Lead4Pass AZ-305 dumps are verified and audited by a Microsoft professional team, and they really meet the requirements of the AZ-305 certification exam, covering more than 95% of the exam questions in the exam room!
And, offer the most popular study methods: AZ-305 dumps PDF, and AZ-305 dumps VCE, both study formats contain the latest certification exam questions and answers!
Therefore, the best exam solution is to use AZ-305 dumps with PDF and VCE formats: https://www.leads4pass.com/az-305.html (278 Q&A), to help you practice easily and achieve exam success.
What’s more! Part of the Lead4Pass AZ-305 dumps exam questions online for free download: https://drive.google.com/file/d/1mPJKDTbVdBKgjQAMBK-ED-DA4FsmdzK7/
You can also practice some of the Lead4Pass AZ-305 dumps exam questions online
| Type | Number of exam questions | Exam name | Exam code | Last updated |
| Free | 15 | Designing Microsoft Azure Infrastructure Solutions | AZ-305 | AZ-305 dumps |
Question 1:
After you migrate App1 to Azure, you need to enforce the data modification requirements to meet the security and compliance requirements. What should you do?
A. Create an access policy for the blob service.
B. Implement Azure resource locks.
C. Create Azure RBAC assignments.
D. Modify the access level of the blob service.
Correct Answer: A
Scenario: Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.
As an administrator, you can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. The lock overrides any permissions the user might have.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
Question 2:
You need to implement the Azure RBAC role assignments for the Network Contributor role. The solution must meet the authentication and authorization requirements. What is the minimum number of assignments that you must use?
A. 1
B. 2
C. 5
D. 10
E. 15
Correct Answer: A
Scenario: The Network Contributor built-in RBAC role must be used to grant permissions to the network administrators for all the virtual networks in all the Azure subscriptions. RBAC roles must be applied at the highest level possible.
Question 3:
You plan to migrate App1 to Azure.
You need to recommend a network connectivity solution for the Azure Storage account that will host the App1 data. The solution must meet security and compliance requirements.
What should you include in the recommendation?
A. Microsoft peering for an ExpressRoute circuit
B. Azure public peering for an ExpressRoute circuit
C. a service endpoint that has a service endpoint policy
D. a private endpoint
Correct Answer: D
Private Endpoint securely connects to storage accounts from on-premises networks that connect to the VNet using VPN or ExpressRoutes with private peering. The private Endpoint also secures your storage account by configuring the storage firewall to block all connections on the public endpoint for the storage service. Incorrect Answers:
A: Microsoft peering provides access to Azure public services via public endpoints with public IP addresses, which should not be allowed.
B: Azure public peering has been deprecated.
C: By default, Service Endpoints are enabled on subnets configured in Azure virtual networks. Endpoints can’t be used for traffic from your premises to Azure services.
Reference: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-circuit-peerings
Question 4:
You plan to migrate App1 to Azure. The solution must meet the authentication and authorization requirements. Which type of endpoint should App1 use to obtain an access token?
A. Azure Instance Metadata Service (IMDS)
B. Azure AD
C. Azure Service Management
D. Microsoft identity platform
Correct Answer: D
Scenario: To access the resources in Azure, App1 must use the managed identity of the virtual machines that will host the app.
Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. Applications may use the managed identity to obtain Azure AD tokens.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azureresources/overview
Question 5:
You migrate App1 to Azure.
You need to ensure that the data storage for App1 meets the security and compliance requirement
What should you do?
A. Create an access policy for the blob
B. Modify the access level of the blob service.
C. Implement Azure resource locks.
D. Create Azure RBAC assignments.
Correct Answer: C
Scenario: Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.
As an administrator, you can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources.
The lock overrides any permissions the user might have.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lockresources
Question 6:
You need to recommend a solution to meet the database retention requirements. What should you recommend?
A. Configure a long-term retention policy for the database.
B. Configure Azure Site Recovery.
C. Use automatic Azure SQL Database backups.
D. Configure geo-replication of the database.
Correct Answer: A
In Azure SQL Database, you can configure a database with a long-term backup retention policy (LTR) to automatically retain the database backups in separate Azure Blob storage containers for up to 10 years https://docs.microsoft.com/en-us/azure/azure-sql/database/long-termretention-overview
Question 7:
What should you include in the identity management strategy to support the planned changes?
A. Deploy domain controllers for corp.fabrikam.com to virtual networks in Azure.
B. Move all the domain controllers from corp.fabrikam.com to virtual networks in Azure.
C. Deploy a new Azure AD tenant for the authentication of new RandD projects.
D. Deploy domain controllers for the rd.fabrikam.com forest to virtual networks in Azure.
Correct Answer: A
Directory synchronization between Azure Active Directory (Azure AD) and corp.fabrikam.com must not be affected by a link failure between Azure and the on-premises network. (This requires domain controllers in Azure). Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails. (This requires domain controllers on-premises).
Question 8:
You need to recommend a strategy for migrating the database content of WebApp1 to Azure. What should you include in the recommendation?
A. Use Azure Site Recovery to replicate the SQL servers to Azure.
B. Use SQL Server transactional replication.
C. Copy the BACPAC file that contains the Azure SQL database file to Azure Blob storage.
D. Copy the VHD that contains the Azure SQL database files to Azure Blob storage
Correct Answer: D
Before you upload a Windows virtual machine (VM) from on-premises to Azure, you must prepare the virtual hard disk (VHD or VHDX).
Scenario: WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhdimage
Question 9:
You need to recommend a strategy for the web tier of WebApp1. The solution must minimize What should you recommend?
A. Create a runbook that resizes virtual machines automatically to a smaller size outside of business hours.
B. Configure the Scale Up settings for a web app.
C. Deploy a virtual machine scale set that scales out on a 75 percent CPU threshold.
D. Configure the Scale-Out settings for a web app.
Correct Answer: A
Question 10:
You need to recommend a data storage strategy for WebApp1. What should you include in the recommendation?
A. an Azure SQL Database elastic pool
B. a vCore-based Azure SQL database
C. an Azure virtual machine that runs SQL Server
D. a fixed-size DTU AzureSQL database.
Correct Answer: B
Question 11:
You need to recommend a notification solution for the IT Support distribution group. What should you include in the recommendation?
A. Azure Network Watcher
B. an action group
C. a SendGrid account with advanced reporting
D. Azure AD Connect Health
Correct Answer: D
References: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-healthoperations
Question 12:
You need to recommend a solution that meets the data requirements for App1.
What should you recommend deploying to each availability zone that contains an instance of App1?
A. an Azure Cosmos DB that uses multi-region writes
B. an Azure Data Lake store that uses geo-zone-redundant storage (GZRS)
C. an Azure SQL database that uses active geo-replication
D. an Azure Storage account that uses geo-zone-redundant storage (GZRS)
Correct Answer: A
Scenario: App1 has the following data requirements:
1.
Each instance will write data to a data store in the same availability zone as the instance.
2.
Data written by any App1 instance must be visible to all App1 instances.
Azure Cosmos DB: Each partition across all the regions is replicated. Each region contains all the data partitions of an Azure Cosmos container and can serve reads as well as serve writes when multi-region writes are enabled.
Incorrect Answers:
B, D: GZRS protects against failures. Geo-redundant storage (with GRS or GZRS) replicates your data to another physical location in the secondary region to protect against regional outages. However, that data is available to be read-only if
the customer or Microsoft initiates a failover from the primary to the secondary region.
C: Active geo-replication is designed as a business continuity solution that lets you perform quick disaster recovery of individual databases in case of a regional disaster or a large-scale outage. Once geo-replication is set up, you can initiate a
geo-failover to a geo-secondary in a different Azure region. The geo-failover is initiated programmatically by the application or manually by the user.
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/high-availability
Question 13:
You need to recommend an App Service architecture that meets the requirements for Appl.
The solution must minimize costs.
What should a few recommend?
A. one App Service Environment (ASE) per availability zone
B. one App Service plan per availability zone
C. one App Service plan per region
D. one App Service Environment (ASE) per region
Correct Answer: A
Question 14:
What two parameters would you recommend set up to ensure that the new IPSCustomers database will scale to meet the workload demands?
A. Define the maximum of CPU cores
B. Define the maximum resource limit per group of databases
C. Define the maximum of Database Transaction Units
D. Define the maximum of the allocated storage
E. Define the maximum size for a database
Correct Answer: CE
Question 15:
A company has an on-premises file server observer that runs Windows Server 2019.
Windows Admin Center manages this server. The company owns an Azure subscription.
You need to provide an Azure solution to prevent data loss if the file server fails.
Solution: You decide to register Windows Admin Center in Azure and then configure Azure Backup.
Would this meet the requirement?
A. Yes
B. No
Correct Answer: A
Lead4Pass AZ-305 dumps share two study materials for free: you can download them online and practice exams online!
Now! Download the AZ-305 best practice solution! Use Lead4Pass AZ-305 dumps with PDF and VCE: https://www.leads4pass.com/az-305.html Contains 278 latest exam questions and answers to help you pass the exam 100%.
