Question 1

CASE STUDY: Contoso Ltd is a global financial services company migrating to Azure. 
Current environment: 3 on-premises datacenters (New York, London, Tokyo) connected via MPLS. 
Azure footprint: 1 Hub VNet in East US, 1 Hub in UK South. 50 Spoke VNets peered to the Hubs. 
Requirements: 
1) Encrypt all cross-region traffic. 
2) Inspect all internet-bound traffic from spokes. 
3) Connect Tokyo datacenter to Azure with guaranteed 10 Gbps and SLA. 
4) Ensure web apps in spokes are protected from SQL injection. 
5) Resolve on-premises DNS from Azure and vice versa.

QUESTION: Which fully managed PaaS service should you deploy in the Hub VNet to meet Requirement 5 (Resolve on-premises DNS from Azure and vice versa) without managing IaaS virtual machines?

Accepted Answer

Identify the PaaS service that acts as a bridge between Azure Private DNS and on-premises DNS.

Question 2

What mistakes do candidates make on this AZ-305 question?

Accepted Answer

Choosing Azure Private DNS Zones. A Private DNS zone holds the records, but it cannot actively forward queries across a VPN/ExpressRoute on its own; it requires the Resolver.

How to approach this question

Full Answer

Common mistakes

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 5

More questions from this exam