ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam
Go to Exam

Exam AZ-304 topic 4 question 25 discussion

Actual exam question from Microsoft's AZ-304
Question #: 25
Topic #: 4
[All AZ-304 Questions]

You plan to deploy 10 applications to Azure. The applications will be deployed to two Azure Kubernetes Service (AKS) clusters. Each cluster will be deployed to a separate Azure region.
The application deployment must meet the following requirements:
✑ Ensure that the applications remain available if a single AKS cluster fails.
✑ Ensure that the connection traffic over the internet is encrypted by using SSL without having to configure SSL on each container.
Which Azure service should you include in the recommendation?

  • A. AKS ingress controller
  • B. Azure Load Balancer
  • C. Azure Traffic Manager
  • D. Azure Front Door
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Azure Front Door enables you to define, manage, and monitor the global routing for your web traffic by optimizing for best performance and instant global failover for high availability. With Front Door, you can transform your global (multi-region) consumer and enterprise applications into robust, high-performance personalized modern applications, APIs, and content that reaches a global audience with Azure.
Front Door works at Layer 7 or HTTP/HTTPS layer and uses anycast protocol with split TCP and Microsoft's global network for improving global connectivity.
Incorrect Answers:
C: Azure Traffic Manager uses DNS (layer 3) to shape traffic. SSL works at Layer 6.
Azure Traffic Manager can direct customers to their closest AKS cluster and application instance. For the best performance and redundancy, direct all application traffic through Traffic Manager before it goes to your AKS cluster.
Reference:
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-overview
by RickMorais at Aug. 31, 2021, 8:49 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
RickMorais
Highly Voted 3 years, 9 months ago
D. Azure Front Door is the correct option.
upvoted 19 times
...
ACMaverick
Most Recent 7 months ago
Selected Answer: D
In concurance with the others
upvoted 1 times
...
JPORRAS
2 years ago
Answer D its correct because SSL not support Azure Traffic Manager
upvoted 1 times
...
Yazn
2 years, 7 months ago
Why not C Azure Traffic Manager? It is the one that can automatically initiate a failover between the 2 regions?
upvoted 1 times
Larrave
2 years ago
A requirement was using SSL. Traffic Manager uses DNS for routing it to the backend
upvoted 2 times
...
...
sapien45
2 years, 11 months ago
AFD for AKS MutiRegions Clustyers https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/containers/aks-multi-region/images/aks-multi-cluster-large.png#lightbox D
upvoted 1 times
...
FinMessner
3 years, 4 months ago
I'm still not convinced that the answer isn't AKS ingress controller. It can terminate SSL too. https://docs.microsoft.com/en-us/azure/aks/ingress-static-ip?tabs=azure-cli
upvoted 1 times
DeerMan
3 years, 4 months ago
Not fully sure but isn't AKS ingress controller deployed within the cluster? Think that this doesn't meet the requirements for balancing load between clusters.
upvoted 3 times
...
jmay
3 years, 4 months ago
i think when a cluster fails it implies that the ingress controller also fails.
upvoted 1 times
...
...
examineezer
3 years, 5 months ago
How to choose the right load balancing option https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview
upvoted 2 times
...
parkranger
3 years, 7 months ago
"Azure Front Door, which focuses on global load-balancing and site acceleration, and Azure CDN Standard, which offers static content caching and acceleration. The new Azure Front Door brings together security with CDN technology for a cloud-based CDN with threat protection and additional capabilities. "
upvoted 3 times
...
parkranger
3 years, 7 months ago
"using SSL without having to configure SSL on each container." - SSL termination point is NOT on container meaning that there should be something frontend of AKS.
upvoted 2 times
...
leo_az300
3 years, 8 months ago
The question is looking foe Global load balancing solution not regional solution, which eliminates application gateway and load balancer. Then it requires for HTTPS handling, which limits the answer to Front Door only
upvoted 3 times
FinMessner
3 years, 4 months ago
AKS Ingress Controller supports HTTPS... Why the hell is noone talking about the AKS Ingress Controller?
upvoted 1 times
therealss
3 years, 4 months ago
it appears it's _not_ global, similar to Azure App Gateway, whereas Azure Front Door is
upvoted 1 times
...
sapien45
3 years ago
using SSL without having to configure SSL on each container. AKS Ingress Controller is configured for each AKS Container
upvoted 1 times
...
...
...
cfsxtuv33
3 years, 8 months ago
ANSWER IS "D" No doubt about it.
upvoted 3 times
...
waqas
3 years, 8 months ago
D. Azure Front Door
upvoted 2 times
...
syu31svc
3 years, 8 months ago
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-overview Key features included with Front Door: Accelerated application performance by using split TCP-based anycast protocol. Intelligent health probe monitoring for backend resources. URL-path based routing for requests. Enables hosting of multiple websites for efficient application infrastructure. Cookie-based session affinity. SSL offloading and certificate management. D is the answer; Front Door
upvoted 2 times
...
poplovic
3 years, 8 months ago
AFD is correct because of SSL requirement in the question See the link https://docs.microsoft.com/en-us/azure/frontdoor/front-door-overview and I quote " Note Azure provides a suite of fully managed load-balancing solutions for your scenarios. If you are looking to do DNS based global routing and do not have requirements for Transport Layer Security (TLS) protocol termination ("SSL offload"), per-HTTP/HTTPS request or application-layer processing, review Traffic Manager. If you want to load balance between your servers in a region at the application layer, review Application Gateway. To do network layer load balancing, review Load Balancer. "
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel