AZ-305問題集でリアル試験問題でテストエンジン問題集でトレーニング
Microsoft AZ-305テスト問題集とオンライン試験エンジン
質問 # 75
You have the Azure resources shown in the following table.
You need to design a solution that provides on-premises network connectivity to SQLDB1 through PE1. How should you configure name resolution? To answer, select the appropriate options in the answer area.
正解:
解説:
質問 # 76
You migrate App1 to Azure. You need to ensure that the data storage for App1 meets the security and compliance requirement What should you do?
- A. Implement Azure resource locks.
- B. Create Azure RBAC assignments.
- C. Modify the access level of the blob service.
- D. Create an access policy for the blob
正解:D
解説:
Scenario: Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.
As an administrator, you can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. The lock overrides any permissions the user might have.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
Topic 2, Fabrikam, inc Case Study A
Existing Environment
Fabrikam, Inc. is an engineering company that has offices throughout Europe. The company has a main office in London and three branch offices in Amsterdam Berlin, and Rome.
Active Directory Environment:
The network contains two Active Directory forests named corp.fabnkam.com and rd.fabrikam.com. There are no trust relationships between the forests. Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication. Rd.fabrikam.com is used by the research and development (R&D) department only. The R&D department is restricted to using on-premises resources only.
Network Infrastructure:
Each office contains at least one domain controller from the corp.fabrikam.com domain. The main office contains all the domain controllers for the rd.fabrikam.com forest.
All the offices have a high-speed connection to the Internet.
An existing application named WebApp1 is hosted in the data center of the London office. WebApp1 is used by customers to place and track orders. WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.
The IT department currently uses a separate Hyper-V environment to test updates to WebApp1.
Fabrikam purchases all Microsoft licenses through a Microsoft Enterprise Agreement that includes Software Assurance.
Problem Statement:
The use of Web App1 is unpredictable. At peak times, users often report delays. At other times, many resources for WebApp1 are underutilized.
Requirements:
Planned Changes:
Fabrikam plans to move most of its production workloads to Azure during the next few years.
As one of its first projects, the company plans to establish a hybrid identity model, facilitating an upcoming Microsoft Office 365 deployment All R&D operations will remain on-premises.
Fabrikam plans to migrate the production and test instances of WebApp1 to Azure.
Technical Requirements:
Fabrikam identifies the following technical requirements:
* Web site content must be easily updated from a single point.
* User input must be minimized when provisioning new app instances.
* Whenever possible, existing on premises licenses must be used to reduce cost.
* Users must always authenticate by using their corp.fabrikam.com UPN identity.
* Any new deployments to Azure must be redundant in case an Azure region fails.
* Whenever possible, solutions must be deployed to Azure by using platform as a service (PaaS).
* An email distribution group named IT Support must be notified of any issues relating to the directory synchronization services.
* Directory synchronization between Azure Active Directory (Azure AD) and corp.fabhkam.com must not be affected by a link failure between Azure and the on premises network.
Database Requirements:
Fabrikam identifies the following database requirements:
* Database metrics for the production instance of WebApp1 must be available for analysis so that database administrators can optimize the performance settings.
* To avoid disrupting customer access, database downtime must be minimized when databases are migrated.
* Database backups must be retained for a minimum of seven years to meet compliance requirement Security Requirements:
Fabrikam identifies the following security requirements:
*Company information including policies, templates, and data must be inaccessible to anyone outside the company
*Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.
*Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials.
*All administrative access to the Azure portal must be secured by using multi-factor authentication.
*The testing of WebApp1 updates must not be visible to anyone outside the company.
質問 # 77
You plan to migrate App1 to Azure.
You need to estimate the compute costs for App1 in Azure. The solution must meet the security and compliance requirements.
What should you use to estimate the costs, and what should you implement to minimize the costs? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://azure.microsoft.com/en-us/pricing/tco/
https://azure.microsoft.com/en-us/pricing/hybrid-benefit/
質問 # 78
You have an Azure subscription that contains an Azure SQL database.
You are evaluating whether to use Azure reservations on the Azure SQL database.
Which tool should you use to estimate the potential savings?
- A. The SQL database blade in the Azure portal
- B. The Purchase reservations blade in the Azure portal
- C. The Advisor blade in the Azure portal
正解:B
解説:
Explanation
Buy reserved capacity
Sign in to the Azure portal.
Select All services > Reservations.
Select Add and then in the Purchase Reservations pane, select SQL Database to purchase a new reservation for SQL Database.
Fill in the required fields. Existing databases in SQL Database and SQL Managed Instance that match the attributes you select qualify to get thereserved capacity discount. The actual number of databases or managed instances that get the discount depends on the scope and quantity selected.
Graphical user interface, text Description automatically generated
Review the cost of the capacity reservation in the Costs section.
Select Purchase.
Select View this Reservation to see the status of your purchase.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/reserved-capacity-overview
質問 # 79
You plan to deploy a custom database solution that will have multiple instances as shown in the following table.
Client applications will access database servers by using db.contoso.com.
You need to recommend load balancing services for the planned deployment. The solution must meet the following requirements:
* Access to at least one database server must be maintained in the event of a regional outage.
* The virtual machines must not connect to the internet directly.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Graphical user interface, text, application Description automatically generated
Box 1: Azure Traffic Manager
Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions, while providing high availability and responsiveness. Because Traffic Manager is a DNS-based load-balancing service, it load balances only at the domain level. For that reason, it can't fail over as quickly as Front Door, because of common challenges around DNS caching and systems not honoring DNS TTLs.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview
質問 # 80
You are evaluating the components of the migration to Azure that require you to provision an Azure Storage account.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 # 81
You plan to deploy an Azure web app named Appl that will use Azure Active Directory (Azure AD) authentication.
App1 will be accessed from the internet by the users at your company. All the users have computers that run Windows 10 and are joined to Azure AD.
You need to recommend a solution to ensure that the users can connect to App1 without being prompted for authentication and can access App1 only from company-owned computers.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://codingcanvas.com/using-azure-active-directory-authentication-in-your-web-application/
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
https://docs.microsoft.com/en-us/powerapps/developer/data-platform/walkthrough-register-app-azure-active-directory#:~:text=Create%20an%20application%20registration%201%20Create%20an%20application,the%20options%20and%20click%20on%20Add%20permissions.%20
"After consenting to use their Dataverse account with the ISV's application, end users can connect to Dataverse environment from external application. The consent form is not displayed again to other users after the first user who has already consented to use the ISV's app. Apps registered in Azure Active Directory are multi-tenant, which implies that other Dataverse users from other tenant can connect to their environment using the ISV's app."
質問 # 82
You need to configure an Azure policy to ensure that the Azure SQL databases have TDE enabled. The solution must meet the security and compliance requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
解説:
Explanation
A picture containing text Description automatically generated
Scenario: All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.
Step 1: Create an Azure policy definition that uses the deployIfNotExists identity.
The first step is to define the roles that deployIfNotExists and modify needs in the policy definition to successfully deploy the content of your included template.
Step 2: Create an Azure policy assignment
When creating an assignment using the portal, Azure Policy both generates the managed identity and grants it the roles defined in roleDefinitionIds.
Step 3: Invoke a remediation task
Resources that are non-compliant to a deployIfNotExists or modify policy can be put into a compliant state through Remediation. Remediation is accomplished by instructing Azure Policy to run the deployIfNotExists effect or the modify operations of the assigned policy on your existing resources and subscriptions, whether that assignment is to a management group, a subscription, a resource group, or an individual resource.
During evaluation, the policy assignment with deployIfNotExists or modify effects determines if there are non-compliant resources or subscriptions. When non-compliant resources or subscriptions are found, the details are provided on the Remediation page.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources
質問 # 83
You have an Azure subscription that contains a virtual network named VNET1 and 10 virtual machines. The virtual machines are connected to VNET1.
You need to design a solution to manage the virtual machines from the internet. The solution must meet the following requirements:
* Incoming connections to the virtual machines must be authenticated by using Azure Multi-Factor Authentication (MFA) before network connectivity is allowed.
* Incoming connections must use TLS and connect to TCP port 443.
* The solution must support RDP and SSH.
What should you Include In the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 # 84
You have an Azure Load Balancer named LB1 that balances requests to five Azure virtual machines.
You need to develop a monitoring solution for LB1. The solution must generate an alert when any of the following conditions are met:
A virtual machine is unavailable.
Connection attempts exceed 50,000 per minute.
Which signal should you include in the solution for each condition? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
Graphical user interface, text, application Description automatically generated
Box 1: Data path availability
Standard Load Balancer continuously exercises the data path from within a region to the load balancer front end, all the way to the SDN stack that supports your VM. As long as healthy instances remain, the measurement follows the same path as your application's load-balanced traffic. The data path that your customers use is also validated. The measurement is invisible to your application and does not interfere with other operations.
Note: Load balancer distributes inbound flows that arrive at the load balancer's front end to backend pool instances. These flows are according to configured load-balancing rules and health probes. The backend pool instances can be Azure Virtual Machines or instances in a virtual machine scale set.
Box 2: SYN count
SYN (synchronize) count: Standard Load Balancer does not terminate Transmission Control Protocol (TCP) connections or interact with TCP or UDP packet flows. Flows and their handshakes are always between the source and the VM instance. To better troubleshoot your TCP protocol scenarios, you can make use of SYN packets counters to understand how many TCP connection attempts are made. The metric reports the number of TCP SYN packets that were received.
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-diagnostics
質問 # 85
What should you recommend lo meet the monitoring requirements for App2?
- A. Azure Application Insights
- B. Container insights
- C. VM insights
- D. Microsoft Sentinel
正解:A
解説:
Topic 4, HABInsurance
Case Study
An insurance company, HABInsurance, operates in three states and provides home, auto, and boat insurance.
Besides the head office, HABInsurance has three regional offices.
Current environment
General
An insurance company, HABInsurance, operates in three states and provides home, auto, and boat insurance.
Besides the head office, HABInsurance has three regional offices.
Technology assessment
The company has two Active Directory forests: main.habinsurance.com and region.habinsurance.com.
HABInsurance's primary internal system is Insurance Processing System (IPS). It is an ASP.Net/C# application running on IIS/Windows Servers hosted in a data center. IPS has three tiers: web, business logic API, and a datastore on a back end. The company uses Microsoft SQL Server and MongoDB for the backend.
The system has two parts: Customer data and Insurance forms and documents. Customer data is stored in Microsoft SQL Server and Insurance forms and documents - in MongoDB. The company also has 10 TB of Human Resources (HR) data stored on NAS at the head office location. Requirements General HABInsurance plans to migrate its workloads to Azure. They purchased an Azure subscription. Changes During a transition period, HABInsurance wants to create a hybrid identity model along with a Microsoft Office 365 deployment. The company intends to sync its AD forests to Azure AD and benefit from Azure AD administrative units functionality.
HABInsurance needs to migrate the current IPSCustomers SQL database to a new fully managed SQL database in Azure that would be budget-oriented, balanced with scalable compute and storage options. The management team expects the Azure database service to scale the database resources dynamically with minimal downtime. The technical team proposes implementing a DTU-based purchasing model for the new database.
HABInsurance wants to migrate Insurance forms and documents to Azure database service. HABInsurance plans to move IPS first two tiers to Azure without any modifications. The technology team discusses the possibility of running IPS tiers on a set of virtual machines instances. The number of instances should be adjusted automatically based on the CPU utilization. An SLA of 99.95% must be guaranteed for the compute infrastructure.
The company needs to move HR data to Azure File shares.
In their new Azure ecosystem, HABInsurance plans to use internal and third-party applications.
The company considers adding user consent for data access to the registered applications Later, the technology team contemplates adding a customer self-service portal to IPS and deploying a new IPS to multi-region ASK. But the management team is worried about performance and availability of the multi-region AKS deployments during regional outages.
質問 # 86
You have an Azure subscription. The subscription contains an Azure SQL managed instance that stores employee details, including social security numbers and phone numbers.
You need to configure the managed instance to meet the following requirements:
* The helpdesk team must see only the last four digits of an employee's phone number.
* Cloud administrators must be prevented from seeing the employee's social security numbers.
What should you enable tor each column in the managed instance? To answer select the appropriate options in the answer area.
NOTE; Each correct selection is worth one point
正解:
解説:
Explanation
質問 # 87
You plan to automate the deployment of resources to Azure subscriptions.
What is a difference between using Azure Blueprints and Azure Resource Manager templates?
- A. Only Azure Blueprints can contain policy definitions.
- B. Only Azure Resource Manager templates can contain policy definitions.
- C. Azure Resource Manager templates remain connected to the deployed resources.
- D. Azure Blueprints remain connected to the deployed resources.
正解:D
解説:
With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. This connection supports improved tracking and auditing of deployments. Azure Blueprints can also upgrade several subscriptions at once that are governed by the same blueprint.
Reference:
https://docs.microsoft.com/en-us/answers/questions/26851/how-is-azure-blue-prints-different-from-resource-m.html
質問 # 88
Your company, named Contoso, Ltd., implements several Azure logic apps that have HTTP triggers. The logic apps provide access to an on-premises web service.
Contoso establishes a partnership with another company named Fabrikam. IncL Fabrikam does not have an existing Azure Active Directory (Azure AD) tenant and uses third-party OAuth 2.0 identity management to authenticate its users.
I Developers at Fabrikam plan to use a subset of the logic apps to build applications that will integrate with the on-premises web service of Contoso.
You need to design a solution to provide the Fabrikam developers with access to the logic apps. The solution must meet the following requirements:
* Requests to the logic apps from the developers must be limited to lower rates than the requests from the users at Contoso.
* The developers must be able to rely on their existing OAuth 2.0 provider to gain access to the logic apps.
* The solution must NOT require changes to the logic apps.
* The solution must NOT use Azure AD guest accounts.
What should you include in the solution?
- A. Azure AD business-to-business (B2B)
- B. Azure AD Application Proxy
- C. Azure API Management
- D. Azure Front Door
正解:C
解説:
API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services.
You can secure API Management using the OAuth 2.0 client credentials flow.
Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts
https://docs.microsoft.com/en-us/azure/api-management/api-management-features
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#enable-oauth-20-user-authorization-in-the-developer-console
質問 # 89
You are developing a sales application that will contain several Azure cloud services and will handle different components of a transaction. Different cloud services will process customer orders, billing, payment, inventory, and shipping.
You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using REST messages.
What should you include in the recommendation?
- A. Azure Notification Hubs
- B. Azure Application Gateway
- C. Azure Blob storage
- D. Azure Service Bus
正解:D
解説:
Explanation
Service Bus is a transactional message broker and ensures transactional integrity for all internal operations against its message stores. All transfers of messages inside of Service Bus, such as moving messages to a dead-letter queue or automatic forwarding of messages between entities, are transactional.
Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-transactions
" Service Bus offers a reliable and secure platform for asynchronous transfer of data and state." ... "Service Bus supports standard AMQP 1.0 and HTTP/REST protocols."https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-messaging-overview
質問 # 90
You are evaluating whether to use Azure Traffic Manager and Azure Application Gateway to meet the connection requirements for App1.
What is the minimum numbers of instances required for each service? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Explanation
質問 # 91
You have an Azure subscription that contains a storage account.
An application sometimes writes duplicate files to the storage account.
You have a PowerShell script that identifies and deletes duplicate files in the storage account. Currently, the script is run manually after approval from the operations manager.
You need to recommend a serverless solution that performs the following actions:
* Runs the script once an hour to identify whether duplicate files exist
* Sends an email notification to the operations manager requesting approval to delete the duplicate files
* Processes an email response from the operations manager specifying whether the deletion was approved
* Runs the script if the deletion was approved
What should you include in the recommendation?
- A. Azure Pipelines and Azure Service Fabric
- B. Azure Logic Apps and Azure Functions
- C. Azure Functions and Azure Batch
- D. Azure Logic Apps and Azure Event Grid
正解:B
解説:
Explanation
You can schedule a powershell script with Azure Logic Apps.
When you want to run code that performs a specific job in your logic apps, you can create your own function by using Azure Functions. This service helps you create Node.js, C#, and F# functions so you don't have to build a complete app or infrastructure to run code. You can also call logic apps from inside Azure functions.
Azure Functions provides serverless computing in the cloud and is useful for performing tasks such as these examples:
Reference:
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-azure-functions
質問 # 92
You are designing a message application that will run on an on-premises Ubuntu virtual machine. The application will use Azure Storage queues.
You need to recommend a processing solution for the application to interact with the storage queues. The solution must meet the following requirements:
Create and delete queues daily.
Be scheduled by using a CRON job.
Upload messages every five minutes.
What should developers use to interact with the queues?
- A. Azure CLI
- B. .NET Core
- C. Azure Data Factory
- D. AzCopy
正解:B
解説:
Reference:
https://docs.microsoft.com/en-us/azure/storage/queues/storage-tutorial-queues
質問 # 93
You have an on-premises database that you plan to migrate to Azure.
You need to design the database architecture to meet the following requirements:
Support scaling up and down.
Support geo-redundant backups.
Support a database of up to 75 TB.
Be optimized for online transaction processing (OLTP).
What should you include in the design? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
解説:
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/active-geo-replication-overview
https://medium.com/awesome-azure/azure-difference-between-azure-sql-database-and-sql-server-on-vm-comparison-azure-sql-vs-sql-server-vm-cf02578a1188
質問 # 94
......
AZ-305試験に合格するために、候補者はAzureコンピュート、ストレージ、およびネットワークソリューションの設計と実装、Azureリソースの管理、Azureセキュリティとアイデンティティソリューションの設計など、さまざまな分野での熟練を示さなければなりません。候補者はまた、Azureガバナンス、ハイブリッドクラウドシナリオ、およびAzure移行戦略についても確固たる理解を持っている必要があります。
Microsoft AZ-305 認定試験は、Microsoft Azure インフラストラクチャのソリューションを設計する能力を測定します。エキスパートレベルの試験として、Microsoft Azure で高度にスケーラブルで可用性が高く、耐久性のあるソリューションを設計および実装する候補者の熟練度をテストします。
Microsoft AZ-305問題を提供していますMicrosoft Azure Solutions Architect Expert問題集と完璧な解答付き:https://www.goshiken.com/Microsoft/AZ-305-mondaishu.html
信頼され続けるAZ-305試験のコツとPDF試験材料:https://drive.google.com/open?id=120e6AdQgNzxyFw2gnZ0xoRO95z6c8EYs