没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
Certification Provider: Microsoft
Exam Code: AZ-305
Exam Name: Designing Microsoft Azure Infrastructure Solutions
Collated By: Million Zhang
Collated Date: 12
th
Jan 2023
Number of Question:
Topic
Number of Question:
Case Study 1 – Litware
12
Case Study 2 - Fabrikam, Inc
9
Case Study 3 – Contoso
9
Solution Challenge
22
Common Question
177
Total
229
Case Study 1 – Litware
Existing Environment
Azure Environment
Litware has 10 Azure subscriptions that are linked to the Litware.com tenant and five Azure
subscriptions that are linked to the dev.litware.com tenant. All the subscriptions are in an
Enterprise Agreement (EA).
The litware.com tenant contains a custom Azure role-based access control (Azure RBAC)
role named Role1 that grants the DataActions read permission to the blobs and files in
Azure Storage.
On-Premises Environment
The on-premises network of Litware contains the resources shown in the following table.
Network Environment
Litware has ExpressRoute connectivity to Azure.
Planned Changes and Requirements
- Litware plans to implement the following changes:
- Migrate DB1 and DB2 to Azure.
- Migrate App1 to Azure virtual machines.
- Migrate the external storage used by App1 to Azure Storage.
- Deploy the Azure virtual machines that will host App1 to Azure dedicated hosts.
Authentication and Authorization Requirements
Litware identifies the following authentication and authorization requirements:
- Only users that manage the production environment by using the Azure portal must
connect from a hybrid Azure AD-joined device and authenticate by using Azure Multi-
Factor Authentication (MFA).
- The Network Contributor built-in RBAC role must be used to grant permissions to the
network administrators for all the virtual networks in all the Azure subscriptions.
- To access the resources in Azure, App1 must use the managed identity of the virtual
machines that will host the app.
- RBAC roles must be applied at the highest level possible.
Resiliency Requirements
Litware identifies the following resiliency requirements:
- Once migrated to Azure, DB1 and DB2 must meet the following requirements:
✓ Maintain availability if two availability zones in the local Azure region fail.
✓ Fail over automatically.
✓ Minimize I/O latency.
- App1 must meet the following requirements:
✓ Be hosted in an Azure region that supports availability zones.
✓ Be hosted on Azure virtual machines that support automatic scaling.
✓ Maintain availability if two availability zones in the local Azure region fail.
Security and Compliance Requirements
Litware identifies the following security and compliance requirements:
- Once App1 is migrated to Azure, you must ensure that new data can be written to the
app, and the modification of new and existing data is prevented for a period of three
years.
- On-premises users and services must be able to access the Azure Storage account that
will host the data in App1.
- Access to the public endpoint of the Azure Storage account that will host the App1
data must be prevented.
- All Azure SQL databases in the production environment must have Transparent Data
Encryption (TDE) enabled.
- App1 must NOT share physical hardware with other workloads.
Business Requirements
Litware identifies the following business requirements:
- Minimize administrative effort.
- Minimize costs.
Question 1
After you migrate App1 to Azure, you need to enforce the data modification requirements to
meet the security and compliance requirements.
What should you do?
A. Create an access policy for the blob service.
B. Implement Azure resource locks.
C. Create Azure RBAC assignments.
D. Modify the access level of the blob service.
ET User Answer: A
Resource lock only prevent deletion or modification of the resource, in this case the whole
blob storage. You also do not get to specify how long you can lock the account. That doesn't
answer the question. B cannot be the answer.
With Immutable Access Policy, you can set time-based policy.
Answer: B
Explanation:
Scenario: Once App1 is migrated to Azure, you must ensure that new data can be written to
the app, and the modification of new and existing data is prevented for a period of three
years.
As an administrator, you can lock a subscription, resource group, or resource to prevent other
users in your organization from accidentally deleting or modifying critical resources. The lock
overrides any permissions the user might have.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-
resources
Question 2
Hotspot Question
How should the migrated databases DB1 and DB2 be implemented in Azure?
Answer:
此题有争议:The correct answer should be: An Azure SQL Database elastic pool and
Business Critical // Zone redundancy provides enhanced availability by automatically
replicating data across three availability zones within a region.
剩余279页未读,继续阅读
资源评论
圣逸
- 粉丝: 972
- 资源: 84
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功