Microsoft

AZ-305

Designing Microsoft Azure

Infrastructure Solutions
Version: Demo

[ Total Questions: 10]

Web: www.dumpswrap.com

Email: [email protected]
IMPORTANT NOTICE
Feedback
We have developed quality product and state-of-art service to ensure our customers interest. If you have any
suggestions, please feel free to contact us at [email protected]

Support
If you have any questions about our product, please provide the following items:

exam code
screenshot of the question
login id/email

please contact us at [email protected] and our technical experts will provide support within 24 hours.

Copyright
The product of each order has its own encryption code, so you should use it independently. Any unauthorized
changes will inflict legal punishment. We reserve the right of final explanation for this statement.
Exam Pass Guaranteed Microsoft - AZ-305

Exam Topic Breakdown

Exam Topic Number of Questions
Topic 3 : Contoso 2
Topic 1 : Litware, Inc 2
Topic 2 : Fabrikam inc Case Study A 2
Topic 4 : HABInsurance 2
Topic 5 : Misc. Questions 2
TOTAL 10

Pass in First Attempt 1 of 19

Exam Pass Guaranteed Microsoft - AZ-305

Topic 3, Contoso

Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like
to complete each case. However, there may be additional case studies and sections on this exam. You must
manage your time to ensure that you are able to complete all questions included on this exam in the time
provided.

To answer the questions included in a case study, you will need to reference information that is provided in
the case study. Case studies might contain exhibits and other resources that provide more information about
the scenario that is described in the case study. Each question is independent of the other questions in this case
study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and
to make changes before you move to the next section of the exam. After you begin a new section, you cannot
return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to
explore the content of the case study before you answer the questions. Clicking these buttons displays
information such as business requirements, existing environment, and problem statements. If the case study
has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Existing Environment: Technical Environment

The on-premises network contains a single Active Directory domain named contoso.com.

Contoso has a single Azure subscription.

Existing Environment: Business Partnerships

Contoso has a business partnership with Fabrikam, Inc. Fabrikam users access some Contoso applications
over the internet by using Azure Active Directory (Azure AD) guest accounts.

Requirements: Planned Changes

Contoso plans to deploy two applications named App1 and App2 to Azure.

Requirements: App1

App1 will be a Python web app hosted in Azure App Service that requires a Linux runtime. Users from
Contoso and Fabrikam will access App1.

App1 will access several services that require third-party credentials and access strings. The credentials and
access strings are stored in Azure Key Vault.

Pass in First Attempt 2 of 19

Exam Pass Guaranteed Microsoft - AZ-305

App1 will have six instances: three in the East US Azure region and three in the West Europe Azure region.

App1 has the following data requirements:

Each instance will write data to a data store in the same availability zone as the instance.

Data written by any App1 instance must be visible to all App1 instances.

App1 will only be accessible from the internet. App1 has the following connection requirements:

Connections to App1 must pass through a web application firewall (WAF).

Connections to App1 must be active-active load balanced between instances.

All connections to App1 from North America must be directed to the East US region. All other connections
must be directed to the West Europe region.

Every hour, you will run a maintenance task by invoking a PowerShell script that copies files from all the
App1 instances. The PowerShell script will run from a central location.

Requirements: App2

App2 will be a NET app hosted in App Service that requires a Windows runtime. App2 has the following file
storage requirements:

Save files to an Azure Storage account.

Replicate files to an on-premises location.

Ensure that on-premises clients can read the files over the LAN by using the SMB protocol.

You need to monitor App2 to analyze how long it takes to perform different transactions within the
application. The solution must not require changes to the application code.

Application Development Requirements

Application developers will constantly develop new versions of App1 and App2. The development process
must meet the following requirements:

A staging instance of a new application version must be deployed to the application host before the new
version is used in production.

After testing the new version, the staging version of the application will replace the production version.

The switch to the new application version from staging to production must occur without any downtime of the
application.

Identity Requirements

Contoso identifies the following requirements for managing Fabrikam access to resources:

Pass in First Attempt 3 of 19

Exam Pass Guaranteed Microsoft - AZ-305

Every month, an account manager at Fabrikam must review which Fabrikam users have access permissions to
App1. Accounts that no longer need permissions must be removed as guests.

The solution must minimize development effort.

Security Requirement

All secrets used by Azure services must be stored in Azure Key Vault.

Services that require credentials must have the credentials tied to the service instance. The credentials must
NOT be shared between services.

Question #:1 - (Exam Topic 3)

What should you recommend lo meet the monitoring requirements for App2?

A. Azure Application Insights

B. Container insights

C. Microsoft Sentinel

D. VM insights

Answer: A

Question #:2 - (Exam Topic 3)

What should you recommend to meet the monitoring requirements for App2?

A. Microsoft Sentinel

B. Azure Application Insights

C. Container insights

D. VM insights

Answer: B

Pass in First Attempt 4 of 19

Exam Pass Guaranteed Microsoft - AZ-305

Topic 1, Litware, Inc

Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like
to complete each case. However, there may be additional case studies and sections on this exam. You must
manage your time to ensure that you are able to complete all questions included on this exam in the time
provided.

To answer the questions included in a case study, you will need to reference information that is provided in
the case study. Case studies might contain exhibits and other resources that provide more information about
the scenario that is described in the case study. Each question is independent of the other questions in this case
study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and
to make changes before you move to the next section of the exam. After you begin a new section, you cannot
return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to
explore the content of the case study before you answer the questions. Clicking these buttons displays
information such as business requirements, existing environment, and problem statements. If the case study
has an All Information tab, note that the information displayed is identical to the information displayed on the
subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview. General Overview

Litware, Inc. is a medium-sized finance company.

Overview. Physical Locations

Litware has a main office in Boston.

Existing Environment. Identity Environment

The network contains an Active Directory forest named Litware.com that is linked to an Azure Active
Directory (Azure AD) tenant named Litware.com. All users have Azure Active Directory Premium P2
licenses.

Litware has a second Azure AD tenant named dev.Litware.com that is used as a development environment.

The Litware.com tenant has a conditional ac#ess policy named capolicy1. Capolicy1 requires that when users
manage the Azure subscription for a production environment by using the Azure portal, they must connect
from a hybrid Azure AD-joined device.

Existing Environment. Azure Environment

Pass in First Attempt 5 of 19

Exam Pass Guaranteed Microsoft - AZ-305

Litware has 10 Azure subscriptions that are linked to the Litware.com tenant and five Azure subscriptions that
are linked to the dev.Litware.com tenant. All the subscriptions are in an Enterprise Agreement (EA).

The Litware.com tenant contains a custom Azure role-based access control (Azure RBAC) role named Role1
that grants the DataActions read permission to the blobs and files in Azure Storage.

Existing Environment. On-premises Environment

The on-premises network of Litware contains the resources shown in the following table.

Existing Environment. Network Environment

Litware has ExpressRoute connectivity to Azure.

Planned Changes and Requirements. Planned Changes

Litware plans to implement the following changes:

Migrate DB1 and DB2 to Azure.

Migrate App1 to Azure virtual machines.

Deploy the Azure virtual machines that will host App1 to Azure dedicated hosts.

Planned Changes and Requirements. Authentication and Authorization Requirements

Litware identifies the following authentication and authorization requirements:

Users that manage the production environment by using the Azure portal must connect from a hybrid Azure
AD-joined device and authenticate by using Azure Multi-Factor Authentication (MFA).

The Network Contributor built-in RBAC role must be used to grant permission to all the virtual networks in
all the Azure subscriptions.

To access the resources in Azure, App1 must use the managed identity of the virtual machines that will host
the app.

Role1 must be used to assign permissions to the storage accounts of all the Azure subscriptions.

Pass in First Attempt 6 of 19

Exam Pass Guaranteed Microsoft - AZ-305

RBAC roles must be applied at the highest level possible.

Planned Changes and Requirements. Resiliency Requirements

Litware identifies the following resiliency requirements:

Once migrated to Azure, DB1 and DB2 must meet the following requirements:

- Maintain availability if two availability zones in the local Azure region fail.

- Fail over automatically.

- Minimize I/O latency.

App1 must meet the following requirements:

- Be hosted in an Azure region that supports availability zones.

- Be hosted on Azure virtual machines that support automatic scaling.

- Maintain availability if two availability zones in the local Azure region fail.

Planned Changes and Requirements. Security and Compliance Requirements

Litware identifies the following security and compliance requirements:

Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the
modification of new and existing data is prevented for a period of three years.

On-premises users and services must be able to access the Azure Storage account that will host the data in
App1.

Access to the public endpoint of the Azure Storage account that will host the App1 data must be prevented.

All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE)
enabled.

App1 must not share physical hardware with other workloads.

Planned Changes and Requirements. Business Requirements

Litware identifies the following business requirements:

Minimize administrative effort.

Minimize costs.

Question #:3 - (Exam Topic 1)

Pass in First Attempt 7 of 19

Exam Pass Guaranteed Microsoft - AZ-305

You need to implement the Azure RBAC role assignments for the Network Contributor role. The solution
must meet the authentication and authorization requirements.

What is the minimum number of assignments that you must use?

A. 1

B. 2

C. 5

D. 10

E. 15

Answer: B

Explanation
Scenario: The Network Contributor built-in RBAC role must be used to grant permissions to the network
administrators for all the virtual networks in all the Azure subscriptions.

RBAC roles must be applied at the highest level possible.

Question #:4 - (Exam Topic 1)

You plan to migrate App1 to Azure.

You need to estimate the compute costs for App1 in Azure. The solution must meet the security and
compliance requirements.

What should you use to estimate the costs, and what should you implement to minimize the costs? To answer,
select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Pass in First Attempt 8 of 19

Exam Pass Guaranteed Microsoft - AZ-305

Answer:

Explanation

Box 1: The Azure Total Cost of Ownership (TCO) Calculator

Pass in First Attempt 9 of 19

Exam Pass Guaranteed Microsoft - AZ-305

The Total Cost of Ownership (TCO) Calculator estimates the cost savings you can realize by migrating your
workloads to Azure.

Note: The TCO Calculator recommends a set of equivalent services in Azure that will support your
applications. Our analysis will show each cost area with an estimate of your on-premises spend versus your
spend in Azure. There are several cost categories that either decrease or go away completely when you move
workloads to the cloud.

Box 2: Azure Hybrid Benefit

Azure Hybrid Benefit is a licensing benefit that helps you to significantly reduce the costs of running your
workloads in the cloud. It works by letting you use your on-premises Software Assurance-enabled Windows
Server and SQL Server licenses on Azure. And now, this benefit applies to RedHat and SUSE Linux
subscriptions, too.

Scenario:

Litware identifies the following security and compliance requirements:

Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the
modification of new and existing data is prevented for a period of three years.

On-premises users and services must be able to access the Azure Storage account that will host the data in
App1.

Access to the public endpoint of the Azure Storage account that will host the App1 data must be prevented.

All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE)
enabled.

App1 must not share physical hardware with other workloads.

Reference:

https://azure.microsoft.com/en-us/pricing/tco/

https://azure.microsoft.com/en-us/pricing/hybrid-benefit/

Pass in First Attempt 10 of 19

Exam Pass Guaranteed Microsoft - AZ-305

Topic 2, Fabrikam inc Case Study A

Overview:

Existing Environment

Fabrikam, Inc. is an engineering company that has offices throughout Europe. The company has a main office
in London and three branch offices in Amsterdam Berlin, and Rome.

Active Directory Environment:

The network contains two Active Directory forests named corp.fabnkam.com and rd.fabrikam.com. There are
no trust relationships between the forests. Corp.fabrikam.com is a production forest that contains identities
used for internal user and computer authentication. Rd.fabrikam.com is used by the research and development
(R&D) department only. The R&D department is restricted to using on-premises resources only.

Network Infrastructure:

Each office contains at least one domain controller from the corp.fabrikam.com domain. The main office
contains all the domain controllers for the rd.fabrikam.com forest.

All the offices have a high-speed connection to the Internet.

An existing application named WebApp1 is hosted in the data center of the London office. WebApp1 is used
by customers to place and track orders. WebApp1 has a web tier that uses Microsoft Internet Information
Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are
deployed to virtual machines that run on Hyper-V.

The IT department currently uses a separate Hyper-V environment to test updates to WebApp1.

Fabrikam purchases all Microsoft licenses through a Microsoft Enterprise Agreement that includes Software
Assurance.

Problem Statement:

The use of Web App1 is unpredictable. At peak times, users often report delays. At other times, many
resources for WebApp1 are underutilized.

Requirements:

Planned Changes:

Fabrikam plans to move most of its production workloads to Azure during the next few years.

As one of its first projects, the company plans to establish a hybrid identity model, facilitating an upcoming
Microsoft Office 365 deployment

Pass in First Attempt 11 of 19

Exam Pass Guaranteed Microsoft - AZ-305

All R&D operations will remain on-premises.

Fabrikam plans to migrate the production and test instances of WebApp1 to Azure.

Technical Requirements:

Fabrikam identifies the following technical requirements:

• Web site content must be easily updated from a single point.

• User input must be minimized when provisioning new app instances.

• Whenever possible, existing on premises licenses must be used to reduce cost.

• Users must always authenticate by using their corp.fabrikam.com UPN identity.

• Any new deployments to Azure must be redundant in case an Azure region fails.

• Whenever possible, solutions must be deployed to Azure by using platform as a service (PaaS).

• An email distribution group named IT Support must be notified of any issues relating to the directory
synchronization services.

• Directory synchronization between Azure Active Directory (Azure AD) and corp.fabhkam.com must not be
affected by a link failure between Azure and the on premises network.

Database Requirements:

Fabrikam identifies the following database requirements:

• Database metrics for the production instance of WebApp1 must be available for analysis so that database
administrators can optimize the performance settings.

• To avoid disrupting customer access, database downtime must be minimized when databases are migrated.

• Database backups must be retained for a minimum of seven years to meet compliance requirement

Security Requirements:

Fabrikam identifies the following security requirements:

*Company information including policies, templates, and data must be inaccessible to anyone outside the
company

*Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.

*Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials.

*All administrative access to the Azure portal must be secured by using multi-factor authentication.

*The testing of WebApp1 updates must not be visible to anyone outside the company.

Pass in First Attempt 12 of 19

Exam Pass Guaranteed Microsoft - AZ-305

Question #:5 - (Exam Topic 2)

You are evaluating the components of the migration to Azure that require you to provision an Azure Storage
account.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Answer:

Explanation

Question #:6 - (Exam Topic 2)

What should you include in the identity management strategy to support the planned changes?

A.

Pass in First Attempt 13 of 19

Exam Pass Guaranteed Microsoft - AZ-305

A. Move all the domain controllers from corp.fabrikam.com to virtual networks in Azure.

B. Deploy domain controllers for corp.fabrikam.com to virtual networks in Azure.

C. Deploy a new Azure AD tenant for the authentication of new R&D projects.

D. Deploy domain controllers for the rd.fabrikam.com forest to virtual networks in Azure.

Answer: B

Explanation
Directory synchronization between Azure Active Directory (Azure AD) and corp.fabrikam.com must not be
affected by a link failure between Azure and the on-premises network. (This requires domain controllers in
Azure)

Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.
(This requires domain controllers on-premises)

Pass in First Attempt 14 of 19

Exam Pass Guaranteed Microsoft - AZ-305

Topic 4, HABInsurance

Case Study

An insurance company, HABInsurance, operates in three states and provides home, auto, and boat insurance.
Besides the head office, HABInsurance has three regional offices.

Current environment

General

An insurance company, HABInsurance, operates in three states and provides home, auto, and boat insurance.
Besides the head office, HABInsurance has three regional offices.

Technology assessment

The company has two Active Directory forests: main.habinsurance.com and region.habinsurance.com.
HABInsurance's primary internal system is Insurance Processing System (IPS). It is an ASP.Net/C#
application running on IIS/Windows Servers hosted in a data center. IPS has three tiers: web, business logic
API, and a datastore on a back end. The company uses Microsoft SQL Server and MongoDB for the backend.
The system has two parts: Customer data and Insurance forms and documents. Customer data is stored in
Microsoft SQL Server and Insurance forms and documents — in MongoDB. The company also has 10 TB of
Human Resources (HR) data stored on NAS at the head office location. Requirements

General

HABInsurance plans to migrate its workloads to Azure. They purchased an Azure subscription. Changes

During a transition period, HABInsurance wants to create a hybrid identity model along with a Microsoft
Office 365 deployment. The company intends to sync its AD forests to Azure AD and benefit from Azure AD
administrative units functionality.

HABInsurance needs to migrate the current IPSCustomers SQL database to a new fully managed SQL
database in Azure that would be budget-oriented, balanced with scalable compute and storage options. The
management team expects the Azure database service to scale the database resources dynamically with
minimal downtime. The technical team proposes implementing a DTU-based purchasing model for the new
database.

HABInsurance wants to migrate Insurance forms and documents to Azure database service. HABInsurance
plans to move IPS first two tiers to Azure without any modifications. The technology team discusses the
possibility of running IPS tiers on a set of virtual machines instances. The number of instances should be
adjusted automatically based on the CPU utilization. An SLA of 99.95% must be guaranteed for the compute
infrastructure.

The company needs to move HR data to Azure File shares.

In their new Azure ecosystem, HABInsurance plans to use internal and third-party applications. The company
considers adding user consent for data access to the registered applications

Pass in First Attempt 15 of 19

Exam Pass Guaranteed Microsoft - AZ-305

Later, the technology team contemplates adding a customer self-service portal to IPS and deploying a new
IPS to multi-region ASK. But the management team is worried about performance and availability of the
multi-region AKS deployments during regional outages.

What two parameters would you recommend set up to ensure that the new IPSCustomers database will scale
to meet the workload demands?

A.Define the maximum of CPU cores

B.Define the maximum resource limit per group of databases

C.Define the maximum of Database Transaction Units

D.Define the maximum of the allocated storage

E.Define the maximum size for a database

Answer: C,E

Question #:7 - (Exam Topic 4)

A company has an on-premises file server cbflserver that runs Windows Server 2019. Windows Admin
Center manages this server. The company owns an Azure subscription. You need to provide an Azure solution
to prevent data loss if the file server fails.

Solution: You decide to create an Azure Recovery Services vault. You then decide to install the Azure
Backup agent and then schedule the backup. Would this meet the requirement?

A. Yes

B. No

Answer: A

Question #:8 - (Exam Topic 4)

A company is planning on deploying an application onto Azure. The application will be based on the .Net
core programming language. The application would be hosted using Azure Web apps. Below is part of the
various requirements for the application

Give the ability to correlate Azure resource usage and the performance data with the actual application
configuration and performance data

Give the ability to visualize the relationships between application components

Give the ability to track requests and exceptions to specific lines of code from within the application Give the
ability to actually analyse how uses return to an application and see how often they only select a particular
drop-down value

Pass in First Attempt 16 of 19

Exam Pass Guaranteed Microsoft - AZ-305

Which of the following service would be best suited for fulfilling the requirement of

“Give the ability to correlate Azure resource usage and the performance data with the actual application
configuration and performance data”

A. Azure Application Insights

B. Azure Service Map

C. Azure Log Analytics

D. Azure Activity Log

Answer: C

Pass in First Attempt 17 of 19

Exam Pass Guaranteed Microsoft - AZ-305

Topic 5, Misc. Questions

Question #:9 - (Exam Topic 5)

You have an Azure subscription that contains an Azure key vault named KV1 and a virtual machine named
VM1. VM1 runs Windows Server 2022: Azure Edition.

You plan to deploy an ASP.NET Core-based application named App1 to VM1.

You need to configure App1 to use a system-assigned managed identity to retrieve secrets from KV1. The
solution must minimize development effort.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Answer:

Explanation

Question #:10 - (Exam Topic 5)

Pass in First Attempt 18 of 19

Exam Pass Guaranteed Microsoft - AZ-305

You have multiple on-premises locations. The locations host loT endpoints that generate real-time telemetry
data.

You have an Azure subscription.

You need to process the telemetry data and provide real-time insights. The solution must minimize
development effort.

What should you use?

A. Azure Data Factory

B. Azure Data Lake Analytics

C. Log Analytics

D. Azure Stream Analytics

Answer: D

Pass in First Attempt 19 of 19

About DumpsWrap.com
dumpswrap.com was founded in 2007. We provide latest & high quality IT / Business Certification Training Exam
Questions, Study Guides, Practice Tests.

We help you pass any IT / Business Certification Exams with 100% Pass Guaranteed or Full Refund. Especially
Cisco, CompTIA, Citrix, EMC, HP, Oracle, VMware, Juniper, Check Point, LPI, Nortel, EXIN and so on.

View list of all certification exams: All vendors

We prepare state-of-the art practice tests for certification exams. You can reach us at any of the email addresses
listed below.

Sales: [email protected]
Feedback: [email protected]
Support: [email protected]

Any problems about IT certification or our products, You can write us back and we will get back to you within 24
hours.