Posted in az-303 Microsoft Azure Architect Technologies (beta) Microsoft Microsoft AZ-303 microsoft az-303 dump microsoft az-303 exam microsoft az-303 exam dumps microsoft az-303 pdf Microsoft Role-based

The latest update of Microsoft AZ-303 online exam practice and complete exam dumps

latest updated exam

Microsoft AZ-303 exam “Microsoft Azure Architect Technologies”, get the latest updated AZ-303 exam questions and answers online, we share the AZ-303 exam questions in a variety of ways, you can practice the test online, download the free AZ-303 PDF. Complete Microsoft AZ-303 exam dumps https://www.lead4pass.com/az-303.html (PDF +VCE). 480 exam questions and answers. 99.5% exam pass rate.
All issues are updated and corrected to ensure that they are true and effective.

Free Microsoft AZ-303 dumps PDF

The free AZ-303 dumps PDF comes from a part of the Lead4Pass AZ-303 exam dumps. Lead4Pass AZ-303 includes two modes of VCE and PDF, you can choose any.

Microsoft AZ-303 free online practice test

Annotation: 1. The question-answer is displayed at the end 2. The picture answer is displayed in the current

QUESTION 1

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant named Adatum and an Azure subscription named Subscription1.
Adam contains a group named Developers. Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group.

Does this meet the goal?

A. Yes
B. No

QUESTION 2

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear on the review screen. You have an Azure subscription.
You have an on-premises file server named Server1 that runs Windows Server 2019.
You manage Server1 by using Windows Admin Center.
You need to ensure that if Server1 fails, you can recover the data from Azure.
Solution: You create an Azure Storage account and an Azure Storage Sync service. You configure Azure File Sync for
Server1. Does this meet the goal?

A. Yes
B. No

QUESTION 3

You have an app named App1 that uses data from two on-premises Microsoft SQL Server databases named DB1 and
DB2. You plan to move DB1 and DB2 to Azure.
You need to implement Azure services to host DB1 and DB2. The solution must support server-side transactions across
DB1 and DB2. Solution: You deploy DBI and DB2 to SQL Server on an Azure virtual machine.
Does this meet the goal?

A. Yes
B. NO

QUESTION 4

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear on the review screen. You have an Azure Active Directory (Azure AD) tenant named contoso.com.

A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers
that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are
available. Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.
You need to ensure that Admin1 can create access reviews in contoso.com.

Solution: You purchase an Azure Directory Premium P2 license for contoso.com.

Does this meet the goal?

A. Yes
B. No

QUESTION 5

You need to meet the security requirements. What should you use?

A. HTTP Strict Transport Security (HSTS)
B. Direct Line API
C. Multi-Factor Authentication (MFA)
D. Bot Framework Portal
E. Bot Framework authentication

QUESTION 6

HOTSPOT
You have an Azure subscription that contains multiple resource groups. You create an availability set as shown in the
the following exhibit.

microsoft az-303 exam questions q6

You deploy 10 virtual machines to AS1.
Use the drop-down menus to select the answer choice that completes each statement based on the information
presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

microsoft az-303 exam questions q6-1

Correct Answer:

microsoft az-303 exam questions q6-2

Box 1: 6
Two out of three update domains would be available, each with at least 3 VMs.
An update domain is a group of VMs and underlying physical hardware that can be rebooted at the same time.
As you create VMs within an availability set, the Azure platform automatically distributes your VMs across these update
domains. This approach ensures that at least one instance of your application always remains running as the Azure
platform undergoes periodic maintenance.
Box 2: the West Europe region and the RG1 resource group

References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/regions-and-availability

QUESTION 7

You have an Azure subscription named Subscription1. You deploy a Linux virtual machine named VM1 to
Subscription1. You need to monitor the metrics and the logs of VM1.

What should you use?

A. the AzurePerformanceDiagnostics extension
B. Linux Diagnostic Extension (LAD) 3.0
C. Azure Analysis Services
D. Azure HDInsight

QUESTION 8

SIMULATION
Another administrator attempts to establish connectivity between two virtual networks named VNET1 and VNET2. The
administrator reports that connections across the virtual networks fail.
You need to ensure that network connections can be established successfully between VNET1 and VNET2 as quickly
as possible.

What should you do from the Azure portal?

Correct Answer: See solution below.
You can connect one VNet to another VNet using either a Virtual network peering or an Azure VPN Gateway.
To create a virtual network gateway Step 1: In the portal, on the left side, click +Create a resource and type \’ virtual network gateway\’ in search. Locate Virtual network gateway in the search return and click the entry. On the Virtual network gateway page, click Create at the bottom of the page to open the Create virtual network gateway page.
Step 2: On the Create virtual network gateway page, fill in the values for your virtual network gateway.

microsoft az-303 exam questions q8
microsoft az-303 exam questions q8-1

Name: Name your gateway. This is not the same as naming a gateway subnet. It\’s the name of the gateway object you
are creating. Gateway type: Select VPN. VPN gateways use the virtual network gateway type VPN.
Virtual network: Choose the virtual network to which you want to add this gateway. Click Virtual network to open the
\’Choose a virtual network\’ page. Select the VNet. If you don\’t see your VNet, make sure the Location field is pointing
to the region in which your virtual network is located.
Gateway subnet address range: You will only see this setting if you did not previously create a gateway subnet for your
virtual network. If you previously created a valid gateway subnet, this setting will not appear.
Step 4: Select Create New to create a Gateway subnet.

microsoft az-303 exam questions q8-2

Step 5: Click Create to begin creating the VPN gateway. The settings are validated and you\’ll see the “Deploying
Virtual network gateway” tile on the dashboard. Creating a gateway can take up to 45 minutes. You may need to refresh your portal page to see the completed status.

References: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-managerportal?

QUESTION 9

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.

Your network contains an Active Directory forest named fabrikam.com. The forest contains two child domains named
corp.fabrikam.com and research.fabrikam.com.

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
You install Azure AD Connect and sync all the on-premises user accounts to the Azure AD tenant. You implement
seamless single sign-on (SSO).

You plan to change the source of authority for all the user accounts in research.fabrikam.com to Azure AD.
You need to prevent research.fabrikam.com from resyncing to Azure AD.
Solution: You use Active Directory Domains and Trusts from a computer joined to fabrikam.com.

Does this meet the goal?

A. Yes
B. No

QUESTION 10

HOT SPOT
You have an Azure subscription that contains the Azure SQL servers shown in the following table.

microsoft az-303 exam questions q10

The subscription contains the elastic pool shown in the following table.

microsoft az-303 exam questions q10-1

The subscription contains the Azure SQL databases shown in the following table

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.
Hot Area:

Correct Answer:

Note: You cannot add databases from different servers into the same pool
Box 1: Yes
Pool2 contains DB2 but DB1 and DB2 are on Sql1. DB1 can thus be added to Pool2.
Box 2: Yes
Pool3 is empty.
Box 3: Yes
Pool1 contains DB1 but DB3 and DB1 are on Sql1. DB3 can thus be added to Pool1.

References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-elastic-pool

QUESTION 11

You have an Azure SQL database named Db1 that runs on an Azure SQL server named SQLserver1.
You need to ensure that you can use the query editor on the Azure portal to query Db1.

What should you do?

A. Modify the Advanced Data Security settings of Db1
B. Configure the Firewalls and virtual networks settings for SQLserver1
C. Copy the ADO.NET connection string of Db1 and paste the string to the query editor
D. Approve private endpoint connections for SQLserver1

QUESTION 12

HOTSPOT
You have an Azure subscription that contains the resource groups shown in the following table.

microsoft az-303 exam questions q12

You create an Azure Resource Manager template named Template1 as shown in the following exhibit.

microsoft az-303 exam questions q12-1

From the Azure portal, you deploy Template1 four times by using the settings shown in the following table.

microsoft az-303 exam questions q12-2

What is the result of the deployment? To answer, select the appropriate options in the answer area. NOTE: Each correct
selection is worth one point.
Hot Area:

microsoft az-303 exam questions q12-3

Correct Answer:

microsoft az-303 exam questions q12-4

QUESTION 13

You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an
on-premises network.

Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and
are forced to use an account name that ends with onmicrosoft.com.

You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory.
You need to ensure that the users can use single-sign-on (SSO) to access Azure resources.

What should you do first?

A. From an on-premises network, deploy Active Directory Federation Services (AD FS).
B. From Azure AD, add and verify a custom domain name.
C. From the on-premises network, request a new certificate that contains the Active Directory domain name.
D. From the server that runs Azure AD Connect, modify the filtering options.

QUESTION 14

HOTSPOT
You have a web server app named App1 that is hosted in three Azure regions.
You plan to use Azure Traffic Manager to distribute traffic optimally for App1.
You need to enable Real User Measurements to monitor the network latency data for App1.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

microsoft az-303 exam questions q14

Correct Answer:

microsoft az-303 exam questions q14-1

Box 1: Select Generate key
You can configure your web pages to send Real User Measurements to Traffic Manager by obtaining a Real User
Measurements (RUM) key and embedding the generated code to the web page.
Obtain a Real User Measurements key The measurements you take and send to Traffic Manager from your client
application are identified by the service using a unique string, called the Real User Measurements (RUM) Key. You can
get a RUM key using the Azure portal, a REST API, or by using the PowerShell or Azure CLI.

To obtain the RUM Key using the Azure portal:

1. From a browser, sign in to the Azure portal. If you don\’t already have an account, you can sign up for a free one-month trial.

2. In the portal\’s search bar, search for the Traffic Manager profile name that you want to modify, and then click the
Traffic Manager profile in the results that the displayed.

3. In the Traffic Manager profile blade, click Real User Measurements under Settings.

4. Click Generate Key to create a new RUM Key.

Box 2: Embed the Traffic Manager JavaScript code snippet.
Embed the code to an HTML web page
After you have obtained the RUM key, the next step is to embed this copied JavaScript into an HTML page that your
end-users visit. This example shows how to update an HTML page to add this script. You can use this guide to adapt it to your HTML source management workflow.

1. Open the HTML page in a text editor

2. Paste the JavaScript code you had copied in the earlier step to the BODY section of the HTML (the copied code is on
lines 8 and 9, see figure 3).

microsoft az-303 exam questions q14-2

Reference: https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-create-rum-web-pages

QUESTION 15

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear on the review screen. Your network contains an Active Directory forest named fabrikam.com. The forest contains two child domains named corp.fabrikam.com and research.fabrikam.com.

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
You install Azure AD Connect and sync all the on-premises user accounts to the Azure AD tenant. You implement
seamless single sign-on (SSO).

You plan to change the source of authority for all the user accounts in research.fabrikam.com to Azure AD.
You need to prevent research.fabrikam.com from resyncing to Azure AD.
Solution: You use the Synchronization Service Manager.

Does this meet the goal?

A. Yes
B. No

Solutions:

NumberAnswerWhy
QUESTION 1BThe DevTest Labs User role lets you connect, start, restart, and shut down your virtual machines in your Azure DevTest Labs.

References: https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#devtest-labs-user
QUESTION 2AUse Azure File Sync to centralize your organization\’s file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms Windows Server into a quick cache of your
Azure file share. Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol. Azure file shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS. Additionally, Azure file shares can be cached on Windows Servers with Azure File Sync for fast access near where the data is being used.

Azure file shares can be used to:

Replace or supplement on-premises file servers:

Azure Files can be used to completely replace or supplement traditional on-premises file servers or NAS devices.

Popular operating systems such as Windows, macOS, and Linux can directly mount Azure file shares wherever they are in the world. Azure file shares can also be replicated with Azure File Sync to Windows Servers, either on-premises or in the cloud, for performance and distributed caching of the data where it\’s being used.

References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction
https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide?tabs=azure-portal
QUESTION 3B
QUESTION 4BInstead, use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key

features of PIM include: Conduct access reviews to ensure users still need roles

References: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
QUESTION 5E
QUESTION 7AYou can use extensions to configure diagnostics on your VMs to collect additional metric data.
The basic host metrics are available, but to see more granular and VM-specific metrics, you need to install the Azure diagnostics extension on the VM. The Azure diagnostics extension allows additional monitoring and diagnostics data to be retrieved from the VM.

References:
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-monitoring
QUESTION 9BInstead, you should customize the default synchronization rule.

Note:
To delete a custom domain name, you must first ensure that no resources in your directory rely on the domain name.
You can\’t delete a domain name from your directory if:

1. Any user has a user name, email address, or proxy address that includes the domain name.
2. Any group has an email address or proxy address that includes the domain name.
3. Any application in your Azure AD has an App ID URI that includes the domain name.

References: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-create-custom-sync-rule
QUESTION 11BReference: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-connect-query-portal
QUESTION 13B
QUESTION 15BInstead, you should customize the default synchronization rule.
Note: The Synchronization Service Manager UI is used to configure more advanced aspects of the sync engine and to see the operational aspects of the service.

References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-create-custom-sync-rule
Get moreAZ-303 Dumpshttps://www.lead4pass.com/az-303.html (Total Questions: 480 Q&A)

Summary:

We share the latest updated Microsoft Azure 303 exam practice questions for free to help you understand the current exam situation and improve your exam experience.
The free AZ-303 exam practice questions cannot help you pass the exam 100% successfully. If you want to pass the exam successfully for the first time, please choose Lead4Pass Azure 303 exam dumps

ps.

The free AZ-303 dumps PDF comes from a part of the Lead4Pass AZ-303 exam dumps. Lead4Pass AZ-303 includes two modes of VCE and PDF, you can choose any

Posted in az-303 Microsoft Azure Architect Technologies (beta) Microsoft Microsoft AZ-303 microsoft az-303 dump microsoft az-303 exam microsoft az-303 exam dumps microsoft az-303 pdf Microsoft Role-based

[MAR 2021] Microsoft AZ-303 exam dumps and online practice questions are available from Lead4Pass

The latest updated Microsoft AZ-303 exam dumps and free AZ-303 exam practice questions and answers! Latest updates from Lead4Pass Microsoft AZ-303 Dumps PDF and AZ-303 Dumps VCE, Lead4Pass AZ-303 exam questions updated and answers corrected! Get the full Microsoft AZ-303 dumps from https://www.lead4pass.com/az-303.html (VCE&PDF)

Latest AZ-303 PDF for free

Share the Microsoft AZ-303 Dumps PDF for free From Lead4pass AZ-303 Dumps part of the distraction collected on Google Drive shared by Lead4pass
https://drive.google.com/file/d/15RtFxyZvw80DgCjQPWhE4pHou3mBZE1H/

The latest updated Microsoft AZ-303 Exam Practice Questions and Answers Online Practice Test is free to share from Lead4Pass (Q1-Q13)

QUESTION 1
DRAG DROP
You have an Azure subscription that contains the following resources:
1.
a virtual network named VNet1
2.
a replication policy named ReplPoHcy1
3.
a Recovery Services vault named Vault1
4.
an Azure Storage account named Storage1
You have an Amazon Web Services (AWS) EC2 virtual machine named VM1 that runs Windows Server 2016.
You need to migrate VM1 to VNet1 by using Azure Site Recovery.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order
Select and Place:[2021.3] lead4pass az-303 practice test q1

 

QUESTION 2
DRAG DROP
You have an Azure subscription that is used by four departments in your company. The subscription contains 10
resource groups. Each department uses resources in several resource groups.
You need to send a report to the finance department. The report must detail the costs for each department.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.
Select and Place:[2021.3] lead4pass az-303 practice test q2

Box 1: Assign a tag to each resource.
You apply tags to your Azure resources giving metadata to logically organize them into a taxonomy. After you apply
tags, you can retrieve all the resources in your subscription with that tag name and value. Each resource or resource
group
can have a maximum of 15 tag name/value pairs. Tags applied to the resource group are not inherited by the resources
in that resource group.
Box 2: From the Cost analysis blade, filter the view by tag
After you get your services running, regularly check how much they\ \’re costing you. You can see the current spending and burn rate in the Azure portal.
1. Visit the Subscriptions blade in the Azure portal and select a subscription.
1.
You should see the cost breakdown and burn rate in the popup blade.
2.
Click Cost analysis in the list to the left to see the cost breakdown by resource. Wait 24 hours after you add a service
for the data to populate.
3.
You can filter by different properties like tags, resource group, and timespan. Click Apply to confirm the filters and
Download if you want to export the view to a Comma-Separated Values (.csv) file.
Box 3: Download the usage report
References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
https://docs.microsoft.com/en-us/azure/billing/billing-getting-started

 

QUESTION 3
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
A company backs up data to on-premises servers at their main facility. The company currently has 30 TB of archived
data that infrequently used. The facility has download speeds of 100 Mbps and upload speeds of 20 Mbps.
You need to securely transfer all backups to Azure Blob Storage for long-term archival. All backup data must be sent
within seven days.
Solution: Create a file share in Azure Files. Mount the file share to the server and upload the files to the file share.
Transfer the files to Azure Blob Storage.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B

 

QUESTION 4
DRAG DROP
You need to identify the appropriate sizes for the Azure virtual machines.
Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to
the answer area and arrange them in the correct order.
Select and Place:

[2021.3] lead4pass az-303 practice test q4

Correct Answer:

[2021.3] lead4pass az-303 practice test q4-1

References: https://docs.microsoft.com/en-us/azure/migrate/tutorial-assessment-vmware

 

QUESTION 5
HOTSPOT
You plan to deploy five virtual machines to a virtual network subnet. Each virtual machine will have a public IP address
and a private IP address. Each virtual machine requires the same inbound and outbound security rules. What is the
minimum number of network interfaces and network security groups that you require? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
[2021.3] lead4pass az-303 practice test q5

Correct Answer:

[2021.3] lead4pass az-303 practice test q5-1

By Default Inbound and Outbound Security Rules are the same for all VMs. Therefore, if default rules suffice, then there is
no need for NSG at all. 5 NICs and 1 NSG for non-default Inbound and Outbound Rules 5 Nics and 0 NSG for default
Inbound and Outbound Rules.

 

QUESTION 6
You need to ensure that the Policy service can implement the policy actions. Which code segment should you insert at
line EG07 in EventGridController.cs?[2021.3] lead4pass az-303 practice test q6

A. Option A
B. Option B
C. Option C
D. Option D
Correct Answer: C

 

QUESTION 7
You are developing an ASP.NET web application that you will deploy to Azure. The solution must meet the following
requirements:

Store user session state by using only serializable data types.

Provide customizable caching of session data.

Support scaling out the number of web hosts

Maximize performance.
Which solution meets these requirements?
A.
Clustered Azure Redis Cache
B.
ASP.NET Output Cache Provider for Azure Redis Cache
C.
in-memory session state provider
D.
SQL Server session state provider
Correct Answer: B

 

QUESTION 8
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers
that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are
available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.
You need to ensure that Admin1 can create access reviews in contoso.com.
Solution: You assign the Service administrator role to Admin1.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Instead use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key
features of PIM include: Conduct access reviews to ensure users still need roles
References: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

 

QUESTION 9
You have an Azure subscription that contains the resources shown in the following table.[2021.3] lead4pass az-303 practice test q9

Subnet1 is on VNET1. VM1 connects to Subnet1.
You plan to create a virtual network gateway on VNET1.
You need to prepare the environment for the planned virtual network gateway.
What are two ways to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Modify the address space used by VNET1.
B. Modify the address space used by Subnet1.
C. Create a subnet named GatewaySubnet on VNET1.
D. Create a local network gateway.
E. Delete Subnet1.
Correct Answer: AE


QUESTION 10
HOTSPOT
You have an Azure Resource Manager template for a virtual machine named Template1. Template1 has the following
parameters section.[2021.3] lead4pass az-303 practice test q10

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

[2021.3] lead4pass az-303 practice test q10-1

Correct Answer:

[2021.3] lead4pass az-303 practice test q10-2

Box 1: Yes
The Resource Group is not specified.
Box 2: No
The default value for the operating system is Windows 2016 Datacenter.
Box 3: Yes
Location is no default value.
References:
https://docs.microsoft.com/bs-latn-ba/azure/virtual-machines/windows/ps-template

 

QUESTION 11
Your company plans to develop an application that will use a NoSQL database. The database will be used to store
transactions and customer information by using JSON documents.
Which two Azure Cosmos DB APIs can developers use for the application? Each correct answer presents a complete
solution.
NOTE: Each correct selection is worth one point.
A. Cassandra
B. Gremlin (graph)
C. MongoDB
D. Azure Table
E. Core (SQL)
Correct Answer: DE

 

QUESTION 12
You have an Azure Active Directory (Azure AD) tenant that contains a group named Group 1. You need to enable multifactor authentication (MFA) for me users in Group1 only.
Solution: From the Azure portal you create a conditional access policy. Does this meet the goal?
A. Yes
B. No
Correct Answer: A

 

QUESTION 13
You have an Azure subscription that contains three virtual networks named VNet1, VNet2, and VNet3. VNet2 contains a
virtual appliance named VM2 that operates as a router.
You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub network.
You plan to configure peering between VNet1 and VNet2 and between VNet2 and VNet3.
You need to provide connectivity between VNet1 and VNet3 through VNet2.
Which two configurations should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. On the peering connections, allow forwarded traffic
B. Create a route filter
C. On the peering connections, allow gateway transit
D. Create route tables and assign the table to subnets
E. On the peering, use remote gateways
Correct Answer: CE
Allow gateway transit: Check this box if you have a virtual network gateway attached to this virtual network and want to
allow traffic from the peered virtual network to flow through the gateway.
The peered virtual network must have the Use remote gateways checkbox checked when setting up the peering from
the other virtual network to this virtual network.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-constraints


Fulldumps shares the latest updated Microsoft AZ-303 exam exercise questions, AZ-303 dumps pdf for free.
All exam questions and answers come from the Lead4pass exam dumps shared part! Lead4pass updates throughout the year and shares a portion of your exam questions for free to help you understand the exam content and enhance your exam experience!
Get the full Microsoft AZ-303 exam dumps questions at: https://www.lead4pass.com/az-303.html (pdf&vce)

ps.

Get free Microsoft AZ-303 dumps PDF online: https://drive.google.com/file/d/15RtFxyZvw80DgCjQPWhE4pHou3mBZE1H/

Posted in az-303 Microsoft Azure Architect Technologies (beta) Microsoft Microsoft AZ-303 microsoft az-303 dump microsoft az-303 exam microsoft az-303 exam dumps microsoft az-303 pdf Microsoft Role-based

[Jan 2021] Microsoft AZ-303 exam dumps and online practice questions are available from Lead4Pass

The latest updated Microsoft AZ-303 exam dumps and free AZ-303 exam practice questions and answers! Latest updates from Lead4Pass Microsoft AZ-303 Dumps PDF and AZ-303 Dumps VCE, Lead4Pass AZ-303 exam questions updated and answers corrected!
Get the full Microsoft AZ-303 dumps from https://www.lead4pass.com/az-303.html (VCE&PDF)

Latest AZ-303 PDF for free

Share the Microsoft AZ-303 Dumps PDF for free From Lead4pass AZ-303 Dumps part of the distraction collected on Google Drive shared by Lead4pass
https://drive.google.com/file/d/1X4pNue3LHQL_f8DuIL9BaoHzydZ37rpX/

Latest Lead4pass AZ-303 Youtube

Share the latest Microsoft AZ-303 exam practice questions and answers for free from Led4Pass Dumps viewed online by Youtube Videos

The latest updated Microsoft AZ-303 Exam Practice Questions and Answers Online Practice Test is free to share from Lead4Pass (Q1-Q13)

QUESTION 1
You have an Azure Active Directory (Azure AD) tenant linked to an Azure subscription. The tenant contains a group
named Admins.
You need to prevent users, except for the members of Admins, from using the Azure portal and Azure PowerShell to
access the subscription.
What should you do?
A. From Azure AD, configure the User settings.
B. From the Azure subscription, assign an Azure policy.
C. From Azure AD, create a conditional access policy.
D. From the Azure subscription, configure Access control (IAM).
Correct Answer: D

 

QUESTION 2
HOTSPOT
You plan to create an Azure Storage account in the Azure region of East US 2.
You need to create a storage account that meets the following requirements:
Replicates synchronously
Remains available if a single data center in the region fails
How should you configure the storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
lead4pass az-303 practice test q2 -2021

Correct Answer:

lead4pass az-303 practice test q2-1 -2021

Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails
GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2)
ZRS only supports GPv2.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs

 

QUESTION 3
You need to recommend an identity solution that meets the technical requirements.
What should you recommend?
A. password hash synchronization and single sign-on (SSO)
B. federated single sign-on (SSO) and Active Directory Federation Services (AD FS)
C. Pass-through Authentication and single sign-on (SSO)
D. cloud-only user accounts
Correct Answer: C
With Pass-through Authentication, the on-premises passwords are never stored in the cloud in any form.
Scenario:
Prevent user passwords or hashes of passwords from being stored in Azure.
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their
identity.
Minimize administrative effort whenever possible.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta

 

QUESTION 4
HOTSPOT
Your network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD), tenant
named adatum.onmicrosoft.com.
Adatum.com contains the user accounts in the following table.[2021.1] lead4pass az-303 practice test q4

Adatum.onmicrosoft.com contains the user accounts in the following table.

[2021.1] lead4pass az-303 practice test q4-1

You need to implement Azure AD Connect. The solution must follow the principle of least privilege.
Which user accounts should you use in Adatum.com and Adatum.onmicrosoft.com to implement Azure AD Connect? To
answer select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

[2021.1] lead4pass az-303 practice test q4-2

Correct Answer:

[2021.1] lead4pass az-303 practice test q4-3

Box 1: User5
In Express settings, the installation wizard asks for the following:
AD DS Enterprise Administrator credentials
Azure AD Global Administrator credentials
The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are
only used during the installation and are not used after the installation has completed. The Enterprise Admin, not the
Domain
Admin should make sure the permissions in Active Directory can be set in all domains.
Box 2: UserA
Azure AD Global Admin credentials are only used during the installation and are not used after the installation has
completed. It is used to create the Azure AD Connector account used for synchronizing changes to Azure AD. The
account
also enables sync as a feature in Azure AD.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-accounts-permissions

 

QUESTION 5
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that contains the user groups shown in the following table.[2021.1] lead4pass az-303 practice test q5

You enable self-service password reset (SSPR) for Group1.
You configure the Notifications settings as shown in the following exhibit.

[2021.1] lead4pass az-303 practice test q5-1

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.
Hot Area:

[2021.1] lead4pass az-303 practice test q5-2

Correct Answer:

[2021.1] lead4pass az-303 practice test q5-3

Box 1: Yes
Notify all admins when other admins reset their passwords: Yes.
Box 2: No
Notify users on password resets: No.
Box 3: No Notify users on password resets
If this option is set to Yes, then users resetting their password receive an email notifying them that their password has
been changed. The email is sent via the SSPR portal to their primary and alternate email addresses that are on file in
Azure AD. No one else is notified of the reset event. Notify all admins when other admins reset their passwords
If this option is set to Yes, then all administrators receive an email to their primary email address on file in Azure AD.
The email notifies them that another administrator has changed their password by using SSPR.
Example: There are four administrators in an environment. Administrator A resets their password by using SSPR.
Administrators B, C, and D receive an email alerting them of the password reset.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr

 

QUESTION 6
You have an Azure Cosmos DB account named Account1. Account1 includes a database named DB1 that contains a
container named Container 1. The partition key tor Container1 is set to /city.
You plan to change the partition key for Container1
What should you do first?
A. Delete Container1
B. Create a new container in DB1
C. Regenerate the keys for Account1.
D. Implement the Azure CosmosDB.NET SDK
Correct Answer: B
The good news is that there are two features, the Change Feed Processor and Bulk Executor Library, in Azure Cosmos
DB that can be leveraged to achieve a live migration of your data from one container to another. This allows you to
redistribute your data to match the desired new partition key scheme, and make the relevant application changes afterward, thus achieving the effect of “updating your partition key”.
Reference:
https://devblogs.microsoft.com/cosmosdb/how-to-change-your-partition-key/

 

QUESTION 7
You have an Azure Kubernetes Service (AKS) cluster named Clus1 in a resource group named RG1.
An administrator plans to manage Clus1 from an Azure AD-joined device.
You need to ensure that the administrator can deploy the YAML application manifest file for a container application.
You install the Azure CLI on the device.
Which command should you run next?
A. kubectl get nodes
B. az aks install-CLI
C. kubectl apply –f app1.YAML
D. az aks get-credentials –resource-group RG1 –name Clus1
Correct Answer: C
References:
https://kubernetes.io/docs/reference/kubectl/overview/
https://docs.microsoft.com/en-us/cli/azure/aks

 

QUESTION 8
You have two Azure SQL Database managed instances in different Azure regions.
You plan to configure the managed instances in an instance failover group.
What should you configure before you can add the managed instances to the instance failover group?
A. Azure Private Link that has endpoints on two virtual networks
B. A Site-to-Site VPN between the virtual networks that contain the instances.
C. An Azure Application Gateway that has managed instance endpoints in a backend pool.
D. An internal Azure Load Balancer instance that has managed instance endpoints in a backend pool.
Correct Answer: B

 

QUESTION 9
You need to meet the user requirement for Admin1. What should you do?
A. From the Subscriptions blade, select the subscription and then modify the Properties.
B. From the Subscriptions blade, select the subscription and then modify the Access control (IAM) settings.
C. From the Azure Active Directory blade, modify the Properties.
D. From the Azure Active Directory blade, modify the Groups.
Correct Answer: A
Change the Service administrator for an Azure subscription
Sign in to Account Center as the Account administrator.
Select a subscription.
On the right side, select Edit subscription details.
Scenario: Designate a new user named Admin1 as the service administrator of the Azure subscription.
References:
https://docs.microsoft.com/en-us/azure/billing/billing-add-change-azure-subscription-administrator

 

QUESTION 10
You are designing an Azure solution.
The solution must meet the following requirements:
*
Distribute traffic to different pools of dedicated virtual machines (VMs) based on rules
*
Provide SSL offloading capabilities
You need to recommend a solution to distribute network traffic.
Which technology should you recommend?
A.
server-level firewall rules
B.
Azure Application Gateway
C.
Azure Traffic Manager
D.
Azure Load Balancer
Correct Answer: B
If you require “SSL offloading”, application layer treatment, or wish to delegate certificate management to Azure, you
should use Azure\\’s layer 7 load balancer Application Gateway instead of the Load Balancer. References:
https://docs.microsoft.com/en-us/azure/application-gateway/overview

 

QUESTION 11
You create a container image named Image1 on a developer workstation.
You plan to create an Azure Web App for Containers named WebAppContainer that will use Image1.
You need to upload Image1 to Azure. The solution must ensure that WebAppContainer can use Image1.
To which storage type should you upload Image1?
A. Azure Container Registry
B. an Azure Storage account that contains a blob container
C. an Azure Storage account that contains a file share
D. Azure Container Instances
Correct Answer: A
Configure registry credentials in the web app.
App Service needs information about your registry and image to pull the private image. In the Azure portal, go to
Container settings from the web app and update the Image source, Registry and save.
References:
https://docs.microsoft.com/en-us/azure/devops/pipelines/targets/webapp-on-container-linux

 

QUESTION 12
You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter
image. You need to ensure that when the scale set virtual machines are provisioned, they have web server components
installed. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each
correct selection is worth one point.
A. Create a new virtual machine scale set in the Azure portal.
B. Create an automation account.
C. Upload a configuration script.
D. Modify the extensionProfile section of the Azure Resource Manager template.
E. Create an Azure policy.
Correct Answer: AD
References: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template

 

QUESTION 13
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers
that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are
available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.
You need to ensure that Admin1 can create access reviews in contoso.com.
Solution: You create an access package.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
You do not use access packages for Identity Governance. Instead, use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key
features of PIM include:
Conduct access reviews to ensure users still need roles
References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview


Fulldumps shares the latest updated Microsoft AZ-303 exam exercise questions, AZ-303 dumps pdf, and Youtube video learning for free.
All exam questions and answers come from the Lead4pass exam dumps shared part! Lead4pass updates throughout the year and shares a portion of your exam questions for free to help you understand the exam content and enhance your exam experience!
Get the full Microsoft AZ-303 exam readiness dump questions at https://www.lead4pass.com/az-303.html (pdf&vce)

ps.
Get free Microsoft AZ-303 dumps PDF online: https://drive.google.com/file/d/1X4pNue3LHQL_f8DuIL9BaoHzydZ37rpX/

Posted in az-303 Microsoft Azure Architect Technologies (beta) Microsoft Microsoft AZ-303 microsoft az-303 dump microsoft az-303 exam microsoft az-303 exam dumps microsoft az-303 pdf Microsoft Role-based

[Nov 2020] The latest update Microsoft AZ-303 dumps and online practice tests from Lead4Pass

The latest Microsoft AZ-303 dumps by Lead4Pass helps you pass the AZ-303 exam for the first time! Lead4Pass Latest Update Microsoft AZ-303 VCE Dump and AZ-303 PDF Dumps, Lead4Pass AZ-303 Exam Questions Updated, Answers corrected! Get the latest LeadPass AZ-303 dumps with Vce and PDF: https://www.lead4pass.com/az-303.html (Q&As: 436 dumps)

[Free AZ-303 PDF] Microsoft AZ-303 Dumps PDF can be collected on Google Drive shared by Lead4Pass:
https://drive.google.com/file/d/1GF4CeIFrJgSuXu6M-p-V8THJ4eNFHCQ1/

[Lead4pass AZ-303 Youtube] Microsoft AZ-303 Dumps can be viewed on Youtube shared by Lead4Pass

Microsoft AZ-303 Online Exam Practice Questions

QUESTION 1
HOTSPOT
You create and save an Azure Resource Manager template named Template1 that includes the following four sections.lead4pass az-303 exam questions q1

You deploy template1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

lead4pass az-303 exam questions q1-1

 

QUESTION 2
DRAG DROP
You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. Virtual machines connect
to the virtual networks.
The virtual networks have the address spaces and the subnets configured as shown in the following table. lead4pass az-303 practice test q2

You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and
VNet2 can communicate.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.
Select and Place:

lead4pass az-303 practice test q2-1

Correct Answer:

lead4pass az-303 practice test q2-2

Step 1: Remove peering between Vnet1 and VNet2.
You can\\’t add address ranges too, or delete address ranges from a virtual network\\’s address space once a virtual
network peers with another virtual network. To add or remove address ranges, delete the peering, add or remove
the
address ranges, then re-create the peering.
Step 2: Add the 10.44.0.0/16 address space to VNet1.
Step 3: Recreate peering between VNet1 and VNet2
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering

 

QUESTION 3
You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter
image. You need to ensure that when the scale set virtual machines are provisioned, they have web server components
installed. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each
correct selection is worth one point.
A. Create a new virtual machine scale set in the Azure portal.
B. Create an automation account.
C. Upload a configuration script.
D. Modify the extension profile section of the Azure Resource Manager template.
E. Create an Azure policy.
Correct Answer: AD
References: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template

 

QUESTION 4
The developers at your company request that you create databases in Azure Cosmos DB as shown in the following
table.lead4pass az-303 practice test q4

You need to create the Azure Cosmos DB databases to meet the developer’s request. The solution must minimize costs.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Create three Azure Cosmos DB accounts, one for the databases that use the Core (SQL) API, one for CosmosDB2,
and one for CosmosDB4.
B. Create two Azure Cosmos DB accounts, one for CosmosDB2 and CosmosDB4 and one for CosmosDB1 and
CosmosDB3.
C. Create one Azure Cosmos DB account for each database.
D. Create three Azure Cosmos DB accounts, one for the databases that use the MongoDB API, one for CosmosDB1,
and one for CosmosDB3.
Correct Answer: BD
Note:
Microsoft recommends using the same API for all access to the data in a given account.
One throughput provisioned container per subscription for SQL, Gremlin API, and Table accounts.
Up to three throughputs provisioned collections per subscription for MongoDB accounts.
The throughput provisioned on an Azure Cosmos container is exclusively reserved for that container. The container
receives the provisioned throughput all the time.
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/set-throughput#set-throughput-on-a-container

 

QUESTION 5
You have an Azure subscription.
You have an on-premises virtual machine named VM1. The settings for VM1 are shown in the exhibit. (Click the Exhibit
tab.)lead4pass az-303 practice test q5

You need to ensure that you can use the disks attached to VM1 as a template for Azure virtual machines. What should you modify on VM1?
A. the hard drive
B. Integration Services
C. the memory
D. the network adapters
E. the processor
Correct Answer: A
From the exhibit, we see that the disk is in the VHDX format.
Before you upload a Windows virtual machines (VM) from on-premises to Microsoft Azure, you must prepare the virtual
hard disk (VHD or VHDX). Azure supports only generation 1 VMs that are in the VHD file format and have a fixed-sized
disk. The maximum size allowed for the VHD is 1,023 GB. You can convert a generation 1 VM from the VHDX file
system to VHD and from a dynamically expanding disk to fixed-sized.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhd-image?toc=azure virtualmachines windows toc.json

 

QUESTION 6
You have a server named Server1 that runs Windows Server 2019. Server1 is a container host.
You are creating a Dockerfile to build a container image.
You need to add a file named File1.txt from Server1 to a folder named C:\Folder1 in the container image.
Solution: You add the following line to the Dockerfile.
COPY File1.txt C:/Folder1/
You then build the container image.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
The copy is the correct command to copy a file to the container image but the root directory is specified as \\’/\\’ and not as
\\’C:/\\’.
References:
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy
https://docs.docker.com/engine/reference/builder/

 

QUESTION 7
HOTSPOT
You have an Azure Resource Manager template for a virtual machine named Template1. Template1 has the following
parameters section.lead4pass az-303 practice test q7

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.
Hot Area:

lead4pass az-303 practice test q7-1

Box 1: Yes
The Resource Group is not specified.
Box 2: No
The default value for the operating system is Windows 2016 Datacenter.
Box 3: Yes
Location is no default value.
Reference:
https://docs.microsoft.com/bs-latn-ba/azure/virtual-machines/windows/ps-template

 

QUESTION 8
You are designing an Azure solution.
The solution must meet the following requirements:
*
Distribute traffic to different pools of dedicated virtual machines (VMs) based on rules
*
Provide SSL offloading capabilities
You need to recommend a solution to distribute network traffic.
Which technology should you recommend?
A.
server-level firewall rules
B.
Azure Application Gateway
C.
Azure Traffic Manager
D.
Azure Load Balancer
Correct Answer: B
If you require “SSL offloading”, application layer treatment, or wish to delegate certificate management to Azure, you
should use Azure\\’s layer 7 load balancer Application Gateway instead of the Load Balancer. References:
https://docs.microsoft.com/en-us/azure/application-gateway/overview

 

QUESTION 9
You have 10 Azure virtual machines on a subnet named Subnet1. Subnet1 is on a virtual network named VNet1.
You plan to deploy a public Azure Standard Load Balancer named LB1 to the same Azure region as the 10 virtual
machines.
You need to ensure that traffic from all the virtual machines to the internet flows through LB1. The solution must prevent
the virtual machines from being accessible on the internet.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Add health probes to LB1.
B. Add the network interfaces of the virtual machines to the backend pool of LB1.
C. Add an inbound rule to LB1.
D. Add an outbound rule to LB1.
E. Associate a network security group (NSG) to Subnet1.
F. Associate a user-defined route to Subnet1.
Correct Answer: ABD
Reference: https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-standard-manage-portal2


QUESTION 10lead4pass az-303 practice test q10

You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as
shown in the following table.
You need to ensure that all critical and security updates are applied to each virtual machine every month. What is the minimum number of update deployments you should create?
A. 4
B. 6
C. 1
D. 2
Correct Answer: A

 

QUESTION 11
HOTSPOT
You need to configure the Device settings to meet the technical requirements and user requirements. Which two
settings should you modify? To answer, select the appropriate settings in the answer area.
Hot Area:lead4pass az-303 practice test q11

Correct Answer:

lead4pass az-303 practice test q11-1

Box 1: Selected Only selected users should be able to join devices Box 2: Yes Require Multi-Factor Auth to join devices.
From scenario: Ensure that only users who are part of a group named Pilot can join devices to Azure AD Ensure that
when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.

 

QUESTION 12
You have an Azure Active Directory (Azure AD) tenant linked to an Azure subscription. The tenant contains a group
named Admins.
You need to prevent users, except for the members of Admins, from using the Azure portal and Azure PowerShell to
access the subscription.
What should you do?
A. From Azure AD, configure the User settings.
B. From the Azure subscription, assign an Azure policy.
C. From Azure AD, create a conditional access policy.
D. From the Azure subscription, configure Access control (IAM).
Correct Answer: D

 

QUESTION 13
HOTSPOT
You need to recommend a solution for App1. The solution must meet the technical requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:lead4pass az-303 practice test q13

Correct Answer:

lead4pass az-303 practice test q13-1

Box 1: 3
One virtual network for every tier
Box 2: 1
Only one subnet for each tier, to minimize the number of open ports.
Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Technical requirements:
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.


latest updated Microsoft AZ-303 exam questions from the Lead4Pass AZ-303 dumps! 100% pass the AZ-303 exam! Download Lead4Pass AZ-303 VCE and PDF dumps: https://www.lead4pass.com/az-303.html (Q&As: 436 dumps)

Get free Microsoft AZ-303 dumps PDF online: https://drive.google.com/file/d/1GF4CeIFrJgSuXu6M-p-V8THJ4eNFHCQ1/

Posted in az-303 Microsoft Azure Architect Technologies (beta) Microsoft AZ-303 microsoft az-303 dump microsoft az-303 exam microsoft az-303 exam dumps microsoft az-303 pdf Microsoft Role-based

[Otc 2020] New Microsoft AZ-303 Brain dumps and online practice tests are shared from Lead4Pass (latest Updated)

The latest Microsoft AZ-303 dumps by Lead4Pass helps you pass the AZ-303 exam for the first time! Lead4Pass Latest Update Microsoft AZ-303 VCE Dump and AZ-303 PDF Dumps, Lead4Pass AZ-303 Exam Questions Updated, Answers corrected! Get the latest LeadPass AZ-303 dumps with Vce and PDF: https://www.lead4pass.com/az-303.html (Q&As: 111 dumps)

[Free AZ-303 PDF] Microsoft AZ-303 Dumps PDF can be collected on Google Drive shared by Lead4Pass:
https://drive.google.com/file/d/1wkx74ntbkdk4ul65PBkC9gSoigufb7Zm/

[Lead4pass AZ-303 Youtube] Microsoft AZ-303 Dumps can be viewed on Youtube shared by Lead4Pass

Microsoft AZ-303 Online Exam Practice Questions

QUESTION 1
You have a server named Server1 that runs Windows Server 2019. Server1 is a container host.
You are creating a Dockerfile to build a container image.
You need to add a file named File1.txt from Server1 to a folder named C:\Folder1 in the container image.
Solution: You add the following line to the Dockerfile.
COPY File1.txt /Folder1/
You then build the container image.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
The copy is the correct command to copy a file to the container image.
Reference: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy
https://docs.docker.com/engine/reference/builder/

 

QUESTION 2
HOTSPOT
You plan to deploy an Azure virtual machine named VM1 by using an Azure Resource Manager template.
You need to complete the template.
What should you include in the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Within your template, the dependsOn element enables you to define one resource as dependent on one or more
resources. Its value can be a comma-separated list of resource names.
Box 1: \\’Microsoft.Network/networkInterfaces\\’
This resource is a virtual machine. It depends on two other resources:
Microsoft.Storage/storage accounts
Microsoft.Network/networkInterfaces
Box 2: \\’Microsoft.Network/virtual networks/\\’
The dependsOn element enables you to define one resource as dependent on one or more resources. The resource
depends on two other resources:
Microsoft.Network/public IP addresses
Microsoft.Network/virtual networkslead4pass az-303 exam q2uestions q

Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-createtemplates-with-dependent-resources

 

QUESTION 3
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers
that the Access review settings are unavailable. Admin1 discovers that all the other identity Governance settings are
available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.
You need to ensure that Admin1 can create access reviews in contoso.com.
Solution: You purchase an Azure Directory Premium P2 license for contoso.com.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Instead, use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key
features of PIM include: Conduct access reviews to ensure users still need roles
Reference: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

 

QUESTION 4
You have resources in three Azure regions. Each region contains two virtual machines. Each virtual machine has a
the public IP address assigned to its network interface and a locally installed application named App1.
You plan to implement Azure Front Door-based load balancing across all the virtual machines.
You need to ensure that App1 on the virtual machines will only accept traffic routed from Azure Front Door.
What should you implement?
A. Azure Private Link
B. service endpoints
C. network security groups (NSGs) with service tags
D. network security groups (NSGs) with application security groups
Correct Answer: C
Configure IP ACLing for your backends to accept traffic from Azure Front Door\\’s backend IP address space and
Azure\\’s infrastructure services only. Refer to the IP details below for ACLing your backend:
Refer AzureFrontDoor.Backend section in Azure IP Ranges and Service Tags for Front Door\\’s IPv4 backend IP
address range or you can also use the service tag AzureFrontDoor.Backend in your network security groups.
Reference:
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq

 

QUESTION 5
You have an Azure subscription that contains 100 virtual machines.
You have a set of Pester tests in PowerShell that validate the virtual machine environment.
You need to run the tests whenever there is an operating system update on the virtual machines. The solution must
minimize implementation time and recurring costs.
Which three resources should you use to implement the tests? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Azure Automation runbook
B. an alert rule
C. an Azure Monitor query
D. a virtual machine that has network access to the 100 virtual machines
E. an alert action group
Correct Answer: ABE
AE: You can call Azure Automation runbooks by using action groups or by using classic alerts to automate tasks based
on alerts.
B: Alerts are one of the key features of Azure Monitor. They allow us to alert on actions within an Azure subscription
Reference: https://docs.microsoft.com/en-us/azure/automation/automation-create-alert-triggered-runbook
https://techsnips.io/snips/how-to-create-and-test-azure-monitor-alerts/?page=13

 

QUESTION 6
HOTSPOT
You plan to create an Azure Storage account in the Azure region of East US 2.
You need to create a storage account that meets the following requirements:
Replicates synchronously
Remains available if a single data center in the region fails
How should you configure the storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:lead4pass az-303 exam questions q6

Correct Answer:

lead4pass az-303 exam questions q6-1

Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails
GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2)
ZRS only supports GPv2.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs

 

QUESTION 7
Your company has an Azure subscription.
You enable multi-factor authentication (MFA) for all users.
The company\\’s help desk reports an increase in calls from users who receive MFA requests while they work from the
company\\’s main office.
You need to prevent the users from receiving MFA requests when they sign in from the main office.
What should you do?
A. From Conditional access in Azure Active Directory (Azure AD), create a named location.
B. From the MFA service settings create a trusted IP range.
C. From Conditional access in Azure Active Directory (Azure AD), create a custom control.
D. From Azure Active Directory (Azure AD), configure organizational relationships.
Correct Answer: B
The first thing you may want to do, before enabling Multi-Factor Authentication for any users, is to consider configuring
some of the available settings. One of the most important features is a trusted IPs list. This will allow you to whitelist a
range of IPs for your network. This way, when users are in the office, they will not get prompted with MFA, and when
they take their devices elsewhere, they will. Here\\’s how to do it:
Log in to your Azure Portal.
Navigate to Azure AD > Conditional Access > Named locations.
From the top toolbar select, Configure MFA trusted IPs.
Reference:
https://www.kraftkennedy.com/implementing-azure-multi-factor-authentication/

 

QUESTION 8
HOTSPOT
You need to identify the storage requirements for Contoso.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:lead4pass az-303 exam questions q8

Correct Answer:

lead4pass az-303 exam questions q8-1

Box 1: Yes
Scenario: Move the existing product blueprint files to Azure Blob storage.
Scenario: Use unmanaged standard storage for the hard disks of the virtual machines.
Page blobs are optimized for writes at random locations within a blob. They also support Unmanaged Disks.
Scenario:
SQL Server Data Files in Microsoft Azure enables native support for SQL Server database files stored as blobs. It
allows you to create a database in SQL Server running in on-premises or in a virtual machine in Microsoft Azure with a
dedicated storage location for your data in Microsoft Azure Blob storage.
Box 2: No
Box 3: No
Reference:
https://docs.microsoft.com/en-us/sql/relational-databases/databases/sql-server-data-files-in-microsoft-azure

 

QUESTION 9
You have an Azure App Service app.
You need to implement tracing for the app. The tracing information must include the following:
Usage trends AJAX call responses Page load speed by browser Server and browser exceptions
What should you do?
A. Configure IIS logging in Azure Log Analytics.
B. Configure a connection monitor in Azure Network Watcher.
C. Configure custom logs in Azure Log Analytics.
D. Enable the Azure Application Insights site extension.
Correct Answer: D
For web pages, Application Insights JavaScript SDK automatically collects AJAX calls as dependencies.
Note: Some of the things you can track or collect are:
What are the most popular webpages in your application, at what time of day and where is that traffic coming from?
Dependency rates or response times and failure rates to find out if their \\’s an external service that\\’s causing
performance issues on your app, maybe a user is using a portal to get through to your application and there are
response time
issues going through there for instance.
Exceptions for both server and browser information, as well as page views and load performance from the end users\\’
side.
Reference:
https://azure.microsoft.com/en-us/blog/ajax-collection-in-application-insights/
https://blog.pragmaticworks.com/what-is-application-insights

 

QUESTION 10
HOTSPOT
Your company has an Azure Container Registry named Registry1.
You have an Azure virtual machine named Server1 that runs Windows Server 2019.
From Server1, you create a container image named image1.
You need to add image1 to Registry1.
Which command should you run on Server1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:lead4pass az-303 exam questions q10

Correct Answer:

lead4pass az-303 exam questions q10-1

An Azure container registry stores and manages private Docker container images, similar to the way Docker Hub stores
public Docker images. You can use the Docker command-line interface (Docker CLI) for login, push, pull, and other
operations on your container registry.
Reference: https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-docker-cli
https://docs.docker.com/engine/reference/commandline/push/

 

QUESTION 11
HOTSPOT
You have an Azure subscription.
You plan to deploy an app that has a web front end and an application tier.
You need to recommend a load balancing solution that meets the following requirements:
Internet to web tier:
-Provides URL-based routing
-Supports connection draining
-Prevents SQL injection attacks
Web tier to application tier:
-Provides port forwarding

Supports HTTPS health probes

Supports an availability set as a backend pool
Which load balancing solution should you recommend for each tier? To answer, select the appropriate options in the
answer area.
NOTE: Each correct selection is worth one point.
Hot Area:lead4pass az-303 exam questions q11

Box 1: An Azure Application Gateway that has a web application firewall (WAF)
Azure Application Gateway offers a web application firewall (WAF) that provides centralized protection of your web
applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks
that
exploit commonly known vulnerabilities. SQL injection and cross-site scripting are among the most common attacks.
Application Gateway operates as an application delivery controller (ADC). It offers Secure Sockets Layer (SSL)
termination, cookie-based session affinity, round-robin load distribution, content-based routing, ability to host multiple
websites,
and security enhancements.
Box 2: An internal Azure Standard Load Balancer
The internet to web tier is the public interface, while the web tier to application tier should be internal.
Note: When using load-balancing rules with Azure Load Balancer, you need to specify a health probe to allow Load
Balancer to detect the backend endpoint status.
Health probes support the TCP, HTTP, HTTPS protocols.
Reference:
https://docs.microsoft.com/en-us/azure/application-gateway/waf-overview
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview

 

QUESTION 12
You have a virtual network named VNet1 as shown in the exhibit. (Click the Exhibit tab.)lead4pass az-303 exam questions q12

No devices are connected to VNet1.
You plan to peer VNet1 to another virtual network named VNet2. VNet2 has an address space of 10.2.0.0/16.
You need to create the peering.
What should you do first?
A. Configure a service endpoint on VNet2.
B. Add a gateway subnet to VNet1.
C. Create a subnet on VNEt1 and VNet2.
D. Modify the address space of VNet1.
Correct Answer: D
The virtual networks you peer must have non-overlapping IP address spaces. The exhibit indicates that VNet1 has an
address space of 10.2.0.0/16, which is the same as VNet2, and thus overlaps. We need to change the address space
for VNet1.
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-andconstraints

 

QUESTION 13
HOTSPOT
Your company has a virtualization environment that contains the virtualization hosts shown in the following table.lead4pass az-303 exam questions q13

All virtual machines use basic disks. VM1 is protected by using BitLocker Drive Encryption (BitLocker).
You plan to migrate the virtual machines to Azure by using Azure Site Recovery.
You need to identify which virtual machines can be migrated.
Which virtual machines should you identify for each server? To answer, select the appropriate options in the answer
area.
NOTE: Each correct selection is worth one point.
Hot Area: lead4pass az-303 exam questions q13-1

Correct Answer:

lead4pass az-303 exam questions q13-2


latest updated Microsoft AZ-303 exam questions from the Lead4Pass AZ-303 dumps! 100% pass the AZ-303 exam! Download Lead4Pass AZ-303 VCE and PDF dumps: https://www.lead4pass.com/az-303.html (Q&As: 111 dumps)

Get free Microsoft AZ-303 dumps PDF online: https://drive.google.com/file/d/1wkx74ntbkdk4ul65PBkC9gSoigufb7Zm/