Microsoft AZ-301 Microsoft Azure Architect Design Online Training
Microsoft AZ-301 Online Training
The questions for AZ-301 were last updated at Jan 10,2025.
- Exam Code: AZ-301
- Exam Name: Microsoft Azure Architect Design
- Certification Provider: Microsoft
- Latest update: Jan 10,2025
Note: This question is a part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Install and configure the Log Analytics and Dependency Agents on all VMs. Use the Wire Data solution in Azure Log Analytics to analyze the network traffic.
Does the solution meet the goal?
- A . Yes
- B . No
HOTSPOT
A company plans to implement an HTTP-based API to support a web app. The web app allows customers to check the status of their orders.
The API must meet the following requirements:
– Implement Azure Functions
– Provide public read-only operations
– Do not allow write operations
You need to recommend configuration options.
What should you recommend? To answer, configure the appropriate options in the dialog box in the answer area. NOTE: Each correct selection is worth one point.
Your network contains an on-premises Active Directory forest named contoso.com. The forest is synced to an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure AD Domain Services (Azure AD DS) domain named contoso-aad.com.
You have an Azure Storage account named Storage1 that contains a file share named Share1.
You configure NTFS permissions on Share1. You plan to deploy a virtual machine that will be used by several users to access Share1.
You need to ensure that the users can access Share1.
Which type virtual machine should you deploy?
- A . a virtual machine that runs Windows Server 2016 and is joined to the contoso.com domain
- B . a virtual machine that runs Windows 10 and is joined to the contoso-add.com domain
- C . a virtual machine that runs Windows 10 and is hybrid Azure AD joined to the contoso.com domain
- D . an Azure virtual machine that runs Windows Server 2016 and is joined to the contoso-add.com domain
Note: This question is a part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises data center and an Azure subscription. The on-premises data center contains a Hardware Security Module (HSM).
Your network contains an Active Directory domain that is synchronized to an Azure Active Directory (Azure AD) tenant.
The company is developing an application named Application1. Application1 will be hosted in Azure by using 10 virtual machines that run Windows Server 2016. Five virtual machines will be in the West Europe Azure region and five virtual machines will be in the East US Azure region. The virtual machines will store sensitive company information. All the virtual machines will use managed disks.
You need to recommend a solution to encrypt the virtual machine disks by using BitLocker Drive Encryption (BitLocker).
Solution: Deploy one Azure Key Vault to each region. Create two Azure AD service principals. Configure the virtual machines to use Azure Disk Encryption and specify a different service principal for the virtual machines in each region.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is a part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises data center and an Azure subscription. The on-premises data center contains a Hardware Security Module (HSM).
Your network contains an Active Directory domain that is synchronized to an Azure Active Directory (Azure AD) tenant.
The company is developing an application named Application1. Application1 will be hosted in Azure by using 10 virtual machines that run Windows Server 2016. Five virtual machines will be in the West Europe Azure region and five virtual machines will be in the East US Azure region. The virtual machines will store sensitive company information. All the virtual machines will use managed disks.
You need to recommend a solution to encrypt the virtual machine disks by using BitLocker Drive Encryption (BitLocker).
Solution: Export a security key from the on-premises HSM. Create one Azure AD service principal. Configure the virtual machines to use Azure Storage Service Encryption.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is a part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises data center and an Azure subscription. The on-premises data center contains a Hardware Security Module (HSM).
Your network contains an Active Directory domain that is synchronized to an Azure Active Directory (Azure AD) tenant.
The company is developing an application named Application1. Application1 will be hosted in Azure by using 10 virtual machines that run Windows Server 2016. Five virtual machines will be in the West Europe Azure region and five virtual machines will be in the East US Azure region. The virtual machines will store sensitive company information. All the virtual machines will use managed disks.
You need to recommend a solution to encrypt the virtual machine disks by using BitLocker Drive Encryption (BitLocker).
Solution:
– Deploy one Azure key vault to each region
– Export two security keys from the on-premises HSM
– Import the security keys from the HSM into each Azure key vault
– Create two Azure AD service principals
– Configure the virtual machines to use Azure Disk Encryption
– Specify a different service principal for the virtual machines in each region
Does this meet the goal?
- A . Yes
- B . No
Note: This question is a part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use Azure Advisor to analyze the network traffic.
Does the solution meet the goal?
- A . Yes
- B . No
Your network contains an Active Directory domain named contoso.com that is federated to an Azure Active Directory (Azure AD) tenant. The on-premises domain contains a VPN server named Server1 that runs Windows Server 2016.
You have a single on-premises location that uses an address space of 172.16.0.0/16.
You need to implement two-factor authentication for users who establish VPN connections to Server1.
What should you include in the implementation?
- A . In Azure AD, create a conditional access policy and a trusted named location
- B . Install and configure Azure MFA Server on-premises
- C . Configure an Active Directory Federation Services (AD FS) server on-premises
- D . In Azure AD, configure the authentication methods. From the multi-factor authentication (MFA) service settings, create a trusted IP range
HOTSPOT
You configure the Diagnostics settings for an Azure SQL database as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Note: This question is a part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.
Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network.
You need to enable single sign-on (SSO) for company users.
Solution: Install and configure an Azure AD Connect server to use password hash synchronization and
select the Enable single sign-on option.
Does the solution meet the goal?
- A . Yes
- B . No