Microsoft - AZ-305: Designing Microsoft Azure Infrastructure Solutions
Sample Questions
Question: 349
Measured Skill: Design identity, governance, and monitoring solutions (25-30%)
You have 100 Azure Storage accounts.
Access to the accounts is restricted by using Azure role-based access control (Azure RBAC) assignments.
You need to recommend a solution that uses role assignment conditions based on the tags assigned to individual resources within the storage accounts.
What should you include in the recommendation?
(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
| A | Implement role assignment conditions by using: Access control lists (ACLs)
Assign permissions to: Blobs |
| B | Implement role assignment conditions by using: Access control lists (ACLs)
Assign permissions to: Tables |
| C | Implement role assignment conditions by using: Attribute-based access control (ABAC)
Assign permissions to: Files |
| D | Implement role assignment conditions by using: Attribute-based access control (ABAC)
Assign permissions to: Blobs |
| E | Implement role assignment conditions by using: Shared access signatures (SAS)
Assign permissions to: Tables |
| F | Implement role assignment conditions by using: Shared access signatures (SAS)
Assign permissions to: Files |
Correct answer: DExplanation:
Attribute-based access control (ABAC) is an authorization system that defines access based on attributes associated with security principals, resources, and the environment of an access request. With ABAC, you can grant a security principal access to a resource based on attributes. Azure ABAC refers to the implementation of ABAC for Azure.
Azure role-based access control (Azure RBAC) is an authorization system that helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. In most cases, Azure RBAC will provide the access management you need by using role definitions and role assignments. However, in some cases you might want to provide more fine-grained access management or simplify the management of hundreds of role assignments.
Azure ABAC builds on Azure RBAC by adding role assignment conditions based on attributes in the context of specific actions. A role assignment condition is an additional check that you can optionally add to your role assignment to provide more fine-grained access control. A condition filters down permissions granted as a part of the role definition and role assignment. For example, you can add a condition that requires an object to have a specific tag to read the object. You cannot explicitly deny access to specific resources using conditions.
Currently, conditions can be added to built-in or custom role assignments that have blob storage or queue storage data actions.
Reference: What is Azure attribute-based access control (Azure ABAC)?
Question: 350
Measured Skill: Design data storage solutions (25-30%)
You have an Azure subscription.
You need to deploy a relational database. The solution must meet the following requirements:
- Support multiple read-only replicas.
- Automatically load balance read-only requests across all the read- only replicas.
- Minimize administrative effort.
What should you use?
(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
| A | Service: A single Azure SQL database
Service tier: Hyperscale |
| B | Service: A single Azure SQL database
Service tier: Premium |
| C | Service: An Azure SQL Database elastic pool
Service tier: Business Critical |
| D | Service: An Azure SQL Database elastic pool
Service tier: Hyperscale |
| E | Service: Azure SQL Managed Instances
Service tier: Business Critical |
| F | Service: Azure SQL Managed Instances
Service tier: Premium |
Correct answer: AExplanation:
As part of High Availability architecture, each single database or elastic pool database in the Premium and Business Critical service tier is automatically provisioned with a primary read-write replica and one or more secondary read-only replicas. The secondary replicas are provisioned with the same compute size as the primary replica. The read scale-out feature allows you to offload read-only workloads using the compute capacity of one of the read-only replicas, instead of running them on the read-write replica. This way, some read-only workloads can be isolated from the read-write workloads, and don't affect their performance. The feature is intended for the applications that include logically separated read-only workloads, such as analytics. In the Premium and Business Critical service tiers, applications could gain performance benefits using this additional capacity at no extra cost.
The read scale-out feature is also available in the Hyperscale service tier when at least one secondary replica is added. Hyperscale secondary named replicas provide independent scaling, access isolation, workload isolation, support for various read scale-out scenarios, and other benefits. Multiple secondary HA replicas can be used for load-balancing read-only workloads that require more resources than available on one secondary HA replica.
Reference: Use read-only replicas to offload read-only query workloads
Question: 351
Measured Skill: Design infrastructure solutions (25-30%)
You have an Azure subscription.
You are designing a solution for containerized apps. The solution must meet the following requirements:
- Automatically scale the apps by creating additional instances.
- Minimize administrative effort to maintain nodes and clusters.
- Ensure that containerized apps are highly available across multiple availability zones.
- Provide a central location for the lifecycle management and storage of container images.
What should you include in the solution?
(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
| A | To run the containerized apps: Azure Container Apps
For the lifecycle management and storage of container images: Azure Container Apps |
| B | To run the containerized apps: Azure Container Apps
For the lifecycle management and storage of container images: Azure Container Registry |
| C | To run the containerized apps: Azure Container Instances
For the lifecycle management and storage of container images: Azure Service Fabric |
| D | To run the containerized apps: Azure Container Registry
For the lifecycle management and storage of container images: Azure Container Apps |
| E | To run the containerized apps: Azure Kubernetes Service (AKS)
For the lifecycle management and storage of container images: Azure Container Instances |
| F | To run the containerized apps: Azure Kubernetes Service (AKS)
For the lifecycle management and storage of container images: Azure Container Registry |
Correct answer: BExplanation:
Azure Container Apps is a serverless platform that allows you to maintain less infrastructure and save costs while running containerized applications. Instead of worrying about server configuration, container orchestration, and deployment details, Container Apps provides all the up-to-date server resources required to keep your applications stable and secure.
Common uses of Azure Container Apps include:
- Deploying API endpoints
- Hosting background processing jobs
- Handling event-driven processing
- Running microservices
Additionally, applications built on Azure Container Apps can dynamically scale based on the following characteristics:
- HTTP traffic
- Event-driven processing
- CPU or memory load
- Any KEDA-supported scaler
Azure Container Apps uses availability zones in regions where they're available.
You can deploy images hosted on private registries by providing credentials in the Container Apps configuration.
References:
Azure Container Apps overview
Reliability in Azure Container Apps
Set scaling rules in Azure Container Apps
Container registries
Question: 352
Measured Skill: Design infrastructure solutions (25-30%)
You have an on-premises datacenter named Site1. Site1 contains a VMware vSphere cluster named Cluster1 that hosts 100 virtual machines. Cluster1 is managed by using VMware vCenter.
You have an Azure subscription named Sub1.
You plan to migrate the virtual machines from Cluster1 to Sub1.
You need to identify which resources are required to run the virtual machines in Azure. The solution must minimize administrative effort.
What should you configure?
(To answer, drag the appropriate resources to the correct targets. Each resource may be used once, more than once, or not at all. NOTE: Each correct selection is worth one point.)
| A | Sub1: An Azure Migrate appliance
Cluster1: An Azure Migrate project |
| B | Sub1: An Azure Migrate project
Cluster1: An Azure Migrate appliance |
| C | Sub1: An Azure VMware Solution private cloud
Cluster1: An Azure VMware Solution host |
| D | Sub1: An Azure VMware Solution host
Cluster1: An Azure VMware Solution private cloud |
Correct answer: BExplanation:
You can migrate VMware VMs to Azure using the Migration and modernization tool. This tool offers a couple of options for VMware VM migration:
- Migration using agentless replication. Migrate VMs without needing to install anything on them.
- Migration with an agent for replication. Install an agent on the VM for replication.
We need to create an Azure Migrate project and deploy the Azure Migrate appliance on-premises.
Reference: Select a VMware migration option
Question: 353
Measured Skill: Design infrastructure solutions (25-30%)
Your on-premises datacenter contains a server named Server1 that runs Microsoft SQL Server 2022. Server1 contains a 30-TB database named DB1 that stores customer data.
Server1 runs a custom application named App1 that verifies the compliance of records in DB1. App1 must run on the same server as DB1.
You have an Azure subscription.
You need to migrate DB1 to Azure. The solution must minimize administrative effort.
To which service should you migrate DB1, and what should you use to perform the migration?
(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)
| A | Migrate to: Azure SQL Database
By using: The Azure SQL Migration extension for Azure Data Studio |
| B | Migrate to: Azure SQL Database
By using: Azure Database Migration Service |
| C | Migrate to: Azure SQL Managed Instance
By using: Azure Migrate |
| D | Migrate to: Azure SQL Managed Instance
By using: Azure Database Migration Service |
| E | Migrate to: SQL Server on Azure Virtual Machines
By using: Azure Migrate |
| F | Migrate to: SQL Server on Azure Virtual Machines
By using: The Azure SQL Migration extension for Azure Data Studio |
Correct answer: EExplanation:
Because App1 must run on the same server as DB1, we should use a SQL Server instance running on a virtual machine. To minimize administrative effort, we should use Azure MIgrate to migrate the entire server inclusing DB1 and App1.
Reference: Migrate machines as physical servers to Azure