Using AZ-305 dumps practice questions 2024 is essential to ensure your success in the Microsoft Azure AZ-305 exam.
Pass4itSure (Jan 12, 2024) has released a new AZ-305 dumps 2024 https://www.pass4itsure.com/az-305.html (You can choose PDF or VCE format) with 352 practice exam questions and answers that can help you more.
New changes, new AZ-305
The AZ-305 exam, the Designing Microsoft Azure Infrastructure Solutions exam, has the following new changes in 2024((through April now):
- Exam content updates
- Localized version updates
- Exam focus
Microsoft is changing, and so is the AZ-305 exam. In the same way, the demand for learning resources is also changing, and you need new ones to help you prepare.
With a little patience, read on, and you can make a comparison with the previous content, which will be very beneficial for you to study for the AZ-305 exam.
Newly added! AZ-305 Microsoft Azure Solutions Architect Expert exam study resources:
- Azure Documentation
- Azure FAQs
- Azure Blog
- Azure Free Account
It’s been a while since the last update, Pass4itSure updated the new AZ-305 dumps (Apr 04, 2024) in April, so once again we will share the new AZ-305 exam questions (new update) for you to learn:
new update q1:
You need to recommend a strategy for the web tier of WebApp1. The solution must minimize What should you recommend?
A. Create a runbook that resizes virtual machines automatically to a smaller size outside of business hours.
B. Configure the Scale Up settings for a web app.
C. Deploy a virtual machine scale set that scales out on a 75 percent CPU threshold.
D. Configure the Scale-Out settings for a web app.
Correct Answer: A
new update q2:
You plan to migrate App1 to Azure.
You need to recommend a network connectivity solution for the Azure Storage account that will host the App1 data. The solution must meet the security and compliance requirements.
What should you include in the recommendation?
A. Microsoft peering for an ExpressRoute circuit
B. Azure public peering for an ExpressRoute circuit
C. a service endpoint that has a service endpoint policy
D. a private endpoint
Correct Answer: D
Private Endpoint securely connects to storage accounts from on-premises networks that connect to the VNet using VPN or ExpressRoutes with private peering. Private Endpoint also secures your storage account by configuring the storage firewall to block all connections on the public endpoint for the storage service. Incorrect Answers:
A: Microsoft peering provides access to Azure public services via public endpoints with public IP addresses, which should not be allowed.
B: Azure public peering has been deprecated.
C: By default, Service Endpoints are enabled on subnets configured in Azure virtual networks. Endpoints can’t be used for traffic from your premises to Azure services.
Reference: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-circuit-peerings
new update q3:
The application will host video files that range from 50 MB to 12 GB. The application will use certificate-based authentication and will be available to users on the Internet.
You need to recommend a storage option for the video files. The solution must provide the fastest read performance and must minimize storage costs.
What should you recommend?
A. Azure Files
B. Azure Data Lake Storage Gen2
C. Azure Blob Storage
D. Azure SQL Database
Correct Answer: C
Blob Storage: Stores large amounts of unstructured data, such as text or binary data, that can be accessed from anywhere in the world via HTTP or HTTPS. You can use Blob storage to expose data publicly to the world, or to store
application data privately.
Max file in Blob Storage. 4.77 TB.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/solution-ideas/articles/digital-media-video
new update q4:
You have an Azure subscription that contains an Azure Blob storage account named store1.
You have an on-premises file server named Setver1 that runs Windows Sewer 2016.Server1 stores 500 GB of company files.
You need to store a copy of the company files from Server 1 in store 1.
Which two possible Azure services achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point
A. an Azure Batch account
B. an integration account
C. an On-premises data gateway
D. an Azure Import/Export job
E. Azure Data factory
Correct Answer: DE
https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-from-blobs https://docs.microsoft.com/en-us/answers/questions/31113/fastest-method-to-copy-500gb-table-from-on-premise.html
new update q5:
You plan to migrate App1 to Azure. The solution must meet the authentication and authorization requirements. Which type of endpoint should App1 use to obtain an access token?
A. Azure Instance Metadata Service (IMDS)
B. Azure AD
C. Azure Service Management
D. Microsoft identity platform
Correct Answer: D
Scenario: To access the resources in Azure, App1 must use the managed identity of the virtual machines that will host the app.
Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. Applications may use the managed identity to obtain Azure AD tokens.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azureresources/overview\
new update q6:
You have an Azure subscription that contains a storage account.
An application sometimes writes duplicate files to the storage account.
You have a PowerShell script that identifies and deletes duplicate files in the storage account. Currently, the script is run manually after approval from the operations manager.
You need to recommend a serverless solution that performs the following actions:
1.
Runs the script once an hour to identify whether duplicate files exist Sends an email notification to the operations manager requesting approval to delete the duplicate files
2.
Processes an email response from the operations manager specifying whether the deletion was approved
3.
Runs the script if the deletion was approved What should you include in the recommendation?
A. Azure Logic Apps and Azure Functions
B. Azure Pipelines and Azure Service Fabric
C. Azure Logic Apps and Azure Event Grid
D. Azure Functions and Azure Batch
Correct Answer: A
You can schedule a Powershell script with Azure Logic Apps.
When you want to run code that performs a specific job in your logic apps, you can create your own function by using Azure Functions. This service helps you create Node.js, C#, and F# functions so you don’t have to build a complete app or infrastructure to run code. You can also call logic apps from inside Azure functions. Azure Functions provides serverless computing in the cloud and is useful for performing tasks such as these examples:
Reference: https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-azure-functions
new update q7:
You are designing an app that will use Azure Cosmos DB to collate sales data from multiple countries. You need to recommend an API for the app. The solution must meet the following requirements:
Support SQL queries.
Support geo-replication.
Store and access data relationally.
Which API should you recommend?
A. PostgreSQL
B. NoSQL
C. Apache Cassandra
D. MongoDB
Correct Answer: A
new update q8:
You manage an on-premises network and Azure virtual networks.
You need to create a secure connection over a private network between the on-premises network and the Azure virtual networks. The connection must offer a redundant pair of cross-connections to provide high availability.
What should you recommend?
A. Azure Load Balancer
B. VPN Gateway
C. ExpressRoute
D. virtual network peering
Correct Answer: B
Every Azure VPN gateway consists of two instances in an active standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically.
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
…
How can AZ-305 dumps 2024 help you more?
The AZ-305 exam not only tests your theoretical understanding but also your ability to apply this knowledge to real-world situations. Preparing the material with the AZ-305 dumps practice questions 2024 is essential to ensure that you don’t forget what you have learned.
Practice AZ-305 dumps practice questions 2024 can help you familiarize yourself with the content of the Designing Microsoft Azure Infrastructure Solutions exam.
It will also help you manage your time effectively in the actual exam and increase your chances of success.
Speaking of practice questions, here are the free AZ-305 practice questions for you.
Share AZ-305 dumps 2024 practice questions and answers online
Ps. I have already shared AZ-305 practice questions Q1-Q13 last time, and this time I will continue to share 15 free exam questions starting from Q15.
Come from: Pass4itSure
Number of Questions: 15/352
Certifications: Microsoft Azure
Question 14:
HOTSPOT
You have an Azure web app named App1 and an Azure key vault named KV1.
App1 stores database connection strings in KV1.
App1 performs the following types of requests to KV1:
1.
Get
2.
List
3.
Wrap
4.
Delete
5.
Unwrap
6.
Backup
7.
Decrypt
8. Encrypt
You are evaluating the continuity of service for App1.
You need to identify the following if the Azure region that hosts KV1 becomes unavailable:
1.
To where will KV1 fail over?
2.
During the failover, which request type will be unavailable?
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: A server in the same paired region
The contents of your key vault are replicated within the region and to a secondary region at least 150 miles away, but within the same geography to maintain the high durability of your keys and secrets.
Box 2: Delete
During failover, your key vault is in read-only mode. Requests that are supported in this mode are:
List certificates
Get certificates
List secrets
Get secrets
List keys
Get (properties of) keys
Encrypt
Decrypt
Wrap
Unwrap
Verify
Sign
Backup
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidance
Question 15:
You need to recommend a solution to meet the database retention requirements. What should you recommend?
A. Configure a long-term retention policy for the database.
B. Configure Azure Site Recovery.
C. Use automatic Azure SQL Database backups.
D. Configure geo-replication of the database.
Correct Answer: A
In Azure SQL Database, you can configure a database with a long-term backup retention policy (LTR) to automatically retain the database backups in separate Azure Blob storage containers for up to 10 years https://docs.microsoft.com/en-us/azure/azure-sql/database/long-termretention-overview
Question 16:
HOTSPOT
You have several Azure App Service web apps that use Azure Key Vault to store data encryption keys. Several departments have the following requests to support the web app:
Which service should you recommend for each department\’s request? To answer, configure the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 17:
HOTSPOT
You are designing an access policy for your company.
Occasionally, the developers at the company must stop, start, and restart Azure virtual machines. The development team changes often.
You need to recommend a solution to provide the developers with the required access to the virtual machines. The solution must meet the following requirements:
1. Provide permissions only when needed.
2. Use the principle of least privilege.
3. Minimize costs.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 18:
The accounting department at your company migrates to a new financial accounting software. The accounting department must keep file-based database backups for seven years for compliance purposes. It is unlikely that the backups will be used to recover data.
You need to move the backups to Azure. The solution must minimize costs. Where should you store the backups?
A. Azure Blob storage that uses the Archive tier
B. Azure SQL Database
C. Azure Blob storage that uses the Cool tier
D. a Recovery Services vault
Correct Answer: A
Azure Front Door enables you to define, manage, and monitor the global routing for your web traffic by optimizing for best performance and instant global failover for high availability. With Front Door, you can transform your global (multiregion) consumer and enterprise applications into robust, high-performance personalized modern applications, APIs, and content that reaches a global audience with Azure.
Front Door works at Layer 7 or the HTTP/HTTPS layer and uses anycast protocol with split TCP and Microsoft\’s global network for improving global connectivity.
Incorrect Answers:
B: Azure Traffic Manager uses DNS (layer 3) to shape traffic. SSL works at Layer 6.
Azure Traffic Manager can direct customers to their closest AKS cluster and application instance. For the best performance and redundancy, direct all application traffic through Traffic Manager before it goes to your AKS cluster.
Reference: https://docs.microsoft.com/en-us/azure/frontdoor/front-door-overview
Question 19:
You are designing an order processing system in Azure that will contain the Azure resources shown in the following table.
The order processing system will have the following transaction flow:
1. A customer will place an order by using App1.
2. When the order is received, App1 will generate a message to check for product availability at vendor 1 and vendor 2.
3. An integration component will process the message, and then trigger either Function1 or Function2 depending on the type of order. Once a vendor confirms the product availability, a status message for App1 will be generated by Function1 or Function2.
4. All the steps of the transaction will be logged to storage1.
Which type of resource should you recommend for the integration component? Which type of resource should you recommend for the integration component?
A. an Azure Data Factory pipeline
B. an Azure Service Bus queue
C. an Azure Event Grid domain
D. an Azure Event Hubs capture
Correct Answer: A
A data factory can have one or more pipelines. A pipeline is a logical grouping of activities that together perform a task.
The activities in a pipeline define actions to perform on your data.
Data Factory has three groupings of activities: data movement activities, data transformation activities, and control activities. Azure Functions is now integrated with Azure Data Factory, allowing you to run an Azure function as a step in your
data factory pipelines.
Reference:
https://docs.microsoft.com/en-us/azure/data-factory/concepts-pipelines-activities
Question 20:
You plan to use an Azure Storage account to store data assets.
You need to recommend a solution that meets the following requirements:
Supports immutable storage
Disables anonymous access to the storage account Supports access control list (ACL)-based Azure AD permissions What should you include in the recommendation?
A. Azure Files
B. Azure Data Lake Storage
C. Azure NetApp Files
D. Azure Blob Storage
Correct Answer: C
*
An invaluable feature of NetApp Snapshot copies is their innate immutability. They can’t be changed. This is especially important because an increasing number of ransomware attacks involve attackers encrypting your data and holding the
key hostage.
*
docs.netapp.com. ONTAP, Configure access restrictions for anonymous users
By default, an anonymous, unauthenticated user (also known as the null user) can access certain information on the network. You can use an SMB server option to configure access restrictions for the anonymous user.
*
Azure NetApp Files supports access control lists (ACLs) on NFSv4.1 volumes. ACLs provide granular file security via NFSv4.1.
ACLs contain access control entities (ACEs), which specify the permissions (read, write, etc.) of individual users or groups. When assigning user roles, provide the user email address if you\’re using a Linux VM joined to an Active Directory
Domain. Otherwise, provide user IDs to set permissions.
Reference:
https://www.netapp.com/blog/protect-google-cloud-with-snapshot https://docs.netapp.com/us-en/ontap/smb-admin/configure-access-restrictions-anonymous-users-task.html https://learn.microsoft.com/en-us/azure/azure-netapp-files/configure-access-control-lists
Question 21:
HOTSPOT
You need to recommend a solution to ensure that App1 can access the third-party credentials and access strings. The solution must meet the security requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Scenario: Security Requirement
All secrets used by Azure services must be stored in Azure Key Vault.
Services that require credentials must have the credentials tied to the service instance. The credentials must NOT be shared between services.
Box 1: A service principal
A service principal is a type of security principal that identifies an application or service, which is to say, a piece of code rather than a user or group. A service principal\’s object ID is known as its client ID and acts like its username. The service
principal\’s client secret acts like its password.
Note: Authentication with Key Vault works in conjunction with Azure Active Directory (Azure AD), which is responsible for authenticating the identity of any given security principal.
A security principal is an object that represents a user, group, service, or application that\’s requesting access to Azure resources. Azure assigns a unique object ID to every security principal.
Box 2: A role assignment
You can provide access to Key Vault keys, certificates, and secrets with an Azure role-based access control.
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/authentication
Question 22:
HOTSPOT
You have an Azure Resource Manager template named Template1 in the library as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-syntax
Question 23:
HOTSPOT
You have an Azure subscription that contains 300 Azure virtual machines that run Windows Server 2016.
You need to centrally monitor all warning events in the System logs of the virtual machines.
What should you include in the solutions? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
References: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows
Question 24:
You have an app named App1 that uses an on-premises Microsoft SQL Server database named DB1.
You plan to migrate DB1 to an Azure SQL-managed instance.
You need to enable customer-managed Transparent Data Encryption (TDE) for the instance. The solution must maximize encryption strength.
Which type of encryption algorithm and key length should you use for the TDE protector?
A. AES256
B. RSA4096
C. RSA2048
D. RSA3072
Correct Answer: D
Question 25:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that uses data from two on-premises Microsoft SQL Server databases named DB1 and DB2.
You plan to move DB1 and DB2 to Azure.
You need to implement Azure services to host DB1 and DB2. The solution must support server-side transactions across DB1 and DB2.
Solution: You deploy DB1 and DB2 as Azure SQL databases on the same Azure SQL Database server.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Instead, deploy DB1 and DB2 to SQL Server on an Azure virtual machine.
Note: Understanding distributed transactions.
When both the database management system and client are under the same ownership (e.g. when SQL Server is deployed to a virtual machine), transactions are available and the lock duration can be controlled.
Reference:
https://docs.particular.net/nservicebus/azure/understanding-transactionality-in-azure
Question 26:
HOTSPOT
You plan to develop a new app that will store business-critical data. The app must meet the following requirements:
1. Prevent new data from being modified for one year.
2. Minimize read latency.
3. Maximize data resiliency.
You need to recommend a storage solution for the app.
What should you recommend? To answer, select the appropriate options in the answer area.
Hot Area:
Correct Answer:
Box 1:
BlockBlobStorage
Storage accounts with premium performance characteristics for block blobs and append blobs.
Box 2:
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
Question 27:
You are developing an app that will use Azure Functions to process Azure Event Hub events. Request processing is estimated to take between five and 20 minutes. You need to recommend a hosting solution that meets the following requirements:
1. Supports estimates of request processing runtimes
2. Supports event-driven autoscaling for the app Which hosting plan should you recommend?
A. Consumption
B. App Service
C. Dedicated
D. Premium
Correct Answer: B
Question 28:
HOTSPOT
You have an Azure logic app named App1 and an Azure Service Bus queue named Queue1.
You need to ensure that App1 can read messages from Queue1. App1 must authenticate by using Azure Active Directory (Azure AD).
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
On App1: Turn on the managed identity
To use Service Bus with managed identities, you need to assign the identity the role and the appropriate scope. The procedure in this section uses a simple application that runs under a managed identity and accesses Service Bus resources.
Once the application is created, follow these steps:
Go to Settings and select Identity.
Select the Status to be On.
Select Save to save the setting.
On Queue1: Configure Access Control (IAM)
Azure Active Directory (Azure AD) authorizes access rights to secured resources through role-based access control (RBAC). Azure Service Bus defines a set of built-in RBAC roles that encompass common sets of permissions used to access
Service Bus entities and you can also define custom roles for accessing the data.
Assign RBAC roles using the Azure portal
In the Azure portal, navigate to your Service Bus namespace. Select Access Control (IAM) on the left menu to display access control settings for the namespace. If you need to create a Service Bus namespace.
Select the Role Assignments tab to see the list of role assignments. Select the Add button on the toolbar and then select Add role assignment.
Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/authenticate-application
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-managed-service-identity
More Microsoft exam questions. . .
With practice questions, do you still want more AZ-305 exam study resources, rest assured, understand you.
Microsoft Azure AZ-305 learning resource Integration 2024 new update
To cater to everyone’s preferences, we have three styles for you: video, document, and book.
Video:
- Preparing for AZ-305 – Design identity, governance, and monitoring solutions (1 of 4)
- Preparing for AZ-305 – Design data storage solutions (2 of 4)
- Preparing for AZ-305 – Design business continuity solutions (3 of 4)
- Preparing for AZ-305 – Design infrastructure solutions (4 of 4)
Document:
- Exam AZ-305: Designing Microsoft Azure Infrastructure Solutions – Certifications
- Microsoft Certified: Azure Solutions Architect Expert – Certifications
Book:
- Exam Ref AZ-305 Designing Microsoft Azure Infrastructure Solutions
- Microsoft Azure Infrastructure Services for Architects: Designing Cloud Solutions
- Mastering Microsoft Azure Infrastructure Services
- Microsoft Azure security infrastructure
Exam AZ-305 has just been updated and you need to pay attention
The exam will be updated on January 22, 2024, and you should keep an eye out for any changes in the focus of the exam.
In addition, this change also requires that you pass the AZ-305 exam as soon as possible. Otherwise, it will be more difficult.
Answer hot questions: About exam AZ-305
How do you understand AZ-303, AZ-304 and AZ-305?
The focus of the three is very different. AZ-303 is more focused on Azure infrastructure, AZ-304 is more focused on designing solutions using Azure, and AZ-305 is more focused on Azure identity and access management.
Is it well-paid to pass the AZ-305 exam?
According to the Global Knowledge IT Skills and Salary Survey, the AZ-305 exam is one of the most challenging and highest-paying certifications in the cloud field. High salary.
Can I bypass AZ-104 and take the AZ-305 exam?
You can take the AZ-305 exam, but you will not be able to earn the Azure Solutions Architect Expert certification without first passing the AZ-104 exam.
Okay, so let’s summarize it after writing this.
AZ-305 dumps 2024 practice questions can help you more so you need to get it as soon as as possible.
Come now https://www.pass4itsure.com/az-305.html Download the New AZ-305 dumps 2024 ( PDF or VCE Format) Practice new AZ-305 exam questions 2024 for the Designing Microsoft Azure Infrastructure Solutions exam!