AZ-303 Exam Questions - Online Test


AZ-303 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

surepassexam.com

Cause all that matters here is passing the Microsoft AZ-303 exam. Cause all that you need is a high score of AZ-303 Microsoft Azure Architect Technologies (beta) exam. The only one thing you need to do is downloading Testking AZ-303 exam study guides now. We will not let you down with our money-back guarantee.

Free AZ-303 Demo Online For Microsoft Certifitcation:

NEW QUESTION 1

You have several Azure virtual machines on a virtual network named VNet1. You configure an Azure Storage account as shown in the following exhibit.
AZ-303 dumps exhibit
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Never
Box 2: Never
After you configure firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an exception to enable Azure Backup service to access the network restricted storage account.
AZ-303 dumps exhibit
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows https://azure.microsoft.com/en-us/blog/azure-backup-now-supports-storage-accounts-secured-with-azure-storage

NEW QUESTION 2

You network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD) tenant named adatum.onmicrosoft.com.
Adatum.com contains the user accounts in the following table.
AZ-303 dumps exhibit
Adatum.onmicrosoft.com contains the user accounts in the following table.
AZ-303 dumps exhibit
You need to implement Azure AD Connect. The solution must follow the principle of least privilege. Which user accounts should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: User5
In Express settings, the installation wizard asks for the following: AD DS Enterprise Administrator credentials
Azure AD Global Administrator credentials
The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are only used during the installation and are not used after the installation has completed. The Enterprise Admin, not the Domain Admin should make sure the permissions in Active Directory can be set in all domains. Box 2: UserA
Azure AD Global Admin credentials are only used during the installation and are not used after the installation has completed. It is used to create the Azure AD Connector account used for synchronizing changes to Azure AD. The account also enables sync as a feature in Azure AD.
References:
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-accounts-permissio

NEW QUESTION 3

You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table:
AZ-303 dumps exhibit
VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and VNet2. An administrator named Admin1 creates an Azure virtual machine VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1.
You need to move the custom application to VNet2. The solution must minimize administrative effort. Which two actions should you perform? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
We cannot just move a virtual machine between networks. What we need to do is identify the disk used by the VM, delete the VM itself while retaining the disk, and recreate the VM in the target virtual network and then attach the original disk to it.
Reference:
https://blogs.technet.microsoft.com/canitpro/2014/06/16/step-by-step-move-a-vm-to-a-different-vnet-on-azure/
https://4sysops.com/archives/move-an-azure-vm-to-another-virtual-network-vnet/#migrate-an-azure-vm-betwee

NEW QUESTION 4

You have resources in three Azure regions. Each region contains two virtual machines. Each virtual machine has a public IP address assigned to its network interface and a locally installed application named App1.
You plan to implement Azure Front Door-based load balancing across all the virtual machines.
You need to ensure that App1 on the virtual machines will only accept traffic routed from Azure Front Door. What should you implement?

  • A. Azure Private Link
  • B. service endpoints
  • C. network security groups (NSGs) with service tags
  • D. network security groups (NSGs) with application security groups

Answer: C

Explanation:
Configure IP ACLing for your backends to accept traffic from Azure Front Door's backend IP address space and Azure's infrastructure services only. Refer the IP details below for ACLing your backend:
AZ-303 dumps exhibit Refer AzureFrontDoor.Backend section in Azure IP Ranges and Service Tags for Front Door's IPv4 backend IP address range or you can also use the service tag AzureFrontDoor.Backend in your network security groups.
Reference:
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq

NEW QUESTION 5

You create a new Azure subscription. You create a resource group named RG1. In RG1. you create the resources shown in the following table.
AZ-303 dumps exhibit
You need to configure an encrypted tunnel between your on-premises network and VNET1.
Which two additional resources should you create in Azure? Each correct answer presents part of the solution.

  • A. a point-to-site configuration
  • B. a local network gateway
  • C. a VNet-to-VNet connection
  • D. a VPN gateway
  • E. a site-to-site connection

Answer: DE

Explanation:
A Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device, a local network gateway, located on-premises that has an externally facing public IP address assigned to it.
Finally, create a Site-to-Site VPN connection between your virtual network gateway and your on-premises VPN device.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

NEW QUESTION 6

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.
AZ-303 dumps exhibit
You plan to install Azure AD Connect and enable SSO.
You need to specify which user to use to enable SSO. The solution must use the principle of least privilege. Which user should you specify?

  • A. User4
  • B. User1
  • C. User3
  • D. User2

Answer: C

NEW QUESTION 7

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using Azure ExpressRoute.
You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Create a VPN gateway that uses the VpnGw1 SKU.
  • B. Create a connection.
  • C. Create a local site VPN gateway.
  • D. Create a gateway subnet.
  • E. Create a VPN gateway that uses the Basic SKU.

Answer: ABC

Explanation:
References:
https://docs.microsoft.com/en-za/archive/blogs/canitpro/step-by-step-configuring-a-site-to-site-vpn-gateway-bet

NEW QUESTION 8

You need to meet the user requirement for Admin1. What should you do?

  • A. From the Subscriptions blade, select the subscription, and then modify the Properties.
  • B. From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.
  • C. From the Azure Active Directory blade, modify the Properties.
  • D. From the Azure Active Directory blade, modify the Groups.

Answer: A

Explanation:
Change the Service administrator for an Azure subscription
AZ-303 dumps exhibit Sign in to Account Center as the Account administrator.
AZ-303 dumps exhibit Select a subscription.
AZ-303 dumps exhibit On the right side, select Edit subscription details.
Scenario: Designate a new user named Admin1 as the service administrator of the Azure subscription. References:
https://docs.microsoft.com/en-us/azure/billing/billing-add-change-azure-subscription-administrator

NEW QUESTION 9

You have the virtual machines shown in the following table.
AZ-303 dumps exhibit
You deploy an Azure bastion named Bastion1 to VNET1.
To which virtual machines can you connect by using Bastion1?

  • A. VM1 only
  • B. VM1 and VM2 only
  • C. VM2 and VM3 only
  • D. VM1, VM2, and VM3

Answer: C

NEW QUESTION 10

You have an Azure subscription that contains the resources shown in the following table.
AZ-303 dumps exhibit
Subnet1 is on VNET1. VM1 connects to Subnet1.
You plan to create a virtual network gateway on VNET1.
You need to prepare the environment for the planned virtual network gateway.
What are two ways to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

  • A. Create a subnet named GatewaySubnet on VNET1.
  • B. Delete Subnet1.
  • C. Modify the address space used by Subnet1.
  • D. Modify the address space used by VNET1
  • E. Create a local network gateway.

Answer: AD

NEW QUESTION 11

You have an Azure Active Directory (Azure AD) tenant that contains the user groups shown in the following table.
AZ-303 dumps exhibit
You enable self-service password reset (SSPR) for Group1.
You configure the Notifications settings as shown in the following exhibit.
AZ-303 dumps exhibit
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Yes
Notify all admins when other admins reset their passwords: Yes. Box 2: No
Notify users on password resets: No. Box 3: No
AZ-303 dumps exhibit Notify users on password resets
If this option is set to Yes, then users resetting their password receive an email notifying them that their password has been changed. The email is sent via the SSPR portal to their primary and alternate email addresses that are on file in Azure AD. No one else is notified of the reset event.
AZ-303 dumps exhibit Notify all admins when other admins reset their passwords
If this option is set to Yes, then all administrators receive an email to their primary email address on file in Azure AD. The email notifies them that another administrator has changed their password by using SSPR.
Example: There are four administrators in an environment. Administrator A resets their password by using SSPR. Administrators B, C, and D receive an email alerting them of the password reset.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr

NEW QUESTION 12

Your company has the groups shown in the following table.
AZ-303 dumps exhibit
The company has an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
An administrator named Admin1 attempts to enable Enterprise State Roaming for all the users in the Managers group.
Admin1 reports that the options for Enterprise State Roaming are unavailable from Azure AD. You verify that Admin1 is assigned the Global administrator role.
You need to ensure that Admin1 can enable Enterprise State Roaming. What should you do?

  • A. Enforce Azure Multi-Factor Authentication (MFA) for Admin1.
  • B. Purchase an Azure AD Premium P1 license for each user in the Managers group.
  • C. Assign an Azure AD Privileged Identity Management (PIM) role to Admin1.
  • D. Purchase an Azure Rights Management (Azure RMS) license for each user in the Managers group.

Answer: B

Explanation:
Enterprise State Roaming is available to any organization with an Azure AD Premium or Enterprise Mobility
+ Security (EMS) license.
References:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/devices/enterprise-state-roaming-enable

NEW QUESTION 13

You have an application named App1 that does not support Azure Active Directory (Azure AD) authentication.
You need to ensure that App1 can send messages to an Azure Service Bus queue. The solution must prevent Appl from listening to the queue.
What should you do?

  • A. Modify the locks of the Queue
  • B. Configure Access control (IAM) for the Service Bus
  • C. Configure Access control (IAM) for the queue.
  • D. Add a shared access policy to the queue

Answer: D

Explanation:
There are two ways to authenticate and authorize access to Azure Service Bus resources: Azure Activity Directory (Azure AD) and Shared Access Signatures (SAS).
Each Service Bus namespace and each Service Bus entity has a Shared Access Authorization policy made up of rules.
Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-authentication-and-authorization https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-sas

NEW QUESTION 14

You have two Azure SQL Database managed instances in different Azure regions. You plan to configure the managed instances in an instance failover group.
What should you configure before you can add the managed instances to the instance failover group?

  • A. Azure Private Link that has endpoints on two virtual networks
  • B. an internal Azure Load Balancer instance that has managed instance endpoints in a backend pool
  • C. an Azure Application Gateway that has managed instance endpoints in a backend pool
  • D. a Site-to-Site VPN between the virtual networks that contain the instances

Answer: D

Explanation:
For two managed instances to participate in a failover group, there must be either ExpressRoute or a gateway configured between the virtual networks of the two managed instances to allow network communication.
You create the two VPN gateways and connect them.
AZ-303 dumps exhibitCreate a bidirectional connection between the two gateways of the two virtual networks.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/managed-instance/failover-group-add-instance-tutorial?tabs=az

NEW QUESTION 15

You have a web server app named App1 that is hosted in three Azure regions. You plan to use Azure Traffic Manager to distribute traffic optimally for App1.
You need to enable Real User Measurements to monitor the network latency data for App1. What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Select Generate key
You can configure your web pages to send Real User Measurements to Traffic Manager by obtaining a Real User Measurements (RUM) key and embedding the generated code to web page.
Obtain a Real User Measurements key
The measurements you take and send to Traffic Manager from your client application are identified by the service using a unique string, called the Real User Measurements (RUM) Key. You can get a RUM key using the Azure portal, a REST API, or by using the PowerShell or Azure CLI.
To obtain the RUM Key using Azure portal:
AZ-303 dumps exhibit From a browser, sign in to the Azure portal. If you don’t already have an account, you can sign up for a free one-month trial.
AZ-303 dumps exhibit In the portal’s search bar, search for the Traffic Manager profile name that you want to modify, and then click the Traffic Manager profile in the results that the displayed.
AZ-303 dumps exhibit In the Traffic Manager profile blade, click Real User Measurements under Settings.
AZ-303 dumps exhibit Click Generate Key to create a new RUM Key.
Box 2: Embed the Traffic Manager JavaScript code snippet. Embed the code to an HTML web page
After you have obtained the RUM key, the next step is to embed this copied JavaScript into an HTML page that your end users visit.
This example shows how to update an HTML page to add this script. You can use this guidance to adapt it to your HTML source management workflow.
AZ-303 dumps exhibit Open the HTML page in a text editor
AZ-303 dumps exhibit Paste the JavaScript code you had copied in the earlier step to the BODY section of the HTML (the copied code is on line 8 & 9, see figure 3).
AZ-303 dumps exhibit
Reference:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-create-rum-web-pages

NEW QUESTION 16

You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. You add the users in the following table.
AZ-303 dumps exhibit
Which user can perform each configuration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: User1 and User3 only.
The Owner Role lets you manage everything, including access to resources.
The Network Contributor role lets you manage networks, but not access to them. Box 2: User1
The Security Admin role: In Security Center only: Can view security policies, view security states, edit security policies, view alerts and recommendations, dismiss alerts and recommendations.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

NEW QUESTION 17

The developers at your company request that you create databases in Azure Cosmos DB as shown in the following table.
AZ-303 dumps exhibit
You need to create the Azure Cosmos DB databases to meet the developer request. The solution must minimize costs.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Create three Azure Cosmos DB accounts, one for the databases that use the Core (SQL) API, one for CosmosDB2, and one for CosmosDB4.
  • B. Create two Azure Cosmos DB accounts, one for CosmosDB2 and CosmosDB4 and one for CosmosDB1 and CosmosDB3.
  • C. Create one Azure Cosmos DB account for each database.
  • D. Create three Azure Cosmos DB accounts, one for the databases that use the MongoDB API, one for CosmosDB1, and one for CosmosDB3.

Answer: BD

Explanation:
Note:
Microsoft recommends using the same API for all access to the data in a given account.
One throughput provisioned container per subscription for SQL, Gremlin API, and Table accounts. Up to three throughput provisioned collections per subscription for MongoDB accounts.
The throughput provisioned on an Azure Cosmos container is exclusively reserved for that container. The container receives the provisioned throughput all the time.
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/set-throughput#set-throughput-on-a-container

NEW QUESTION 18

You have SQL Server on an Azure virtual machine named SQL1.
You need to automate the backup of the databases on SQL1 by using Automated Backup v2 for the virtual machines. The backups must meet the following requirements:
• Meet a recovery point objective (RPO) of 15 minutes.
• Retain the backups for 30 days.
• Encrypt the backups at rest.
What should you provision as part of the backup solution?

  • A. Azure Key Vault
  • B. an Azure Storage account
  • C. a Recovery Services vault
  • D. Elastic Database jobs

Answer: B

Explanation:
An Azure storage account is used for storing Automated Backup files in blob storage. A container is created at this location to store all backup files. The backup file naming convention includes the date, time, and database GUID.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/automated-backup

NEW QUESTION 19

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it As a result, these questions will not appear in the review screen.
You have an Azure Active Directory {Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin 1 discovers that all the other Identity Governance settings are available.
Admin1 is assigned The User administrator. Compliance administrator, and Security administrator roles. You need to ensure that Admin1 can create access reviews in contoso.com. .
Solution: You assign the Global administrator role to Admin1. Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
Instead use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
AZ-303 dumps exhibit Conduct access reviews to ensure users still need roles References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

NEW QUESTION 20

You have an Azure Container Registry and an Azure container instance.
You pull an image from the registry, and then update the local copy of the image.
You need to ensure that the updated image can be deployed to the container instance. The solution must ensure that you can deploy the updated image or the previous version of the image.
What should you do?

  • A. Run the docker image push command and specify the tag parameter.
  • B. Run the az image copy command and specify the tag paramete
  • C. Run the az aks update command and specify the attach-acr parameter.
  • D. Run the kubect1 apply command and specify the dry-run parameter.

Answer: B

NEW QUESTION 21

You have an Azure Active Directory (Azure AD) tenant linked to an Azure subscription. The tenant contains a group named Admins.
You need to prevent users, except for the members of Admins, from using the Azure portal and Azure PowerShell to access the subscription.
What should you do?

  • A. From Azure AD, configure the User settings.
  • B. From the Azure subscription, assign an Azure policy.
  • C. From Azure AD, create a conditional access policy.
  • D. From the Azure subscription, configure Access control (IAM).

Answer: D

NEW QUESTION 22

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2021 Datacenter image. You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

  • A. Create a new virtual machine scale set in the Azure portal.
  • B. Create an automation account.
  • C. Upload a configuration script.
  • D. Modify the extensionProfile section of the Azure Resource Manager template.
  • E. Create an Azure policy.

Answer: AD

Explanation:
References:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template

NEW QUESTION 23

You plan to create an Azure Storage account in the Azure region of East US 2. You need to create a storage account that meets the following requirements:
AZ-303 dumps exhibit Replicates synchronously
AZ-303 dumps exhibit Remains available if a single data center in the region fails
How should you configure the storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2) ZRS only support GPv2.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs

NEW QUESTION 24

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1. You need to enable multi-factor authentication (MFA) for the users in Group1 only.
Solution: From Multi-Factor Authentication, you select Bulk update, and you provide a CSV file that contains the members of Group1.
Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
We should use a Conditional Access policy.
Note: There are two ways to secure user sign-in events by requiring multi-factor authentication in Azure AD. The first, and preferred, option is to set up a Conditional Access policy that requires multi-factor authentication under certain conditions. The second option is to enable each user for Azure Multi-Factor Authentication. When users are enabled individually, they perform multi-factor authentication each time they sign in (with some exceptions, such as when they sign in from trusted IP addresses or when the remembered devices feature is turned on).
Enabling Azure Multi-Factor Authentication using Conditional Access policies is the recommended approach. Changing user states is no longer recommended unless your licenses don't include Conditional Access as it requires users to perform MFA every time they sign in.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

NEW QUESTION 25
......

P.S. Easily pass AZ-303 Exam with 0 Q&As Downloadfreepdf.net Dumps & pdf Version, Welcome to Download the Newest Downloadfreepdf.net AZ-303 Dumps: https://www.downloadfreepdf.net/AZ-303-pdf-download.html (0 New Questions)