Skip Navigation Links
 

Microsoft - AZ-304: Microsoft Azure Architect Design

Sample Questions

Question: 231
Measured Skill: Design infrastructure (25-30%)

You are designing a solution that will include containerized applications running in an Azure Kubernetes Service (AKS) cluster.

You need to recommend a load balancing solution for HTTPS traffic. The solution must meet the following requirements:
  • Automatically configure load balancing rules as the applications are deployed to the cluster.
  • Support Azure Web Application Firewall (WAF).
  • Support cookie-based affinity.
  • Support URL routing.
What should you include the recommendation?

AA NGINX ingress controller
B An Application Gateway Ingress Controller (AGIC)
C An HTTP application routing ingress controller
D The Kubernetes load balancer service

Correct answer: B

Explanation:

The Application Gateway Ingress Controller (AGIC) is a Kubernetes application, which makes it possible for Azure Kubernetes Service (AKS) customers to leverage Azure's native Application Gateway L7 load-balancer to expose cloud software to the Internet. AGIC monitors the Kubernetes cluster it is hosted on and continuously updates an Application Gateway, so that selected services are exposed to the Internet.

The Ingress Controller runs in its own pod on the customer’s AKS. AGIC monitors a subset of Kubernetes Resources for changes. The state of the AKS cluster is translated to Application Gateway specific configuration and applied to the Azure Resource Manager (ARM).

AGIC helps eliminate the need to have another load balancer/public IP in front of the AKS cluster and avoids multiple hops in your datapath before requests reach the AKS cluster. Application Gateway talks to pods using their private IP directly and does not require NodePort or KubeProxy services. This also brings better performance to your deployments.

Ingress Controller is supported exclusively by Standard_v2 and WAF_v2 SKUs, which also brings you autoscaling benefits. Application Gateway can react in response to an increase or decrease in traffic load and scale accordingly, without consuming any resources from your AKS cluster.

Using Application Gateway in addition to AGIC also helps protect your AKS cluster by providing TLS policy and Web Application Firewall (WAF) functionality.

AGIC is configured via the Kubernetes Ingress resource, along with Service and Deployments/Pods. It provides a number of features, leveraging Azure’s native Application Gateway L7 load balancer. To name a few:

  • URL routing
  • Cookie-based affinity
  • TLS termination
  • End-to-end TLS
  • Support for public, private, and hybrid web sites
  • Integrated web application firewall

References:

What is Application Gateway Ingress Controller?

Azure Application Gateway features



Question: 232
Measured Skill: Design data storage (15-20%)

You have an application named App1. App1 generates log files that must be archived for five years. The log files must be readable by App1 but must not be modified.

Which storage solution should you recommend for archiving?

AIngest the log files into an Azure Log Analytics workspace.
B Use an Azure Blob storage account and a time-based retention policy.
C Use an Azure Blob storage account configured to use the Archive access tier.
D Use an Azure file share that has access control enabled.

Correct answer: B

Explanation:

We should use Azure Blob storage and configure a time-based retention policy (immutable storage). Immutable storage for Azure Blob storage enables users to store business-critical data objects in a WORM (Write Once, Read Many) state. This state makes the data non-erasable and non-modifiable for a user-specified interval. For the duration of the retention interval, blobs can be created and read, but cannot be modified or deleted. Immutable storage is available for general-purpose v1, general-purpose v2, premium block blob, and legacy blob accounts in all Azure regions.

Reference: Store business-critical blob data with immutable storage



Question: 233
Measured Skill: Design infrastructure (25-30%)

You have an Azure subscription that contains a Windows Virtual Desktop tenant. You need to recommend a solution to meet the following requirements:
  • Start and stop Windows Virtual Desktop session hosts based on business hours.
  • Scale out Windows Virtual Desktop session hosts when required.
  • Minimize compute costs.
What should you include in the recommendation?

AMicrosoft Intune
B A Windows Virtual Desktop automation task
C Azure Automation
D Azure Service Health

Correct answer: C

Explanation:

You can reduce your total Azure Virtual Desktop deployment cost by scaling your virtual machines (VMs). This means shutting down and deallocating session host VMs during off-peak usage hours, then turning them back on and reallocating them during peak hours.

The scaling tool provides a low-cost automation option for customers who want to optimize their session host VM costs.

You can use the scaling tool to:

  • Schedule VMs to start and stop based on Peak and Off-Peak business hours.
  • Scale out VMs based on number of sessions per CPU core.
  • Scale in VMs during Off-Peak hours, leaving the minimum number of session host VMs running.

The scaling tool uses a combination of an Azure Automation account, a PowerShell runbook, a webhook, and the Azure Logic App to function. When the tool runs, Azure Logic App calls a webhook to start the Azure Automation runbook. The runbook then creates a job.

During peak usage time, the job checks the current number of sessions and the VM capacity of the current running session host for each host pool. It uses this information to calculate if the running session host VMs can support existing sessions based on the SessionThresholdPerCPU parameter defined for the CreateOrUpdateAzLogicApp.ps1 file. If the session host VMs can't support existing sessions, the job starts additional session host VMs in the host pool.

During the off-peak usage time, the job determines how many session host VMs should be shut down based on the MinimumNumberOfRDSH parameter. If you set the LimitSecondsToForceLogOffUser parameter to a non-zero positive value, the job will set the session host VMs to drain mode to prevent new sessions from connecting to the hosts. The job will then notify any currently signed in users to save their work, wait the configured amount of time, and then force the users to sign out. Once all user sessions on the session host VM have been signed out, the job will shut down the VM. After the VM shuts down, the job will reset its session host drain mode.

Reference: Scale session hosts using Azure Automation



Question: 234
Measured Skill: Design infrastructure (25-30%)

Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.

You plan to deploy multiple instances of an Azure web app across several Azure regions.

You need to design an access solution for the app. The solution must meet the following requirements:
  • Support rate limiting.
  • Balance requests between all instances.
  • Ensure that users can access the app in the event of a regional outage.
Solution: You use Azure Front Door to provide access to the app.

Does this meet the goal?

AYes
B No

Correct answer: A

Explanation:

We need to choose a load-balancing services that allows to distribute traffic from our end users across our backends in different regions. Both Azure Front Door and Azure Traffic Manager enable distribution to backends in different Azure regions. However, unlike Azure Front Door, Azure Traffic Manager does not support rate limiting. The rate limit rule for Azure Front Door controls the number of requests allowed from clients during a one-minute duration.

Microsoft Azure provides various global and regional services for managing how your network traffic is distributed and load balanced:

  • Application Gateway
  • Front Door
  • Load Balancer
  • Traffic Manager

Along with Azure’s many regions and zonal architecture, using these services together can enable you to build robust, scalable, and high-performance applications.

These services are broken into two categories:

  1. Global load-balancing services such as Traffic Manager and Front Door distribute traffic from your end users across your regional backends, across clouds and even your hybrid on-premises services. Global load balancing routes your traffic to your closest service backend and reacts to changes in service reliability to maintain always-on availability and high performance for your users.
  2. Regional load-balancing services such as Load Balancers and Application Gateways provide the ability to distribute traffic to virtual machines (VMs) within a virtual network (VNETs) or service endpoints within a region.

When you combine these global and regional services, your application will benefit from reliable and secured end-to-end traffic that gets sent from your end users to your IaaS, PaaS, or on-premises services.

Choosing a global load balancer

When choosing a global load balancer between Traffic Manager and Azure Front Door for global routing, you should consider what’s similar and what’s different about the two services. Both services provide

  • Multi-geo redundancy: If one region goes out of service, traffic seamlessly routes to the closest region without any intervention from the application owner.
  • Closest region routing: Traffic is automatically routed to the closest region

The following table describes the differences between Traffic Manager and Azure Front Door:

Reference: Load-balancing with Azure’s application delivery suite



Question: 235
Measured Skill: Design infrastructure (25-30%)

Note: This question is part of a series of questions that present the same scenario. Each questions in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.

You plan to deploy multiple instances of an Azure web app across several Azure regions.

You need to design an access solution for the app. The solution must meet the following requirements:
  • Support rate limiting.
  • Balance requests between all instances.
  • Ensure that users can access the app in the event of a regional outage.
Solution: You use Azure Load Balancer to provide access to the app.

Does this meet the goal?

AYes
B No

Correct answer: B

Explanation:

We need to choose a load-balancing services that allows to distribute traffic from our end users across our backends in different regions. Both Azure Front Door and Azure Traffic Manager enable distribution to backends in different Azure regions. However, unlike Azure Front Door, Azure Traffic Manager does not support rate limiting. The rate limit rule for Azure Front Door controls the number of requests allowed from clients during a one-minute duration.

Microsoft Azure provides various global and regional services for managing how your network traffic is distributed and load balanced:

  • Application Gateway
  • Front Door
  • Load Balancer
  • Traffic Manager

Along with Azure’s many regions and zonal architecture, using these services together can enable you to build robust, scalable, and high-performance applications.

These services are broken into two categories:

  1. Global load-balancing services such as Traffic Manager and Front Door distribute traffic from your end users across your regional backends, across clouds and even your hybrid on-premises services. Global load balancing routes your traffic to your closest service backend and reacts to changes in service reliability to maintain always-on availability and high performance for your users.
  2. Regional load-balancing services such as Load Balancers and Application Gateways provide the ability to distribute traffic to virtual machines (VMs) within a virtual network (VNETs) or service endpoints within a region.

When you combine these global and regional services, your application will benefit from reliable and secured end-to-end traffic that gets sent from your end users to your IaaS, PaaS, or on-premises services.

Choosing a global load balancer

When choosing a global load balancer between Traffic Manager and Azure Front Door for global routing, you should consider what’s similar and what’s different about the two services. Both services provide

  • Multi-geo redundancy: If one region goes out of service, traffic seamlessly routes to the closest region without any intervention from the application owner.
  • Closest region routing: Traffic is automatically routed to the closest region

The following table describes the differences between Traffic Manager and Azure Front Door:

Reference: Load-balancing with Azure’s application delivery suite





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2021 by cert2brain.com