First, let me say that the AZ-305 dumps are the best exam material for taking the Microsoft Certified: Azure Solutions Architect Expert certification exam in 2022.
Microsoft AZ-305 can be said to be a new exam product after the merger of AZ-303 and AZ-304.
If you are taking the AZ-305 Designing Microsoft Azure Infrastructure Solutions exam for the first time, you can also learn about AZ-303 Microsoft Azure Architect Technologies, and
AZ-304 Exam questions for Microsoft Azure Architect Design. You can use it as a reference to see the differences between them.
AZ-303,AZ-304,AZ-305 Difference:
Exam AZ-303: Microsoft Azure Architect Technologies
Candidates for this exam should have subject matter expertise in designing and implementing solutions that run on Microsoft Azure, including aspects like compute, network, storage, and security.
Exam AZ-304: Microsoft Azure Architect Design
Candidates for this exam should have subject matter expertise in designing and implementing solutions that run on Microsoft Azure, including aspects like compute, network, storage, and security.
Exam AZ-305: Designing Microsoft Azure Infrastructure Solutions
Candidates for this exam should have advanced experience and knowledge of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platforms, and governance. A professional in this role should manage how decisions in each area affect an overall solution. In addition, they should have experience in Azure administration, Azure development, and DevOps processes.
Did you notice anything different? AZ-305 contains all the core technologies of the past and has made some upgrades. This is definitely a good thing, first of all, candidates do not need to take two exams, which saves money to a large extent.
I have said above that if you want to view past Microsoft Certified: Azure Solutions Architect Expert exam questions you can visit, AZ-303, AZ-304 exam questions.
Now, I’m sharing the 2022 Microsoft Certified: Azure Solutions Architect Expert AZ-305 Dumps exam questions and answers to help you successfully pass the Designing Microsoft Azure Infrastructure Solutions exam on your first attempt.
leads4pass AZ-305 dumps https://www.leads4pass.com/az-305.html has experience with real exams to help you successfully pass the Designing Microsoft Azure Infrastructure Solutions exam.
Verify AZ-305 free dumps online:
QUESTION 1
HOTSPOT
You need to recommend a solution to ensure that App1 can access the third-party credentials and access strings. The solution must meet the security requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Scenario: Security Requirement
All secrets used by Azure services must be stored in Azure Key Vault.
Services that require credentials must have the credentials tied to the service instance. The credentials must NOT be shared between services.
Box 1: A service principal
A service principal is a type of security principal that identifies an application or service, which is to say, a piece of code rather than a user or group. A service principal\’s object ID is known as its client ID and acts like its username. The service principal\’s client secret acts like its password.
Note: Authentication with Key Vault works in conjunction with Azure Active Directory (Azure AD), which is responsible for authenticating the identity of any given security principal.
A security principal is an object that represents a user, group, service, or application that\’s requesting access to Azure resources. Azure assigns a unique object ID to every security principal.
Box 2: A role assignment
You can provide access to Key Vault keys, certificates, and secrets with Azure role-based access control.
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/authentication
QUESTION 2
HOTSPOT – (Topic 4)
You are designing an application that will use Azure Linux virtual machines to analyze video files. The files will be uploaded from corporate offices that connect to Azure by using ExpressRoute.
You plan to provision an Azure Storage account to host the files.
You need to ensure that the storage account meets the following requirements:
1.
Supports video files of up to 7 TB
2.
Provides the highest availability possible
3.
Ensures that storage is optimized for the large video files
4.
Ensures that files from the on-premises network are uploaded by using ExpressRoute
How should you configure the storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
QUESTION 3
You need to implement the Azure RBAC role assignments for the Network Contributor role. The solution must meet the authentication and authorization requirements. What is the minimum number of assignments that you must use?
A. 1
B. 2
C. 5
D. 10
E. 15
Correct Answer: A
Scenario: The Network Contributor built-in RBAC role must be used to grant permissions to the network administrators for all the virtual networks in all the Azure subscriptions. RBAC roles must be applied at the highest level possible.
QUESTION 4
HOTSPOT
You have an Azure App Service web app that uses a system-assigned managed identity.
You need to recommend a solution to store their settings of the web app as secrets in an Azure key vault The solution must meet the following requirements:
1.
Minimize changes to the app code,
2.
Use the principle of least privilege.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
Hot Area:
Correct Answer:
QUESTION 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App
Service instances will be deployed at the same time as the Azure SQL databases.
The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region.
You need to recommend a solution to meet the regulatory requirement.
Solution: You recommend creating resource groups based on locations and implementing resource locks on the resource groups.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Resource locks are not used for compliance purposes. Resource locks prevent changes from being made to resources.
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
QUESTION 6
You plan provision a High Performance Computing (HPC) cluster in Azure that will use a third-party scheduler.
You need to recommend a solution to provision and manage the HPC cluster node.
What should you include in the recommendation?
A. Azure Lighthouse
B. Azure CycleCloud
C. Azure Purview
D. Azure Automation
Correct Answer: B
You can dynamically provision Azure HPC clusters with Azure CycleCloud. Azure CycleCloud is the simplest way to manage HPC workloads.
Note: Azure CycleCloud is an enterprise-friendly tool for orchestrating and managing High Performance Computing
(HPC) environments on Azure. With CycleCloud, users can provision infrastructure for HPC systems, deploy familiar HPC schedulers, and automatically scale the infrastructure to run jobs efficiently at any scale. Through CycleCloud, users can create different types of file systems and mount them to the compute cluster nodes to support HPC workloads.
Reference: https://docs.microsoft.com/en-us/azure/cyclecloud/overview
QUESTION 7
Your company has an app named App1 that uses data from the on-premises Microsoft SQL Server databases shown in the following table.
App1 and the data are used on the first day of the month only. The data is not expected to grow more than 3% each year.
The company is rewriting App1 as an Azure web app and plans to migrate all the data to Azure.
You need to migrate the data to Azure SQL Database. The solution must minimize costs.
Which service tier should you use?
A. vCore-based Business Critical
B. vCore-based General Purpose
C. DTU-based Standard
D. DTU-based Basic
Correct Answer: C
DTU-based Standard supports databases up to 1 TB in size.
Reference: https://docs.microsoft.com/en-us/azure/azure-sql/database/service-tiers-dtu
QUESTION 8
Your company has the infrastructure shown in the following table.
The on-premises Active Directory domain syncs to Azure Active Directory (Azure AD).
Server1 runs an application named Appl that uses LDAP queries to verify user identities in the on-premises Active Directory domain.
You plan to migrate Server1 to a virtual machine in Subscription1.
A company security policy states that the virtual machines and services deployed to Subscription1 must be prevented from accessing the on-premises network.
You need to recommend a solution to ensure that Appl continues to function after the migration. The solution must meet the security policy.
What should you include in the recommendation?
A. Azure AD Domain Services (Azure AD DS)
B. an Azure VPN gateway
C. the Active Directory Domain Services role on a virtual machine
D. Azure AD Application Proxy
Correct Answer: A
Azure Active Directory Domain Services (Azure AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication Azure AD Domain Services (Azure AD DS)-This one could work since AAD DS will bring in the existing accounts from Azure AD which in turn are synchronised from on-premise AD over AD connect. However, you would probably need to reconfigure the app and update the LDAP connection Azure Active Directory (Azure AD) supports LDAP Authentication via Azure AD Domain Services (AD DS).
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/auth-ldap https://docs.microsoft.com/en-us/azure/active-directory-domain-services/synchronization https://docs.microsoft.com/en-us/azure/active-directory-domain-services/overview
QUESTION 9
HOTSPOT
You plan to migrate DB1 and DB2 to Azure.
You need to ensure that the Azure database and the service tier meet the resiliency and business requirements.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: SQL Managed Instance
Scenario: Once migrated to Azure, DB1 and DB2 must meet the following requirements:
1.
Maintain availability if two availability zones in the local Azure region fail.
2.
Fail over automatically.
3.
Minimize I/O latency.
The auto-failover groups feature allows you to manage the replication and failover of a group of databases on a server or all databases in a managed instance to another region. It is a declarative abstraction on top of the existing active georeplication feature, designed to simplify deployment and management of geo-replicated databases at scale. You can initiate a geo-failover manually or you can delegate it to the Azure service based on a user-defined policy. The latter option allows you to automatically recover multiple related databases in a secondary region after a catastrophic failure or other unplanned event that results in full or partial loss of the SQL Database or SQL Managed Instance availability in the primary region.
Box 2: Business critical
SQL Managed Instance is available in two service tiers:
General purpose: Designed for applications with typical performance and I/O latency requirements.
Business critical: Designed for applications with low I/O latency requirements and minimal impact of underlying maintenance operations on the workload.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/auto-failover-group-overview
https://docs.microsoft.com/en-us/azure/azure-sql/managed-instance/sql-managed-instance-paas-overview
QUESTION 10
You are designing an application that will aggregate content for users.
You need to recommend a database solution for the application. The solution must meet the following requirements:
1.
Support SQL commands.
2.
Support multi-master writes.
3.
Guarantee low latency read operations. What should you include in the recommendation?
A. Azure Cosmos DB SQL API
B. Azure SQL Database that uses active geo-replication
C. Azure SQL Database Hyperscale
D. Azure Database for PostgreSQL
Correct Answer: A
With Cosmos DB\’s novel multi-region (multi-master) writes replication protocol, every region supports both writes and reads. The multi-region writes capability also enables:
1.
Unlimited elastic write and read scalability.
2.
99.999% read and write availability all around the world.
3.
Guaranteed reads and writes served in less than 10 milliseconds at the 99th percentile.
Reference: https://docs.microsoft.com/en-us/azure/cosmos-db/distribute-data-globally
QUESTION 11
You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
1.
Provide access to the full .NET framework.
2.
Provide redundancy if an Azure region fails.
3.
Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy a web app in an Isolated App Service plan.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Instead, you should deploy an Azure virtual machine to two Azure regions, and you create a Traffic Manager profile.
QUESTION 12
You are developing a sales application that will contain several Azure cloud services and will handle different components of a transaction. Different cloud services will process customer orders, billing, payment, inventory, and shipping.
You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using REST messages.
What should you include in the recommendation?
A. Azure Service Bus
B. Azure Blob storage
C. Azure Notification Hubs
D. Azure Application Gateway
Correct Answer: A
Service Bus is a transactional message broker and ensures transactional integrity for all internal operations against its message stores. All transfers of messages inside of Service Bus, such as moving messages to a dead-letter queue or automatic forwarding of messages between entities, are transactional.
Reference: https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-transactions
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-messaging-overview
” Service Bus offers a reliable and secure platform for asynchronous transfer of data and state.” … “Service Bus supports standard AMQP 1.0 and HTTP/REST protocols.”
QUESTION 13
After you migrate App1 to Azure, you need to enforce the data modification requirements to meet the security and compliance requirements. What should you do?
A. Create an access policy for the blob service.
B. Implement Azure resource locks.
C. Create Azure RBAC assignments.
D. Modify the access level of the blob service.
Correct Answer: A
Scenario: Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.
As an administrator, you can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. The lock overrides any permissions the user might have.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
……
AZ-305 free dumps online download:https://drive.google.com/file/d/1rtiU7YkTXXXPMx_oSdRn9yo_fRKPHl86/view?usp=sharing
Microsoft certification is one of the most popular IT certifications, and successfully obtaining any of the Microsoft certifications will help you get a career leap. A good company is constantly improving, let alone a Microsoft 500 company.
The AZ-305 Designing Microsoft Azure Infrastructure Solutions exam I’m sharing today is a new upgrade from the combined AZ-303 and AZ-304 exam items.
The generation of any project will give birth to a relative solution, the leads4pass AZ-305 dumps https://www.leads4pass.com/az-305.html, is the AZ-305 Designing Microsoft Azure Infrastructure Solutions exam A truly effective test plan for you to successfully pass on your first attempt.