New Updated AZ-301 Exam Questions from PassLeader AZ-301 PDF dumps! Welcome to download the newest PassLeader AZ-301 VCE dumps: https://www.passleader.com/az-301.html (160 Q&As)
Keywords: AZ-301 exam dumps, AZ-301 exam questions, AZ-301 VCE dumps, AZ-301 PDF dumps, AZ-301 practice tests, AZ-301 study guide, AZ-301 braindumps, Microsoft Azure Architect Design Exam
P.S. New AZ-301 dumps PDF: https://drive.google.com/open?id=1ah1U5ZfTQkd7hMRDhnN0gFL7q8qMqtUl
P.S. New AZ-300 dumps PDF: https://drive.google.com/open?id=1f0aRTfxMz2rxKc4dy3CZjxKse4HWA3rQ
NEW QUESTION 142
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity. Several VMs are exhibiting network connectivity issues. You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use the Azure traffic analytics solution in Azure Log Analytics to analyze the network traffic.
Does the solution meet the goal?
A. Yes
B. No
Answer: B
Explanation:
Instead use Azure Network Watcher to run IP flow verify to analyze the network traffic.
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
NEW QUESTION 143
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity. Several VMs are exhibiting network connectivity issues. You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use Azure Network Watcher to run IP flow verify to analyze the network traffic.
Does the solution meet the goal?
A. Yes
B. No
Answer: A
Explanation:
The Network Watcher Network performance monitor is a cloud-based hybrid network monitoring solution that helps you monitor network performance between various points in your network infrastructure. It also helps you monitor network connectivity to service and application endpoints and monitor the performance of Azure ExpressRoute.
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
NEW QUESTION 144
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity. Several VMs are exhibiting network connectivity issues. You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Install and configure the Log Analytics and Dependency Agents on all VMs. Use the Wire Data solution in Azure Log Analytics to analyze the network traffic.
Does the solution meet the goal?
A. Yes
B. No
Answer: B
Explanation:
Instead use Azure Network Watcher to run IP flow verify to analyze the network traffic.
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
NEW QUESTION 145
Your network contains an on-premises Active Directory forest named contoso.com. The forest is synced to an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure AD Domain Services (Azure AD DS) domain named contoso-aad.com. You have an Azure Storage account named Storage1 that contains a file share named Share1. You configure NTFS permissions on Share1. You plan to deploy a virtual machine that will be used by several users to access Share1. You need to ensure that the users can access Share1. Which type virtual machine should you deploy?
A. a virtual machine that runs Windows Server 2016 and is joined to the contoso.com domain
B. a virtual machine that runs Windows 10 and is joined to the contoso-add.com domain
C. a virtual machine that runs Windows 10 and is hybrid Azure AD joined to the contoso.com domain
D. an Azure virtual machine that runs Windows Server 2016 and is joined to the contoso-add.com domain
Answer: D
Explanation:
You join the Windows Server virtual machine to the Azure AD DS-managed domain, here named contoso-aad.com. Azure Files supports identity-based authentication over SMB (Server Message Block) (preview) through Azure Active Directory (Azure AD) Domain Services. Your domain-joined Windows virtual machines (VMs) can access Azure file shares using Azure AD credentials.
Incorrect:
Not B, C: Azure AD authentication over SMB is not supported for Linux VMs for the preview release. Only Windows Server VMs are supported.
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-enable#mount-a-file-share-from-a-domain-joined-vm
NEW QUESTION 146
Your company has an on-premises data center and an Azure subscription. The on-premises data center contains a Hardware Security Module (HSM). Your network contains an Active Directory domain that is synchronized to an Azure Active Directory (Azure AD) tenant. The company is developing an application named Application1. Application1 will be hosted in Azure by using 10 virtual machines that run Windows Server 2016. Five virtual machines will be in the West Europe Azure region and five virtual machines will be in the East US Azure region. The virtual machines will store sensitive company information. All the virtual machines will use managed disks. You need to recommend a solution to encrypt the virtual machine disks by using BitLocker Drive Encryption (BitLocker).
Solution: Deploy one Azure Key Vault to each region. Create two Azure AD service principals. Configure the virtual machines to use Azure Disk Encryption and specify a different service principal for the virtual machines in each region.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
You would also have to import Import the security keys from the HSM into each Azure key vault.
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-prerequisites-aad
NEW QUESTION 147
Your company has an on-premises data center and an Azure subscription. The on-premises data center contains a Hardware Security Module (HSM). Your network contains an Active Directory domain that is synchronized to an Azure Active Directory (Azure AD) tenant. The company is developing an application named Application1. Application1 will be hosted in Azure by using 10 virtual machines that run Windows Server 2016. Five virtual machines will be in the West Europe Azure region and five virtual machines will be in the East US Azure region. The virtual machines will store sensitive company information. All the virtual machines will use managed disks. You need to recommend a solution to encrypt the virtual machine disks by using BitLocker Drive Encryption (BitLocker).
Solution: Export a security key from the on-premises HSM. Create one Azure AD service principal. Configure the virtual machines to use Azure Storage Service Encryption.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
We use the Azure Premium Key Vault with Hardware Security Modules (HSM) backed keys. The Key Vault has to be in the same region as the VM that will be encrypted.
https://www.ciraltos.com/azure-disk-encryption-v2/
NEW QUESTION 148
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity. Several VMs are exhibiting network connectivity issues. You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use Azure Advisor to analyze the network traffic.
Does the solution meet the goal?
A. Yes
B. No
Answer: B
Explanation:
Instead use Azure Network Watcher to run IP flow verify to analyze the network traffic.
https://docs.microsoft.com/en-us/azure/advisor/advisor-overview
NEW QUESTION 149
Your network contains an Active Directory domain named contoso.com that is federated to an Azure Active Directory (Azure AD) tenant. The on-premises domain contains a VPN server named Server1 that runs Windows Server 2016. You have a single on-premises location that uses an address space of 172.16.0.0/16. You need to implement two-factor authentication for users who establish VPN connections to Server1. What should you include in the implementation?
A. In Azure AD, create a conditional access policy and a trusted named location.
B. Install and configure Azure MFA Server on-premises.
C. Configure an Active Directory Federation Services (AD FS) server on-premises.
D. In Azure AD, configure the authentication methods.
From the multi-factor authentication (MFA) service settings, create a trusted IP range.
Answer: B
Explanation:
You need to download, install and configure the MFA Server.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-deploy
NEW QUESTION 150
You are designing an Azure solution for a company that has four departments. Each department will deploy several Azure app services and Azure SQL databases. You need to recommend a solution to report the costs for each department to deploy the app services and the databases. The solution must provide a consolidated view for cost reporting.
Solution: Create a resources group for each resource type. Assign tags to each resource group.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to organize resources for billing or management.
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
NEW QUESTION 151
You are designing an Azure solution for a company that has four departments. Each department will deploy several Azure app services and Azure SQL databases. You need to recommend a solution to report the costs for each department to deploy the app services and the databases. The solution must provide a consolidated view for cost reporting.
Solution: Place all resources in the same resource group. Assign tags to each resource.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
Instead, create a resources group for each resource type. Assign tags to each resource. Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to organize resources for billing or management.
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
NEW QUESTION 152
You are designing an Azure solution for a company that has four departments. Each department will deploy several Azure app services and Azure SQL databases. You need to recommend a solution to report the costs for each department to deploy the app services and the databases. The solution must provide a consolidated view for cost reporting.
Solution: Create a new subscription for each department.
Does this meet the goal?
A. Yes
B. No
Answer: B
NEW QUESTION 153
You plan to store data in Azure Blob storage for many years. The stored data will be accessed rarely. You need to ensure that the data in Blob storage is always available for immediate access. The solution must minimize storage costs. Which storage tier should you use?
A. Cool
B. Archive
C. Hot
Answer: A
Explanation:
Azure cool tier is equivalent to the Amazon S3 Infrequent Access (S3-IA) storage in AWS that provides a low cost high performance storage for infrequently access data.
Incorrect:
Not B: Even though Azure archive storage offers the lowest cost in terms of data storage, its data retrieval charges are higher than that of hot and cool tiers. In fact, the data in the archive tier remains offline until the tier of the data is changed using a process called hydration. The process of hydrating data in the archive storage tier and moving it to either hot or cool tier could take up to 15 hours and, hence, it is only intended for data that can afford that kind of access delay.
Not C: The storage cost for this Azure cold storage tier is lower than that of hot storage tier.
https://cloud.netapp.com/blog/low-cost-storage-options-on-azure
NEW QUESTION 154
You manage an application instance. The application consumes data from multiple databases. Application code references database tables using a combination of the server, database, and table name. You need to migrate the application instance to Azure. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A. SQL Server Stretch Database
B. SQL Server in an Azure virtual machine
C. Azure SQL Database
D. SQL Managed Instance
Answer: AD
Explanation:
A: Access your SQL Server data seamlessly regardless of whether it’s on-premises or stretched to the cloud. You set the policy that determines where data is stored, and SQL Server handles the data movement in the background. The entire table is always online and queryable. And, Stretch Database doesn’t require any changes to existing queries or applications – the location of the data is completely transparent to the application.
D: The managed instance deployment model is designed for customers looking to migrate a large number of apps from on-premises or IaaS, self-built, or ISV provided environment to fully managed PaaS cloud environment, with as low migration effort as possible. Using the fully automated Data Migration Service (DMS) in Azure, customers can lift and shift their on-premises SQL Server to a managed instance that offers compatibility with SQL Server on-premises and complete isolation of customer instances with native VNet support.
https://docs.microsoft.com/en-us/sql/sql-server/stretch-database/stretch-database
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance
NEW QUESTION 155
You are migrating an on-premises application to Azure. One component of the application is a legacy Windows native executable that performs image processing. The image processing application must run every hour. During times that the image processing application is not running, it should not be consuming any Azure compute resources. You need to ensure that the image processing application runs correctly every hour.
Solution: Create an Azure Batch application that runs the image processing application every hour.
Does the solution meet the goal?
A. Yes
B. No
Answer: B
Explanation:
Instead use an Azure Logic Apps, which helps you automate workflows that run on a schedule.
https://docs.microsoft.com/en-us/azure/logic-apps/tutorial-build-schedule-recurring-logic-app-workflow
NEW QUESTION 156
You plan to run an image rendering workload in Azure. The workload uses parallel compute processes. What is the best service to use to run the workload? (More than one answer choice may achieve the goal. Choose the BEST answer.)
A. an Azure virtual machine scale set
B. Azure Kubernetes Service (AKS)
C. Azure Batch
D. Azure Container Service
Answer: C
Explanation:
Azure Batch works well with intrinsically parallel (also known as "embarrassingly parallel") workloads. Intrinsically parallel workloads are those where the applications can run independently, and each instance completes part of the work. When the applications are executing, they might access some common data, but they do not communicate with other instances of the application. Intrinsically parallel workloads can therefore run at a large scale, determined by the amount of compute resources available to run applications simultaneously.
https://docs.microsoft.com/en-us/azure/batch/batch-technical-overview
NEW QUESTION 157
You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager resource deployments in your subscription. What should you include in the recommendation?
A. the Change Tracking management solution
B. Azure Activity Log
C. Azure Monitor action groups
D. Azure Advisor
Answer: B
Explanation:
The Azure Activity Log provides insight into subscription-level events that have occurred in Azure. This includes a range of data, from Azure Resource Manager operational data to updates on Service Health events. Activity logs are kept for 90 days. You can query for any range of dates, as long as the starting date isn’t more than 90 days in the past.
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-audit
NEW QUESTION 158
……
Download the newest PassLeader AZ-301 dumps from passleader.com now! 100% Pass Guarantee!
AZ-301 PDF dumps & AZ-301 VCE dumps: https://www.passleader.com/az-301.html (160 Q&As) (New Questions Are 100% Available and Wrong Answers Have Been Corrected! Free VCE simulator!)
P.S. New AZ-301 dumps PDF: https://drive.google.com/open?id=1ah1U5ZfTQkd7hMRDhnN0gFL7q8qMqtUl
P.S. New AZ-300 dumps PDF: https://drive.google.com/open?id=1f0aRTfxMz2rxKc4dy3CZjxKse4HWA3rQ
Comments are closed, but trackbacks and pingbacks are open.