Sample Exam Questions 3: AZ-300: Microsoft Azure Architect Technologies

Posted on By DesiBanjara No Comments on Sample Exam Questions 3: AZ-300: Microsoft Azure Architect Technologies

Sample Exam Questions 3: AZ-300: Microsoft Azure Architect Technologies

QUESTION 11

An app uses a virtual network with two subnets. One subnet is used for the application server. The other subnet is used for a database server. A network virtual appliance (NVA) is used as a firewall.

Traffic destined for one specific address prefix is routed to the NVA and then to an on-premises database server that stores sensitive data. A Border Gateway Protocol (BGP) route is used for the traffic to the on-premises database server.

You need to recommend a method for creating the user-defined route.
Which two options should you recommend? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

  1. For the virtual network configuration, use a VPN.
    B. For the next hop type, use a virtual network peering.
    C. For the virtual network configuration, use Azure ExpressRoute.
  2. For the next hop type, use a virtual network gateway.

Correct Answer: AD

Explanation:
You can create custom, or user-defined, routes in Azure to override Azure’s default system routes, or to add additional routes to a subnet’s route table. You can specify the following next hop types when creating a user-defined route:

Virtual appliance: A virtual appliance is a virtual machine that typically runs a network application, such as a firewall.

Virtual network gateway: Specify when you want traffic destined for specific address prefixes routed to a virtual network gateway. The virtual network gateway must be created with type VPN. You cannot specify a virtual network gateway created as type ExpressRoute in a user-defined route because with ExpressRoute, you must use BGP for custom routes.

Virtual network: Specify when you want to override the default routing within a virtual network.
Internet: Specify when you want to explicitly route traffic destined to an address prefix to the Internet, or if you want traffic destined for Azure services with public IP addresses kept within the Azure backbone network.

Incorrect Answers:
B: You cannot specify VNet peering or VirtualNetworkServiceEndpoint as the next hop type in user-defined routes. Routes with the VNet peering or VirtualNetworkServiceEndpoint next hop types are only created by Azure, when you configure a virtual network peering, or a service endpoint.

C: You cannot specify a virtual network gateway created as type ExpressRoute in a user-defined route because with ExpressRoute, you must use BGP for custom routes.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview


QUESTION 12
You manage a solution in Azure that consists of a single application which runs on a virtual machine (VM). Traffic to the application has increased dramatically.
The application must not experience any downtime and scaling must be dynamically defined. You need to define an auto-scale strategy to ensure that the VM can handle the workload.

Which three options should you recommend? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. Deploy application automatic vertical scaling.
B. Create a VM availability set.
C. Create a VM scale set.
D. Deploy application automatic horizontal scaling.
E. Deploy a custom auto-scale implementation.

Correct Answer: CDE
A&B Cannot be the answers hence C, D, E are correct.

Option A: Vertical scaling means adding more cpu, disk etc. a vertical scale change would require a restart of the VM thus violating the requirement of “must not experience any downtime”.
Option B: availability set are to protect against HW failure of underlying hosts.


QUESTION 13

You are implementing authentication for applications in your company. You plan to implement self-service password reset (SSPR) and multifactor authentication (MFA) in Azure Active Directory (Azure AD).

You need to select authentication mechanisms that can be used for both MFA and SSPR.
Which two authentication methods should you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

  1. ShortMessageService(SMS) messages
  2. Authentication app
    C. Email addresses
    D. Security questions
  3. App passwords

Correct Answer: AB

Explanation:

The authentication mechanisms can be used for both MFA and SSPR:

Short Message Service (SMS) messages Azure AD passwords
Microsoft Authenticator app
Voice call

Option C & D: Email addresses, Security questions can be used only for SSPR

Option E: App passwords authentication mechanisms can be used for MFA only, but only in certain cases.

so Incorrect Answers: C, D and E

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods

Previous: Sample Exam Questions 2: AZ-300: Microsoft Azure Architect Technologies

Next: Sample Exam Questions 4: AZ-300: Microsoft Azure Architect Technologies



AZ-300: Microsoft Azure Architect Technologies Exam, Microsoft Azure certifications Tags:, , , , , , , , , , , , ,

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.