Skip Navigation Links
 

Microsoft - AZ-305: Designing Microsoft Azure Infrastructure Solutions

Sample Questions

Question: 203
Measured Skill: Design infrastructure solutions (25-30%)

Your company has an on-premises Windows HPC cluster. The cluster runs a parallel, compute-intensive workload that performs financial risk modeling.

You plan to migrate the workload to Azure Batch.

You need to design a solution that will support the workload. The solution must meet the following requirements:
  • Support the large-scale parallel execution of Azure Batch jobs.
  • Minimize cost.
What should you include in the solution?

ALow-priority virtual machines
B Av2-series virtual machines
C Azure virtual machine sizes that support the Message Passing interface (MPI) API
D Burstable virtual machines

Correct answer: A

Explanation:

Use Azure Batch to run large-scale parallel and high-performance computing (HPC) batch jobs efficiently in Azure. Azure Batch creates and manages a pool of compute nodes (virtual machines), installs the applications you want to run, and schedules jobs to run on the nodes. There's no cluster or job scheduler software to install, manage, or scale. Instead, you use Batch APIs and tools, command-line scripts, or the Azure portal to configure, manage, and monitor your jobs.

Azure Batch offers low-priority virtual machines (VMs) to reduce the cost of Batch workloads. Low-priority VMs make new types of Batch workloads possible by enabling a large amount of compute power to be used for a very low cost.

Low-priority VMs take advantage of surplus capacity in Azure. When you specify low-priority VMs in your pools, Azure Batch can use this surplus, when available.

The tradeoff for using low-priority VMs is that those VMs may not always be available to be allocated, or may be preempted at any time, depending on available capacity. For this reason, low-priority VMs are most suitable for batch and asynchronous processing workloads where the job completion time is flexible and the work is distributed across many VMs.

Low-priority VMs are offered at a significantly reduced price compared with dedicated VMs.

References:

Use low-priority VMs with Batch

General purpose virtual machine sizes



Question: 204
Measured Skill: Design identity, governance, and monitoring solutions (25-30%)

You have 200 resource groups across 20 Azure subscriptions. Your company's security policy states that the security administrator must verify all assignments of the Owner role for the subscriptions and resource groups once a month.

All assignments that are not approved by the security administrator must be removed automatically. The security administrator must be prompted every month to perform the verification.

What should you use to implement the security policy?

AAccess reviews in identity Governance.
B Role assignments in Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
C Identity Secure Score in Azure Active Directory Security.
D The user risk policy in Azure Active Directory (Azure AD) Identity Protection.

Correct answer: A

Explanation:

Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments. User's access can be reviewed on a regular basis to make sure only the right people have continued access.

Azure Active Directory (Azure AD) Access Reviews help your organization keep the network more secure by managing its resource access lifecycle. With Access Reviews, you can:

  • Schedule regular reviews or perform ad-hoc reviews to see who has access to specific resources, such as applications and groups

  • Track reviews for insights, compliance, or policy reasons

  • Delegate reviews to specific admins, business owners, or end-users who can self-attest to the need for continued access

  • Use the insights to efficiently determine if users should continue to have access

  • Automate review outcomes, such as removing users’ access to resources

References:

What are Azure AD access reviews?

Planning Azure Active Directory Access Reviews deployment



Question: 205
Measured Skill: Design identity, governance, and monitoring solutions (25-30%)

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains several administrative user accounts.

You need to recommend a solution to identify which administrative user accounts have NOT signed in during the previous 30 days.

Which service should you include in the recommendation?

AAzure AD Identity Protection
B Azure AD Privileged identity Management (PIM)
C Azure Advisor
D Azure Activity log

Correct answer: B

Explanation:

We should create an access review for administrative Azure AD roles in Azure Privileged Identity Management to see which role members have not signed in within the last 30 days. The generated report shows for each user whether they have logged in in the last 30 days or not.

Depending on what you want to review, you will create your access review in Azure AD access reviews, Azure AD enterprise apps (in preview), or Azure AD PIM.

Access reviews for Azure AD roles can only be created in Azure AD PIM.



Reference: What are Azure AD access reviews?

Question: 206
Measured Skill: Design data storage solutions (25-30%)

You have an Azure subscription that contains the resources shown in the following table.



You need to archive the diagnostic data for VNET1 for 365 days. The solution must minimize costs.

Where should you archive the data?

AWorkspace1
B storage1
C storage2

Correct answer: B

Explanation:

Diagnostic setting define the following criteria:

  • Categories of logs and metric data sent to the destinations defined in the setting. The available categories will vary for different resource types.
  • One or more destinations to send the logs. Current destinations include Log Analytics workspace, Event Hubs, and Azure Storage.

A single diagnostic setting can define no more than one of each of the destinations. If you want to send data to more than one of a particular destination type (for example, two different Log Analytics workspaces), then create multiple settings. Each resource can have up to 5 diagnostic settings.

Platform logs and metrics can be sent to the destinations in the following table.

The storage account must reside in the same region as the resource.

Reference: Create diagnostic settings to send platform logs and metrics to different destinations



Question: 207
Measured Skill: Design identity, governance, and monitoring solutions (25-30%)

You plan to create an Azure environment that will have a root management group and five child management groups. Each child management group will contain five Azure subscriptions. You plan to have between 10 and 30 resource group in each subscription.

You need to design a solution for the planned environment. The solution must meet the following requirements:
  • Prevent users who are assigned the Owner role for the subscriptions from deleting the resource groups from their respective subscription.
  • Ensure that you can update RBAC role assignments across all the subscriptions and resource groups.
  • Minimize administrative effort.
What should you include in the solution?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AUpdate the RBAC role assignments: Azure Security Center
Prevent the deletion of the resource groups: Resource locks at the subscription level
B Update the RBAC role assignments: Azure Security Center
Prevent the deletion of the resource groups: Resource locks at the resource group level
C Update the RBAC role assignments: Azure Blueprints
Prevent the deletion of the resource groups: Azure Blueprints assignments that set the locking mode at the subscription level
D Update the RBAC role assignments: Azure Blueprints
Prevent the deletion of the resource groups: Resource locks at the subscription level
E Update the RBAC role assignments: Azure Policy
Prevent the deletion of the resource groups: Resource locks at the resource group level
F Update the RBAC role assignments: Azure Policy
Prevent the deletion of the resource groups: Azure Blueprints assignments that set the locking mode at the subscription level

Correct answer: C

Explanation:

Just as a blueprint allows an engineer or an architect to sketch a project's design parameters, Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization's standards, patterns, and requirements. Azure Blueprints makes it possible for development teams to rapidly build and stand up new environments with trust they're building within organizational compliance with a set of built-in components, such as networking, to speed up development and delivery.

Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as:

  • Role Assignments
  • Policy Assignments
  • Azure Resource Manager templates (ARM templates)
  • Resource Groups

Blueprints are assigned to subscriptions.

The Azure Blueprint locking mode applies to the blueprint assignment and it has three options: Don't Lock, Read Only, or Do Not Delete. The locking mode is configured during artifact deployment during a blueprint assignment. A different locking mode can be set by updating the blueprint assignment. Locking modes, however, can't be changed outside of Azure Blueprints.

References:

What is Azure Blueprints?

Understand resource locking in Azure Blueprints





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2022 by cert2brain.com