Microsoft Designing Microsoft Azure Infrastructure Solutions (AZ-305)

You plan to deploy a microservice named App1.

You need to configure a hosting solution for App1. The solution must meet the following requirements:

• Scale to zero.
• Support traffic splitting.
• Minimize administrative effort and costs.

What should you include in the solution?

You have an Azure AD tenant that contains a management group named MG1.

You have the Azure subscriptions shown in the following table.

The subscriptions contain the resource groups shown in the following table.

The subscription contains the Azure AD security groups shown in the following table.

The subscription contains the user accounts shown in the following table.

You perform the following actions:

• Assign User3 the Contributor role for Sub1. 
• Assign Group1 the Virtual Machine Contributor role for MG1. 
• Assign Group3 the Contributor role for the Tenant Root Group.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You have an Azure App Service web app named Webapp1 that connects to an Azure SQL database named DB1. Webapp1 and DB1 are deployed to the East US Azure region.

You need to ensure that all the traffic between Webapp1 and DB1 is sent via a private connection.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You plan to deploy an Azure Database for MySQL flexible server named Server1 to the East IJS Azure region.

You need to implement a business continuity solution for Server 1. The solution must minimize downtime in the event of a failover to a paired region.

What should you do?

You have an Azure subscription. The subscription contains an Azure SQL managed instance that stores employee details, including social security numbers and phone numbers.

You need to configure the managed instance to meet the following requirements:

• The helpdesk team must see only the last four digits of an employee's phone number.
• Cloud administrators must be prevented from seeing the employees' social security numbers.

What should you enable for each column in the managed instance? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an on-premises database named DB1.

You need to migrate DB1 to an Azure SQL managed instance. The solution must minimize downtime.

What should you use?

You have an on-premises Microsoft SQL Server 2008 instance that hosts a 50-GB database.

You need to migrate the database to an Azure SQL managed instance. The solution must minimize downtime.

What should you use?

You architect a solution that calculates 3D geometry from height-map data.

You have the following requirements:

• Perform calculations in Azure.
• Each node must communicate data to every other node.
• Maximize the number of nodes to calculate multiple scenes as fast as possible.
• Require the least amount of effort to implement.

You need to recommend a solution.

Which two actions should you recommend? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

You plan to deploy Azure Logic Apps workflows.

You need to configure the hosting environment for the planned deployment. The solution must meet the following requirements:

• Support virtual networks and private endpoints.
• Support stateful workloads.
• Minimize administrative effort and costs.

What should you use?

You have an Azure subscription that contains multiple storage accounts.

You assign Azure Policy definitions to the storage accounts.

You need to recommend a solution to meet the following requirements:

• Trigger on-demand Azure Policy compliance scans.
• Raise Azure Monitor non-compliance alerts by querying logs collected by Log Analytics.

What should you recommend for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription.

You plan to deploy a monitoring solution that will include the following:

• Azure Monitor Network Insights
• Application Insights
• Microsoft Sentinel
• VM insights

The monitoring solution will be managed by a single team.

What is the minimum number of Azure Monitor workspaces required?

You are designing an app that will be hosted on Azure virtual machines that run Ubuntu. The app will use a third-patty email service to send email messages to users. The third-party email service requires that the app authenticate by using an API key.

You need to recommend an Azure Key Vault solution for storing and accessing the API key. The solution must minimize administrative effort.

What should you recommend using to store and access the key? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains 10 web apps. The apps are integrated with Azure AD and are accessed by users on different project teams.

The users frequently move between projects.

You need to recommend an access management solution for the web apps. The solution must meet the following requirements:

• The users must only have access to the app of the project to which they are assigned currently.

• Project managers must verify which users have access to their project's app and remove users that are no longer assigned to their project.

• Once every 30 days, the project managers must be prompted automatically to verify which users are assigned to their projects.

What should you include in the recommendation?

You have an Azure subscription that contains the SQL servers on Azure shown in the following table.

The subscription contains the storage accounts shown in the following table.

You create the Azure SQL databases shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service instances will be deployed at the same time as the Azure SQL databases.

The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region.

You need to recommend a solution to meet the regulatory requirement.

Solution: You recommend using an Azure Policy initiative to enforce the location of resource groups.

Does this meet the goal?

You have an Azure subscription that contains an Azure Cosmos DB for NoSQL account named account1 and an Azure Synapse Analytics workspace named Workspace1.

The account1 account contains a container named Container1 that has the analytical store enabled.

You need to recommend a solution that will process the data stored in Container1 in near-real-time (NRT) and output the results to a data warehouse in Workspace1 by using a runtime engine in the workspace. The solution must minimize data movement

Which pool in Workspace1 should you use?

You plan to deploy an infrastructure solution that will contain the following configurations:
• External users will access the infrastructure by using Azure Front Door.
• External user access to the backend APIs hosted in Azure Kubernetes Service (AKS) will be controlled by using Azure API Management.
• External users will be authenticated by an Azure AD B2C tenant that uses OpenID Connect-based federation with a third-party identity provider.
Which function does each service provide? To answer, drag the appropriate functions to the correct services. Each function may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

You have an Azure AD tenant that contains an administrative unit named MarketingAU. MarketingAU contains 100 users.

You create two users named User1 and User2.

You need to ensure that the users can perform the following actions in MarketingAU:

• User1 must be able to create user accounts.

• User2 must be able to reset user passwords.

Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

You are designing a data analytics solution that will use Azure Synapse and Azure Data Lake Storage Gen2.

You need to recommend Azure Synapse pools to meet the following requirements:

• Ingest data from Data Lake Storage into hash-distributed tables.

• Implement query, and update data in Delta Lake.

What should you recommend for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You are designing an app that will include two components. The components will communicate by sending messages via a queue.

You need to recommend a solution to process the messages by using a First in, First out (FIFO) pattern.

What should you include in the recommendation?

You have the Azure subscriptions shown in the following table.

You have an Azure subscription.

You plan to deploy five storage accounts that will store block blobs and five storage accounts that will host file shares. The file shares will be accessed by using the SMB protocol.

You need to recommend an access authorization solution for the storage accounts. The solution must meet the following requirements:

• Maximize security.
• Prevent the use of shared keys.
• Whenever possible, support time-limited access.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains a server named Server 1. Server1 contains an app named App1 that uses AD DS authentication. Remote users access App1 by using a VPN connection to the on-premises network.

You have an Azure AD tenant that syncs with the AD DS domain by using Azure AD Connect

You need to ensure that the remote users can access Appl without using a VPN. The solution must meet the following requirements:

• Ensure that the users authenticate by using Azure Multi-Factor Authentication (MFA).
• Minimize administrative effort.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You plan to use an Azure Storage account to store data assets.

You need to recommend a solution that meets the following requirements:

• Supports immutable storage.
• Disables anonymous access to the storage account.
• Supports access control list (ACL)-based Azure AD permissions.

What should you include in the recommendation?

Your company, named Contoso, Ltd., has an Azure subscription that contains the following resources:

• An Azure Synapse Analytics workspace named contosoworkspace1.
• An Azure Data Lake Storage account named contosolake1.
• An Azure SQL database named contososql1.

The product data of Contoso is copied from contososql1 to contosolake1.

Contoso has a partner company named Fabrikam Inc. Fabrikam has an Azure subscription that contains the following resources:

• A virtual machine named FabrikamVM1 that runs Microsoft SQL Server 2019
• An Azure Storage account named fabrikamsa1.

Contoso plans to upload the research data on FabrikamVM1 to contosolake1. During the upload, the research data must be transformed to the data formats used by Contoso.

The data in contosolake1 will be analyzed by using contosoworkspace1.

You need to recommend a solution that meets the following requirements:

• Upload and transform the FabrikamVM1 research data.
• Provide Fabrikam with restricted access to snapshots of the data in contosoworkspace1.

What should you recommend for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You are designing a virtual machine that will run Microsoft SQL Server and will contain two data disks. The first data disk will store log files, and the second data disk will store data. Both disks are P40 managed disks.

You need to recommend a caching policy for each disk. The policy must provide the best overall performance for the virtual machine while preserving integrity of the SQL data and logs.

Which caching policy should you recommend for each disk? To answer, drag the appropriate policies to the correct disks. Each policy may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

You are building an Azure web app that will store the Personally Identifiable Information (PII) of employees.

You need to recommend an Azure SQL Database solution for the web app. The solution must meet the following requirements:

• Maintain availability in the event of a single datacenter outage.

• Support the encryption of specific columns that contain PII.

• Automatically scale up during payroll operations.

• Minimize costs.

What should you include in the recommendations? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

A company plans to implement an HTTP-based API to support a web app. The web app allows customers to check the status of their orders.

The API must meet the following requirements:

✑ Implement Azure Functions.

✑ Provide public read-only operations.

✑ Do not allow write operations.

You need to recommend configuration options.

What should you recommend? To answer, configure the appropriate options in the dialog box in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure Functions microservice app named App1 that is hosted in the Consumption plan. App1 uses an Azure Queue Storage trigger.

You plan to migrate App1 to an Azure Kubernetes Service (AKS) cluster.

You need to prepare the AKS cluster to support App1. The solution must meet the following requirements:

• Use the same scaling mechanism as the current deployment.

• Support kubenet and Azure Container Networking Interface (CNI) networking.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct answer is worth one point.

You have two app registrations named App1 and App2 in Azure AD. App1 supports role-based access control (RBAC) and includes a role named Writer.

You need to ensure that when App2 authenticates to access App1, the tokens issued by Azure AD include the Writer role claim.

Which blade should you use to modify each app registration? To answer, drag the appropriate blades to the correct app registrations. Each blade may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

You are designing a storage solution that will ingest, store, and analyze petabytes (PBs) of structured, semi-structured, and unstructured text data. The analyzed data will be offloaded to Azure Data Lake Storage Gen2 for long-term retention.

You need to recommend a storage and analytics solution that meets the following requirements:

• Stores the processed data

• Provides interactive analytics

• Supports manual scaling, built-in autoscaling, and custom autoscaling

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You plan to use Azure SQL as a database platform.

You need to recommend an Azure SQL product and service tier that meets the following requirements:

• Automatically scales compute resources based on the workload demand

• Provides per second billing

What should you recommend? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an app that generates 50,000 events daily.

You plan to stream the events to an Azure event hub and use Event Hubs Capture to implement cold path processing of the events. The output of Event Hubs Capture will be consumed by a reporting system.

You need to identify which type of Azure storage must be provisioned to support Event Hubs Capture, and which inbound data format the reporting system must support.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription.

You create a storage account that will store documents.

You need to configure the storage account to meet the following requirements:

• Ensure that retention policies are standardized across the subscription.

• Ensure that data can be purged if the data is copied to an unauthorized location.

Which two settings should you enable? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains an Azure Kubernetes Service (AKS) instance named AKS1. AKS1 hosts microservice-based APIs that are configured to listen on non-default HTTP ports.

You plan to deploy a Standard tier Azure API Management instance named APIM1 that will make the APIs available to external users.

You need to ensure that the AKS1 APIs are accessible to APIM1. The solution must meet the following requirements:

• Implement MTLS authentication between APIM1 and AKS1.

• Minimize development effort.

• Minimize costs.

What should you do?

You have an Azure subscription.

You need to deploy a solution that will provide point-in-time restore for blobs in storage accounts that have blob versioning and blob soft delete enabled.

Which type of blob should you create, and what should you enable for the accounts? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You are designing an app that will use Azure Cosmos DB to collate sales from multiple countries.

You need to recommend an API for the app. The solution must meet the following requirements:

• Support SQL queries.

• Support geo-replication.

• Store and access data relationally.

Which API should you recommend?

You have an Azure subscription. The subscription contains 100 virtual machines that run Windows Server 2022 and have the Azure Monitor Agent installed.

You need to recommend a solution that meets the following requirements:

• Forwards JSON-formatted logs from the virtual machines to a Log Analytics workspace

• Transforms the logs and stores the data in a table in the Log Analytics workspace

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains the resources shown in the following table:

Log files from App1 are registered to App1Logs. An average of 120 GB of log data is ingested per day.

You configure an Azure Monitor alert that will be triggered if the App1 logs contain error messages.

You need to minimize the Log Analytics costs associated with App1. The solution must meet the following requirements:

• Ensure that all the log files from App1 are ingested to App1Logs.

• Minimize the impact on the Azure Monitor alert.

Which resource should you modify, and which modification should you perform? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains an Azure key vault named KV1 and a virtual machine named VM1. VM1 runs Windows Server 2022: Azure Edition.

You plan to deploy an ASP.Net Core-based application named App1 to VM1.

You need to configure App1 to use a system-assigned managed identity to retrieve secrets from KV1. The solution must minimize development effort.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription named Sub1 that is linked to an Azure AD tenant named contoso.com.

You plan to implement two ASP.NET Core apps named App1 and App2 that will be deployed to 100 virtual machines in Sub1. Users will sign in to App1 and App2 by using their contoso.com credentials.

App1 requires read permissions to access the calendar of the signed-in user. App2 requires write permissions to access the calendar of the signed-in user.

You need to recommend an authentication and authorization solution for the apps. The solution must meet the following requirements:

• Use the principle of least privilege.

• Minimize administrative effort.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains 1,000 resources.

You need to generate compliance reports for the subscription. The solution must ensure that the resources can be grouped by department.

What should you use to organize the resources?

You have an Azure subscription that contains the resources shown in the following table.

You need to recommend a load balancing solution that will distribute incoming traffic for VMSS1 across NVA1 and NVA2. The solution must minimize administrative effort.

What should you include in the recommendation?

You have the resources shown in the following table.

CDB1 hosts a container that stores continuously updated operational data.

You are designing a solution that will use AS1 to analyze the operational data daily.

You need to recommend a solution to analyze the data without affecting the performance of the operational data store.

What should you include in the recommendation?

You have two Azure AD tenants named contoso.com and fabrikam.com. Each tenant is linked to 50 Azure subscriptions. Contoso.com contains two users named User1 and User2.

You need to meet the following requirements:

• Ensure that User1 can change the Azure AD tenant linked to specific Azure subscriptions.

• If an Azure subscription is liked to a new Azure AD tenant, and no available Azure AD accounts have full subscription-level permissions to the subscription, elevate the access of User2 to the subscription.

The solution must use the principle of least privilege.

Which role should you assign to each user? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have 12 Azure subscriptions and three projects. Each project uses resources across multiple subscriptions.

You need to use Microsoft Cost Management to monitor costs on a per project basis. The solution must minimize administrative effort.

Which two components should you include in the solution? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains 50 Azure SQL databases.

You create an Azure Resource Manager (ARM) template named Template1 that enables Transparent Data Encryption (TDE).

You need to create an Azure Policy definition named Policy1 that will use Template1 to enable TDE for any noncompliant Azure SQL databases.

How should you configure Policy1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to recommend a solution to integrate Azure Cosmos DB and Azure Synapse. The solution must meet the following requirements:

• Traffic from an Azure Synapse workspace to the Azure Cosmos DB account must be sent via the Microsoft backbone network.

• Traffic from the Azure Synapse workspace to the Azure Cosmos DB account must NOT be routed over the internet.

• Implementation effort must be minimized.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Your on-premises datacenter contains a server that runs Linux and hosts a Java app named App1. App1 has the following characteristics:

• App1 is an interactive app that users access by using HTTPS connections.

• The number of connections to App1 changes significantly throughout the day.

• App1 runs multiple concurrent instances.

• App1 requires major changes to run in a container.

You plan to migrate App1 to Azure.

You need to recommend a compute solution for App1. The solution must meet the following requirements:

• The solution must run multiple instances of App1.

• The number of instances must be managed automatically depending on the load.

• Administrative effort must be minimized.

What should you include in the recommendation?

You have an Azure subscription that contains the resources shown in the following table.

You create peering between VNet1 and VNet2 and between VNet1 and VNet3.

The virtual machines host an HTTPS-based client/server application and are accessible only via the private IP address of each virtual machine.

You need to implement a load balancing solution for VM2 and VM3. The solution must ensure that if VM2 fails, requests will be routed automatically to VM3, and if VM3 fails, requests will be routed automatically to VM2.

What should you include in the solution?

You plan to deploy an Azure Database for MySQL flexible server named Server1 to the East US Azure region.

You need to implement a business continuity solution for Server1. The solution must minimize downtime in the event of a failover to a paired region.

What should you do?

Your on-premises datacenter contains a server named Server1 that runs Microsoft SQL Server 2022. Server1 contains a 30-TB database named DB1 that stores customer data. Server1 runs a custom application named App1 that verifies the compliance of records in DB1. App1 must run on the same server as DB1.

You have an Azure subscription.

You need to migrate DB1 to Azure. The solution must minimize administrative effort.

To which service should you migrate DB1. and what should you use to perform the migration? To answer. select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains the resources shown in the following table.

VNet1, VNet2, and VNet3 each has multiple virtual machines connected. The virtual machines use the Azure DNS service for name resolution.

You need to recommend an Azure Monitor log routing solution that meets the requirements:

• Ensures that the logs collected from the virtual machines and sent to Workspace' are routed over the Microsoft backbone network

• Minimizes administrative effort

What should you include in the recommendation? To select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You are developing an app that will use Azure Functions to process Azure Event Hubs events. Request processing is estimated to take between five and 20 minutes.

You need to recommend a hosting solution that meets the following requirements:

• Supports estimates of request processing runtimes

• Supports event-driven autoscaling for the app

Which hosting plan should you recommend?