FREE Microsoft Azure Solutions Architect Expert Questions and Answers
You have a security group called Group1 in your Azure Active Directory (Azure AD) tenant contoso.com. In Group1, assigned membership is configured. 50 people make up Group1, including 20 visitors.
You must offer a suggestion for how to assess Group1's membership. The answer must adhere to the following criteria:
‥ Every three months, the examination must be automatically redone.
‥ Each participant must be able to indicate whether they should belong in Group 1.
‥ Users who claim that Group1 is not something they should be in must be automatically removed from Group1.
‥ Users who fail to indicate whether they belong in Group 1 must be automatically removed from Group 1.
What should the recommendation contain?
Set up recurrent access evaluations of users at predetermined intervals, such as weekly, monthly, quarterly, or annually. The reviewers will be informed at the beginning of each review. With the assistance of a simple interface and intelligent recommendations, reviewers can grant or refuse access.
You have a bespoke application called Application1 in your Azure subscription. Application1 was created by Fabrikam, a third-party company.
Ltd. Role-based access control (RBAC) permissions were given to Fabrikam developers for the Application1 components. All users are granted access to the E5 plan for Microsoft 365.
You must provide a remedy to determine whether the Fabrikam developers still need access to Application1. The answer must adhere to the following criteria:
‥ Every month, send an email to the manager of the developers listing the access permissions for Application1.
‥ Automatically revoke access authorization if the manager doesn't check it.
‥ Reduce development work.
What ought to you suggest?
P2 is needed for Access Review, and P2 is also included in Microsoft 365 E5.
You have an on-premises Active Directory domain that is synchronized with an Azure Active Directory (Azure AD) tenant.
WebApp1 is an internal web application that is hosted on your premises. WebApp1 makes use of Windows Integrated authentication.
Some users access the on-premises network via remote access but do not have VPN access. You must grant single sign-on (SSO) access to WebApp1 to the remote users.
What two features need to be incorporated into the solution? Each right response offers a piece of the answer.
Please select 2 correct answers
‥ Users can access on-premises web applications from a remote client by using the Application Proxy functionality of Azure AD. Application Proxy consists of both
The Application Proxy connector is hosted on a server on-premises, while the Application Proxy service is hosted in the cloud. An application that uses an application proxy can be configured for single sign-on.
‥ For internet-based remote access, Microsoft advises utilizing Application Proxy with pre-authentication and Conditional Access restrictions. Modernizing apps so they may directly authenticate with AAD is one method of giving Conditional Access for intranet use.
You are creating a sizable Azure environment with numerous subscriptions.
As a component of a governance solution, you intend to employ Azure Policy.
Which three scopes are available for Azure Policy definitions assignment? Each accurate response offers an entire resolution.
Please select 3 correct answers
Azure Policy assesses resources in Azure by contrasting their characteristics with business rules. The policy definition or initiative is given to any scope of resources that Azure provides, such as management groups, subscriptions, resource groups, or individual resources, once your business rules have been developed.
You have a storage account in your Azure subscription.
Duplicate files can occasionally be written to the storage account by an application.
You have a PowerShell script that locates duplicate files in the storage account and removes them. The script is currently executed manually upon operations manager approval.
You must suggest a serverless solution that carries out the following tasks:
‥ Checks for duplicate files every hour by executing the script once.
‥ Notifies the operations manager through email and asks for permission to delete the duplicate files.
‥ Handles the Operations Manager's email answer, processing it to determine whether the deletion was authorized.
‥ If the deletion was authorized, runs the script.
What should the recommendation contain?
With Azure Logic Apps, a PowerShell script may be scheduled. In your logic apps, you may write your own function using Azure Functions to execute code that does a certain task. This service makes it simple to construct Node.js, C#, and F# functions, saving you the time and effort of developing an entire application or infrastructure. Additionally, you can use Azure functions to invoke logic apps.
You are creating a program that will run on Azure.
The program will store video files with sizes varying from 50 MB to 12 GB. Users will be able to access the application online and it will employ certificate-based authentication.
You must suggest a location for the video files to be stored. The solution must minimize storage costs while offering the quickest read speed.
What should you suggest?
Large volumes of unstructured data, such as text or binary data, are kept in blob storage, which is accessible over HTTP or HTTPS from anywhere in the globe. Blob storage can be used to store application data secretly or to expose data to the entire world.
Blob Storage's maximum file size. 4.77 TB.
To host a stateless web application under an Azure subscription, you must deploy resources. The answer must adhere to the following criteria:
‥ Make the entire.NET framework available.
‥ Offer redundancy in case an Azure region goes down.
‥ Permit administrators to install application dependencies on the operating system.
Solution: You put up an autoscaling Azure virtual machine scale set.
Is the objective being met?
Instead, you should construct a Traffic Manager profile and deploy two Azure virtual machines to two different Azure regions.