AZ-304 Flashcards

1
Q

•Your company has an Azure subscription that is linked to an Azure AD tenant.
The subscription has resources that are being used by several departments.
Each department has its own allotted budget for spending on Azure resources.
You have to ensure that as soon as the department reaches its spending limit, the compute resources of the department are automatically shut down. You have to design a solution for this requirement You decide to include Azure Logic Apps and Azure Monitor alerts in this solution

A

No AM cannot be used for billing, use Azure Cost Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is used to monitor connection health with ADFS?

A

AAD Connect Health

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How can KV be backed up/restored?

A

Can restore backed up KV in the same Geo and Sub

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Hyper-V Cluster with 20 VMs (Linux and Windows). What solution is used to replicate disks of VMs to Azure while the VMs remain available when disk migration is in progress?

A

ASR and Recovery Services Vault - this allows for keeping workloads online during planned/unplanned changes

Site Recovery Services replicate workloads on physical/VMs from primary to secondary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Hyper-V Failover Clusters, plan to assess/migrate VMs using Azure Migrate, what is the minimum # of ASR agents needed with 18 Hyper-V nodes in 3 clusters across 60 VMs?

A

3 - ASR agents go onto Hyper-V Nodes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Availability solution for Web Tier of Apps when moved to Azure (handles region failure and can use priority routing)

A

Traffic Manager

Standard and Basic LBs and App GW CANNOT perform DR if a region fails

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When configuring API Management, will it be able to access data from an Azure VM

A

APIM Instance will create an ELB which allows access from the Internet and access to resources within the VNet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

App using Azure Cloud Services, recommend a solution that allows to asynchronously communicate transaction info with REST messages

A

Azure Queue Storage - decouples components of an app

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Ensures DB tables are encrypted at rest and that data values never appear in plain text in the DB, also only client apps have encryption key to decrypt data

A

SQL Always Encrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Need to run image rendering solution in Azure and use parallel compute processing

A

Azure Batch - run large-scale parallel and high-perf computing batch processing jobs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Container solution with 2 containers, 1 hosts web API available to the Internet and the other performs health monitoring of the container hosting the Web API, but is private, both need to be deployed as a group

A

Azure Container Instances - Can deploy containers as a group and save on costs b/c simple solution, AKS is NOT cost efficient

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Secure connection from on-prem to Azure over private network and ensure connection offers redundant pair for HA

A

Azure Express Route

VPN GW does not establish connections over a private network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

App hosted in multiple regions, data storage solution that can store at least 1 TB of data, support multiple consistency levels and perform R/W operations in Azure Region local to app instance

A
Cosmos DB - supports global distro, replicates data wherever users are and can interact with data closest to them
Add/remove regions
Supports 5 consistence levels:
Bounded Staleness
Eventual
Consistent Prefix
Session
Strong
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

AKS Apps in 2 different regions hosted on clusters requires the following:
App availability if a single AKS cluster fails
Connection traffic over Internet is encrypted using SSL
Do not need SSL configured on each container instance

A

Azure Front Door -
App-based global traffic manager
Supports SSL termination instead of in app backends
Supports routing traffic to different clusters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Deploying apps in diff environments without a need of installing dependencies and app developers can have flexibility when architecting code

A

AKS -

Best accomplished by container based apps that can be deployed to AKS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

App needs to listen and process events that are emitted from other Azure Services

A

Event Grid -
Build apps with event-based architectures
Select Azure resource to subscribe, give the event handler or WebHook endpoint to send event to
Supports events from Azure services such as storage blobs and RG
Supports Custom Topics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Build apps with event-based architectures
Select Azure resource to subscribe, give the event handler or WebHook endpoint to send event to
Supports events from Azure services such as storage blobs and RG
Supports Custom Topics

A

Event Grid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Import on-prem SQL server to SQL Server in Azure, what is best used? What Storage Type and Tier?

A

BACPAC File can be used to import to Azure Blob Storage (standard only) from local storage on-prem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Messaging requirements to send/receive messages based on FIFO message pattern

A

Azure Service Bus (Queues)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Messaging Requirements to receive and process millions of messages at a time

A

Event Hub

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Big data streaming platform and event ingestion service

Can receive and process millions of EPS

A

Event Hub

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

of Hyper-V VMs supported for 1 Migration Appliance

A

5000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Plan and assess Hyper-V cluster migration plan with Azure Migrate, what is the minimum # of Azure Migrate appliances required with 3 clusters (10, 30 and 30 VMs across the 3 clusters)

A

3 Appliances required, 1 for each cluster

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Migration of on-prem MSSQL requires a solution to host the existing SQL Server Integration Services Package

A

ADF

Azure SSIS Integration Runtime is a component of ADF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

SQL Server Storage Requirements for backups that are the lowest cost option for storage

A

Standard Managed Disk

Should NOT use geo-redundant storage, should be in the same DC as SQL Server VMs to reduce transfer delays

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

SQL Server storage requirements, what SA not to use and where to place

A

Standard Managed Disk

Should NOT use geo-redundant storage, should be in the same DC as SQL Server VMs to reduce transfer delays

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

VM that will host SQL Server, has 2 data disks, one for log files and other for data files, recommend a caching policy for each disk for log files

A

None - do NOT enable caching on disks hosting log files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

New Azure Web App using blobl SA for static content and using large # of JS and CSS files, users of web app are global and need to ensure individual load times are minimized, what service to use?

A

Azure CDN

Distribute traffic globally and deliver web content to users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

of IP addresses reserved by Azure within each subnet

A

5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

1 Root Mgmt Group
5 Child Mgmt Groups
5 Subscriptions within each Mgmt Group
Need to minimize the # of definitions and assignments for blueprints, where to assign the blueprint?

A

BP should be defined at the Root Mgmt group b/c you want to ensure you minimize the # of blueprints/assignments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Authentication of Web App via AAD, app needs to be accessed by company users from the Internet and would have computers based on W10 joined to AAD.
Need to ensure app access without being prompted for Authentication and access from company-owned computers, what to use for this?

A

AAD App Registration - this grants access to devices which are AAD joined?

32
Q

What grants access to devices that are AAD joined?

A

AAD App Reg

33
Q

What allows access from one Azure service to another?

A

Managed Identity

34
Q

What is used to secure remote access to on-prem web apps?

A

AAD App Proxy

35
Q

Azure sub with multiple RGs, need to design a resource governance solution with the following:

  1. ExpressRoute resources are created in a specific RG
  2. Creation of ER resources is delegated to AAD group
  3. Principle of least priv

What is needed for Req 2?

A

Custom role assigned to the RG - this ensures access for the creation of ER resources in the RG

36
Q

On-prem network with AD domain and recently purchased AAD tenant. Want to sync users from on-prem to AAD and enable SSO for the users as well, what will fulfill this requirement?

A

AAD Connect

37
Q

What is used to allow protection of an Azure SQL DB connection strings and only allow access to the connection strings at app runtime?

A

Azure Key Vault

38
Q

Azure Subscription with several RGs. Resource named group1 and contains critical resources. User named admin1 and is Owner of the sub. Need to prevent this admin from being able to modify resources in Group1. The admin should still be able to modify resources in other RGs.

A

Deny RBAC role for the admin on the RG via Azure Blueprints

39
Q

Minimum # of custom domains required to add to Azure?

A

1

40
Q

AAD User assigned the User Admin Role can change the Job Info Attribute for the following users

A

AAD Created

Microsoft Guest Account

41
Q

AAD User assigned User Admin role can changed Authentication Contact info Attribute for the following users and not for what users?

A

Can change for AAD created users but not for users synced to AAD

42
Q

What does P2 PIM provide?

A
JIT
Time bound access
Approvals
Enforcement of MFA
Justification
Notification
Access Reviews
Audit History
43
Q

Sync on-prem to AAD and enable SSO

A

Setup ADFS and Sync with AAD

Sign-in ensures all AuthN occurs on-prem

44
Q

What is used to restrict access to Key Vault?

A

RBAC

45
Q

Key requirement is to authenticate identities on-prem via AD, but sync to AAD, what is used?

A

Pass through Auth

46
Q

Key requirement is to authenticate identities in Azure and sync to AAD, what is used?

A

Password Hash Sync

47
Q

Azure SQL DB deployment, only select workstations with static public IPs can be allowed to connect and perform admin work on the DB, what is used?

A

Server-level IP FW Rules

This enables client access to entire Azure SQL Server

48
Q

Where are Server-level IP FW Rules stored for Azure SQL DB and where are they configured?

A

Stored in the Master DB

Configured via Azure Portal or Transact-SQL Statements

49
Q

What is created and managed by Azure to protect resources?

A

Deny assignments used by Azure blueprints and Azure managed apps
Cannot directly create own deny assignments

50
Q

What licensing is used for cloud-only users to change their PW?

A

AAD Free

51
Q

What licensing is used for cloud-only users to do SSPR?

A

AAD P1 or P2

52
Q

What licensing is used for hybrid user PW change or reset with on-prem writeback?

A

AAD P1 or P2

53
Q

Azure AD to handle sign-in completely in the cloud
Do NOT enforce user-level AD security policies during sign-in
NO sign-in requirement not natively supported by AAD

A

Password Hash Sync + Seamless SSO

54
Q

Azure AD to handle sign-in completely in the cloud
Do enforce user-level AD security policies during sign-in
NO sign-in requirement not natively supported by AAD
No sign-in DR or leaked credentials report

A

PTA + Seamless SSO

55
Q

Azure AD to handle sign-in completely in the cloud
Do enforce user-level AD security policies during sign-in
NO sign-in requirement not natively supported by AAD
Do require sign-in DR or leaked credentials report

A

PTA + Seamless SSO with PHS

56
Q

Azure AD to NOT handle sign-in completely in the cloud
Do NOT want to integrate with existing federation provider
NO sign-in requirement not natively supported by AAD
Do NOT require sign-in DR or leaked credentials report

A

PTA + Seamless SSO

57
Q

Azure AD to NOT handle sign-in completely in the cloud
Do NOT want to integrate with existing federation provider
NO sign-in requirement not natively supported by AAD
Do require sign-in DR or leaked credentials report

A

PTA + Seamless SSO + PHS

58
Q

Azure AD to NOT handle sign-in completely in the cloud
Do want to integrate with existing federation provider
Do NOT require sign-in DR or leaked credentials report

A

Federation

59
Q

Azure AD to NOT handle sign-in completely in the cloud
Do want to integrate with existing federation provider
Do require sign-in DR or leaked credentials report

A

Federation with PHS

60
Q

What is a data engineering solution that is used for hosting data warehouse?

A

Azure Synapse Analytics

61
Q

Migrate on-prem SQL server to Azure and make use of existing SQL Server licenses that is part of the Software Assurance contract with MSFT, decide to use Azure SQL DB service with v-core licensing model, does this work?

A

Yes, this will work because you can make use of Azure hybrid benefit

62
Q

What data store requires storing documents where they need to be accessed by end users and should be able to provide access to the documents via ACLs

A

Azure Storage Account GPv2

63
Q

Migrate on-prem to Azure Apps, requires daily RPO at a granular level and a 15 minute RTO, what service is used?

A

Azure Backup - used for granular level

64
Q

What service is used to backup at a granular level?

A

Azure Backup

65
Q

What service is used to backup/restore presentation on a corrupted laptop?

A

Azure Backup

66
Q

What service is used to replicate configs and data on VMs across another DC?

A

Azure Site Recovery

67
Q

v-core based Azure SQL DB, can you use Hybrid Benefit?

A

Yes

68
Q

Can you use Hybrid Benefit on Azure SQL DB with elastic pool and fixed size DTU-based Azure SQL instance?

A

No

69
Q

On-prem network with File Server that contains 500 GB of data using ADF service to copy data to Azure Storage, what is implemented on the file server?

A

Self-hosted integration runtime

70
Q

Compute infra that ADF uses to provide data integration capabilities across different network environments
Can copy activities between cloud data store and data store in private network

A

Self-hosted integration runtime

71
Q

On-prem network with File Server that contains 500 GB of data using ADF service to copy data to Azure Storage, what is implemented on Azure Data Factory?

A

Create a Pipeline

ADF is a managed cloud service for ETL and ELT and data integration operations

72
Q

Logical group of activities (steps) that perform a unit of work
Each activity consists of tasks and can be implement steps to transfer data from on-prem file server to Azure Storage

A

Pipelines

73
Q

SA Type that supports file shares

A

SA Premium and Standard

74
Q

SA Type that can support mixed services (FS, Table, Blob, etc.)

A

SA Standard

75
Q

SA Type can store file shares only and cannot deploy any types of storage

A

Premium SA