QUESTION: 1 Exam Topic: Design Identity, Governance, and Monitoring Solutions (Testlet 1)

View Related Case Study

HOTSPOT (Drag and Drop is not supported)

You need to ensure that users managing the production environment are registered for Microsoft Entra MFA and must authenticate by using Microsoft Entra MFA when they sign in to the Azure portal. The solution must meet the authentication and authorization requirements.

What should you do? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

See Explanation section for answer.

Answer(s): A

Explanation:

Box 1: Microsoft Entra ID Protection
Only users that manage the production environment by using the Azure portal must connect from a hybrid Microsoft Entra-joined device and authenticate by using Azure Multi-Factor Authentication (MFA).

Note: Policy configuration
1. Navigate to the Azure portal.
2. Browse to Microsoft Entra ID > Security > Identity Protection > MFA registration policy.
3. Under Assignments
4. Users – Choose All users or Select individuals and groups if limiting your rollout.
5. Optionally you can choose to exclude users from the policy.
6. Enforce Policy – On
7. Save

Box 2: Grant control in capolicy1
The litware.com tenant has a Conditional Access policy named Capolicy1. Capolicy1 requires that when users manage the Azure subscription for a production environment by using the Azure portal, they must connect from a Microsoft Entra hybrid joined device.

Note: We need to configure the policy conditions for capolicy1 that prompt for MFA.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure- mfa-policy https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa

Show Answer Next Question

QUESTION: 2 Exam Topic: Design Identity, Governance, and Monitoring Solutions (Testlet 1)

View Related Case Study

After you migrate App1 to Azure, you need to enforce the data modification requirements to meet the security and compliance requirements.

What should you do?

Create an access policy for the blob service.
Implement Azure resource locks.
Create Azure RBAC assignments.
Modify the access level of the blob service.

Answer(s): A

Explanation:

Scenario: Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.
As an administrator, you can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. The lock overrides any permissions the user might have.

Reference:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources

Show Answer Next Question

QUESTION: 3 Exam Topic: Design Identity, Governance, and Monitoring Solutions (Testlet 2)

View Related Case Study

HOTSPOT (Drag and Drop is not supported)

To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

See Explanation section for answer.

Answer(s): A

Explanation:

Box 1: 1
One single Microsoft Entra tenant is needed as only the Corp tenant is migrated.

Box 2: 2
One conditional access policy for Multi-Factor Authentication (MFA) will be used for icrosofthve access, and a second conditional access policy in order to prevent external access.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy- location https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy- admin-mfa

Show Answer Next Question

QUESTION: 4 Exam Topic: Design Identity, Governance, and Monitoring Solutions (Testlet 2)

View Related Case Study

See Explanation section for answer.

Answer(s): A

Explanation:

Reference:

Show Answer Next Question

QUESTION: 5 Exam Topic: Design Identity, Governance, and Monitoring Solutions (Testlet 2)

View Related Case Study

You need to recommend a notification solution for the IT Support distribution group.

What should you include in the recommendation?

a SendGrid account with advanced reporting
an action group
Azure Network Watcher
Microsoft Entra Connect Health

Answer(s): D

Explanation:

Scenario: An email distribution group named IT Support must be notified of any issues relating to the directory synchronization services.
Directory synchronization between Microsoft Entra ID and corp.fabrikam.com must not be affected by a link failure between Azure and the on- premises network.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-operations

Show Answer Next Question

QUESTION: 6 Exam Topic: Design Identity, Governance, and Monitoring Solutions (Testlet 2)

View Related Case Study

You need to recommend a solution to meet the database backup retention requirements.

What should you recommend?

Configure a long-term retention policy for the database.
Configure Azure Site Recovery.
Use automatic Azure SQL Database backups.
Configure geo-replication of the database.

Answer(s): A

Explanation:

Scenario: Database backups must be retained for a minimum of seven years to meet compliance requirements.
Many applications have regulatory, compliance, or other business purposes that require you to retain database backups beyond the 7-35 days provided by Azure SQL Database and Azure SQL Managed Instance automatic backups. By using the long-term retention (LTR) feature, you can store specified SQL Database and SQL Managed Instance full backups in Azure Blob storage with configured redundancy for up to 10 years. LTR backups can then be restored as a new database.

Reference:

https://docs.microsoft.com/en-us/azure/azure-sql/database/long-term-retention-overview

Show Answer Next Question

QUESTION: 7 Exam Topic: Design Identity, Governance, and Monitoring Solutions (Testlet 3)

View Related Case Study

HOTSPOT (Drag and Drop is not supported)

What should you implement to meet the identity requirements? To answer, select the appropriate options in the answer area.

Note: Each correct selection is worth one point.

Hot Area:

See Explanation section for answer.

Answer(s): A

Explanation:

Requirements: Identity Requirements
Contoso identifies the following requirements for managing Fabrikam access to resources:
* Every month, an account manager at Fabrikam must review which Fabrikam users have access permissions to App1. Accounts that no longer need permissions must be removed as guests.
* The solution must minimize development effort.

Box 1: Microsoft Entra ID Governance

Incorrect:
Not PIM: Life Cycle Requirements must be met.

Box 2: Access reviews
Microsoft Entra access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments. User’s access can be reviewed on a regular basis to make sure only the right people have continued access.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview

Show Answer Next Question

QUESTION: 8 Exam Topic: Design Identity, Governance, and Monitoring Solutions (Testlet 3)

View Related Case Study

What should you recommend to meet the monitoring requirements for App2?

VM insights
Azure Application Insights
Microsoft Sentinel
Container insights

Answer(s): B

Explanation:

Scenario: You need to monitor App2 to analyze how long it takes to perform different transactions within the application. The solution must not require changes to the application code.
Unified cross-component transaction diagnostics.
The unified diagnostics experience automatically correlates server-side telemetry from across all your Application Insights monitored components into a single view. It doesn’t matter if you have multiple resources.
Application Insights detects the underlying relationship and allows you to easily diagnose the application component, dependency, or exception that caused a transaction slowdown or failure.
Note: Components are independently deployable parts of your distributed/microservices application.
Developers and operations teams have code-level visibility or access to telemetry generated by these application components.

Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/app/transaction-diagnostics

Show Answer Next Question

Free Microsoft AZ-305 Exam Questions (page: 2)

Pass your Designing Microsoft Azure Infrastructure Solutions exam with these free Actual Questions and Answers

QUESTION: 1 Exam Topic: Design Identity, Governance, and Monitoring Solutions (Testlet 1)

Explanation:

Reference:

QUESTION: 2 Exam Topic: Design Identity, Governance, and Monitoring Solutions (Testlet 1)

Explanation:

Reference:

QUESTION: 3 Exam Topic: Design Identity, Governance, and Monitoring Solutions (Testlet 2)

Explanation:

Reference:

QUESTION: 4 Exam Topic: Design Identity, Governance, and Monitoring Solutions (Testlet 2)

Explanation:

Reference:

QUESTION: 5 Exam Topic: Design Identity, Governance, and Monitoring Solutions (Testlet 2)

Explanation:

Reference:

QUESTION: 6 Exam Topic: Design Identity, Governance, and Monitoring Solutions (Testlet 2)

Explanation:

Reference:

QUESTION: 7 Exam Topic: Design Identity, Governance, and Monitoring Solutions (Testlet 3)

Explanation:

Reference:

QUESTION: 8 Exam Topic: Design Identity, Governance, and Monitoring Solutions (Testlet 3)

Explanation:

Reference:

AZ-305 Exam Discussions & Posts