New AZ-301 Microsoft Azure Architect Design Exam Questions

1. Topic 1, Case Study A

Overview:

Existing Environment

Active Directory Environment:

The network contains two Active Directory forests named corp.fabnkam.com and rd.fabrikam.com. There are no trust relationships between the forests. Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication. Rd.fabrikam.com is used by the research and development (R&D) department only.

Network Infrastructure:

Each office contains at least one domain controller from the corp.fabrikam.com domain. The main office contains all the domain controllers for the rd.fabrikam.com forest.

All the offices have a high-speed connection to the Internet.

An existing application named WebApp1 is hosted in the data center of the London office. WebApp1 is used by customers to place and track orders. WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.

The IT department currently uses a separate Hyper-V environment to test updates to WebApp1.

Fabrikam purchases all Microsoft licenses through a Microsoft Enterprise Agreement that includes Software Assurance.

Problem Statement:

The use of Web App1 is unpredictable. At peak times, users often report delays. Al other times, many resources for WebApp1 are underutilized.

Requirements:

Planned Changes:

Fabrikam plans to move most of its production workloads to Azure during the next few years.

As one of its first projects, the company plans to establish a hybrid identity model, facilitating an upcoming Microsoft Office 365 deployment All R&D operations will remain on-premises. Fabrikam plans to migrate the production and test instances of WebApp1 to Azure.

Technical Requirements:

Fabrikam identifies the following technical requirements:

- Web site content must be easily updated from a single point.

- User input must be minimized when provisioning new app instances.

- Whenever possible, existing on premises licenses must be used to reduce cost.

- Users must always authenticate by using their corp.fabrikam.com UPN identity.

- Any new deployments to Azure must be redundant in case an Azure region fails.

- Whenever possible, solutions must be deployed to Azure by using platform as a service (PaaS).

- An email distribution group named IT Support must be notified of any issues relating to the directory synchronization services.

- Directory synchronization between Azure Active Directory (Azure AD) and corp.fabhkam.com must not be affected by a link failure between Azure and the on premises network.

Database Requirements:

Fabrikam identifies the following database requirements:

- Database metrics for the production instance of WebApp1 must be available for analysis so that database administrators can optimize the performance settings.

- To avoid disrupting customer access, database downtime must be minimized when databases are migrated.

- Database backups must be retained for a minimum of seven years to meet compliance requirement

Security Requirements:

Fabrikam identifies the following security requirements:

- Company information including policies, templates, and data must be inaccessible to anyone outside the company

- Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails. *Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials.

- All administrative access to the Azure portal must be secured by using multi-factor authentication.

- The testing of WebApp1 updates must not be visible to anyone outside the company.

HOTSPOT

To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

2. You need to recommend a data storage strategy for WebApp1.

What should you include in in the recommendation?

3. You need to recommend a strategy for migrating the database content of WebApp1 to Azure.

What should you include in the recommendation?

4. You need to recommend a strategy for the web tier of WebApp1. The solution must minimize What should you recommend?

5. HOTSPOT

You design a solution for the web tier of WebApp1 as shown in the exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

6. You need to recommend a solution to meet the database retention requirement.

What should you recommend?

7. What should you include in the identity management strategy to support the planned changes?

8. HOTSPOT

You are evaluating the components of the migration to Azure that require you to provision an Azure Storage account.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

9. You need to recommend a notification solution for the IT Support distribution group.

What should you include in the recommendation?

10. Topic 2, Case Study B

Overview

Contoso,Ltd is a US-base finance service company that has a main office New York and an office in San Francisco.

Payment Processing Query System

Contoso hosts a business critical payment processing system in its New York data center. The system has three tiers a front-end web app a middle -tier API and a back end data store implemented as a Microsoft SQL Server 2014 database All servers run Windows Server 2012 R2.

The front -end and middle net components are hosted by using Microsoft Internet Inform-non Services (IK) The application rode is written in C# and middle- tier API uses the Entity framework to communicate the SQL Server database. Maintenance of the database e performed by using SQL Server Ago-

The database is currently J IB and is not expected to grow beyond 3 TB.

The payment processing system has the following compliance related requirement

• Encrypt data in transit and at test. Only the front-end and middle-tier components must be able to access the encryption keys that protect the date store.

• Keep backups of the two separate physical locations that are at last 200 miles apart and can be restored for op to seven years.

• Support blocking inbound and outbound traffic based on the source IP address, the description IP address, and the port number

• Collect Windows security logs from all the middle-tier servers and retain the log for a period of seven years,

• Inspect inbound and outbound traffic from the from-end tier by using highly available network appliances.

• Only allow all access to all the tiers from the internal network of Contoso.

Tape backups ate configured by using an on-premises deployment or Microsoft System Center Data protection Manager (DPMX and then shaped ofsite for long term storage

Historical Transaction Query System

Contoso recently migrate a business-Critical workload to Azure. The workload contains a NET web server for querying the historical transaction data residing in azure Table Storage. The NET service is accessible from a client app that was developed in-house and on the client computer in the New Your office. The data in the storage is 50 GB and is not except to increase.

Information Security Requirement

The IT security team wants to ensure that identity management n performed by using Active Directory. Password hashes must be stored on premises only.

Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger multi-factor authentication prompt automatically Legitimate users must be able to authenticate successfully by using multi-factor authentication.

Planned Changes

Contoso plans to implement the following changes:

• Migrate the payment processing system to Azure.

• Migrate the historical transaction data to Azure Cosmos DB to address the performance issues.

Migration Requirements

Contoso identifies the following general migration requirements:

Infrastructure services must remain available if a region or a data center fails.

Failover must occur without any administrative intervention

• Whenever possible. Azure managed serves must be used to management overhead

• Whenever possible, costs must be minimized.

Contoso identifies the following requirements for the payment processing system:

• If a data center fails, ensure that the payment processing system remains available without any administrative intervention. The middle-tier and the web front end must continue to operate without any additional configurations-

• If that the number of compute nodes of the from -end and the middle tiers of the payment processing system can increase or decrease automatically based on CPU utilization.

• Ensure that each tier of the payment processing system is subject to a Service level Agreement (SLA) of 9959 percent availability

• Minimize the effort required to modify the middle tier API and the back-end tier of the payment processing system.

• Generate alerts when unauthorized login attempts occur on the middle-tier virtual machines.

• Insure that the payment processing system preserves its current compliance status.

• Host the middle tier of the payment processing system on a virtual machine.

Contoso identifies the following requirements for the historical transaction query system:

• Minimize the use of on-premises infrastructure service.

• Minimize the effort required to modify the .NET web service querying Azure Cosmos DB.

• If a region fails, ensure that the historical transaction query system remains available without any administrative intervention.

Current Issue

The Contoso IT team discovers poor performance of the historical transaction query as the queries frequently cause table scans.

Information Security Requirements

The IT security team wants to ensure that identity management is performed by using Active Directory. Password hashes must be stored on-premises only.

Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger a multi-factor authentication prompt automatically. legitimate users must be able to authenticate successfully by using multi-factor authentication.

CORRECT TEXT

You need to recommend a backup solution for the data store of the payment processing.

What should you include in the recommendation?

11. You need to recommend a solution for protecting the content of the back-end tier of the payment processing system.

What should you include in the recommendations?

12. HOTSPOT

You need to recommend a solution for the user at Contoso to authenticate to the cloud-based

sconces and the Azure AD-integrated application.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

13. HOTSPOT

You need to recommend a solution for data of the historical transaction query system.

What should you include in the recommendation? To answer, Select the appropriate or options in the answer area. NOTE: Each correct selection is worth one point

14. You need to recommend a solution for the network configuration of the front-end tier of the payment processing.

What should you include in the recommendation?

15. You need to recommend a solution for the collection of security logs the middle tier of the payment processing system.

What should you include in the recommendation?

16. You need to recommend a high-availability solution for the middle tier of the payment processing system.

What should you include in the recommendation?

17. HOTSPOT

You need to recommend a solution for configuring the Azure Multi-Factor Authentication (MFA) settings.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

18. HOTSPOT

You need to design a solution for securing access to the historical transaction data.

What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

19. You need to recommend a solution for implementing the back-end tier of the payment processing system in Azure.

What should you include in the recommendation?

20. You need to recommend a disaster recovery solution for the back-end tier of the payment processing system.

What should you include in the recommendation?

21. You need to recommend a compute solution for the middle tier of the payment processing system.

What should you include in the recommendation?

22. You need to recommend a solution for protecting the content of the payment processing system.

What should you include in the recommendation?

23. HOTSPOT

You need to recommend a solution for the data store of the historical transaction query system.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

24. Topic 3, Mix Questions

You need to deploy resources to host a stateless web app in an Azure subscription.

The solution must meet the following requirements:

- Provide access to the full .NET framework.

- Provide redundancy if an Azure region fails.

- Grant administrators access to the operating system to install custom application dependencies.

Solution: You deploy a web app in an Isolated App Service plan.

Does this meet the goal?

25. You need to deploy resources to host a stateless web app in an Azure subscription.

The solution must meet the following requirements:

- Provide access to the full .NET framework.

- Provide redundancy if an Azure region fails.

- Grant administrators access to the operating system to install custom application dependencies.

Solution: You deploy a virtual machine scale set that uses autoscaling.

Does this meet the goal?

26. You need to deploy resources to host a stateless web app in an Azure subscription.

The solution must meet the following requirements:

- Provide access to the full .NET framework.

- Provide redundancy if an Azure region fails.

- Grant administrators access to the operating system to install custom application dependencies.

Solution: You deploy an Azure virtual machine to two Azure regions, and you deploy an Azure Application Gateway.

Does this meet the goal?

27. You are designing an Azure solution for a company that wants to move a .NET Core web application an on-premises data center to Azure. The web application relies on a Microsoft SQL Server 2016 database on Windows Server 2016. The database server will not move to Azure.

A separate networking team is responsible for configuring network permissions.

The company uses Azure ExpressRoute and has an ExpressRoute gateway connected to an Azure virtual network named VNET1. You need to recommend a solution for deploying the web application.

Solution: Deploy the web application to a web app hosted in a Premium App Service plan.

Does this meet the goal?

28. You are designing an Azure solution for a company that wants to move a .NET Core web application an on-premises data center to Azure. The web application relies on a Microsoft SQL Server 2016 database on Windows Server 2016. The database server will not move to Azure.

A separate networking team is responsible for configuring network permissions.

The company uses Azure ExpressRoute and has an ExpressRoute gateway connected to an Azure virtual network named VNET1.

You need to recommend a solution for deploying the web application.

Solution: Deploy the web application to a web app hosted in an Isolated App Service plan on VNET1.

Does this meet the goal?

29. You are designing an Azure solution for a company that wants to move a .NET Core web application an on-premises data center to Azure. The web application relies on a Microsoft SQL Server 2016 database on Windows Server 2016. The database server will not move to Azure.

A separate networking team is responsible for configuring network permissions.

The company uses Azure ExpressRoute and has an ExpressRoute gateway connected to an Azure virtual network named VNET1.

You need to recommend a solution for deploying the web application.

Solution: Solution: Deploy the web application by using an Azure Kubernetes Service (AKS) container on VNET1

Does this meet the goal?

30. HOTSPOT

You have 20 Azure virtual machines that run windows Server 2016 based on a custom virtual machine image. Each virtual machine an instance of a VSS-capable app that was developed in­house. Each instance is accessed by public endpoint. Each instance separate database. The average database size is 200 GB.

You need to design a disaster recovery solution for individual instances.

- Provide a recovery objective time object (RTO] of six hours.

- Provide a recovery point objective (RPO) at eight hours.

- Support recovery to a different Azure region.

- Support VSS- based backups.

- Minimize VSS-based backups.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

31. DRAG DROP

Your company identifies the following business continuity and disaster recovery objectives for virtual machines that host sales, finance, and reporting application in the company's on-premises data center.

The finance application requires that data be retained for seven years. In the event ot a disaster, the application must be able to run from Azure. The recovery in objective (RTO) is 10 minutes,

The reporting application must be able to recover point in-time data al a daily granularity. The RTO is eight hours.

The sales application must be able to fail over to second on-premises data center.

You need to recommend which Azure services meet the business community and disaster recovery objectives. The solution must minimize costs.

What should you recommend for each application? To answer, drag the appropriate services to the correct application. Each service may be used owe. More than once not at an You may need to drag the spin bar between panes or scroll 10 view content.

32. You plan to deploy a payroll system to Azure. The payroll system will use Azure virtual machines that run SUSE Linux Enterprise Server and Windows.

You need to recommend a business continuity solution for the payroll system.

The solution must meet the following requirements:

- Minimize costs.

- Provide business continuity if an Azure region fails.

- Provide a recovery time objective (RTO) of 30 minutes.

- Provide a recovery point objective (RPO) of five minutes.

What should you include in the recommendation?

33. The accounting department at your company migrates to new financial accounting software. The accounting department must keep file-based database backups for years for compliances purposes. It is unlikely that the backup will be used to recover data.

You need to more the backups to Azure. The solution must minimize costs.

Where should store the backups?

34. You have an Azure subscription for used for testing and development purposes only. The subscription contains Azure virtual machines that unmanaged, standard hard disk drives (HDD).

You need to recommend a recovery strategy for the virtual machines if an Azure region fails for a sustained period. The recovery time objective WTO) can be up to seven days. The solution must minimize costs.

What should you include in the recommendation?

35. HOTSPOT

You plan to deploy the backup shown in the following exhibit.

Use the drop-down to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

36. HOTSPOT

You have the application architecture shown in the following exhibit.

Use the drop-down menus to select choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

37. HOTSPOT

You are designing an Azure we app. You plan to deploy the web app to the Europe Azure region and the West Europe region. You need to recommend a solution for the web app. The solution must the following requirements: Users must always access the web app form the North region, unless the region fails. The web app must be available to users if an Azure region is unavailable.

Deployment costs must be minimized.

What should you include in the recommendation? To answer, select the appropriate options in the area.

NOTE: Each correct selection is worth one point.

38. HOTSPOT

You deploy Azure service by using Azure Resources Manager templates. The template reference secrets are stored in Azure key Vault.

You need to recommend a solution for accessing the secrets during deployments. The solution must prevent the users who are performing the deployments from accessing the secrets in the key vault directly.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

39. DRAG DROP

You have an Azure Active Directory (Azure AD) tenant. All user accounts are synchronized from an onpermises Directory and are configured for federated authentication. Active Directopry Federation Services (AD FS) servers are published for external connnection by using a farm Application proxy servers.

You need to recommend a solution to monitor the servers that integrate with Azure AD.

The solution must meet the following requirements:

- Identify any AD FS issue and their potential resolutions.

- Identify any directory synchronization configuration issues and their potential resolutions.

Notify administrations when there are any issue affecting directory synchronization or AD FS operations.

Which monitoring solution should you recommend for each server type? To answer, drag the appropriate monitoring solution to the correct types. Each monitoring solution may be used once, than once, or not at all. You may need to drag the split bar between panes scroll to view content.

NOTE: Each correct selection is worth one point.

40. Your network contains an on-premises Active Directory forest.

You discover that when users change jobs within your company, the membership of the user group are not updated. As a result the users can resources that are no longer relevant to their job. You plan to integrate Active Directory and Azure Active Directory (Azure AD) by using Azure AD Connect.

You need to recommend a solution to ensure that group owners are emailed monthly m** the group membership they manage.

What should you include in the recommendation?

41. DRAG DROP

You need to design an architecture to capture the creation of users and the assignment of roles. The captured data must be stored in Azure Cosmos DB.

Which Azure services should you include in the design? To answer, drag the appropriate services to the correct targets. Each service may be used once. more than once, or not at all. You need to drag the split bar between panes or scroll to view content. NOTE. Each correct selection worth one point.

42. DRAG DROP

A company named Contoso, Ltd. has an Azure Active Directory (Azure AD) tenant that uses the BAsic license.

You plan t deploy two applications to Azure.

The application has the requirements shown in the following table.

Which authentication Strategy should you recommend for each application? To answer, drag the appropriate authentication strategies to the correct applications. Each authentication strategy may

be used once more than once, or not at all. You may need to drag the split bar between panes or scroll to view content NOTE: Each correct selection is worth one point.

43. You have an Azure subscription that contains a custom application named Application was developed by an external company named fabric, Ltd. Developers at Fabrikam were assigned role-based access control (RBAV) permissions to the Application components. All users are licensed for the Microsoft 365 E5 plan.

You need to recommends a solution to verify whether the Faricak developers still require permissions to Application1.

The solution must the following requirements.

* To the manager of the developers, send a monthly email message that lists the access permissions to Application1.

* If the manager does not verify access permission, automatically revoke that permission.

* Minimize development effort.

What should you recommend?

44. HOTSPOT

You configure OAuth 2 authorization in API Management as shown in the exhibit.

Use the drop-domain to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

45. You manage a single-domain, on-premises Active Directory for named contoso.com. The forest functional level is window Server 2016. You have several on-premises applications that depend on Active Directory.

You plan to migrate the applications to Azure. You need to recommend an identity solution for the application.

The solution must meet the following requirements:

• Eliminate the need for hybrid network connectivity

• Minimize management overhead for Active Directory.

What should you recommend?

46. You have an on premises Active Directory forest and an Azure Active Directory Azure AD) tenant. All Azure AD users are assigned a Premium P1 license.

You deploy Azure AD Conned

Which two features ate available m this environment that can reduce operational overhead tot your company’s help desk? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point

47. You are planning to deploy an application by using the Azure Kubermets Services (AKS)> the application will reedy on having access to an encryption key that will be used to ... transmit files

What should you use to provides the encryption key AKS security?

48. You store web access logs data in Azure Blob storage.

You plan to generate monthly reports from the access logs.

You need to recommend an automated process to upload the data to Azure SQL Database every month.

What should you include in the recommendation?

49. Your development team plans to use an Azure subcription to test new applications. The application will reside on Azure virtual machines. The developers will be responsible for managing the subscription shared resources will be used by more than one appliacation.

You need to recommend a deplyment solution that meets the following requirements:

- Minimize administration effort for the develops

- Ensures that the testing environment can be recreated consistently

- Ensures that the testing cycle is complete, all the resources, except for the shared resources associated to each application are deleted

What should you include in the recommendation?

50. HOTSPOT

Your company develops a web service that is deployed to at, Azure virtual machine named VM1 the web service allows an API to access real- time data from VM1.

The current virtual machine deployment is shown in the Deployment exhibit. (Click the Deployment tab).

The chief technology officer (CTO) sends you the following email message: "Our developers have deployed the web service to a virtual machine named WL Testing has shown that the API i accessible from VM1 and VM? Our partners must be able to connect to the API over the Internet Partners will me this data in applications that they develop:

You deploy an Azure API Management service. The relevant API Management configuration is shown m the API ambit. Click the API tab).

For each of the following statements, select. Yes if the statement is true. Otherwise. select No.

NOTE: Each correct selection is worth one point.

51. You plan to deploy an API by using Azure API Management.

You need to recommend a solution to protect the API from a distribute derail of service (DDoS) attack.

What should you recommend/

52. You plan to deploy 200 Microsoft SQL Server databases to Azure by using SQL Database and Azure SQL Database Managed Instance.

You need to recommend a monitoring solution that provides a consistent monitoring approach for all deployments. The solution must meet the following requirements: Support current-state analysis on metrics collected near -real-time multiple times per minutes and maintained for up to one hour.

Support longer term analysis based on metrics collected multiple timer per hour and maintained for up two weeks.

Support monitoring of the number of concurrent logins and concurrent sessions.

What should you include in the recommendation?

53. HOTSPOT

You configure the Diagnostics settings for an Azure SQL database as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on. The information presented in the graphic.

NOTE: Each coned selection is worth one point.

54. You have an Azure Contoso DB account named Account1 that has one write region and four read regions.

You need to recommend a solution to ensure that, by default, any reads containers in Account1 will never see out writes. The solution must minimize costs.

What should you recommend?