Microsoft Azure Architect Technologies AZ-300 Questions

1. Topic 1, Case Study: 1

Label Maker app

Requirements

Data

You identify the following requirements for data management and manipulation:

• Order data is stored as non relational JSON and must be queried using Structured Query Language (SQL).

• Changes to the Order data must reflect immediately across all partitions. All reads to the Order data must fetch the most recent writes.

Security

You have the following security requirements:

• Users of Coho Winery applications must be able to provide access to documents, resources, and applications to external partners.

• External partners must use their own credentials and authenticate with their organization's identity management solution.

• External partner logins must be audited monthly for application use by a user account administrator to maintain company compliance.

• Storage of e-commerce application settings must be maintained in Azure Key Vault.

• E-commerce application sign-ins must be secured by using Azure App Service authentication and Azure Active Directory (AAD).

• Conditional access policies must be applied at the application level to protect company content.

• The LabelMaker application must be secured by using an AAD account that has full access to all namespaces of the Azure Kubernetes Service (AKS) cluster.

Label Maker app

Azure Monitor Container Health must be used to monitor the performance of workloads that are deployed to Kubernetes environments and hosted on Azure Kubernetes Service (AKS).

You must use Azure Container Registry to publish images that support the AKS deployment.

Architecture

Issues

Calls to the Printer API App fail periodically due to printer communication timeouts.

Printer communication timeouts occur after 10 seconds. The label printer must only receive up to 5 attempts within one minute.

The order workflow fails to run upon initial deployment to Azure.

Order.json

Relevant portions of the app fries are shown below Line numbers are induced for reference only. This JSON file contains a representation of the data for an order that includes a single item.

You need to access user claims in the e-commerce web app.

What should you do first?

2. DRAG DROP

You need to deploy a new version of the Label Maker application.

Which three actions should you perform in sequence?

To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

3. Topic 2, Case Study: 2

Background

Requirements

You are a developer for Proseware, Inc. You are developing an application that applies a set of governance policies for Proseware's internal services, external services, and applications. The application will also provide a shared Horary for common functionality.

Policy service

You develop and deploy a stateful ASP.NET Core 21 web application named Policy service to an Azure App Service Web App. The application reacts to events from Azure Event Grid and performs policy actions based on those events.

The application must include the Event Grid Event ID field in all Application Insights telemetry.

Policy service must use Application Insights to automatically scale with the number of policy actions that it is performing.

Policies

Log policy

All Azure App Service Wet) Apps must write logs to Azure Blob storage. All tog files should be saved to a container named logdrop. Logs must remain in the

container for 15 days.

Authentication events

Authentication events are used to monitor users signing in and signing out All authentication events must be processed by PoScy service Sign outs must be processed as quickly as possible

Policy Lib

You have a shared library named Policy Lib that contains functionality common to all ASP.NET Core web services and applications. The Policy Lib library must:

• Exclude non-user actions from Application Insights telemetry.

• Provide methods that allow a web service to scale itself.

• Ensure that scaling actions do not disrupt application usage.

Other

Anomaly detection service

You have an anomaly detection service that analyzes log information for anomalies. It is implemented as an Azure Machine learning model. The model is deployed as a web service.

If an anomaly is detected, an Azure Function that emails administrators is called by using an HTTP WebHook.

Hearth monitoring

All web applications and services have health monitoring at the /health service endpoint

Issues

Policy loss

When you deploy Policy service, policies may not be applied if they were m the process of being applied during the deployment.

Performance issue

When under heavy load, the anomaly detection service undergoes slowdowns and rejects connections.

Notification latency

Users report that anomaly detection emails can sometimes arrive several minutes after an anomaly is detected.

App code

EventGridController.cs

Relevant portions of the app files are shown below. Line numbers are included for reference only and include a two-character prefix that denotes the specific file to which they belong.

LoginEvent.cs

Relevant portions of the app files are shown below. Line numbers are included for reference only and include a two-character prefix that denotes the specific file to which they belong.

You need to meet the scaling requirements for Policy Service.

What should you store in Azure Redis Cache?

4. DRAG DROP

You need to add code at line EG15 in EventGndControllef.es to ensure that the tag policy applies to all services.

How should you complete the code? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all. You may need to drag the Split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

5. You need to resolve a notification latency issue.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

6. You need to ensure that the solution can meet the scaling requirements for Policy Service.

Which Azure Application Insights data model should you use?

7. You need to ensure that the Policy service can implement the policy actions.

Which code segment should you insert at line EG07 in EventGridController.cs?

8. Topic 3, Case Study: 3

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.

The Montreal office has 2.000 employees. The Seattle office has 1,000 employees- The New York office has 200 employees.

AH the resources used by Contoso are hosted on-premises.

Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named contoso.onmicrosoftc.om. The tenant uses the PI pricing tier.

Existing Environment

The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone.

Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.

Contoso.com contains a user named User 1.

AJI the offices connect by using private links.

Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.

All infrastructure servers are virtualized. The visualization environment contains the servers in the following table.

Contoso uses two web applications named App1 and App2. Each instance on each web application requires 1 GB of memory. The Azure subscription contains the resources in the following table.

The network security team implements several network security groups (NSGs)

Planned Changes

Contoso plans to implement the following changes:

• Deploy Azure ExpressRoute to the Montreal office.

• Migrate the virtual machines hosted on Server1 and Server2 to Azure.

• Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).

• Migrate App1 and App2 to two Azure web apps named WebApp1and WebApp2.

Technical Requirements

Contoso must meet the following technical requirements:

• Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.

• Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.

• Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.

• Enable Azure Multi-Factor Authentication (MFA) for the users in the finance department only.

• Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.contoso.com.

• Connect the New York office to VNet1 over the Internet by using an encrypted connection

• Create a workflow to send an email message when the settings of VM4 are modified.

• Create a custom Azure role named Role1 that is based on the Reader role

• Minimize costs whenever possible.

6 HOTSPOT

You need to implement Role1.

Which command should you run before you create Role1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection « worth one point.

9. You need to meet the technical requirement for VM4.

What should you create and configure?

10. HOTSPOT

You need to meet the connection requirements for the New York office.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

11. Topic 4, Case Study: 4

Overview

Existing Environment

A . Datum Corporation is a financial company that has two main offices in New York and Los Angeles. A. Datum has a subsidiary named Fabrikam, Inc that share, Los Angeles office.

A . Datum is conducting an initial deployment. of Azure services to host new line-of business applications and is preparing to migrate its existing on-premises workloads to Azure.

A Datum uses Microsoft Exchange Online (or email

On-Premises Environment

The on-premises workloads run on virtual machines hosted in a VMware vSphere 6 infrastructure.

All the virtual machines and members of an Active Directory forest named adatum.com and run Windows Server 2016.

The New York office uses an IP address space of 10.0.0.0/16 The Los Angeles office uses an IP address space of 10.10.0.0/16.

The offices connect by using a VPN provided by an ISP. Each office has one Azure ExpressRoute circuit that provides access to Azure services and Microsoft Online Services. Routing is implemented by using Microsoft peering.

The New York office has a virtual machine named VM1 that has the vSphere console installed.

Azure Environment

You provision the Azure infrastructure by using the Azure portal. The infrastructure contains the resources shown in the following table.

AG1 has two backend pools named Pool 11 and Pool12. AG2 has two backend pools named Pool21 and Pool22.

Requirements

Planned Changes

A. Datum plans to migrate the virtual machines from the New York office to the East US Azure rec-on by using Azure Site Recovery.

Infrastructure Requirements

A. Datum identifies the following infrastructure requirements:

• A new web app named App1 that will access third-parties for credit card processing must be deployed

• A newly developed API must be implemented as an Azure function named App2. App2 will use a blob storage trigger. App2 must process new blobs immediately.

• The Azure infrastructure and the on-premises infrastructure must be prepared for the migration of the VMware virtual machines to Azure.

• The sizes of the Azure virtual machines that will be used to migrate the on-premises workloads must be identified,

• All migrated and newly deployed Azure virtual machines must be joined to the adatum.com domain.

• AG1must load balance incoming traffic in the following manner

• http://corporate.adatum.com/video/* will be load balanced across Pool11.

• http://corporate.adatum.com/images/* will be load balanced across Pool 12.

• AG2 must load balance incoming traffic in the following manner.

• http://www.adatum.com will be load balanced across Pool21.

• http://www.fabnkam.com will be load balanced across Pool22.

• ERl must route traffic between the New York office and the platform as a service (PaaS) services in the East US Azure region, as long as ER1 is available.

• ER2 must route traffic between the Los Angeles office and the PaaS services in the West US region, as long as ER2 is available.

• ERl and ER2 must be configured to fail over automatically

Application Requirements

App2 must be able to connect directly to the private IP addresses of the Azure virtual machines. App2 will be deployed directly to an Azure virtual network.

Inbound and outbound communications to App1 must be controlled by using NSGs.

Pricing Requirements

A . Datum identities the following pricing requirements:

• The cost of App1 and App2 must be minimized.

• The transactional charges of Azure Storage accounts must be minimized.

9 DRAG DROP

You need to configure the Azure ExpressRoute circuits.

How should you configure Azure ExpressRoute routing? To answer, drag the appropriate configurations to the correct locations. Each Configuration may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content

NOTE: Each correct selection is worth one point.

12. You need to configure AG1.

What should you create?

13. HOTSPOT

You need to implement App2 to meet the application requirements.

What should you include in the implementation? To answer, select the appropnate options in the answer area.

NOTE: Each correct selection is worth one point.

14. DRAG DROP

You need to prepare the New York office infrastructure for the migration of the on-premises virtual machines to Azure.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

15. Topic 5, Mix Questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals.

Some question sets might have more than on correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription. Adatum contains a group named Developers. Subscription 1 contains a resource group named Dev.

You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.

Solution; On Dev. you assign the Logic App Contributor role to the Developers group.

Does this meet the goal?

16. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals.

Some question sets might have more than on correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription1 named Subscription1. Adatum contains a group named Developers. Subscnpbon1 contains a resource group named Dev.

You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.

Solution: On Subscription1, you assign the logic App Operator role to the Developers group.

Does this meet the goal?

17. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals.

Some question sets might have more than on correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription 1. Adatum contains a group named Developers. Subscription1 contains a resource group named Dev.

You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.

Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group.

Does this meet the goal?

18. You have the following resource groups:

Developers must connect to Dev Server only through Dev Workstation. To maintain security, Dev Server must not accept connections from the internet. You need to create a private connection between the Dev Workstation and Dev Server.

Dev Workstation using their private IP addresses.

Does the solution meet the goal?

19. You have the following resource groups:

Developers must connect to Dev Server only through Dev Workstation. To maintain security, DevS erver must not accept connections from the internet. You need to create a private connection between the Dev Workstation and Dev St Solution: Configure an IP address on each subnet within the same address space.

Does the solution meet the goal?

20. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution.

Determine whether the solution meets the stated goals.

You have the following resource groups:

Developers must connect to DevServer only through DevWorkstation. To maintain security, DevServer must not accept connections from the internet.

You need to create a private connection between the DevWokstation and DevServer.

Solution: Configure a public IP address on DevServer_WestCentral. Configure the Network Security Group to allow all incoming ports.

Does the solution meet the goal?

21. DRAG DROP

You are developing a Docker/Go using Azure App Service Web App for Containers. You plan to run the container in an App Service on Linux. You identify a Docker container image to use.

None of your current resource groups reside in a location that supports Linux. You must minimize the number of resource groups. You need to create the application and perform an initial deployment required.

Which three Azure CLI commands should you use to develop the solution? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.

22. You plan to develop an Azure Stream Analytics job that ingests streaming data from legacy, SaaS, and cloud applications. The data will be u data analysis.

You need to select Azure resources to handle the data input and output for the solution

Which resources should you use?

23. HOTSPOT

You develop software solutions for a web services company. You have the following code. (Line numbers are for reference only.)

You need to implement an immediate response customer support solution for the company's website. For each of the following statements, select, Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

24. You have an Azure subscription.

You have 100 Azure virtual machines.

You need to quickly identify underutilized virtual machines that can have their changed to a less expensive offering.

Which Wade should you use?

25. You have an Azure subscription that contains a virtual network named VNet1. VNet1 has two subnets named Subnet1 and Subnet2. VNet1 is in the West Europe Azure region. The subscription contains the virtual machines in the following table.

You need to deploy an application gateway named AppGW1 to VNet1.

What should you do first?

26. You have an Azure subscription.

You have an on-premises virtual machine named VM1. The settings for VM1 are shown in the exhibit. (Click the Exhibit tab.)

You need to ensure that you can use the disks attached to VM1 as a template for Azure virtual machines.

What should you modify on VM1?

27. DRAG DROP

You are developing a rating service for books that runs on Azure Service Fabric. One of the services uses reliable collections that update the ratings of a book.

Testers report that the ratings are not updated when the code is run.

You need to implement the code to ensure that ratings are updated in the collection.

You have the following class:

How should you complete the code? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point

28. HOTSPOT

You create a virtual machine scale set named Scale1. Scale1 is configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

29. DRAG DROP

You develop an IoT solution by using Nodejs. The solution is ready to deploy to the production environment.

You must implement the device twin capabilities of Azure IoT Hub. You must register a sensor named Sensor00. The IoT Hub name is Hub01.

You need to register the endpoint with ContosoHub01 so that you can configure them from your solution.

Which four commands should you use to develop the solution? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.

30. HOTSPOT

You are creating a CU script that creates an Azure web app and related services in Azure App Service. The web app uses the following variables:

You need to automatically deploy code from GitHub to the newly created web app.

How should you complete the script? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

31. DRAG DROP

You are developing a stateful service to deploy lo Azure Service Fabric. You plan to implement the RunAsync method.

You need to implement the methods to interface with an instance of the IReliable dictionary interface to increment a count each time the service is called- The first time the service is called, you must initialize the count to 1 if it does not yet exist and then update it by one each time it is called.

Which three methods should you run in sequence? To answer, move the appropriate methods from the list of methods to the answer area and arrange them in the correct order.

32. You have an Azure Active Directory (Azure AD) tenant named contosodoud.onmicrosoft.com.

Your company has a public DNS zone for contoso.com.

You add contoso.com as a custom domain name to Azure AD

You need to ensure that Azure can verify the domain name.

Which type of DNS record should you create?