FREE Microsoft Azure Architect Design Questions and Answers

Question 1

Your business offers customer support for various Azure subscriptions as well as outside hosting companies. You are creating a system for central monitoring. The following needs to be addressed by the solution:
‥ Collect log and diagnostic data from all the third-party hosting providers into a centralized repository.
‥ Collect log and diagnostic data from all the subscriptions into a centralized repository.
‥ Automatically analyze log data and detect threats.
‥ Provide automatic responses to known events.
What Azure service ought to be incorporated into the solution?

Accepted Answer

Azure Monitor

Answer

Azure Application Insights

Answer

Azure Sentinel

Answer

Azure Log Analytics

Question 2

You are creating an Azure resource deployment using templates from Azure Resource Manager. Secrets will be kept in Azure Key Vault during deployment.
You must suggest a solution that satisfies the following criteria:
‥ Prevent the IT personnel handling the deployment from immediately obtaining the secrets from Key Vault.
‥ Apply the least privilege principle.
Which two steps would you suggest? Each right response offers a piece of the answer.

Accepted Answer

From Access policies in Key Vault, enable access to the Azure Resource Manager for template deployment. Most Voted

Answer

Assign the Key Vault Contributor role to the IT staff.

Answer

Create a Key Vault access policy that allows all list key permissions, list secret permissions, and list certificate permissions.

Question 3

You have three Azure regions' worth of web apps in your Azure subscription.
The following requirements must be fulfilled by the implementation of Azure Key Vault:
‥ All keys must be readable in the case of a local outage.
‥ Key Vault access is required for any subscription-based web apps.
‥ The least amount of Key Vault resources need to be deployed and managed.
How many Key Vault instances should you set up?

Accepted Answer

1

Answer

6

Answer

3

Answer

2

Question 4

Your Azure Active Directory (Azure AD) tenancy already exists.
Using Azure Storage, you want to give users access to shared files. Depending on their user account or group membership, the users will receive varying degrees of access to various Azure file shares.
Which additional Azure services should be leveraged to support the proposed rollout must be suggested.
What should the recommendation contain?

Accepted Answer

an Azure AD Domain Services (Azure AD DS) instance

Answer

Azure Information Protection

Answer

an Azure Front Door instance

Answer

an Azure AD enterprise application

Question 5

You want to set up five Azure virtual machines for the App1 application, which will be deployed. To run App1, more virtual machines will be introduced later.
You must suggest a method to satisfy each of the conditions for the virtual machines that will run App1:
‥ Check that the virtual machines can access an Azure key vault, instances of Azure Logic Apps, and an Azure SQL database by authenticating to Azure Active Directory (Azure AD).
‥ When you deploy more virtual machines, avoid giving them new roles and permissions for Azure services.
‥ Prevent keeping certificates and secrets on the virtual machines.
‥ Reduce the administrative work required to manage identities.
Which identification type ought to be mentioned in the recommendation?

Accepted Answer

a user-assigned managed identity

Answer

a system-assigned managed identity

Answer

a service principal that is configured to use a certificate

Answer

a service principal that is configured to use a client secret

Question 6

You are creating an architecture for a set of microservices that will run on an Azure Kubernetes Service (AKS) cluster, be consumed by apps running on Azure virtual machines, and share a virtual network with the AKS cluster.
You must create a solution that complies with the following criteria in order to expose the microservices to the consumer apps:
‥ Mutual TLS authentication must be used to safeguard ingress access to the microservices, which must be limited to a single private IP address.
‥ Incoming microservice calls must be rate-limited in terms of quantity.
‥ Costs must be kept to a minimum.

What should the solution contain?

Accepted Answer

Azure API Management Premium tier with virtual network connection

Answer

Azure Front Door with Azure Web Application Firewall (WAF)

Answer

Azure App Gateway with Azure Web Application Firewall (WAF)

Answer

Azure API Management Standard tier with a service endpoint

Question 7

You have a tenant called contoso.com in Azure Active Directory (Azure AD). Group1 is one of the tenants' groups. All of the administrative user accounts are in Group1.
You find many attempts to enter into the Azure portal coming from nations where administrative users are NOT employed.
You must make sure that Azure Multi-Factor Authentication (MFA) is required for all attempts to enter into the Azure portal from certain nations.
Solution: Construct a Group1 Access Review.

Is the goal achieved by this solution?

Accepted Answer

No

Answer

Yes

Answer

Maybe