AZ-305 Design identity, governance, and monitoring solutions • Complete Question Bank
Complete AZ-305 Design identity, governance, and monitoring solutions question bank — all 0 questions with answers and detailed explanations.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
DNS-based traffic routing
Global HTTP(S) load balancing with WAF
Regional layer-7 load balancer with WAF
Regional layer-4 load balancer
Site-to-site VPN connectivity
Drag a concept onto its matching description — or click a concept then click the description.
IaaS with full control over OS and apps
PaaS for web apps, APIs, and mobile backends
Managed Kubernetes for container orchestration
Serverless compute for event-driven code
Simple, fast container deployment without orchestration
Drag a concept onto its matching description — or click a concept then click the description.
Centralized hub for discovery, assessment, and migration
Migrate databases to Azure with minimal downtime
Physical device for offline data transfer
Replicate and migrate on-premises VMs to Azure
Ship hard drives to transfer large data volumes
Refer to the exhibit.
{
"type": "Microsoft.Authorization/policyDefinitions",
"properties": {
"displayName": "Audit usage of custom RBAC roles",
"policyType": "Custom",
"mode": "All",
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Authorization/roleDefinitions"
},
"then": {
"effect": "Audit",
"details": {
"roleDefinitionIds": ["/providers/Microsoft.Authorization/roleDefinitions/*"]
}
}
}
}
}Refer to the exhibit.
{
"type": "Microsoft.Insights/scheduledQueryRules",
"apiVersion": "2021-08-01",
"properties": {
"displayName": "High CPU Alert",
"severity": 2,
"enabled": true,
"scopes": ["/subscriptions/12345/resourceGroups/prod/providers/Microsoft.Compute/virtualMachines/vm1"],
"evaluationFrequency": "PT5M",
"windowSize": "PT15M",
"criteria": {
"allOf": [
{
"query": "Perf | where ObjectName == 'Processor' and CounterName == '% Processor Time' and InstanceName == '_Total' | where CounterValue > 90",
"timeAggregation": "Count",
"threshold": 5,
"operator": "GreaterThan"
}
]
},
"actions": {
"actionGroups": [
"/subscriptions/12345/resourceGroups/rg-alerts/providers/microsoft.insights/actionGroups/ag-email"
]
}
}
}Refer to the exhibit.
{
"type": "Microsoft.Network/networkWatchers/connectionMonitors",
"apiVersion": "2022-01-01",
"properties": {
"endpoints": [
{
"name": "sourceVM",
"resourceId": "/subscriptions/123/resourceGroups/rg-prod/providers/Microsoft.Compute/virtualMachines/vm1"
},
{
"name": "destinationVM",
"resourceId": "/subscriptions/123/resourceGroups/rg-prod/providers/Microsoft.Compute/virtualMachines/vm2",
"address": "10.0.1.4"
}
],
"testConfigurations": [
{
"name": "TCPTest",
"protocol": "TCP",
"tcpConfiguration": {
"port": 443
}
}
],
"testGroups": [
{
"name": "TestGroup1",
"disable": false,
"sources": ["sourceVM"],
"destinations": ["destinationVM"],
"testConfigurations": ["TCPTest"]
}
]
}
}Refer to the exhibit.
```json
{
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
"then": {
"effect": "deny",
"details": {
"field": "Microsoft.Compute/virtualMachines/sku.name",
"notIn": ["Standard_D2s_v3", "Standard_D4s_v3"]
}
}
}
}
```Refer to the exhibit.
```kql
SigninLogs
| where TimeGenerated > ago(1d)
| where RiskLevelDuringSignIn == "medium"
| where RiskEventTypes has_any ("unfamiliarFeatures", "anonymousIPAddress")
| summarize Count = count() by UserPrincipalName
| where Count > 5
```Refer to the exhibit.
```json
{
"properties": {
"displayName": "Allow assist setup"
},
"roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/...",
"principalId": "12345678-1234-1234-1234-123456789abc",
"scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/RG1"
}
```{
"properties": {
"targetResourceId": "/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/prod-rg/providers/Microsoft.Compute/virtualMachines/vm-prod-01",
"configuration": {
"protectedSettings": {
"commandToExecute": "powershell -ExecutionPolicy Unrestricted -File configure.ps1"
}
},
"extensionType": "CustomScriptExtension",
"publisher": "Microsoft.Compute",
"typeHandlerVersion": "1.10"
}
}subscriptions:
- name: sub-prod
location: eastus
resourceGroups:
- name: rg-prod
resources:
- type: Microsoft.Storage/storageAccounts
name: stprod001
properties:
accessTier: Hot
supportsHttpsTrafficOnly: true
minimumTlsVersion: TLS1_2{
"type": "Microsoft.Network/networkWatchers/flowLogs",
"apiVersion": "2022-07-01",
"properties": {
"targetResourceId": "/subscriptions/.../microsoft.network/networksecuritygroups/nsg-prod",
"storageId": "/subscriptions/.../storageAccounts/stgflowlog",
"enabled": true,
"retentionPolicy": {
"days": 30,
"enabled": true
},
"format": {
"type": "JSON",
"version": 2
}
}
}Refer to the exhibit.
```json
{
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
"then": {
"effect": "deny"
}
}
}
```Refer to the exhibit.
```json
{
"properties": {
"displayName": "Require MFA for admins",
"conditions": {
"users": {
"includeUsers": ["All"]
},
"applications": {
"includeApplications": ["All"]
},
"clientAppTypes": ["browser", "mobileAppsAndDesktopClients"]
},
"grantControls": {
"builtInControls": ["mfa"]
}
}
}
```Refer to the exhibit. ```kusto Heartbeat | where TimeGenerated > ago(1h) | summarize LastHeartbeat = max(TimeGenerated) by Computer | where LastHeartbeat < ago(5m) ```
{
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"field": "Microsoft.Compute/virtualMachines/sku.name",
"in": ["Standard_D2s_v3", "Standard_D4s_v3"]
}
]
},
"then": {
"effect": "deny"
}
}
}{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workspaceName": {
"value": "LAW-CorpProd"
},
"sku": {
"value": "PerGB2018"
},
"retentionInDays": {
"value": 365
},
"dailyQuotaGb": {
"value": 100
}
}
}{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Authorization/policyAssignments",
"apiVersion": "2021-06-01",
"name": "audit-vm-managed-disks",
"properties": {
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06a5a3b5-7a6b-4c5d-8e6f-7a8b9c0d1e2f",
"scope": "/subscriptions/12345678-1234-1234-1234-123456789abc",
"parameters": {}
}
}
]
}{
"properties": {
"displayName": "GDPR Compliance Policy",
"scope": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/RG-Prod",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abc123",
"parameters": {},
"enforcementMode": "Default"
}
}{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-02-01",
"name": "[parameters('storageName')]",
"location": "[parameters('location')]",
"kind": "StorageV2",
"sku": {
"name": "Standard_LRS"
},
"properties": {
"supportsHttpsTrafficOnly": true,
"minimumTlsVersion": "TLS1_2"
}
}
],
"outputs": {}
}Refer to the exhibit.
```json
{
"policy": {
"tenantId": "contoso.onmicrosoft.com",
"conditions": {
"applications": ["All"]
},
"grantControls": {
"builtInControls": ["mfa", "approvedApplication"],
"operator": "AND"
},
"sessionControls": {
"applicationEnforcedRestrictions": null,
"cloudAppSecurity": {
"cloudAppSecurityType": "monitorOnly"
},
"signInFrequency": {
"value": 1,
"type": "hours"
},
"persistentBrowser": {
"isEnabled": false
}
}
}
}
```Refer to the exhibit.
```json
{
"roleName": "Custom Storage Auditor",
"Description": "Can read storage account keys and monitor logs",
"Actions": [
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Storage/storageAccounts/providers/Microsoft.Insights/diagnosticSettings/read"
],
"NotActions": [],
"AssignableScopes": ["/subscriptions/12345-abcde/resourceGroups/Production"]
}
```Refer to the exhibit.
```powershell
PS Azure:" Connect-AzAccount
PS Azure:" Get-AzRoleAssignment -Scope "/subscriptions/12345-abcde/resourceGroups/Prod" | Where-Object {$_.RoleDefinitionName -eq "Contributor"}
RoleAssignmentId : /subscriptions/12345-abcde/resourceGroups/Prod/providers/Microsoft.Authorization/roleAssignments/abc123
Scope : /subscriptions/12345-abcde/resourceGroups/Prod
DisplayName : John Doe
SignInName : john@contoso.com
RoleDefinitionName : Contributor
RoleDefinitionId : b24988ac-6180-42a0-ab88-20f7382dd24c
ObjectId : 11111111-2222-3333-4444-555555555555
ObjectType : User
CanDelegate : False
Description :
ConditionVersion :
Condition :
```Refer to the exhibit.
{
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
"then": {
"effect": "modify",
"details": {
"operations": [{
"operation": "addOrReplace",
"field": "tags['Environment']",
"value": "Production"
}]
}
}
}
}Refer to the exhibit.
$resources = Get-AzResource | Where-Object {$_.Tags -eq $null}
foreach ($resource in $resources) {
$tags = @{"Environment"="Unknown"}
Update-AzTag -ResourceId $resource.ResourceId -Tag $tags -Operation Merge
}Refer to the exhibit.
{
"location": "eastus",
"properties": {
"workbooks": [
{
"kind": "shared",
"displayName": "CPU Utilization",
"serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"query\":\"Perf | where ObjectName == \\\"Processor\\\" and CounterName == \\\"% Processor Time\\\" | summarize avg=avg(CounterValue) by Computer, bin(TimeGenerated, 5m) | render timechart\",\"size\":0,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"timechart\"}}]}",
"category": "workbook"
}
]
}
}Refer to the exhibit.
{
"name": "my-policy",
"properties": {
"policyRule": {
"if": {
"field": "Microsoft.Sql/servers/administratorLogin",
"exists": "false"
},
"then": {
"effect": "deny"
}
}
}
}{
"properties": {
"templateLink": {
"uri": "https://raw.githubusercontent.com/contoso/templates/main/arm/deploy.json",
"contentVersion": "1.0.0.0"
},
"parameters": {},
"mode": "Incremental",
"debugSetting": {
"detailLevel": "requestContent, responseContent"
},
"onError": {
"type": "DeploymentRollback"
}
}
}[
{
"id": "https://contoso.vault.azure.net/secrets/MySecret/abc123",
"attributes": {
"enabled": true,
"created": "2024-01-15T10:00:00Z",
"updated": "2024-06-20T12:00:00Z",
"exp": "2025-01-15T10:00:00Z"
},
"tags": {"environment": "production"}
}
]{
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"field": "Microsoft.Compute/virtualMachines/sku.name",
"notEquals": "Standard_DS2_v2"
}
]
},
"then": {
"effect": "deny"
}
}
}{
"query": "SigninLogs | where TimeGenerated > ago(1h) | where RiskLevelDuringSignIn == 'high' | project UserPrincipalName, Location, RiskLevelDuringSignIn"
}{
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"field": "Microsoft.Compute/virtualMachines/sku.name",
"notEquals": "Standard_D2s_v3"
}
]
},
"then": {
"effect": "deny"
}
}
}Refer to the exhibit.
```json
{
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"field": "Microsoft.Compute/virtualMachines/sku",
"like": "Standard_D*"
},
{
"not": {
"field": "Microsoft.Compute/virtualMachines/licenseType",
"exists": true
}
}
]
},
"then": {
"effect": "deny"
}
}
}
```Refer to the exhibit.
```kusto
// KQL query used in a Microsoft Sentinel analytics rule
let VMList = dynamic(["vm-web-prod-01", "vm-web-prod-02"]);
AzureActivity
| where OperationNameValue == "MICROSOFT.COMPUTE/VIRTUALMACHINES/WRITE"
| where ResourceId contains "virtualMachines/"
| extend VMName = extract("virtualMachines/([^/]+)", 1, ResourceId)
| where VMName in (VMList)
| where ActivityStatusValue == "Success"
| project TimeGenerated, VMName, Caller, ResourceGroup
```{
"policy": {
"if": {
"anyOf": [
{
"field": "type",
"equals": "Microsoft.Network/virtualNetworks"
},
{
"field": "type",
"equals": "Microsoft.Network/networkSecurityGroups"
}
]
},
"then": {
"effect": "deny"
}
},
"parameters": {}
}Refer to the exhibit.
{
"policy": {
"allowedResources": [
"/subscriptions/12345/resourceGroups/rg-prod/providers/Microsoft.Web/sites/myapp"
],
"approvedGroups": [
"group-app-admins@contoso.com"
],
"maxDuration": "PT8H",
"approvalRequired": true
}
}