FREE Microsoft Azure Solutions Architect Expert Questions and Answers

Question 1

You have an on-premises Active Directory domain that is synchronized with an Azure Active Directory (Azure AD) tenant.
WebApp1 is an internal web application that is hosted on your premises. WebApp1 makes use of Windows Integrated authentication.
Some users access the on-premises network via remote access but do not have VPN access. You must grant single sign-on (SSO) access to WebApp1 to the remote users.

What two features need to be incorporated into the solution? Each right response offers a piece of the answer.

Accepted Answer

Azure AD Application Proxy

Answer

Azure AD Application Proxy enables secure remote access to on-premises web applications without a VPN, publishing them as SaaS apps in Azure AD and supporting Windows Integrated authentication. Conditional Access policies can then be applied to these published applications to enforce security requirements like MFA or device compliance for remote users. Together, these features provide secure single sign-on access for remote users to on-premises applications.

Question 2

You have a security group called Group1 in your Azure Active Directory (Azure AD) tenant contoso.com. In Group1, assigned membership is configured. 50 people make up Group1, including 20 visitors.
You must offer a suggestion for how to assess Group1's membership. The answer must adhere to the following criteria:
‥ Every three months, the examination must be automatically redone.
‥ Each participant must be able to indicate whether they should belong in Group 1.
‥ Users who claim that Group1 is not something they should be in must be automatically removed from Group1.
‥ Users who fail to indicate whether they belong in Group 1 must be automatically removed from Group 1.

What should the recommendation contain?

Accepted Answer

Create an access review.

Answer

Azure AD Access Reviews are designed precisely for this scenario. They allow you to review group memberships periodically (e.g., every three months), enable members to self-attest whether they still need access, and automatically remove users who either deny needing access or fail to respond within the review period. This automates the process of ensuring group memberships are current and appropriate, meeting all specified requirements.

Question 3

You are creating a sizable Azure environment with numerous subscriptions.
As a component of a governance solution, you intend to employ Azure Policy.
Which three scopes are available for Azure Policy definitions assignment? Each accurate response offers an entire resolution.

Accepted Answer

subscriptions

Answer

Azure Policy definitions can be assigned at various levels within the Azure resource hierarchy to enforce governance rules. The three primary scopes available for assignment are management groups (for broad organizational policies), subscriptions (for policies specific to a billing or administrative boundary), and resource groups (for granular control over resources within a specific group). This hierarchical structure allows for flexible and targeted policy application.

Question 4

You have a bespoke application called Application1 in your Azure subscription. Application1 was created by Fabrikam, a third-party company.
Ltd. Role-based access control (RBAC) permissions were given to Fabrikam developers for the Application1 components. All users are granted access to the E5 plan for Microsoft 365.

You must provide a remedy to determine whether the Fabrikam developers still need access to Application1. The answer must adhere to the following criteria:

‥ Every month, send an email to the manager of the developers listing the access permissions for Application1.
‥ Automatically revoke access authorization if the manager doesn't check it.
‥ Reduce development work.

What ought to you suggest?

Accepted Answer

In Azure Active Directory (Azure AD), create an access review of Application1.

Answer

Azure AD access reviews are a built-in feature designed to manage access to resources like applications efficiently. They allow for scheduled reviews of user access, automatically sending email notifications to managers and revoking access if not approved. This solution directly addresses all the requirements—monthly email, automatic revocation, and minimal development work—by leveraging an existing Azure AD capability.

Question 5

To host a stateless web application under an Azure subscription, you must deploy resources. The answer must adhere to the following criteria:

‥ Make the entire.NET framework available.
‥ Offer redundancy in case an Azure region goes down.
‥ Permit administrators to install application dependencies on the operating system.

Solution: You put up an autoscaling Azure virtual machine scale set.
Is the objective being met?

Accepted Answer

No

Answer

The proposed solution, an autoscaling Azure Virtual Machine Scale Set (VMSS), does not fully meet the objective in the most appropriate way for a stateless web application. While VMSS allows for the full .NET framework, regional redundancy, and OS-level dependency installation, for a stateless application, best practice often involves packaging dependencies within an immutable image (e.g., a container) rather than relying on manual OS-level installations. This approach ensures consistency and simplifies scaling, which is typically desired for stateless services.

AZ-304 - Microsoft Azure Architect Design Practice Test

AZ-304 - Microsoft Azure Architect Design Practice Test

FREE Microsoft Azure Solutions Architect Expert Questions and Answers