• Home
  • Articles
  • [Oct 19, 2024] Passing Key To Getting AZ-305 Certified Exam Engine PDF [Q105-Q124]

[Oct 19, 2024] Passing Key To Getting AZ-305 Certified Exam Engine PDF [Q105-Q124]

Share

[Oct 19, 2024] Passing Key To Getting AZ-305 Certified Exam Engine PDF

AZ-305 Exam Dumps Pass with Updated Oct-2024 Tests Dumps


Microsoft AZ-305 exam covers a wide range of topics, including designing and implementing Azure compute solutions, designing and implementing Azure storage solutions, designing and implementing Azure networking solutions, and securing Azure solutions. AZ-305 exam validates the skills and knowledge required to design and implement solutions that are scalable, secure, and highly available.

 

NEW QUESTION # 105
Your company deploys several Linux and Windows virtual machines (VMs) to Azure. The VMs are deployed with the Microsoft Dependency Agent and the Microsoft Monitoring Agent installed by using Azure VM extensions. On-premises connectivity has been enabled by using Azure ExpressRoute.
You need to design a solution to monitor the VMs.
Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area.
NOTE:Each correct selection is worth one point.

Answer:

Explanation:

Explanation
Graphical user interface, text, application, email Description automatically generated

Box 1: Azure Network Watcher
Traffic Analytics is a cloud-based solution that provides visibility into user and application activity in cloud networks. Traffic analytics analyzes Network Watcher network security group (NSG) flow logs to provide insights into traffic flow in your Azure cloud. With traffic analytics, you can:
Identify security threats to, and secure your network, with information such as open-ports, applications attempting internet access, and virtual machines (VM) connecting to rogue networks.
Visualize network activity across your Azure subscriptions and identify hot spots.
Understand traffic flow patterns across Azure regions and the internet to optimize your network deployment for performance and capacity.
Pinpoint network misconfigurations leading to failed connections in your network.
Box 2: Azure Service Map
Service Map automatically discovers application components on Windows and Linux systems and maps the communication between services. With Service Map, you can view your servers in the way that you think of them: as interconnected systems that deliver critical services. Service Map shows connections between servers, processes, inbound and outbound connection latency, and ports across any TCP-connected architecture, with no configuration required other than the installation of an agent.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/service-map


NEW QUESTION # 106
You have an on-premises network that uses on IP address space of 172.16.0.0/16 You plan to deploy 25 virtual machines to a new azure subscription.
You identity the following technical requirements.
All Azure virtual machines must be placed on the same subnet subnet1.
All the Azure virtual machines must be able to communicate with all on premises severs.
The servers must be able to communicate between the on-premises network and Azure by using a site to site VPN.
You need to recommend a subnet design that meets the technical requirements.
What should you include in the recommendation? To answer, drag the appropriate network addresses to the correct subnet. Each network address may be used once, more than once or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

1 - 192.168.0.0/24
2 - 192.168.1.0/28


NEW QUESTION # 107
You plan to create an Azure environment that will contain a root management group and 10 child management groups. Each child management group will contain five Azure subscriptions. You plan to have between 10 and 30 resource groups in each subscription.
You need to design an Azure governance solution. The solution must meet the following requirements:
* Use Azure Blueprints to control governance across all the subscriptions and resource groups.
* Ensure that Blueprints-based configurations are consistent across all the subscriptions and resource groups.
* Minimize the number of blueprint definitions and assignments.
What should you include in the solution? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
Assign a blueprint After a blueprint has been published, it can be assigned to a subscription. Assign the blueprint that you created to one of the subscriptions under your management group hierarchy. If the blueprint is saved to a subscription, it can only be assigned to that subscription.


NEW QUESTION # 108
You design a solution for the web tier of WebApp1 as shown in the exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
https://blogs.msdn.microsoft.com/hsirtl/2017/07/03/autoscaling-azure-web-apps/


NEW QUESTION # 109
You have an Azure subscription named Subscription1 that is linked to a hybrid Azure Active Directory (Azure AD) tenant.
You have an on-premises datacenter that does NOT have a VPN connection to Subscription1. The datacenter contains a computer named Server1 that has Microsoft SQL Server 2016 installed. Server1 is prevented from accessing the internet.
An Azure logic app named LogicApp1 requires write access to a database on Server1.
You need to recommend a solution to provide LogicApp1 with the ability to access Server1.
What should you recommend deploying on-premises and in Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/connectors/connectors-create-api-sqlazure


NEW QUESTION # 110
You have an Azure subscription that contains the SQL servers shown in the following table.

The subscription contains the storage accounts shown in the following table.

You create the Azure SQL databases shown in the following table.

Answer:

Explanation:

Explanation:
Box 1: Yes
Be sure that the destination is in the same region as your database and server.
Box 2: No
Box 3: Yes
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing
https://docs.microsoft.com/en-us/previous-versions/azure/dn741340(v=azure.100)?redirectedfrom=MSDN


NEW QUESTION # 111
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing an Azure solution for a company that has four departments. Each department will deploy several Azure app services and Azure SQL databases.
You need to recommend a solution to report the costs for each department to deploy the app services and the databases. The solution must provide a consolidated view for cost reporting that displays cost broken down by department.
Solution: Create a separate resource group for each department. Place the resources for each department in its respective resource group.
Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
Explanation
Instead create a resources group for each resource type. Assign tags to each resource group.
Note: Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to organize resources for billing or management.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags


NEW QUESTION # 112
You plan to deploy an Azure SQL database that will store Personally Identifiable Information (Pll). You need to ensure that only privileged users can view the Pll.
What should you include in the solution?

  • A. Transparent Data Encryption (TDE)
  • B. Data Discovery & Classification
  • C. role-based access control (RBAC)
  • D. dynamic data masking

Answer: C


NEW QUESTION # 113
Your company, named Contoso, Ltd, implements several Azure logic apps that have HTTP triggers: The logic apps provide access to an on-premises web service.
Contoso establishes a partnership with another company named Fabrikam, Inc.
Fabrikam does not have an existing Azure Active Directory (Azure AD) tenant and uses third-party OAuth 2.0 identity management to authenticate its users.
Developers at Fabrikam plan to use a subset of the logics apps to build applications that will integrate with the on-premises web service of Contoso.
You need to design a solution to provide the Fabrikam developers with access to the logic apps. The solution must meet the following requirements:
Requests to the logic apps from the developers must be limited to lower rates than the requests from the users at Contoso.
The developers must be able to rely on their existing OAuth 2.0 provider to gain access to the logic apps.
The solution must NOT require changes to the logic apps.
The solution must NOT use Azure AD guest accounts.
What should you include in the solution?

  • A. Azure AD Application Proxy
  • B. Azure Front Door
  • C. Azure AD business-to-business (B2B)
  • D. Azure API Management

Answer: D

Explanation:
API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services.
You can secure API Management using the OAuth 2.0 client credentials flow.
Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts
https://docs.microsoft.com/en-us/azure/api-management/api-management-features
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#enab


NEW QUESTION # 114
You need to recommend a notification solution for the IT Support distribution group.
What should you include in the recommendation?

  • A. Azure Network Watcher
  • B. an action group
  • C. Azure AD Connect Health
  • D. a SendGrid account with advanced reporting

Answer: C

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-operations
Topic 2, Litware, Inc
Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview. General Overview
Litware, Inc. is a medium-sized finance company.
Overview. Physical Locations
Litware has a main office in Boston.
Existing Environment. Identity Environment
The network contains an Active Directory forest named Litware.com that is linked to an Azure Active Directory (Azure AD) tenant named Litware.com. All users have Azure Active Directory Premium P2 licenses.
Litware has a second Azure AD tenant named dev.Litware.com that is used as a development environment.
The Litware.com tenant has a conditional acess policy named capolicy1. Capolicy1 requires that when users manage the Azure subscription for a production environment by using the Azure portal, they must connect from a hybrid Azure AD-joined device.
Existing Environment. Azure Environment
Litware has 10 Azure subscriptions that are linked to the Litware.com tenant and five Azure subscriptions that are linked to the dev.Litware.com tenant. All the subscriptions are in an Enterprise Agreement (EA).
The Litware.com tenant contains a custom Azure role-based access control (Azure RBAC) role named Role1 that grants the DataActions read permission to the blobs and files in Azure Storage.
Existing Environment. On-premises Environment
The on-premises network of Litware contains the resources shown in the following table.

Existing Environment. Network Environment
Litware has ExpressRoute connectivity to Azure.
Planned Changes and Requirements. Planned Changes
Litware plans to implement the following changes:
* Migrate DB1 and DB2 to Azure.
* Migrate App1 to Azure virtual machines.
* Deploy the Azure virtual machines that will host App1 to Azure dedicated hosts.
Planned Changes and Requirements. Authentication and Authorization Requirements Litware identifies the following authentication and authorization requirements:
* Users that manage the production environment by using the Azure portal must connect from a hybrid Azure AD-joined device and authenticate by using Azure Multi-Factor Authentication (MFA).
* The Network Contributor built-in RBAC role must be used to grant permission to all the virtual networks in all the Azure subscriptions.
* To access the resources in Azure, App1 must use the managed identity of the virtual machines that will host the app.
* Role1 must be used to assign permissions to the storage accounts of all the Azure subscriptions.
* RBAC roles must be applied at the highest level possible.
Planned Changes and Requirements. Resiliency Requirements
Litware identifies the following resiliency requirements:
* Once migrated to Azure, DB1 and DB2 must meet the following requirements:
- Maintain availability if two availability zones in the local Azure region fail.
- Fail over automatically.
- Minimize I/O latency.
* App1 must meet the following requirements:
- Be hosted in an Azure region that supports availability zones.
- Be hosted on Azure virtual machines that support automatic scaling.
- Maintain availability if two availability zones in the local Azure region fail.
Planned Changes and Requirements. Security and Compliance Requirements
Litware identifies the following security and compliance requirements:
* Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.
* On-premises users and services must be able to access the Azure Storage account that will host the data in App1.
* Access to the public endpoint of the Azure Storage account that will host the App1 data must be prevented.
* All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.
* App1 must not share physical hardware with other workloads.
Planned Changes and Requirements. Business Requirements
Litware identifies the following business requirements:
* Minimize administrative effort.
* Minimize costs.


NEW QUESTION # 115
You have an Azure subscription.
You plan to deploy five storage accounts that will store block blobs and five storage accounts that will host file shares. The file shares will be accessed by using the SMB protocol.
You need to recommend an access authorization solution for the storage accounts. The solution must meet the following requirements:
* Maximize security.
* Prevent the use of shared keys.
* Whenever possible, support time-limited access.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation


NEW QUESTION # 116
You are evaluating the components of the migration to Azure that require you to provision an Azure Storage account.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 117
You plan to develop a new app that will store business critical dat
a. The app must meet the following requirements:
* Prevent new data from being modified for one year.
* Maximize data resiliency.
* Minimize read latency.
What storage solution should you recommend for the app? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 118
You have an Azure subscription.
You need to deploy an Azure Kubernetes Service (AKS) solution that will use Windows Server 2019 nodes.
The solution must meet the following requirements:
Minimize the time it takes to provision compute resources during scale-out operations.
Support autoscaling of Windows Server containers.
Which scaling option should you recommend?

  • A. cluster autoscaler
  • B. Virtual nodes with Virtual Kubelet ACI
  • C. Kubernetes version 1.20.2 or newer
  • D. horizontal pod autoscaler

Answer: B

Explanation:
Azure Container Instances (ACI) lets you quickly deploy container instances without additional infrastructure overhead. When you connect with AKS, ACI becomes a secured, logical extension of your AKS cluster. The virtual nodes component, which is based on Virtual Kubelet, is installed in your AKS cluster that presents ACI as a virtual Kubernetes node. Kubernetes can then schedule pods that run as ACI instances through virtual nodes, not as pods on VM nodes directly in your AKS cluster.
Your application requires no modification to use virtual nodes. Deployments can scale across AKS and ACI and with no delay as cluster autoscaler deploys new nodes in your AKS cluster.

Note: AKS clusters can scale in one of two ways:
* The cluster autoscaler watches for pods that can't be scheduled on nodes because of resource constraints.
The cluster then automatically increases the number of nodes.
* The horizontal pod autoscaler uses the Metrics Server in a Kubernetes cluster to monitor the resource demand of pods. If an application needs more resources, the number of pods is automatically increased to meet the demand.
Reference:
https://docs.microsoft.com/en-us/azure/aks/concepts-scale5


NEW QUESTION # 119
Your company develops a web service that is deployed to an Azure virtual machine named VM1. The web service allows an API to access real-time data from VM1.
The current virtual machine deployment is shown in the Deployment exhibit. (Click the Deployment tab).
The chief technology officer (CTO) sends you the following email message: "Our developers have deployed the web service to a virtual machine named VM1. Testing has shown that the API is accessible from VM1 and VM2. Our partners must be able to connect to the API over the Internet. Partners will use this data in applications that they develop." You deploy an Azure API Management (APIM) service. The relevant API Management configuration is shown in the API exhibit. (Click the API tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet


NEW QUESTION # 120
You have an app named App1 that uses an on-premises Microsoft SQL Server database named DB1.
You plan to migrate DB1 to an Azure SQL managed instance.
You need to enable customer-managed Transparent Data Encryption (TDE) for the instance. The solution must maximize encryption strength.
Which type of encryption algorithm and key length should you use for the TDE protector?

  • A. AES256
  • B. RSA4096
  • C. RSA2048
  • D. RSA3072

Answer: D


NEW QUESTION # 121
Your company develops a web service that is deployed to an Azure virtual machine named VM1. The web service allows an API to access real-time data from VM1.
The current virtual machine deployment is shown in the Deployment exhibit. (Click the Deployment tab).

The chief technology officer (CTO) sends you the following email message: "Our developers have deployed the web service to a virtual machine named VM1. Testing has shown that the API is accessible from VM1 and VM2. Our partners must be able to connect to the API over the Internet. Partners will use this data in applications that they develop." You deploy an Azure API Management (APIM) service. The relevant API Management configuration is shown in the API exhibit. (Click the API tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation
Graphical user interface, text, application Description automatically generated

Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet


NEW QUESTION # 122
You have an Azure subscription that contains a virtual network named VNET1 and 10 virtual machines. The virtual machines are connected to VNET1.
You need to design a solution to manage the virtual machines from the internet. The solution must meet the following requirements:
* Incoming connections to the virtual machines must be authenticated by using Azure Multi-Factor Authentication (MFA) before network connectivity is allowed.
* Incoming connections must use TLS and connect to TCP port 443.
* The solution must support RDP and SSH.
What should you Include In the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation


NEW QUESTION # 123
You plan to deploy Azure Databricks to support a machine learning application. Data engineers will mount an Azure Data Lake Storage account to the Databricks file system. Permissions to folders are granted directly to the data engineers.
You need to recommend a design for the planned Databrick deployment. The solution must meet the following requirements:
Ensure that the data engineers can only access folders to which they have permissions.
Minimize development effort.
Minimize costs.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE:Each correct selection is worth one point.

Answer:

Explanation:

Explanation
Box 1: Standard
Choose Standard to minimize costs.
Box 2: Credential passthrough
Athenticate automatically to Azure Data Lake Storage Gen1 (ADLS Gen1) and Azure Data Lake Storage Gen2 (ADLS Gen2) from Azure Databricks clusters using the same Azure Active Directory (Azure AD) identity that you use to log into Azure Databricks. When you enable Azure Data Lake Storage credential passthrough for your cluster, commands that you run on that cluster can read and write data in Azure Data Lake Storage without requiring you to configure service principal credentials for access to storage.
Reference:
https://docs.microsoft.com/en-us/azure/databricks/security/credential-passthrough/adls-passthrough


NEW QUESTION # 124
......


The AZ-305 exam covers a broad range of topics related to Azure infrastructure solutions. These include designing compute solutions, designing networking solutions, designing storage solutions, and designing security and identity solutions. AZ-305 exam also covers topics such as Azure cost management and optimization, deployment and migration, and monitoring and troubleshooting.

 

AZ-305 exam questions for practice in 2024 Updated 305 Questions: https://exams4sure.actualcollection.com/AZ-305-exam-questions.html

Related Articles

more
Microsoft AZ-305 Certification Practice Exam

Copyright © 2026 ActualCollection NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy