leads4pass AZ-305 dumps contain 263 latest exam questions and answers in 2023. Each exam question is carefully designed to match the actual exam questions and answers. It is a really effective Designing Microsoft Azure Infrastructure Solutions certification exam material.
Download the AZ-305 dumps: https://www.leads4pass.com/az-305.html, use the VCE exercises, or read the PDF, which is all eligible for exam preparation.
Try the latest free AZ-305 exam practice questions:
Number of exam questions | Exam name | Exam code |
15 | Designing Microsoft Azure Infrastructure Solutions | AZ-305 |
Question 1:
You plan to automate the deployment of resources to Azure subscriptions.
What is the difference between using Azure Blueprints and Azure Resource Manager templates?
A. Azure Resource Manager templates remain connected to the deployed resources.
B. Only Azure Resource Manager templates can contain policy definitions.
C. Azure Blueprints remain connected to the deployed resources.
D. Only Azure Blueprints can contain policy definitions.
Correct Answer: C
With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. This connection supports improved tracking and auditing of deployments.
Azure Blueprints can also upgrade several subscriptions at once that are governed by the same blueprint.
Incorrect:
Not A: Nearly everything that you want to include for deployment in Azure Blueprints can be accomplished with a Resource Manager template. However, a Resource Manager template is a document that doesn’t exist natively in Azure. each is stored either locally or in source control. The template gets used for deployments of one or more Azure resources, but once those resources deploy there\’s no active connection or relationship to the template.
Reference:
Question 2:
HOTSPOT
You plan to migrate on-premises Microsoft SQL Server databases to Azure.
You need to recommend a deployment and resiliency solution that meets the following requirements:
Supports user-initiated backups
Supports multiple automatically replicated instances across Azure regions
Minimizes administrative effort to implement and maintain business continuity
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Explanation:
Box 1: An Azure SQL Database single database.
SQL Server Managed instance versus SQL Server Virtual Machines
Active geo-replication is not supported by Azure SQL Managed Instance.
Box 2: Active geo-replication
Active geo-replication is a feature that lets you create a continuously synchronized readable secondary database for a primary database. The readable secondary database may be in the same Azure region as the primary, or, more commonly, in a different region. These kinds of readable secondary databases are also known as geo-secondaries or geo-replicas.
Incorrect Answers:
A Zone-redundant deployment is within a single region.
Auto-failover groups support the geo-replication of all databases in the group to only one secondary server or instance in a different region. If you need to create multiple Azure SQL Database geo-secondary replicas (in the same or different regions) for the same primary replica, use active geo-replication.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/active-geo-replication-overview
Question 3:
HOTSPOT
You are evaluating whether to use Azure Traffic Manager and Azure Application Gateway to meet the connection requirements for App1.
What are the minimum numbers of instances required for each service? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 4:
DRAG DROP
You have an on-premises network that uses an IP address space of 172.16.0.0/16. You plan to deploy 25 virtual machines to a new Azure subscription. You identify the following technical requirements:
1.
All Azure virtual machines must be placed on the same subnet named Subnet1.
2.
All the Azure virtual machines must be able to communicate with all on-premises servers.
3.
The servers must be able to communicate between the on-premises network and Azure by using a site-to-site VPN.
You need to recommend a subnet design that meets the technical requirements.
What should you include in the recommendation? To answer, drag the appropriate network addresses to the correct subnets. Each network address may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content
NOTE: Each correct selection is worth one point.
Select and Place:
Correct Answer:
Question 5:
HOTSPOT
You need to ensure that users managing the production environment are registered for Azure MFA and must authenticate by using Azure MFA when they sign in to the Azure portal.
The solution must meet the authentication and authorization requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Azure AD Identity Protection
Azure AD Identity Protection helps you manage the roll-out of Azure AD Multi-Factor Authentication (MFA) registration by configuring a Conditional Access policy to require MFA registration no matter what modern authentication app you are signing in to.
Scenario: Users that manage the production environment by using the Azure portal must connect from a hybrid Azure AD-joined device and authenticate by using Azure Multi-Factor Authentication (MFA).
Box 2: Sign-in risk policy…
Scenario: The Litware.com tenant has a conditional access policy named capolicy1.
Capolicy1 requires that when users manage the Azure subscription for a production environment by using the Azure portal, they must connect from a hybrid Azure AD-joined device.
Identity Protection policies we have two risk policies that we can enable in our directory.
1.
Sign-in risk policy
2.
User risk policy
Question 6:
HOTSPOT
You have an Azure subscription named Subscription1 that is linked to a hybrid Azure Active Directory (Azure AD) tenant.
You have an on-premises data center that does NOT have a VPN connection to Subscription1. The data center contains a computer named Server1 that has Microsoft SQL Server 2016 installed. The server is prevented from accessing the internet.
An Azure logic app resource named LogicApp1 requires to write access to a database on Server1.
You need to recommend a solution to provide LogicApp1 with the ability to access Server1.
What should you recommend deploying on-premises and in Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: An on-premises data gateway
For logic apps in global, multi-tenant Azure that connect to on-premises SQL Server, you need to have the on-premises data gateway installed on a local computer and a data gateway resource that\’s already created in Azure.
Box 2: A connection gateway resource
Reference:
https://docs.microsoft.com/en-us/azure/connectors/connectors-create-api-sqlazure
Question 7:
A company needs a data store created in Azure for an application. Below are the key requirements for the data store.
Ability to store JSON-based items Ability to use SQL-like queries on the datastore Ability to provide low latency access to data items
Which of the following would you consider as the data store?
A. Azure BLOB storage
B. Azure CosmosDB
C. Azure HDInsight
D. Azure Redis
Correct Answer: B
Question 8:
You have an Azure subscription.
You need to recommend a solution to provide developers with the ability to provision Azure virtual machines. The solution must meet the following requirements:
1.
Only allow the creation of virtual machines in specific regions.
2.
Only allow the creation of specific sizes of virtual machines. What should you include in the recommendation?
A. Conditional Access policies
B. role-based access control (RBAC)
C. Azure Resource Manager (ARM) templates
D. Azure Policy
Correct Answer: D
https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/manage/azure-server-management/common-policies#restrict-vm-size
Question 9:
DRAG DROP You need to recommend a solution that meets the file storage requirements for App2. What should you deploy to the Azure subscription and the on-premises network? To answer, drag the appropriate services to the correct locations. Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Select and Place:
Correct Answer:
Box 1: Azure Files
Scenario: App2 has the following file storage requirements:
Save files to an Azure Storage account.
Replicate files to an on-premises location.
Ensure that on-premises clients can read the files over the LAN by using the SMB protocol.
Box 2: Azure File Sync
Use Azure File Sync to centralize your organization\’s file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms Windows Server into a quick cache of your Azure file share. You can use any protocol that\’s available on Windows Server to access your data locally, including SMB, NFS, and FTPS. You can have as many caches as you need across the world.
Reference:
https://docs.microsoft.com/en-us/azure/storage/file-sync/file-sync-deployment-guide
Question 10:
DRAG DROP
You need to configure an Azure policy to ensure that the Azure SQL databases have TDE enabled. The solution must meet security and compliance requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Scenario: All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.
Step 1: Create an Azure policy definition that uses the deployIfNotExists identity.
The first step is to define the roles that deployIfNotExists and modify needs in the policy definition to successfully deploy the content of your included template.
Step 2: Create an Azure policy assignment
When creating an assignment using the portal, Azure Policy both generates the managed identity and grants it the roles defined in roleDefinitionIds.
Step 3: Invoke a remediation task
Resources that are non-compliant with a deployIfNotExists or modify policy can be put into a compliant state through Remediation. Remediation is accomplished by instructing Azure Policy to run the deployIfNotExists effect or the modify operations of the assigned policy on your existing resources and subscriptions, whether that assignment is to a management group, a subscription, a resource group, or an individual resource.
During the evaluation, the policy assignment with deployIfNotExists or modify effects determines if there are non-compliant resources or subscriptions. When non-compliant resources or subscriptions are found, the details are provided on the Remediation page.
Question 11:
You need to recommend a notification solution for the IT Support distribution group. What should you include in the recommendation?
A. Azure Network Watcher
B. an action group
C. a SendGrid account with advanced reporting
D. Azure AD Connect Health
Correct Answer: D
References: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-healthoperations
Question 12:
A company is planning on deploying an application onto Azure. The application will be based on the .Net core programming language. The application would be hosted using Azure Web apps. Below is part of the various requirements for the application Give the ability to correlate Azure resource usage and the performance data with the actual application configuration and performance data Give the ability to visualize the relationships between application components Give the ability to track requests and exceptions to specific lines of code from within the application Give the ability to actually analyze how uses return to an application and see how often they only select a particular drop-down value
Which of the following service would be best suited for fulfilling the requirement of “Give the ability to correlate Azure resource usage and the performance data with the actual application configuration and performance data”
A. Azure Application Insights
B. Azure Service Map
C. Azure Log Analytics
D. Azure Activity Log
Correct Answer: C
Question 13:
What should you include in the identity management strategy to support the planned changes?
A. Deploy domain controllers for corp.fabrikam.com to virtual networks in Azure.
B. Move all the domain controllers from corp.fabrikam.com to virtual networks in Azure.
C. Deploy a new Azure AD tenant for the authentication of new RandD projects.
D. Deploy domain controllers for the rd.fabrikam.com forest to virtual networks in Azure.
Correct Answer: A
Directory synchronization between Azure Active Directory (Azure AD) and corp.fabrikam.com must not be affected by a link failure between Azure and the on-premises network. (This requires domain controllers in Azure). Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails. (This requires domain controllers on-premises).
Question 14:
HOTSPOT
You are designing an Azure web app.
You plan to deploy the web app to the North Europe Azure region and the West Europe Azure region.
You need to recommend a solution for the web app. The solution must meet the following requirements:
1.
Users must always access the web app from the North Europe region unless the region fails.
2.
The web app must be available to users if an Azure region is unavailable.
3.
Deployment costs must be minimized.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 15:
HOTSPOT
You plan to implement an access review to meet the following requirements:
The access review must be enforced until otherwise configured. Each user or group that has access to the Azure environment must be in the scope of the access review.
The access review must be completed within two weeks. A lack of response must not cause changes in the operational environment.
An administrator creates the access review shown in the answer area.
Which two sections of the access review should you modify to meet the requirements? To answer, select the appropriate sections in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
…
Continue learning at leads4pass az-305 dumps.
Candidates can use the official website, search engines, or AI tools to help them find the preparation details before the AZ-305 exam. The most important thing is to practice the leads4pass AZ-305 dumps in 2023: https://www.leads4pass.com/az-305.html, Make sure you pass the exam 100% successfully.