AZ-300日本語 無料問題集「Microsoft Azure Architect Technologies (AZ-300日本語版)」

Explanation

Note: You cannot add databases from different servers into the same pool Box 1: Yes Pool2 contains DB2 but DB1 and DB2 are on Sql1. DB1 can thus be added to Pool2.
Box 2: Yes
Pool3 is empty.
Box 3: Yes
Pool1 contains DB1 but DB3 and DB1 are on Sql1. DB3 can thus be added to Pool1.
References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-elastic-pool

Topic 2, Case Study
Label Maker app
Requirements
Data
You identify the following requirements for data management and manipulation:
* Order data is stored as non relational JSON and must be queried using Structured Query Language (SQL).
* Changes to the Order data must reflect immediately across all partitions. All reads to the Order data must fetch the most recent writes.
Security
You have the following security requirements:
* Users of Coho Winery applications must be able to provide access to documents, resources, and applications to external partners.
* External partners must use their own credentials and authenticate with their organization's identity management solution.
* External partner logins must be audited monthly for application use by a user account administrator to maintain company compliance.
* Storage of e-commerce application settings must be maintained in Azure Key Vault.
* E-commerce application sign-ins must be secured by using Azure App Service authentication and Azure Active Directory (AAD).
* Conditional access policies must be applied at the application level to protect company content.
* The LabelMaker application must be secured by using an AAD account that has full access to all namespaces of the Azure Kubernetes Service (AKS) cluster.
Label Maker app
Azure Monitor Container Health must be used to monitor the performance of workloads that are deployed to Kubernetes environments and hosted on Azure Kubernetes Service (AKS).
You must use Azure Container Registry to publish images that support the AKS deployment.
Architecture


Issues
Calls to the Printer API App fail periodically due to printer communication timeouts.
Printer communication timeouts occur after 10 seconds. The label printer must only receive up to 5 attempts within one minute.
The order workflow fails to run upon initial deployment to Azure.
Order.json
Relevant portions of the app fries are shown below Line numbers are induced for reference only. This JSON file contains a representation of the data for an order that includes a single item.

解説: (JPNTest メンバーにのみ表示されます)

解説: (JPNTest メンバーにのみ表示されます)

Explanation

Box 1: Scale set
A virtual machine scale set allows you to deploy and manage a set of identical, autoscaling virtual machines.
Box 2: Availability Set
An Availability Set is a logical grouping capability for isolating VM resources from each other when they're deployed. Azure makes sure that the VMs you place within an Availability Set run across multiple physical servers, compute racks, storage units, and network switches. If a hardware or software failure happens, only a subset of your VMs are impacted and your overall solution stays operational. Availability Sets are essential for building reliable cloud solutions.
Box 3: Fault domain
A fault domain is a logical group of underlying hardware that share a common power source and network switch, similar to a rack within an on-premises datacenter. As you create VMs within an availability set, the Azure platform automatically distributes your VMs across these fault domains. This approach limits the impact of potential physical hardware failures, network outages, or power interruptions.

解説: (JPNTest メンバーにのみ表示されます)

Explanation

Box 1: Create a virtual network gateway and a local network gateway.
Azure VPN gateway. The VPN gateway service enables you to connect the VNet to the on-premises network through a VPN appliance. For more information, see Connect an on-premises network to a Microsoft Azure virtual network. The VPN gateway includes the following elements:
* Virtual network gateway. A resource that provides a virtual VPN appliance for the VNet. It is responsible for routing traffic from the on-premises network to the VNet.
* Local network gateway. An abstraction of the on-premises VPN appliance. Network traffic from the cloud application to the on-premises network is routed through this gateway.
* Connection. The connection has properties that specify the connection type (IPSec) and the key shared with the on-premises VPN appliance to encrypt traffic.
* Gateway subnet. The virtual network gateway is held in its own subnet, which is subject to various requirements, described in the Recommendations section below.
Box 2: Configure a site-to-site VPN connection
On premises create a site-to-site connection for the virtual network gateway and the local network gateway.

Scenario: Connect the New York office to VNet1 over the Internet by using an encrypted connection.

Explanation

Box 1: An Azure Application Gateway that has a web application firewall (WAF) Azure Application Gateway offers a web application firewall (WAF) that provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities. SQL injection and cross-site scripting are among the most common attacks.
Application Gateway operates as an application delivery controller (ADC). It offers Secure Sockets Layer (SSL) termination, cookie-based session affinity, round-robin load distribution, content-based routing, ability to host multiple websites, and security enhancements.
Box 2: An internal Azure Standard Load Balancer
The internet to web tier is the public interface, while the web tier to application tier should be internal.
Note: When using load-balancing rules with Azure Load Balancer, you need to specify a health probes to allow Load Balancer to detect the backend endpoint status.
Health probes support the TCP, HTTP, HTTPS protocols.
References:
https://docs.microsoft.com/en-us/azure/application-gateway/waf-overview
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview

解説: (JPNTest メンバーにのみ表示されます)

Explanation

Box 1:
Rule2 blocks ports 50-60, which includes port 53, the DNS port. Internet users can reach to the Web server, since it uses port 80.
Box 2:
If Rule2 is removed internet users can reach the DNS server as well.
Note: Rules are processed in priority order, with lower numbers processed before higher numbers, because lower numbers have higher priority. Processing stops once traffic matches a rule, as a result, any rules that exist with lower priorities (higher numbers) that have the same attributes as rules with higher priorities are not processed.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

解説: (JPNTest メンバーにのみ表示されます)

解説: (JPNTest メンバーにのみ表示されます)

Explanation

References:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain

Topic 6, Humongous Insurance
Overview
Existing Environment
Active Directory Environment
Humongous Insurance has a single-domain Active Directory forest named humongousinsurance.com. The functional level of the forest is Windows Server 2012.
You recently provisioned an Azure Active Directory (Azure AD) tenant.
Network Infrastructure
Each office has a local data center that contains all the servers for that office. Each office has a dedicated connection to the Internet.
Each office has several link load balancers that provide access to the servers.
Active Directory Issue
Several users in humongousinsurance.com have UPNs that contain special characters.
You suspect that some of the characters are unsupported in Azure AD.
Licensing Issue
You attempt to assign a license in Azure to several users and receive the following error message: "Licenses not assigned. License agreement failed for one user." You verify that the Azure subscription has the available licenses.
Requirements
Planned Changes
Humongous Insurance plans to open a new office in Paris. The Paris office will contain 1,000 users who will be hired during the next 12 months. All the resources used by the Paris office users will be hosted in Azure.
Planned Azure AD Infrastructure
The on-premises Active Directory domain will be synchronized to Azure AD.
All client computers in the Paris office will be joined to an Azure AD domain.
Planned Azure Networking Infrastructure
You plan to create the following networking resources in a resource group named All_Resources:
* Default Azure system routes that will be the only routes used to route traffic
* A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2
* A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet
* A virtual network named AllOffices-VNet that will contain two subnets named Subnet3 and Subnet4 You plan to enable peering between Paris-VNet and AllOffices-VNet. You will enable the Use remote gateways setting for the Paris-VNet peerings.
You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.
Planned Azure Computer Infrastructure
Each subnet will contain several virtual machines that will run either Windows Server 2012 R2, Windows Server 2016, or Red Hat Linux.
Department Requirements
Humongous Insurance identifies the following requirements for the company's departments:
* Web administrators will deploy Azure web apps for the marketing department. Each web app will be added to a separate resource group. The initial configuration of the web apps will be identical. The web administrators have permission to deploy web apps to resource groups.
* During the testing phase, auditors in the finance department must be able to review all Azure costs from the past week.
Authentication Requirements
Users in the Miami office must use Azure Active Directory Seamless Single Sign-on (Azure AD Seamless SSO) when accessing resources in Azure.