Skip Navigation Links
 

Microsoft - AZ-304: Microsoft Azure Architect Design

Sample Questions

Question: 254
Measured Skill: Design monitoring (10-15%)
Note: This questions is based on a case study. The case study is not shown in this demo.

You plan to migrate App1 to Azure.

You need to estimate the compute costs for App1 in Azure. The solution must meet the security and compliance requirements.

What should you use to estimate the costs, and what should you implement to minimize the costs?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

ATo estimate the costs, use: Azure Advisor
Implement: Azure Spot Virtual Machine pricing
B To estimate the costs, use: Azure Advisor
Implement: Azure Reservations
C To estimate the costs, use: The Azure Cost Management Power BI app
Implement: Azure Hybrid Benefit
D To estimate the costs, use: The Azure Cost Management Power BI app
Implement: Azure Reservations
E To estimate the costs, use: The Azure Total Cost of Ownership (TCO) calculator
Implement: Azure Hybrid Benefit
F To estimate the costs, use: The Azure Total Cost of Ownership (TCO) calculator
Implement: Azure Spot Virtual Machine pricing

Correct answer: E

Explanation:

The Security and Compliance Requirements section contains the following:

App1 must not share physical hardware with other workloads.

The Total Cost of Ownership (TCO) Calculator estimate the cost savings you can realize by migrating your workloads to Azure.

Difference between Azure Pricing Calculator and Total Cost of Ownership (TCO) Calculator
The Azure Pricing Calculator is used to get pricing when you know exactly what you need in Azure, or want to look up pricing for the resources you know about.
The TCO Calculator is meant when you want to estimate how much it would cost to move your resources from on-premises to Azure, by inputting what you are currently using, and letting it convert that into Azure equivalence.

From the scenario we know that all Azure subscriptions are in an Enterprise Agreement (EA). This entitles the company for Azure Hybrid Benefit. Azure Hybrid Benefit is a cost-savings benefit that lets you bring your existing on-premises Windows Server and SQL Server licenses with active Software Assurance or subscriptions to Azure.

Azure Hybrid Benefit for Windows Server in Azure Dedicated Host can be used in three ways:

  • Windows Server Standard edition
    Each two-processor license or set of 16-core licenses are entitled to two instances of up to 8 cores, or one instance of up to 16 cores in Azure Dedicated Host services. To qualify for the benefit, this license must be used either on-premises or in Azure—you'll get 180 days of concurrent use rights while migrating servers.

  • Windows Server Datacenter edition for virtual machines
    Choose to apply your Azure Hybrid Benefit to individual virtual machines or to the entire host. When licensing individual virtual machines, each two-processor license or each set of 16-core licenses is entitled to two instances of up to 8 cores, or one instance of up to 16 cores in Azure Dedicated Host services. When allocated to Azure Dedicated Host services by virtual machines, this license allows for simultaneous usage on-premises and in Azure.

  • Windows Server Datacenter edition for a physical host
    When you license the cores at the host level, this licenses provides unlimited virtualization rights. Unlike licensing for virtual machines, however, licensing for a physical host must be used either on-premises or in Azure. You'll get 180 days of concurrent use rights while migrating servers.

References:

Total Cost of Ownership (TCO) Calculator

Azure Hybrid Benefit FAQ



Question: 255
Measured Skill: Design data storage (15-20%)
Note: This questions is based on a case study. The case study is not shown in this demo.

You migrate App1 to Azure.

You need to ensure that the data storage for App1 meets the security and compliance requirements.

What should you do?

ACreate Azure RBAC assignments.
B Create an access policy for the blob service.
C Modify the access level of the blob service.
D Implement Azure resource locks.

Correct answer: B

Explanation:

The Security and Compliance Requirements section contains the following:

Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.

We should add a time-based immutable blob storage policy to the blob container's access policy and then lock the policy.



Question: 256
Measured Skill: Design data storage (15-20%)
Note: This questions is based on a case study. The case study is not shown in this demo.

You plan to migrate App1 to Azure.

You need to implement the storage for App1 in Azure. The solution must meet the security and compliance requirements.

What should you use?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AStorage account kind: FileStorage
Configuration: NFSv3
B Storage account kind: FileStorage
Configuration: Large file shares
C Storage account kind: BlobStorage
Configuration: Hierachical namespace
D Storage account kind: BlobStorage
Configuration: NFSv3
E Storage account kind: StorageV2 (general purpose v2)
Configuration: Large file shares
F Storage account kind: StorageV2 (general purpose v2)
Configuration: Hierachical namespace

Correct answer: C

Explanation:

The Security and Compliance Requirements section contains the following:

Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.

From the On-premises Environment section we know, that App1 uses an external storage solution that provides Apache Hadoop-compatible storage.

Hadoop is an open-source software framework for storing data and running applications on clusters of commodity hardware. It provides massive storage for any kind of data, enormous processing power and the ability to handle virtually limitless concurrent tasks or jobs.

Azure Blob Storage provides an Hadoop compatible interface that supports two kinds of blobs, block blobs and page blobs. The Hadoop File System (HDFS) supports a traditional hierarchical file organization. Cloud storage services are focused on object storage that have a flat namespace and extensive metadata instead of file systems that provide a hierarchical namespace. To support compatibility we have to enable hierarchical namespace when creating the BlobStorage account.

Reference: Hadoop Azure Support: Azure Blob Storage



Question: 257
Measured Skill: Design identity and security (25-30%)
Note: This questions is based on a case study. The case study is not shown in this demo.

You need to implement the Azure RBAC role assignments. The solution must meet the authentication and authorization requirements.

How many assignments should you configure for the Network Contributor role and for Role1?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

ANetwork Contributor: 1
Role1: 1
B Network Contributor: 1
Role1: 2
C Network Contributor: 2
Role1: 2
D Network Contributor: 15
Role1: 2
E Network Contributor: 15
Role1: 15
F Network Contributor: 1
Role1: 15

Correct answer: C

Explanation:

The Authentication and Authorization Requirements section contains the following:

The Network Contributor built-in RBAC role must be used to grant permission to all the virtual networks in all the Azure subscriptions.
Role1 must be used to assign permissions to the storage accounts of all the Azure subscriptions.
RBAC roles must be applied at the highest level possible.

From the scenario we know that Litware has two Azure tenants. One tenant with 10 subscriptions and one tenant with five subscriptions. We can organize the subscriptions of the two tenants in a management group each and assign users to the Network Contributor role or to Role1 at the management group level.



Question: 258
Measured Skill: Design identity and security (25-30%)

You have a resource group named RG1 that contains the objects shown in the following table.



You need to configure permissions so that App1 can copy all the secrets from KV1 to KV2. App1 currently has the Get permission for the secrets in KV1.

Which additional permissions should you assign to App1?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

APermission to assign so that App1 can copy the secrets from KV1: None
Permission to assign so that App1 can copy the secrets to KV2: Create
B Permission to assign so that App1 can copy the secrets from KV1: Backup
Permission to assign so that App1 can copy the secrets to KV2: Import
C Permission to assign so that App1 can copy the secrets from KV1: Create
Permission to assign so that App1 can copy the secrets to KV2: List
D Permission to assign so that App1 can copy the secrets from KV1: List
Permission to assign so that App1 can copy the secrets to KV2: Import
E Permission to assign so that App1 can copy the secrets from KV1: Unwrap Key
Permission to assign so that App1 can copy the secrets to KV2: Create
F Permission to assign so that App1 can copy the secrets from KV1: Unwrap Key
Permission to assign so that App1 can copy the secrets to KV2: Wrap Key

Correct answer: A

Explanation:

The Get Secrets permission allows App1 to retrieve the secrets stored in KV1 as plain text. There are no additional permissions required to get the secret.

To ensure that App1 can copy the secrets to KV2, we need to assign the Create Key permission. The Create Key permission creates a new key, stores ist, then returns key parameters and attributes to the client.

If you want to try this in your lab, use the Postman app and the tutorial for REST API calls below.

References:

How To Access Azure Key Vault Secrets Through Rest API Using Postman

Download Postman

Azure Key Vault REST API reference





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2021 by cert2brain.com