Last Updated on October 16, 2021 by Admin 2

AZ-304 : Microsoft Azure Architect Design : Part 11

  1. You have an Azure subscription that contains a storage account.

    An application sometimes writes duplicate files to the storage account.

    You have a PowerShell script that identifies and deletes duplicate files in the storage account. Currently, the script is run manually after approval from the operations manager.

    You need to recommend a serverless solution that performs the following actions:

    – Runs the script once an hour to identify whether duplicate files exist
    – Sends an email notification to the operations manager requesting approval to delete the duplicate files
    – Processes an email response from the operations manager specifying whether the deletion was approved
    – Runs the script if the deletion was approved

    What should you include in the recommendation?

    • Azure Logic Apps and Azure Functions
    • Azure Pipelines and Azure Service Fabric
    • Azure Logic Apps and Azure Event Grid
    • Azure Functions and Azure Batch
    Explanation:

    You can schedule a powershell script with Azure Logic Apps.

    When you want to run code that performs a specific job in your logic apps, you can create your own function by using Azure Functions. This service helps you create Node.js, C#, and F# functions so you don’t have to build a complete app or infrastructure to run code. You can also call logic apps from inside Azure functions. Azure Functions provides serverless computing in the cloud and is useful for performing tasks such as these examples:

  2. DRAG DROP

    You have an on-premises network that uses an IP address space of 172.16.0.0/16.

    You plan to deploy 25 virtual machines to a new Azure subscription.

    You identify the following technical requirements:

    – All Azure virtual machines must be placed on the same subnet named Subnet1.
    – All the Azure virtual machines must be able to communicate with all on-premises servers.
    – The servers must be able to communicate between the on-premises network and Azure by using a site-to-site VPN.

    You need to recommend a subnet design that meets the technical requirements.

    What should you include in the recommendation? To answer, drag the appropriate network addresses to the correct subnets. Each network address may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

    NOTE: Each correct selection is worth one point.

    AZ-304 Microsoft Azure Architect Design Part 11 Q02 110 Question
    AZ-304 Microsoft Azure Architect Design Part 11 Q02 110 Question
    AZ-304 Microsoft Azure Architect Design Part 11 Q02 110 Answer
    AZ-304 Microsoft Azure Architect Design Part 11 Q02 110 Answer
  3. You are designing an Azure solution.

    The network traffic for the solution must be securely distributed by providing the following features:

    – HTTPS protocol
    – Round robin routing
    – SSL offloading

    You need to recommend a load balancing option.

    What should you recommend?

    • Azure Load Balancer
    • Azure Internal Load Balancer (ILB)
    • Azure Traffic Manager
    • Azure Application Gateway
    Explanation:

    If you are looking for Transport Layer Security (TLS) protocol termination (“SSL offload”) or per-HTTP/HTTPS request, application-layer processing, review Application Gateway.

    Application Gateway is a layer 7 load balancer, which means it works only with web traffic (HTTP, HTTPS, WebSocket, and HTTP/2). It supports capabilities such as SSL termination, cookie-based session affinity, and round robin for load-balancing traffic. Load Balancer load-balances traffic at layer 4 (TCP or UDP).

  4. Your company, named Contoso, Ltd, implements several Azure logic apps that have HTTP triggers. The logic apps provide access to an on-premises web service.

    Contoso establishes a partnership with another company named Fabrikam, Inc.

    Fabrikam does not have an existing Azure Active Directory (Azure AD) tenant and uses third-party OAuth 2.0 identity management to authenticate its users.

    Developers at Fabrikam plan to use a subset of the logic apps to build applications that will integrate with the on-premises web service of Contoso.

    You need to design a solution to provide the Fabrikam developers with access to the logic apps. The solution must meet the following requirements:

    – Requests to the logic apps from the developers must be limited to lower rates than the requests from the users at Contoso.
    – The developers must be able to rely on their existing OAuth 2.0 provider to gain access to the logic apps.
    – The solution must NOT require changes to the logic apps.
    – The solution must NOT use Azure AD guest accounts.

    What should you include in the solution?

    • Azure AD business-to-business (B2B)
    • Azure Front Door
    • Azure API Management
    • Azure AD Application Proxy
    Explanation:

    API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services.
    You can secure API Management using the OAuth 2.0 client credentials flow.

    Incorrect Answers:
    A: Azure Active Directory B2B uses guest users.

    B: Azure Front Door is an Application Delivery Network (ADN) as a service, offering various layer 7 load-balancing capabilities for your applications.
    Azure Front Door supports HTTP, HTTPS and HTTP/2.
    Applications can be authorized through OAuth 2.0.

    D: Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Application Proxy includes both the Application Proxy service which runs in the cloud, and the Application Proxy connector which runs on an on-premises server.

    Application Proxy works with:
    Web applications that use Integrated Windows Authentication for authentication
    Web applications that use form-based or header-based access

  5. You have an Azure subscription that contains a Windows Virtual Desktop tenant.

    You need to recommend a solution to meet the following requirements:

    – Start and stop Windows Virtual Desktop session hosts based on business hours.
    – Scale out Windows Virtual Desktop session hosts when required.
    – Minimize compute costs.

    What should you include in the recommendation?

    • Microsoft Intune
    • a Windows Virtual Desktop automation task
    • Azure Automation
    • Azure Service Health
  6. You have an Azure subscription.

    You need to deploy an Azure Kubernetes Service (AKS) solution that will use Windows Server 2019 nodes. The solution must meet the following requirements:

    – Minimize the time it takes to provision compute resources during scale-out operations.
    – Support autoscaling of Windows Server containers.

    Which scaling option should you recommend?

    • cluster autoscaler 
    • horizontal pod autoscaler
    • Kubernetes version 1.20.2 or newer
    • Virtual nodes with Virtual Kubelet ACI
    Explanation:

    Azure Container Instances (ACI) lets you quickly deploy container instances without additional infrastructure overhead. When you connect with AKS, ACI becomes a secured, logical extension of your AKS cluster. The virtual nodes component, which is based on Virtual Kubelet, is installed in your AKS cluster that presents ACI as a virtual Kubernetes node. Kubernetes can then schedule pods that run as ACI instances through virtual nodes, not as pods on VM nodes directly in your AKS cluster.

    Your application requires no modification to use virtual nodes. Deployments can scale across AKS and ACI and with no delay as cluster autoscaler deploys new nodes in your AKS cluster.

    AZ-304 Microsoft Azure Architect Design Part 11 Q06 111
    AZ-304 Microsoft Azure Architect Design Part 11 Q06 111

    Note: AKS clusters can scale in one of two ways:
    The cluster autoscaler watches for pods that can’t be scheduled on nodes because of resource constraints. The cluster then automatically increases the number of nodes.
    The horizontal pod autoscaler uses the Metrics Server in a Kubernetes cluster to monitor the resource demand of pods. If an application needs more resources, the number of pods is automatically increased to meet the demand.

    Incorrect Answers:
    B: To rapidly scale your AKS cluster, you can integrate with Azure Container Instances (ACI). Kubernetes has built-in components to scale the replica and node count. However, if your application needs to rapidly scale, the horizontal pod autoscaler may schedule more pods than can be provided by the existing compute resources in the node pool. If configured, this scenario would then trigger the cluster autoscaler to deploy additional nodes in the node pool, but it may take a few minutes for those nodes to successfully provision and allow the Kubernetes scheduler to run pods on them.

  7. You plan to deploy an application that will run in a Linux-based Docker container.

    You need to recommend a solution to host the application in Azure. The solution must meet the following requirements:

    – Support a custom domain name and an associated SSL certificate.
    – Scale-out automatically based on demand.
    – Minimize administrative effort and costs.

    What should you include in the recommendation?

    • Azure App Service 
    • Azure Container Instances
    • an Azure virtual machine
    • Azure Kubernetes Service (AKS)
    Explanation:

    App Service not only adds the power of Microsoft Azure to your application, such as security, load balancing, autoscaling, and automated management. You can also take advantage of its DevOps capabilities, such as continuous deployment from Azure DevOps, GitHub, Docker Hub, and other sources, package management, staging environments, custom domain, and TLS/SSL certificates.

    Key features of App Service include:
    – Containerization and Docker – Dockerize your app and host a custom Windows or Linux container in App Service.
    – Scale up or out manually or automatically. Host your apps anywhere in Microsoft’s global datacenter infrastructure, and the App Service SLA promises high availability.

    App Service can also host web apps natively on Linux for supported application stacks. It can also run custom Linux containers (also known as Web App for Containers).

  8. HOTSPOT

    You are designing an Azure web app.

    You plan to deploy the web app to the North Europe Azure region and the West Europe Azure region.

    You need to recommend a solution for the web app. The solution must meet the following requirements:

    – Users must always access the web app from the North Europe region, unless the region fails.
    – The web app must be available to users if an Azure region is unavailable.
    – Deployment costs must be minimized.

    What should you include in the recommendation? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    AZ-304 Microsoft Azure Architect Design Part 11 Q08 112 Question
    AZ-304 Microsoft Azure Architect Design Part 11 Q08 112 Question
    AZ-304 Microsoft Azure Architect Design Part 11 Q08 112 Answer
    AZ-304 Microsoft Azure Architect Design Part 11 Q08 112 Answer
  9. HOTSPOT

    You have the application architecture shown in the following exhibit:

    AZ-304 Microsoft Azure Architect Design Part 11 Q09 113
    AZ-304 Microsoft Azure Architect Design Part 11 Q09 113

    Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

    NOTE: Each correct selection is worth one point.

    AZ-304 Microsoft Azure Architect Design Part 11 Q09 114 Question
    AZ-304 Microsoft Azure Architect Design Part 11 Q09 114 Question
    AZ-304 Microsoft Azure Architect Design Part 11 Q09 114 Answer
    AZ-304 Microsoft Azure Architect Design Part 11 Q09 114 Answer

    Explanation:

    Box 1: Modify the Azure Traffic Manager routing
    Azure Traffic Manager supports six traffic-routing methods to determine how to route network traffic to the various service endpoints.

    Box 2: Endpoint monitor settings in the Azure Traffic Manager
    Azure Traffic Manager includes built-in endpoint monitoring and automatic endpoint failover. This feature helps you deliver high-availability applications that are resilient to endpoint failure, including Azure region failures.

    To configure endpoint monitoring, you must specify the following settings on your Traffic Manager profile: Protocol, Port, Path, custom header settings, etc.

  10. HOTSPOT

    You have an Azure subscription named Subscription1 that is linked to a hybrid Azure Active Directory (Azure AD) tenant.

    You have an on-premises datacenter that does NOT have a VPN connection to Subscription1. The datacenter contains a computer named Server1 that has Microsoft SQL Server 2016 installed. Server1 is prevented from accessing the internet.

    An Azure logic app named LogicApp1 requires write access to a database on Server1.

    You need to recommend a solution to provide LogicApp1 with the ability to access Server1.

    What should you recommend deploying on-premises and in Azure? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    AZ-304 Microsoft Azure Architect Design Part 11 Q10 115 Question
    AZ-304 Microsoft Azure Architect Design Part 11 Q10 115 Question
    AZ-304 Microsoft Azure Architect Design Part 11 Q10 115 Answer
    AZ-304 Microsoft Azure Architect Design Part 11 Q10 115 Answer

    Explanation:

    Box 1: An on-premises data gateway
    For logic apps in global, multi-tenant Azure that connect to on-premises SQL Server, you need to have the on-premises data gateway installed on a local computer and a data gateway resource that’s already created in Azure.

    Box 2: A connection gateway resource

  11. You manage an application instance. The application consumes data from multiple databases. Application code references database tables using a combination of the server, database, and table name.

    You need to migrate the application data to Azure.

    To which two Azure services could you migrate the application to achieve the goal? Each correct answer presents a complete solution.

    NOTE: Each correct selection is worth one point.

    • Azure SQL Managed Instance 
    • Azure SQL Database
    • SQL Server in an Azure virtual machine
    • SQL Server Stretch Database
    Explanation:

    A: The managed instance deployment model is designed for customers looking to migrate a large number of apps from on-premises or IaaS, self-built, or ISV provided environment to fully managed PaaS cloud environment, with as low migration effort as possible. Using the fully automated Data Migration Service (DMS) in Azure, customers can lift and shift their on-premises SQL Server to a managed instance that offers compatibility with SQL Server on-premises and complete isolation of customer instances with native VNet support.

    D: Access your SQL Server data seamlessly regardless of whether it’s on-premises or stretched to the cloud. You set the policy that determines where data is stored, and SQL Server handles the data movement in the background. The entire table is always online and queryable. And, Stretch Database doesn’t require any changes to existing queries or applications – the location of the data is completely transparent to the application.

  12. You manage an on-premises network and Azure virtual networks.

    You need to create a secure connection over a private network between the on-premises network and the Azure virtual networks. The connection must offer a redundant pair of cross connections to provide high availability.

    What should you recommend?

    • Azure Load Balancer
    • VPN Gateway 
    • ExpressRoute
    • virtual network peering
    Explanation:
    Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically.
  13. You have an Azure subscription that contains an Azure Blob storage account named store1.

    You have an on-premises file server named Server1 that runs Windows Server 2016. Server1 stores 500 GB of company files.

    You need to store a copy of the company files from Server 1 in store1.

    Which two possible Azure services achieve this goal? Each correct answer presents a complete solution.

    NOTE: Each correct selection is worth one point.

    • an integration account
    • an On-premises data gateway
    • an Azure Batch account
    • an Azure Import/Export job 
    • Azure Data Factory
  14. You have an Azure subscription.

    You need to deploy an Azure Kubernetes Service (AKS) solution that will use Linux nodes. The solution must meet the following requirements:

    – Minimize the time it takes to provision compute resources during scale-out operations.
    – Support autoscaling of Linux containers.
    – Minimize administrative effort.

    Which scaling option should you recommend?

    • Virtual Kubelet
    • cluster autoscaler
    • horizontal pod autoscaler
    • AKS virtual nodes
    Explanation:
    About the cluster autoscaler.
    AKS clusters can scale in one of two ways:
    – The cluster autoscaler watches for pods that can’t be scheduled on nodes because of resource constraints. The cluster then automatically increases the number of nodes.
    – The horizontal pod autoscaler uses the Metrics Server in a Kubernetes cluster to monitor the resource demand of pods.
  15. You have an on-premises Active Directory forest and an Azure Active Directory (Azure AD) tenant. All Azure AD users are assigned an Azure AD Premium P1 license.

    You deploy Azure AD Connect.

    Which two features are available in this environment that can reduce operational overhead for your company’s help desk? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    • Azure AD Privileged Identity Management policies
    • access reviews
    • password writeback
    • Microsoft Cloud App Security Conditional Access App Control
    • self-service password reset
  16. You have an Azure subscription that contains two applications named App1 and App2. App1 is a sales processing application. When a transaction in App1 requires shipping, a message is added to an Azure Storage account queue, and then App2 listens to the queue for relevant transactions.

    In the future, additional applications will be added that will process some of the shipping requests based on the specific details of the transactions.

    You need to recommend a replacement for the storage account queue to ensure that each additional application will be able to read the relevant transactions.

    What should you recommend?

    • one Azure Service Bus topic
    • multiple storage account queues
    • one Azure Data Factory pipeline
    • one Azure Service Bus queue
    Explanation:
    A queue allows processing of a message by a single consumer. In contrast to queues, topics and subscriptions provide a one-to-many form of communication in a publish and subscribe pattern. It’s useful for scaling to large numbers of recipients. Each published message is made available to each subscription registered with the topic. Publisher sends a message to a topic and one or more subscribers receive a copy of the message, depending on filter rules set on these subscriptions.
  17. You have an Azure subscription that contains a Basic Azure virtual WAN named VirtualWAN1 and the virtual hubs shown in the following table.

    AZ-304 Microsoft Azure Architect Design Part 11 Q17 116
    AZ-304 Microsoft Azure Architect Design Part 11 Q17 116

    You have an ExpressRoute circuit in the US East region.

    You need to create an ExpressRoute association to VirtualWAN1.

    What should you do first?

    • Upgrade VirtualWAN1 to Standard.
    • Create a gateway on Hub1.
    • Create a hub virtual network in US East.
    • Enable the ExpressRoute premium add-on.
    Explanation:
    Connectivity across geopolitical regions is not supported on the standard ExpressRoute SKU. You will need to enable the ExpressRoute premium add-on to support global connectivity.
  18. You plan to deploy an API by using Azure API Management.

    You need to recommend a solution to protect the API from a distributed denial of service (DDoS) attack.

    What should you recommend?

    • Strip the Powered-By response header.
    • Enable rate limiting.
    • Enable quotas.
    • Create network security groups (NSGs).
  19. You have 100 Standard_F2s_v2 Azure virtual machines. Each virtual machine has two network adapters.

    You need to increase the network performance of the workloads running on the virtual machines. The solution must meet the following requirements:

    – The CPU-to-memory ratio must remain the same.
    – The solution must minimize costs.

    What should you do?

    • Configure NIC teaming.
    • Enable Accelerated Networking.
    • Enable RDMA over InfiniBand.
    • Install an additional network adapter.
    Explanation:
    Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance. This high-performance path bypasses the host from the datapath, reducing latency, jitter, and CPU utilization, for use with the most demanding network workloads on supported VM types.
  20. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You plan to deploy multiple instances of an Azure web app across several Azure regions.

    You need to design an access solution for the app. The solution must meet the following replication requirements:

    – Support rate limiting.
    – Balance requests between all instances.
    – Ensure that users can access the app in the event of a regional outage.

    Solution: You use Azure Application Gateway to provide access to the app.

    Does this meet the goal?

    • Yes
    • No
  21. DRAG DROP

    You need to design an architecture to capture the creation of users and the assignment of roles. The captured data must be stored in Azure Cosmos DB.

    Which Azure services should you include in the design? To answer, drag the appropriate services to the correct targets. Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

    NOTE: Each correct selection is worth one point.

    AZ-304 Microsoft Azure Architect Design Part 11 Q21 117 Question
    AZ-304 Microsoft Azure Architect Design Part 11 Q21 117 Question
    AZ-304 Microsoft Azure Architect Design Part 11 Q21 117 Answer
    AZ-304 Microsoft Azure Architect Design Part 11 Q21 117 Answer

    Explanation:
    Note: You can select Logs from either the Azure Monitor menu or the Log Analytics workspaces menu.
  22. Case Study

    This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

    To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

    At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

    To start the case study
    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

    Overview

    Contoso, Ltd, is a US-based financial services company that has a main office in New York and a branch office in San Francisco.

    Existing Environment. Payment Processing System

    Contoso hosts a business-critical payment processing system in its New York data center. The system has three tiers: a front-end web app, a middle-tier web API, and a back-end data store implemented as a Microsoft SQL Server 2014 database. All servers run Windows Server 2012 R2.

    The front-end and middle-tier components are hosted by using Microsoft Internet Information Services (IIS). The application code is written in C# and ASP.NET. The middle-tier API uses the Entity Framework to communicate to the SQL Server database. Maintenance of the database is performed by using SQL Server Agent jobs.

    The database is currently 2 TB and is not expected to grow beyond 3 TB.

    The payment processing system has the following compliance-related requirements:

    – Encrypt data in transit and at rest. Only the front-end and middle-tier components must be able to access the encryption keys that protect the data store.
    – Keep backups of the data in two separate physical locations that are at least 200 miles apart and can be restored for up to seven years.
    – Support blocking inbound and outbound traffic based on the source IP address, the destination IP address, and the port number.
    – Collect Windows security logs from all the middle-tier servers and retain the logs for a period of seven years.
    – Inspect inbound and outbound traffic from the front-end tier by using highly available network appliances.
    – Only allow all access to all the tiers from the internal network of Contoso.

    Tape backups are configured by using an on-premises deployment of Microsoft System Center Data Protection Manager (DPM), and then shipped offsite for long term storage.

    Existing Environment. Historical Transaction Query System

    Contoso recently migrated a business-critical workload to Azure. The workload contains a .NET web service for querying the historical transaction data residing in Azure Table Storage. The .NET web service is accessible from a client app that was developed in-house and runs on the client computers in the New York office. The data in the table storage is 50 GB and is not expected to increase.

    Existing Environment. Current Issues

    The Contoso IT team discovers poor performance of the historical transaction query system, as the queries frequently cause table scans.

    Requirements. Planned Changes

    Contoso plans to implement the following changes:

    – Migrate the payment processing system to Azure.
    – Migrate the historical transaction data to Azure Cosmos DB to address the performance issues.

    Requirements. Migration Requirements

    Contoso identifies the following general migration requirements:

    – Infrastructure services must remain available if a region or a data center fails. Failover must occur without any administrative intervention.
    – Whenever possible, Azure managed services must be used to minimize management overhead.
    – Whenever possible, costs must be minimized.

    Contoso identifies the following requirements for the payment processing system:

    – If a data center fails, ensure that the payment processing system remains available without any administrative intervention. The middle-tier and the web front end must continue to operate without any additional configurations.
    – Ensure that the number of compute nodes of the front-end and the middle tiers of the payment processing system can increase or decrease automatically based on CPU utilization.
    – Ensure that each tier of the payment processing system is subject to a Service Level Agreement (SLA) of 99.99 percent availabilty.
    – Minimize the effort required to modify the middle-tier API and the back-end tier of the payment processing system.
    – Payment processing system must be able to use grouping and joining tables on encrypted columns.
    – Generate alerts when unauthorized login attempts occur on the middle-tier virtual machines.
    – Ensure that the payment processing system preserves its current compliance status.
    – Host the middle tier of the payment processing system on a virtual machine

    Contoso identifies the following requirements for the historical transaction query system:

    – Minimize the use of on-premises infrastructure services.
    – Minimize the effort required to modify the .NET web service querying Azure Cosmos DB.
    – Minimize the frequency of table scans.
    – If a region fails, ensure that the historical transaction query system remains available without any administrative intervention.

    Requirements. Information Security Requirements

    The IT security team wants to ensure that identity management is performed by using Active Directory. Password hashes must be stored on-premises only.

    Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger a multi-factor authentication prompt automatically.

    1. You need to recommend a compute solution for the middle tier of the payment processing system.

      What should you include in the recommendation?

      • virtual machine scale sets
      • availability sets
      • Azure Kubernetes Service (AKS)
      • Function App
  23. Case Study

    This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

    To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

    At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

    To start the case study
    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

    Overview

    Fabrikam, Inc. is an engineering company that has offices throughout Europe. The company has a main office in London and three branch offices in Amsterdam, Berlin, and Rome.

    Existing Environment. Active Directory Environment

    The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.

    Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication.

    Rd.fabrikam.com is used by the research and development (R&D) department only.

    Existing Environment. Network Infrastructure

    Each office contains at least one domain controller from the corp.fabrikam.com domain. The main office contains all the domain controllers for the rd.fabrikam.com forest.

    All the offices have a high-speed connection to the Internet.

    An existing application named WebApp1 is hosted in the data center of the London office. WebApp1 is used by customers to place and track orders. WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.

    The IT department currently uses a separate Hyper-V environment to test updates to WebApp1.

    Fabrikam purchases all Microsoft licenses through a Microsoft Enterprise Agreement that includes Software Assurance.

    Existing Environment. Problem Statements

    The use of WebApp1 is unpredictable. At peak times, users often report delays. At other times, many resources for WebApp1 are underutilized.

    Requirements. Planned Changes

    Fabrikam plans to move most of its production workloads to Azure during the next few years.

    As one of its first projects, the company plans to establish a hybrid identity model, facilitating an upcoming Microsoft 365 deployment.

    All R&D operations will remain on-premises.

    Fabrikam plans to migrate the production and test instances of WebApp1 to Azure.

    Requirements. Technical Requirements

    Fabrikam identifies the following technical requirements:

    – Web site content must be easily updated from a single point.
    – User input must be minimized when provisioning new web app instances.
    – Whenever possible, existing on-premises licenses must be used to reduce cost.
    – Users must always authenticate by using their corp.fabrikam.com UPN identity.
    – Any new deployments to Azure must be redundant in case an Azure region fails.
    – Whenever possible, solutions must be deployed to Azure by using the Standard pricing tier of Azure App Service.
    – An email distribution group named IT Support must be notified of any issues relating to the directory synchronization services.
    – Directory synchronization between Azure Active Directory (Azure AD) and corp.fabrikam.com must not be affected by a link failure between Azure and the on-premises network.

    Requirements. Database Requirements

    Fabrikam identifies the following database requirements:

    – Database metrics for the production instance of WebApp1 must be available for analysis so that database administrators can optimize the performance settings.
    – To avoid disrupting customer access, database downtime must be minimized when databases are migrated.
    – Database backups must be retained for a minimum of seven years to meet compliance requirements.

    Requirements. Security Requirements

    Fabrikam identifies the following security requirements:

    – Company information including policies, templates, and data must be inaccessible to anyone outside the company.
    – Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.
    – Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials.
    – All administrative access to the Azure portal must be secured by using multi-factor authentication.
    – The testing of WebApp1 updates must not be visible to anyone outside the company.

    1. You need to recommend a strategy for migrating the database content of WebApp1 to Azure.

      What should you include in the recommendation?

      • Use Azure Site Recovery to replicate the SQL servers to Azure.
      • Copy the BACPAC file that contains the Azure SQL database files to Azure Blob storage.
      • Use SQL Server transactional replication.
      • Copy the VHD that contains the Azure SQL database files to Azure Blob storage.
      Explanation:

      Before you upload a Windows virtual machine (VM) from on-premises to Azure, you must prepare the virtual hard disk (VHD or VHDX).

      Scenario: WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.

    2. You need to recommend a notification solution for the IT Support distribution group.

      What should you include in the recommendation?

      • a SendGrid account with advanced reporting
      • Azure AD Connect Health
      • Azure Network Watcher
      • an action group