100%無料Azure Solutions Architect Expert AZ-304問題集PDFお試しサンプル認定ガイドカバー率
PDF試験材料2022年最新の実際に出るAZ-304問題集
Microsoft AZ-304 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
質問 166
Your organization has developed and deployed several Azure App Service Web and API applications. The applications use Azure Key Vault to store several authentication, storage account, and data encryption keys.
Several departments have the following requests to support the applications:
You need to recommend the appropriate Azure service for each department request.
What should you recommend? To answer, configure the appropriate options in the dialog box in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
質問 167
You need to recommend a solution for the users at Contoso to authenticate to the cloud-based services and the Azure AD-integrated applications.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 168
Your company has 20 web APIs that were developed in-house.
The company is developing 10 web apps that will use the web APIs. The web apps and the APIs are registered in the company's Azure Active Directory (Azure AD) tenant. The web APIs are published by using Azure API Management.
You need to recommend a solution to block unauthorized requests originating from the web apps from reaching the web APIs. The solution must meet the following requirements:
* Use Azure AD-generated claims.
* Minimize configuration and management effort.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
1. Azure AD
2. Azure API Management
1. Azure AD
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#gran
2. API Management
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#conf
質問 169
A company has an existing web application that runs on virtual machines (VMs) in Azure.
You need to ensure that the application is protected from SQL injection attempts and uses a layer-7 load balancer. The solution must minimize disruption to the code for the existing web application.
What should you recommend? To answer, drag the appropriate values to the correct items. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Box 1: Azure Application Gateway
Azure Application Gateway provides an application delivery controller (ADC) as a service. It offers various layer 7 load-balancing capabilities for your applications.
Box 2: Web Application Firwewall (WAF)
Application Gateway web application firewall (WAF) protects web applications from common vulnerabilities and exploits.
This is done through rules that are defined based on the OWASP core rule sets 3.0 or 2.2.9.
There are rules that detects SQL injection attacks.
References:
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-faq
https://docs.microsoft.com/en-us/azure/application-gateway/waf-overview
質問 170
You need to recommend a solution for the data store of the historical transaction query system.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 171
You configure OAuth2 authorization in API Management as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Box 1: Web applications
The Authorization Code Grant Type is used by both web apps and native apps to get an access token after a user authorizes an app.
Note: The Authorization Code grant type is used by confidential and public clients to exchange an authorization code for an access token.
After the user returns to the client via the redirect URL, the application will get the authorization code from the URL and use it to request an access token.
Reference:
https://developer.okta.com/blog/2018/04/10/oauth-authorization-code-grant-type
https://connect2id.com/products/server/docs/guides/client-registration
質問 172
You are designing a software as a service (SaaS) application that will enable Azure Active Directory (Azure AD) users to create and publish surveys. The SaaS application will have a front-end web app and a back-end web API. The web app will rely on the web API to handle updates to customer surveys.
You need to design an authorization flow for the SaaS application. The solution must meet the following requirements:
To access the back-end web API, the web app must authenticate by using OAuth 2 bearer tokens.
The web app must authenticate by using the identities of individual users.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
References:
https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-dotnet-webapi
質問 173
You need to recommend a solution for the user at Contoso to authenticate to the cloud-based sconces and the Azure AD-integrated application. What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 174
A company deploys Azure Active Directory (Azure AD) Connect to synchronize identity information from their on-premises Active Directory Domain Services (AD DS) directory to their Azure AD tenant The identity information that is synchronized includes user accounts, credential hashes for authentication (password sync), and group memberships. The company plans to deploy several Windows and Linux virtual machines (VMs) to support their applications.
The VMs have the following requirements:
* Support domain join. LDAP read. LDAP rand. NTLM and Kerberos authentication and Group Policy.
* Allow users to sign in to the domain using their corporate credential and connect remotely to the VM by using Remote Desktop.
You need to support the VM deployment
Which service should you use?
- A. Active Directory Federation Services (AD FS)
- B. Azure AD Domain Services
- C. Azure AD privileged identify Management
- D. Azure Managed identity
正解: B
解説:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/compare-identity-solutions
質問 175
You need to recommend a solution for the network configuration of the front-end tier of the payment processing.
What should you include in the recommendation?
- A. a Basic load Balancer
- B. a Standard Load Balancer
- C. Azure Application Gateway
- D. Traffic Manager
正解: B
解説:
Scenario:
* Ensure that the number of compute nodes of the front-end and the middle tiers of the payment processing system can increase or decrease automatically based on CPU utilization.
* Ensure that each tier of the payment processing system is subject to a Service Level Agreement (SLA) of 99.99 percent availability.
With Azure Load Balancer, you can scale your applications and create high availability for your services. Load Balancer supports inbound and outbound scenarios, provides low latency and high throughput, and scales up to millions of flows for all TCP and UDP applications.
Azure Load Balancer is available in two SKUs: Basic and Standard. There are differences in scale, features, and pricing. Standard SLA guarantees a 99.99% for data path with two healthy virtual machines. Basic SLA does not exist.
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
質問 176
You are designing a message application that will run on an on-premises Ubuntu virtual machine. The application will use Azure Storage queues.
You need to recommend a processing solution for the application to interact with the storage queues. The solution must meet the following requirements:
* Create and delete queues daily.
* Be scheduled by using a CRON job.
* Upload messages every five minutes.
What should developers use to interact with the queues?
- A. Azure CLI
- B. .NET Core
- C. Azure Data Factory
- D. AzCopy
正解: B
解説:
Incorrect Answers:
A: It is not possible to have Linux running in Windows Azure
B: AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.
Reference:
https://docs.microsoft.com/en-us/azure/storage/queues/storage-tutorial-queues Design Infrastructure Testlet 2 Case Study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd, is a US-based financial services company that has a main office in New York and a branch office in San Francisco.
Existing Environment. Payment Processing System
Contoso hosts a business-critical payment processing system in its New York data center. The system has three tiers: a front-end web app, a middle-tier web API, and a back-end data store implemented as a Microsoft SQL Server 2014 database. All servers run Windows Server 2012 R2.
The front-end and middle-tier components are hosted by using Microsoft Internet Information Services (IIS). The application code is written in C# and ASP.NET. The middle-tier API uses the Entity Framework to communicate to the SQL Server database. Maintenance of the database is performed by using SQL Server Agent jobs.
The database is currently 2 TB and is not expected to grow beyond 3 TB.
The payment processing system has the following compliance-related requirements:
* Encrypt data in transit and at rest. Only the front-end and middle-tier components must be able to access the encryption keys that protect the data store.
* Keep backups of the data in two separate physical locations that are at least 200 miles apart and can be restored for up to seven years.
* Support blocking inbound and outbound traffic based on the source IP address, the destination IP address, and the port number.
* Collect Windows security logs from all the middle-tier servers and retain the logs for a period of seven years.
* Inspect inbound and outbound traffic from the front-end tier by using highly available network appliances.
* Only allow all access to all the tiers from the internal network of Contoso.
Tape backups are configured by using an on-premises deployment of Microsoft System Center Data Protection Manager (DPM), and then shipped offsite for long term storage.
Existing Environment. Historical Transaction Query System
Contoso recently migrated a business-critical workload to Azure. The workload contains a .NET web service for querying the historical transaction data residing in Azure Table Storage. The .NET web service is accessible from a client app that was developed in-house and runs on the client computers in the New York office. The data in the table storage is 50 GB and is not expected to increase.
Existing Environment. Current Issues
The Contoso IT team discovers poor performance of the historical transaction query system, as the queries frequently cause table scans.
Requirements. Planned Changes
Contoso plans to implement the following changes:
* Migrate the payment processing system to Azure.
* Migrate the historical transaction data to Azure Cosmos DB to address the performance issues.
Requirements. Migration Requirements
Contoso identifies the following general migration requirements:
* Infrastructure services must remain available if a region or a data center fails. Failover must occur without any administrative intervention.
* Whenever possible, Azure managed services must be used to minimize management overhead.
* Whenever possible, costs must be minimized.
Contoso identifies the following requirements for the payment processing system:
* If a data center fails, ensure that the payment processing system remains available without any administrative intervention. The middle-tier and the web front end must continue to operate without any additional configurations.
* Ensure that the number of compute nodes of the front-end and the middle tiers of the payment processing system can increase or decrease automatically based on CPU utilization.
* Ensure that each tier of the payment processing system is subject to a Service Level Agreement (SLA) of 99.99 percent availabilty.
* Minimize the effort required to modify the middle-tier API and the back-end tier of the payment processing system.
* Payment processing system must be able to use grouping and joining tables on encrypted columns.
* Generate alerts when unauthorized login attempts occur on the middle-tier virtual machines.
* Ensure that the payment processing system preserves its current compliance status.
* Host the middle tier of the payment processing system on a virtual machine Contoso identifies the following requirements for the historical transaction query system:
* Minimize the use of on-premises infrastructure services.
* Minimize the effort required to modify the .NET web service querying Azure Cosmos DB.
* Minimize the frequency of table scans.
* If a region fails, ensure that the historical transaction query system remains available without any administrative intervention.
Requirements. Information Security Requirements
The IT security team wants to ensure that identity management is performed by using Active Directory.
Password hashes must be stored on-premises only.
Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger a multi-factor authentication prompt automatically.
質問 177
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains several administrative user accounts. You need to recommend a solution to identify which administrative user accounts have NOT signed in during the previous 30 days.
Which service should you include in the recommendation?
- A. Azure Activity log
- B. Azure AD Privileged identity Management (PIM)
- C. Azure AD Identity Protection
- D. Azure Advisor
正解: B
解説:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-use-audit-log?tabs=new
質問 178
You need to recommend a solution to meet the database retention requirement. What should you recommend?
- A. Use automatic Azure SQL Database backups.
- B. Configure Azure Site Recovery.
- C. Configure a long-term retention policy for the database.
- D. Configure geo replication of the database.
正解: C
質問 179
Your company has users who work remotely from laptops.
You plan to move some of the applications accessed by the remote users to Azure virtual machines. The users will access the applications in Azure by using a point-to-site VPN connection. You will use certificates generated from an on-premises-based certification authority (CA).
You need to recommend which certificates are required for the deployment.
What should you include in the recommendation? To answer, drag the appropriate certificates to the correct targets. Each certificate may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 180
Your company has two on-premises sites in New York and Los Angeles and Azure virtual networks in the East US Azure region and the West US Azure region. Each on-premises site has Azure ExpressRoute circuits to both regions.
You need to recommend a solution that meets the following requirements:
* Outbound traffic to the Internet from workloads hosted on the virtual networks must be routed through the closest available on-premises site.
* If an on-premises site fails, traffic from the workloads on the virtual networks to the Internet must reroute automatically to the other site.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 181
You plan to archive 10 TB of on-premises data files to Azure.
You need to recommend a data archival solution. The solution must minimize the cost of storing the data files.
Which Azure Storage account type should you include in the recommendation?
- A. Premium StorageV2 (general purpose v2)
- B. Standard StorageV2 (general purpose v2)
- C. Premium Storage (general purpose v1)
- D. Standard Storage (general purpose v1)
正解: B
解説:
Standard StorageV2 supports the Archive access tier, which would be the cheapest solution.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-introduction
質問 182
You have an on-premises file server that stores 2 TB of data files.
You plan to move the data files to Azure Blob storage in the Central Europe region.
You need to recommend a storage account type to store the data files and a replication solution for the storage account. The solution must meet the following requirements:
* Be available if a single Azure datacenter fails.
* Support storage tiers.
* Minimize cost.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Box 1: Blob storage
Blob storage supports storage tiers
Note: Azure offers three storage tiers to store data in blob storage: Hot Access tier, Cool Access tier, and Archive tier. These tiers target data at different stages of its lifecycle and offer cost-effective storage options for different use cases.
Box 2: Zone-redundant storage (ZRS)
Data in an Azure Storage account is always replicated three times in the primary region. Azure Storage offers two options for how your data is replicated in the primary region:
* Zone-redundant storage (ZRS) copies your data synchronously across three Azure availability zones in the primary region.
* Locally redundant storage (LRS) copies your data synchronously three times within a single physical location in the primary region. LRS is the least expensive replication option, but is not recommended for applications requiring high availability.
References:
https://cloud.netapp.com/blog/storage-tiers-in-azure-blob-storage-find-the-best-for-your-data
質問 183
You have 100 servers that run Windows Server 2012 R2 and host Microsoft SQL Server 2012 R2 instances. The instances host databases that have the following characteristics:
The largest database is currently 3 TB. None of the databases will ever exceed 4 TB.
Stored procedures are implemented by using CLR.
You plan to move all the data from SQL Server to Azure.
You need to recommend an Azure service to host the databases. The solution must meet the following requirements:
Whenever possible, minimize management overhead for the migrated databases.
Minimize the number of database changes required to facilitate the migration.
Ensure that users can authenticate by using their Active Directory credentials.
What should you include in the recommendation?
- A. SQL Server 2016 on Azure virtual machines
- B. Azure SQL Database single databases
- C. Azure SQL Database elastic pools
- D. Azure SQL Database Managed Instance
正解: D
解説:
Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance
質問 184
A company has a hybrid ASP.NET Web API application that is based on a software as a service (SaaS) offering.
Users report general issues with the data. You advise the company to implement live monitoring and use ad hoc queries on stored JSON data. You also advise the company to set up smart alerting to detect anomalies in the data.
You need to recommend a solution to set up smart alerting.
What should you recommend?
- A. Azure Site Recovery and Azure Monitor Logs
- B. Azure Application Insights and Azure Monitor Logs
- C. Azure Security Center and Azure Data Lake Store
- D. Azure Data Lake Analytics and Azure Monitor Logs
正解: D
解説:
Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview
質問 185
You have an Azure App Service Web App that includes Azure Blob storage and an Azure SQL Database instance. The application is instrumented by using the Application Insights SDK.
You need to design a monitoring solution for the web app.
Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 186
You have Azure virtual machines that run a custom line-of-business web application.
You plan to use a third-party solution to parse event logs from the virtual machines stored in an Azure storage account.
You need to recommend a solution to save the event logs from the virtual machines to the Azure Storage account. The solution must minimize costs and complexity.
What should you include in the recommendation?
- A. Azure Monitor Metrics
- B. Azure Monitor logs
- C. event log subscriptions
- D. Azure VM Diagnostics Extension
正解: D
質問 187
You have an Azure subscription that contains 100 virtual machines.
You plan to design a data protection strategy to encrypt the virtual disks.
You need to recommend a solution to encrypt the disks by using Azure Disk Encryption. The solution must provide the ability to encrypt operating system disks and data disks.
What should you include in the recommendation?
- A. a secret
- B. a key
- C. a passphrase
- D. a certificate
正解: B
解説:
Explanation
For enhanced virtual machine (VM) security and compliance, virtual disks in Azure can be encrypted. Disks are encrypted by using cryptographic keys that are secured in an Azure Key Vault. You control these cryptographic keys and can audit their use.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/encrypt-disks
質問 188
You need to design an Azure policy that will implement the following functionality:
* For new resources, assign tags and values that match the tags and values of the resource group to which the resources are deployed.
* For existing resources, identify whether the tags and values match the tags and values of the resource group that contains the resources.
* For any non-compliant resources, trigger auto-generated remediation tasks to create missing tags and values.
The solution must use the principle of least privilege.
What should you include in the design? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
質問 189
......
更新されたのはMicrosoft AZ-304問題集PDFオンラインエンジン:https://www.goshiken.com/Microsoft/AZ-304-mondaishu.html
AZ-304.PDFで問題解答PDFサンプル問題信頼され続ける:https://drive.google.com/open?id=1wbyU_VXsM7AdbImRkSZ3BH-WXtXRwh9J