Azure region fails.
* Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy an Azure virtual machine scale set that uses autoscaling.
Does this meet the goal?
* Provide access to the full .NET framework.
* Provide redundancy if an Azure region fails.
* Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy an Azure virtual machine scale set that uses autoscaling.
Does this meet the goal?
正解:A
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have an Azure subscription that contains multiple storage accounts.
You assign Azure Policy definitions to the storage accounts.
You need to recommend a solution to meet the following requirements:
* Trigger on-demand Azure Policy compliance scans.
* Raise Azure Monitor non-compliance alerts by querying logs collected by Log Analytics.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You assign Azure Policy definitions to the storage accounts.
You need to recommend a solution to meet the following requirements:
* Trigger on-demand Azure Policy compliance scans.
* Raise Azure Monitor non-compliance alerts by querying logs collected by Log Analytics.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
正解:
Explanation:
You plan to deploy an Azure web app named Appl that will use Azure Active Directory (Azure AD) authentication.
App1 will be accessed from the internet by the users at your company. All the users have computers that run Windows 10 and are joined to Azure AD.
You need to recommend a solution to ensure that the users can connect to App1 without being prompted for authentication and can access App1 only from company-owned computers.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
App1 will be accessed from the internet by the users at your company. All the users have computers that run Windows 10 and are joined to Azure AD.
You need to recommend a solution to ensure that the users can connect to App1 without being prompted for authentication and can access App1 only from company-owned computers.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: An Azure AD app registration
Azure active directory (AD) provides cloud based directory and identity management services.You can use azure AD to manage users of your application and authenticate access to your applications using azure active directory.
You register your application with Azure active directory tenant.
Box 2: A conditional access policy
Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action.
By using Conditional Access policies, you can apply the right access controls when needed to keep your organization secure and stay out of your user's way when not needed.
Reference:
https://codingcanvas.com/using-azure-active-directory-authentication-in-your-web-application/
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
https://docs.microsoft.com/en-us/powerapps/developer/data-platform/walkthrough-register-app-azure-active- directory#:~:text=Create%20an%20application%20registration%201%20Create%20an%20application,the%
20options%20and%20click%20on%20Add%20permissions.%20
"After consenting to use their Dataverse account with the ISV's application, end users can connect to Dataverse environment from external application. The consent form is not displayed again to other users after the first user who has already consented to use the ISV's app. Apps registered in Azure Active Directory are multi-tenant, which implies that other Dataverse users from other tenant can connect to their environment using the ISV's app."
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use Azure Network Watcher to run IP flow verify to analyze the network traffic Does the solution meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use Azure Network Watcher to run IP flow verify to analyze the network traffic Does the solution meet the goal?
正解:B
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use the Azure Advisor to analyze the network traffic.
Does the solution meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use the Azure Advisor to analyze the network traffic.
Does the solution meet the goal?
正解:A
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have an Azure subscription.
You plan to deploy two 100-virtual machine deployments as shown in the following table.
You need to recommend a virtual machine grouping solution for the deployments.
What should you include in the recommendation for each deployment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You plan to deploy two 100-virtual machine deployments as shown in the following table.
You need to recommend a virtual machine grouping solution for the deployments.
What should you include in the recommendation for each deployment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have a .NET web service named Service! that performs the following tasks:
* Reads and writes temporary files to the local file system.
* Writes to the Application event log.
You need to recommend a solution to host Service1 in Azure. The solution must meet the following requirements:
* Minimize maintenance overhead.
* Minimize costs.
What should you include in the recommendation?
* Reads and writes temporary files to the local file system.
* Writes to the Application event log.
You need to recommend a solution to host Service1 in Azure. The solution must meet the following requirements:
* Minimize maintenance overhead.
* Minimize costs.
What should you include in the recommendation?
正解:A
解答を投票する
You are designing a software as a service (SaaS) application that will enable Microsoft Entra users to create and publish online surveys. The SaaS application will have a front-end web app and a back-end web API. The web app will rely on the web API to handle updates to customer surveys.
You need to design an authorization flow for the SaaS application. The solution must meet the following requirements:
* To access the back-end web API, the web app must authenticate by using OAuth 2 bearer tokens.
* The web app must authenticate by using the identities of individual users.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct collection is worth one point.
You need to design an authorization flow for the SaaS application. The solution must meet the following requirements:
* To access the back-end web API, the web app must authenticate by using OAuth 2 bearer tokens.
* The web app must authenticate by using the identities of individual users.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct collection is worth one point.
正解:
Explanation:
You plan to deploy multiple instances of an Azure web app across several Azure regions.
You need to design an access solution for the app. The solution must meet the following replication requirements;
* Support rate limiting.
* Balance requests between all instances.
* Ensure that users can access the app in the event of a regional outage.
Solution: You use Azure Traffic Manager to provide access to the app.
Does this meet the goal?
You need to design an access solution for the app. The solution must meet the following replication requirements;
* Support rate limiting.
* Balance requests between all instances.
* Ensure that users can access the app in the event of a regional outage.
Solution: You use Azure Traffic Manager to provide access to the app.
Does this meet the goal?
正解:A
解答を投票する