AZ-305 無料問題集「Microsoft Designing Microsoft Azure Infrastructure Solutions」
You need to recommend a solution to deploy containers that run an application. The application has two tiers.
Each tier is implemented as a separate Docker Linux-based image. The solution must meet the following requirements:
* The front-end tier must be accessible by using a public IP address on port 80.
* The backend tier must be accessible by using port 8080 from the front-end tier only.
* Both containers must be able to access the same Azure file share.
* If a container fails, the application must restart automatically.
* Costs must be minimized.
What should you recommend using to host the application?
Each tier is implemented as a separate Docker Linux-based image. The solution must meet the following requirements:
* The front-end tier must be accessible by using a public IP address on port 80.
* The backend tier must be accessible by using port 8080 from the front-end tier only.
* Both containers must be able to access the same Azure file share.
* If a container fails, the application must restart automatically.
* Costs must be minimized.
What should you recommend using to host the application?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You plan to develop a new app that will store business critical data. The app must meet the following requirements:
* Prevent new data from being modified for one year.
* Maximize data resiliency.
* Minimize read latency.
What storage solution should you recommend for the app? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
* Prevent new data from being modified for one year.
* Maximize data resiliency.
* Minimize read latency.
What storage solution should you recommend for the app? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
正解:
Explanation:
You have an on-premises network that uses an IP address space of 172.16.0.0/16. You plan to deploy 25 virtual machines to a new Azure subscription. You identify the following technical requirements:
* All Azure virtual machines must be placed on the same subnet named Subnet1.
* All the Azure virtual machines must be able to communicate with all on-premises servers.
* The servers must be able to communicate between the on-premises network and Azure by using a site-to-site VPN.
You need to recommend a subnet design that meets the technical requirements.
What should you include in the recommendation? To answer, drag the appropriate network addresses to the correct subnets. Each network address may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content NOTE: Each correct selection is worth one point.
* All Azure virtual machines must be placed on the same subnet named Subnet1.
* All the Azure virtual machines must be able to communicate with all on-premises servers.
* The servers must be able to communicate between the on-premises network and Azure by using a site-to-site VPN.
You need to recommend a subnet design that meets the technical requirements.
What should you include in the recommendation? To answer, drag the appropriate network addresses to the correct subnets. Each network address may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content NOTE: Each correct selection is worth one point.
正解:
Explanation:
Your company plans to publish APIs for its services by using Azure API Management.
You discover that service responses include the AspNet-Version header.
You need to recommend a solution to remove AspNet-Version from the response of the published APIs.
What should you include in the recommendation?
You discover that service responses include the AspNet-Version header.
You need to recommend a solution to remove AspNet-Version from the response of the published APIs.
What should you include in the recommendation?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have 15 on-premises Hyper-V virtual machines.
You have an Azure subscription that contains an Azure Migrate project named Project 1.
You need to assess the virtual machines for migration to Azure by using Project 1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have an Azure subscription that contains an Azure Migrate project named Project 1.
You need to assess the virtual machines for migration to Azure by using Project 1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation:
1. Download the VHD of the Azure Migrate appliance.
2. Create an appliance virtual machine.
3. Configure the virtual machine for the appliance.
4. Register the virtual machine for the appliance.
* Step 1: You need to get the VHD of the Azure Migrate appliance.
* Step 2: Use this VHD to create a new virtual machine, which will serve as the appliance.
* Step 3: Configure the appliance VM with the appropriate settings.
* Step 4: Register the appliance with the Azure Migrate project so it can discover the on-premises Hyper- V virtual machines.
You plan to deploy an Azure BareMetal Infrastructure instance that will host the data tier of a business- critical workload. The application tier of the workload will be hosted on Azure virtual machines.
You need to configure the virtual machines to minimize network latency between the application tier and the data tier.
What should you use?
You need to configure the virtual machines to minimize network latency between the application tier and the data tier.
What should you use?
正解:A
解答を投票する
Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service instances will be deployed at the same time as the Azure SQL databases.
The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region.
You need to recommend a solution to meet the regulatory requirement.
Solution: You recommend using the Regulatory compliance dashboard in Microsoft Defender for Cloud.
Does this meet the goal?
The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region.
You need to recommend a solution to meet the regulatory requirement.
Solution: You recommend using the Regulatory compliance dashboard in Microsoft Defender for Cloud.
Does this meet the goal?
正解:B
解答を投票する
You need to recommend a solution to ensure that App1 can access the third-party credentials and access strings. The solution must meet the security requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Scenario: Security Requirement
All secrets used by Azure services must be stored in Azure Key Vault.
Services that require credentials must have the credentials tied to the service instance. The credentials must NOT be shared between services.
Box 1: A service principal
A service principal is a type of security principal that identifies an application or service, which is to say, a piece of code rather than a user or group. A service principal's object ID is known as its client ID and acts like its username. The service principal's client secret acts like its password.
Note: Authentication with Key Vault works in conjunction with Azure Active Directory (Azure AD), which is responsible for authenticating the identity of any given security principal.
A security principal is an object that represents a user, group, service, or application that's requesting access to Azure resources. Azure assigns a unique object ID to every security principal.
Box 2: A role assignment
You can provide access to Key Vault keys, certificates, and secrets with an Azure role-based access control.
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/authentication
You have 100 Azure Storage accounts.
Access to the accounts is restricted by using Azure role-based access control (Azure RBAC) assignments.
You need to recommend a solution that uses role assignment conditions based on the tags assigned to individual resources within the storage accounts.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
Access to the accounts is restricted by using Azure role-based access control (Azure RBAC) assignments.
You need to recommend a solution that uses role assignment conditions based on the tags assigned to individual resources within the storage accounts.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
正解:
Explanation:
Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains a server named Server1. Server1 contains an app named App1 that uses AD DS authentication.
Remote users access App1 by using a VPN connection to the on-premises network.
You have a Microsoft Entra tenant that syncs with the AD DS domain by using Microsoft Entra Connect.
You need to ensure that the remote users can access App1 without using a VPN. The solution must meet the following requirements:
* Ensure that the users authenticate by using Azure Multi-Factor Authentication (MFA).
* Minimize administrative effort.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Remote users access App1 by using a VPN connection to the on-premises network.
You have a Microsoft Entra tenant that syncs with the AD DS domain by using Microsoft Entra Connect.
You need to ensure that the remote users can access App1 without using a VPN. The solution must meet the following requirements:
* Ensure that the users authenticate by using Azure Multi-Factor Authentication (MFA).
* Minimize administrative effort.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
You need to recommend an Azure Storage Account configuration for two applications named Application1 and Applications. The configuration must meet the following requirements:
* Storage for Application1 must provide the highest possible transaction rates and the lowest possible latency.
* Storage for Application2 must provide the lowest possible storage costs per GB.
* Storage for both applications must be optimized for uploads and downloads.
* Storage for both applications must be available in an event of datacenter failure.
What should you recommend ? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point
* Storage for Application1 must provide the highest possible transaction rates and the lowest possible latency.
* Storage for Application2 must provide the lowest possible storage costs per GB.
* Storage for both applications must be optimized for uploads and downloads.
* Storage for both applications must be available in an event of datacenter failure.
What should you recommend ? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point
正解:
Explanation:
Box 1: BloblBlobStorage with Premium performance and Zone-redundant storage (ZRS) replication.
BlockBlobStorage accounts: Storage accounts with premium performance characteristics for block blobs and append blobs. Recommended for scenarios with high transactions rates, or scenarios that use smaller objects or require consistently low storage latency.
Premium: optimized for high transaction rates and single-digit consistent storage latency.
Box 2: General purpose v2 with Standard performance..
General-purpose v2 accounts: Basic storage account type for blobs, files, queues, and tables. Recommended for most scenarios using Azure Storage.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
You are developing a sales application that will contain several Azure cloud services and handle different components of a transaction. Different cloud services will process customer orders, billing, payment inventory, and shipping.
You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using XML messages.
What should you include in the recommendation?
You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using XML messages.
What should you include in the recommendation?
正解:C
解答を投票する
You have to deploy an Azure SQL database named db1 for your company. The databases must meet the following security requirements When IT help desk supervisors query a database table named customers, they must be able to see the full number of each credit card When IT help desk operators query a database table named customers, they must only see the last four digits of each credit card number A column named Credit Card rating in the customers table must never appear in plain text in the database system. Only client applications must be able to decrypt the information that is stored in this column Which of the following can be implemented for the Credit Card rating column security requirement?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Your network contains an on-premises Active Directory forest.
You discover that when users change jobs within your company, the membership of the user groups are not being updated. As a result, the users can access resources that are no longer relevant to their job.
You plan to integrate Active Directory and Azure Active Directory (Azure AD) by using Azure AD Connect.
You need to recommend a solution to ensure that group owners are emailed monthly about the group memberships they manage.
What should you include in the recommendation?
You discover that when users change jobs within your company, the membership of the user groups are not being updated. As a result, the users can access resources that are no longer relevant to their job.
You plan to integrate Active Directory and Azure Active Directory (Azure AD) by using Azure AD Connect.
You need to recommend a solution to ensure that group owners are emailed monthly about the group memberships they manage.
What should you include in the recommendation?
正解:D
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)