AZ-305試験無料問題集「Microsoft Designing Microsoft Azure Infrastructure Solutions 認定」
Hotspot Question
You have an Azure subscription.
You need to deploy a relational database. The solution must meet the following requirements:
- Support multiple read-only replicas.
- Automatically load balance read-only requests across all the read-
only replicas.
- Minimize administrative effort
What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure subscription.
You need to deploy a relational database. The solution must meet the following requirements:
- Support multiple read-only replicas.
- Automatically load balance read-only requests across all the read-
only replicas.
- Minimize administrative effort
What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

Hotspot Question
You have an Azure subscription named Sub1 that is linked to an Azure AD tenant named contoso.com.
You plan to implement two ASP.NET Core apps named App1 and App2 that will be deployed to
100 virtual machines in Sub1. Users will sign in to App1 and App2 by using their contoso.com credentials.
App1 requires read permissions to access the calendar of the signed-in user. App2 requires write permissions to access the calendar of the signed-in user.
You need to recommend an authentication and authorization solution for the apps. The solution must meet the following requirements:
- Use the principle of least privilege.
- Minimize administrative effort.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure subscription named Sub1 that is linked to an Azure AD tenant named contoso.com.
You plan to implement two ASP.NET Core apps named App1 and App2 that will be deployed to
100 virtual machines in Sub1. Users will sign in to App1 and App2 by using their contoso.com credentials.
App1 requires read permissions to access the calendar of the signed-in user. App2 requires write permissions to access the calendar of the signed-in user.
You need to recommend an authentication and authorization solution for the apps. The solution must meet the following requirements:
- Use the principle of least privilege.
- Minimize administrative effort.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

Explanation:
Important point here is that both apps are deployed to the same machines. So Managed identitied will violate the principle of least privelege. As a user/system managed identity will have to be assigned both read and write permission to user's calendar.
App registeration will provide ability to use the service principal per app to set the correct permission required for the app.
Use delegated permissions to access user's data as admin allowed/forces users to delegate the permission to the app.
Hotspot Question
You have an Azure App Service web app that uses a system-assigned managed identity.
You need to recommend a solution to store their settings of the web app as secrets in an Azure key vault.
The solution must meet the following requirements:
- Minimize changes to the app code,
- Use the principle of least privilege.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.

You have an Azure App Service web app that uses a system-assigned managed identity.
You need to recommend a solution to store their settings of the web app as secrets in an Azure key vault.
The solution must meet the following requirements:
- Minimize changes to the app code,
- Use the principle of least privilege.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.

正解:

Explanation:
Box 1: Key Vault references in Application settings
Source Application Settings from Key Vault.
Key Vault references can be used as values for Application Settings, allowing you to keep secrets in Key Vault instead of the site config. Application Settings are securely encrypted at rest, but if you need secret management capabilities, they should go into Key Vault.
To use a Key Vault reference for an app setting, set the reference as the value of the setting.
Your app can reference the secret through its key as normal. No code changes are required.
Box 2: Secrets: Get
In order to read secrets from Key Vault, you need to have a vault created and give your app permission to access it.
1. Create a key vault by following the Key Vault quickstart.
2. Create a managed identity for your application.
3. Key Vault references will use the app's system assigned identity by default, but you can specify a user-assigned identity.
4. Create an access policy in Key Vault for the application identity you created earlier. Enable the "Get" secret permission on this policy.
References:
https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references
Hotspot Question
You have an Azure subscription that contains the resources shown in the following table.

VNet1, VNet2, and VNet3 each has multiple virtual machines connected. The virtual machines use the Azure DNS service for name resolution.
You need to recommend an Azure Monitor log routing solution that meets the following requirements:
- Ensures that the logs collected from the virtual machines and sent to Workspace1 are routed over the Microsoft backbone network
- Minimizes administrative effort
What should you include in the recommendation? To answer, select the appropriate options in the answer area.

You have an Azure subscription that contains the resources shown in the following table.

VNet1, VNet2, and VNet3 each has multiple virtual machines connected. The virtual machines use the Azure DNS service for name resolution.
You need to recommend an Azure Monitor log routing solution that meets the following requirements:
- Ensures that the logs collected from the virtual machines and sent to Workspace1 are routed over the Microsoft backbone network
- Minimizes administrative effort
What should you include in the recommendation? To answer, select the appropriate options in the answer area.

正解:

You have an Azure subscription that contains an Azure Kubernetes Service (AKS) instance named AKS1. AKS1 hosts microservice-based APIs that are configured to listen on non-default HTTP ports.
You plan to deploy a Standard tier Azure API Management instance named APIM1 that will make the APIs available to external users.
You need to ensure that the AKS1 APIs are accessible to APIM1. The solution must meet the following requirements:
- Implement MTLS authentication between APIM1 and AKS1.
- Minimize development effort.
- Minimize costs.
What should you do?
You plan to deploy a Standard tier Azure API Management instance named APIM1 that will make the APIs available to external users.
You need to ensure that the AKS1 APIs are accessible to APIM1. The solution must meet the following requirements:
- Implement MTLS authentication between APIM1 and AKS1.
- Minimize development effort.
- Minimize costs.
What should you do?
正解:D
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
Hotspot Question
You have several Azure App Service web apps that use Azure Key Vault to store data encryption keys.
Several departments have the following requests to support the web app:

Which service should you recommend for each department's request? To answer, configure the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have several Azure App Service web apps that use Azure Key Vault to store data encryption keys.
Several departments have the following requests to support the web app:

Which service should you recommend for each department's request? To answer, configure the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

Explanation:
Box 1: Azure AD Privileged Identity Management
Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Here are some of the key features of Privileged Identity Management:
- Provide just-in-time privileged access to Azure AD and Azure resources
- Assign time-bound access to resources using start and end dates
- Require approval to activate privileged roles
- Enforce multi-factor authentication to activate any role
- Use justification to understand why users activate
- Get notifications when privileged roles are activated
- Conduct access reviews to ensure users still need roles
- Download audit history for internal or external audit
- Prevents removal of the last active Global Administrator role assignment Box 2: Azure Managed Identity Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. Applications may use the managed identity to obtain Azure AD tokens. With Azure Key Vault, developers can use managed identities to access resources. Key Vault stores credentials in a secure manner and gives access to storage accounts.
Box 3: Azure AD Privileged Identity Management
Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Here are some of the key features of Privileged Identity Management:
- Provide just-in-time privileged access to Azure AD and Azure resources
- Assign time-bound access to resources using start and end dates
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
You plan to deploy an Azure BareMetal Infrastructure instance that will host the data tier of a business-critical workload. The application tier of the workload will be hosted on Azure virtual machines.
You need to configure the virtual machines to minimize network latency between the application tier and the data tier.
What should you use?
You need to configure the virtual machines to minimize network latency between the application tier and the data tier.
What should you use?
正解:A
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
Hotspot Question
You have the Azure resources shown in the following table.

You need to recommend a virtual network management solution that uses Azure Virtual Network Manager. The solution must meet the following requirements:
- Minimize the number of network managers.
- Minimize administrative effort when assigning the network group
membership.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have the Azure resources shown in the following table.

You need to recommend a virtual network management solution that uses Azure Virtual Network Manager. The solution must meet the following requirements:
- Minimize the number of network managers.
- Minimize administrative effort when assigning the network group
membership.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

Explanation:
Box 1: 1
Cross-tenant support in Azure Virtual Network Manager
Cross-tenant supports allow organizations to use a central Network Manager instance for managing virtual networks across different tenants and subscriptions.
Box 2: Azure Policy
Minimize administrative effort when assigning the network group membership.
After you deploy the Virtual Network Manager instance, you create a network group, which serves as a logical container of networking resources to apply configurations at scale. You can manually select individual virtual networks to be added to your network group, known as static membership. Or you can use *Azure Policy* to define conditions that govern your group membership dynamically, or dynamic membership.
Reference:
https://learn.microsoft.com/en-us/azure/virtual-network-manager/concept-cross-tenant
https://learn.microsoft.com/en-us/azure/virtual-network-manager/overview
Drag and Drop Question
You have an Azure subscription.
You are planning the development of two Azure applications as shown in the following table.

You need to configure diagnostic settings and ensure logs are routed to the correct destination for each application.
What destination should you use for each application? To answer, drag the appropriate destinations to the correct applications. Each solution may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

You have an Azure subscription.
You are planning the development of two Azure applications as shown in the following table.

You need to configure diagnostic settings and ensure logs are routed to the correct destination for each application.
What destination should you use for each application? To answer, drag the appropriate destinations to the correct applications. Each solution may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

正解:

Drag and Drop Question
Your company designs an application based on the Azure microservices architecture that will:
- Receive up to thousands of events per second from environmental
sensors.
- Submit events in real-time for formatting and pre-processing.
- Ignore missed or improperly formatted data without interrupting the
stream.
- Write formatted event data to a Cosmos DB database.
The number of events per second can vary widely.
You need to determine which Azure services are necessary to support the solution. You want to keep costs to a minimum.
Which Azure services should you include? To answer, drag the appropriate services to the correct answer areas. Each service may be used once, more than once, or not at all.

Your company designs an application based on the Azure microservices architecture that will:
- Receive up to thousands of events per second from environmental
sensors.
- Submit events in real-time for formatting and pre-processing.
- Ignore missed or improperly formatted data without interrupting the
stream.
- Write formatted event data to a Cosmos DB database.
The number of events per second can vary widely.
You need to determine which Azure services are necessary to support the solution. You want to keep costs to a minimum.
Which Azure services should you include? To answer, drag the appropriate services to the correct answer areas. Each service may be used once, more than once, or not at all.

正解:

Explanation:
You need to use Azure Event Hubs and Azure Functions in your solution. Azure Event Hubs can receive data for up to millions of events per second and pass them in real-time to your event consumer. In this design, you will use Azure Functions as your event consumer, which will handle the processing and write the data to a Cosmos DB database. Both Event Hubs and Functions automatically scale as the data volume changes.
You should not include Azure Event Grid in your solution. Event Grid is not designed for this type of application. It manages events, but it is not a data pipeline that delivers the event data.
You should not include Azure Service Bus. Service Bus is used for asynchronous message delivery, such as traditional transaction-processing applications. Service Bus does not stream data to a consumer, but instead, it delivers data when polled.
You should not include Azure Logic App in your solution. Logic Apps are designed to help you to schedule, automate, and orchestrate tasks, business processes, and workflows. Therefore, it is not suited to this type of data pipeline requirement.
You should not include Azure Notification Hub. Notification Hub is not used for data streaming or real-time data processing. Notification Hub is a push engine designed to let you send notifications out to any platform and it is not used for application data storage and delivery.
You deploy two instances of an Azure web app. One instance is in the East US Azure region and the other instance is in the West US Azure region. The web app uses Azure Blob storage to deliver large files to end users.
You need to recommend a solution for delivering the files to the users. The solution must meet the following requirements:
- Ensure that the users receive files from the same region as the web app that they access.
- Ensure that the files only need to be updated once.
- Minimize costs.
What should you include in the recommendation?
You need to recommend a solution for delivering the files to the users. The solution must meet the following requirements:
- Ensure that the users receive files from the same region as the web app that they access.
- Ensure that the files only need to be updated once.
- Minimize costs.
What should you include in the recommendation?
正解:B
解答を投票する