Designing Microsoft Azure Infrastructure Solutions

Here you have the best Microsoft AZ-305 practice exam questions

  • You have 286 total questions to study from
  • Each page has 5 questions, making a total of 58 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on November 28, 2024
Question 1 of 286

You have an Azure subscription that contains a custom application named Application1. Application1 was developed by an external company named Fabrikam,

Ltd. Developers at Fabrikam were assigned role-based access control (RBAC) permissions to the Application1 components. All users are licensed for the

Microsoft 365 E5 plan.

You need to recommend a solution to verify whether the Fabrikam developers still require permissions to Application1. The solution must meet the following requirements:

✑ To the manager of the developers, send a monthly email message that lists the access permissions to Application1.

✑ If the manager does not verify an access permission, automatically revoke that permission.

✑ Minimize development effort.

What should you recommend?

    Correct Answer: A

    To meet the requirements of verifying whether the Fabrikam developers still need access to Application1 and to minimize development effort, the best solution is to use an access review in Azure Active Directory. An access review allows administrators to send periodic notifications to managers, listing current permissions. If the permissions are not verified, the access can be automatically revoked. This solution is configuration-based and does not require custom development, meeting both the notification and automated revocation requirements efficiently.

Question 2 of 286

You have an Azure subscription. The subscription has a blob container that contains multiple blobs.

Ten users in the finance department of your company plan to access the blobs during the month of April.

You need to recommend a solution to enable access to the blobs during the month of April only.

Which security solution should you include in the recommendation?

    Correct Answer: A

    Shared Access Signatures (SAS) are the correct solution as they allow for the specification of an expiration date and time, providing controlled and time-limited access to resources in an Azure Storage account. This fits the requirement of enabling access only during the month of April. SAS tokens can be precisely configured to expire at the end of April, automatically revoking access thereafter. Conditional Access policies, certificates, and access keys do not offer this level of granular time-based control specific to Azure Storage resources.

Question 3 of 286

You have an Azure Active Directory (Azure AD) tenant that syncs with an on-premises Active Directory domain.

You have an internal web app named WebApp1 that is hosted on-premises. WebApp1 uses Integrated Windows authentication.

Some users work remotely and do NOT have VPN access to the on-premises network.

You need to provide the remote users with single sign-on (SSO) access to WebApp1.

Which two features should you include in the solution? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

    Correct Answer: A, E

    To provide remote users with single sign-on (SSO) access to an on-premises web app that uses Integrated Windows authentication, without VPN access, you should use Azure AD Application Proxy and Azure AD enterprise applications. Azure AD Application Proxy allows you to securely publish the on-premises web app to the internet, enabling remote access without the need for a VPN. Azure AD enterprise applications enable Azure AD to manage the authentication and authorization for the app, providing the necessary SSO capabilities.

Question 4 of 286

You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group1. Group1 is configured for assigned membership. Group1 has 50 members, including 20 guest users.

You need to recommend a solution for evaluating the membership of Group1. The solution must meet the following requirements:

✑ The evaluation must be repeated automatically every three months.

✑ Every member must be able to report whether they need to be in Group1.

✑ Users who report that they do not need to be in Group1 must be removed from Group1 automatically.

✑ Users who do not report whether they need to be in Group1 must be removed from Group1 automatically.

What should you include in the recommendation?

    Correct Answer: C

    An access review in Azure AD is the best solution for evaluating the membership of Group1. It allows setting up periodic evaluations, in this case, every three months, and enables each member to review and report their need for continued membership in the group. Those who do not respond or report that they do not need access can be automatically removed from the group, fulfilling all the specified requirements.

Question 5 of 286

HOTSPOT -

You plan to deploy Azure Databricks to support a machine learning application. Data engineers will mount an Azure Data Lake Storage account to the Databricks file system. Permissions to folders are granted directly to the data engineers.

You need to recommend a design for the planned Databrick deployment. The solution must meet the following requirements:

✑ Ensure that the data engineers can only access folders to which they have permissions.

✑ Minimize development effort.

✑ Minimize costs.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

    Correct Answer:

    Box 1: Premium -

    Premium Databricks SKU is required for credential passhtrough.

    Box 2: Credential passthrough -

    Athenticate automatically to Azure Data Lake Storage Gen1 (ADLS Gen1) and Azure Data Lake Storage Gen2 (ADLS Gen2) from Azure Databricks clusters using the same Azure Active Directory (Azure AD) identity that you use to log into Azure Databricks. When you enable Azure Data Lake Storage credential passthrough for your cluster, commands that you run on that cluster can read and write data in Azure Data Lake Storage without requiring you to configure service principal credentials for access to storage.

    Reference:

    https://docs.microsoft.com/en-us/azure/databricks/security/credential-passthrough/adls-passthrough