Notes: Hi all, Microsoft Azure Architect Design Practice Exam Part 5 will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics. We highly recommend you should take Microsoft Azure Architect Design Actual Exam Version because it include actual exam questions and highlighted answers are collected in our exam. It will help you pass exam in easier way.
Part 1: https://www.awslagi.com/microsoft-azure-architect-design-practice-exam-part-1
Part 2: https://www.awslagi.com/microsoft-azure-architect-design-practice-exam-part-2
Part 3: https://www.awslagi.com/microsoft-azure-architect-design-practice-exam-part-3
Part 4: https://www.awslagi.com/microsoft-azure-architect-design-practice-exam-part-4
Part 5: https://www.awslagi.com/microsoft-azure-architect-design-practice-exam-part-5
Part 6: https://www.awslagi.com/microsoft-azure-architect-design-practice-exam-part-6
Part 7: https://www.awslagi.com/microsoft-azure-architect-design-practice-exam-part-7
154. Overview –
Contoso, Ltd. is a US-based financial services company that has a main office in New York and a branch office in San Francisco.
Existing Environment –
Payment Processing System –
Contoso hosts a business-critical payment processing system in its New York data center. The system has three tiers: a front-end web app, a middle-tier web API, and a back-end data store implemented as a Microsoft SQL Server 2014 database. All servers run Windows Server 2012 R2. The front-end and middle-tier components are hosted by using Microsoft Internet Information Services (IIS). The application code is written in C# and ASP.NET. The middle-tier API uses the Entity Framework to communicate to the SQL Server database. Maintenance of the database is performed by using SQL Server Agent jobs. The database is currently 2 TB and is not expected to grow beyond 3 TB. The payment processing system has the following compliance-related requirements:
Encrypt data in transit and at rest. Only the front-end and middle-tier components must be able to access the encryption keys that protect the data store. Keep backups of the data in two separate physical locations that are at least 200 miles apart and can be restored for up to seven years. Support blocking inbound and outbound traffic based on the source IP address, the destination IP address, and the port number.
Collect Windows security logs from all the middle-tier servers and retain the logs for a period of seven years. Inspect inbound and outbound traffic from the front-end tier by using highly available network appliances. Only allow all access to all the tiers from the internal network of Contoso.
Tape backups are configured by using an on-premises deployment of Microsoft System Center Data Protection Manager (DPM), and then shipped off site for long term storage.
Historical Transaction Query System –
Contoso recently migrated a business-critical workload to Azure. The workload contains a .NET web service for querying the historical transaction data residing in Azure Table Storage. The .NET web service is accessible from a client app that was developed in-house and runs on the client computers in the New York office. The data in the table storage is 50 GB and is not expected to increase.
Current Issues –
The Contoso IT team discovers poor performance of the historical transaction query system, at the queries frequently cause table scans.
Requirements –
Planned Changes –
Contoso plans to implement the following changes:
Migrate the payment processing system to Azure.
Migrate the historical transaction data to Azure Cosmos DB to address the performance issues.
Migration Requirements –
Contoso identifies the following general migration requirements:
Infrastructure services must remain available if a region or a data center fails. Failover must occur without any administrative intervention.
Whenever possible, Azure managed services must be used to minimize management overhead. Whenever possible, costs must be minimized.
Contoso identifies the following requirements for the payment processing system:
If a data center fails, ensure that the payment processing system remains available without any administrative intervention. The middle-tier and the web front end must continue to operate without any additional configurations.
Ensure that the number of compute nodes of the front-end and the middle tiers of the payment processing system can increase or decrease automatically based on CPU utilization. Ensure that each tier of the payment processing system is subject to a Service Level Agreement (SLA) of 99.99 percent availability. Minimize the effort required to modify the middle-tier API and the back-end tier of the payment processing system.
Generate alerts when unauthorized login attempts occur on the middle-tier virtual machines.
Ensure that the payment processing system preserves its current compliance status.
Host the middle tier of the payment processing system on a virtual machine.
Contoso identifies the following requirements for the historical transaction query system:
Minimize the use of on-premises infrastructure services.
Minimize the effort required to modify the .NET web service querying Azure Cosmos DB.
Minimize the frequency of table scans.
If a region fails, ensure that the historical transactions query system remains available without any administrative intervention.
Information Security Requirements
The IT security team wants to ensure that identity management is performed by using Active Directory. Password hashes must be stored on-premises only.
Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger a multi-factor authentication prompt automatically. legitimate users must be able to authenticate successfully by using multi-factor authentication.
Question 154.1
You need to recommend a solution for the collection of security logs for the middle tier of the payment processing system. What should you include in the recommendation?
A. the Azure Log Analytics agent
B. Azure Event Hubs
C. Azure Notification Hubs
D. the Azure Diagnostics agent
Answer: A
Question 154.2
HOTSPOT – You need to recommend a solution for configuring the Azure Multi-Factor Authentication (MFA) settings. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Box 1: Premium P2
Box 2: Allow access and require multi-factor authentication
Box 3: Allow access and require Azure MFA registration
Question 154.3
HOTSPOT – You need to design a solution for securing access to the historical transaction data. What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Box 1: Create users and generate resource tokens
Box 2: Request resource tokens and perform authentication
Question 154.4:
HOTSPOT – You need to recommend a solution for the users at Contoso to authenticate to the cloud-based services and the Azure AD-integrated applications. What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Box 1: Pass-through Authentication
Box 2: Traffic Manager and a standard Load Balancer
Question 154.5:
You need to recommend a solution for implementing the back-end tier of the payment processing system in Azure. What should you include in the recommendation?
A. an Azure SQL Database managed instance
B. a SQL Server database on an Azure virtual machine
C. an Azure SQL Database single database
D. an Azure SQL Database elastic pool
Answer: A
Question 154.6:
You need to recommend a solution for protecting the content of the payment processing system. What should you include in the recommendation?
A. Transparent Data Encryption (TDE)
B. Azure Storage Service Encryption
C. Always Encrypted with randomized encryption
D. Always Encrypted with deterministic encryption
Answer: D
Question 154.7:
HOTSPOT – You need to recommend a solution for the data store of the historical transaction query system. What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Box 1: A table that has a fixed capacity
Box 2: An additional read region
Question 154.8:
You need to recommend a backup solution for the data store of the payment processing system. What should you include in the recommendation?
A. Microsoft System Center Data Protection Manager (DPM)
B. Azure SQL long-term backup retention
C. Azure Backup Server
D. a Recovery Services vault
E. Azure Managed Disks
Answer: B
Question 154.9:
You need to recommend a disaster recovery solution for the back-end tier of the payment processing system. What should you include in the recommendation?
A. Always On Failover Cluster Instances
B. active geo-replication
C. Azure Site Recovery
D. an auto-failover group
Answer: D
Question 154.10:
You need to recommend a high-availability solution for the middle tier of the payment processing system. What should you include in the recommendation?
A. the Isolated App service plan
B. availability zones
C. an availability set
D. the Premium App Service plan
Answer: B
Question 154.11:
You need to recommend a compute solution for the middle tier of the payment processing system. What should you include in the recommendation?
A. Azure Kubernetes Service (AKS)
B. virtual machine scale sets
C. availability sets
D. App Service Environments (ASEs)
Answer: B
Question 154.12:
You need to recommend a solution for the network configuration of the front-end tier of the payment processing. What should you include in the recommendation?
A. Azure Application Gateway
B. Traffic Manager
C. a Standard Load Balancer
D. a Basic load Balancer
Answer: C
