It is impossible to pass Microsoft AZ-303 exam without any help in the short term. Come to Passleader soon and find the most advanced, correct and guaranteed Microsoft AZ-303 practice questions. You will get a surprising result by our Improved Microsoft Azure Architect Technologies (beta) practice guides.
Free demo questions for Microsoft AZ-303 Exam Dumps Below:
NEW QUESTION 1
You need to implement a backup solution for App1 after the application is moved. What should you create first?
- A. a recovery plan
- B. an Azure Backup Server
- C. a backup policy
- D. a Recovery Services vault
Answer: D
Explanation:
A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure VMs. When the backup job for a protected resource runs, it creates a recovery point inside the Recovery Services vault.
Scenario:
There are three application tiers, each with five virtual machines. Move all the virtual machines for App1 to Azure.
Ensure that all the virtual machines for App1 are protected by backups.
References: https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal
NEW QUESTION 2
You plan to create an Azure Storage account named storage! that will store blobs and be accessed by Azure Databricks.
You need to ensure that you can set permissions for individual blobs by using Azure Active Directory (Azure AD) authentication.
Which Advanced setting should you enable for storage1?
- A. Hierarchical namespace
- B. Large file shares
- C. Blob soft delete
- D. NFSv3
Answer: C
NEW QUESTION 3
You have an Azure App Service app.
You need to implement tracing for the app. The tracing information must include the following:
Usage trends
AJAX call responses
Page load speed by browser
Server and browser exceptions
What should you do?
- A. Configure IIS logging in Azure Log Analytics.
- B. Configure a connection monitor in Azure Network Watcher.
- C. Configure custom logs in Azure Log Analytics.
- D. Enable the Azure Application Insights site extension.
Answer: D
Explanation:
For web pages, Application Insights JavaScript SDK automatically collects AJAX calls as dependencies. Note: Some of the things you can track or collect are:
What are the most popular webpages in your application, at what time of day and where is that traffic coming from?
Dependency rates or response times and failure rates to find out if there’s an external service that’s causing performance issues on your app, maybe a user is using a portal to get through to your application and there are response time issues going through there for instance.
Exceptions for both server and browser information, as well as page views and load performance from the end users’ side.
Reference:
https://azure.microsoft.com/en-us/blog/ajax-collection-in-application-insights/ https://blog.pragmaticworks.com/what-is-application-insights
NEW QUESTION 4
You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. Virtual machines connect to the virtual networks.
The virtual networks have the address spaces and the subnets configured as shown in the following table.
You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and VNet2 can communicate.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
- A. Mastered
- B. Not Mastered
Answer: A
Explanation:
Step 1: Remove peering between Vnet1 and VNet2.
You can't add address ranges to, or delete address ranges from a virtual network's address space once a virtual network is peered with another virtual network. To add or remove address ranges, delete the peering, add or remove the address ranges, then re-create the peering. Step 2: Add the 10.44.0.0/16 address space to VNet1. Step 3: Recreate peering between VNet1 and VNet2 References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering
NEW QUESTION 5
You have 10 Azure virtual machines on a subnet named Subnet1. Subnet1 is on a virtual network named VNet1.
You plan to deploy a public Azure Standard Load Balancer named LB1 to the same Azure region as the 10 virtual machines.
You need to ensure that traffic from all the virtual machines to the internet flows through LB1. The solution must prevent the virtual machines from being accessible on the internet.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Add health probes to LB1.
- B. Add the network interfaces of the virtual machines to the backend pool of LB1.
- C. Add an inbound rule to LB1.
- D. Add an outbound rule to LB1.
- E. Associate a network security group (NSG) to Subnet1.
- F. Associate a user-defined route to Subnet1.
Answer: ABD
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-standard-manage-portal2
NEW QUESTION 6
You have an Azure key vault named KV1.
You need to ensure that applications can use KV1 to provision certificates automatically from an external
certification authority (CA).
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. From KV1, create a certificate issuer resource.
- B. Obtain the CA account credentials.
- C. Obtain the root CA certificate.
- D. From KV1, create a certificate signing request (CSR).
- E. From KV1, create a private key,
Answer: CD
Explanation:
C: Obtain the root CA certificate (step 4 in the picture below)
D: From KV1, create a certificate signing request (CSR) (step 2 in the picture below) Note:
Creating a certificate with a CA not partnered with Key Vault
This method allows working with other CAs than Key Vault's partnered providers, meaning your organization can work with a CA of its choice.
The following step descriptions correspond to the green lettered steps in the preceding diagram.
In the diagram above, your application is creating a certificate, which internally begins by creating a key in your key vault.
Key Vault returns to your application a Certificate Signing Request (CSR).
Your application passes the CSR to your chosen CA.
Your chosen CA responds with an X509 Certificate.
Your application completes the new certificate creation with a merger of the X509 Certificate from your CA.
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/certificates/certificate-scenarios
NEW QUESTION 7
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles. You need to ensure that the Admin1 can create access reviews in contoso.com.
Solution: You purchase an Azure Directory Premium P2 license for contoso.com. Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
Instead use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
Conduct access reviews to ensure users still need roles References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
NEW QUESTION 8
You network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD) tenant named adatum.onmicrosoft.com.
Adatum.com contains the user accounts in the following table.
Adatum.onmicrosoft.com contains the user accounts in the following table.
You need to implement Azure AD Connect. The solution must follow the principle of least privilege. Which user accounts should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
- A. Mastered
- B. Not Mastered
Answer: A
Explanation:
Box 1: User5
In Express settings, the installation wizard asks for the following: AD DS Enterprise Administrator credentials
Azure AD Global Administrator credentials
The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are only used during the installation and are not used after the installation has completed. The Enterprise Admin, not the Domain Admin should make sure the permissions in Active Directory can be set in all domains. Box 2: UserA
Azure AD Global Admin credentials are only used during the installation and are not used after the installation has completed. It is used to create the Azure AD Connector account used for synchronizing changes to Azure AD. The account also enables sync as a feature in Azure AD.
References:
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-accounts-permissio
NEW QUESTION 9
You have an Azure subscription that contains multiple resource groups. You create an availability set as shown in the following exhibit.
You deploy 10 virtual machines to AS1.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
- A. Mastered
- B. Not Mastered
Answer: A
Explanation:
Box 1: 6
Two out of three update domains would be available, each with at least 3 VMs.
An update domain is a group of VMs and underlying physical hardware that can be rebooted at the same time. As you create VMs within an availability set, the Azure platform automatically distributes your VMs across these update domains. This approach ensures that at least one instance of your application always remains running as the Azure platform undergoes periodic maintenance.
Box 2: the West Europe region and the RG1 resource group References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/regions-and-availability
NEW QUESTION 10
You have an Azure subscription that contains an Azure Log Analytics workspace. You have a resource group that contains 100 virtual machines. The virtual machines run Linux. You need to collect events from the virtual machines to the Log Analytics workspace. Which type of data source should you configure in the workspace?
- A. Syslog
- B. Linux performance counters
- C. custom fields
Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-azurevm
Syslog is an event logging protocol that is common to Linux. Applications will send messages that may be stored on the local machine or delivered to a Syslog collector. When the Log Analytics agent for Linux is installed, it configures the local Syslog daemon to forward messages to the agent. The agent then sends the message to Azure Monitor where a corresponding record is created.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs
NEW QUESTION 11
You create the Azure resources shown in the following table.
You attempt to add a role assignment to a resource group as shown in the following exhibit.
What should you do to ensure that you can assign VM2 the Reader role for the resource group?
- A. Modify the Reader role at the subscription level.
- B. Configure just in time (JIT) VM access on VM2.
- C. Configure Access control (IAM) on VM2.
- D. Assign a managed identity to VM2.
Answer: D
NEW QUESTION 12
You create and save an Azure Resource Manager template named Template1 that includes the following four sections.
You deploy template1.
For each of the following statement, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
- A. Mastered
- B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 13
: 292 HOTSPOT
From Azure Cosmos DB, you create the containers shown in the following table.
You add the following item to Container1.
You plan to add items to Azure Cosmos DB as shown in the following table.
You need to identify which items can be added successfully to Container1 and Container2.
What should you identify for each container? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
- A. Mastered
- B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 14
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1. You need to enable multi-factor authentication (MFA) for the users in Group1 only.
Solution: From Multi-Factor Authentication, you select Bulk update, and you provide a CSV file that contains the members of Group1.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
We should use a Conditional Access policy.
Note: There are two ways to secure user sign-in events by requiring multi-factor authentication in Azure AD. The first, and preferred, option is to set up a Conditional Access policy that requires multi-factor authentication under certain conditions. The second option is to enable each user for Azure Multi-Factor Authentication. When users are enabled individually, they perform multi-factor authentication each time they sign in (with some exceptions, such as when they sign in from trusted IP addresses or when the remembered devices feature is turned on).
Enabling Azure Multi-Factor Authentication using Conditional Access policies is the recommended approach. Changing user states is no longer recommended unless your licenses don't include Conditional Access as it requires users to perform MFA every time they sign in.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
NEW QUESTION 15
You plan to create an Azure Storage account in the Azure region of East US 2. You need to create a storage account that meets the following requirements:
Replicates synchronously
Remains available if a single data center in the region fails
How should you configure the storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
- A. Mastered
- B. Not Mastered
Answer: A
Explanation:
Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2) ZRS only support GPv2.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs
NEW QUESTION 16
......
P.S. Dumps-files.com now are offering 100% pass ensure AZ-303 dumps! All AZ-303 exam questions have been updated with correct answers: https://www.dumps-files.com/files/AZ-303/ (0 New Questions)