CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-305

Free AZ-305 Exam Braindumps (page: 16)

Page 15 of 67
PDF with 319 Questions

You have an Azure subscription that contains 1,000 resources.
You need to generate compliance reports for the subscription. The solution must ensure that the resources can be grouped by department.

What should you use to organize the resources?

  1. application groups and quotas
  2. Azure Policy and tags
  3. administrative units and Azure Lighthouse
  4. resource groups and role assignments

Answer(s): B

Explanation:

Compliance Report using Azure Policy
Azure Policy is a powerful tool for Azure Governance. With Azure Policy we can define rules for all Azure Subscriptions the we manage. We can use this rules for simple limitation actions, like permitting only specific VM Series and Sizes that can be created and also more complex rule sets that helps you standardize the whole Azure deployment.

Enforce tags for resource creation
So, why tags? Why we need to add tags to all Azure resources? The Microsoft Azure environments are getting bigger and bigger and managed by multiple people and teams. That makes it difficult to understand who created a resource and what is the purpose of that resource. Another critical matter that we need tags is Cost Management. At the Azure Cost Management Portal, we can sort and arrange the resource cost using the Tags. This way we can provide an expense dashboard with the actual cost of the resources per department, project or whatever tags we have added to the Resource.


Reference:

https://www.cloudcorner.gr/microsoft/azure/compliance-report-using-azure-policy/
https://www.cloudcorner.gr/microsoft/azure-policy-enforce-tags-for-resource-creation/



You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager (ARM) resource deployments in your Azure subscription.

What should you include in the recommendation?

  1. Azure Arc
  2. Azure Monitor metrics
  3. Azure Advisor
  4. Azure Log Analytics

Answer(s): D

Explanation:

The Activity log is a platform log in Azure that provides insight into subscription-level events. Activity log includes such information as when a resource is modified or when a virtual machine is started.
Activity log events are retained in Azure for 90 days and then deleted.

For more functionality, you should create a diagnostic setting to send the Activity log to one or more of these locations for the following reasons:

to Azure Monitor Logs for more complex querying and alerting, and longer retention (up to two years)
to Azure Event Hubs to forward outside of Azure
to Azure Storage for cheaper, long-term archiving

Note: Azure Monitor builds on top of Log Analytics, the platform service that gathers log and metrics data from all your resources. The easiest way to think about it is that Azure Monitor is the marketing name, whereas Log Analytics is the technology that powers it.


Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log



You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager (ARM) resource deployments in your Azure subscription.

What should you include in the recommendation?

  1. Azure Monitor action groups
  2. Azure Arc
  3. Azure Monitor metrics
  4. Azure Activity Log

Answer(s): D

Explanation:

Activity logs are kept for 90 days. You can query for any range of dates, as long as the starting date isn’t more than 90 days in the past.

Through activity logs, you can determine:
what operations were taken on the resources in your subscription
who started the operation
when the operation occurred
the status of the operation
the values of other properties that might help you research the operation


Reference:

https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs



DRAG DROP (Drag and Drop is not supported)
You have an Azure AD tenant that contains an administrative unit named MarketingAU. MarketingAU contains 100 users.

You create two users named User1 and User2.

You need to ensure that the users can perform the following actions in MarketingAU:

-User1 must be able to create user accounts.
-User2 must be able to reset user passwords.

Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.
Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: User Administrator for the MarketingAU
User1 must be able to create user accounts.

User Administrator
Can manage all aspects of users and groups, including resetting passwords for limited admins.

Create users
Etc.

Roles that can be assigned with administrative unit scope
The following Azure AD roles can be assigned with administrative unit scope.
* Helpdesk Administrator
* User Administrator
* Etc.

Box 2: Helpdesk Administrator for the MarketingAU
User2 must be able to reset user passwords.

Helpdesk Administrator
Can reset passwords for non-administrators and Helpdesk Administrators.

Administrative units restrict permissions in a role to any portion of your organization that you define. You could, for example, use administrative units to delegate the Helpdesk Administrator role to regional support specialists, so they can manage users only in the region that they support.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
https://learn.microsoft.com/en-us/azure/active-directory/roles/admin-units-assign-roles






Post your Comments and Discuss Microsoft AZ-305 exam with other Community members:

AZ-305 Discussions & Posts