AZ-104 Question #217: Real Exam Question with Answer & Explanation

Question

Case Study 2 - Contoso, Ltd Overview Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market. Contoso products are manufactured by using blueprint files that the company authors and maintains. Existing Environment Currently, Contoso uses multiple types of servers for business operations, including the following: - File servers - Domain controllers - Microsoft SQL Server servers Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory. You have a public-facing application named App1. App1 is comprised of the following three tiers: - A SQL database - A web front end - A processing middle tier Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only. Requirements Planned Changes Contoso plans to implement the following changes to the infrastructure: - Move all the tiers of App1 to Azure. - Move the existing product blueprint files to Azure Blob storage. - Create a hybrid directory to support an upcoming Microsoft Office 365 migration project. Technical Requirements Contoso must meet the following technical requirements: - Move all the virtual machines for App1 to Azure. - Minimize the number of open ports between the App1 tiers. - Ensure that all the virtual machines for App1 are protected by backups. - Copy the blueprint files to Azure over the Internet. - Ensure that the blueprint files are stored in the archive storage tier. - Ensure that partner access to the blueprint files is secured and temporary. - Prevent user passwords or hashes of passwords from being stored in Azure. - Use unmanaged standard storage for the hard disks of the virtualmachines. - Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity. - Minimize administrative effort whenever possible. User Requirements Contoso identifies the following requirements for users: - Ensure that only users who are part of a group named Pilot can join devices to Azure AD. - Designate a new user named Admin1 as the service administrator of the Azure subscription. - Ensure that a new user named User3 can create network objects for the Azure subscription. Hotspot Question You need to configure the Device settings to meet the technical requirements and the user requirements. Which two settings should you modify? To answer, select the appropriate settings in the answer area. Answer:

Options

• __typehotspot
• variantdropdown

Explanation

This case study hotspot question tests your ability to identify and select the correct Azure services, configurations, or architectural decisions for Contoso's migration of App1 tiers, blueprint files, and hybrid directory setup to Azure.

Approach. For moving App1's three tiers (SQL database, web front end, processing middle tier) to Azure, the correct approach involves using Azure SQL Database or SQL Managed Instance for the database tier, Azure App Service or Azure Virtual Machines with a load balancer for the web front end (HTTPS only, so HTTPS/TLS termination must be configured), and Azure Virtual Machines or Azure Service Bus for the processing middle tier. Blueprint files should be moved to Azure Blob Storage with appropriate access controls (such as SAS tokens or Azure AD-based access). For hybrid directory support needed for the Office 365 migration, Azure AD Connect should be implemented to synchronize the on-premises Active Directory (contoso.com) with Azure Active Directory, enabling hybrid identity. When answering hotspot questions in this scenario, you must select the correct service or configuration option at each highlighted area based on these architectural requirements.

Concept tested. Azure architecture design for lift-and-shift migrations, including appropriate service selection for multi-tier applications, Azure Blob Storage for unstructured data, Azure AD Connect for hybrid identity, and load balancing with HTTPS enforcement using Azure Application Gateway or Azure Load Balancer.

Reference. Microsoft Learn: Azure Architecture Center - N-tier application on Azure; Azure AD Connect documentation; Azure Blob Storage overview; AZ-104 / AZ-305 exam study guides

No community discussion yet for this question.