There are still many candidates who are asking me for AZ-303 and AZ-304 exam materials, and I have responded in unison, please study AZ-305 certification exam questions in 2022 to help you get the latest exam certification.
Exam AZ-303: Microsoft Azure Architect Technologies
Exam AZ-304: Microsoft Azure Architect Design
Change 2022:
Exam AZ-305 2022: Designing Microsoft Azure Infrastructure Solutions
Inform all Microsoft Azure AZ-305 exam candidates:
Please focus on the latest AZ-305 exam in 2022, which covers all the core content of az-303, and az-304:
design identity, governance, and monitoring solutions; design data storage solutions; design business continuity solutions; and design infrastructure solutions.
Current candidates are fortunate because they can find a wide range of learning channels to learn a variety of relevant expertise:
- Microsoft Officially Provides AZ-305 Exam Prep Video: https://learn.microsoft.com/en-us/shows/exam-readiness-zone/preparing-for-az-305-design-identity-governance-and-monitoring-solutions-segment-1-of-4
- AZ-305 Study Guide from Microsoft: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWLFRU
- Latest updated AZ-305 exam questions and answers from Lead4pass
- other
Read the Microsoft AZ-305 exam questions and answers online:
NEW QUESTION 1:
You plan to deploy an application named App1 that will run on five Azure virtual machines. Additional virtual machines will be deployed later to run App1. You need to recommend a solution to meet the following requirements for the virtual machines that will run App1:
Ensure that the virtual machines can authenticate to Azure Active Directory (Azure AD) to gain access to an Azure key vault, Azure Logic Apps instances, and an Azure SQL database.
Avoid assigning new roles and permissions for Azure services when you deploy additional virtual machines.
Avoid storing secrets and certificates on virtual machines. Which type of identity should you include in the recommendation?
A. a service principal that is configured to use a certificate
B. a system-assigned managed identity
C. a service principal that is configured to use a client’s secret
D. a user-assigned managed identity
Correct Answer: D
Managed identities for Azure resources are a feature of Azure Active Directory. User-assigned managed identity can be shared. The same user-assigned managed identity can be associated with more than one Azure resource.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
NEW QUESTION 2:
You have an Azure subscription that contains a custom application named Application was developed by an external company named fabric, Ltd. Developers at Fabrikam were assigned role-based access control (RBAV) permissions to the Application components. All users are licensed for the Microsoft 365 E5 plan.
You need to recommend a solution to verify whether the Faricak developers still require permissions for Application1.
The solution must the following requirements.
1. To the manager of the developers, send a monthly email message that lists the access permissions to Application1.
2. If the manager does not verify access permission, automatically revoke that permission.
3. Minimize development effort. What should you recommend?
A. In Azure Active Directory (AD) Privileged Identity Management, create a custom role assignment for the Application1 resources
B. Create an Azure Automation runbook that runs the Get-AzureADUserAppRoleAssignment cmdlet
C. Create an Azure Automation runbook that runs the Get-AzureRmRoleAssignment cmdlet
D. In Azure Active Directory (Azure AD), create an access review of Application1
Correct Answer: D
Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments. User\’s access can be reviewed on a regular basis to make sure only the right people have continued access. Have reviews recur periodically:
You can set up recurring access reviews of users at set frequencies such as weekly, monthly, quarterly, or annually, and the reviewers will be notified at the start of each review. Reviewers can approve or deny access with a friendly interface and with the help of smart recommendations.
Why are access reviews important?
“Azure AD enables you to collaborate with users from inside your organization and with external users. Users can join groups, invite guests, connect to cloud apps, and work remotely from their work or personal devices. The convenience of using self-service has led to a need for better access management capabilities.”
NEW QUESTION 3:
You are designing an Azure solution for a company that has four departments. Each department will deploy several Azure app services and Azure SQL databases.
You need to recommend a solution to report the costs for each department to deploy the app services and the databases. The solution must provide a consolidated view for cost reporting that displays cost broken down by department.
Solution: Create a separate resource group for each department. Place the resources for each department in its respective resource group.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Instead, create a resources group for each resource type. Assign tags to each resource group.
Note: Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to organize resources for billing or management.
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
NEW QUESTION 4:
A company deploys Azure Active Directory (Azure AD) Connect to synchronize identity information from their on-premises Active Directory Domain Services (AD DS) directory to their Azure AD tenant.
The identity information that is synchronized includes user accounts, credential hashes for authentication (password sync), and group memberships.
The company plans to deploy several Windows and Linux virtual machines (VMs) to support its applications.
The VMs have the following requirements:
1. Support domain join, LDAP read, LDAP bind, NTLM and Kerberos authentication, and Group Policy.
2. Allow users to sign in to the domain using their corporate credentials and connect remotely to the VM by using Remote Desktop.
You need to support the VM deployment.
Which service should you use?
A. Active Directory Federation Services (AD FS)
B. Azure AD Privileged Identity Management
C. Azure Managed Identity
D. Azure AD Domain Services
Correct Answer: D
Azure AD Domain Services provides managed domain services such as domain join, group policy, LDAP,
Kerberos/NTLM authentication that is fully compatible with Windows Server Active Directory.
Reference: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-overview
NEW QUESTION 5:
DRAG DROP
Your on-premises network contains a server named Server1 that runs an ASP.NET application named App1.
You have a hybrid deployment of Azure Active Directory (Azure AD). You need to recommend a solution to ensure that users sign in by using their Azure AD account and Azure Multi-Factor Authentication (MFA) when they connect to App1 from the internet.
Which three Azure services should you recommend be deployed and configured in sequence?
To answer, move the appropriate services from the list of services to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
NEW QUESTION 6:
HOTSPOT
You have an Azure web app named App1 and an Azure key vault named KV1.
App1 stores database connection strings in KV1.
App1 performs the following types of requests to KV1:
1.
Get
2.
List
3.
Wrap
4.
Delete
5.
Unwrap
6.
Backup
7.
Decrypt
- Encrypt
You are evaluating the continuity of service for App1.
You need to identify the following if the Azure region that hosts KV1 becomes unavailable:
1.
To where will KV1 fail over?
2.
During the failover, which request type will be unavailable?
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: A server in the same paired region
The contents of your key vault are replicated within the region and to a secondary region at least 150 miles away, but within the same geography to maintain high durability of your keys and secrets.
Box 2: Delete
During failover, your key vault is in read-only mode. Requests that are supported in this mode are:
List certificates
Get certificates
List secrets
Get secrets
List keys
Get (properties of) keys
Encrypt
Decrypt
Wrap
Unwrap
Verify
Sign
Backup
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidance
NEW QUESTION 7:
You plan to deploy multiple instances of an Azure web app across several Azure regions.
You need to design an access solution for the app. The solution must meet the following replication requirements:
Support rate limiting.
Balance requests between all instances.
Ensure that users can access the app in the event of a regional outage.
Solution: You use Azure Application Gateway to provide access to the app.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
NEW QUESTION 8:
HOTSPOT
You are evaluating the components of the migration to Azure that require you to provision an Azure Storage account.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
NEW QUESTION 9:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that uses data from two on-premises Microsoft SQL Server databases named DB1 and DB2.
You plan to move DB1 and DB2 to Azure.
You need to implement Azure services to host DB1 and DB2. The solution must support server-side transactions across DB1 and DB2.
Solution: You deploy DB1 and DB2 as Azure SQL databases on the same Azure SQL Database server.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Instead deploy DB1 and DB2 to SQL Server on an Azure virtual machine.
Note: Understanding distributed transactions.
When both the database management system and client are under the same ownership (e.g. when SQL Server is deployed to a virtual machine), transactions are available and the lock duration can be controlled.
Reference:
https://docs.particular.net/nservicebus/azure/understanding-transactionality-in-azure
NEW QUESTION 10:
You need to recommend a solution to meet the database retention requirements. What should you recommend?
A. Configure a long-term retention policy for the database.
B. Configure Azure Site Recovery.
C. Use automatic Azure SQL Database backups.
D. Configure geo-replication of the database.
Correct Answer: A
In Azure SQL Database, you can configure a database with a long-term backup retention policy (LTR) to automatically retain the database backups in separate Azure Blob storage containers for up to 10 years
https://docs.microsoft.com/en-
us/azure/azure-sql/database/long-termretention-overview
NEW QUESTION 11:
DRAG DROP
You are planning an Azure solution that will host production databases for a high- performance application.
The solution will include the following components:
Two virtual machines that will run Microsoft SQL Server 2016, will be deployed to different data centers in the same Azure region, and will be part of an Always On availability group.
SQL Server data that will be backed up by using the Automated Backup feature of the SQL Server IaaS Agent Extension (SQLIaaSExtension)
You identify the storage priorities for various data types as shown in the following table.
Which storage type should you recommend for each data type? To answer, drag the appropriate storage types to the correct data types. Each storage type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Correct Answer:
NEW QUESTION 12:
HOTSPOT
You plan to migrate on-premises Microsoft SQL Server databases to Azure.
You need to recommend a deployment and resiliency solution that meets the following requirements:
Supports user-initiated backups
Supports multiple automatically replicated instances across Azure regions
Minimizes administrative effort to implement and maintain business continuity
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Explanation:
Box 1: An Azure SQL Database single database.
SQL Server Managed instance versus SQL Server Virtual Machines
Active geo-replication is not supported by Azure SQL Managed Instance.
Box 2: Active geo-replication
Active geo-replication is a feature that lets you to create a continuously synchronized readable secondary database for a primary database.
The readable secondary database may be in the same Azure region as the primary, or, more commonly, in a different region. This kind of readable secondary databases are also known as geo-secondaries, or geo-replicas.
Incorrect Answers:
A Zone-redundant deployment is within a single region.
Auto-failover groups support geo-replication of all databases in the group to only one secondary server or instance in a different region. If you need to create multiple Azure SQL Database geo-secondary replicas (in the same or different regions) for the same primary replica, use active geo-replication.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/active-geo-replication-overview
NEW QUESTION 13:
HOTSPOT
You have an Azure Resource Manager template named Template1 in the library as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-syntax
…
Candidates can get 248 latest valid AZ-305 exam questions and answers by checking this link
By the way, share 13 newly updated AZ-305 PDF exam questions and answers for free: https://drive.google.com/file/d/1GMhl9oGupHzhLkwCxEboWPpaN1AAtkyK/view?usp=sharing