It is more faster and easier to pass the Microsoft AZ-303 exam by using Highest Quality Microsoft Microsoft Azure Architect Technologies (beta) questuins and answers. Immediate access to the Rebirth AZ-303 Exam and find the same core area AZ-303 questions with professionally verified answers, then PASS your exam with a high score now.
Free demo questions for Microsoft AZ-303 Exam Dumps Below:
NEW QUESTION 1
You have an Azure logic app named App1 and an Azure Service Bus queue named Queue1.
You need to ensure that App1 can read messages from Queue1. App1 must authenticate by using Azure Active Directory (Azure AD).
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
- A. Mastered
- B. Not Mastered
Answer: A
Explanation:
On App1: Turn on the managed identity
To use Service Bus with managed identities, you need to assign the identity the role and the appropriate scope. The procedure in this section uses a simple application that runs under a managed identity and accesses Service Bus resources.
Once the application is created, follow these steps:
Go to Settings and select Identity.
Select the Status to be On.
Select Save to save the setting.
On Queue1: Configure Access Control (IAM)
Azure Active Directory (Azure AD) authorizes access rights to secured resources through role-based access control (RBAC). Azure Service Bus defines a set of built-in RBAC roles that encompass common sets of permissions used to access Service Bus entities and you can also define custom roles for accessing the data.
Assign RBAC roles using the Azure portal
In the Azure portal, navigate to your Service Bus namespace. Select Access Control (IAM) on the left menu to display access control settings for the namespace. If you need to create a Service Bus namespace.
Select the Role assignments tab to see the list of role assignments. Select the Add button on the toolbar and then select Add role assignment.
Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/authenticate-application https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-managed-service-identity
NEW QUESTION 2
You create the Azure resources shown in the following table.
You attempt to add a role assignment to a resource group as shown in the following exhibit.
What should you do to ensure that you can assign VM2 the Reader role for the resource group?
- A. Modify the Reader role at the subscription level.
- B. Configure just in time (JIT) VM access on VM2.
- C. Configure Access control (IAM) on VM2.
- D. Assign a managed identity to VM2.
Answer: D
NEW QUESTION 3
Your network contains an on-premises Active Directory domain named contoso.com that contains a member server named Server1.
You have the accounts shown in the following table.
You are installing Azure AD Connect on Server1.
You need to specify the account for Azure AD Connect synchronization.
The solution must use the principle of least privilege.
Which account should you specify?
- A. CONTOSOUser2
- B. SERVER1User4
- C. CONTOSOUser1
- D. CONTOSOUser3
Answer: A
Explanation:
The default Domain User permissions are sufficient Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions
NEW QUESTION 4
Your company has a virtualization environment that contains the virtualization hosts shown in the following table.
The virtual machines are configured as shown in the following table.
All the virtual machines use basic disks. VM1 is protected by using BitLocker Drive Encryption (BitLocker). You plan to migrate the virtual machines to Azure by using Azure Site Recovery.
You need to identify which virtual machines can be migrated.
Which virtual machines should you identify for each server? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
- A. Mastered
- B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 5
You create a virtual machine scale set named Scale1. Scale1 is configured as shown in the following exhibit. The subscription contains the Azure SQL databases shown in the following table.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
- A. Mastered
- B. Not Mastered
Answer: A
Explanation:
Box 1:
The Autoscale scale out rule increases the number of VMs by 2 if the CPU threshold is 80% or higher. The initial instance count is 4 and rises to 6 when the 2 extra instances of VMs are added.
Box 2:
The Autoscale scale in rule decreases the number of VMs by 4 if the CPU threshold is 30% or lower. The initial instance count is 4 and thus cannot be reduced to 0 as the minimum instances is set to 2. Instances are only added when the CPU threshold reaches 80%.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-overview
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-best-practices https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-common-scale-patterns
NEW QUESTION 6
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1. You need to enable multi-factor authentication (MFA) for the users in Group1 only.
Solution: From Multi-Factor Authentication, you select Bulk update, and you provide a CSV file that contains the members of Group1.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
We should use a Conditional Access policy.
Note: There are two ways to secure user sign-in events by requiring multi-factor authentication in Azure AD. The first, and preferred, option is to set up a Conditional Access policy that requires multi-factor authentication under certain conditions. The second option is to enable each user for Azure Multi-Factor Authentication. When users are enabled individually, they perform multi-factor authentication each time they sign in (with some exceptions, such as when they sign in from trusted IP addresses or when the remembered devices feature is turned on).
Enabling Azure Multi-Factor Authentication using Conditional Access policies is the recommended approach. Changing user states is no longer recommended unless your licenses don't include Conditional Access as it requires users to perform MFA every time they sign in.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
NEW QUESTION 7
You need to identify the storage requirements for Contoso.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
- A. Mastered
- B. Not Mastered
Answer: A
Explanation:
Box 1: Yes
Contoso is moving the existing product blueprint files to Azure Blob storage.
Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for these. Box 2: No
Box 3: No
NEW QUESTION 8
You have 10 Azure virtual machines on a subnet named Subnet1. Subnet1 is on a virtual network named VNet1.
You plan to deploy a public Azure Standard Load Balancer named LB1 to the same Azure region as the 10 virtual machines.
You need to ensure that traffic from all the virtual machines to the internet flows through LB1. The solution must prevent the virtual machines from being accessible on the internet.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Add health probes to LB1.
- B. Add the network interfaces of the virtual machines to the backend pool of LB1.
- C. Add an inbound rule to LB1.
- D. Add an outbound rule to LB1.
- E. Associate a network security group (NSG) to Subnet1.
- F. Associate a user-defined route to Subnet1.
Answer: ABD
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-standard-manage-portal2
NEW QUESTION 9
You have an Azure subscription that contains 100 virtual machines.
You have a set of Pester tests in PowerShell that validate the virtual machine environment.
You need to run the tests whenever there is an operating system update on the virtual machines. The solution must minimize implementation time and recurring costs.
D18912E1457D5D1DDCBD40AB3BF70D5D
Which three resources should you use to implement the tests? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Azure Automation runbook
- B. an alert rule
- C. an Azure Monitor query
- D. a virtual machine that has network access to the 100 virtual machines
- E. an alert action group
Answer: ABE
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/automation/automation-create-alert-triggered-runbook https://techsnips.io/snips/how-to-create-and-test-azure-monitor-alerts/?page=13
NEW QUESTION 10
You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2021 Datacenter image. You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A. Create a new virtual machine scale set in the Azure portal.
- B. Create an automation account.
- C. Upload a configuration script.
- D. Modify the extensionProfile section of the Azure Resource Manager template.
- E. Create an Azure policy.
Answer: AD
Explanation:
References:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template
NEW QUESTION 11
You have an Azure SQL database named Db1 that runs on an Azure SQL server named SQLserver1. You need to ensure that you can use the query editor on the Azure portal to query Db1.
What should you do?
- A. Modify the Advanced Data Security settings of Db1
- B. Configure the Firewalls and virtual networks settings for SQLserver1
- C. Copy the ADO.NET connection string of Db1 and paste the string to the query editor
- D. Approve private endpoint connections for SQLserver1
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-connect-query-portal
NEW QUESTION 12
You have an Azure subscription named Subscription1 that is used by several departments at your company. Subscription1 contains the resources in the following table.
Another administrator deploys a virtual machine named VM1 and an Azure Storage account named Storage2 by using a single Azure Resource Manager template.
You need to view the template used for the deployment.
From which blade can you view the template that was used for the deployment?
- A. Container1
- B. VM1
- C. Storage2
- D. RG1
Answer: D
NEW QUESTION 13
You have an Azure subscription that contains the resources shown in the following table.
In RG2, you need to create a new virtual machine named VM2 that will connect to VNET1. VM2 will use a network interface named VM2_Interface.
In which region should you create VM2 and VM2_Interface? To answer, drag the appropriate regions to the correct targets. Each region may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
- A. Mastered
- B. Not Mastered
Answer: A
Explanation:
VM2: West US
In RG2, which is in West US, you need to create a new virtual machine named VM2. VM2_interface: East US
VM2 will use a network interface named VM2_Interface to connect to VNET1, which is in East US. References:
https://docs.microsoft.com/en-us/azure/virtual-network/associate-public-ip-address-vm
NEW QUESTION 14
You have a virtual network named VNet1 as shown in the exhibit.
No devices are connected to VNet1.
You plan to peer VNet1 to another virtual network named Vnet2 in the same region. VNet2 has an address space of 10.2.0.0/16.
You need to create the peering. What should you do first?
- A. Modify the address space of VNet1.
- B. Configure a service endpoint on VNet2
- C. Add a gateway subnet to VNet1.
- D. Create a subnet on VNet1 and VNet2.
Answer: A
Explanation:
The virtual networks you peer must have non-overlapping IP address spaces. References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-cons
NEW QUESTION 15
You have an Azure Active Directory (Azure AD) tenant that contains the user groups shown in the following table.
You enable self-service password reset (SSPR) for Group1.
You configure the Notifications settings as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
- A. Mastered
- B. Not Mastered
Answer: A
Explanation:
Box 1: Yes
Notify all admins when other admins reset their passwords: Yes. Box 2: No
Notify users on password resets: No. Box 3: No
Notify users on password resets
If this option is set to Yes, then users resetting their password receive an email notifying them that their password has been changed. The email is sent via the SSPR portal to their primary and alternate email addresses that are on file in Azure AD. No one else is notified of the reset event.
Notify all admins when other admins reset their passwords
If this option is set to Yes, then all administrators receive an email to their primary email address on file in Azure AD. The email notifies them that another administrator has changed their password by using SSPR.
Example: There are four administrators in an environment. Administrator A resets their password by using SSPR. Administrators B, C, and D receive an email alerting them of the password reset.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr
NEW QUESTION 16
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server 2021. Server1 is a container host. You are creating a Dockerfile to build a container image.
You need to add a file named File1.txt from Server1 to a folder named C:Folder1 in the container image. Solution: You add the following line to the Dockerfile.
COPY File1.txt /Folder1/
You then build the container image. Does this meet the goal?
- A. Yes
- B. No
Answer: A
Explanation:
Copy is the correct command to copy a file to the container image. References:
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy https://docs.docker.com/engine/reference/builder/
NEW QUESTION 17
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles. You need to ensure that the Admin1 can create access reviews in contoso.com.
Solution: You purchase an Azure Directory Premium P2 license for contoso.com. Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
Instead use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
Conduct access reviews to ensure users still need roles References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
NEW QUESTION 18
: 292 HOTSPOT
From Azure Cosmos DB, you create the containers shown in the following table.
You add the following item to Container1.
You plan to add items to Azure Cosmos DB as shown in the following table.
You need to identify which items can be added successfully to Container1 and Container2.
What should you identify for each container? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
- A. Mastered
- B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 19
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server 2021. Server1 is a container host. You are creating a Dockerfile to build a container image.
You need to add a file named File1.txt from Server1 to a folder named C:Folder1 in the container image. Solution: You add the following line to the Dockerfile.
XCOPY File1.txt C:Folder1
You then build the container image. Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
Copy is the correct command to copy a file to the container image. Furthermore, the root directory is specified as '/' and not as 'C:/'.
References:
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy https://docs.docker.com/engine/reference/builder/
NEW QUESTION 20
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server 2021. Server1 is a container host. You are creating a Dockerfile to build a container image.
You need to add a file named File1.txt from Server1 to a folder named C:Folder1 in the container image. Solution: You add the following line to the Dockerfile.
Copy-Item File1.txt C:Folder1File1.txt You then build the container image. Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
Copy-Item is not supported. Copy is the correct command to copy a file to the container image. References:
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy https://docs.docker.com/engine/reference/builder/
NEW QUESTION 21
You have Azure virtual machines deployed to three Azure regions. Each region contains a single virtual network that has four virtual machines on the same subnet. Each virtual machine runs an application named App1. App1 is accessible by using HTTPS. Currently, the virtual machines are inaccessible from the internet.
You need to use Azure Front Door to load balance requests for App1 across all the virtual machines. Which additional Azure service should you provision?
- A. a public Azure Load Balancer
- B. Azure Traffic Manager
- C. an internal Azure Load Balancer
- D. Azure Private Link
Answer: A
NEW QUESTION 22
......
P.S. 2passeasy now are offering 100% pass ensure AZ-303 dumps! All AZ-303 exam questions have been updated with correct answers: https://www.2passeasy.com/dumps/AZ-303/ (0 New Questions)