CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-305

Free AZ-305 Exam Braindumps (page: 9)

Page 8 of 67
PDF with 319 Questions

HOTSPOT (Drag and Drop is not supported)
You have an Azure subscription that contains the resources shown in the following table.



You create an Azure SQL database named DB1 that is hosted in the East US Azure region.

To DB1, you add a diagnostic setting named Settings1. Settings1 archive SQLInsights to storage1 and sends SQLInsights to Workspace1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  1. See Explanation section for answer.

Answer(s): A

Explanation:





Box 1: Yes
A single diagnostic setting can define no more than one of each of the destinations. If you want to send data to more than one of a particular destination type (for example, two different Log Analytics workspaces), then create multiple settings.
Each resource can have up to 5 diagnostic settings.

Note: This diagnostic telemetry can be streamed to one of the following Azure resources for analysis.
* Log Analytics workspace
* Azure Event Hubs
* Azure Storage
Box 2: Yes

Box 3: Yes


Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings
https://docs.microsoft.com/en-us/azure/azure-sql/database/metrics-diagnostic-telemetry-logging-streaming-export-configure?tabs=azure-portal



You plan to deploy an Azure SQL database that will store Personally Identifiable Information (PII).

You need to ensure that only privileged users can view the PII.

What should you include in the solution?

  1. dynamic data masking
  2. role-based access control (RBAC)
  3. Data Discovery & Classification
  4. Transparent Data Encryption (TDE)

Answer(s): A

Explanation:

Dynamic data masking limits sensitive data exposure by masking it to non-privileged users.

Dynamic data masking helps prevent unauthorized access to sensitive data by enabling customers to designate how much of the sensitive data to reveal with minimal impact on the application layer. It’s a policy-based security feature that hides the sensitive data in the result set of a query over designated database fields, while the data in the database is not changed.


Reference:

https://docs.microsoft.com/en-us/azure/azure-sql/database/dynamic-data-masking-overview



You plan to deploy an app that will use an Azure Storage account.

You need to deploy the storage account. The storage account must meet the following requirements:

-Store the data for multiple users.
-Encrypt each user’s data by using a separate key.
-Encrypt all the data in the storage account by using customer-managed keys.

What should you deploy?

  1. files in a premium file share storage account
  2. blobs in a general purpose v2 storage account
  3. blobs in an Azure Data Lake Storage Gen2 account
  4. files in a general purpose v2 storage account

Answer(s): B

Explanation:

You can specify a customer-provided key on Blob storage operations. A client making a read or write request against Blob storage can include an encryption key on the request for granular control over how blob data is encrypted and decrypted.


Reference:

https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption



HOTSPOT (Drag and Drop is not supported)
You have an Azure App Service web app that uses a system-assigned managed identity.

You need to recommend a solution to store the settings of the web app as secrets in an Azure key vault. The solution must meet the following requirements:

-Minimize changes to the app code.
-Use the principle of least privilege.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:





Box 1: Key Vault references in Application settings
Source Application Settings from Key Vault.
Key Vault references can be used as values for Application Settings, allowing you to keep secrets in Key Vault instead of the site config. Application Settings are securely encrypted at rest, but if you need secret management capabilities, they should go into Key Vault.

To use a Key Vault reference for an app setting, set the reference as the value of the setting. Your app can reference the secret through its key as normal. No code changes are required.

Box 2: Secrets: Get
In order to read secrets from Key Vault, you need to have a vault created and give your app permission to access it.

1. Create a key vault by following the Key Vault quickstart.
2. Create a managed identity for your application.
3. Key Vault references will use the app's system assigned identity by default, but you can specify a user-assigned identity.
4. Create an access policy in Key Vault for the application identity you created earlier. Enable the "Get" secret permission on this policy.


Reference:

https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references
https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references






Post your Comments and Discuss Microsoft AZ-305 exam with other Community members:

AZ-305 Discussions & Posts