AZ 305 Quiz Az 305
Comprehensive Questions with
Verified Answers Graded A+
Azure Activity Log - Answer: You need to recommend a solution to generate a monthly report of
all the new Azure Resource Manager (ARM) resource deployments in your Azure
subscription.What should you include in the recommendation?
NO - Answer: You need to analyze the network traffic to identify whether packets are being
allowed or denied to the virtual machines.Solution: Install and configure the Azure Monitoring
agent and the Dependency Agent on all the virtual machines. Use VM insights in Azure Monitor
to analyze the network traffic.Does this meet the goal?
Azure Avent Hubs & Azure Functions - Answer: You need to design an architecture to capture
the creation of users and the assignment of roles. The captured data must be stored in Azure
Cosmos DB.Which services should you include in the design?
Azure API Management - Answer: Contoso ltd Requests to the logic apps from the developers
must be limited to lower rates than the requests from the users at Contoso.✑ The developers
must be able to rely on their existing OAuth 2.0 provider to gain access to the logic apps.✑ The
solution must NOT require changes to the logic apps.✑ The solution must NOT use Azure AD
guest accounts.
What should you include in the solution?
,yes - Answer: You need to analyze the network traffic to identify whether packets are being
allowed or denied to the virtual machines.
Solution: Use Azure Network Watcher to run IP flow verify to analyze the network traffic.
subscriptions, resource groups, management groups - Answer: You need to use Azure Monitor
to design an alerting strategy for security-related events.Which Azure Monitor Logs tables
should you query?
Azure AD Application Proxy, An Azure AD Enterprise Application, a Conditional Access Policy -
Answer: You need to recommend a solution to ensure that users sign in by using their Azure AD
account and Azure Multi-Factor Authentication (MFA) when they connect to App1 from the
internet.
Which three features should you recommend be deployed and configured in sequence?
Premium, Credential Passthrough - Answer: You need to recommend a design for the planned
Databrick deployment.
The solution must meet the following requirements:✑ Ensure that the data engineers can only
access folders to which they have permissions.✑ Minimize development effort.✑ Minimize
costs.
Azure AD App Registration, Conditional Access Policy - Answer: You plan to deploy an Azure web
app named App1 that will use Azure Active Directory (Azure AD) authentication.App1 will be
accessed from the internet by the users at your company. All the users have computers that run
Windows 10 and are joined to Azure AD.
You need to recommend a solution to ensure that the users can connect to App1 without being
prompted for authentication and can access App1 only from company-owned computers.
NO - Answer: You need to analyze the network traffic to identify whether packets are being
allowed or denied to the virtual machines.
,Solution: Use Azure Traffic Analytics in Azure Network Watcher to analyze the network traffic.
Does this meet the goal?
NO - Answer: You need to analyze the network traffic to identify whether packets are being
allowed or denied to the virtual machines.
Solution: Use Azure Advisor to analyze the network traffic.
Does this meet the goal?
In Azure Active Directory (Azure AD), create an access review of Application 1. - Answer: You
need to recommend a solution to verify whether the Fabrikam developers still require
permissions to Application1.
The solution must meet the following requirements:✑ To the manager of the developers, send a
monthly email message that lists the access permissions to Application1.✑ If the manager does
not verify an access permission, automatically revoke that permission.✑ Minimize development
effort.
Shared Access Signature (SAS) - Answer: You need to recommend a solution to enable access to
the blobs during the month of April only.Which security solution should you include in the
recommendation?
Azure AD Application Proxy, Azure AD enterprise applications - Answer: Some users work
remotely and do NOT have VPN access to the on-premises network.You need to provide the
remote users with single sign-on (SSO) access to WebApp1.
Which two features should you include in the solution? Each correct answer presents part of
the solution.
Create an access review - Answer: You need to recommend a solution for evaluating the
membership of Group1. The solution must meet the following requirements:✑ The evaluation
must be repeated automatically every three months.✑ Every member must be able to report
whether they need to be in Group1.✑ Users who report that they do not need to be in Group1
must be removed from Group1 automatically.✑ Users who do not report whether they need to
be in Group1 must be removed from Group1 automatically.
, Azure API Management - Answer: Fabrikam does not have an existing Azure Active Directory
(Azure AD) tenant and uses third-party OAuth 2.0 identity management to authenticate its
users.Developers at Fabrikam plan to use a subset of the logic apps to build applications that
will integrate with the on-premises web service of Contoso.You need to design a solution to
provide the Fabrikam developers with access to the logic apps. The solution must meet the
following requirements:✑ Requests to the logic apps from the developers must be limited to
lower rates than the requests from the users at Contoso.✑ The developers must be able to rely
on their existing OAuth 2.0 provider to gain access to the logic apps.✑ The solution must NOT
require changes to the logic apps.✑ The solution must NOT use Azure AD guest accounts.
a log analytics workspace , install the Azure Monitor Agent - Answer: You have an Azure
subscription that contains 300 virtual machines that run Windows Server 2019.You need to
centrally monitor all warning events in the System logs of the virtual machines.What should you
include in the solution? To answer, select the appropriate options in the answer area.NOTE:
Each correct selection is worth one point.
Hot Area:
Security: Azure AD Privileged Identity Management (PMI)
Development: Azure Managed Identity (MI)
Quality Assurance: Azure AD Privileged Identity Management (PMI) - Answer: Which service
should you recommend for each department's request? To answer, configure the appropriate
options in the answer area.
Management Groups: 2
Blueprint Definitions: 1
Blueprint Assignments: 2 - Answer: You plan to deploy a custom application to each
subscription. The application will contain the following:✑ A resource group✑ An Azure web
app✑ Custom role assignments✑ An Azure Cosmos DB accountYou need to use Azure
Blueprints to deploy the application to each subscription. MINIMUM NUMBER OF OBJECTS
REQUIRED TO DEPLOY?
Comprehensive Questions with
Verified Answers Graded A+
Azure Activity Log - Answer: You need to recommend a solution to generate a monthly report of
all the new Azure Resource Manager (ARM) resource deployments in your Azure
subscription.What should you include in the recommendation?
NO - Answer: You need to analyze the network traffic to identify whether packets are being
allowed or denied to the virtual machines.Solution: Install and configure the Azure Monitoring
agent and the Dependency Agent on all the virtual machines. Use VM insights in Azure Monitor
to analyze the network traffic.Does this meet the goal?
Azure Avent Hubs & Azure Functions - Answer: You need to design an architecture to capture
the creation of users and the assignment of roles. The captured data must be stored in Azure
Cosmos DB.Which services should you include in the design?
Azure API Management - Answer: Contoso ltd Requests to the logic apps from the developers
must be limited to lower rates than the requests from the users at Contoso.✑ The developers
must be able to rely on their existing OAuth 2.0 provider to gain access to the logic apps.✑ The
solution must NOT require changes to the logic apps.✑ The solution must NOT use Azure AD
guest accounts.
What should you include in the solution?
,yes - Answer: You need to analyze the network traffic to identify whether packets are being
allowed or denied to the virtual machines.
Solution: Use Azure Network Watcher to run IP flow verify to analyze the network traffic.
subscriptions, resource groups, management groups - Answer: You need to use Azure Monitor
to design an alerting strategy for security-related events.Which Azure Monitor Logs tables
should you query?
Azure AD Application Proxy, An Azure AD Enterprise Application, a Conditional Access Policy -
Answer: You need to recommend a solution to ensure that users sign in by using their Azure AD
account and Azure Multi-Factor Authentication (MFA) when they connect to App1 from the
internet.
Which three features should you recommend be deployed and configured in sequence?
Premium, Credential Passthrough - Answer: You need to recommend a design for the planned
Databrick deployment.
The solution must meet the following requirements:✑ Ensure that the data engineers can only
access folders to which they have permissions.✑ Minimize development effort.✑ Minimize
costs.
Azure AD App Registration, Conditional Access Policy - Answer: You plan to deploy an Azure web
app named App1 that will use Azure Active Directory (Azure AD) authentication.App1 will be
accessed from the internet by the users at your company. All the users have computers that run
Windows 10 and are joined to Azure AD.
You need to recommend a solution to ensure that the users can connect to App1 without being
prompted for authentication and can access App1 only from company-owned computers.
NO - Answer: You need to analyze the network traffic to identify whether packets are being
allowed or denied to the virtual machines.
,Solution: Use Azure Traffic Analytics in Azure Network Watcher to analyze the network traffic.
Does this meet the goal?
NO - Answer: You need to analyze the network traffic to identify whether packets are being
allowed or denied to the virtual machines.
Solution: Use Azure Advisor to analyze the network traffic.
Does this meet the goal?
In Azure Active Directory (Azure AD), create an access review of Application 1. - Answer: You
need to recommend a solution to verify whether the Fabrikam developers still require
permissions to Application1.
The solution must meet the following requirements:✑ To the manager of the developers, send a
monthly email message that lists the access permissions to Application1.✑ If the manager does
not verify an access permission, automatically revoke that permission.✑ Minimize development
effort.
Shared Access Signature (SAS) - Answer: You need to recommend a solution to enable access to
the blobs during the month of April only.Which security solution should you include in the
recommendation?
Azure AD Application Proxy, Azure AD enterprise applications - Answer: Some users work
remotely and do NOT have VPN access to the on-premises network.You need to provide the
remote users with single sign-on (SSO) access to WebApp1.
Which two features should you include in the solution? Each correct answer presents part of
the solution.
Create an access review - Answer: You need to recommend a solution for evaluating the
membership of Group1. The solution must meet the following requirements:✑ The evaluation
must be repeated automatically every three months.✑ Every member must be able to report
whether they need to be in Group1.✑ Users who report that they do not need to be in Group1
must be removed from Group1 automatically.✑ Users who do not report whether they need to
be in Group1 must be removed from Group1 automatically.
, Azure API Management - Answer: Fabrikam does not have an existing Azure Active Directory
(Azure AD) tenant and uses third-party OAuth 2.0 identity management to authenticate its
users.Developers at Fabrikam plan to use a subset of the logic apps to build applications that
will integrate with the on-premises web service of Contoso.You need to design a solution to
provide the Fabrikam developers with access to the logic apps. The solution must meet the
following requirements:✑ Requests to the logic apps from the developers must be limited to
lower rates than the requests from the users at Contoso.✑ The developers must be able to rely
on their existing OAuth 2.0 provider to gain access to the logic apps.✑ The solution must NOT
require changes to the logic apps.✑ The solution must NOT use Azure AD guest accounts.
a log analytics workspace , install the Azure Monitor Agent - Answer: You have an Azure
subscription that contains 300 virtual machines that run Windows Server 2019.You need to
centrally monitor all warning events in the System logs of the virtual machines.What should you
include in the solution? To answer, select the appropriate options in the answer area.NOTE:
Each correct selection is worth one point.
Hot Area:
Security: Azure AD Privileged Identity Management (PMI)
Development: Azure Managed Identity (MI)
Quality Assurance: Azure AD Privileged Identity Management (PMI) - Answer: Which service
should you recommend for each department's request? To answer, configure the appropriate
options in the answer area.
Management Groups: 2
Blueprint Definitions: 1
Blueprint Assignments: 2 - Answer: You plan to deploy a custom application to each
subscription. The application will contain the following:✑ A resource group✑ An Azure web
app✑ Custom role assignments✑ An Azure Cosmos DB accountYou need to use Azure
Blueprints to deploy the application to each subscription. MINIMUM NUMBER OF OBJECTS
REQUIRED TO DEPLOY?
