AZ-305 Exam Questions | Sample Q&A Explained in Detail | Microsoft Azure Infrastructure Solutions

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello and i'm glad to meet you in another video on azure certification in this video we will go through 20 sample questions and answer them in detail to help you prepare for the az305 designing microsoft azure infrastructure solutions exam i will leave a link in the description for the entire az305 practice test i've also compiled the az305 study guide be sure to check them out for your exam preparation please subscribe to my channel as this really encourages me to continue making such videos and in case if you don't see practice test for any microsoft certification on my channel please leave a comment i will create a video on that so let's get started a company deploys an app to azure the application consists of a web front end and an application tier you have to implement a load balancing solution that has to comply with these following requirements which of the following is a load balancing solution you would recommend from the internet to the web front end so from internet to the web front end we need a load balancing solution that provides these features all the given requirements like url based routing connection draining and preventing sql injection attacks with the help of a web application firewall work at an application level and are satisfied with an application layer load balancer like azure application gateway option a is the correct answer an azure load balancer made internal or public basic or standard operate at the layer 4 of the osi model and not at the application layer so they don't provide any of the given features options b c and d are incorrect to demonstrate these features i am creating an application gateway with a front end a routing rule and three back-end pools a routing rule sends a traffic from a given front-end to a back-end target in a routing rule i can create multiple path-based rules to route traffic to different backend targets based on the url path of the given request for example if the url has the path images the request is routed to an images pool or if the url has the path video the request is routed to the video pool this is an example of url based routing next application gateway also offers the feature connection draining which removes backend targets during planned service updates once you enable this application gateway ensures the back-end pool does not receive any new request while allowing existing requests to complete within this timeout limit finally if the application gateway is created with a web application firewall tier or a rafter you can enable the firewall to prevent advanced attacks like sql injection so all three requirements are satisfied by azure application gateway with a web application firewall tier enabled your organization has multiple azure cosmos db accounts you need to recommend apis to use for applications functionality which of the following api would you use to host graph based data well each cosmos db account that you create is associated with any of these apis you select an api based on the data you have and the database you need to create select the default api code sequel for new projects or if you are migrating apps written for any of these databases choose the corresponding apis for hosting graph based data use the gremlin api option c is the correct answer a company has an on-premises file server that runs windows server 2019 windows admin center manages this server the company owns an azure subscription you need to provide an azure solution to prevent data loss if the file server fails you decide to register windows admin center in azure and then configure azure backup would this meet the requirement windows admin center is a locally deployed browser-based app for managing windows servers to prevent data loss if the file server fails you can use windows admin center with azure backup service the integration of azure backup in the windows admin center is ideal for backing up volumes or either windows physical or virtual servers registering windows admin center in azure for configuring azure backup will meet the requirement you have the following storage accounts defined in your subscription would the storage account have 6 copies of data well first let's understand how azure organizes its data center some of the azure region support availability zones and in such cases there are three availability zones in an azure region each availability zone has one or more data centers lrs replicates your data three times within a single data center in an azure region zrs or zone redundant storage also replicates your data three times although not in a single data center but across three data centers in three different availability zones in a region both lrs and zrs which provide redundancy only in the primary region replicate the data three times for redundancy in the secondary region we have the option grs and gzrs grs or jio redundant storage in addition to replicating the data three times in a single data center in the primary region also copies the data three times to a single data center in the secondary region gzrs or jio zone redundant storage is similar to grs except that instead of replicating the data three times within a single data center in the primary region it places three copies of your data in three data centers across three availability zones in the primary region so both grs and gzrs copy your data six times since the given storage account has grs replication configured it will store 6 copies of each data file the correct answer choice is yes your company deploys azure resources for several departments each department has different security requirements which of the following would you use to fulfill the requirement for department b which is to allow applications to retrieve a x.509 certificates stored in an azure ad protected resource by using an access token x.509 is a standard that defines the format of public key certificates in ssl this certificate contains a public key in identity for example the host name and is signed by a certificate authority anyone holding the certificate can rely on the public key to establish secure communication per the question let's assume this certificate is stored in a secure store like the azure key vault which supports azure ad authentication then you can use azure ad managed identities to let your application or code access azure ad protected resources like the keyword by using an access token this is the entire process of how a managed identity works in a nutshell when you enable managed identity for your source which can be any of these it creates a service principle object for that source in the azure ready tenant then the source can use this service principle to request access tokens from azure 80 finally the source can use this access token to call the key vault servants to retrieve the x.509 certificate and these are the list of targets that support azure id authentication option b is the correct choice all the other options are incorrect privileged identity management protects access to important resources in the organization by using features like just-in-time access time-bound access and by requiring approvals and justifications for accessing resources azure keyword as the name indicates is like a vault for centrally storing keys and certificates key vault stores the x.509 certificate but it doesn't enable your apps to retrieve them azure security center is now known as microsoft defender for cloud it provides security recommendations and secure score for azure resources so you can analyze and increase their security posture your application uses several sql databases these databases are running on the primary server you plan to create a failover group please select the correct statements about the failover group well failover groups in azure allow you to manage the failover of a group of databases in a primary region to a secondary region after a catastrophic failure to answer the given question let's go through the steps to create a failover group in the azure portal here i have a sql server in the east us location let's go to the failover group section and add a new failover group give a name for the failover group and first let's select this existing server as a secondary server or in other words let's use the primary server that i already have to act as a secondary server for the failover group as you might imagine we cannot choose the same server as the partner server option b which states that the primary server can also serve as a secondary server for the failover group is incorrect so let's create a new server for the secondary database again let's enter the server name and the login credentials for the admin i will use the same region as that used by the primary server which is east u.s and create the server we get the error that the secondary server has to be in a different region from the primary option a which states that the secondary server should not be in the same region as a primary server is a correct choice let's again go through the process of creating a server but this time make sure to place the secondary in a different region i will leave the other defaults and create the failover group the deployment creates a new sql server that will act as the secondary in a different region than the primary server but in the same resource group so the primary and the secondary servers always exist in the same resource group option c is the correct choice let's again go to the primary server and navigate to the failover group we just created you can see that the secondary is only a read-only endpoint whereas the primary is a read write endpoint so the secondary server is read only and you cannot write data to it option d is incorrect finally auto failover groups have a recovery point objective of 5 seconds it means that if a disaster strikes you can lose data that's created in the 5 second duration so for mission critical applications you need to have a retry logic in your app that's exactly point e is about you can lose 5 seconds worth of data or the potential data loss is 5 seconds option e is also a correct choice you're running an azure sql server database on a virtual machine select a service that helps you keep your database highly available first let's search for these options in the microsoft documentation you would note that each of the given feature applies only for a specific product long term backup retention is applicable only for the past services azure sql database and managed instance and not for sql server generally all your azure sql databases are backed up automatically point time restore allows for a short-term backup retention period between 1-35 days if you would like to retain databases beyond 35 days for regulatory and compliance purposes configure the long-term backup retention policy which allows you to store full backups in azure blob storage up to 10 years so option a is incorrect active jio replication applies only to azure sql database with this feature you can create a readable secondary database that synchronized with the primary this replica can either be in the same region as the primary or in a different region option b is also incorrect auto failover groups too is not relevant to sql server in fact auto failover groups simplify the deployment and usage of active jio replication here is how they differ from jio replication as we learned earlier unlike jio replication in auto failover groups your secondary cannot be the same region as the primary and if you have to use managed instance failover groups is the only way to go option d is incorrect that leaves us with always on availability groups if you had worked in sql server you must be knowing this very well in fact always on availability group is introduced in sql server 2012 as an alternative to host of replication features since you have sql server installed on the azure vm only always on availability groups helps you to keep your databases highly available a company has a set of 10 virtual machines created in their azure subscription there is a requirement to ensure that an ita administrator gets an email whenever these following operations are performed on the virtual machine you need to decide on the minimum number of rules and action groups required in azure monitor for this requirement choose two answers from the options given below let's create an alert rule in azure monitor an alert rule contains three parts the scope or the resource you wish to monitor condition which defines when the alert rule should be triggered and action where you send notifications or invoke actions let's select our subscription as the scope and define a condition which will trigger this alert rule the question add three requirements so let's search for vmd allocation and that's it we have added a condition and as you can observe you cannot add any more conditions to the alet rule you can add other conditions for example restart the vm but in that case the older condition is replaced with the new condition so to alert the id administrator whenever these three operations are performed on the virtual machine you need to create three different alert rules option a is the correct answer the final step is to define the action group which is a collection of notification preferences so if you want the id administrators to be notified via email when any of the given operations occur you define the email notification details in the action group since the question talks about just one set of notification preferences which is just to email the it administrator creating one action group is sufficient option c is another correct choice a company plans to host a web application using azure web app service the service must provide an auto skill option based on demand with minimal cost you allocate the azure web app to a shared app service plan would this solution fulfill the requirement none of the pricing tiers in the dev test workload offer the auto scale option only manual scale is available for some of the tiers shared app service plan is either f1 or d1 if you need to auto scale your app you need to go for at least the standard tier the given solution doesn't fulfill the requirement option no is the correct answer your company currently has an application that is hosted on their on-premises environment the application connects to two databases in the on-premises environment you have to move the databases to azure the databases have to support server-side transactions across both the databases you deploy them to an azure sql managed instance would this fulfill the requirement if you need to run transactions across both the databases choose an azure service which can handle distributed transactions or in other words elastic database transactions both azure sql database and managed instance support distributed transactions they both support client-side development in c-sharp and dot-net but only the managed instance supports the server-side development in stored procedures so deploying the databases to a managed instance would fulfill the requirement in case the databases are in different managed instances you need to ensure the instances are in a mutual communication relationship this is done by creating a server trust group which manages the trust between the two managed instances in a truss group you can add other sql server instances but only of the resource type managed instance also the instances need to be in the same v-net or we need to configure v-net pairing if they are on multiple units your company's azure web app runs on the premium app service plan you have to configure the web app so that it can fulfill the following requirements which of the following can be used for these requirements of all the given options deployment slots is the correct answer all other options are irrelevant to understand how deployment slots satisfy the requirements in the question i have created a sample.net web application this is just the boilerplate template provided by visual studio out of the box which will be helpful to understand deployment slots i have already created a web app in azure and publish the app i just showed you to this azure app suppose i need to update the app and publish a version 2. rather than publishing the app directly to the protection we can create a new deployment slot and publish the app there here we already have our app in the production slot we will add a new staging slot for this app and clone the settings from the protection app this staging slot is created as a new app service slot resource with a unique url just observe this url the name of the staging slot is suffix to the name of the production slot to create a new url let's publish our changes in visual studio to the staging slot this is the publish profile for the production slot let's create a new profile for the staging slot select your app and then the specific deployment slot to publish to finally publish the app refresh the staging slot to view the latest changes one benefit of using deployment slots is that you can test the latest changes in the staging slot before making the changes live in production so the deployment slots provide the ability to test newer versions of the app in a staging slot before the changes are pushed to production remember that the production app still shows the previous version to get the latest version in the production app you just need to swap the staging slot into protection now the staging slot shows the previous version and the production slot the new version therefore the deployment slots also provide the ability to switch your production app from the current version to a newer version suppose your testing was not foolproof and you encounter some issues in the production app rolling back changes is as easy as publishing changes to it just do this fab operation again and verify the changes so deployment slots also ensure that the application version can be rolled back in case of an issue deploying an app to a slot first and then swapping it into production make sure that all instances of the slot are warmed up before being swapped into protection this eliminates downtime when you deploy your app so using deployment slots is a good way to minimize downtime this question is based on a case study there are lots of information here i suggest you to read them at your own pace but for our question the information we need to know is that the application stores its data on sql server on premises and that the company has already purchased enterprise licenses with software assurance based on this information you need to recommend how to set up a data store for hosting sql databases in azure which of the following would you recommend azure hybrid benefit allows you to exchange your existing on-prem sql server licenses for discounted rates on azure sql database for example for every sql server enterprise edition license core you get four general purpose v cores in azure you can save nearly 35 percent by using software assurance enabled sql server licenses on azure since the company already has existing microsoft licenses with software assurance the recommended solution should use azure hybrid benefit to get cost benefits while creating an azure sql database you can choose from two different purchasing models a weaker based purchasing model and a dtu based model the azure hybrid benefit applies only if you are using a weak or based model it is not available for a dtu based model the reason could be a weaker based model makes it simpler to translate on-prem hardware resource specs into similar specs on azure sql database so option c is incorrect and option d is the correct answer and even within vcore based model azure hybrid benefit is available only if you use the provisioned compute tier it is not available when you use a serverless tier elastic pools too do not benefit from azure hybrid benefit irrespective of whether you use a weaker based or a d2 based model option a is also incorrect option b is not a great solution as that would mean you would need to invest extra money on the virtual machine a company needs to migrate an on-premises sql server to azure via azure express route the migrated instance in azure must follow these requirements which of the following would you implement of all the given options managed instance is designed specifically to lift and shift existing sql server workloads on premises to azure with minimal application and database changes azure sql managed instance is the correct answer managed instance provides automatic patching and sql server version upgrades it automatically backs up your data has built-in high availability encrypts data in transit with tls provides a native v-net to deploy the resources to and has a dedicated underlying infrastructure sql server on azure vm is not a pass service and does not provide pass capabilities like automatic patching high availability and automated backups elastic pools are best used for building sas applications where a single database is allocated to each customer or a tenant to combat periods of unpredictable usage by any tenant developers purchase a pool of resources which are then shared by multiple databases in the pool your company deploys an azure web application the app will use azure blob storage for storing a large number of static contents like javascript and css files the users of the app are located across the world you have to ensure the time to load individual pages is minimized which of the following would you recommend for this requirement the azure cdn caches static content in storage blobs cdn redirects user request in real time to the node closest to the user based on geographical distance and latency thereby decreasing the page load time option b is the correct answer load balancer evenly distributes the traffic to a set of backend servers it doesn't decrease a user's page load time azure application gateway is similar to a load balancer but it works at the application layer although both azure cdn and azure redis cache are caching solutions the use case given in the question is not appropriate for redis cache azure redis cache complements azure database solutions by storing query results for faster data retrieval whereas azure cdn caches static content such as images css or html documents across a network of servers around the globe your company needs to generate a monthly report on all resources that were deployed to azure which of the following would help achieve this requirement go to the activity log section in azure monitor to look at all the management plane activities that were performed on your azure resources these activity logs are different from a resource log which provides insights into the data plane activities performed within an azure resource option b is the correct answer azure log analytics is a service within azure monitor which stores azure monitor log data it helps you analyze log data by running queries on the data collected by azure monitor as we already discussed action groups are a collection of notification preferences it notifies member when an azure monitor alert gets triggered as azure advisor is a personalized cloud consultant that helps you follow the best practices for optimizing azure deployments across these five domains you deploy an azure sql database the database must meet these requirements for this question though we need to decide which of the following can be implemented for the high t help desk operators security requirement which is if they query table they must only see the last four digits of a credit card number well this is a perfect use case of dynamic data masking which limits exposure to sensitive data thereby preventing users would not have access to the data from viewing it but note that ddm only hides the sensitive data in the query results the underlying data is not changed option d is the correct choice transparent data encryption encrypts data at rest azure advanced threat protection is now known as microsoft defender for identity it protects your organization's identities always encrypted encrypts sensitive data inside the client app and stores the encrypted data in sql database without even revealing the encryption keys to the sql engine you have to run an image rendering solution in azure the solution needs to make use of parallel compute processes which of the following is the best service to use for this requirement azure batch can run large scale parallel and high performance workloads like image rendering azure batch is the correct choice option a is incorrect since virtual machine scale set provides high availability to your application architecture which means it eliminates single points of failure option b is incorrect function app is a serverless solution option d is in correct since azure community service is for orchestrating container based workloads your company's azure subscription contains a blob container the company users from the finance department needs to have access to the blobs but only during the month of march which of the following is the right security access solution for this requirement well storage account access keys gives you full rights to everything in your storage account also access keys offer you no capability to limit access for a specific duration but with a shared access signature you can limit access for a specific time duration option a is the correct choice conditional access policies are related to user logins and azure active directory you cannot create conditional access policies for azure resources certificates are also not related to storage account a company wants to reduce the risk of malicious applications attempting to trick users into granting them access to its data what would you recommend for the company to set up to reduce the risk of malicious applications attempting to trick users into granting them access to your organization's data microsoft recommends that admins allow user content only for applications that have been published by a verified publisher this bluetech indicates authenticity and that the publisher has verified their identity using a microsoft partner network in azure id tenant admins can allow user content for apps only from verified publishers the option azure id user consent for apps from verified publishers is the correct answer option azure policy is incorrect as it is only valid for azure resources recommending either azure ad admin content for all apps or azure id no user consent will affect the user's productivity a company wants to migrate workloads from on premises to the cloud what are the three main migration effort phases that you would advise the company to prepare for the three migration effort phases are access workloads where you evaluate the cost and architecture of each workload deploy workloads where you lift and shift workloads to the cloud and finally in release workloads you test optimize and review the workloads options a c and d are the correct answers once you are done let's submit the test and verify the performance so if you are preparing for the az305 designing microsoft azure infrastructure solutions exam check the description for the link to the entire practice test that covers the length and breadth of all the objectives in the exam also check out my youtube channel i have already covered the sample exam questions for other microsoft certifications and in case if you don't find them for any azure certification please leave a comment i will create a video on that as always share the video and please do subscribe to my youtube channel because more awesome videos are on the way

Info

Channel: R A V I K I R A N S

Views: 264

Rating: undefined out of 5

Keywords: az-305 practice test, az-305 exam questions, az-305 sample Q&A, az-305 azure, az-305 architect, az-305

Id: cuGfnaUXs_8

Channel Id: undefined

Length: 34min 24sec (2064 seconds)

Published: Tue Dec 07 2021