AZ-304

Question 1

•Your company has an Azure subscription that is linked to an Azure AD tenant.
The subscription has resources that are being used by several departments.
Each department has its own allotted budget for spending on Azure resources.
You have to ensure that as soon as the department reaches its spending limit, the compute resources of the department are automatically shut down. You have to design a solution for this requirement You decide to include Azure Logic Apps and Azure Monitor alerts in this solution

Answer 1

No AM cannot be used for billing, use Azure Cost Management

Question 2

What is used to monitor connection health with ADFS?

Answer 2

AAD Connect Health

Question 3

How can KV be backed up/restored?

Answer 3

Can restore backed up KV in the same Geo and Sub

Question 4

Hyper-V Cluster with 20 VMs (Linux and Windows). What solution is used to replicate disks of VMs to Azure while the VMs remain available when disk migration is in progress?

Answer 4

ASR and Recovery Services Vault - this allows for keeping workloads online during planned/unplanned changes

Site Recovery Services replicate workloads on physical/VMs from primary to secondary

Question 5

Hyper-V Failover Clusters, plan to assess/migrate VMs using Azure Migrate, what is the minimum # of ASR agents needed with 18 Hyper-V nodes in 3 clusters across 60 VMs?

Answer 5

3 - ASR agents go onto Hyper-V Nodes

Question 6

Availability solution for Web Tier of Apps when moved to Azure (handles region failure and can use priority routing)

Answer 6

Traffic Manager

Standard and Basic LBs and App GW CANNOT perform DR if a region fails

Question 7

When configuring API Management, will it be able to access data from an Azure VM

Answer 7

APIM Instance will create an ELB which allows access from the Internet and access to resources within the VNet

Question 8

App using Azure Cloud Services, recommend a solution that allows to asynchronously communicate transaction info with REST messages

Answer 8

Azure Queue Storage - decouples components of an app

Question 9

Ensures DB tables are encrypted at rest and that data values never appear in plain text in the DB, also only client apps have encryption key to decrypt data

Answer 9

SQL Always Encrypted

Question 10

Need to run image rendering solution in Azure and use parallel compute processing

Answer 10

Azure Batch - run large-scale parallel and high-perf computing batch processing jobs

Question 11

Container solution with 2 containers, 1 hosts web API available to the Internet and the other performs health monitoring of the container hosting the Web API, but is private, both need to be deployed as a group

Answer 11

Azure Container Instances - Can deploy containers as a group and save on costs b/c simple solution, AKS is NOT cost efficient

Question 12

Secure connection from on-prem to Azure over private network and ensure connection offers redundant pair for HA

Answer 12

Azure Express Route

VPN GW does not establish connections over a private network

Question 13

App hosted in multiple regions, data storage solution that can store at least 1 TB of data, support multiple consistency levels and perform R/W operations in Azure Region local to app instance

Answer 13

Cosmos DB - supports global distro, replicates data wherever users are and can interact with data closest to them
Add/remove regions
Supports 5 consistence levels:
Bounded Staleness
Eventual
Consistent Prefix
Session
Strong

Question 14

AKS Apps in 2 different regions hosted on clusters requires the following:
App availability if a single AKS cluster fails
Connection traffic over Internet is encrypted using SSL
Do not need SSL configured on each container instance

Answer 14

Azure Front Door -
App-based global traffic manager
Supports SSL termination instead of in app backends
Supports routing traffic to different clusters

Question 15

Deploying apps in diff environments without a need of installing dependencies and app developers can have flexibility when architecting code

Answer 15

AKS -

Best accomplished by container based apps that can be deployed to AKS

Question 16

App needs to listen and process events that are emitted from other Azure Services

Answer 16

Event Grid -
Build apps with event-based architectures
Select Azure resource to subscribe, give the event handler or WebHook endpoint to send event to
Supports events from Azure services such as storage blobs and RG
Supports Custom Topics

Question 17

Build apps with event-based architectures
Select Azure resource to subscribe, give the event handler or WebHook endpoint to send event to
Supports events from Azure services such as storage blobs and RG
Supports Custom Topics

Answer 17

Event Grid

Question 18

Import on-prem SQL server to SQL Server in Azure, what is best used? What Storage Type and Tier?

Answer 18

BACPAC File can be used to import to Azure Blob Storage (standard only) from local storage on-prem

Question 19

Messaging requirements to send/receive messages based on FIFO message pattern

Answer 19

Azure Service Bus (Queues)

Question 20

Messaging Requirements to receive and process millions of messages at a time

Answer 20

Event Hub

Question 21

Big data streaming platform and event ingestion service

Can receive and process millions of EPS

Answer 21

Event Hub

Question 22

of Hyper-V VMs supported for 1 Migration Appliance

Answer 22

5000

Question 23

Plan and assess Hyper-V cluster migration plan with Azure Migrate, what is the minimum # of Azure Migrate appliances required with 3 clusters (10, 30 and 30 VMs across the 3 clusters)

Answer 23

3 Appliances required, 1 for each cluster

Question 24

Migration of on-prem MSSQL requires a solution to host the existing SQL Server Integration Services Package

Answer 24

ADF

Azure SSIS Integration Runtime is a component of ADF

Question 25

SQL Server Storage Requirements for backups that are the lowest cost option for storage

Answer 25

Standard Managed Disk | Should NOT use geo-redundant storage, should be in the same DC as SQL Server VMs to reduce transfer delays

Question 26

SQL Server storage requirements, what SA not to use and where to place

Answer 26

Standard Managed Disk | Should NOT use geo-redundant storage, should be in the same DC as SQL Server VMs to reduce transfer delays

Question 27

VM that will host SQL Server, has 2 data disks, one for log files and other for data files, recommend a caching policy for each disk for log files

Answer 27

None - do NOT enable caching on disks hosting log files

Question 28

New Azure Web App using blobl SA for static content and using large # of JS and CSS files, users of web app are global and need to ensure individual load times are minimized, what service to use?

Answer 28

Azure CDN | Distribute traffic globally and deliver web content to users

Question 29

of IP addresses reserved by Azure within each subnet

Answer 29

5

Question 30

1 Root Mgmt Group 5 Child Mgmt Groups 5 Subscriptions within each Mgmt Group Need to minimize the # of definitions and assignments for blueprints, where to assign the blueprint?

Answer 30

BP should be defined at the Root Mgmt group b/c you want to ensure you minimize the # of blueprints/assignments

Question 31

Authentication of Web App via AAD, app needs to be accessed by company users from the Internet and would have computers based on W10 joined to AAD. Need to ensure app access without being prompted for Authentication and access from company-owned computers, what to use for this?

Answer 31

AAD App Registration - this grants access to devices which are AAD joined?

Question 32

What grants access to devices that are AAD joined?

Answer 32

AAD App Reg

Question 33

What allows access from one Azure service to another?

Answer 33

Managed Identity

Question 34

What is used to secure remote access to on-prem web apps?

Answer 34

AAD App Proxy

Question 35

Azure sub with multiple RGs, need to design a resource governance solution with the following: 1. ExpressRoute resources are created in a specific RG 2. Creation of ER resources is delegated to AAD group 3. Principle of least priv What is needed for Req 2?

Answer 35

Custom role assigned to the RG - this ensures access for the creation of ER resources in the RG

Question 36

On-prem network with AD domain and recently purchased AAD tenant. Want to sync users from on-prem to AAD and enable SSO for the users as well, what will fulfill this requirement?

Answer 36

AAD Connect

Question 37

What is used to allow protection of an Azure SQL DB connection strings and only allow access to the connection strings at app runtime?

Answer 37

Azure Key Vault

Question 38

Azure Subscription with several RGs. Resource named group1 and contains critical resources. User named admin1 and is Owner of the sub. Need to prevent this admin from being able to modify resources in Group1. The admin should still be able to modify resources in other RGs.

Answer 38

Deny RBAC role for the admin on the RG via Azure Blueprints

Question 39

Minimum # of custom domains required to add to Azure?

Answer 39

1

Question 40

AAD User assigned the User Admin Role can change the Job Info Attribute for the following users

Answer 40

AAD Created | Microsoft Guest Account

Question 41

AAD User assigned User Admin role can changed Authentication Contact info Attribute for the following users and not for what users?

Answer 41

Can change for AAD created users but not for users synced to AAD

Question 42

What does P2 PIM provide?

Answer 42

``` JIT Time bound access Approvals Enforcement of MFA Justification Notification Access Reviews Audit History ```

Question 43

Sync on-prem to AAD and enable SSO

Answer 43

Setup ADFS and Sync with AAD | Sign-in ensures all AuthN occurs on-prem

Question 44

What is used to restrict access to Key Vault?

Answer 44

RBAC

Question 45

Key requirement is to authenticate identities on-prem via AD, but sync to AAD, what is used?

Answer 45

Pass through Auth

Question 46

Key requirement is to authenticate identities in Azure and sync to AAD, what is used?

Answer 46

Password Hash Sync

Question 47

Azure SQL DB deployment, only select workstations with static public IPs can be allowed to connect and perform admin work on the DB, what is used?

Answer 47

Server-level IP FW Rules | This enables client access to entire Azure SQL Server

Question 48

Where are Server-level IP FW Rules stored for Azure SQL DB and where are they configured?

Answer 48

Stored in the Master DB | Configured via Azure Portal or Transact-SQL Statements

Question 49

What is created and managed by Azure to protect resources?

Answer 49

Deny assignments used by Azure blueprints and Azure managed apps Cannot directly create own deny assignments

Question 50

What licensing is used for cloud-only users to change their PW?

Answer 50

AAD Free

Question 51

What licensing is used for cloud-only users to do SSPR?

Answer 51

AAD P1 or P2

Question 52

What licensing is used for hybrid user PW change or reset with on-prem writeback?

Answer 52

AAD P1 or P2

Question 53

Azure AD to handle sign-in completely in the cloud Do NOT enforce user-level AD security policies during sign-in NO sign-in requirement not natively supported by AAD

Answer 53

Password Hash Sync + Seamless SSO

Question 54

Azure AD to handle sign-in completely in the cloud Do enforce user-level AD security policies during sign-in NO sign-in requirement not natively supported by AAD No sign-in DR or leaked credentials report

Answer 54

PTA + Seamless SSO

Question 55

Azure AD to handle sign-in completely in the cloud Do enforce user-level AD security policies during sign-in NO sign-in requirement not natively supported by AAD Do require sign-in DR or leaked credentials report

Answer 55

PTA + Seamless SSO with PHS

Question 56

Azure AD to NOT handle sign-in completely in the cloud Do NOT want to integrate with existing federation provider NO sign-in requirement not natively supported by AAD Do NOT require sign-in DR or leaked credentials report

Answer 56

PTA + Seamless SSO

Question 57

Azure AD to NOT handle sign-in completely in the cloud Do NOT want to integrate with existing federation provider NO sign-in requirement not natively supported by AAD Do require sign-in DR or leaked credentials report

Answer 57

PTA + Seamless SSO + PHS

Question 58

Azure AD to NOT handle sign-in completely in the cloud Do want to integrate with existing federation provider Do NOT require sign-in DR or leaked credentials report

Answer 58

Federation

Question 59

Azure AD to NOT handle sign-in completely in the cloud Do want to integrate with existing federation provider Do require sign-in DR or leaked credentials report

Answer 59

Federation with PHS

Question 60

What is a data engineering solution that is used for hosting data warehouse?

Answer 60

Azure Synapse Analytics

Question 61

Migrate on-prem SQL server to Azure and make use of existing SQL Server licenses that is part of the Software Assurance contract with MSFT, decide to use Azure SQL DB service with v-core licensing model, does this work?

Answer 61

Yes, this will work because you can make use of Azure hybrid benefit

Question 62

What data store requires storing documents where they need to be accessed by end users and should be able to provide access to the documents via ACLs

Answer 62

Azure Storage Account GPv2

Question 63

Migrate on-prem to Azure Apps, requires daily RPO at a granular level and a 15 minute RTO, what service is used?

Answer 63

Azure Backup - used for granular level

Question 64

What service is used to backup at a granular level?

Answer 64

Azure Backup

Question 65

What service is used to backup/restore presentation on a corrupted laptop?

Answer 65

Azure Backup

Question 66

What service is used to replicate configs and data on VMs across another DC?

Answer 66

Azure Site Recovery

Question 67

v-core based Azure SQL DB, can you use Hybrid Benefit?

Answer 67

Yes

Question 68

Can you use Hybrid Benefit on Azure SQL DB with elastic pool and fixed size DTU-based Azure SQL instance?

Answer 68

No

Question 69

On-prem network with File Server that contains 500 GB of data using ADF service to copy data to Azure Storage, what is implemented on the file server?

Answer 69

Self-hosted integration runtime

Question 70

Compute infra that ADF uses to provide data integration capabilities across different network environments Can copy activities between cloud data store and data store in private network

Answer 70

Self-hosted integration runtime

Question 71

On-prem network with File Server that contains 500 GB of data using ADF service to copy data to Azure Storage, what is implemented on Azure Data Factory?

Answer 71

Create a Pipeline | ADF is a managed cloud service for ETL and ELT and data integration operations

Question 72

Logical group of activities (steps) that perform a unit of work Each activity consists of tasks and can be implement steps to transfer data from on-prem file server to Azure Storage

Answer 72

Pipelines

Question 73

SA Type that supports file shares

Answer 73

SA Premium and Standard

Question 74

SA Type that can support mixed services (FS, Table, Blob, etc.)

Answer 74

SA Standard

Question 75

SA Type can store file shares only and cannot deploy any types of storage

Answer 75

Premium SA