AZ-301 Microsoft Azure Architect Design Practice Tests Set 2

You are designing an Azure solution for a company that wants to move a .NET Core web application from an on-premises data center to Azure. The web application relies on a Microsoft SQL Server 2016 database on Windows Server 2016. The database server will not move to Azure.

A separate networking team is responsible for configuring network permissions.

The company uses Azure ExpressRoute and has an ExpressRoute gateway connected to an Azure virtual network named VNET1.

You need to recommend a solution for deploying the web application.


Solution
: Deploy the web application to a web app hosted in an isolated App Service plan on VNET1.


Does this meet the goal?


Options are :

  • Yes (Correct)
  • No

Answer :Yes

You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:

Provide access to the full .NET framework.

Provide redundancy if an Azure region fails.

Grant administrators access to the operating system to install custom application dependencies.


Solution
: You deploy a virtual machine scale set that uses autoscaling.


Does this meet the goal?


Options are :

  • Yes
  • No (Correct)

Answer :No

You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:

Provide access to the full .NET framework.

Provide redundancy if an Azure region fails.

Grant administrators access to the operating system to install custom application dependencies.


Solution
: You deploy an Azure virtual machine to two Azure regions, and you create a Traffic Manager profile.


Does this meet the goal?


Options are :

  • Yes (Correct)
  • No

Answer :Yes

You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:

Provide access to the full .NET framework.

Provide redundancy if an Azure region fails.

Grant administrators access to the operating system to install custom application dependencies.


Solution
: You deploy an Azure virtual machine to two Azure regions, and you deploy an Azure Application Gateway.


Does this meet the goal?


Options are :

  • Yes
  • No (Correct)

Answer :No

You plan to deploy an API by using Azure API Management.

You need to recommend a solution to protect the API from a distributed denial of service (DDoS) attack.

What should you recommend?


Options are :

  • Create network security groups (NSGs).
  • Enable quotas.
  • Enable rate limiting. (Correct)
  • Strip the Powered-By responsible header.

Answer :Enable rate limiting.

A company is setting up a data storage solution for their on-premise location. They have to ensure that data is automatically replicated to Azure.

They decide to include using Azure Table storage as part of their storage solution

Would this fulfill the requirement?


Options are :

  • Yes
  • No (Correct)

Answer :No

You use a virtual network to extend an on-premises IT environment into the cloud. The virtual network has two virtual machines (VMs) that store sensitive data.

The data must only be available using internal communication channels. Internet access to those VMs is not permitted.

You need to ensure that the VMs cannot access the Internet.

Which two options should you recommend?


Options are :

  • Network Interface (NIC)
  • Source Network Address Translation (SNAT)
  • Azure ExpressRoute (Correct)
  • Network Security Groups (NSG) (Correct)

Answer :Azure ExpressRoute Network Security Groups (NSG)

Your company plans to migrate its on-premises data to Azure.

You need to recommend which Azure services can be used to store the data. The solution must meet the following requirements:

     - Encrypt all data while at rest.

     - Encrypt data only by using a key generated by the company.


Which two possible services can you recommend?


Options are :

  • Azure Table storage
  • Azure Backup
  • Azure Blob storage (Correct)
  • Azure Queue storage
  • Azure Files (Correct)

Answer :Azure Blob storage Azure Files

A company is planning on moving its on-premise resources to Azure. They have 3 different applications that belong to different departments. Each application has a different requirement for business continuity as given below:

HR Department - The application data needs to be retained for 3 years. From a disaster recovery perspective, the application needs to run from a different Azure region. The Recovery time objective would be 15 minutes

Logistics Department - Here the Service Management team wants to ensure that the application must be able to recover point in time data at a daily granularity level. The Recovery time objective would be 6 hours.

Procurement Department - Here the application must be able to failover to a secondary on-premises data center.

You have to recommend which service should be used by each department. You have to also ensure that costs are minimized.

Which of the following would you use for the HR Department?


Options are :

  • Azure Site Recovery only
  • Azure Backup only
  • Azure Site Recovery and Azure Backup (Correct)
  • Azure Site Recovery and Azure Migrate

Answer :Azure Site Recovery and Azure Backup

You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:

     - Provide access to the full .NET framework.

     - Provide redundancy if an Azure region fails.

     - Grant administrators access to the operating system to install custom application dependencies.


Solution
: You deploy a web app in an Isolated App Service plan.


Does this meet the goal?


Options are :

  • Yes
  • No (Correct)

Answer :No

You are designing an Azure solution.

The network traffic for the solution must be securely distributed by providing the following features:

     - HTTPS protocol

     - Round robin routing

     - SSL offloading


You need to recommend a load balancing option.


What should you recommend?


Options are :

  • Azure Load Balancer
  • Azure Traffic Manager
  • Azure Internal Load Balancer (ILB)
  • Azure Application Gateway (Correct)

Answer :Azure Application Gateway

To answer the question that follows, please read the case study available at the below URL:

http://bit.ly/az-301-pt2-casestudy1

(Open a new tab in the browser and paste the above URL to view the case study. Do not close THIS current exam tab)


Question

You need to recommend a notification solution for the IT Support distribution group.

What should you include in the recommendation?


Options are :

  • Azure Network Watcher
  • an action group
  • a SendGrid account with advanced reporting
  • Azure AD Connect Health (Correct)

Answer :Azure AD Connect Health

To answer the question that follows, please read the case study available at the below URL:

http://bit.ly/az-301-pt2-casestudy1

(Open a new tab in the browser and paste the above URL to view the case study. Do not close THIS current exam tab)


Question

What should you include in the identity management strategy to support the planned changes?


Options are :

  • Move all the domain controllers from corp.fabrikam.com to virtual networks in Azure.
  • Deploy domain controllers for corp.fabrikam.com to virtual networks in Azure. (Correct)
  • Deploy a new Azure AD tenant for the authentication of new R&D projects.
  • Deploy domain controllers for the rd.fabrikam.com forest to virtual networks in Azure.

Answer :Deploy domain controllers for corp.fabrikam.com to virtual networks in Azure.

To answer the question that follows, please read the case study available at the below URL:

http://bit.ly/az-301-pt2-casestudy1

(Open a new tab in the browser and paste the above URL to view the case study. Do not close THIS current exam tab)


Question

You need to recommend a data storage strategy for WebApp1.

What should you include in the recommendation?


Options are :

  • a fixed-size DTU Azure SQL database
  • an Azure virtual machine that runs SQL Server
  • an Azure SQL Database elastic pool
  • a vCore-based Azure SQL database (Correct)

Answer :a vCore-based Azure SQL database

To answer the question that follows, please read the case study available at the below URL:

http://bit.ly/az-301-pt2-casestudy1

(Open a new tab in the browser and paste the above URL to view the case study. Do not close THIS current exam tab)


Question

You need to recommend a solution to meet the database retention requirement.

What should you recommend?


Options are :

  • Configure geo-replication of the database
  • Configure Azure Site Recovery
  • Configure a long-term retention policy for the database (Correct)
  • Use automatic Azure SQL Database backups

Answer :Configure a long-term retention policy for the database

To answer the question that follows, please read the case study available at the below URL:

http://bit.ly/az-301-pt2-casestudy1

(Open a new tab in the browser and paste the above URL to view the case study. Do not close THIS current exam tab)


Question

You need to recommend a strategy for migrating the database content of WebApp1 to Azure.

What should you include in the recommendation?


Options are :

  • Use Azure Site Recovery to replicate the SQL servers to Azure
  • Use SQL Server transactional replication (Correct)
  • Copy the VHD that contains the Azure SQL database files to Azure Blob storage
  • Copy the BACPAC file that contains the Azure SQL database files to Azure Blob storage

Answer :Use SQL Server transactional replication

To answer the question that follows, please read the case study available at the below URL:

http://bit.ly/az-301-pt2-casestudy1

(Open a new tab in the browser and paste the above URL to view the case study. Do not close THIS current exam tab)


Question

You need to recommend a strategy for the web tier of WebApp1. The solution must minimize costs.

What should you recommend?


Options are :

  • Configure the Scale Up settings for a web app
  • Create a runbook that resizes virtual machines automatically to a smaller size outside of business hours
  • Deploy a virtual machine scale set that scales out on a 75 percent CPU threshold
  • Configure the Scale Out settings for a web app (Correct)

Answer :Configure the Scale Out settings for a web app

You have an Azure Active Directory (Azure AD) tenant. All user accounts are synchronized from an on-premises Active Directory domain and are configured for federated authentication. Active Directory Federation Services (AD FS) servers are published for external connections by using a farm of Web Application Proxy servers.

You need to recommend a solution to monitor the servers that integrate with Azure AD. The solution must meet the following requirements:

     - Identify any AD FS issues and their potential resolutions.

    - Identify any directory synchronization configuration issues and their potential resolutions

    - Notify administrators when there are any issues affecting directory synchronization or AD FS operations.


Which monitoring solution should you recommend for the server type "Web Application Proxy servers"?


Options are :

  • A Microsoft Office 365 management solution in Azure Log Analytics
  • Active Directory Replication Status Tool
  • An Active Directory Health Check solution in Azure Log Analytics
  • An Active Directory Replication Status solution in Azure Log Analytics
  • Azure AD Connect Health (Correct)
  • Azure Security Center

Answer :Azure AD Connect Health

You are planning an Azure solution that will host production databases for a high-performance application. The solution will include the following components:

Two virtual machines that will run Microsoft SQL Server 2016, will be deployed to different data centers in the same Azure region and will be part of an Always On availability group.

SQL Server data that will be backed up by using the Automated Backup feature of the SQL Server IaaS Agent Extension (SQLIaaSExtension)

You identify the storage priorities for various data types as shown in the following table.


Which storage type should you recommend for "Databases and logs"?


Options are :

  • A geo-redundant storage (GRS) account
  • A locally-redundant storage (LRS) account
  • A premium managed disk (Correct)
  • A standard managed disk

Answer :A premium managed disk

Your company identifies the following business continuity and disaster recovery objectives for virtual machines that host sales, finance, and reporting applications in the company's on-premises data center:

     - The finance application requires that data be retained for seven years. In the event of a disaster, the application must be able to run from Azure. The recovery time objective (RTO) is 10 minutes.

     - The reporting application must be able to recover point-in-time data at a daily granularity. The RTO is eight hours.

     - The sales application must be able to failover to a second on-premises data center.


You need to recommend which Azure services meet the business continuity and disaster recovery objectives. The solution must minimize costs.


What service should you recommend for the "Finance" application?


Options are :

  • Azure Backup only (Correct)
  • Azure Site Recovery only
  • Azure Site Recovery and Azure Backup
  • None of the listed service(s)

Answer :Azure Backup only

Your company has users who work remotely from laptops.

You plan to move some of the applications accessed by the remote users to Azure virtual machines. The users will access the applications in Azure by using a point-to-site VPN connection. You will use certificates generated from an on-premises-based certification authority (CA).


What certificate should you use for the following deployment?

"The user's Personal store on each laptop"


Options are :

  • A root CA certificate that has the private key
  • A root CA certificate that has the public key
  • A user certificate that has the private key (Correct)
  • A user certificate that has the public key

Answer :A user certificate that has the private key

You have an on-premises network that uses an IP address space of 172.16.0.0/16.

You plan to deploy 25 virtual machines to a new Azure subscription.

You identify the following technical requirements:

     - All Azure virtual machines must be placed on the same subnet named Subnet1.

     - All the Azure virtual machines must be able to communicate with all on-premises servers.

     - The servers must be able to communicate between the on-premises network and Azure by using a site-to-site VPN.


You need to recommend a subnet design that meets the technical requirements.

What network address should you include in the recommendation for Subnet1?


Options are :

  • 172.16.0.0/16
  • 172.16.1.0/28
  • 192.168.0.0/24 (Correct)
  • 192.168.1.0/28

Answer :192.168.0.0/24

An organization has an on-premises server that runs Windows Server 2003. The server hosts an IIS-based stateless web application that uses forms authentication. The application consists of classic Active Server Pages (ASP) pages and third-party components (DLLs) that are registered in the Windows registry.

The deployment process for the web application is manual and is prone to errors. The deployment process makes it difficult to roll out updates, scale-out, and recover after failures.

You need to design a modernization approach for the web application that meets the following requirements:

      - Improve the deployment process.

      - Ensure that the application can run in the cloud.

      - Minimize changes to the application code.

      - Minimize administrative effort required to implement the modernization solution.


What should you recommend for the Modernization approach?


Options are :

  • Package the existing application in a container.
  • Configure the application to run in a web role.
  • Use Azure Container services. (Correct)
  • Use a Web application.

Answer :Use Azure Container services.

You are designing an Azure solution for a company that has four departments. Each department will deploy several Azure app services and Azure SQL databases.

You need to recommend a solution to report the costs for each department to deploy the app services and the databases. The solution must provide a consolidated view of cost reporting.


Solution
: Place all resources in the same resource group. Assign tags to each resource.


Does this meet the goal?


Options are :

  • Yes
  • No (Correct)

Answer :No

You are designing a storage solution to support on-premises resources and Azure-hosted resources.

You need to provide on-premises storage that has built-in replication to Azure.


Solution
: You include Azure Data Lake Storage in the design.


Does the solution meet the goal?


Options are :

  • Yes
  • No (Correct)

Answer :No

You manage a single-domain, on-premises Active Directory forest named contoso.com. The forest functional level is Windows Server 2016.

You have several on-premises applications that depend on Active Directory.

You plan to migrate the applications to Azure.

You need to recommend an identity solution for the applications.


The solution must meet the following requirements:

     - Eliminate the need for hybrid network connectivity.

     - Minimize management overhead for Active Directory.


What should you recommend?


Options are :

  • In Azure, deploy an additional child domain to the contoso.com forest.
  • In Azure, deploy additional domain controllers for the contoso.com domain.
  • Implement a new Active Directory forest in Azure.
  • Implement Azure Active Directory Domain Services (Azure AD DS). (Correct)

Answer :Implement Azure Active Directory Domain Services (Azure AD DS).

You have an Azure subscription named Project1. Only a group named Project1admins is assigned roles in the Project1 subscription. The Project1 subscription contains all the resources for an application named Application1.

Your company is developing a new application named Application2. The members of the Application2 development team belong to an Azure Active Directory (Azure AD) group named App2Dev.

You identify the following requirements for Application2:

     - The members of App2Dev must be prevented from changing the role assignments in Azure.

     - The members of App2Dev must be able to create new Azure resources required by Application2.

     - All the required role assignments for Application2 will be performed by the members of Project1admins.


You need to recommend a solution for the role assignments of Application2.


Solution: In Project1, create a network security group (NSG) named NSG1. Assign Project1admins the Owner role for NSG1. Assign the App2Dev the Contributor role for NSG1.


Does this meet the goal?


Options are :

  • Yes
  • No (Correct)

Answer :No

You have an Azure subscription that contains a resource group named RG1.

You create an Azure Active Directory (Azure AD) group named ResearchUsers that contains the user accounts of all researchers.


You need to recommend a solution that meets the following requirements:

     - The researchers must be allowed to create Azure virtual machines.

     - The researchers must only be able to create Azure virtual machines by using specific Azure Resource Manager templates.


Solution
: On RG1, assign a custom role-based access control (RBAC) role to the ResearchUsers group.


Does this meet the goal?


Options are :

  • Yes
  • No (Correct)

Answer :No

A company deploys Azure Active Directory (Azure AD) Connect to synchronize identity information from their on-premises Active Directory Domain Services (AD

DS) directory to their Azure AD tenant. The identity information that is synchronized includes user accounts, credential hashes for authentication (password sync), and group membership. The company plans to deploy several Windows and Linux virtual machines (VMs) to support their applications.

The VMs have the following requirements:

     - Support domain joins, LDAP read, LDAP bind, NTLM and Kerberos authentication, and Group Policy.

     - Allow users to sign in to the domain using their corporate credentials and connect remotely to the VM by using Remote Desktop.


You need to support the VM deployment.


Which service should you use?


Options are :

  • Azure AD Domain Services (Correct)
  • Azure AD Privileged Identity Management
  • Azure AD Managed Service Identity
  • Active Directory Federation Services (AD FS)

Answer :Azure AD Domain Services

Your company uses Microsoft System Center Service Manager on its on-premises network. You plan to deploy several services to Azure. You need to recommend a solution to push Azure service health alerts to the Service Manager.

What should you include in the recommendation?


Options are :

  • Azure Notification Hubs
  • Azure Event Hubs
  • IT Service Management Connector (ITSM) (Correct)
  • Application Insights Connector

Answer :IT Service Management Connector (ITSM)

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions