AZ-305 Comprehensive
Questions with Verified
Answers Graded A+
Your company has users who work remotely from laptops.You plan to move some of the
applications accessed by the remote users to Azure virtual machines. The users will access the
applications in Azure by using a point-to-site VPN connection. You will use certificates generated
from an on-premises-based Certification authority (CA). You need to recommend which
certificates are required for the deployment. What should you include in the recommendation?
- Answer: Trusted Root Certification Authorities Cretificate store on each laptop: A root
certificate that has the public key only
The users Personal store on each laptop: A user certificate that has the private key
The Azur VPN gateway: A user certificate that has the public key only
You are designing a large Azure environment that will contain many subscriptions. You plan to
use Azure Policy as part of a governance solution. To which three scopes can you assign Azure
Policy definitions? - Answer: A. management groups
B. subscriptions
D. resource groups
You are designing a microservices architecture that will be hosted in an Azure Kubernetes
Service (AKS) cluster. Apps that will consume the microservices will be hosted on Azure virtual
machines. The virtual machines and the AKS cluster will reside on the same virtual network. You
need to design a solution to expose the microservices to the consumer apps. The solution must
meet the following requirements:✑ Ingress access to the microservices must be restricted to a
single private IP address and protected by using mutual TLS authentication.✑ The number of
, incoming microservice calls must be rate-limited. - Answer: B. Azure API Management Premium
tier with virtual network connection
You have an Azure Active Directory (Azure AD) tenant that syncs with an on-premises Active
Directory domain. You have an internal web app named WebApp1 that is hosted on-premises.
WebApp1 uses Integrated Windows authentication. Some users work remotely and do NOT
have VPN access to the on-premises network. You need to provide the remote users with single
sign-on (SSO) access to WebApp1.Which two features should you include in the solution? Each
correct answer presents part of the solution. - Answer: A. Azure AD Application Proxy
E. Azure AD enterprise applications
Note:
Your company deploys several virtual machines on-premises and to Azure. ExpressRoute is
being deployed and configured for on-premises to Azure connectivity. Several virtual machines
exhibit network connectivity issues. You need to analyze the network traffic to identify whether
packets are being allowed or denied to the virtual machines. - Answer: Solution: Use Azure
Network Watcher to run IP flow verify to analyze the network traffic.
You have an Azure subscription. The subscription contains Azure virtual machines that run
Windows Server 2016 and Linux. You need to use Azure Monitor to design an alerting strategy
for security-related events. Which Azure Monitor Logs tables should you query? To answer, drag
the appropriate tables to the correct log types. Each table may be used once, more than once,
or not at all. You may need to drag the split bar between panes or scroll to view content. -
Answer: Evnets from Windows Event Logs: Event
Events from Linux System Logging: Syslog
You are designing a large Azure environment that will contain many subscriptions.You plan to
use Azure Policy as part of a governance solution.To which three scopes can you assign Azure
Policy definitions? Each correct answer presents a complete solution. - Answer: C. subscriptions
E. resource groups
F. management groups
Questions with Verified
Answers Graded A+
Your company has users who work remotely from laptops.You plan to move some of the
applications accessed by the remote users to Azure virtual machines. The users will access the
applications in Azure by using a point-to-site VPN connection. You will use certificates generated
from an on-premises-based Certification authority (CA). You need to recommend which
certificates are required for the deployment. What should you include in the recommendation?
- Answer: Trusted Root Certification Authorities Cretificate store on each laptop: A root
certificate that has the public key only
The users Personal store on each laptop: A user certificate that has the private key
The Azur VPN gateway: A user certificate that has the public key only
You are designing a large Azure environment that will contain many subscriptions. You plan to
use Azure Policy as part of a governance solution. To which three scopes can you assign Azure
Policy definitions? - Answer: A. management groups
B. subscriptions
D. resource groups
You are designing a microservices architecture that will be hosted in an Azure Kubernetes
Service (AKS) cluster. Apps that will consume the microservices will be hosted on Azure virtual
machines. The virtual machines and the AKS cluster will reside on the same virtual network. You
need to design a solution to expose the microservices to the consumer apps. The solution must
meet the following requirements:✑ Ingress access to the microservices must be restricted to a
single private IP address and protected by using mutual TLS authentication.✑ The number of
, incoming microservice calls must be rate-limited. - Answer: B. Azure API Management Premium
tier with virtual network connection
You have an Azure Active Directory (Azure AD) tenant that syncs with an on-premises Active
Directory domain. You have an internal web app named WebApp1 that is hosted on-premises.
WebApp1 uses Integrated Windows authentication. Some users work remotely and do NOT
have VPN access to the on-premises network. You need to provide the remote users with single
sign-on (SSO) access to WebApp1.Which two features should you include in the solution? Each
correct answer presents part of the solution. - Answer: A. Azure AD Application Proxy
E. Azure AD enterprise applications
Note:
Your company deploys several virtual machines on-premises and to Azure. ExpressRoute is
being deployed and configured for on-premises to Azure connectivity. Several virtual machines
exhibit network connectivity issues. You need to analyze the network traffic to identify whether
packets are being allowed or denied to the virtual machines. - Answer: Solution: Use Azure
Network Watcher to run IP flow verify to analyze the network traffic.
You have an Azure subscription. The subscription contains Azure virtual machines that run
Windows Server 2016 and Linux. You need to use Azure Monitor to design an alerting strategy
for security-related events. Which Azure Monitor Logs tables should you query? To answer, drag
the appropriate tables to the correct log types. Each table may be used once, more than once,
or not at all. You may need to drag the split bar between panes or scroll to view content. -
Answer: Evnets from Windows Event Logs: Event
Events from Linux System Logging: Syslog
You are designing a large Azure environment that will contain many subscriptions.You plan to
use Azure Policy as part of a governance solution.To which three scopes can you assign Azure
Policy definitions? Each correct answer presents a complete solution. - Answer: C. subscriptions
E. resource groups
F. management groups
