exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam

Exam AZ-305 topic 4 question 3 discussion

Actual exam question from Microsoft's AZ-305
Question #: 3
Topic #: 4
[All AZ-305 Questions]

Your company has the infrastructure shown in the following table.

The on-premises Active Directory domain syncs with Azure Active Directory (Azure AD).
Server1 runs an application named App1 that uses LDAP queries to verify user identities in the on-premises Active Directory domain.
You plan to migrate Server1 to a virtual machine in Subscription1.
A company security policy states that the virtual machines and services deployed to Subscription1 must be prevented from accessing the on-premises network.
You need to recommend a solution to ensure that App1 continues to function after the migration. The solution must meet the security policy.
What should you include in the recommendation?

  • A. Azure AD Application Proxy
  • B. the Active Directory Domain Services role on a virtual machine
  • C. an Azure VPN gateway
  • D. Azure AD Domain Services (Azure AD DS)
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
bkrich
Highly Voted 2 years, 12 months ago
Selected Answer: D
D seems to be correct. You can use Azure AD DS and sync identities needed from Azure AD to Azure AD DS to use legacy protocols like LDAP. Kerberos and NTLM
upvoted 31 times
...
Eltooth
Highly Voted 2 years, 11 months ago
Selected Answer: D
AD DS in azure on a VM would be easiest option however policy restricts access. Correct answer - D
upvoted 10 times
FrancisFerreira
2 years, 8 months ago
If you have AD DS in an Azure VM, you wouldn't need to access the internal network as the on-prem AD DS is already synced to Azure AD. Why would you do that tho? It's one extra VM to maintain, coz Server1 is a Linux VM that can't host AD DS, so you would need an extra Win VM just for that.
upvoted 8 times
...
...
Thanveer
Most Recent 4 days, 16 hours ago
Selected Answer: D
Microsoft Entra Domain Services
upvoted 1 times
...
SeMo0o0o0o
3 weeks, 1 day ago
Selected Answer: D
D is correct
upvoted 1 times
...
23169fd
5 months, 1 week ago
Selected Answer: D
D. Azure AD Domain Services (Azure AD DS) Justification: Azure AD DS: Offers LDAP, Kerberos, and NTLM authentication without requiring a direct connection to on-premises AD, ensuring compliance with the security policy. Functionality: Allows App1 to perform LDAP queries to verify user identities using the synchronized data from Azure AD. Security: Prevents virtual machines in Subscription1 from accessing the on-premises network directly.
upvoted 1 times
...
betterthanlife
1 year, 7 months ago
D is correct, App Proxy would not work & both the VPN gateway or DC in Azure IaaS would violate the requirement that virtual machines and services deployed to Subscription1 must be prevented from accessing the on-premises network.
upvoted 2 times
...
NotMeAnyWay
1 year, 8 months ago
Selected Answer: D
D. Azure AD Domain Services (Azure AD DS) Azure AD Domain Services (Azure AD DS) provides managed domain services such as domain join, group policy, LDAP, and Kerberos/NTLM authentication. It integrates with your existing Azure AD tenant, allowing you to continue using LDAP queries to verify user identities after migrating Server1 to a virtual machine in Subscription1. By using Azure AD DS, you can ensure that App1 continues to function after migration while adhering to the company security policy that prevents virtual machines and services deployed to Subscription1 from accessing the on-premises network.
upvoted 6 times
...
OPT_001122
1 year, 10 months ago
Selected Answer: D
D. Azure AD Domain Services (Azure AD DS)
upvoted 1 times
...
Gowind2
2 years, 2 months ago
Selected Answer: D
Example here: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/scenarios#azure-ad-ds-for-hybrid-organizations Azure AD Already exists and is synced with on premises AD.
upvoted 3 times
...
lemoniazure
2 years, 4 months ago
D, Reason: An Azure AD DS managed domain lets you run legacy applications in the cloud that can't use modern authentication methods, or where you don't want directory lookups to always go back to an on-premises AD DS environment. You can lift and shift those legacy applications from your on-premises environment into a managed domain, without needing to manage the AD DS environment in the cloud. Azure AD DS integrates with your existing Azure AD tenant. This integration lets users sign in to services and applications connected to the managed domain using their existing credentials. You can also use existing groups and user accounts to secure access to resources. These features provide a smoother lift-and-shift of on-premises resources to Azure.
upvoted 4 times
...
shaojunni
2 years, 4 months ago
D is correct. B is incorrect, since AAD is already in place and synced with AD on-premise.
upvoted 1 times
...
AubinBakana
2 years, 4 months ago
Selected Answer: D
This is the best answer. Azure AD DS was designed exactly for this type of scenario.
upvoted 1 times
...
codingdown
2 years, 4 months ago
Selected Answer: A
Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client.
upvoted 1 times
AubinBakana
2 years, 4 months ago
Yes, but we are not talking about users here. This is an application feature. App Proxy is a jump box that allows users to connect to services on-prem without poking a whole in the Firewall. Totally different situation here.
upvoted 3 times
...
...
codingdown
2 years, 4 months ago
Selected Answer: A
Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client.
upvoted 1 times
rishisoft1
8 months, 1 week ago
Application proxy helps to sync on-premise and Azure AD, actual authentication occurs through ADDS
upvoted 1 times
...
...
tunmise_ay
2 years, 6 months ago
was in exam 1 June 2022
upvoted 6 times
al608
2 years, 6 months ago
did any other questions from this come. I am doing my exam on the 22nd
upvoted 1 times
...
...
Gor
2 years, 6 months ago
Selected Answer: D
Correct answer - D https://docs.microsoft.com/en-us/azure/active-directory-domain-services/faqs#can-i-add-domain-controllers-to-an-azure-ad-domain-services-managed-domain-
upvoted 2 times
...
winframe
2 years, 6 months ago
App1 requires to use LDAP queries to verify identities. I suppose the App will not modify (question doesn't refer to any changes in the App), no LDAP in AZ AD, so the only possibility is deploy an AD DS in Azure. VPN is in place. B seems to be correct, a Domain Controller in Azure
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...