AZ-304 File 1

12/23/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)
Whizlabs Grand Sale is Back | Flat 50% OFF on All Courses | Use Coupon - XMAS50
 j My Courses j Microsoft Azure Architect Design (AZ-304) j Practice Test I j Report
Search Courses D
Practice Test I Completed on 23-December-2020
Attempt Marks Obtained Your score

01 0 / 55 0.0%
Time Taken Result

N/A Failed
Domains wise Quiz Performance Report Join us on Slack community
No 1
Domain Design infrastructure
Total Question 20
Correct 0
Incorrect 0
Unattempted 20
Marked for review 0
https://www.whizlabs.com/learn/course/quiz-result/2839724 1/91
No 2
Domain Design data storage
Total Question 8
Correct 0
Incorrect 0
Unattempted 8
Marked for review 0
No 3
Domain Design monitoring
Total Question 10
Correct 0
Incorrect 0
Unattempted 10
Marked for review 0
No 4
Domain Design identity and security
Total Question 10
Correct 0
Incorrect 0
Unattempted 10
Marked for review 0
No 5
Domain Design business continuity
Total Question 7
Correct 0
Incorrect 0
Unattempted 7
Marked for review 0
Total Total
All Domain All Domain
Total Question 55
Correct 0
Incorrect 0
Unattempted 55
Marked for review 0
Review the Answers
Sorting by All
Question 1 Unattempted
Domain :Design infrastructure
Your company has setup an Azure subscription and an Azure AD tenant. The company wants to
develop several applications that would make use of Azure based services. Each application has a
different messaging requirement. Below are the key requirements for each application
Name
Requirements
whizlab-app1
Should be able to send and receive
messages based on First-in First out
message pattern
whizlab-app2
Should be able to receive and process
millions of messages at a time.
whizlab-app3
This application needs to listen and
process events that are emitted from
other Azure services
Which of the following would you use as a messaging service for whizlab-app1?
] A. Azure Event Hubs
] B. Azure Service Bus

A
] C. Azure Event Grid
] D. Azure Not ificat ion Hubs
Explanation:
Answer – B
You can use Azure Service Bus queues for this requirement
The Microsoft documentation mentions the following
Since this is clearly given in the Microsoft documentation, all other options are incorrect
For more information on Azure Service Bus , you can visit the below link
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-messaging-
overview
Ask our Experts
Rate this Question? vu

View Queries open
j
Name
Requirements
whizlab-app1
message pattern
whizlab-app2
whizlab-app3

A
Explanation:
Answer – A
You can use Azure Event Hubs for this requirement
For more information on Azure Event Hubs , you can visit the below link
https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-about
Ask our Experts

View Queries open
j

Name
Requirements
whizlab-app1
message pattern
whizlab-app2
whizlab-app3

A
Explanation:
Answer – C
You can use Azure Event Grid for this requirement
For more information on Azure Event Grid , you can visit the below link
https://docs.microsoft.com/en-us/azure/event-grid/overview
Ask our Experts

View Queries open
j
Domain :Design data storage
Your company has an Azure storage account. The storage account contains two files named
whizlab-file1 and whizlab-file2. The data files are 1 GB in size. Each of the files use the archive
access tier.
You have to ensure that whizlab-file1 is accessible immediately when a retrieval request is initiated
You decide to set the Access tier for the file to Cool
Would this fulfil the requirement?
] A. Yes
A
] B. No
Explanation:
Answer – A
Yes, by setting the Access tier to Hot, the file would be available for immediate download.
This is also mentioned in the Microsoft documentation
For more information on rehydrating blobs which are in the archive access tier , you can visit the
below link
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-rehydration?tabs=azure-
portal
Ask our Experts

View Queries open
j
access tier.
You decide to set move the file to a new storage account and then set the Access tier of the file to
Archive
] A. Yes
] B. No
A
Explanation:
Answer – B
The blob needs to be rehydrated onto the Hot or Cool Access tier to ensure the blob can be
downloaded at any time
below link
portal
Ask our Experts

View Queries open
j
access tier.
You decide to set the Access tier for the file to Hot
] A. Yes
A
] B. No
Explanation:
Answer – A
Yes, by setting the Access tier to Hot, the file would be available for immediate download.
below link
portal
Ask our Experts

View Queries open
j
A company has the following Azure SQL servers defined as part of their subscription
Name
Resource group
Location
whizlab-server1
whizlabs-rg1
East US
whizlab-server2
whizlabs-rg2
West US
The company also has the following Azure storage accounts defined in the subscription
Name
Resource group
Location
Account kind
whizlab-store1
whizlabs-rg1
East US
StorageV2
whizlab-store2
whizlabs-rg2
Central US
BlobStorage
The company also has the following Azure SQL Databases in place
Name
Resource group
Server
Pricing tier
whizlabdb1
whizlabs-rg1
whizlab-server1
Standard
whizlabdb2
whizlabs-rg1
whizlab-server1
Standard
whizlabdb3
whizlabs-rg2
whizlab-server2
Premium
If the company enables auditing on the database whizlabdb1, would they be able to store the audit
information to whizlab-store1?
] A. Yes
A
] B. No
Explanation:
Answer – A
You can store the audit information in Blob storage as long as the storage account is in the same
location as the Azure SQL Server.
For more information on auditing for Azure SQL Databases , you can visit the below link
https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview
Ask our Experts

View Queries open
j
Name
Resource group
Location
whizlab-server1
whizlabs-rg1
East US
whizlab-server2
whizlabs-rg2
West US
Name
Resource group
Location
Account kind
whizlab-store1
whizlabs-rg1
East US
StorageV2
whizlab-store2
whizlabs-rg2
Central US
BlobStorage
Name
Resource group
Server
Pricing tier
whizlabdb1
whizlabs-rg1
whizlab-server1
Standard
whizlabdb2
whizlabs-rg1
whizlab-server1
Standard
whizlabdb3
whizlabs-rg2
whizlab-server2
Premium
] A. Yes
] B. No
A
Explanation:
Answer – B
Here the Azure SQL Server and the storage account are in different locations
Ask our Experts

View Queries open
j
Name
Resource group
Location
whizlab-server1
whizlabs-rg1
East US
whizlab-server2
whizlabs-rg2
West US
Name
Resource group
Location
Account kind
whizlab-store1
whizlabs-rg1
East US
StorageV2
whizlab-store2
whizlabs-rg2
Central US
BlobStorage
Name
Resource group
Server
Pricing tier
whizlabdb1
whizlabs-rg1
whizlab-server1
Standard
whizlabdb2
whizlabs-rg1
whizlab-server1
Standard
whizlabdb3
whizlabs-rg2
whizlab-server2
Premium
] A. Yes
] B. No
A
Explanation:
Answer – B
Here the Azure SQL Server and the storage account are in different locations
Ask our Experts

View Queries open
j
Domain :Design monitoring
Your company currently uses Microsoft System Center Service Manager on its on-premises network.
The company needs a solution to push Azure service health alerts to Service Manager. Which of the
following would you recommend in the solution?
] A. IT Service Management Connector

A
] B. Applicat ion Insight s Connector
] C. Azure Event Hubs
Explanation:
Answer – A
If you want to have bi-directional support between Microsoft System Center Service Manager and
Azure , you need to install the IT Service Management Connector.
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on the IT Service Management Connector , you can visit the below link
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/itsmc-overview
Ask our Experts

View Queries open
j
Domain :Design identity and security
Your company currently has an Azure subscription. They also have third-party hosting providers.
They need to have a centralized monitoring solution in place. Below are the key requirements for the
monitoring solution
Collect all of the log and diagnostic data from all of the third-party providers.
Ensure that all data is collected in a centralized repository
Be able to analyse the log data and detect threats
Enable the automated response to all known events
Which of the following is an Azure service you would use for these requirements?
] A. Azure Sent inel

A
] B. Azure Log Analyt ics
] C. Azure Monitor
] D. Azure Applicat ion Insight s
Explanation:
Answer – A
Azure Sentinel has built in threat intelligence. You can also collect data from a variety of data
sources.
All of the other options are incorrect because they don’t provide support for automatic detection of
threats
For more information on Azure Sentinel , you can visit the below link
https://docs.microsoft.com/en-us/azure/sentinel/overview
Ask our Experts

View Queries open
j

A company has an on-premises directory that is synced onto Azure AD. The following users are
defined
Name
User type
Source
whizlabusr1
Member
Azure Active
Directory
whizlabusr2
Member
Windows Server
AD
whizlabusr3
Guest
Microsoft Account
whizlabusr4
Member
Azure Active
Directory
The user whizlabusr4 is assigned the User administrator role.
For which of the following users would whizlabusr4 be able to change the Job info attribute?
] A. whizlabusr1 only
] B. whizlabusr1 and whizlabusr2 only

A
] C. whizlabusr1 and whizlabusr3 only
] D. whizlabusr1, whizlabusr2 and whizlabusr3
Explanation:
Answer – B
You cannot change the details for a user that is synced onto Azure AD
This is also given in the Microsoft documentation
For more information on modifying user attributes , you can visit the below link
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-
pro le-azure-portal
Ask our Experts

View Queries open
j
A company has an on-premises directory that is synced onto Azure AD. The following users are
defined
Name
User type
Source
whizlabusr1
Member
Azure Active
Directory
whizlabusr2
Member
Windows Server
AD
whizlabusr3
Guest
Microsoft Account
whizlabusr4
Member
Azure Active
Directory
The user whizlabusr4 is assigned the User administrator role.
For which of the following users would whizlabusr4 be able to change the Authentication contact
info attribute?
] A. whizlabusr1 only
] B. whizlabusr1 and whizlabusr2 only

A
] C. whizlabusr1 and whizlabusr3 only
] D. whizlabusr1, whizlabusr2 and whizlabusr3
Explanation:
Answer - B
You cannot change the details for a user that is synced onto Azure AD
For more information on modifying user attributes , you can visit the below link
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-
pro le-azure-portal
Ask our Experts

View Queries open
j
Your company has an on-premises network. They also have a virtual appliance deployed onto the
on-premises network. The company wants to deploy several Azure virtual machines and then
connect them to their on-premises network by using a Site-to-Site connection. They also want to
ensure that all traffic from the Azure virtual machines will be directed to the on-premises virtual
appliance.
Which of the following would you implement for this requirement?
Choose two answers from the options given below
A. Implement Azure Traffic Manager
B. Implement an Azure virt ual net work

A
C. Implement an Azure ExpressRoute circuit
D. Implement a rout ing t able

A
Explanation:
Answer – B and D
You can deploy the Azure virtual machines onto a virtual network
You can then implement a route table that would direct all traffic to the virtual appliance
For more information on User defined routes , you can visit the below link
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
Ask our Experts

View Queries open
j
Your company currently has an Azure subscription. They are planning on deploying an application
that will be hosted in the East US, Central Europe and East Asia regions. You have to recommend a
data storage solution that would fulfil the following requirements
The data store must be able to store at least 1 TB of data
The data store must be able to support multiple consistency levels
It must be able to perform read and write operations in the Azure region that is local to the application
instance
Which of the following can you use for the above requirement?
] A. Azure SQL Dat abase
] B. A Microsoft SQL Server hosted on an Azure virt ual machine
] C. Azure Table Storage
] D. An Azure Cosmos DB dat abase

A
Explanation:
Answer – D
Azure Cosmos DB fulfils all of the requirements
All of the other options are incorrect because they don’t support consistency levels.
For more information on Azure Cosmos DB , you can visit the below link
https://docs.microsoft.com/en-us/azure/cosmos-db/introduction
Ask our Experts

View Queries open
j

A company currently has an Azure AD tenant. They want to use Azure Monitor to monitor all of the
user sign-ins and then generate alerts based on specific user sign-in events.
Which of the following would you use for the storage of Azure AD logs?
] A. Azure Event Hub
] B. Azure Log Analyt ics workspace

A
] C. An Azure Storage Account
] D. Azure Cosmos DB
Explanation:
Answer – B
You can use Azure Log Analytics to store the data. You can then create an alert based on a query
that would look at specific conditions on the Sign-in activity
For more information on integrating Azure AD logs with Log Analytics , you can visit the below link
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-
activity-logs-with-log-analytics
Ask our Experts

View Queries open
j

A company currently has an Azure AD tenant. They want to use Azure Monitor to monitor all of the
user sign-ins and then generate alerts based on specific user sign-in events.
Which of the following would you use as the Signal type for triggering the alerts?
] A. Act ivit y Log
] B. Log
A
] C. Met ric
] D. API
Explanation:
Answer – B
You can create alerts rules based on Log Analytic queries
For more information on a tutorial on how to create alerts based on Log Analytics queries , you can
visit the below link
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-response
Ask our Experts

View Queries open
j
A company is planning on deploying two Azure Kubernetes clusters to different Azure regions.
Different applications will be hosted on these clusters. The application deployment must meet the
following requirements
It has to be ensured that an application remains available even if a single Kubernetes cluster fails
It must be ensured that the connection tra c over the Internet is encrypted by using SSL
You should also not need to con gure SSL on each container instance
Which of the following would you use as an Azure service for these requirements?
] A. Azure Front Door

A
] B. Azure Traffic Manager
] C. Azure Load Balancer
] D. AKS Ingress cont roller
Explanation:
Answer – A
Azure Front Door supports SSL termination and can be used to route traffic to the different clusters.
The other options are incorrect since they don’t support SSL termination
For more information on the Azure Front Door service , you can visit the below link
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-overview
Ask our Experts

View Queries open
j
A company currently used Azure Application Insights. They want to use the continuous export
feature and be able to store the Application Insights data for five years. Which of the following
should they use for the storage of data?
] A. Azure SQL dat abase
] B. Azure Storage
A
] C. Azure Monitor Logs
] D. Azure Backup
Explanation:
Answer – B
With the continuous export feature of Application Insights, you need to store the data in an Azure
storage account.
For more information on exporting telemetry data , you can visit the below link
https://docs.microsoft.com/en-us/azure/azure-monitor/app/export-telemetry
Ask our Experts

View Queries open
j
Your company has an Azure SQL database. You have to monitor the number of times the below
query is fired against the database
select * from whizlabapp where appId=1 00
Which of the following can be used for this requirememt?
] A. Azure Monitor
] B. Azure Log Analyt ics
] C. Query Performance Insight

A
] D. Query Store
Explanation:
Answer – C
You can achieve this with Query Performance Insights
For more information on Query Performance Insight , you can visit the below link
https://docs.microsoft.com/en-us/azure/azure-sql/database/query-performance-insight-use
Ask our Experts

View Queries open
j
A company has deployed web applications onto Virtual Machines in 2 separate regions. They want
to load balance traffic at Layer 7. They also want to protect the web application from SQL injection
attacks.
Which of the following service would you use for this requirement?
] A. Azure Load Balancer
] B. Azure Traffic Manager
] C. Azure Applicat ion Gateway

A
] D. Azure Net work Watcher
Explanation:
Answer – C
The ideal solution for this is the Azure Application Gateway. This can be used to route traffic at Layer
7. This is also mentioned in the Microsoft documentation as mentioned below
Option A is incorrect since this can only load balance traffic at Layer 4.
Option B is incorrect since this is used to direct traffic as a DNS level.
Option D is incorrect since this is used to monitor, diagnose, and gain insights to your network
performance and health
For more information on the Application gateway, please visit the below URL
https://docs.microsoft.com/en-us/azure/application-gateway/overview
Ask our Experts

View Queries open
j

A company has deployed web applications onto Virtual Machines in 2 separate regions. They want
to load balance traffic at Layer 7. They also want to protect the web application from SQL injection
attacks.
Which of the following feature would you use for this requirement?
] A. URL rout ing
] B. Packet Analysis
] C. Endpoint monitoring
] D. Web Applicat ion Firewall

A
Explanation:
Answer – D
This is clearly mentioned in the Microsoft documentation
Since this is clearly mentioned in the documentation, all other options are incorrect
For more information on the Web Application Firewall, please visit the below URL
https://docs.microsoft.com/en-us/azure/application-gateway/waf-overview
Ask our Experts

View Queries open
j
A company is planning on deploying an application onto Azure. The application will be based on the
.Net core programming language. The application would be hosted using Azure Web apps. Below is
part of the various requirements for the application
Gives the ability for the testing team to view the di erent components of an application and see the
calls being made between the di erent application components
Helps business analyse how many users actually return to the application
Ensuring IT administrators get alerts based on critical conditions being met in the application
Which of the following service would be best suited for fulfilling the requirement of
“ Gives the ability for the testing team to view the different components of an application and see the
calls being made between the different application components”
] A. Applicat ion Insight s

A
] B. Azure Service Healt h
] C. Azure Advisor
] D. Azure Policies
Explanation:
Answer – A
This feature is part of the Application Insights tool. An example of this is given in the Microsoft
documentation
For more information on Application map, please visit the below URL
https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-map
Ask our Experts

View Queries open
j
“ Helps business analyse how many users actually return to the application”

A
] B. Azure Service Healt h
] C. Azure Advisor
] D. Azure Policies
Explanation:
Answer – A
This feature is part of the Application Insights tool. An example of this is given in the Microsoft
documentation

For more information on the retention feature of Application Insights, please visit the below URL
https://docs.microsoft.com/en-us/azure/azure-monitor/app/usage-retention
Ask our Experts

View Queries open
j
“ Ensuring IT administrators get alerts based on critical conditions being met in the application”
] B. Azure Monitor
A
] C. Azure Advisor
] D. Azure Policies
Explanation:
Answer – B
This is a feature of Azure Monitor wherein you can use the Alerts feature. This is also mentioned in
the Microsoft documentation
For more information on Azure Monitor, please visit the below URL
https://docs.microsoft.com/en-us/azure/azure-monitor/overview
Ask our Experts

View Queries open
j
Domain :Design business continuity
A company is planning on moving their on-premise resources to Azure. They have 3 different
applications that belong to different departments. Each application has a different requirement for
business continuity as given below
HR Department - The application data needs to be retained for 3 years. From a disaster recovery
perspective, the application needs to run from a di erent Azure region. The Recovery time objective
would be 15 minutes
Logistics Department - Here the Service Management team wants to ensure that the application must
be able to recover point in time data at a daily granularity level. The Recovery time objective would be
6 hours.
Procurement Department - Here the application must be able to failover to a secondary on-premise
data center.
You have to recommend which service should be used by each department. You have to also ensure
that costs are minimized.
Which of the following would you use for the HR Department?
] A. Azure Site Recovery only
] B. Azure Backup only
] C. Azure Site Recovery and Azure Backup

A
] D. Azure Site Recovery and Azure Migrate
Explanation:
Answer – C
You will need the Azure backup service for long term retention of data. The below except is from the
Microsoft documentation on the retention of data in the Azure backup service
Option A is incorrect since you need to maintain backups for 3 years, for which you need to use the
Azure backup service as well.
Option B is incorrect since you need Azure Site recovery as well to ensure the application can run off
another region in case of a disaster
Option D is incorrect since Azure Migrate is used when you want to migrate VMware VM’s to Azure
For more information on Azure backup and Azure Site Recovery, please visit the below URL
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview
https://docs.microsoft.com/en-us/azure/backup/backup-introduction-to-azure-backup
Ask our Experts

View Queries open
j
would be 15 minutes
6 hours.
data center.
Which of the following would you use for the Logistics Department?

A
Explanation:
Answer – B
Use Azure Backup when you want to have backup data at a granular level. This is also mentioned as
a different Azure Backup and Azure Site recovery in the Microsoft documentation
Options A and C is incorrect since here we only need to have backup’s in place
Ask our Experts

View Queries open
j
would be 15 minutes
6 hours.
data center.
Which of the following would you use for the Procurement Department?

A
Explanation:
Answer – A
You can use the Azure Site Recovery service to ensure that you can failover your application to a
secondary site. The below except is from the Microsoft documentation for Azure Site Recovery
Options B and C is incorrect since here we only need to use Azure Site Recovery for the failover.
Ask our Experts

View Queries open
j
A company has setup an Azure subscription and an Azure tenant. They have purchased Premium P2
licences. There are different departments that have different requirements for managing identities.
Department
Requirement
Procurement
Get noti cations whenever roles are activated
Provide just in time access to Azure resources
Human Resources
Ability to conduct access reviews
Logistics
Ensure Applications hosted on the virtual machines can
safely access the Azure Key vault service
Which of the following would you suggest for the Procurement department?
] A. Managed Service Ident it y
] B. Ident it y Protect ion
] C. Privileged Ident it y Management

A
] D. Azure AD Connect
Explanation:
Answer – C
This is clearly given in the Microsoft documentation wherein the Privileged Identity Management
feature would fulfil these requirements
Since this is clearly mentioned, all other options are incorrect
For more information on privileged identity management, please visit the below URL
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-
con gure
Ask our Experts

View Queries open
j
Department
Requirement
Procurement
Human Resources
Logistics
Which of the following would you suggest for the Human Resources department?

A
Explanation:
Answer - C
feature would fulfil this requirement
For more information on privileged identity management, please visit the below URL
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-
con gure
Ask our Experts

View Queries open
j
Department
Requirement
Procurement
Human Resources
Logistics
Which of the following would you suggest for the Logistics department?

A
Explanation:
Answer - A
feature would fulfil this requirement
For more information on Managed Service Identity, please visit the below URL
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-
resources/overview
Ask our Experts

View Queries open
j
A company has deployed an API management instance. They need a solution to protect the API from
a DDoS (Distributed denial of service) attack. Which of the following could be recommended for this
requirement?
] A. Net work Securit y Groups
] B. Rate Limit ing

A
] C. Quot as
] D. OAut h2
Explanation:
Answer – B
You can protect the number of calls to the API by using rate limiting. Below is what is mentioned in
the Microsoft documentation
Option A is incorrect since this is used for protecting traffic flowing into Virtual Machines
Option C is incorrect since this is used to limit the calls based on the subscription
Option D is incorrect since this is used for authentication for API's
For more information on transforming and protecting an API, please visit the below URL
https://docs.microsoft.com/en-us/azure/api-management/transform-api
Ask our Experts

View Queries open
j
A company has created 2 virtual networks, one in the Central US and the other in the East US region.
There is a requirement to ensure that Virtual Machines on the Virtual Networks are able to
communicate with each other using their private IP addresses. You also need to ensure low latency
access between the Virtual machines. You also need to ensure that the solution is cost effective.
You decide to implement Virtual Network Peering.
Does this fulfil the requirement?
] A. Yes
A
] B. No
Explanation:
Answer – A
You can implement Virtual Network Peering for this requirement. Below is what the is mentioned in
the Microsoft documentation.
For more information on Virtual Network Peering, please visit the below URL
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
Ask our Experts

View Queries open
j
You decide to implement an Express Route connection
] A. Yes
] B. No
A
Explanation:
Answer – B
This type of connection is generally used to extend on-premise infrastructure to Azure. Below is
what is mentioned in the Microsoft documentation
For more information on Express Route connections, please visit the below URL
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction
Ask our Experts

View Queries open
j
You decide to implement custom route tables.
] A. Yes
] B. No
A
Explanation:
Answer – B
In the question there is no special mention on routing traffic. Hence custom route tables don’t need
to be part of the implementation.
For more information on Virtual Network routing, please visit the below URL
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
Ask our Experts

View Queries open
Question 36
j
Unattempted
A company has just setup an Azure subscription. They have offices located in Mumbai and
Hyderabad.
They are now planning their network connectivity strategy. They have the following networks defined
in Azure.
Virtual Network Name
Address space
Region
whizlab-network1
10.0.1.0/24
North Europe
whizlab-network2
10.0.2.0/24
West Europe
The networks have the following subnets defined
Subnet Name
Virtual Network
SubnetA
whizlab-network1
SubnetB
whizlab-network2
The company has the following requirements when it comes to connectivity
The Virtual Machines hosted in SubnetA must only be accessible to clients located in the Mumbai
o ce
IT administrators working on dedicated workstations must have access to the Virtual Machines in
SubnetA over the Internet on a speci c TCP/IP management port
The Azure Virtual Machines hosted in the whizlab-network1 must be able to communicate on all ports
to Azure Virtual Machines hosted in whizlab-network2
office. Which of the following would you use for this purpose?
] A. Virt ual Net work peering
] B. Site-to-Site VPN
A
] C. Net work Securit y Groups
] D. A new Virt ual Net work
Explanation:
Answer – B
A site-to-site VPN connection can be used to connect on-premise infrastructure onto Azure. Below is
Option A is incorrect since this is used to connect 2 Virtual Networks in Azure together.
Option C is incorrect since this is used to control traffic flowing into and out of Azure Virtual
Machines
Option D is incorrect since this is not required
For more information on deploying a site-to-site VPN connection, please visit the below URL
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-
resource-manager-portal
Ask our Experts

View Queries open
j
Hyderabad.
in Azure.

Address space
Region
whizlab-network1
10.0.1.0/24
North Europe
whizlab-network2
10.0.2.0/24
West Europe
Subnet Name
Virtual Network
SubnetA
whizlab-network1
SubnetB
whizlab-network2
o ce
SubnetA over the Internet on a specific TCP/IP management port. Which of the following would you
use for this purpose?

A
Explanation:
Answer – C
You can use Network Security Groups to define the traffic flow rules into and out of Virtual Machines.
Below is what is mentioned in the Microsoft documentation
Option A is incorrect since this is used to connect 2 Virtual Networks in Azure together.
Option B is incorrect since this is used to on-premise infrastructure to Azure Virtual Networks
For more information on network security , please visit the below URL
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Ask our Experts

View Queries open
j
Hyderabad.
in Azure.

Address space
Region
whizlab-network1
10.0.1.0/24
North Europe
whizlab-network2
10.0.2.0/24
West Europe
Subnet Name
Virtual Network
SubnetA
whizlab-network1
SubnetB
whizlab-network2
o ce
The Azure Virtual Machines hosted in the whizlab-network1 must be able to communicate on all
ports to Azure Virtual Machines hosted in whizlab-network2. Which of the following would you use
for this purpose?

A
Explanation:
Answer – A
Option B is incorrect since this is used to on-premise infrastructure to Azure Virtual Networks
Option C is incorrect since this is used to control traffic flowing into and out of Azure Virtual
Machines
You can connect Virtual Networks together using Virtual Network Peering across regions. Below is
For more information on virtual network peering, please visit the below URL
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
Ask our Experts

View Queries open
j
View Case Study

What is the minimum number of Azure tenants that need to be setup?
] A. 0
] B. 1
A
] C. 2
] D. 3
Explanation:
Answer – B
Since there is only one forest that needs to be synced with Azure AD, one can opt for having one
Azure AD tenant. This is the simplest form of connectivity as shown below
Since this is the ideal approach , all other options are incorrect
For more information on hybrid connections with Active Directory, please visit the below URL
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies
Ask our Experts

View Queries open
j
View Case Study

What is the minimum number of custom domains to add to Azure AD?
] A. 0
] B. 1
A
] C. 2
] D. 3
Explanation:
Answer – B
Since users need to authenticate via the UPN’s associated with the quiz.whizlabs.com forest, you just
need to create one custom domain in Azure AD. That custom domain will be quiz.whizlabs.com.
Since this is the recommended answer, all other options are incorrect.
For more information on adding custom domains, please visit the below URL
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
Ask our Experts

View Queries open
j
View Case Study

What is the minimum number of conditional access policies that need to be created?
] A. 0
A
] B. 1
] C. 2
] D. 3
Explanation:
Answer – A
There is a baseline policy that ensures that Multi-factor authentication is present for administrative
accounts as shown below
You just need to enable this conditional access policy
Hence you don’t need additional conditional access policies and that is why the other options are
incorrect
For more information on baseline protection via conditional access policies, please visit the below
URL
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/baseline-protection
Ask our Experts

View Queries open
j
View Case Study

You need to recommend how to setup the data store for hosting the SQL database in Azure. Which
of the following would you recommend?
] A. An Azure SQL dat abase elast ic pool
] B. A Virt ual machine running a SQL server
] C. A fixed size DTU based Azure SQL dat abase
] D. A vCore-based Azure SQL Dat abase

A
Explanation:
Answer – D
Since the company already has existing Microsoft licences with software assurance, they can opt for
a hybrid model in which they can benefit from huge discounts. This is also given in the Microsoft
documentation.
Options A and C are incorrect since here you cannot use the Hybrid benefit from a licensing
perspective.
Option B is incorrect since you would need to invest extra on the Virtual machine itself
For more information on vCore based licensing, please visit the below URL
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-service-tiers-vcore
Ask our Experts

View Queries open
j
View Case Study

You need to recommend the approach to transferring the data from the on-premise SQL server to
the SQL server on Azure. Which of the following would you recommend?
] A. Use Azure Site Recovery
] B. Use a BACPAC file stored in Azure BLOB storage

A
] C. Copy t he VHD of t he server to Azure BLOB storage
] D. Use Azure Backup
Explanation:
Answer – B
The ideal approach is to use a BACPAC file. This is also given in the Microsoft documentation.
For more information on SQL database import, please visit the below URL
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-import
Ask our Experts

View Queries open
j
View Case Study

A strategy needs to be recommended for the Web application – “whizlab-app”. The loads on the
application would be unpredictable. It needs to be ensured that the application can sustain itself at
high workloads. Also, it needs to be ensured that costs are being minimized at lower workloads.
Which of the following would you recommend?
] A. Configure t he Scale up set t ings for t he web applicat ion
] B. Configure t he Scale Out set t ings for t he web applicat ion

A
] C. Deploy Virt ual machine scale set s to scale out based on t he CPU t hreshold
] D. Deploy Virt ual machine scale set s to scale out based on t he Memory t hreshold
Explanation:
Answer – B
Since the case study does mention that PaaS solutions should be used, hence we need to use Azure
Web apps for this solution and not Virtual Machine Scale Sets. Hence option C and D are eliminated.
To ensure that the web app can scale based on demand, we need to use the Scale Out settings as
shown below
1) First go to the Scale out settings for the Web App
2) Then click on Enable autoscale
Then add the required conditions for the scaling process
For more information on scaling web apps, please visit the below URL
https://docs.microsoft.com/en-us/azure/app-service/web-sites-scale
Ask our Experts

View Queries open
j
View Case Study

The following architecture is being recommended for the Web application
Would this architecture support redundancy for the web application?
] A. Yes
A
] B. No
Explanation:
Answer – A
Here you can use the priority traffic routing method which would automatically failover the Web
application if it detects a failure in the primary region. The Microsoft documentation mentions the
following
For more information on the priority routing method, please visit the below URL
https://docs.microsoft.com/en-us/azure/tra c-manager/tra c-manager-routing-

methods#priority
Ask our Experts

View Queries open
j
View Case Study

Would this architecture support autoscaling for the web application?
] A. Yes
] B. No
A
Explanation:
Answer – B
The Traffic Manager service is a load distribution service and not an autoscaling service. The
Microsoft documentation mentions the following
For more information on the Azure Traffic Manager, please visit the below URL
https://docs.microsoft.com/en-us/azure/tra c-manager/tra c-manager-overview
Ask our Experts

View Queries open
j
View Case Study


Would this architecture require a manual configuration if an Azure region fails?
] A. Yes
] B. No
A
Explanation:
Answer – B
Here you can use the priority traffic routing method which would automatically failover the Web
application if it detects a failure in the primary region. The Microsoft documentation mentions the
following
For more information on the priority routing method, please visit the below URL
https://docs.microsoft.com/en-us/azure/tra c-manager/tra c-manager-routing-

methods#priority
Ask our Experts

View Queries open
j
View Case Study

Which of the following should be recommended for the database retention period?
] A. Long term retent ion for t he dat abase

A
] B. Use Azure Site Recovery for t he dat abase
] C. Configure geo-replicat ion for t he dat abase
] D. Configure Azure backup for t he dat abase
Explanation:
Answer – A
You can use the long-term retention feature as mentioned in the Microsoft documentation below
Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect
For more information on database long term retention, please visit the below URL
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-long-term-retention
Ask our Experts

View Queries open
j
View Case Study

You need to decide on whether Azure storage is required for the various requirements of the case
study
Would you need to provision an Azure storage account for the SQL Server database migration?
] A. Yes
A
] B. No
Explanation:
Answer – A
You would need a storage account to store the BACPAC file which will be needed for the SQL
database import. The BACPAC file will need to be stored in Azure BLOB storage
For more information on SQL database import, please visit the below URL
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-import
Ask our Experts

View Queries open
j
View Case Study

study
Would you need to provision an Azure storage account for Web site content?
] A. Yes
] B. No
A
Explanation:
Answer - B
When you choose an App Service plan for an Azure Web app, it normally comes along with storage.
An example is given below
So, you don’t need a separate storage account for web site content.
For more information on App Service Plans, please visit the below URL
https://docs.microsoft.com/en-us/azure/app-service/overview-hosting-plans
Ask our Experts

View Queries open
j
View Case Study

study
Would you need to provision an Azure storage account for database metric monitoring?
] A. Yes
A
] B. No
Explanation:
Answer – A
The case study mentions that we need to have the database metrics in place for further analysis.
So, we need to persists the logs and metrics for the database. One way as mentioned below is to
use Azure Storage accounts.
Ask our Experts

View Queries open
Question 52
j
Unattempted
An application needs to be deployed onto Azure. This application will be hosted on a set of Virtual
Machines. The below set of rules need to apply when it comes to diverting traffic for users
Users navigating to http://whizlabs.com/video/* need to be directed to one set of Virtual Machines
Users navigating to http://whizlabs.com/images/* need to be directed to another set of Virtual
Machines
You need to setup the correct appliance which could be used to fulfil these requirements. Which of
the following would you implement?
] A. Traffic Manager
] B. Storage account s
] C. Applicat ion Gateway

A
] D. Virt ual Private Gateway
Explanation:
Answer – C
You can use the URL routing feature of the application gateway as shown below
Option A is incorrect since this is used to divert traffic based on DNS to multiple regions
Option B is incorrect since this can’t be used to divert traffic
Option D is incorrect since this is used to divert traffic from a Virtual Network over a VPN connection
For more information on the application gateway, please go ahead and visit the below URL
https://docs.microsoft.com/en-us/azure/application-gateway/overview
Ask our Experts

View Queries open
j

A company currently has an on-premise infrastructure that consists of

An Active directory domain named whizlab.com
Active Directory Federation services
Application Proxy servers for external connection
The company has recently setup an Azure AD tenant. They have also setup Azure AD Connect for
the synchronization of users from the on-premise AD to Azure AD. They have the following additional
requirements
Ability to monitor the solutions that integrate with Azure AD
Identity any potential issues in AD FS
Identify any directory synchronization issues
You need to identify the right monitoring solution for each type of server
Which of the following would you use to monitor the AD FS servers?
] A. Azure Securit y Center
] B. Azure AD Connect Healt h

A
] C. Act ive Directory Healt h Check solut ion in Azure Log Analyt ics
] D. Act ive Directory Federat ion Services Healt h Check solut ion in Azure Log Analyt ics
Explanation:
Answer – B
Azure AD Connect Health has the ability to monitor AD FS servers as well. If you see the Microsoft
documentation, you can clearly see the option present.
For more information on Azure AD Connect, please go ahead and visit the below URL
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect
Ask our Experts

View Queries open
j
A company currently has an on-premise infrastructure that consists of

An Active directory domain named whizlab.com
Active Directory Federation services
Application Proxy servers for external connection
The company has recently setup an Azure AD tenant. They have also setup Azure AD Connect for
the synchronization of users from the on-premise AD to Azure AD. They have the following additional
requirements
Ability to monitor the solutions that integrate with Azure AD
Identity any potential issues in AD FS
Identify any directory synchronization issues
You need to identify the right monitoring solution for each type of server
Which of the following would you use to monitor the AD Connect Servers?
] A. Azure Securit y Center
] B. Azure AD Connect Healt h

A
] C. Act ive Directory Healt h Check solut ion in Azure Log Analyt ics
] D. Act ive Directory Federat ion Services Healt h Check solut ion in Azure Log Analyt ics
Explanation:
Answer - B
Azure AD Connect Health has the ability to monitor all AD Connect Servers and check for any
synchronization issues. If you see the Microsoft documentation, you can clearly see the option
present.
For more information on Azure AD Connect, please go ahead and visit the below URL
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect
Ask our Experts

View Queries open
j
A company has an Azure storage account. The storage account needs to be configured in such a
way that it is only accessible from one specific Azure Virtual Network. You have to ensure that the
storage account is not accessible from the Internet. Which of the following would you use to
implement this requirement?
] A. Add a net work securit y group
] B. Deploy Azure CDN
] C. Act ivate t he Secure t ransfer required opt ion
] D. Create a VNET service endpoint

A
Explanation:
Answer – D
Virtual Network (VNet) service endpoints extend your virtual network private address space and the
identity of your VNet to the Azure services, over a direct connection. Endpoints allow you to secure
your critical Azure service resources to only your virtual networks. Traffic from your VNet to the
Azure service always remains on the Microsoft Azure backbone network.
Option A is incorrect since this is just used to manage the traffic into a subnet or network interface
Option B is incorrect since this is used for content delivery
Option C is incorrect since this is used only if you want to have HTTPS data transfer for the storage
account
For more information on Virtual Networks service endpoint, please visit the below URL
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-
overview
Ask our Experts

View Queries open
j
Finish Review
Certi cation Company

Cloud Certi cation Become Our Instructor
Java Certi cation Support
PM Certi cation Discussions
Big Data Certi cation Blog
Business
Support Join us on Slack!

Contact Us Join our open Slack community and
Help Topics get your queries answered instantly!
Our experts are online to answer your
questions!
Follow us
hom
© Copyright 2020. Whizlabs Software Pvt. Ltd. All Right Reserved.

AZ-304 File 1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AZ-304 File 1

Uploaded by

Copyright:

Available Formats

12/23/2020 Whizlabs Online Certification Training Courses for Professionals (AWS, Java, PMP)

 j My Courses j Microsoft Azure Architect Design (AZ-304) j Practice Test I j Report

Attempt Marks Obtained Your score

Time Taken Result

Domains wise Quiz Performance Report Join us on Slack community

Review the Answers

Domain :Design infrastructure

] A. Azure Event Hubs

] B. Azure Service Bus

] D. Azure Not ificat ion Hubs

The Microsoft documentation mentions the following

Ask our Experts

Rate this Question? vu

Domain :Design infrastructure

] A. Azure Event Hubs

] C. Azure Event Grid

] D. Azure Not ificat ion Hubs

You can use Azure Event Hubs for this requirement

The Microsoft documentation mentions the following

Ask our Experts

Rate this Question? vu

Domain :Design infrastructure

] A. Azure Event Hubs

] B. Azure Service Bus

] C. Azure Event Grid

You can use Azure Event Grid for this requirement

The Microsoft documentation mentions the following

Ask our Experts

Rate this Question? vu

Domain :Design data storage

This is also mentioned in the Microsoft documentation

Ask our Experts

Rate this Question? vu

Domain :Design data storage

This is also mentioned in the Microsoft documentation

Ask our Experts

Rate this Question? vu

Domain :Design data storage

Ask our Experts

Rate this Question? vu

Domain :Design data storage

Ask our Experts

Rate this Question? vu

Domain :Design data storage

Ask our Experts

Rate this Question? vu

Domain :Design data storage

Ask our Experts

Rate this Question? vu

Domain :Design monitoring

] A. IT Service Management Connector

] C. Azure Event Hubs

] D. Azure Not ificat ion Hubs

This is also mentioned in the Microsoft documentation

Ask our Experts

Rate this Question? vu

Domain :Design identity and security

] A. Azure Sent inel

] D. Azure Applicat ion Insight s

The Microsoft documentation mentions the following

Ask our Experts

Rate this Question? vu

Domain :Design identity and security