AZ-304 無料問題集「Microsoft Azure Architect Design」
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.
Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network.
You need to enable single sign-on (SSO) for company users.
Solution: Configure an AD DS server in an Azure virtual machine (VM). Configure bidirectional replication.
Does the solution meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.
Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network.
You need to enable single sign-on (SSO) for company users.
Solution: Configure an AD DS server in an Azure virtual machine (VM). Configure bidirectional replication.
Does the solution meet the goal?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named storage1.
You plan to archive data to storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create an Azure Blob storage container, and you configure a legal hold access policy.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named storage1.
You plan to archive data to storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create an Azure Blob storage container, and you configure a legal hold access policy.
Does this meet the goal?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named Storage1.
You plan to archive data to Storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create a file share, and you configure an access policy.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named Storage1.
You plan to archive data to Storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create a file share, and you configure an access policy.
Does this meet the goal?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You are designing a large Azure environment that will contain many subscriptions.
You plan to use Azure Policy as part of a governance solution.
To which three scopes can you assign Azure Policy definitions? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
You plan to use Azure Policy as part of a governance solution.
To which three scopes can you assign Azure Policy definitions? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
正解:B、C、F
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You plan to create a storage account and to save the files as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
正解:
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers#archive-access-tier-preview
You have an Azure subscription. The subscription contains an app ir-tal is hosted in Ihe East US, Central Europe, ant) East Asia regions You need to recommend a data-tier solution for the app. The solution must meet the following requirements:
* Support multiple consistency levels.
* Be able to store at least 1 TB of data.
* Be able to perform read and write operations in the Azure region that is local to the app instance What should you Include In the recommendation?
* Support multiple consistency levels.
* Be able to store at least 1 TB of data.
* Be able to perform read and write operations in the Azure region that is local to the app instance What should you Include In the recommendation?
正解:C
解答を投票する
You have a web application that uses a MongoDB database. You plan to migrate the web application to Azure.
You must migrate to Cosmos DB while minimizing code and configuration changes.
You need to design the Cosmos DB configuration.
What should you recommend? To answer, select the appropriate values in the answer area.
NOTE: Each correct selection is worth one point.
You must migrate to Cosmos DB while minimizing code and configuration changes.
You need to design the Cosmos DB configuration.
What should you recommend? To answer, select the appropriate values in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/create-mongodb-dotnet
You have an Azure subscription that contains the storage accounts shown in the following table.
You plan to implement two new apps that have the requirements shown in the following table.
Which storage accounts should you recommend using for each app? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You plan to implement two new apps that have the requirements shown in the following table.
Which storage accounts should you recommend using for each app? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-lifecycle-management-concepts
You plan to develop a new app that will store business critical dat
a. The app must meet the following requirements:
Prevent new data from being modified for one year.
Minimize read latency.
Maximize data resiliency.
You need to recommend a storage solution for the app.
What should you recommend? To answer, select the appropriate options in the answer area.
a. The app must meet the following requirements:
Prevent new data from being modified for one year.
Minimize read latency.
Maximize data resiliency.
You need to recommend a storage solution for the app.
What should you recommend? To answer, select the appropriate options in the answer area.
正解:
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy?toc=/azure/storage/blobs/toc.json
A company plans to implement an HTTP-based API to support a web app. The web app allows customers to check the status of their orders.
The API must meet the following requirements:
Implement Azure Functions
Provide public read-only operations
Do not allow write operations
You need to recommend configuration options.
What should you recommend? To answer, configure the appropriate options in the dialog box in the answer area.
NOTE: Each correct selection is worth one point.
The API must meet the following requirements:
Implement Azure Functions
Provide public read-only operations
Do not allow write operations
You need to recommend configuration options.
What should you recommend? To answer, configure the appropriate options in the dialog box in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization
You have an existing implementation of Microsoft SQL Server Integration Services (SSIS) packages stored in an SSISDB catalog on your on-premises network. The on-premises network does not have hybrid connectivity to Azure by using Site-to-Site VPN or ExpressRoute.
You want to migrate the packages to Azure Data Factory.
You need to recommend a solution that facilitates the migration while minimizing changes to the existing packages. The solution must minimize costs.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You want to migrate the packages to Azure Data Factory.
You need to recommend a solution that facilitates the migration while minimizing changes to the existing packages. The solution must minimize costs.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Reference:
https://docs.microsoft.com/en-us/azure/data-factory/create-azure-integration-runtime
https://docs.microsoft.com/en-us/sql/integration-services/lift-shift/ssis-azure-connect-to-catalog-database
Your company has an on-premises Windows HPC cluster. The cluster runs a parallel, compute-intensive workload that performs financial risk modeling.
You plan to migrate the workload to azure Batch.
You need to design a solution that will support the workload. The solution must meet the following requirements: Support the large-scale parallel execution of Azure Batch jobs.
Minimize cost.
What should you include in the solution?
You plan to migrate the workload to azure Batch.
You need to design a solution that will support the workload. The solution must meet the following requirements: Support the large-scale parallel execution of Azure Batch jobs.
Minimize cost.
What should you include in the solution?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You design a solution for the web tier of WebApp1 as shown in the exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
正解:
Reference:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
https://blogs.msdn.microsoft.com/hsirtl/2017/07/03/autoscaling-azure-web-apps/
Topic 3, Litware, Inc
Overview. General Overview
Litware, Inc. is a medium-sized finance company.
Overview. Physical Locations
Litware has a main office in Boston.
Existing Environment. Identity Environment
The network contains an Active Directory forest named Litware.com that is linked to an Azure Active Directory (Azure AD) tenant named Litware.com. All users have Azure Active Directory Premium P2 licenses.
Litware has a second Azure AD tenant named dev.Litware.com that is used as a development environment.
The Litware.com tenant has a conditional access policy named capolicy1. Capolicy1 requires that when users manage the Azure subscription for a production environment by using the Azure portal, they must connect from a hybrid Azure AD-joined device.
Existing Environment
Azure Environment
Litware has 10 Azure subscriptions that are linked to the Litware.com tenant and five Azure subscriptions that are linked to the dev.Litware.com tenant. All the subscriptions are in an Enterprise Agreement (EA).
The Litware.com tenant contains a custom Azure role-based access control (Azure RBAC) role named Role1 that grants the DataActions read permission to the blobs and files in Azure Storage.
Existing Environment. On-premises Environment
The on-premises network of Litware contains the resources shown in the following table.
Existing Environment. Network Environment
Litware has ExpressRoute connectivity to Azure.
Planned Changes and Requirements. Planned Changes
Litware plans to implement the following changes:
Migrate DB1 and DB2 to Azure.
Migrate App1 to Azure virtual machines.
Deploy the Azure virtual machines that will host App1 to Azure dedicated hosts.
Planned Changes and Requirements. Authentication and Authorization Requirements Litware identifies the following authentication and authorization requirements:
Users that manage the production environment by using the Azure portal must connect from a hybrid Azure AD-joined device and authenticate by using Azure Multi-Factor Authentication (MFA).
The Network Contributor built-in RBAC role must be used to grant permission to all the virtual networks in all the Azure subscriptions.
To access the resources in Azure, App1 must use the managed identity of the virtual machines that will host the app.
Role1 must be used to assign permissions to the storage accounts of all the Azure subscriptions.
RBAC roles must be applied at the highest level possible.
Planned Changes and Requirements. Resiliency Requirements
Litware identifies the following resiliency requirements:
Once migrated to Azure, DB1 and DB2 must meet the following requirements:
- Maintain availability if two availability zones in the local Azure region fail.
- Fail over automatically.
- Minimize I/O latency.
App1 must meet the following requirements:
- Be hosted in an Azure region that supports availability zones.
- Be hosted on Azure virtual machines that support automatic scaling.
- Maintain availability if two availability zones in the local Azure region fail.
Planned Changes and Requirements. Security and Compliance Requirements
Litware identifies the following security and compliance requirements:
Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.
On-premises users and services must be able to access the Azure Storage account that will host the data in App1.
Access to the public endpoint of the Azure Storage account that will host the App1 data must be prevented.
All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.
App1 must not share physical hardware with other workloads.
Planned Changes and Requirements. Business Requirements
Litware identifies the following business requirements:
Minimize administrative effort.
Minimize costs.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage account that contains two 1-GB data files named File1 and File2. The data files are set to use the archive access tier.
You need to ensure that File1 is accessible immediately when a retrieval request is initiated.
Solution: For File1, you set Access tier to Hot.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage account that contains two 1-GB data files named File1 and File2. The data files are set to use the archive access tier.
You need to ensure that File1 is accessible immediately when a retrieval request is initiated.
Solution: For File1, you set Access tier to Hot.
Does this meet the goal?
正解:A
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group'. Group i is configured Tor assigned membership. Group I has 50 members. including 20 guest users.
You need To recommend a solution for evaluating the member ship of Group1. The solution must meet the following requirements:
* The evaluation must be repeated automatically every three months
* Every member must be able to report whether they need to be in Group1
* Users who report that they do not need to be in Group 1 must be removed from Group1 automatically
* Users who do not report whether they need to be m Group1 must be removed from Group1 automatically.
What should you include in me recommendation?
You need To recommend a solution for evaluating the member ship of Group1. The solution must meet the following requirements:
* The evaluation must be repeated automatically every three months
* Every member must be able to report whether they need to be in Group1
* Users who report that they do not need to be in Group 1 must be removed from Group1 automatically
* Users who do not report whether they need to be m Group1 must be removed from Group1 automatically.
What should you include in me recommendation?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
You need to configure an Azure policy to ensure that the Azure SQL databases have TDE enabled. The solution must meet the security and compliance requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
1 - Create an Azure policy definition that uses the deployIfNotExists effect.
2 - Create an Azure policy assignment.
3 - Invoke a remediation task.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources
You plan to create an Azure Storage account that will host file shares. The shares will be accessed from on-premises applications that are transaction-intensive.
You need to recommend a solution to minimize latency when accessing the file shares. The solution must provide the highest-level of resiliency for the selected storage tier.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to recommend a solution to minimize latency when accessing the file shares. The solution must provide the highest-level of resiliency for the selected storage tier.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
You have an Azure Active Directory (Azure AD) tenant named Contoso.com. The tenant contains a group named Group1. Group1 contains all the administrator user accounts.
You discover several login attempts to the Azure portal from countries administrator users do NOT work.
You need to ensure that all login attempts to the portal from those countries require Azure Multi-Factor Authentication (MFA).
Solution: You implement an access package.
Does this meet the goal?
You discover several login attempts to the Azure portal from countries administrator users do NOT work.
You need to ensure that all login attempts to the portal from those countries require Azure Multi-Factor Authentication (MFA).
Solution: You implement an access package.
Does this meet the goal?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)