Valid AZ-305 Dumps shared by PassLeader for Helping Passing AZ-305 Exam! PassLeader now offer the newest AZ-305 VCE dumps and AZ-305 PDF dumps, the PassLeader AZ-305 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader AZ-305 dumps with VCE and PDF here: https://www.passleader.com/az-305.html (353 Q&As Dumps)
BTW, DOWNLOAD part of PassLeader AZ-305 dumps from Cloud Storage: https://drive.google.com/drive/folders/1-_sQR2ramCLYzyq0_-oLFvWn1FqXmz1j
NEW QUESTION 326
Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service instances will be deployed at the same time as the Azure SQL databases. The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region. You need to recommend a solution to meet the regulatory requirement.
Solution: You recommend using an Azure Policy initiative to enforce the location of resource groups.
Does this meet the goal?
A. Yes
B. No
Answer: B
NEW QUESTION 327
You have an Azure subscription that contains 10 web apps. The apps are integrated with Azure AD and are accessed by users on different project teams. The users frequently move between projects. You need to recommend an access management solution for the web apps. The solution must meet the following requirements:
– The users must only have access to the app of the project to which they are assigned currently.
– Project managers must verify which users have access to their project’s app and remove users that are no longer assigned to their project.
– Once every 30 days, the project managers must be prompted automatically to verify which users are assigned to their projects.
What should you include in the recommendation?
A. Azure AD Identity Protection
B. Microsoft Defender for Identity
C. Microsoft Entra Permissions Management
D. Azure AD Identity Governance
Answer: D
Explanation:
Microsoft AD Identity Governance (now Microsoft Entra ID Governance) allows you to balance your organization’s need for security and employee productivity with the right processes and visibility. It provides you with capabilities to ensure that the right people have the right access to the right resources.
https://learn.microsoft.com/en-us/azure/active-directory/governance/identity-governance-overview
NEW QUESTION 328
You have an Azure subscription. The subscription contains a tiered app named App1 that is distributed across multiple containers hosted in Azure Container Instances. You need to deploy an Azure Monitor monitoring solution for App. The solution must meet the following requirements:
– Support using synthetic transaction monitoring to monitor traffic between the App1 components.
– Minimize development effort.
What should you include in the solution?
A. Network Insights
B. Application Insights
C. Container Insights
D. Log Analytics Workspace Insights
Answer: B
Explanation:
https://azure.microsoft.com/en-us/updates/generally-available-application-insights-synthetic-monitoring-sla-report-template/
NEW QUESTION 329
You have 12 Azure subscriptions and three projects. Each project uses resources across multiple subscriptions. You need to use Microsoft Cost Management to monitor costs on a per project basis. The solution must minimize administrative effort. Which two components should you include in the solution? (Each correct answer presents part of the solution. Choose two.)
A. Budgets.
B. Resource tags.
C. Custom role-based access control (RBAC) roles.
D. Management groups.
E. Azure boards.
Answer: AB
Explanation:
A few examples of what you can do in Cost Management include:
– Report on and analyze costs in the Azure portal, Microsoft 365 admin center, or Power BI.
– Monitor costs proactively with budget, anomaly, reservation utilization, and scheduled alerts.
– Enable tag inheritance and split shared costs with cost allocation rules.
– Automate business processes or integrate cost into external tools by exporting data.
Budgets in Cost Management help you plan for and drive organizational accountability. They help you proactively inform others about their spending to manage costs and monitor how spending progresses over time.
https://learn.microsoft.com/en-us/azure/cost-management-billing/cost-management-billing-overview
NEW QUESTION 330
You have the resources shown in the following table:
CDB1 hosts a container that stores continuously updated operational data. You are designing a solution that will use AS1 to analyze the operational data daily. You need to recommend a solution to analyze the data without affecting the performance of the operational data store. What should you include in the recommendation?
A. Azure Data Factory with Azure Cosmos DB and Azure Synapse Analytics connectors.
B. Azure Synapse Analytics with PolyBase data loading.
C. Azure Synapse Link for Azure Cosmos DB.
D. Azure Cosmos DB change feed.
Answer: C
Explanation:
Azure Synapse Link for Azure Cosmos DB is a cloud-native hybrid transactional and analytical processing (HTAP) capability that enables near real time analytics over operational data in Azure Cosmos DB. Azure Synapse Link creates a tight seamless integration between Azure Cosmos DB and Azure Synapse Analytics. It enables customers to run near real-time analytics over their operational data with full performance isolation from their transactional workloads and without an ETL pipeline.
https://learn.microsoft.com/en-us/azure/cosmos-db/synapse-link
NEW QUESTION 331
You plan to use an Azure Storage account to store data assets. You need to recommend a solution that meets the following requirements:
– Supports immutable storage.
– Disables anonymous access to the storage account.
– Supports access control list (ACL)-based Azure AD permissions.
What should you include in the recommendation?
A. Azure Files
B. Azure Data Lake Storage
C. Azure NetApp Files
D. Azure Blob Storage
Answer: B
Explanation:
In terms of supporting immutable storage, both Azure Data Lake storage and Azure Blob storage are correct. But ACL is supported by Azure Data Lake storage, not supported by Azure Blob storage.
https://learn.microsoft.com/en-us/azure/data-lake-store/data-lake-store-comparison-with-blob-storage
NEW QUESTION 332
You have an Azure subscription that contains the resources shown in the following table:
You need to recommend a load balancing solution that will distribute incoming traffic for VMSS1 across NVA1 and NVA2. The solution must minimize administrative effort. What should you include in the recommendation?
A. Gateway Load Balancer
B. Azure Front Door
C. Azure Application Gateway
D. Azure Traffic Manager
Answer: A
Explanation:
Gateway Load Balancer is a SKU of the Azure Load Balancer portfolio catered for high performance and high availability scenarios with third-party Network Virtual Appliances (NVAs). With the capabilities of Gateway Load Balancer, you can easily deploy, scale, and manage NVAs. Chaining a Gateway Load Balancer to your public endpoint only requires one selection.
NEW QUESTION 333
Your on-premises datacenter contains a server that runs Linux and hosts a Java app named App1. App1 has the following characteristics:
– App1 is an interactive app that users access by using HTTPS connections.
– The number of connections to App1 changes significantly throughout the day.
– App1 runs multiple concurrent instances.
– App1 requires major changes to run in a container.
You plan to migrate App1 to Azure. You need to recommend a compute solution for App1. The solution must meet the following requirements:
– The solution must run multiple instances of App1.
– The number of instances must be managed automatically depending on the load.
– Administrative effort must be minimized.
What should you include in the recommendation?
A. Azure Batch
B. Azure App Service
C. Azure Kubernetes Service (AKS)
D. Azure Virtual Machine Scale Sets
Answer: B
NEW QUESTION 334
You have an Azure subscription that contains an Azure Kubernetes Service (AKS) instance named AKS1. AKS1 hosts microservice-based APIs that are configured to listen on non-default HTTP ports. You plan to deploy a Standard tier Azure API Management instance named APIM1 that will make the APIs available to external users. You need to ensure that the AKS1 APIs are accessible to APIM1. The solution must meet the following requirements:
– Implement MTLS authentication between APIM1 and AKS1.
– Minimize development effort.
– Minimize costs.
What should you do?
A. Implement an external load balancer on AKS1.
B. Redeploy APIM1 to the virtual network that contains AKS1.
C. Implement an ExternalName service on AKS1.
D. Deploy an ingress controller to AKS1.
Answer: D
Explanation:
https://learn.microsoft.com/en-us/azure/api-management/api-management-kubernetes
NEW QUESTION 335
HotSpot
You have an Azure subscription that contains 50 Azure SQL databases. You create an Azure Resource Manager (ARM) template named Template1 that enables Transparent Data Encryption (TDE). You need to create an Azure Policy definition named Policy1 that will use Template1 to enable TDE for any noncompliant Azure SQL databases. How should you configure Policy1? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
DeployIfNotExists policy definition executes a template deployment when the condition is met. Policy assignments with effect set as DeployIfNotExists require a managed identity to do remediation.
https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effects#deployifnotexists
NEW QUESTION 336
HotSpot
You have an Azure subscription that contains multiple storage accounts. You assign Azure Policy definitions to the storage accounts. You need to recommend a solution to meet the following requirements:
– Trigger on-demand Azure Policy compliance scans.
– Raise Azure Monitor non-compliance alerts by querying logs collected by Log Analytics.
What should you recommend for each requirement? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
– To trigger the compliance scans, use Azure CLI.
An evaluation scan for a subscription or a resource group can be started with Azure CLI, Azure PowerShell, a call to the REST API, or by using the Azure Policy Compliance Scan GitHub Action. This scan is an asynchronous process. An evaluation scan for a subscription or a resource group can be started with Azure CLI, Azure PowerShell, a call to the REST API, or by using the Azure Policy Compliance Scan GitHub Action. This scan is an asynchronous process.
https://learn.microsoft.com/en-us/azure/governance/policy/how-to/get-compliance-data#on-demand-evaluation-scan
– To generate alerts, configure diagnostic settings for the Azure activity logs.
https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-new-alert-rule
NEW QUESTION 337
HotSpot
You have an Azure subscription. You plan to deploy five storage accounts that will store block blobs and five storage accounts that will host file shares. The file shares will be accessed by using the SMB protocol. You need to recommend an access authorization solution for the storage accounts. The solution must meet the following requirements:
– Maximize security.
– Prevent the use of shared keys.
– Whenever possible, support time-limited access.
What should you include in the solution? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
1. For the blobs – a user delegation SAS only. To maximize security it’s better to use a user delegation SAS. From docs: As a security best practice, we recommend that you use Azure AD credentials when possible, rather than the account key, which can be more easily compromised. When your application design requires shared access signatures, use Azure AD credentials to create a user delegation SAS to help ensure better security. This also prevents using shared keys & supports time-limited access. Note: user delegation SAS do not support stored access policies.
2. For the file shares – Azure AD credentials. It fulfills the requirement to maximize security (the most secure way recommended by Microsoft), but doesn’t support time-limited access, which is optional and has lower priority than security.
https://learn.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas
NEW QUESTION 338
HotSpot
You have an Azure subscription. The subscription contains an Azure SQL managed instance that stores employee details, including social security numbers and phone numbers. You need to configure the managed instance to meet the following requirements:
– The helpdesk team must see only the last four digits of an employee’s phone number.
– Cloud administrators must be prevented from seeing the employee’s social security numbers.
What should you enable for each column in the managed instance? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
– Dynamic data masking helps prevent unauthorized access to sensitive data by enabling customers to designate how much of the sensitive data to reveal with minimal effect on the application layer.
https://learn.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-overview
– Always Encrypted is a feature designed to protect sensitive data, such as credit card numbers or national/regional identification numbers (for example, U.S. social security numbers), stored in Azure SQL Database, Azure SQL Managed Instance, and SQL Server databases.
https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine
NEW QUESTION 339
HotSpot
You are designing a storage solution that will ingest, store, and analyze petabytes (PBs) of structured, semi-structured, and unstructured text data. The analyzed data will be offloaded to Azure Data Lake Storage Gen2 for long-term retention. You need to recommend a storage and analytics solution that meets the following requirements:
– Stores the processed data.
– Provides interactive analytics.
– Supports manual scaling, built-in autoscaling, and custom autoscaling.
What should you include in the recommendation? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
https://learn.microsoft.com/en-us/azure/data-lake-analytics/data-lake-analytics-overview
NEW QUESTION 340
HotSpot
Your company, named Contoso, Ltd., has an Azure subscription that contains the following resources:
– An Azure Synapse Analytics workspace named contosoworkspace1.
– An Azure Data Lake Storage account named contosolake1.
– An Azure SQL database named contososql1.
The product data of Contoso is copied from contososql1 to contosolake1. Contoso has a partner company named Fabrikam Inc. Fabrikam has an Azure subscription that contains the following resources:
– A virtual machine named FabrikamVM1 that runs Microsoft SQL Server 2019.
– An Azure Storage account named fabrikamsa1.
Contoso plans to upload the research data on FabrikamVM1 to contosolake1. During the upload, the research data must be transformed to the data formats used by Contoso. The data in contosolake1 will be analyzed by using contosoworkspace1. You need to recommend a solution that meets the following requirements:
– Upload and transform the FabrikamVM1 research data.
– Provide Fabrikam with restricted access to snapshots of the data in contosoworkspace1.
What should you recommend for each requirement? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
– For ETL operations use Azure Data Factory and Azure Synapse Pipelines are based on Azure Data Factory.
https://learn.microsoft.com/en-us/azure/synapse-analytics/data-integration/concepts-data-factory-differences
– For restricted access use Azure Data Share: Azure Data Share enables organizations to securely share data with multiple customers and partners. Data providers are always in control of the data that they’ve shared and Azure Data Share makes it simple to manage and monitor what data was shared, when and by whom. In this case snapshot-based sharing should be used.
https://learn.microsoft.com/en-us/azure/data-share/overview
NEW QUESTION 341
……
Get the newest PassLeader AZ-305 VCE dumps here: https://www.passleader.com/az-305.html (353 Q&As Dumps)
And, DOWNLOAD the newest PassLeader AZ-305 PDF dumps from Cloud Storage for free: https://drive.google.com/drive/folders/1-_sQR2ramCLYzyq0_-oLFvWn1FqXmz1j