In this blog, we are going to cover Microsoft Azure Solutions Architect Expert Exam Questions that give you an idea and understanding that generally what type of questions are asked in the AZ-305 exam.
Azure Solutions Architect has subject matter expertise in designing cloud and hybrid solutions that run on Microsoft Azure, including compute, network, storage, monitor and security. Not only this, the Solutions Architect has expertise in IT operations, virtualization, identity management, disaster recovery, business continuity, data platforms, and governance.
Moreover, the Solution Architect closely works with Azure Developers, Azure Administrators, cloud DBAs to translate business requirements into designing secure, scalable Azure cloud Solutions.
If you are preparing for the Microsoft Azure Solutions Architect Expert Certification [AZ-305] Exam. Then check your readiness by attending to these questions for Azure Solutions Architect Certification.
Azure Solutions Architect Exam Questions
Q1. You have an Azure Active Directory (Azure AD) tenant that syncs with an on-premises Active Directory domain.
You have an internal web app named WebApp1 that is hosted on-premises. WebApp1 uses Integrated Windows authentication.
Some users work remotely and do NOT have VPN access to the on-premises network. You need to provide the remote users with single sign-on (SSO) access to WebApp1.
Which two features should you include in the solution? Each correct answer presents part of the solution.
A. Azure AD Application Proxy
B. Azure AD Privileged Identity Management (PIM)
C. Conditional Access policies
D. Azure Arc
E. Azure AD enterprise applications
F. Azure Application Gateway
Correct Answer: A, C
Explanation:
A: Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Application Proxy includes both the
Application Proxy service runs in the cloud and the Application Proxy connector runs on an on-premises server. You can configure a single sign-on to an Application Proxy application.
C: Microsoft recommends using Application Proxy with pre-authentication and Conditional Access policies for remote access from the internet. An approach to providing Conditional Access for intranet use is to modernize applications so they can directly authenticate with AAD.
Q2. You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group1. Group1 is configured for assigned membership. Group1 has 50 members, including 20 guest users.
You need to recommend a solution for evaluating the membership of Group1. The solution must meet the following requirements:
✑ The evaluation must be repeated automatically every three months.
✑ Every member must be able to report whether they need to be in Group1.
✑ Users who report that they do not need to be in Group1 must be removed from Group1 automatically.
✑ Users who do not report whether they need to be in Group1 must be removed from Group1 automatically.
What should you include in the recommendation?
A. Implement Azure AD Identity Protection.
B. Change the Membership type of Group1 to Dynamic User.
C. Create an access review.
D. Implement Azure AD Privileged Identity Management (PIM).
Correct Answer: C
Explanation:
Have reviews recur periodically: You can set up recurring access reviews of users at set frequencies such as weekly, monthly, quarterly or annually, and the reviewers will be notified at the start of each review. Reviewers can approve or deny access with a friendly interface and with the help of smart recommendations.
Q3. You are designing an Azure web app that will use Azure Active Directory (Azure AD) for authentication.
You need to recommend a solution to provide users from multiple Azure AD tenants with access to App1. The solution must ensure that the users use Azure Multi-
Factor Authentication (MFA) when they connect to App1.
Which two types of objects should you include in the recommendation? Each correct answer presents part of the solution.
A. Azure AD conditional access policies
B. Azure AD managed identities
C. an Identity Experience Framework policy
D. an Azure application security group
E. an Endpoint Manager app protection policy
F. Azure AD guest accounts
Correct Answer: A, F
Explanation:
A: The Conditional Access feature in Azure Active Directory (Azure AD) offers one of several ways that you can use to secure your app and protect service.
Conditional Access enables developers and enterprise customers to protect services in a multitude of ways including:
✑ Multi-factor authentication
✑ Allowing only Intune enrolled devices to access specific services
✑ Restricting user locations and IP ranges
Conditional Access policies are powerful tools, we recommend excluding the following accounts from your policy:
✑ Service accounts and service principals.
If your organization has these accounts in use in scripts or code, consider replacing them with managed identities.
B: Managed Identity does not support cross-directory scenarios.
E: Application security groups enable you to configure network security as a natural extension of an applicationג€
s structure, allowing you to group virtual machines and define network security policies based on those groups.
Q4. You are designing a large Azure environment that will contain many subscriptions.
You plan to use Azure Policy as part of a governance solution.
To which three scopes can you assign Azure Policy definitions? Each correct answer presents a complete solution.
A. Azure Active Directory (Azure AD) administrative units
B. Azure Active Directory (Azure AD) tenants
C. subscriptions
D. compute resources
E. resource groups
F. management groups
Correct Answer: C, E, F.
Explanation:
Azure Policy evaluates resources in Azure by comparing the properties of those resources to business rules. Once your business rules have been formed, the policy definition or initiative is assigned to any scope of resources that Azure supports, such as management groups, subscriptions, resource groups, or individual resources.
Q5. You have an Azure subscription that contains a custom application named Application1. Application1 was developed by an external company named Fabrikam,
Ltd. Developers at Fabrikam were assigned role-based access control (RBAC) permissions to the Application1 components. All users are licensed for the
Microsoft 365 E5 plan.
You need to recommend a solution to verify whether the Fabrikam developers still require permissions to Application1. The solution must meet the following requirements:
✑ To the manager of the developers, send a monthly email message that lists the access permissions to Application1.
✑ If the manager does not verify access permission, automatically revoke that permission.
✑ Minimize development effort.
What should you recommend?
A. In Azure Active Directory (Azure AD), create an access review of Application1.
B. Create an Azure Automation runbook that runs the Get-AzRoleAssignment cmdlet.
C. In Azure Active Directory (Azure AD) Privileged Identity Management, create a custom role assignment for the Application1 resources.
D. Create an Azure Automation runbook that runs the Get-AzureADUserAppRoleAssignment cmdlet.
Correct Answer: A
Explanation:
Access Review requires P2 and in Microsoft 365 E5 include P2.
Q6. You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
✑ Provide access to the full .NET framework.
✑ Provide redundancy if an Azure region fails.
✑ Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy an Azure virtual machine scale set that uses autoscaling.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Explanation:
Instead, you should deploy two Azure virtual machines to two Azure regions, and you create a Traffic Manager profile.
Q7. You have an Azure subscription that contains a storage account.
An application sometimes writes duplicate files to the storage account.
You have a PowerShell script that identifies and deletes duplicate files in the storage account. Currently, the script is run manually after approval from the operations manager.
You need to recommend a serverless solution that performs the following actions:
✑ Runs the script once an hour to identify whether duplicate files exist
✑ Sends an email notification to the operations manager requesting approval to delete the duplicate files
✑ Processes an email response from the operations manager specifying whether the deletion was approved
✑ Runs the script if the deletion was approved
What should you include in the recommendation?
A. Azure Logic Apps and Azure Event Grid
B. Azure Logic Apps and Azure Functions
C. Azure Pipelines and Azure Service Fabric
D. Azure Functions and Azure Batch
Correct Answer: B
Explanation:
You can schedule a PowerShell script with Azure Logic Apps. When you want to run code that performs a specific job in your logic apps, you can create your own function by using Azure Functions. This service helps you create Node.js, C#, and F# functions so you don’t have to build a complete app or infrastructure to run code. You can also call logic apps from inside Azure functions.
Q8. You are designing an application that will be hosted in Azure.
The application will host video files that range from 50 MB to 12 GB. The application will use certificate-based authentication and will be available to users on the internet.
You need to recommend a storage option for the video files. The solution must provide the fastest read performance and must minimize storage costs.
What should you recommend?
A. Azure Files
B. Azure Data Lake Storage Gen2
C. Azure Blob Storage
D. Azure SQL Database
Correct Answer: C
Explanation:
Blob Storage: Stores large amounts of unstructured data, such as text or binary data, that can be accessed from anywhere in the world via HTTP or HTTPS. You can use Blob storage to expose data publicly to the world or to store application data privately.
Max file in Blob Storage. 4.77 TB.
Download the Complete Microsoft Azure Solutions Architect Exam Questions
When you have tested your knowledge by answering these AZ-305 exam questions, I hope you have a clear stand in terms of your exam preparation.
Note: K21Academy also offers a complete AZ-305 Exam Questions Prep Guide where learners get to practise questions to test their Azure AZ-305 exam preparation before the actual exam.
To download the complete Azure Solutions Architect Exam Questions guide click here.
Related/References
- AZ 305: Microsoft Azure Solutions Architect Expert: Step By Step Activity Guides (Hands-On Labs)
- Exam AZ-305: Azure Solutions Architect Expert Certification (New Version of AZ-303 & AZ-304)
- Azure Migrate Step-By-Step Server Setup
- Azure Migrate And Cloud Migration Strategy
Next Task For You
Begin your journey towards becoming a Microsoft Azure Solutions Architect Expert. Just click on the register now button below to register for a Free Class on Microsoft Azure Solutions Architect Expert Certification [AZ-305], which will help you to understand better, so you can choose the right path and clear the certification exam.
The post Microsoft Azure Solutions Architect Expert Exam Questions appeared first on Cloud Training Program.