Updated AZ-304 Dumps For Microsoft Azure Architect Design Exam

1. Topic 1, Fabrikam, inc Case Study A



Overview:

Existing Environment

Fabrikam, Inc. is an engineering company that has offices throughout Europe. The company has a main office in London and three branch offices in Amsterdam Berlin, and Rome.



Active Directory Environment:

The network contains two Active Directory forests named corp.fabnkam.com and rd.fabrikam.com. There are no trust relationships between the forests. Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication. Rd.fabrikam.com is used by the research and development (R&D) department only.



Network Infrastructure:

Each office contains at least one domain controller from the corp.fabrikam.com domain. The main office contains all the domain controllers for the rd.fabrikam.com forest.

All the offices have a high-speed connection to the Internet.

An existing application named WebApp1 is hosted in the data center of the London office. WebApp1 is used by customers to place and track orders. WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.

The IT department currently uses a separate Hyper-V environment to test updates to WebApp1.

Fabrikam purchases all Microsoft licenses through a Microsoft Enterprise Agreement that includes Software Assurance.



Problem Statement:

The use of Web App1 is unpredictable. At peak times, users often report delays. Al other times, many resources for WebApp1 are underutilized.



Requirements:

Planned Changes:

Fabrikam plans to move most of its production workloads to Azure during the next few years.

As one of its first projects, the company plans to establish a hybrid identity model, facilitating an upcoming Microsoft Office 365 deployment

All R&D operations will remain on-premises.

Fabrikam plans to migrate the production and test instances of WebApp1 to Azure.



Technical Requirements:

Fabrikam identifies the following technical requirements:

• Web site content must be easily updated from a single point.

• User input must be minimized when provisioning new app instances.

• Whenever possible, existing on premises licenses must be used to reduce cost.

• Users must always authenticate by using their corp.fabrikam.com UPN identity.

• Any new deployments to Azure must be redundant in case an Azure region fails.

• Whenever possible, solutions must be deployed to Azure by using platform as a service (PaaS).

• An email distribution group named IT Support must be notified of any issues relating to the directory synchronization services.

• Directory synchronization between Azure Active Directory (Azure AD) and corp.fabhkam.com must not be affected by a link failure between Azure and the on premises network.



Database Requirements:

Fabrikam identifies the following database requirements:

• Database metrics for the production instance of WebApp1 must be available for analysis so that database administrators can optimize the performance settings.

• To avoid disrupting customer access, database downtime must be minimized when databases are migrated.

• Database backups must be retained for a minimum of seven years to meet compliance requirement



Security Requirements:

Fabrikam identifies the following security requirements:

* Company information including policies, templates, and data must be inaccessible to anyone outside the company

* Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.

* Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials.

* All administrative access to the Azure portal must be secured by using multi-factor authentication.

* The testing of WebApp1 updates must not be visible to anyone outside the company.



You need to recommend a notification solution for the IT Support distribution group.

What should you include in the recommendation?

2. What should you include in the identity management strategy to support the planned changes?

3. You need to recommend a strategy for migrating the database content of WebApp1 to Azure.

What should you include in the recommendation?

4. You need to recommend a solution to meet the database retention requirement.

What should you recommend?

5. You need to recommend a strategy for the web tier of WebApp1. The solution must minimize What should you recommend?

6. HOTSPOT

To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

7. HOTSPOT

You are evaluating the components of the migration to Azure that require you to provision an Azure Storage account.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

8. HOTSPOT

You design a solution for the web tier of WebApp1 as shown in the exhibit.





For each of the following statements, select Yes if the statement is true. Otherwise, select No.

9. You need to recommend a data storage strategy for WebApp1.

What should you include in in the recommendation?

10. Topic 2, Contoso, Ltd Case Study B



Overview

Contoso,Ltd is a US-base finance service company that has a main office New York and an office in San Francisco.



Payment Processing Query System

Contoso hosts a business critical payment processing system in its New York data center. The system has three tiers a front-end web app a middle -tier API and a back end data store implemented as a Microsoft SQL Server 2014 database All servers run Windows Server 2012 R2.

The front -end and middle net components are hosted by using Microsoft Internet Inform-non Services (IK) The application rode is written in C# and middle- tier API uses the Entity framework to communicate the SQL Server database. Maintenance of the database e performed by using SQL Server Ago-

The database is currently J IB and is not expected to grow beyond 3 TB.



The payment processing system has the following compliance related requirement

• Encrypt data in transit and at test. Only the front-end and middle-tier components must be able to access the encryption keys that protect the date store.

• Keep backups of the two separate physical locations that are at last 200 miles apart and can be restored for op to seven years.

• Support blocking inbound and outbound traffic based on the source IP address, the description IP address, and the port number

• Collect Windows security logs from all the middle-tier servers and retain the log for a period of seven years,

• Inspect inbound and outbound traffic from the from-end tier by using highly available network appliances.

• Only allow all access to all the tiers from the internal network of Contoso.

Tape backups ate configured by using an on-premises deployment or Microsoft System Center Data protection Manager (DPMX and then shaped ofsite for long term storage



Historical Transaction Query System

Contoso recently migrate a business-Critical workload to Azure. The workload contains a NET web server for querying the historical transaction data residing in azure Table Storage. The NET service is accessible from a client app that was developed in-house and on the client computer in the New Your office. The data in the storage is 50 GB and is not except to increase.



Information Security Requirement

The IT security team wants to ensure that identity management n performed by using Active Directory.

Password hashes must be stored on premises only.

Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger multi-factor authentication prompt automatically Legitimate users must be able to authenticate successfully by using multi-factor authentication.



Planned Changes

Contoso plans to implement the following changes:

* Migrate the payment processing system to Azure.

* Migrate the historical transaction data to Azure Cosmos DB to address the performance issues.



Migration Requirements

Contoso identifies the following general migration requirements:

Infrastructure services must remain available if a region or a data center fails. Failover must occur without any administrative intervention

• Whenever possible. Azure managed serves must be used to management overhead

• Whenever possible, costs must be minimized.



Contoso identifies the following requirements for the payment processing system:

• If a data center fails, ensure that the payment processing system remains available without any administrative intervention. The middle-tier and the web front end must continue to operate without any additional configurations-

• If that the number of compute nodes of the from -end and the middle tiers of the payment processing system can increase or decrease automatically based on CPU utilization.

• Ensure that each tier of the payment processing system is subject to a Service level Agreement (SLA) of 9959 percent availability

• Minimize the effort required to modify the middle tier API and the back-end tier of the payment processing system.

• Generate alerts when unauthorized login attempts occur on the middle-tier virtual machines.

• Insure that the payment processing system preserves its current compliance status.

• Host the middle tier of the payment processing system on a virtual machine.



Contoso identifies the following requirements for the historical transaction query system:

• Minimize the use of on-premises infrastructure service.

• Minimize the effort required to modify the .NET web service querying Azure Cosmos DB.

• If a region fails, ensure that the historical transaction query system remains available without any administrative intervention.



Current Issue

The Contoso IT team discovers poor performance of the historical transaction query as the queries frequently cause table scans.



Information Security Requirements

The IT security team wants to ensure that identity management is performed by using Active Directory.

Password hashes must be stored on-premises only.

Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger a multi-factor authentication prompt automatically. legitimate users must be able to authenticate successfully by using multi-factor authentication.



You need to recommend a solution for implementing the back-end tier of the payment processing system in Azure.

What should you include in the recommendation?

11. HOTSPOT

You need to recommend a solution for configuring the Azure Multi-Factor Authentication (MFA) settings.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

12. HOTSPOT

You need to recommend a solution for the users at Contoso to authenticate to the cloud-based services and the Azure AD-integrated applications.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

13. You need to recommend a compute solution for the middle tier of the payment processing system.

What should you include in the recommendation?

14. You need to recommend a solution for protecting the content of the payment processing system.

What should you include in the recommendation?

15. You need to recommend a solution for the collection of security logs the middle tier of the payment processing system.

What should you include in the recommendation?

16. You need to recommend a high-availability solution for the middle tier of the payment processing system.

What should you include in the recommendation?

17. You need to recommend a backup solution for the data store of the payment processing.

What should you include in the recommendation?

18. HOTSPOT

You need to design a solution for securing access to the historical transaction data.

What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

19. You need to recommend a solution for the network configuration of the front-end tier of the payment processing.

What should you include in the recommendation?

20. HOTSPOT

You need to recommend a solution for the user at Contoso to authenticate to the cloud-based sconces and the Azure AD-integrated application.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

21. HOTSPOT

You need to recommend a solution for the data store of the historical transaction query system.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

22. You need to recommend a disaster recovery solution for the back-end tier of the payment processing system.

What should you include in the recommendation?

23. You need to recommend a backup solution for the data store of the payment processing system.

What should you include in the recommendation?

24. HOTSPOT

You need to recommend a solution for data of the historical transaction query system.

What should you include in the recommendation? To answer, Select the appropriate or options in the answer area. NOTE: Each correct selection is worth one point.

25. You need to recommend a solution for protecting the content of the back-end tier of the payment processing system.

What should you include in the recommendations?

26. Topic 3, Misc Questions



HOTSPOT

Your company has 20 web APIs that were developed in-house.

The company is developing 10 web apps that will use the web APIs. The web apps and the APIs are registered in the company’s Azure Active Directory (Azure AD) tenant. The web APIs are published by using Azure API Management.

You need to recommend a solution to block unauthorized requests originating from the web apps from reaching the web APIs.

The solution must meet the following requirements:

- Use Azure AD-generated claims.

- Minimize configuration and management effort.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

27. HOTSPOT

You have the application architecture shown in the following exhibit.





Use the drop-down menus to select choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

28. HOTSPOT

You have an on-premises file server that stores 2 TB of data files.

You plan to move the data files to Azure Blob storage in the Central Europe region.

You need to recommend a storage account type to store the data files and a replication solution for the storage account.

The solution must meet the following requirements:

- Be available if a single Azure datacenter fails.

- Support storage tiers.

- Minimize cost.

What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

29. You need to deploy resources to host a stateless web app in an Azure subscription.

The solution must meet the following requirements:

• Provide access to the full .NET framework.

• Provide redundancy if an Azure region fails.

• Grant administrators access to the operating system to install custom application dependencies.

Solution: You deploy a web app in an Isolated App Service plan.

Does this meet the goal?

30. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution. while others might not have a correct solution.

After you answer a question In this section, you will NOT be able to return to it As a result these questions will not appear In the review screen.

You have an on-premises Hyper-V cluster that hosts 20 virtual machines Some virtual machines run Windows Server 2016 and some run Linux.

You plan to morale the virtual machine? to an Azure subscription

You need to recommend 9 solution 10 replicate the disks of the virtual machines to Azure. The solution must ensure that the virtual machines remain available during the migration of the disks.

Solution: You recommend implementing a Recovery Services vault and then using Azure Site Recovery.

Dees this meet the goal?

31. You need to design a solution that will execute custom C# code in response to an event routed to Azure Event Grid. The solution must meet the following requirements:

The executed code must be able to access the private IP address of a Microsoft SQL Server instance that runs on an Azure virtual machine.

Costs must be minimized.

What should you include in the solution?

32. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.

Several VMs are exhibiting network connectivity issues.

You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.

Solution: Use the Azure Advisor to analyze the network traffic.

Does the solution meet the goal?

33. HOTSPOT

You plan to deploy a network-intensive application to several Azure virtual machines.

You need to recommend a solution that meets the following requirements:

- Minimizes the use of the virtual machine processors to transfer data

- Minimizes network latency

Which virtual machine size and feature should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

34. HOTSPOT

Your company deploys several Linux and Windows virtual machines (VMs) to Azure. The VMs are deployed with the Microsoft Dependency Agent and the Log Analytics Agent installed by using Azure VM extensions. On-premises connectivity has been enabled by using Azure ExpressRoute.

You need to design a solution to monitor the VMs.

Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area. NOTE: Each correct selection is worth one point.

35. You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains two administrative user accounts named Admin1 and Admin2.

You create two Azure virtual machines named VM1 and VM2.

You need to ensure that Admin1 and Admin2 are notified when more than five events are added to the security log of VM1 or VM2 during a period of 120 seconds. The solution must minimize administrative tasks.

What should you create?

36. HOTSPOT

Your organization has developed and deployed several Azure App Service Web and API applications. The applications use Azure Key Vault to store several authentication, storage account, and data encryption keys.

Several departments have the following requests to support the applications:





You need to recommend the appropriate Azure service for each department request.

What should you recommend? To answer, configure the appropriate options in the dialog box in the answer area. NOTE: Each correct selection is worth one point.

37. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Storage v2 account named storage1.

You plan to archive data to storage1.

You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.

Solution: You create an Azure Blob storage container, and you configure a legal hold access policy.

Does this meet the goal?

38. Your network contains an on-premises Active Directory domain.

The domain contains the Hyper-V clusters shown in the following table.





You plan to implement Azure Site Recovery to protect six virtual machines running on Cluster1 and three virtual machines running on Cluster1 Virtual machines are running on all Cluster! and Cluster2 nodes.

You need to identify the minimum number of Azure Site Recovery Providers that must be installed on premises.

How many Providers should you identify?

39. You are developing a sales application that will contain several Azure cloud services and

will handle different components of a transaction. Different cloud services will process customer orders, billing, payment, inventory, and shipping.

You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using REST messages.

What should you include in the recommendation?

40. DRAG DROP

You are planning an Azure solution that will host production databases for a high-performance application.

The solution will include the following components:

- Two virtual machines that will run Microsoft SQL Server 2016, will be deployed to different data centers in the same Azure region, and will be part of an Always On availability group.

- SQL Server data that will be backed up by using the Automated Backup feature of the SQL Server IaaS Agent Extension (SQLIaaSExtension)

You identify the storage priorities for various data types as shown in the following table.





Which storage type should you recommend for each data type? To answer, drag the appropriate storage types to the correct data types. Each storage type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

41. You plan to deploy an API by using Azure API Management

You need to recommend a solution to protect the API from a distributed denial of service (DDoS) attack.

What should you recommend?

42. You store web access logs data in Azure Blob storage.

You plan to generate monthly reports from the access logs.

You need to recommend an automated process to upload the data to Azure SQL Database every month.

What should you include in the recommendation?

43. You are designing a data protection strategy for Azure virtual machines. All the virtual machines use managed disks.

You need to recommend a solution that meets the following requirements:

• The use of encryption keys is audited.

• All the data is encrypted at rest always.

• You manage the encryption keys, not Microsoft

What should you include in the recommendation?

44. HOTSPOT

You configure the Diagnostics settings for an Azure SQL database as shown in the following exhibit.





Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

45. You are designing an Azure resource deployment that will use Azure Resource Manager templates. The deployment will use Azure Key Vault to store secrets.

You need to recommend a solution to meet the following requirements:

Prevent the IT staff that will perform the deployment from retrieving the secrets directly from Key Vault.

Use the principle of least privilege.

Which two actions should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

46. You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager resource deployment in your subscription.

What should you include in the recommendation?

47. You are designing an order processing system in Azure that will contain the Azure resources shown in the following table.





The order processing system will have the following transaction flow:

- A customer will place an order by using App1.

- When the order is received, App1 will generate a message to check for product availability at vendor 1 and vendor 2.

- An integration component will process the message, and then trigger either Function1 or Function2 depending on the type of order.

- Once a vendor confirms the product availability, a status message for App1 will be generated by Function1 or Function2.

- All the steps of the transaction will be logged to storage1.

Which type of resource should you recommend for the integration component?

48. Your company plans to publish APIs for its services by using Azure API Management.

You discover that service responses include the AspNet-Version header.

You need to recommend a solution to remove AspNet-Version from the response of the published APIs.

What should you include in the recommendation?

49. DRAG DROP

A company has an existing web application that runs on virtual machines (VMs) in Azure.

You need to ensure that the application is protected from SQL injection attempts and uses a layer-7 load balancer. The solution must minimize disruption to the code for the existing web application.

What should you recommend? To answer, drag the appropriate values to the correct items. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

50. Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.

Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network.

You need to enable single sign-on (SSO) for company users.

Solution: Install and configure an Azure AD Connect server to use password hash synchronization and select the Enable single sign-on option.

Does the solution meet the goal?

51. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains a group named Group1. Group1 contains all the administrative user accounts.

You discover several login attempts to the Azure portal from countries where administrative users do NOT work.

You need to ensure that all login attempts to the Azure portal from those countries require Azure Multi-Factor Authentication (MFA).

Solution: Create an Access Review for Group1.

Does this solution meet the goal?

52. You have an Azure Active Directory (Azure AD) tenant and Windows 10 devices.

You configure a conditional access policy as shown in the exhibit. (Click the Exhibit tab.)





What is the result of the policy?

53. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it As a result, these questions will not appear In the review screen.

You have an on-premises Hyper-V cluster that hosts 20 virtual machines. Some virtual machines run Windows Server 2016 and some run Linux.

You plan to migrate the virtual machines to an Azure subscription.

You need to recommend a solution to replicate the disks of the virtual machines to Azure. The solution must ensure that the virtual machines remain available during the migration of the disks.

Solution: You recommend implementing an Azure Storage account and then running AzCopy.

Does this meet the goal?

54. You have an Azure subscription.

Your on-premises network contains a file server named Server1. Server 1 stores 5 TB of company files that are accessed rarely.

You plan to copy the files to Azure Storage.

You need to implement a storage solution for the files that meets the following requirements:

• The files must be available within 24 hours of being requested.

• Storage costs must be minimized.

Which two possible storage solutions achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

55. HOTSPOT

You plan to deploy the backup policy shown in the following exhibit.





Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

56. CORRECT TEXT

You have an Azure subscription named Subscription1 that is linked to a hybrid Azure Active Directory (Azure AD) tenant.

You have an on-premises datacenter that does NOT have a VPN connection to Subscription1. The datacenter contains a computer named Server1 that has Microsoft SQL Server 2016 installed. Server1 is prevented from accessing the internet

An Azure logic app named LogicApp1 requires write access to a database on Server1.

You need to recommend a solution to provide LogicApp1 with the ability to access Server1.

What should you recommend deploying on-premises and in Azure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

57. You have 70 TB of files on your on-premises file server.

You need to recommend solution for importing data to Azure. The solution must minimize cost.

What Azure service should you recommend?

58. You have an Azure Active Directory (Azure AD) tenant named Contoso.com. The tenant contains a group named Group1. Group1 contains all the administrator user accounts.

You discover several login attempts to the Azure portal from countries administrator users do NOT work.

You need to ensure that all login attempts to the portal from those countries require Azure Multi-Factor Authentication (MFA).

Solution: Implement Azure AD identity Protection for Group1.

Does this meet the goal?

59. Your company has several Azure subscriptions that are part of a Microsoft Enterprise Agreement.

The company's compliance team creates automatic alerts by using Azure Monitor.

You need to recommend a solution to automatically recreate the alerts in the new Azure subscriptions that are added to the Enterprise Agreement

What should you include in the recommendation?

60. Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.

Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network.

You need to enable single sign-on (SSO) for company users.

Solution: Configure an AD DS server in an Azure virtual machine (VM). Configure bidirectional replication.

Does the solution meet the goal?