This page was exported from Exam for engine [ http://blog.test4engine.com ] Export date:Mon Nov 18 4:31:00 2024 / +0000 GMT ___________________________________________________ Title: [Dec 07, 2022] Fully Updated Azure Solutions Architect Expert (AZ-304) Certification Sample Questions [Q172-Q190] --------------------------------------------------- [Dec 07, 2022] Fully Updated Azure Solutions Architect Expert (AZ-304) Certification Sample Questions Latest Microsoft AZ-304 Real Exam Dumps PDF Design Data Storage: 15-20% Choose the relevant storage account: the applicants should know how to choose between available storage tiers; recommend storage access solutions and storage management tools.Design solutions for databases: this requires your skills in choosing relevant data platforms based on the prerequisites; recommending database service-tier sizing, solutions for database scalability, and encryption of data at rest, data in use, and data in transmission.Design data integration: the students should be able to recommend the data flow that fulfills the business requirements; recommend solutions for data integration, such as Azure Data Bricks, Azure Synapse Analytics, Azure Data Factory, and Azure Data Lake.   Q172. You plan to create an Azure environment that will have a root management group and five child and five child management groups. Each child management group will contains five Azure subscriptions. You plan to have between 10 and 30 resource group in each subscription.Ensure that you can update RBAC role assignment all the subscription and resource groups.Minimize administrative effort.What should you include in the solution? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationQ173. You are evaluating the components of the migration to Azure that require you to provision an Azure Storage account.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. ExplanationQ174. You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager resource deployments in your subscription What should you include in the recommendation?  Azure Advisor  Azure Monitor metrics  Application insights  Azure Log Analytics ExplanationLog Analytics is a tool in the Azure portal used to edit and run log queries with data in Azure Monitor Logs.You may write a simple query that returns a set of records and then use features of Log Analytics to sort, filter, and analyze them. Or you may write a more advanced query to perform statistical analysis and visualize the results in a chart to identify a particular trend.Reference:https://docs.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-overviewQ175. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network.You need to enable single sign-on (SSO) for company users.Solution: Configure an AD DS server in an Azure virtual machine (VM). Configure bidirectional replication.Does the solution meet the goal?  Yes  No Instead install and configure an Azure AD Connect server.Reference:https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-ssoQ176. You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant. The subscription contains 10 resource groups, one for each department at your company.Each department has a specific spending limit for its Azure resources.You need to ensure that when a department reaches its spending limit, the compute resources of the department shut down automatically.Which two features should you include in the solution? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.  Azure Logic Apps  Azure Monitor alerts  the spending limit of an Azure account  Cost Management budgets  Azure Log Analytics alerts C: The spending limit in Azure prevents spending over your credit amount. All new customers who sign up for an Azure free account or subscription types that include credits over multiple months have the spending limit turned on by default. The spending limit is equal to the amount of credit and it can’t be changed.D: Turn on the spending limit after removingThis feature is available only when the spending limit has been removed indefinitely for subscription types that include credits over multiple months. You can use this feature to turn on your spending limit automatically at the start of the next billing period.1. Sign in to the Azure portal as the Account Administrator.2. Search for Cost Management + Billing.3. Etc.Reference:https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/spending-limit Design Identity and Security Testlet 1 Case Study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case studyTo display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.Existing Environment. Active Directory EnvironmentThe network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication.Rd.fabrikam.com is used by the research and development (R&D) department only.Existing Environment. Network InfrastructureEach office contains at least one domain controller from the corp.fabrikam.com domain. The main office contains all the domain controllers for the rd.fabrikam.com forest.All the offices have a high-speed connection to the Internet.An existing application named WebApp1 is hosted in the data center of the London office. WebApp1 is used by customers to place and track orders. WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.The IT department currently uses a separate Hyper-V environment to test updates to WebApp1.Fabrikam purchases all Microsoft licenses through a Microsoft Enterprise Agreement that includes Software Assurance.Existing Environment. Problem StatementsThe use of WebApp1 is unpredictable. At peak times, users often report delays. At other times, many resources for WebApp1 are underutilized.Requirements. Planned ChangesFabrikam plans to move most of its production workloads to Azure during the next few years.As one of its first projects, the company plans to establish a hybrid identity model, facilitating an upcoming Microsoft Office 365 deployment.All R&D operations will remain on-premises.Fabrikam plans to migrate the production and test instances of WebApp1 to Azure and to use the S1 plan.Requirements. Technical RequirementsFabrikam identifies the following technical requirements:* Web site content must be easily updated from a single point.* User input must be minimized when provisioning new web app instances.* Whenever possible, existing on-premises licenses must be used to reduce cost.* Users must always authenticate by using their corp.fabrikam.com UPN identity.* Any new deployments to Azure must be redundant in case an Azure region fails.* Whenever possible, solutions must be deployed to Azure by using the Standard pricing tier of Azure App Service.* An email distribution group named IT Support must be notified of any issues relating to the directory synchronization services.* Directory synchronization between Azure Active Directory (Azure AD) and corp.fabrikam.com must not be affected by a link failure between Azure and the on-premises network.Requirements. Database RequirementsFabrikam identifies the following database requirements:* Database metrics for the production instance of WebApp1 must be available for analysis so that database administrators can optimize the performance settings.* To avoid disrupting customer access, database downtime must be minimized when databases are migrated.* Database backups must be retained for a minimum of seven years to meet compliance requirements.Requirements. Security RequirementsFabrikam identifies the following security requirements:* Company information including policies, templates, and data must be inaccessible to anyone outside the company.* Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.* Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials.* All administrative access to the Azure portal must be secured by using multi-factor authentication.* The testing of WebApp1 updates must not be visible to anyone outside the company.Q177. You plan to deploy an application named App1 that will run on five Azure virtual machines. Additional virtual machines will be deployed later to run App1.You need to recommend a solution to meet the following requirements for the virtual machines that will run App1:* Ensure that the virtual machines can authenticate to Azure Active Directory (Azure AD) to gain access to* an Azure key vault, Azure Logic Apps instances, and an Azure SQL database.* Avoid assigning new roles and permissions for Azure services when you deploy additional virtual machines.* Avoid storing secrets and certificates on the virtual machines.Which type of identity should you include in the recommendation?  a service principal that is configured to use a certificate  a system-assigned managed identity  a service principal that is configured to use a client secret  a user-assigned managed identity Managed identities for Azure resources is a feature of Azure Active Directory.User-assigned managed identity can be shared. The same user-assigned managed identity can be associated with more than one Azure resource.Incorrect Answers:B: System-assigned managed identity cannot be shared. It can only be associated with a single Azure resource.Reference:https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overviewQ178. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an on-premises Hyper-V cluster that hosts 20 virtual machines. Some virtual machines run Windows Server 2016 and some run Linux.You plan to migrate the virtual machines to an Azure subscription.You need to recommend a solution to replicate the disks of the virtual machines to Azure. The solution must ensure that the virtual machines remain available during the migration of the disks.Solution: You recommend implementing an Azure Storage account that has a file service and a blob service, and then using the Data Migration Assistant.Does this meet the goal?  Yes  No Data Migration Assistant is used to migrate SQL databases.Instead use Azure Site Recovery.Reference:https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overviewQ179. You have an Azure subscription that contains resources in three Azure regions.You need to implement Azure Key Vault to meet the following requirements:* In the event of a regional outage, all keys must be readable.* All the resources in the subscription must be able to access Key Vault.* The number of Key Vault resources to be deployed and managed must be minimized.How many instances of Key Vault should you implement?  1  2  3  6 The contents of your key vault are replicated within the region and to a secondary region at least 150 miles away but within the same geography. This maintains high durability of your keys and secrets. See the Azure paired regions document for details on specific region pairs.Example: Secrets that must be shared by your application in both Europe West and Europe North. Minimize these as much as you can. Put these in a key vault in either of the two regions. Use the same URI from both regions. Microsoft will fail over the Key Vault service internally.Reference:https://docs.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidanceQ180. Your company develops a web service that is deployed to an Azure virtual machine named VM1. The web service allows an API to access real-time data from VM1.The current virtual machine deployment is shown in the Deployment exhibit. (Click the Deployment tab).The chief technology officer (CTO) sends you the following email message: “Our developers have deployed the web service to a virtual machine named VM1. Testing has shown that the API is accessible from VM1 and VM2. Our partners must be able to connect to the API over the Internet. Partners will use this data in applications that they develop.” You deploy an Azure API Management (APIM) service. The relevant API Management configuration is shown in the API exhibit. (Click theFor each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. ExplanationReference:https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnetQ181. You have an Azure App Service Web App that includes Azure Blob storage and an Azure SQL Database instance. The application is instrumented by using the Application Insights SDK.You need to design a monitoring solution for the web app.Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area.NOTE: Each correct selection is worth one point. ExplanationQ182. You have the application architecture shown in the following exhibit.Use the drop-down menus to select choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point. References:https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methodshttps://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoringQ183. You need to design a resource governance solution for an Azure subscription. The solution must meet the following requirements:Ensure that all ExpressRoute resources are created in a resource group named RG1.Delegate the creation of the ExpressRoute resources to an Azure Active Directory (Azure AD) group named Networking.Use the principle of least privilege.What should you include in the solution? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Explanation:Box 1: An Azure policy assignment at the subscription level that has an exclusion Box 2: A custom RBAC role assignment at the level of RG1 Azure role-based access control (Azure RBAC) is the authorization system you use to manage access to Azure resources. To grant access, you assign roles to users, groups, service principals, or managed identities at a particular scope.Reference:https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manageQ184. Your company provides customer support for multiple Azure subscriptions and third-party hosting providers.You are designing a centralized monitoring solution. The solution must provide the following services:* Collect log and diagnostic data from all the third-party hosting providers into a centralized repository.* Collect log and diagnostic data from all the subscriptions into a centralized repository.* Automatically analyze log data and detect threats.* Provide automatic responses to known events.Which Azure service should you include in the solution?  Azure Sentinel  Azure Log Analytics  Azure Monitor  Azure Application Insights The following diagram gives a high-level view of Azure Monitor. At the center of the diagram are the data stores for metrics and logs, which are the two fundamental types of data used by Azure Monitor. On the left are the sources of monitoring data that populate these data stores. On the right are the different functions that Azure Monitor performs with this collected data. This includes such actions as analysis, alerting, and streaming to external systems.Reference:https://docs.microsoft.com/en-us/azure/azure-monitor/overviewQ185. You manage a network that includes an on-premises Active Directory Domain Services domain and an Azure Active Directory (Azure AD).Employees are requires to use different accounts when using on-premises or cloud resources. You must recommend a solution that lets employees sign in to all company resources by using a single account. The solution must implement an identity provider.You need provide guidance on the different identity providers.How should you describe each identity provider? To answer, select the appropriate description from each list in the answer area.NOTE: Each correct selection is worth one point. ExplanationBox1: User management occurs on-premises. Azure AD authenticates employees by using on-premises passwords.Azure AD Domain Services for hybrid organizationsOrganizations with a hybrid IT infrastructure consume a mix of cloud resources and on-premises resources.Such organizations synchronize identity information from their on-premises directory to their Azure AD tenant. As hybrid organizations look to migrate more of their on-premises applications to the cloud, especially legacy directory-aware applications, Azure AD Domain Services can be useful to them.Example: Litware Corporation has deployed Azure AD Connect, to synchronize identity information from their on-premises directory to their Azure AD tenant. The identity information that is synchronized includes user accounts, their credential hashes for authentication (password hash sync) and group memberships.User accounts, group memberships, and credentials from Litware’s on-premises directory are synchronized to Azure AD via Azure AD Connect. These user accounts, group memberships, and credentials are automatically available within the managed domain.Box 2: User management occurs on-premises. The on-promises domain controller authenticates employee credentials.You can federate your on-premises environment with Azure AD and use this federation for authentication and authorization. This sign-in method ensures that all user authentication occurs on-premises.References:https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-overviewhttps://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fedQ186. Your company has the offices shown in the following table.The network contains an Active Directory domain named contoso.com that is synced to Azure Active Directory (Azure AD).All users connect to an application hosted in Microsoft 365.You need to recommend a solution to ensure that all the users use Azure Multi-Factor Authentication (MFA) to connect to the application from one of the offices.What should you include in the recommendation?  a named location and two Microsoft Cloud App Security policies  a conditional access policy and two virtual networks  a virtual network and two Microsoft Cloud App Security policies  a conditional access policy and two named locations Explanationhttps://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-uQ187. You need to design an Azure policy that will implement the following functionality:* For new resources, assign tags and values that match the tags and values of the resource group to which the resources are deployed.* For existing resources, identify whether the tags and values match the tags and values of the resource group that contains the resources.* For any non-compliant resources, trigger auto-generated remediation tasks to create missing tags and values.The solution must use the principle of least privilege.What should you include in the design? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effectshttps://docs.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resourceshttps://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resourcesQ188. You need to design a resource governance solution for an Azure subscription. The solution must meet the following requirements:Ensure that all ExpressRoute resources are created in a resource group named RG1.Delegate the creation of the ExpressRoute resources to an Azure Active Directory (Azure AD) group named Networking.Use the principle of least privilege.What should you include in the solution? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manageQ189. You need to recommend a backup solution for the data store of the payment processing system.What should you include in the recommendation?  Microsoft System Center Data Protection Manager (DPM)  Azure Backup Server  Azure SQL long-term backup retention  Azure Managed Disks Explanation/Reference:https://docs.microsoft.com/en-us/azure/sql-database/sql-database-long-term-backup-retention-configure Design Business Continuity Testlet 3 Case Study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case studyTo display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.Existing Environment. Active Directory EnvironmentThe network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication.Rd.fabrikam.com is used by the research and development (R&D) department only.Existing Environment. Network InfrastructureEach office contains at least one domain controller from the corp.fabrikam.com domain. The main office contains all the domain controllers for the rd.fabrikam.com forest.All the offices have a high-speed connection to the Internet.An existing application named WebApp1 is hosted in the data center of the London office. WebApp1 is used by customers to place and track orders. WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.The IT department currently uses a separate Hyper-V environment to test updates to WebApp1.Fabrikam purchases all Microsoft licenses through a Microsoft Enterprise Agreement that includes Software Assurance.Existing Environment. Problem StatementsThe use of WebApp1 is unpredictable. At peak times, users often report delays. At other times, many resources for WebApp1 are underutilized.Requirements. Planned ChangesFabrikam plans to move most of its production workloads to Azure during the next few years.As one of its first projects, the company plans to establish a hybrid identity model, facilitating an upcoming Microsoft Office 365 deployment.All R&D operations will remain on-premises.Fabrikam plans to migrate the production and test instances of WebApp1 to Azure and to use the S1 plan.Requirements. Technical RequirementsFabrikam identifies the following technical requirements:* Web site content must be easily updated from a single point.* User input must be minimized when provisioning new web app instances.* Whenever possible, existing on-premises licenses must be used to reduce cost.* Users must always authenticate by using their corp.fabrikam.com UPN identity.* Any new deployments to Azure must be redundant in case an Azure region fails.* Whenever possible, solutions must be deployed to Azure by using the Standard pricing tier of Azure App Service.* An email distribution group named IT Support must be notified of any issues relating to the directory synchronization services.* Directory synchronization between Azure Active Directory (Azure AD) and corp.fabrikam.com must not be affected by a link failure between Azure and the on-premises network.Requirements. Database RequirementsFabrikam identifies the following database requirements:* Database metrics for the production instance of WebApp1 must be available for analysis so that database administrators can optimize the performance settings.* To avoid disrupting customer access, database downtime must be minimized when databases are migrated.* Database backups must be retained for a minimum of seven years to meet compliance requirements.Requirements. Security RequirementsFabrikam identifies the following security requirements:* Company information including policies, templates, and data must be inaccessible to anyone outside the company.* Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.* Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials.* All administrative access to the Azure portal must be secured by using multi-factor authentication.* The testing of WebApp1 updates must not be visible to anyone outside the company.Q190. You plan to deploy an application that will run at a Linux-based Docker container You need to recommend a solution to host the application in Azure. The solution must meet the following requirements:* Support a custom domain name and an associated SSL certificate.* Scale-out automatically based on demand* Minimize administrative effort and costs.What should you Include in the recommendation?  Azure Container instances  Azure Kubemetes Service (AKS)  Azure App Service  an Azure virtual machine  Loading … Who should take the AZ-304: Microsoft Azure Architect Design Exam The AZ-304 Exam certification is an internationally-recognized certification which help to have validation for Azure Solution Architects who participate in all phases of advising stakeholders and translate business requirements into secure, scalable, and reliable solutions. Candidates should be proficient in IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platform, budgeting, and governance.   Microsoft AZ-304 Dumps - Secret To Pass in First Attempt: https://www.test4engine.com/AZ-304_exam-latest-braindumps.html --------------------------------------------------- Images: https://blog.test4engine.com/wp-content/plugins/watu/loading.gif https://blog.test4engine.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-12-07 14:04:43 Post date GMT: 2022-12-07 14:04:43 Post modified date: 2022-12-07 14:04:43 Post modified date GMT: 2022-12-07 14:04:43