• ホーム
  • ブログ
  • [2023年04月12日] 最新AZ-305試験問題集には高得点で一発合格 [Q122-Q147]

[2023年04月12日] 最新AZ-305試験問題集には高得点で一発合格 [Q122-Q147]

Share

[2023年04月12日] 最新AZ-305試験問題集には高得点で一発合格

無料提供中AZ-305ブレーン問題集とAZ-305リアル試験問題


Microsoft AZ-305 は、Microsoft Azure インフラストラクチャソリューションを設計する専門家が自分の専門知識を証明するために設計された認定試験です。この認定は、Microsoft Azure テクノロジーを使用しているアーキテクト、開発者、および IT プロフェッショナルに最適であり、ビジネスニーズを満たすソリューションを設計するスキルを検証することができます。試験は、候補者がスケーラブルで強靱で安全なソリューションを設計する能力を測定します。


Microsoft AZ-305試験は、幅広い準備が必要な厳しいテストです。候補者はAzureサービスの実践的な経験を持ち、プラットフォーム上でのソリューション設計のベストプラクティスに精通している必要があります。 Microsoftは、オンラインコース、練習問題、スタディガイドなど、試験の準備を支援するさまざまなトレーニングリソースを提供しています。

 

質問 # 122
Your company deploys several Linux and Windows virtual machines (VMs) to Azure. The VMs are deployed with the Microsoft Dependency Agent and the Log Analytics Agent installed by using Azure VM extensions.
On-premises connectivity has been enabled by using Azure ExpressRoute.
You need to design a solution to monitor the VMs.
Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation
Graphical user interface, text, application Description automatically generated

Box 1: Azure Traffic Analytics
Traffic Analytics is a cloud-based solution that provides visibility into user and application activity in cloud networks. Traffic analytics analyzes Network Watcher network security group (NSG) flow logs to provide insights into traffic flow in your Azure cloud. With traffic analytics, you can:
* Identify security threats to, and secure your network, with information such as open-ports, applications attempting internet access, and virtual machines (VM) connecting to rogue networks.
* Visualize network activity across your Azure subscriptions and identify hot spots.
* Understand traffic flow patterns across Azure regions and the internet to optimize your network deployment for performance and capacity.
* Pinpoint network misconfigurations leading to failed connections in your network.
Box 2: Azure Service Map
Service Map automatically discovers application components on Windows and Linux systems and maps the communication between services. With Service Map, you can view your servers in the way that you think of them: as interconnected systems that deliver critical services. Service Map shows connections between servers, processes, inbound and outbound connection latency, and ports across any TCP-connected architecture, with no configuration required other than the installation of an agent.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/service-map


質問 # 123
Your company deploys an Azure App Service Web App.
During testing the application fails under load. The application cannot handle more than 100 concurrent user sessions. You enable the Always On feature. You also configure auto-scaling to increase counts from two to 10 based on HTTP queue length.
You need to improve the performance of the application.
Which solution should you use for each application scenario? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/azure-cache-for-redis/cache-overview


質問 # 124
You have five .NET Core applications that run on 10 Azure virtual machines in the same subscription.
You need to recommend a solution to ensure that the applications can authenticate by using the same Azure Active Directory (Azure AD) identity. The solution must meet the following requirements:
Ensure that the applications can authenticate only when running on the 10 virtual machines.
Minimize administrative effort.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 125
You plan to migrate App1 to Azure.
You need to estimate the compute costs for App1 in Azure. The solution must meet the security and compliance requirements.
What should you use to estimate the costs, and what should you implement to minimize the costs? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Explanation
Text Description automatically generated

Box 1: The Azure Total Cost of Ownership (TCO) Calculator
The Total Cost of Ownership (TCO) Calculator estimates the cost savings you can realize by migrating your workloads to Azure.
Note: The TCO Calculator recommends a set of equivalent services in Azure that will support your applications. Our analysis will show each cost area with an estimate of your on-premises spend versus your spend in Azure. There are several cost categories that either decrease or go away completely when you move workloads to the cloud.
Box 2: Azure Hybrid Benefit
Azure Hybrid Benefit is a licensing benefit that helps you to significantly reduce the costs of running your workloads in the cloud. It works by letting you use your on-premises Software Assurance-enabled Windows Server and SQL Server licenses on Azure. And now, this benefit applies to RedHat and SUSE Linux subscriptions, too.
Scenario:
Litware identifies the following security and compliance requirements:
* Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.
* On-premises users and services must be able to access the Azure Storage account that will host the data in App1.
* Access to the public endpoint of the Azure Storage account that will host the App1 data must be prevented.
* All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.
* App1 must not share physical hardware with other workloads.
Reference:
https://azure.microsoft.com/en-us/pricing/tco/
https://azure.microsoft.com/en-us/pricing/hybrid-benefit/


質問 # 126
Your company deploys several Linux and Windows virtual machines (VMs) to Azure. The VMs are deployed with the Microsoft Dependency Agent and the Log Analytics Agent installed by using Azure VM extensions. On-premises connectivity has been enabled by using Azure ExpressRoute.
You need to design a solution to monitor the VMs.
Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/service-map


質問 # 127
You are developing an app that will use Azure Functions to process Azure Event Hubs events. Request processing is estimated to take between five and 20 minutes. You need to recommend a hosting solution that meets the following requirements:
* Supports estimates of request processing runtimes
* Supports event-driven autoscaling for the app
Which hosting plan should you recommend?

  • A. Dedicated
  • B. Premium
  • C. Consumption
  • D. App Service

正解:D


質問 # 128
Your company has the divisions shown in the following table.

You plan to deploy a custom application to each subscription. The application will contain the following:
A resource group
An Azure web app
Custom role assignments
An Azure Cosmos DB account
You need to use Azure Blueprints to deploy the application to each subscription.
What is the minimum number of objects required to deploy the application? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 129
You are designing an app that will use Azure Cosmos DB to collate sales data from multiple countries. You need to recommend an API for the app. The solution must meet the following requirements:
* Support SQL queries.
* Support geo-replication.
* Store and access data relationally.
Which API should you recommend?

  • A. Apache Cassandra
  • B. PostgreSQL
  • C. MongoDB
  • D. NoSQL

正解:B


質問 # 130
You need to recommend a notification solution for the IT Support distribution group.
What should you include in the recommendation?

  • A. Azure AD Connect Health
  • B. Azure Network Watcher
  • C. an action group
  • D. a SendGrid account with advanced reporting

正解:A

解説:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-operations This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Topic 3, Contoso
Existing Environment
Technical Environment
The on-premises network contains a single Active Directory domain named contoso.com.
Contoso has a single Azure subscription.
Existing Environment: Business Partnerships
Contoso has a business partnership with Fabrikam, Inc. Fabrikam users access some Contoso applications over the internet by using Azure Active Directory (Azure AD) guest accounts.
Requirements: Planned Changes
Contoso plans to deploy two applications named App1 and App2 to Azure.
Requirements: App1
App1 will be a Python web app hosted in Azure App Service that requires a Linux runtime. Users from Contoso and Fabrikam will access App1.
App1 will access several services that require third-party credentials and access strings. The credentials and access strings are stored in Azure Key Vault.
App1 will have six instances: three in the East US Azure region and three in the West Europe Azure region.
App1 has the following data requirements:
Each instance will write data to a data store in the same availability zone as the instance.
Data written by any App1 instance must be visible to all App1 instances.
App1 will only be accessible from the internet. App1 has the following connection requirements:
Connections to App1 must pass through a web application firewall (WAF).
Connections to App1 must be active-active load balanced between instances.
All connections to App1 from North America must be directed to the East US region. All other connections must be directed to the West Europe region.
Every hour, you will run a maintenance task by invoking a PowerShell script that copies files from all the App1 instances. The PowerShell script will run from a central location.
Requirements: App2
App2 will be a NET app hosted in App Service that requires a Windows runtime. App2 has the following file storage requirements:
Save files to an Azure Storage account.
Replicate files to an on-premises location.
Ensure that on-premises clients can read the files over the LAN by using the SMB protocol.
You need to monitor App2 to analyze how long it takes to perform different transactions within the application. The solution must not require changes to the application code.
Application Development Requirements
Application developers will constantly develop new versions of App1 and App2. The development process must meet the following requirements:
A staging instance of a new application version must be deployed to the application host before the new version is used in production.
After testing the new version, the staging version of the application will replace the production version.
The switch to the new application version from staging to production must occur without any downtime of the application.
Identity Requirements
Contoso identifies the following requirements for managing Fabrikam access to resources:
Every month, an account manager at Fabrikam must review which Fabrikam users have access permissions to App1. Accounts that no longer need permissions must be removed as guests.
The solution must minimize development effort.
Security Requirement
All secrets used by Azure services must be stored in Azure Key Vault.
Services that require credentials must have the credentials tied to the service instance. The credentials must NOT be shared between services.


質問 # 131
You have an Azure subscription that contains the storage accounts shown in the following table.

You plan to implement two new apps that have the requirements shown in the following table.

Which storage accounts should you recommend using for each app? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 132
You are designing a microservices architecture that will support a web application.
The solution must meet the following requirements:
* Allow independent upgrades to each microservice
* Deploy the solution on-premises and to Azure
* Set policies for performing automatic repairs to the microservices
* Support low-latency and hyper-scale operations
You need to recommend a technology.
What should you recommend?

  • A. Azure Container Instance
  • B. Azure Service Fabric
  • C. Azure Virtual Machine Scale Set
  • D. Azure Container Service

正解:B

解説:
Explanation
https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-overview


質問 # 133
Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service instances will be deployed at the same time as the Azure SQL databases.
The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region.
You need to recommend a solution to meet the regulatory requirement.
Solution: You recommend using an Azure policy to enforce the location of resource groups.
Does this meet the goal?

  • A. Yes
  • B. No

正解:B


質問 # 134
You have an Azure subscription that contains two applications named App1 and App2. App1 is a sales processing application. When a transaction in App1 requires shipping, a message is added to an Azure Storage account queue, and then App2 listens to the queue for relevant transactions.
In the future, additional applications will be added that will process some of the shipping requests based on the specific details of the transactions.
You need to recommend a replacement for the storage account queue to ensure that each additional application will be able to read the relevant transactions.
What should you recommend?

  • A. one Azure Data Factory pipeline
  • B. one Azure Service Bus topic
  • C. one Azure Service Bus queue
  • D. multiple storage account queues

正解:B


質問 # 135
You have an Azure Active Directory (Azure AD) tenant that syncs with an on-premises Active Directory domain.
You have an internal web app named WebApp1 that is hosted on-premises. WebApp1 uses Integrated Windows authentication.
Some users work remotely and do have VPN access to the on-premises network.
You need to provide the remote users with single sign-on (SSO) access to WebApp1.
Which two features should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Conditional Access policies
  • B. Azure AD Application Proxy
  • C. Azure Application Gateway
  • D. Azure AD enterprise applications
  • E. Azure Arc
  • F. Azure AD Privileged Identity Management (PIM)

正解:A、B

解説:
Explanation
A: Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Application Proxy includes both the Application Proxy service which runs in the cloud, and the Application Proxy connector which runs on an on-premises server.
You can configure single sign-on to an Application Proxy application.
C: Microsoft recommends using Application Proxy with pre-authentication and Conditional Access policies for remote access from the internet. An approach to provide Conditional Access for intranet use is to modernize applications so they can directly authenticate with AAD.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-config-sso-how-to
https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-deployment-plan


質問 # 136
Your organization has developed and deployed several Azure App Service Web and API applications. The applications use Azure Key Vault to store several authentication, storage account, and data encryption keys. Several departments have the following requests to support the applications:

You need to recommend the appropriate Azure service for each department request.
What should you recommend? To answer, configure the appropriate options in the dialog box in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 137
You have an on-premises network and an Azure subscription. The on-premises network has several branch offices.
A branch office in Toronto contains a virtual machine named VM1 that is configured as a file server. Users access the shared files on VM1 from all the offices.
You need to recommend a solution to ensure that the users can access the shares files as quickly as possible if the Toronto branch office is inaccessible.
What should you include in the recommendation?

  • A. an Azure file share and Azure File Sync
  • B. a Recovery Services vault and Windows Server Backup
  • C. a Recovery Services vault and Azure Backup
  • D. Azure blob containers and Azure File Sync

正解:A

解説:
Explanation
Use Azure File Sync to centralize your organization's file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms Windows Server into a quick cache of your Azure file share.
You need an Azure file share in the same region that you want to deploy Azure File Sync.
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide


質問 # 138
A company has an existing web application that runs on virtual machines (VMs) in Azure.
You need to ensure that the application is protected from SQL injection attempts and uses a layer-7 load balancer. The solution must minimize disruption to the code for the existing web application.
What should you recommend? To answer, drag the appropriate values to the correct items. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-faq
https://docs.microsoft.com/en-us/azure/application-gateway/waf-overview


質問 # 139
You have an Azure Active Directory (Azure AD) tenant.
You plan to use Azure Monitor to monitor user sign-ins and generate alerts based on specific user sign-in events.
You need to recommend a solution to trigger the alerts based on the events.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:

Reference:
https://4sysops.com/archives/how-to-create-an-azure-ad-admin-login-alert/
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-log


質問 # 140
You have the Azure resources shown in the following table.

You need to design a solution that provides on-premises network connectivity to SQLDB1 through PE1. How should you configure name resolution? To answer, select the appropriate options in the answer area.

正解:

解説:


質問 # 141
You have an on-premises file server that stores 2 TB of data files.
You plan to move the data files to Azure Blob storage in the Central Europe region.
You need to recommend a storage account type to store the data files and a replication solution for the storage account. The solution must meet the following requirements:
Be available if a single Azure datacenter fails.
Support storage tiers.
Minimize cost.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 142
You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server 2016 and Linux.
You need to use Azure Log Analytics design an alerting strategy for security-related events.
Which Log Analytics tables should you query? To answer, drag the appropriate tables to the correct log types. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 143
You are designing a large Azure environment that will contain many subscriptions.
You plan to use Azure Policy as part of a governance solution.
To which three scopes can you assign Azure Policy definitions? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. management groups
  • B. Azure Active Directory (Azure AD) administrative units
  • C. subscriptions
  • D. resource groups
  • E. compute resources
  • F. Azure Active Directory (Azure AD) tenants

正解:A、C、D

解説:
Azure Policy evaluates resources in Azure by comparing the properties of those resources to business rules.
Once your business rules have been formed, the policy definition or initiative is assigned to any scope of resources that Azure supports, such as management groups, subscriptions, resource groups, or individual resources.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview


質問 # 144
You have an app named App1 that uses an on-premises Microsoft SQL Server database named DB1.
You plan to migrate DB1 to an Azure SQL managed instance.
You need to enable customer-managed Transparent Data Encryption (TDE) for the instance. The solution must maximize encryption strength.
Which type of encryption algorithm and key length should you use for the TDE protector?

  • A. RSA3072
  • B. RSA4096
  • C. RSA2048
  • D. AES256

正解:A


質問 # 145
You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server 2016 and Linux.
You need to use Azure Log Analytics design an alerting strategy for security-related events.
Which Log Analytics tables should you query? To answer, drag the appropriate tables to the correct log types. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

正解:

解説:


質問 # 146
You need to configure an Azure policy to ensure that the Azure SQL databases have TDE enabled. The solution must meet the security and compliance requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

正解:

解説:

Explanation
A picture containing text Description automatically generated

Scenario: All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.
Step 1: Create an Azure policy definition that uses the deployIfNotExists identity.
The first step is to define the roles that deployIfNotExists and modify needs in the policy definition to successfully deploy the content of your included template.
Step 2: Create an Azure policy assignment
When creating an assignment using the portal, Azure Policy both generates the managed identity and grants it the roles defined in roleDefinitionIds.
Step 3: Invoke a remediation task
Resources that are non-compliant to a deployIfNotExists or modify policy can be put into a compliant state through Remediation. Remediation is accomplished by instructing Azure Policy to run the deployIfNotExists effect or the modify operations of the assigned policy on your existing resources and subscriptions, whether that assignment is to a management group, a subscription, a resource group, or an individual resource.
During evaluation, the policy assignment with deployIfNotExists or modify effects determines if there are non-compliant resources or subscriptions. When non-compliant resources or subscriptions are found, the details are provided on the Remediation page.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources


質問 # 147
......

AZ-305合格させる問題集でMicrosoft24時間で試験合格できます:https://www.goshiken.com/Microsoft/AZ-305-mondaishu.html

Microsoft AZ-305実際の問題とブレーン問題集:https://drive.google.com/open?id=120e6AdQgNzxyFw2gnZ0xoRO95z6c8EYs

関するブログ

もっと
AZ-305無料問題集