Microsoft AZ-301 Microsoft Azure Architect Design Online Training
Microsoft AZ-301 Online Training
The questions for AZ-301 were last updated at Dec 19,2024.
- Exam Code: AZ-301
- Exam Name: Microsoft Azure Architect Design
- Certification Provider: Microsoft
- Latest update: Dec 19,2024
Testlet 1
Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirement, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd. is a US-based financial services company that has a main office in New York and a branch office in San Francisco.
Existing Environment
Payment Processing System
Contoso hosts a business-critical payment processing system in its New York data center. The system has three tiers: a front-end web app, a middle-tier web API, and a back-end data store implemented as a Microsoft SQL Server 2014 database. All servers run Windows Server 2012 R2.
The front-end and middle-tier components are hosted by using Microsoft Internet Information Services (IIS). The application code is written in C# and ASP.NET. The middle-tier API uses the Entity Framework to communicate to the SQL Server database. Maintenance of the database is performed by using SQL Server Agent jobs.
The database is currently 2 TB and is not expected to grow beyond 3 TB.
The payment processing system has the following compliance-related requirements:
– Encrypt data in transit and at rest. Only the front-end and middle-tier components must be able to access the encryption keys that protect the data store.
– Keep backups of the data in two separate physical locations that are at least 200 miles apart and can be restored for up to seven years.
– Support blocking inbound and outbound traffic based on the source IP address, the destination IP address, and the port number.
– Collect Windows security logs from all the middle-tier servers and retain the logs for a period of seven years.
– Inspect inbound and outbound traffic from the front-end tier by using highly available network appliances.
– Only allow all access to all the tiers from the internal network of Contoso.
Tape backups are configured by using an on-premises deployment of Microsoft System Center Data Protection Manager (DPM), and then shipped offsite for long term storage.
Historical Transaction Query System
Contoso recently migrated a business-critical workload to Azure. The workload contains a .NET web service for querying the historical transaction data residing in Azure Table Storage. The .NET web service is accessible from a client app that was developed in-house and runs on the client computers in the New York office. The data in the table storage is 50 GB and is not expected to increase.
Current Issues
The Contoso IT team discovers poor performance of the historical transaction query system, at the queries frequently cause table scans.
Requirements
Planned Changes
Contoso plans to implement the following changes:
– Migrate the payment processing system to Azure.
– Migrate the historical transaction data to Azure Cosmos DB to address the performance issues.
Migration Requirements
Contoso identifies the following general migration requirements:
– Infrastructure services must remain available if a region or a data center fails. Failover must occur without any administrative intervention.
– Whenever possible, Azure managed services must be used to minimize management overhead.
– Whenever possible, costs must be minimized.
Contoso identifies the following requirements for the payment processing system:
– If a data center fails, ensure that the payment processing system remains available without any administrative intervention. The middle-tier and the web front end must continue to operate without any additional configurations.
– Ensure that the number of compute nodes of the front-end and the middle tiers of the payment processing system can increase or decrease automatically based on CPU utilization.
– Ensure that each tier of the payment processing system is subject to a Service Level Agreement (SLA) of 99.99 percent availability.
– Minimize the effort required to modify the middle-tier API and the back-end tier of the payment processing system.
– Generate alerts when unauthorized login attempts occur on the middle-tier virtual machines.
– Ensure that the payment processing system preserves its current compliance status.
– Host the middle tier of the payment processing system on a virtual machine.
Contoso identifies the following requirements for the historical transaction query system:
– Minimize the use of on-premises infrastructure services.
– Minimize the effort required to modify the .NET web service querying Azure Cosmos DB.
– Minimize the frequency of table scans.
– If a region fails, ensure that the historical transactions query system remains available without any administrative intervention.
Information Security Requirements
The IT security team wants to ensure that identity management is performed by using Active Directory. Password hashes must be stored on-premises only.
Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger a multi-factor authentication prompt automatically. legitimate users must be able to authenticate successfully by using multi-factor authentication.
You need to recommend a solution for the collection of security logs for the middle tier of the payment processing system.
What should you include in the recommendation?
- A . Azure Event Hubs
- B . Azure Notification Hubs
- C . the Azure Diagnostics agent
- D . the Microsoft Monitoring agent
Question Set 2
HOTSPOT
You deploy several Azure SQL Database instances.
You plan to configure the Diagnostics settings on the databases as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Your company uses Microsoft System Center Service Manager on its on-premises network.
You plan to deploy several services to Azure.
You need to recommend a solution to push Azure service health alerts to Service Manager.
What should you include in the recommendation?
- A . Azure Notification Hubs
- B . Azure Event Hubs
- C . IT Service Management Connector (ITSM)
- D . Application Insights Connector
You have an on-premises Hyper-V cluster. The cluster contains Hyper-V hosts that run Windows Server 2016 Datacenter. The hosts are licensed under a Microsoft Enterprise Agreement that has Software Assurance.
The Hyper-V cluster hosts 30 virtual machines that run Windows Server 2012 R2. Each virtual machine runs a different workload. The workloads have predictable consumption patterns.
You plan to replace the virtual machines with Azure virtual machines that run Windows Server 2016. The virtual machines will be sized according to the consumption pattern of each workload.
You need to recommend a solution to minimize the compute costs of the Azure virtual machines.
Which two recommendations should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Purchase Azure Reserved Virtual Machine Instances for the Azure virtual machines
- B . Create a virtual machine scale set that uses autoscaling
- C . Configure a spending limit in the Azure account center
- D . Create a lab in Azure DevTest Labs and place the Azure virtual machines in the lab
- E . Activate Azure Hybrid Benefit for the Azure virtual machines
You have an on-premises Active Directory forest and an Azure Active Directory (Azure AD) tenant. All Azure AD users are assigned a Premium P1 license.
You deploy Azure AD Connect.
Which two features are available in this environment that can reduce operational overhead for your company’s help desk? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Azure AD Privileged Identity Management policies
- B . access reviews
- C . self-service password reset
- D . Microsoft Cloud App Security Conditional Access App Control
- E . password writeback
You are planning the implementation of an order processing web service that will contain microservices hosted in an Azure Service Fabric cluster.
You need to recommend a solution to provide developers with the ability to proactively identify and fix performance issues. The developers must be able to simulate user connections to the order processing web service from the Internet, as well as simulate user transactions. The developers must be notified if the goals for the transaction response times are not met.
What should you include in the recommendation?
- A . container health
- B . Azure Network Watcher
- C . Application Insights
- D . Service Fabric Analytics
You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager resource deployments in your subscription.
What should you include in the recommendation?
- A . Azure Analysis Services
- B . Azure Activity Log
- C . Azure Monitor action groups
- D . Azure Advisor
- E . Azure Monitor metrics
- F . Azure Log Analytics
- G . Application Insights
HOTSPOT
You have an Azure App Service Web App that includes Azure Blob storage and an Azure SQL Database instance. The application is instrumented by using the Application Insights SDK.
You need to design a monitoring solution for the web app.
Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area. NOTE: Each correct selection is worth one point.
DRAG DROP
You have an Azure Active Directory (Azure AD) tenant. All user accounts are synchronized from an on-premises Active Directory domain and are configured for federated authentication. Active Directory Federation Services (AD FS) servers are published for external connections by using a farm of Web Application Proxy servers.
You need to recommend a solution to monitor the servers that integrate with Azure AD.
The solution must meet the following requirements:
– Identify any AD FS issues and their potential resolutions.
– Identify any directory synchronization configuration issues and their potential resolutions
– Notify administrators when there are any issues affecting directory synchronization or AD FS operations.
Which monitoring solution should you recommend for each server type? To answer, drag the appropriate monitoring solutions to the correct server types. Each monitoring solution may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You plan to deploy 200 Microsoft SQL Server databases to Azure by using Azure SQL Database and Azure SQL Database Managed Instance.
You need to recommend a monitoring solution that provides a consistent monitoring approach for all deployments.
The solution must meet the following requirements:
– Support current-state analysis based on metrics collected near real-time, multiple times per minute, and maintained for up to one hour
– Support longer term analysis based on metrics collected multiple times per hour and maintained for up to two weeks.
– Support monitoring of the number of concurrent logins and concurrent sessions.
What should you include in the recommendation?
- A . dynamic management views
- B . trace flags
- C . Azure Monitor
- D . SQL Server Profiler