Online Access Free Microsoft.AZ-305.v2025-07-03.q156 Practice Test (Page 5)

AZ-305 Exam Question 16

You need to ensure that users managing the production environment are registered for Azure MFA and must authenticate by using Azure MFA when they sign in to the Azure portal. The solution must meet the authentication and authorization requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:

Box 1: Azure AD Identity Protection
Azure AD Identity Protection helps you manage the roll-out of Azure AD Multi-Factor Authentication (MFA) registration by configuring a Conditional Access policy to require MFA registration no matter what modern authentication app you are signing in to.
Scenario: Users that manage the production environment by using the Azure portal must connect from a hybrid Azure AD-joined device and authenticate by using Azure Multi-Factor Authentication (MFA).
Box 2: Sign-in risk policy...
Scenario: The Litware.com tenant has a conditional access policy named capolicy1. Capolicy1 requires that when users manage the Azure subscription for a production environment by using the Azure portal, they must connect from a hybrid Azure AD-joined device.
Identity Protection policies we have two risk policies that we can enable in our directory.
* Sign-in risk policy
* User risk policy
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection- configure-mfa-policy
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection- configure-risk-policies
Topic 2, Fabrikam inc Case Study A
Overview:
Existing Environment
Fabrikam, Inc. is an engineering company that has offices throughout Europe. The company has a main office in London and three branch offices in Amsterdam Berlin, and Rome.
Active Directory Environment:
The network contains two Active Directory forests named corp.fabnkam.com and rd.fabrikam.com. There are no trust relationships between the forests. Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication. Rd.fabrikam.com is used by the research and development (R&D) department only. The R&D department is restricted to using on-premises resources only.
Network Infrastructure:
Each office contains at least one domain controller from the corp.fabrikam.com domain. The main office contains all the domain controllers for the rd.fabrikam.com forest.
All the offices have a high-speed connection to the Internet.
An existing application named WebApp1 is hosted in the data center of the London office. WebApp1 is used by customers to place and track orders. WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.
The IT department currently uses a separate Hyper-V environment to test updates to WebApp1.
Fabrikam purchases all Microsoft licenses through a Microsoft Enterprise Agreement that includes Software Assurance.
Problem Statement:
The use of Web App1 is unpredictable. At peak times, users often report delays. At other times, many resources for WebApp1 are underutilized.
Requirements:
Planned Changes:
Fabrikam plans to move most of its production workloads to Azure during the next few years.
As one of its first projects, the company plans to establish a hybrid identity model, facilitating an upcoming Microsoft Office 365 deployment All R&D operations will remain on-premises.
Fabrikam plans to migrate the production and test instances of WebApp1 to Azure.
Technical Requirements:
Fabrikam identifies the following technical requirements:
* Web site content must be easily updated from a single point.
* User input must be minimized when provisioning new app instances.
* Whenever possible, existing on premises licenses must be used to reduce cost.
* Users must always authenticate by using their corp.fabrikam.com UPN identity.
* Any new deployments to Azure must be redundant in case an Azure region fails.
* Whenever possible, solutions must be deployed to Azure by using platform as a service (PaaS).
* An email distribution group named IT Support must be notified of any issues relating to the directory synchronization services.
* Directory synchronization between Azure Active Directory (Azure AD) and corp.fabhkam.com must not be affected by a link failure between Azure and the on premises network.
Database Requirements:
Fabrikam identifies the following database requirements:
* Database metrics for the production instance of WebApp1 must be available for analysis so that database administrators can optimize the performance settings.
* To avoid disrupting customer access, database downtime must be minimized when databases are migrated.
* Database backups must be retained for a minimum of seven years to meet compliance requirement Security Requirements:
Fabrikam identifies the following security requirements:
*Company information including policies, templates, and data must be inaccessible to anyone outside the company
*Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.
*Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials.
*All administrative access to the Azure portal must be secured by using multi-factor authentication.
*The testing of WebApp1 updates must not be visible to anyone outside the company.

AZ-305 Exam Question 17

You have an application that is used by 6,000 users to validate their vacation requests. The application manages its own credential Users must enter a username and password to access the application. The application does NOT support identity providers.
You plan to upgrade the application to use single sign-on (SSO) authentication by using an Azure Active Directory (Azure AD) application registration.
Which SSO method should you use?

A.SAML

B.password-based

C.OpenID Connect

D.header-based

AZ-305 Exam Question 18

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You plan to deploy multiple instances of an Azure web app across several Azure regions.
You need to design an access solution for the app. The solution must meet the following replication requirements:
Support rate limiting.
Balance requests between all instances.
Ensure that users can access the app in the event of a regional outage.
Solution: You use Azure Application Gateway to provide access to the app.
Does this meet the goal?

A.Yes

B.No

AZ-305 Exam Question 19

You have a multi-tier app named Appl and an Azure SQL database named SQL l. The backend service Of Appl writes data to Users use the Appl client to read the data from SQL 1.
During periods of high utilization the users experience delays retrieving the dat a.
You need to minimize how long it takes for data requests.
What should you include in the solution?

A.Azure Data Factory

B.Azure Content Delivery Network (CON)

C.Azure Cache for Redis

D.Azure Synapse Analytics

AZ-305 Exam Question 20

You have an Azure subscription.
You plan to deploy five storage accounts that will store block blobs and five storage accounts that will host file shares. The file shares will be accessed by using the SMB protocol.
You need to recommend an access authorization solution for the storage accounts. The solution must meet the following requirements:
* Maximize security.
* Prevent the use of shared keys.
* Whenever possible, support time-limited access.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Other Version: 980Microsoft.AZ-305.v2026-01-01.q141; 642Microsoft.AZ-305.v2025-12-28.q154; 688Microsoft.AZ-305.v2025-10-02.q159; 1066Microsoft.AZ-305.v2025-07-05.q144; 2230Microsoft.AZ-305.v2024-12-16.q302; 1081Microsoft.AZ-305.v2024-08-09.q118; 1297Microsoft.AZ-305.v2023-11-14.q105; 1215Microsoft.AZ-305.v2023-10-31.q111; 1431Microsoft.AZ-305.v2023-07-26.q107; 1588Microsoft.AZ-305.v2023-06-26.q97; 1489Microsoft.AZ-305.v2023-06-19.q104; 1312Microsoft.AZ-305.v2023-05-29.q95; 1598Microsoft.AZ-305.v2023-03-20.q104; 1743Microsoft.AZ-305.v2023-03-07.q101; 1358Microsoft.AZ-305.v2023-02-10.q68; 1243Microsoft.AZ-305.v2023-01-19.q65; 2325Microsoft.AZ-305.v2022-11-28.q118; 1494Microsoft.AZ-305.v2022-04-11.q26; 147Microsoft.Surepassexams.AZ-305.v2022-04-05.by.selena.26q.pdf

Latest Upload: 154CrowdStrike.CCSE-204.v2026-06-12.q25; 166VMware.2V0-17.25.v2026-06-12.q49; 165Appian.ACA-100.v2026-06-11.q23; 217CompTIA.220-1202.v2026-06-11.q114; 176CheckPoint.156-590.v2026-06-11.q47; 240CompTIA.220-1202.v2026-06-10.q109; 216CertiProf.CEHPC.v2026-06-10.q54; 154Hitachi.HQT-4160.v2026-06-10.q25; 412PMI.PMI-ACP-CN.v2026-06-09.q453; 196Splunk.SPLK-5002.v2026-06-08.q52

AZ-305 Exam Question 16

AZ-305 Exam Question 17

AZ-305 Exam Question 18

AZ-305 Exam Question 19

AZ-305 Exam Question 20

Download PDF File