[2025-November-New]Braindump2go AZ-305 Exam Dumps PDF Free[Q260-Q301]
2025/November Latest Braindump2go AZ-305 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go AZ-305 Real Exam Questions! QUESTION 260
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You plan to deploy multiple instances of an Azure web app across several Azure regions. You need to design an access solution for the app. The solution must meet the following replication requirements:
- Support rate limiting.
- Balance requests between all instances.
- Ensure that users can access the app in the event of a regional outage.
Solution: You use Azure Front Door to provide access to the app.
Does this meet the goal? A. Yes
B. No Answer: A
Explanation:
Azure Front Door meets the requirements. The Azure Web Application Firewall (WAF) rate limit rule for Azure Front Door controls the number of requests allowed from clients during a one-minute duration.
Reference:
https://www.nginx.com/blog/nginx-plus-and-azure-load-balancers-on-microsoft-azure/ 1
https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-rate-limit-powershell 2 QUESTION 261
You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager (ARM) resource deployments in your Azure subscription.
What should you include in the recommendation? A. Azure Activity Log
B. Azure Arc
C. Azure Analysis Services
D. Azure Monitor action groups Answer: A
Explanation:
The Azure Monitor activity log is a platform log in Azure that provides insight into subscription-level events. The activity log includes information like when a resource is modified or a virtual machine is started.
https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell 3 QUESTION 262
You have 100 devices that write performance data to Azure Blob Storage.
You plan to store and analyze the performance data in an Azure SQL database.
You need to recommend a solution to continually copy the performance data to the Azure SQL database.
What should you include in the recommendation? A. Azure Data Factory
B. Data Migration Assistant (DMA)
C. Azure Data Box
D. Azure Database Migration Service Answer: A
Explanation:
Azure Data Factory - using Data Factory pipelines. Data Factory pipelines can copy data from Azure Blob Storage to an Azure SQL Database. The configuration pattern applies to copying from a file- based data store to a relational data store.
https://learn.microsoft.com/en-us/azure/data-factory/tutorial-copy-data-dot-net 4 QUESTION 263
You need to recommend a storage solution for the records of a mission critical application. The solution must provide a Service Level Agreement (SLA) for the latency of write operations and the throughput.
What should you include in the recommendation? A. Azure Data Lake Storage Gen2
B. Azure Blob Storage
C. Azure SQL
D. Azure Cosmos DB Answer: D
Explanation:
Azure Cosmos DB is Microsoft's fast NoSQL database with open APIs for any scale. It offers turnkey global distribution across any number of Azure regions by transparently scaling and replicating your data wherever your users are. The service offers comprehensive 99.99% SLAs which covers the guarantees for throughput, consistency, availability and latency for the Azure Cosmos DB Database Accounts scoped to a single Azure region configured with any of the five Consistency Levels or Database Accounts spanning multiple Azure regions, configured with any of the four relaxed Consistency Levels. Azure Cosmos DB allows configuring multiple Azure regions as writable endpoints for a Database Account. In this configuration, Azure Cosmos DB offers 99.999% SLA for both read and write availability.
Reference:
https://azure.microsoft.com/en-us/support/legal/sla/cosmos-db/v1_3/ 5 QUESTION 264
You are planning a storage solution. The solution must meet the following requirements:
- Support at least 500 requests per second.
- Support a large image, video, and audio streams.
Which type of Azure Storage account should you provision? A. standard general-purpose v2
B. premium block blobs
C. premium page blobs
D. premium file shares Answer: B
Explanation:
Premium block blobs offer significantly lower and more consistent latency than standard block blobs via high-performance SSD disks
https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blobs-latency 6 QUESTION 265
You need to recommend a data storage solution that meets the following requirements:
- Ensures that applications can access the data by using a REST connection
- Hosts 20 independent tables of varying sizes and usage patterns
- Automatically replicates the data to a second Azure region
- Minimizes costs
What should you recommend? A. an Azure SQL Database elastic pool that uses active geo-replication
B. tables in an Azure Storage account that use geo-redundant storage (GRS)
C. tables in an Azure Storage account that use read-access geo-redundant storage (RA-GRS)
D. an Azure SQL database that uses active geo-replication Answer: B
Explanation:
The Table service offers structured storage in the form of tables. The Table service API is a REST API for working with tables and the data that they contain.
Geo-redundant storage (GRS) has a lower cost than read-access geo-redundant storage (RA-GRS).
Reference:
https://docs.microsoft.com/en-us/rest/api/storageservices/table-service-rest-api 7
https://docs.microsoft.com/en-us/azure/storage/common/geo-redundant-design 8 QUESTION 266
Hotspot Question
You are designing a software as a service (SaaS) application that will enable Azure Active Directory (Azure AD) users to create and publish online surveys. The SaaS application will have a front-end web app and a back-end web API. The web app will rely on the web API to handle updates to customer surveys.
You need to design an authorization flow for the SaaS application. The solution must meet the following requirements:
- To access the back-end web API, the web app must authenticate by using OAuth 2 bearer tokens.
- The web app must authenticate by using the identities of individual users.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
![image_thumb[1]](http://examgod.com/bdimages/2025-November-NewQ260-Q301_A51E/image_thumb1_thumb.png "image_thumb[1]")
Explanation:
Box 1: Azure AD
The Azure AD server issues tokens (access & refresh token). See step 5 below in graphic.
OAuth 2.0 authentication with Azure Active Directory.
The OAuth 2.0 is the industry protocol for authorization. It allows a user to grant limited access to its protected resources. Designed to work specifically with
Hypertext Transfer Protocol (HTTP), OAuth separates the role of the client from the resource owner. The client requests access to the resources controlled by the resource owner and hosted by the resource server (here the Azure AD server). The resource server issues access tokens with the approval of the resource owner. The client uses the access tokens to access the protected resources hosted by the resource server.
Box 2: A web API
Delegated access is used.
The bearer token sent to the web API contains the user identity.
The web API makes authorization decisions based on the user identity.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/auth-oauth2 9
https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api 10 QUESTION 267
Drag and Drop Question
You are designing a virtual machine that will run Microsoft SQL Server and contain two data disks. The first data disk will store log files, and the second data disk will store data. Both disks are P40 managed disks.
You need to recommend a host caching method for each disk. The method must provide the best overall performance for the virtual machine while preserving the integrity of the SQL data and logs.
Which host caching method should you recommend for each disk? To answer, drag the appropriate methods to the correct disks. Each method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: None
No data disk caching for the Log files.
Box 2: ReadOnly
Guidelines to optimize performance for your SQL Server on Azure Virtual Machines (VMs) include:
Set host caching to read-only for data file disks.
Set host caching to none for log file disks.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/performance-guidelines-best-practices-storage 11 QUESTION 268
You are designing a solution that calculates 3D geometry from height-map data.
You need to recommend a solution that meets the following requirements:
- Performs calculations in Azure.
- Ensures that each node can communicate data to every other node.
- Maximizes the number of nodes to calculate multiple scenes as fast as possible.
- Minimizes the amount of effort to implement the solution.
Which two actions should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point. A. Enable parallel file systems on Azure.
B. Create a render farm that uses virtual machines.
C. Create a render farm that uses virtual machine scale sets.
D. Create a render farm that uses Azure Batch.
E. Enable parallel task execution on compute nodes. Answer: DE
Explanation:
How it works
A common scenario for Batch involves scaling out intrinsically parallel work, such as the rendering of images for 3D scenes, on a pool of compute nodes. This pool can be your "render farm" that provides tens, hundreds, or even thousands of cores to your rendering job.
https://learn.microsoft.com/en-us/azure/batch/batch-technical-overview 12
You configure compute nodes for parallel task execution at the pool level.
https://learn.microsoft.com/en-us/azure/batch/batch-parallel-node-tasks 13 QUESTION 269
You have an on-premises application that consumes data from multiple databases. The application code references database tables by using a combination of the server, database, and table name.
You need to migrate the application data to Azure.
To which two services can you migrate the application data to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point. A. SQL Server Stretch Database
B. SQL Server on an Azure virtual machine
C. Azure SQL Database
D. Azure SQL Managed Instance Answer: BD
Explanation:
Cross-database queries are supported by SQL Server, for example on an Azure virtual machine, and also supported by an Azure SQL Managed Instance.
https://docs.microsoft.com/en-us/azure/azure-sql/database/elastic-query-getting-started-vertical?view=azuresql 14 QUESTION 270
You need to design a highly available Azure SQL database that meets the following requirements:
- Failover between replicas of the database must occur without any data loss.
- The database must remain available in the event of a zone outage.
- Costs must be minimized.
Which deployment option should you use? A. Azure SQL Managed Instance Business Critical
B. Azure SQL Managed Instance General Purpose
C. Azure SQL Database Business Critical
D. Azure SQL Database Serverless Answer: C
Explanation:
To prevent Data Loss, Premium/Business Critical is required:
The primary node constantly pushes changes to the secondary nodes in order and ensures that the data is persisted to at least one secondary replica before committing each transaction. This process guarantees that if the primary node crashes for any reason, there is always a fully synchronized node to fail over to. QUESTION 271
You have an Azure web app that uses an Azure key vault named KeyVault1 in the West US Azure region.
You are designing a disaster recovery plan for KeyVault1.
You plan to back up the keys in KeyVault1.
You need to identify to where you can restore the backup.
What should you identify? A. any region worldwide
B. the same region only
C. KeyVault1 only
D. the same geography only Answer: D
Explanation:
When you back up a key vault object, such as a secret, key, or certificate, the backup operation will download the object as an encrypted blob. This blob can't be decrypted outside of Azure. To get usable data from this blob, you must restore the blob into a key vault within the same Azure subscription and Azure geography.
https://docs.microsoft.com/en-us/azure/key-vault/general/backup?tabs=azure-cli 15 QUESTION 272
You have an on-premises line-of-business (LOB) application that uses a Microsoft SQL Server instance as the backend.
You plan to migrate the on-premises SQL Server instance to Azure virtual machines.
You need to recommend a highly available SQL Server deployment that meets the following requirements:
- Minimizes costs
- Minimizes failover time if a single server fails
What should you include in the recommendation? A. an Always On availability group that has premium storage disks and a virtual network name (VNN)
B. an Always On Failover Cluster Instance that has a virtual network name (VNN) and a standard file share
C. an Always On availability group that has premium storage disks and a distributed network name (DNN)
D. an Always On Failover Cluster Instance that has a virtual network name (VNN) and a premium file share Answer: C
Explanation:
Always On availability groups on Azure Virtual Machines are similar to Always On availability groups on-premises, and rely on the underlying Windows Server Failover Cluster.
If you deploy your SQL Server VMs to a single subnet, you can configure a virtual network name (VNN) and an Azure Load Balancer, or a distributed network name (DNN) to route traffic to your availability group listener.
There are some behavior differences between the functionality of the VNN listener and DNN listener that are important to note:
* Failover time: Failover time is faster when using a DNN listener since there is no need to wait for the network load balancer to detect the failure event and change its routing.
* Etc.
Incorrect:
Not B, not D: Migrate to an Always On availability group, not an Always on Failover cluster Instance.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/availability-group-overview 16 QUESTION 273
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service instances will be deployed at the same time as the Azure SQL databases.
The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region.
You need to recommend a solution to meet the regulatory requirement.
Solution: You recommend using the Regulatory compliance dashboard in Microsoft Defender for Cloud.
Does this meet the goal? A. Yes
B. No Answer: B
Explanation:
Instead: You should recommend using an Azure Policy initiative to enforce the location.
Note: Azure Resource Policy Definitions can be used which can be applied to a specific Resource Group with the App Service instances.
In Azure Policy, we offer several built-in policies that are available by default. For example:
* Allowed Locations (Deny): Restricts the available locations for new resources. Its effect is used to enforce your geo-compliance requirements.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview 17 QUESTION 274
You plan to deploy an application named App1 that will run in containers on Azure Kubernetes Service (AKS) clusters. The AKS clusters will be distributed across four Azure regions.
You need to recommend a storage solution to ensure that updated container images are replicated automatically to all the Azure regions hosting the AKS clusters.
Which storage solution should you recommend? A. geo-redundant storage (GRS) accounts
B. Premium SKU Azure Container Registry
C. Azure Content Delivery Network (CDN)
D. Azure Cache for Redis Answer: B
Explanation:
Enable geo-replication for container images.
Best practice: Store your container images in Azure Container Registry and geo-replicate the registry to each AKS region.
To deploy and run your applications in AKS, you need a way to store and pull the container images. Container Registry integrates with AKS, so it can securely store your container images or Helm charts. Container Registry supports multimaster geo-replication to automatically replicate your images to Azure regions around the world.
Geo-replication is a feature of Premium SKU container registries.
Note:
When you use Container Registry geo-replication to pull images from the same region, the results are:
Faster: You pull images from high-speed, low-latency network connections within the same Azure region.
More reliable: If a region is unavailable, your AKS cluster pulls the images from an available container registry.
Cheaper: There's no network egress charge between datacenters.
Reference:
https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-multi-region 18 QUESTION 275
You have an Azure Active Directory (Azure AD) tenant.
You plan to deploy Azure Cosmos DB databases that will use the SQL API.
You need to recommend a solution to provide specific Azure AD user accounts with read access to the Cosmos DB databases.
What should you include in the recommendation? A. shared access signatures (SAS) and Conditional Access policies
B. certificates and Azure Key Vault
C. master keys and Azure Information Protection policies
D. a resource token and an Access control (IAM) role assignment Answer: D
Explanation:
The Access control (IAM) pane in the Azure portal is used to configure role-based access control on Azure Cosmos resources. The roles are applied to users, groups, service principals, and managed identities in Active Directory. You can use built-in roles or custom roles for individuals and groups. The following screenshot shows Active Directory integration (RBAC) using access control (IAM) in the Azure portal:
Note: To use the Azure Cosmos DB RBAC in your application, you have to update the way you initialize the Azure Cosmos DB SDK. Instead of passing your account's primary key, you have to pass an instance of a TokenCredential class. This instance provides the Azure Cosmos DB SDK with the context required to fetch an Azure AD (AAD) token on behalf of the identity you wish to use.
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/role-based-access-control 19
https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac 20 QUESTION 276
You have an on-premises application named App1 that uses an Oracle database.
You plan to use Azure Databricks to transform and load data from App1 to an Azure Synapse Analytics instance.
You need to ensure that the App1 data is available to Databricks.
Which two Azure services should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point. A. Azure Data Box Gateway
B. Azure Import/Export service
C. Azure Data Lake Storage
D. Azure Data Box Edge
E. Azure Data Factory Answer: CE
Explanation:
ADF moves data from on-prem Oracle to Data Lake storage, which makes data ready for DataBrick
https://docs.microsoft.com/en-us/azure/data-factory/load-azure-data-lake-storage-gen2 21
DataBricks "ETL" data to Synapse:
https://docs.microsoft.com/en-us/azure/databricks/scenarios/databricks-extract-load-sql-data-warehouse 22 QUESTION 277
Hotspot Question
You are designing a cost-optimized solution that uses Azure Batch to run two types of jobs on Linux nodes. The first job type will consist of short-running tasks for a development environment. The second job type will consist of long-running Message Passing Interface (MPI) applications for a production environment that requires timely job completion.
You need to recommend the pool type and node type for each job type. The solution must minimize compute charges and leverage Azure Hybrid Benefit whenever possible.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: User subscription and low-priority virtual machines
The first job type will consist of short-running tasks for a development environment.
Among the many ways to purchase and consume Azure resources are Azure low priority VMs and Spot VMs. These virtual machines are compute instances allocated from spare capacity, offered at a highly discounted rate compared to ג€on demandג€ VMs. This means they can be a great option for cost savings ג€" for the right workloads
Box 2: Batch service and dedicate virtual machines
The second job type will consist of long-running Message Passing Interface (MPI) applications for a production environment that requires timely job completion.
Azure Batch Service is a cloud based job scheduling and compute management platform that enables running large-scale parallel and high performance computing applications efficiently in the cloud. Azure Batch Service provides job scheduling and in automatically scaling and managing virtual machines running those jobs.
Reference:
https://www.parkmycloud.com/blog/azure-low-priority-vms 23
https://azure.microsoft.com/en-us/pricing/details/batch/ 24 QUESTION 278
You are developing a sales application that will contain several Azure cloud services and handle different components of a transaction. Different cloud services will process customer orders, billing, payment, inventory, and shipping.
You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using XML messages.
What should you include in the recommendation? A. Azure Notification Hubs
B. Azure Service Fabric
C. Azure Queue Storage
D. Azure Application Gateway Answer: C
Explanation:
Queue storage is often used to create a backlog of work to process asynchronously.
A queue message must be in a format compatible with an XML request using UTF-8 encoding.
Reference:
https://docs.microsoft.com/en-us/azure/storage/queues/storage-tutorial-queues 25 QUESTION 279
You are designing an app that will include two components. The components will communicate by sending messages via a queue.
You need to recommend a solution to process the messages by using a First in. First out (FIFO) pattern.
What should you include in the recommendation? A. storage queues with a custom metadata setting
B. Azure Service Bus queues with sessions enabled
C. Azure Service Bus queues with partitioning enabled
D. storage queues with a stored access policy Answer: B QUESTION 280
You have an on-premises storage solution.
You need to migrate the solution to Azure. The solution must support Hadoop Distributed File System (HDFS).
What should you use? A. Azure Data Lake Storage Gen2
B. Azure NetApp Files
C. Azure Data Share
D. Azure Table storage Answer: A
Explanation:
Azure Data Lake Storage Gen2: This is a fully managed, cloud-native data lake that supports the HDFS protocol. It allows you to store and analyze large amounts of data in its native format, without the need to move or transform the data. QUESTION 281
Hotspot Question
You have an on-premises Microsoft SQL Server database named SQL1.
You plan to migrate SQL1 to Azure.
You need to recommend a hosting solution for SQL1. The solution must meet the following requirements:
- Support the deployment of multiple secondary, read-only replicas.
- Support automatic replication between primary and secondary replicas.
- Support failover between primary and secondary replicas within a 15-minute recovery time objective (RTO).
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: Azure SQL Database
Box 2: Active geo-replication
If you need to create multiple Azure SQL Database geo-secondary replicas (in the same or different regions) for the same primary replica, use active geo-replication.
https://learn.microsoft.com/en-us/azure/azure-sql/database/auto-failover-group-sql-db?tabs=azure-powershell&view=azuresql 26 QUESTION 282
Hotspot Question
You need to deploy an instance of SQL Server on Azure Virtual Machines. The solution must meet the following requirements:
- Support 15,000 disk IOPS.
- Support SR-IOV.
- Minimize costs.
What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Azure Virtual Machine:
Use a high-performance Azure Virtual Machine such as the Dv3 or Ev3 series, which are optimized for workloads that require low latency and high throughput.
SR-IOV: Enable SR-IOV on the Virtual Machine. SR-IOV allows for direct communication between the virtual NIC and the physical NIC, reducing latency and increasing throughput.
Azure Premium SSD Disks:
Use Azure Premium SSD Disks as they are optimized for performance-sensitive workloads and have a high IOPS and throughput limit. QUESTION 283
You are developing an app that will read activity logs for an Azure subscription by using Azure Functions.
You need to recommend an authentication solution for Azure Functions. The solution must minimize administrative effort.
What should you include in the recommendation? A. an enterprise application in Azure AD
B. system-assigned managed identities
C. shared access signatures (SAS)
D. application registration in Azure AD Answer: B
Explanation:
System-assigned: Some Azure services allow you to enable a managed identity directly on a service instance. When you enable a system-assigned managed identity, an identity is created in Azure AD that's tied to the lifecycle of that service instance. When the resource is deleted, Azure automatically deletes the identity. By design, only that Azure resource can use that identity to request tokens from Azure AD.
https://learn.microsoft.com/en-us/training/modules/design-authentication-authorization-solutions/9-one-design-managed-identities 27 QUESTION 284
Your company has the divisions shown in the following table.
Sub1 contains an Azure App Service web app named App1. App1 uses Azure AD for single-tenant user authentication. Users from contoso.com can authenticate to App1.
You need to recommend a solution to enable users in the fabrikam.com tenant to authenticate to App1.
What should you recommend? A. Configure Azure AD join.
B. Configure Azure AD Identity Protection.
C. Configure a Conditional Access policy.
D. Configure Supported account types in the application registration and update the sign-in endpoint. Answer: D
Explanation:
The Microsoft identity platform provides support for specific identity types:
- External identities in Azure AD for partners (users outside of your organization)
https://learn.microsoft.com/en-us/security/zero-trust/develop/identity-supported-account-types 28 QUESTION 285
Hotspot Question
You have an Azure subscription that contains an Azure key vault named KV1 and a virtual machine named VM1. VM1 runs Windows Server 2022: Azure Edition.
You plan to deploy an ASP.Net Core-based application named App1 to VM1.
You need to configure App1 to use a system-assigned managed identity to retrieve secrets from KV1. The solution must minimize development effort.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
We need server based authentication so client credentials is to be used.
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow 29
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow 30
Also prefer AAD , because Microsoft Identity Platform is user based.
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-overview 31 QUESTION 286
Hotspot Question
You have an Azure subscription named Sub1 that is linked to an Azure AD tenant named contoso.com.
You plan to implement two ASP.NET Core apps named App1 and App2 that will be deployed to 100 virtual machines in Sub1. Users will sign in to App1 and App2 by using their contoso.com credentials.
App1 requires read permissions to access the calendar of the signed-in user. App2 requires write permissions to access the calendar of the signed-in user.
You need to recommend an authentication and authorization solution for the apps. The solution must meet the following requirements:
- Use the principle of least privilege.
- Minimize administrative effort.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Important point here is that both apps are deployed to the same machines. So Managed identitied will violate the principle of least privelege. As a user/system managed identity will have to be assigned both read and write permission to user's calendar.
App registeration will provide ability to use the service principal per app to set the correct permission required for the app.
Use delegated permissions to access user's data as admin allowed/forces users to delegate the permission to the app. QUESTION 287
You have an app named App1 that uses an on-premises Microsoft SQL Server database named DB1.
You plan to migrate DB1 to an Azure SQL managed instance.
You need to enable customer managed Transparent Data Encryption (TDE) for the instance. The solution must maximize encryption strength.
Which type of encryption algorithm and key length should you use for the TDE protector? A. RSA 3072
B. AES 256
C. RSA 4096
D. RSA 2048 Answer: A
Explanation:
Requirements for configuring TDE protector
TDE protector can only be an asymmetric, RSA, or RSA HSM key. The supported key lengths are 2048 bytes and 3072 bytes.
https://learn.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview?view=azuresql 32 QUESTION 288
You are planning an Azure IoT Hub solution that will include 50,000 IoT devices.
Each device will stream data, including temperature, device ID, and time data. Approximately 50,000 records will be written every second. The data will be visualized in near real time.
You need to recommend a service to store and query the data.
Which two services can you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point. A. Azure Table Storage
B. Azure Event Grid
C. Azure Cosmos DB for NoSQL
D. Azure Time Series Insights Answer: CD
Explanation:
Azure Cosmos DB is a globally distributed, multi-model database service that can be used to store and query large amounts of data with low latency. Cosmos DB supports various data models, including NoSQL, and is designed for high throughput and low latency. It can be used to store the data from the IoT devices and can handle the high write and read throughput required for the solution.
Azure Time Series Insights is a time-series data platform that is designed for analyzing time-stamped data. It can be used to visualize the data from the IoT devices in near real-time, providing a way to monitor and analyze the device data in real-time. It also has built-in support for IoT data, making it a good choice for this scenario. QUESTION 289
Hotspot Question
You are planning an Azure Storage solution for sensitive data. The data will be accessed daily. The data set is less than 10 GB.
You need to recommend a storage solution that meets the following requirements:
- All the data written to storage must be retained for five years.
- Once the data is written, the data can only be read. Modifications and deletion must be prevented.
- After five years, the data can be deleted, but never modified.
- Data access charges must be minimized
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: General purpose v2 with Hot access tier for blobs
Immutable storage for Azure Blob Storage enables users to store business-critical data in a WORM (Write Once, Read Many) state. While in a WORM state, data cannot be modified or deleted for a user-specified interval. By configuring immutability policies for blob data, you can protect your data from overwrites and deletes. Immutability policies include time-based retention policies and legal holds.
Box 2: Container access policy
Container access policy to configure a time-based retention policy for immutable storage.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/immutable-policy-configure-container-scope?tabs=azure-portal 33
https://learn.microsoft.com/en-us/azure/storage/blobs/immutable-storage-overview 34 QUESTION 290
Hotspot Question
You are designing a data analytics solution that will use Azure Synapse and Azure Data Lake Storage Gen2.
You need to recommend Azure Synapse pools to meet the following requirements:
- Ingest data from Data Lake Storage into hash-distributed tables.
- Implement query, and update data in Delta Lake.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: A dedicated SQL pool
A dedicated SQL pool in Azure Synapse provides the ability to create hash-distributed tables, which help distribute data evenly across multiple nodes and improve query performance. This option is well-suited for ingesting data from Data Lake Storage into hash-distributed tables.
Box 2: A serverless Apache Spark pool
A serverless Apache Spark pool in Azure Synapse allows you to run Apache Spark jobs on-demand without having to manage the underlying infrastructure. This option is ideal for working with Delta Lake, as it provides native support for querying and updating data stored in Delta Lake format. QUESTION 291
Drag and Drop Question
You have an on-premises app named App1.
Customers use App1 to manage digital images.
You plan to migrate App1 to Azure.
You need to recommend a data storage solution for App1. The solution must meet the following image storage requirements:
- Encrypt images at rest.
- Allow files up to 50 MB.
- Manage access to the images by using Azure Web Application Firewall (WAF) on Azure Front Door.
The solution must meet the following customer account requirements:
- Support automatic scale out of the storage.
- Maintain the availability of App1 if a datacenter fails.
- Support reading and writing data from multiple Azure regions.
Which service should you include in the recommendation for each type of data? To answer, drag the appropriate services to the correct type of data. Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct answer is worth one point.
Answer:
Explanation:
Box 1: Azure Blob storage
Azure Blob Storage is a suitable choice for storing digital images, as it supports encryption at rest, handles large file sizes (up to 50 MB or even larger), and can be used in conjunction with Azure Web Application Firewall (WAF) on Azure Front Door.
Box 2: Azure Cosmos DB
Azure Cosmos DB is a highly scalable, globally distributed, multi-model database service that supports automatic scale-out, ensures high availability even in the event of a datacenter failure, and allows for reading and writing data from multiple Azure regions. This makes it an ideal choice for storing customer account data in your scenario. QUESTION 292
You are designing an application that will aggregate content for users.
You need to recommend a database solution for the application. The solution must meet the following requirements:
- Support SQL commands.
- Support multi-master writes.
- Guarantee low latency read operations.
What should you include in the recommendation? A. Azure Cosmos DB for NoSQL
B. Azure SQL Database that uses active geo-replication
C. Azure SQL Database Hyperscale
D. Azure Cosmos DB for PostgreSQL Answer: A
Explanation:
https://learn.microsoft.com/en-us/azure/cosmos-db/introduction#key-benefits 35
- Gain unparalleled SLA-backed speed and throughput, fast global access, and instant elasticity. Real-time access with fast read and write latencies globally, and throughput and consistency all backed by SLAs
- Multi-region writes and data distribution to any Azure region with just a button. QUESTION 293
You plan to migrate on-premises MySQL databases to Azure Database for MySQL Flexible Server.
You need to recommend a solution for the Azure Database for MySQL Flexible Server configuration. The solution must meet the following requirements:
- The databases must be accessible if a datacenter fails.
- Costs must be minimized.
Which compute tier should you recommend? A. Burstable
B. General Purpose
C. Memory Optimized Answer: B
Explanation:
General Purpose is recommended as it balances performance and cost, and provides options for automatic failover to ensure high availability in case of datacenter failure. QUESTION 294
Hotspot Question
You are building an Azure web app that will store the Personally Identifiable Information (PII) of employees.
You need to recommend an Azure SQL. Database solution for the web app. The solution must meet the following requirements:
- Maintain availability in the event of a single datacenter outage.
- Support the encryption of specific columns that contain PII.
- Automatically scale up during payroll operations.
- Minimize costs.
What should you include in the recommendations? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-database-paas-overview?view=azuresql#service-tiers 36
The General Purpose service tier is designed for common workloads. It offers budget-oriented balanced compute and storage options.
https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-database-paas-overview?view=azuresql#compute-tiers 37
Serverless compute tier: auto-scales compute resources based on workload activity and bills for the amount of compute used, per second. The serverless compute tier is generally available in the General Purpose service tier, and is currently in preview in the Hyperscale service tier. QUESTION 295
Your company has offices in North America and Europe.
You plan to migrate to Azure.
You need to recommend a networking solution for the new Azure infrastructure. The solution must meet the following requirements:
- The Point-to-Site (P2S) VPN connections of mobile users must connect automatically to the closest Azure region.
- The offices in each region must connect to their local Azure region by using an ExpressRoute circuit.
- Transitive routing between virtual networks and on-premises networks must be supported.
- The network traffic between virtual networks must be filtered by using FQDNs.
What should you include in the recommendation? A. Azure Virtual WAN with a secured virtual hub
B. virtual network peering and application security groups
C. virtual network gateways and network security groups (NSGs)
D. Azure Route Server and Azure Network Function Manager Answer: A
Explanation:
The Virtual WAN meets the first 3 requirements, and the secured virtual hub has the Azure Firewall Manager, which can do the FQDN filtering.
https://learn.microsoft.com/en-us/azure/firewall-manager/secured-virtual-hub 38
https://learn.microsoft.com/en-us/azure/firewall/fqdn-filtering-network-rules 39 QUESTION 296
You are designing a point of sale (POS) solution that will be deployed across multiple locations and will use an Azure Databricks workspace in the Standard tier. The solution will include multiple apps deployed to the on-premises network of each location.
You need to configure the authentication method that will be used by the app to access the workspace. The solution must minimize the administrative effort associated with staff turnover and credential management.
What should you configure? A. a managed identity
B. a service principal
C. a personal access token Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/databricks/administration-guide/users-groups/service-principals#what-is-a-service-principal 40
A service principal is an identity that you create in Azure Databricks for use with automated tools, jobs, and applications. Service principals give automated tools and scripts API-only access to Azure Databricks resources, providing greater security than using users or groups. It also prevents jobs and automations from failing if a user leaves your organization or a group is modified. QUESTION 297
Hotspot Question
You have two Azure AD tenants named contoso.com and fabrikam.com. Each tenant is linked to 50 Azure subscriptions. Contoso.com contains two users named User1 and User2.
You need to meet the following requirements:
- Ensure that User1 can change the Azure AD tenant linked to specific Azure subscriptions.
- If an Azure subscription is liked to a new Azure AD tenant, and no available Azure AD accounts have full subscription-level permissions to the subscription, elevate the access of User2 to the subscription.
The solution must use the principle of least privilege.
Which role should you assign to each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory#before-you-begin 41
Before you can associate or add your subscription, do the following steps:
- Sign in using an account that: Has an Owner role assignment for the subscription. QUESTION 298
Your company has the divisions shown in the following table.
Sub1 contains an Azure App Service web app named App1. App1 uses Azure AD for single-tenant user authentication. Users from contoso.com can authenticate to App1.
You need to recommend a solution to enable users in the fabrikam.com tenant to authenticate to App1.
What should you recommend? A. Configure a Conditional Access policy.
B. Use Azure AD entitlement management to govern external users.
C. Configure the Azure AD provisioning service.
D. Configure Azure AD Identity Protection. Answer: B
Explanation:
https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview#what-can-i-do-with-entitlement-management 42
Here are some of capabilities of entitlement management:
- Select connected organizations whose users can request access. When a user who isn't yet in your directory requests access, and is approved, they're automatically invited into your directory and assigned access. When their access expires, if they have no other access package assignments, their B2B account in your directory can be automatically removed. QUESTION 299
You have an Azure subscription that contains the resources shown in the following table.
You create peering between VNet1 and VNet2 and between VNet1 and VNet3.
The virtual machines host an HTTPS-based client/server application and are accessible only via the private IP address of each virtual machine.
You need to implement a load balancing solution for VM2 and VM3. The solution must ensure that if VM2 fails, requests will be routed automatically to VM3, and if VM3 fails, requests will be routed automatically to VM2.
What should you include in the solution? A. Azure Firewall Premium
B. Azure Application Gateway v2
C. a cross-region load balancer
D. Azure Front Door Premium Answer: D
Explanation:
https://learn.microsoft.com/en-us/azure/frontdoor/front-door-faq#what-is-the-difference-between-azure-front-door-and-azure-application-gateway- 43
While both Front Door and Application Gateway are layer 7 (HTTP/HTTPS) load balancers, the primary difference is that Front Door is a non-regional service whereas Application Gateway is a regional service. While Front Door can load balance between your different scale units/clusters/stamp units across regions, Application Gateway allows you to load balance between your VMs/containers etc. that is within the scale unit. QUESTION 300
You are designing an app that will include two components. The components will communicate by sending messages via a queue.
You need to recommend a solution to process the messages by using a First in, First out (FIFO) pattern.
What should you include in the recommendation? A. storage queues with a custom metadata setting
B. Azure Service Bus queues with partitioning enabled
C. Azure Service Bus queues with sessions enabled
D. storage queues with a stored access policy Answer: C
Explanation:
https://learn.microsoft.com/en-us/azure/service-bus-messaging/message-sessions 44
Azure Service Bus sessions enable joint and ordered handling of unbounded sequences of related messages. Sessions can be used in first in, first out (FIFO) and request-response patterns. This article shows how to use sessions to implement these patterns when using Service Bus. QUESTION 301
You are developing an app that will use Azure Functions to process Azure Event Hubs events. Request processing is estimated to take between five and 20 minutes.
You need to recommend a hosting solution that meets the following requirements:
- Supports estimates of request processing runtimes
- Supports event-driven autoscaling for the app
Which hosting plan should you recommend? A. Dedicated
B. Consumption
C. App Service
D. Premium Answer: D
Explanation:
https://learn.microsoft.com/en-us/azure/azure-functions/functions-scale#scale 45
Premium plan
- Event driven. Scale out automatically, even during periods of high load. Azure Functions infrastructure scales CPU and memory resources by adding additional instances of the Functions host, based on the number of events that its functions are triggered on.
https://learn.microsoft.com/en-us/azure/azure-functions/functions-scale#timeout 46
Premium plan
- default timeout: 30 mins
- max timeout: Unlimited
Resources From:1.2025 Latest Braindump2go AZ-305 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/az-305.html 2.2025 Latest Braindump2go AZ-305 PDF and AZ-305 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1ZjEqbV6mv15IiTS1GH-Im-8DkoxHa8tW?usp=sharing 3.2025 Free Braindump2go AZ-305 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/AZ-305-VCE-Dumps(260-301).pdf Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!
|
![image_thumb[1]](http://examgod.com/bdimages/2025-November-NewQ260-Q301_A51E/image_thumb1.png "image_thumb[1]")
