Using AZ-305 dumps practice questions 2024 is essential to ensure that you succeed in the Microsoft Azure AZ-305 exam.
Pass4itSure (Jan 12, 2024) has released a new AZ-305 dumps 2024 https://www.pass4itsure.com/az-305.html (You can choose PDF or VCE format) with 352 practice exam questions and answers that can help you more.
How can AZ-305 dumps 2024 help you more?
The AZ-305 exam not only tests your theoretical understanding but also your ability to apply this knowledge to real-world situations. Preparing the material with the AZ-305 dumps practice questions 2024 is essential to ensure that you don’t forget what you have learned.
Practice AZ-305 dumps practice questions 2024 can help you familiarize yourself with the content of the Designing Microsoft Azure Infrastructure Solutions exam.
It will also help you manage your time effectively in the actual exam and increase your chances of success.
Speaking of practice questions, here are the free AZ-305 practice questions for you.
Share AZ-305 dumps 2024 practice questions and answers online
Ps. I have already shared AZ-305 practice questions Q1-Q13 last time, and this time I will continue to share 15 free exam questions starting from Q15.
Come from: Pass4itSure
Number of Questions: 15/352
Certifications: Microsoft Azure
Question 14:
HOTSPOT
You have an Azure web app named App1 and an Azure key vault named KV1.
App1 stores database connection strings in KV1.
App1 performs the following types of requests to KV1:
1.
Get
2.
List
3.
Wrap
4.
Delete
5.
Unwrap
6.
Backup
7.
Decrypt
8. Encrypt
You are evaluating the continuity of service for App1.
You need to identify the following if the Azure region that hosts KV1 becomes unavailable:
1.
To where will KV1 fail over?
2.
During the failover, which request type will be unavailable?
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: A server in the same paired region
The contents of your key vault are replicated within the region and to a secondary region at least 150 miles away, but within the same geography to maintain the high durability of your keys and secrets.
Box 2: Delete
During failover, your key vault is in read-only mode. Requests that are supported in this mode are:
List certificates
Get certificates
List secrets
Get secrets
List keys
Get (properties of) keys
Encrypt
Decrypt
Wrap
Unwrap
Verify
Sign
Backup
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidance
Question 15:
You need to recommend a solution to meet the database retention requirements. What should you recommend?
A. Configure a long-term retention policy for the database.
B. Configure Azure Site Recovery.
C. Use automatic Azure SQL Database backups.
D. Configure geo-replication of the database.
Correct Answer: A
In Azure SQL Database, you can configure a database with a long-term backup retention policy (LTR) to automatically retain the database backups in separate Azure Blob storage containers for up to 10 years https://docs.microsoft.com/en-us/azure/azure-sql/database/long-termretention-overview
Question 16:
HOTSPOT
You have several Azure App Service web apps that use Azure Key Vault to store data encryption keys. Several departments have the following requests to support the web app:
Which service should you recommend for each department\’s request? To answer, configure the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 17:
HOTSPOT
You are designing an access policy for your company.
Occasionally, the developers at the company must stop, start, and restart Azure virtual machines. The development team changes often.
You need to recommend a solution to provide the developers with the required access to the virtual machines. The solution must meet the following requirements:
1. Provide permissions only when needed.
2. Use the principle of least privilege.
3. Minimize costs.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 18:
The accounting department at your company migrates to a new financial accounting software. The accounting department must keep file-based database backups for seven years for compliance purposes. It is unlikely that the backups will be used to recover data.
You need to move the backups to Azure. The solution must minimize costs. Where should you store the backups?
A. Azure Blob storage that uses the Archive tier
B. Azure SQL Database
C. Azure Blob storage that uses the Cool tier
D. a Recovery Services vault
Correct Answer: A
Azure Front Door enables you to define, manage, and monitor the global routing for your web traffic by optimizing for best performance and instant global failover for high availability. With Front Door, you can transform your global (multiregion) consumer and enterprise applications into robust, high-performance personalized modern applications, APIs, and content that reaches a global audience with Azure.
Front Door works at Layer 7 or the HTTP/HTTPS layer and uses anycast protocol with split TCP and Microsoft\’s global network for improving global connectivity.
Incorrect Answers:
B: Azure Traffic Manager uses DNS (layer 3) to shape traffic. SSL works at Layer 6.
Azure Traffic Manager can direct customers to their closest AKS cluster and application instance. For the best performance and redundancy, direct all application traffic through Traffic Manager before it goes to your AKS cluster.
Reference: https://docs.microsoft.com/en-us/azure/frontdoor/front-door-overview
Question 19:
You are designing an order processing system in Azure that will contain the Azure resources shown in the following table.
The order processing system will have the following transaction flow:
1. A customer will place an order by using App1.
2. When the order is received, App1 will generate a message to check for product availability at vendor 1 and vendor 2.
3. An integration component will process the message, and then trigger either Function1 or Function2 depending on the type of order. Once a vendor confirms the product availability, a status message for App1 will be generated by Function1 or Function2.
4. All the steps of the transaction will be logged to storage1.
Which type of resource should you recommend for the integration component? Which type of resource should you recommend for the integration component?
A. an Azure Data Factory pipeline
B. an Azure Service Bus queue
C. an Azure Event Grid domain
D. an Azure Event Hubs capture
Correct Answer: A
A data factory can have one or more pipelines. A pipeline is a logical grouping of activities that together perform a task.
The activities in a pipeline define actions to perform on your data.
Data Factory has three groupings of activities: data movement activities, data transformation activities, and control activities. Azure Functions is now integrated with Azure Data Factory, allowing you to run an Azure function as a step in your
data factory pipelines.
Reference:
https://docs.microsoft.com/en-us/azure/data-factory/concepts-pipelines-activities
Question 20:
You plan to use an Azure Storage account to store data assets.
You need to recommend a solution that meets the following requirements:
Supports immutable storage
Disables anonymous access to the storage account Supports access control list (ACL)-based Azure AD permissions What should you include in the recommendation?
A. Azure Files
B. Azure Data Lake Storage
C. Azure NetApp Files
D. Azure Blob Storage
Correct Answer: C
*
An invaluable feature of NetApp Snapshot copies is their innate immutability. They can’t be changed. This is especially important because an increasing number of ransomware attacks involve attackers encrypting your data and holding the
key hostage.
*
docs.netapp.com. ONTAP, Configure access restrictions for anonymous users
By default, an anonymous, unauthenticated user (also known as the null user) can access certain information on the network. You can use an SMB server option to configure access restrictions for the anonymous user.
*
Azure NetApp Files supports access control lists (ACLs) on NFSv4.1 volumes. ACLs provide granular file security via NFSv4.1.
ACLs contain access control entities (ACEs), which specify the permissions (read, write, etc.) of individual users or groups. When assigning user roles, provide the user email address if you\’re using a Linux VM joined to an Active Directory
Domain. Otherwise, provide user IDs to set permissions.
Reference:
https://www.netapp.com/blog/protect-google-cloud-with-snapshot https://docs.netapp.com/us-en/ontap/smb-admin/configure-access-restrictions-anonymous-users-task.html https://learn.microsoft.com/en-us/azure/azure-netapp-files/configure-access-control-lists
Question 21:
HOTSPOT
You need to recommend a solution to ensure that App1 can access the third-party credentials and access strings. The solution must meet the security requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Scenario: Security Requirement
All secrets used by Azure services must be stored in Azure Key Vault.
Services that require credentials must have the credentials tied to the service instance. The credentials must NOT be shared between services.
Box 1: A service principal
A service principal is a type of security principal that identifies an application or service, which is to say, a piece of code rather than a user or group. A service principal\’s object ID is known as its client ID and acts like its username. The service
principal\’s client secret acts like its password.
Note: Authentication with Key Vault works in conjunction with Azure Active Directory (Azure AD), which is responsible for authenticating the identity of any given security principal.
A security principal is an object that represents a user, group, service, or application that\’s requesting access to Azure resources. Azure assigns a unique object ID to every security principal.
Box 2: A role assignment
You can provide access to Key Vault keys, certificates, and secrets with an Azure role-based access control.
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/authentication
Question 22:
HOTSPOT
You have an Azure Resource Manager template named Template1 in the library as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-syntax
Question 23:
HOTSPOT
You have an Azure subscription that contains 300 Azure virtual machines that run Windows Server 2016.
You need to centrally monitor all warning events in the System logs of the virtual machines.
What should you include in the solutions? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
References: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows
Question 24:
You have an app named App1 that uses an on-premises Microsoft SQL Server database named DB1.
You plan to migrate DB1 to an Azure SQL-managed instance.
You need to enable customer-managed Transparent Data Encryption (TDE) for the instance. The solution must maximize encryption strength.
Which type of encryption algorithm and key length should you use for the TDE protector?
A. AES256
B. RSA4096
C. RSA2048
D. RSA3072
Correct Answer: D
Question 25:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that uses data from two on-premises Microsoft SQL Server databases named DB1 and DB2.
You plan to move DB1 and DB2 to Azure.
You need to implement Azure services to host DB1 and DB2. The solution must support server-side transactions across DB1 and DB2.
Solution: You deploy DB1 and DB2 as Azure SQL databases on the same Azure SQL Database server.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Instead, deploy DB1 and DB2 to SQL Server on an Azure virtual machine.
Note: Understanding distributed transactions.
When both the database management system and client are under the same ownership (e.g. when SQL Server is deployed to a virtual machine), transactions are available and the lock duration can be controlled.
Reference:
https://docs.particular.net/nservicebus/azure/understanding-transactionality-in-azure
Question 26:
HOTSPOT
You plan to develop a new app that will store business-critical data. The app must meet the following requirements:
1. Prevent new data from being modified for one year.
2. Minimize read latency.
3. Maximize data resiliency.
You need to recommend a storage solution for the app.
What should you recommend? To answer, select the appropriate options in the answer area.
Hot Area:
Correct Answer:
Box 1:
BlockBlobStorage
Storage accounts with premium performance characteristics for block blobs and append blobs.
Box 2:
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
Question 27:
You are developing an app that will use Azure Functions to process Azure Event Hub events. Request processing is estimated to take between five and 20 minutes. You need to recommend a hosting solution that meets the following requirements:
1. Supports estimates of request processing runtimes
2. Supports event-driven autoscaling for the app Which hosting plan should you recommend?
A. Consumption
B. App Service
C. Dedicated
D. Premium
Correct Answer: B
Question 28:
HOTSPOT
You have an Azure logic app named App1 and an Azure Service Bus queue named Queue1.
You need to ensure that App1 can read messages from Queue1. App1 must authenticate by using Azure Active Directory (Azure AD).
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
On App1: Turn on the managed identity
To use Service Bus with managed identities, you need to assign the identity the role and the appropriate scope. The procedure in this section uses a simple application that runs under a managed identity and accesses Service Bus resources.
Once the application is created, follow these steps:
Go to Settings and select Identity.
Select the Status to be On.
Select Save to save the setting.
On Queue1: Configure Access Control (IAM)
Azure Active Directory (Azure AD) authorizes access rights to secured resources through role-based access control (RBAC). Azure Service Bus defines a set of built-in RBAC roles that encompass common sets of permissions used to access
Service Bus entities and you can also define custom roles for accessing the data.
Assign RBAC roles using the Azure portal
In the Azure portal, navigate to your Service Bus namespace. Select Access Control (IAM) on the left menu to display access control settings for the namespace. If you need to create a Service Bus namespace.
Select the Role Assignments tab to see the list of role assignments. Select the Add button on the toolbar and then select Add role assignment.
Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/authenticate-application
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-managed-service-identity
More Microsoft exam questions. . .
With practice questions, do you still want more AZ-305 exam study resources, rest assured, understand you.
Microsoft Azure AZ-305 learning resource Integration 2024 new update
To cater to everyone’s preferences, we have three styles for you: video, document, and book.
Video:
- Preparing for AZ-305 – Design identity, governance, and monitoring solutions (1 of 4)
- Preparing for AZ-305 – Design data storage solutions (2 of 4)
- Preparing for AZ-305 – Design business continuity solutions (3 of 4)
- Preparing for AZ-305 – Design infrastructure solutions (4 of 4)
Document:
- Exam AZ-305: Designing Microsoft Azure Infrastructure Solutions – Certifications
- Microsoft Certified: Azure Solutions Architect Expert – Certifications
Book:
- Exam Ref AZ-305 Designing Microsoft Azure Infrastructure Solutions
- Microsoft Azure Infrastructure Services for Architects: Designing Cloud Solutions
- Mastering Microsoft Azure Infrastructure Services
- Microsoft Azure security infrastructure
Exam AZ-305 has just been updated and you need to pay attention
The exam will be updated on January 22, 2024, and you should keep an eye out for any changes in the focus of the exam.
In addition, this change also requires that you pass the AZ-305 exam as soon as possible. Otherwise, it will be more difficult.
Answer hot questions: About exam AZ-305
How do you understand AZ-303, AZ-304 and AZ-305?
The focus of the three is very different. AZ-303 is more focused on Azure infrastructure, AZ-304 is more focused on designing solutions using Azure, and AZ-305 is more focused on Azure identity and access management.
Is it well-paid to pass the AZ-305 exam?
According to the Global Knowledge IT Skills and Salary Survey, the AZ-305 exam is one of the most challenging and highest-paying certifications in the cloud field. High salary.
Can I bypass AZ-104 and take the AZ-305 exam?
You can take the AZ-305 exam, but you will not be able to earn the Azure Solutions Architect Expert certification without first passing the AZ-104 exam.
Okay, so let’s summarize it after writing this.
AZ-305 dumps 2024 practice questions can help you more so you need to get it as soon as as possible.
Come now https://www.pass4itsure.com/az-305.html Download the New AZ-305 dumps 2024 ( PDF or VCE Format) Practice new AZ-305 exam questions 2024 for Designing Microsoft Azure Infrastructure Solutions exam!