SC-100 Question #199: Real Exam Question with Answer & Explanation

Question

You have an Azure subscription. You plan to deploy enterprise-scale landing zones based on the Microsoft Cloud Adoption Framework for Azure. The deployment will include a single- platform landing zone for all shared services and three application landing zones that will each host a different Azure application. You need to recommend which resource to deploy to each landing zone. The solution must meet the Cloud Adoption Framework best-practice recommendations for enterprise-scale landing zones. What should you recommend?

Options

• Aan Azure firewall
• Ban Azure virtual network gateway
• Can Azure Private DNS zone
• Dan Azure key vault

Explanation

Landing zones and Azure regions Azure landing zones consist of a set of resources and configuration. Some of these items, like management groups, policies, and role assignments, are stored at either a tenant or management group level within the Azure landing zone architecture. These resources aren't deployed to a particular region and instead are deployed globally. However, you still need to specify a deployment region because Azure tracks some of the resource metadata in a regional If you deploy a networking topology, you also need to select an Azure region to deploy the networking resources to. This region can be different from the region that you use for the resources listed in the preceding list. Depending on the topology you select, the networking resources that you deploy might include: Azure Virtual WAN, including a Virtual WAN hub Azure virtual networks Azure ExpressRoute gateway Azure DDoS Protection plans *-> Azure private DNS zones, including zones for Azure Private Link Resource groups, to contain the preceding resources https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/considerations/regions

No community discussion yet for this question.