• Home
  • Articles
  • 218 Exam Questions for AZ-303 Updated Versions With Test Engine [Q125-Q146]

218 Exam Questions for AZ-303 Updated Versions With Test Engine [Q125-Q146]

Share

218 Exam Questions for AZ-303 Updated Versions With Test Engine

Pass AZ-303 Exam with Updated AZ-303 Exam Dumps PDF 2022


Fundamental Exam Domains

To make sure that every skill is checked, the vendor has divided the test into multiple domains, four in its case. All these domains throw light on key concepts of Azure and include the following:

  • Implement Solutions for Apps (10-15%)

    This module of the outline includes the subtopics that are dedicated to concepts like creating and configuring Azure App service, App Service plan, and building the App Service Web App for Containers. Also, the candidates need to learn how to handle the implementation of Logic App as well as Azure functions, how to perform the Azure Kubernetes Service setup, and how to publish a solution on Azure Container Instance. In addition, the candidates will be assessed on their ability to use Azure Container Registry for publishing as well as automating image deployment.

  • Implement Management and Security Solutions (25-30%)

    The second Microsoft AZ-303 exam domain requires applicants to learn about workload Azure management, load balancing as well as network security, the management of Azure governance solutions, and application security management. This section is focused on checking one’s understanding of what is included in Azure Backup for VMs, Azure Update Management, Azure Firewall Manager, Azure Traffic Manager, Bastion, Azure Front Door Service, creating and assigning custom RBAC role, proper implementation of Azure Policy and Azure Blueprint, and KeyVault. Besides, the examinees have to be aware of what all it takes to implement the application gateway.

  • Implement and Manage Data Platforms (10-15%)

    The last domain is all about the management of data platforms. This section covers topics like NoSQL databases, CosmosDB APIs, CosmosDB, and ways to set-up storage account tables. Finally, this module includes questions checking the applicants’ familiarity with the configuration of Azure SQL database settings and publishing an Azure SQL database along with the implementation of its managed instances.

  • Implement and monitor an Azure Infrastructure (50-55%)

    This is the widest section out of all. It tries to educate the test-taker about how to implement the cloud infrastructure monitoring concepts, handle the storage account, and perform the implementation of VMs for Linux and Windows. Also, it assesses the knowledge of the key concepts regarding virtual networking, the automation of the deployment process, Azure Active Directory implementation, and the management of hybrid identities along with virtual networks.

    As far as the technologies covered, there are Azure AD Identity Protection, Azure AD Connect, Azure AD Connect Health, Trusted IP, self-service password reset, VNet to VNet connections, VNet peering, High Availability, Azure Disk Encryption, Azure Dedicated Hosts, Azure AD authentication, Shared Access Signatures, Azure Resource Manager, and virtual disk template management.

 

NEW QUESTION 125
DRAG DROP
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You install a line-of-business application on VM1.
You need to create a scale set by using VM1 as a custom image.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Answer:

Explanation:

Section: [none]
Explanation:
Step 1: Run sysprep.exe on VM1.
The final step to prepare your VM for use as a custom image is to generalize the VM. Sysprep removes all your personal account information and configurations, and resets the VM to a clean state for future deployments.
Step 2: From Azure CLI, deallocate VM1 and mark VM1 as generalized,
To create an image, the VM needs to be deallocated. Deallocate the VM with Stop-AzVm. Then, set the state of the VM as generalized with Set-AzVm so that the Azure platform knows the VM is ready for use a custom image. You can only create an image from a generalized VM.
It may take a few minutes to deallocate and generalize the VM.
Then create an image of the VM with New-AzImageConfig and New-AzImage.
Step 3: Create a virtual machine scale set.
Create a scale set with New-AzVmss that uses the -ImageName parameter to define the custom VM image created in the previous step.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-use-custom-image-powershell

 

NEW QUESTION 126
You have an Azure key vault named KV1.
You need to ensure that applications can use KV1 to provision certificates automatically from an external certification authority (CA).
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. From KV1, create a certificate signing request (CSR).
  • B. Obtain the root CA certificate.
  • C. From KV1, create a private key,
  • D. Obtain the CA account credentials.
  • E. From KV1, create a certificate issuer resource.

Answer: A,B

Explanation:
Explanation/Reference:
Explanation:
C: Obtain the root CA certificate (step 4 in the picture below)
D: From KV1, create a certificate signing request (CSR) (step 2 in the picture below) Note:
Creating a certificate with a CA not partnered with Key Vault
This method allows working with other CAs than Key Vault's partnered providers, meaning your organization can work with a CA of its choice.

The following step descriptions correspond to the green lettered steps in the preceding diagram.
1. In the diagram above, your application is creating a certificate, which internally begins by creating a key in your key vault.
2. Key Vault returns to your application a Certificate Signing Request (CSR).
3. Your application passes the CSR to your chosen CA.
4. Your chosen CA responds with an X509 Certificate.
5. Your application completes the new certificate creation with a merger of the X509 Certificate from your CA.
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/certificates/certificate-scenarios

 

NEW QUESTION 127
You have an Azure logic app named App1 and an Azure Service Bus queue named Queue1.
You need to ensure that App1 can read messages from Queue1. App1 must authenticate by using Azure Active Directory (Azure AD).
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 128
Your on-premises network contains several Hyper-V hosts.
You have an hybrid deployment of Azure Active Directory (Azure AD).
You create an Azure Migrate project.
You need to ensure that you can evaluate virtual machines by using Azure Migrate.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Assign the migrate account to the administrator group on each Hyper-V host.
  • B. Deploy the Microsoft Monitoring Agent to each Hyper-V virtual machine.
  • C. Deploy the Azure Migrate appliance as an Azure virtual machine.
  • D. Deploy the Microsoft Monitoring Agent to each Hyper-V host.
  • E. Assign the migrate account to the Administrators group on each Hyper-V virtual machine.
  • F. Deploy the Azure Migrate appliance to an on-premises Hyper-V host.

Answer: B,F

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/migrate/tutorial-discover-hyper-v#set-up-the-appliance
https://docs.microsoft.com/en-us/azure/migrate/migrate-support-matrix-hyper-v#agent-based-dependency-analysis-requirements

 

NEW QUESTION 129
You have an Azure subscription that contains the resources shown in the following table.

You need to deploy a load-balancing solution for two Azure web apps named App1 and App2 to meet the following requirements:
App1 must support command injection protection.
App2 must be able to use a static public IP address.
App1 must have a Service Level Agreement (SLA) of 99.99 percent.
App2 load balancing solution must be able to autoscale.
Which resource should you use as the load-balancing solution for each app? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 130
HOTSPOT
You plan to create a virtual machine as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Explanation:

Section: [none]
Explanation:
Box 1: is guaranteed to remain the same
OS disk type: Premium SSD
Premium SSD Managed Disks are high performance Solid State Drive (SSD) based Storage designed to support I/O intensive workloads with significantly high throughput and low latency. With Premium SSD Managed Disks, you can provision a persistent disk and configure its size and performance characteristics.
Box 2: secure enclaves
Virtual machine size: Standard_DC2s
DC-series virtual machines are a new family of VMs to protect the confidentiality and integrity of your data and code while it's processed in Azure through the use of secure enclaves.
Incorrect:
Not dm-crypt: Azure Disk Encryption helps protect and safeguard your data to meet your organizational security and compliance commitments. It uses the BitLocker feature of Windows and the DM-Crypt feature of Linux to provide volume encryption for the OS and data disks of Azure virtual machines (VMs).
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disks-types
https://azure.microsoft.com/en-us/pricing/details/virtual-machines/series/

 

NEW QUESTION 131
Your company has a virtualization environment that contains the virtualization hosts shown in the following table.

The virtual machines are configured as shown in the following table.

All the virtual machines use basic disks. VM1 is protected by using BitLocker Drive Encryption (BitLocker).
You plan to migrate the virtual machines to Azure by using Azure Site Recovery.
You need to identify which virtual machines can be migrated.
Which virtual machines should you identify for each server? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Incorrect Answers:
VM1 cannot be migrates as it has BitLocker enabled.
VM2 cannot be migrates as the OS disk on VM2 is larger than 2TB.
VMC cannot be migrates as the Data disk on VMC is larger than 4TB.
References:
https://docs.microsoft.com/en-us/azure/site-recovery/hyper-v-azure-support-matrix#azure-vm-requirements

 

NEW QUESTION 132
You have an Azure subscription that contains 100 virtual machines.
You have a set of PowerShell scripts that validate the virtual machine environment.
You need to run the scripts whenever there is an operating system update on the virtual machines. The solution must minimize implementation time and recurring costs.
Which three resources should you use to implement the scripts? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. an alert rule
  • B. an Azure Monitor query
  • C. an alert action group
  • D. a virtual machine that has network access to the 100 virtual machines
  • E. an Azure Automation runbook

Answer: A,C,E

Explanation:
Explanation/Reference:
E: Step 1: Create alert
In your Automation account, select Alerts under Monitoring, and then select New alert rule.
A: Step 2: Configure action groups for your alerts
Once you have your alerts configured, you can set up an action group, which is a group of actions to use across multiple alerts. The actions can include email notifications, runbooks, webhooks, and much more.
C: Use a Azure Automation runbook to run the powershell scipts.
Note: The Azure Automation Process Automation feature supports several types of runbooks, such as the PowerShell runbook, which is a text runbook based on Windows PowerShell.scripting.
Reference:
https://docs.microsoft.com/en-us/azure/automation/update-management/configure-alerts
https://docs.microsoft.com/en-us/azure/automation/automation-runbook-types

 

NEW QUESTION 133
You have an Azure subscription named Subscription1.
You create several Azure virtual machines in Subscription1. All of the virtual machines belong to the same virtual network.
You have an on-premises Hyper-V server named Server1. Server1 hosts a virtual machine named VM1.
You plan to replicate VM1 to Azure.
You need to create additional objects in Subscription1 to support the planned deployment.
Which three objects should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. endpoint
  • B. Azure Recovery Services Vault
  • C. Azure Traffic Manager instance
  • D. replication policy
  • E. Hyper-V site
  • F. storage account

Answer: B,D,E

Explanation:
Section: [none]

 

NEW QUESTION 134
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You install a line-of-business application on VM1.
You need to create a scale set by using VM1 as a custom image.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

1 - Run sysprep.exe on VM1.
2 - From Azure CLI, deallocate VM1 and mark VM1 as generalized,
3 - Create a virtual machine scale set.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-use-custom-image-powershell

 

NEW QUESTION 135
You have an Azure subscription named Subscription1 that includes an Azure File share named share1.
You create several Azure virtual machines in Subscription1. All of the virtual machines belong to the same virtual network.
You have an on-premises Hyper-V server named Server1. Server1 hosts a virtual machine named VM1.
You plan to replicate VM1 to Azure.
You need to create additional objects in Subscription1 to support the planned deployment.
Which three objects should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. endpoint
  • B. Azure Recovery Services Vault
  • C. Azure Traffic Manager instance
  • D. replication policy
  • E. Hyper-V site
  • F. storage account

Answer: B,D,E

Explanation:
Section: [none]

 

NEW QUESTION 136
You have an Azure subscription that contains multiple resource groups. You create an availability set as shown in the following exhibit.

You deploy 10 virtual machines to AS1.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/regions-and-availability

 

NEW QUESTION 137
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage an Active Directory domain named contoso.local.
You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.
You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.
Solution: You use the Synchronization Service Manager to modify the Metaverse Designer tab.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
Instead use Synchronization Rules Editor to create a synchronization rule.
Note: Filtering what objects are synced to Azure AD is a common request and there are many instances where filtering by OU just doesn't cut it. One option is to filter users by their UPN suffix so that only users with the public FQDN as their UPN suffix are synced to Azure AD (e.g., [email protected] would be synced while [email protected] would not).
Filtering can be configured using either the GUI (Synchronization Rules Editor) or PowerShell.
Reference:
https://www.sidekicktech.com/blog/field-notes/2019/upn-suffix-filtering-ad-connect/

 

NEW QUESTION 138
You have Azure Storage accounts as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Note: The three different storage account options are: General-purpose v2 (GPv2) accounts, General-purpose v1 (GPv1) accounts, and Blob storage accounts.
* General-purpose v2 (GPv2) accounts are storage accounts that support all of the latest features for blobs, files, queues, and tables.
* Blob storage accounts support all the same block blob features as GPv2, but are limited to supporting only block blobs.
* General-purpose v1 (GPv1) accounts provide access to all Azure Storage services, but may not have the latest features or the lowest per gigabyte pricing.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-options

 

NEW QUESTION 139
You have an Azure subscription that contains the storage accounts shown in the following table.

You enable Azure Advanced Threat Protection (ATP) for all the storage accounts.
You need to identify which storage accounts will generate Azure ATP alerts.
Which two storage accounts should you identify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. storagecontoso4
  • B. storaaecontoso5
  • C. storagecontoso1
  • D. storagecontoso2
  • E. storagecontoso3

Answer: C,D

Explanation:
Advanced threat protection for Azure Storage is currently available only for Blob Storage. https://docs.microsoft.com/en-us/azure/storage/common/storage-advanced-threat-protection?tabs=azure-portal

 

NEW QUESTION 140
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that uses data from two on-premises Microsoft SQL Server databases named DB1 and DB2.
You plan to move DB1 and DB2 to Azure.
You need to implement Azure services to host DB1 and DB2. The solution must support erver-side transactions across DB1 and DB2.
Solution: You deploy DB1 and DB2 as Azure SQL databases each on a different Azure SQL Database server.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
Instead deploy DB1 and DB2 to SQL Server on an Azure virtual machine.
Note: Understanding distributed transactions.
When both the database management system and client are under the same ownership (e.g. when SQL Server is deployed to a virtual machine), transactions are available and the lock duration can be controlled.
Reference:
https://docs.particular.net/nservicebus/azure/understanding-transactionality-in-azure

 

NEW QUESTION 141
You have an Azure logic app named App1 and an Azure Service Bus queue named Queue1.
You need to ensure that App1 can read messages from Queue1. App1 must authenticate by using Azure Active Directory (Azure AD).
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

On App1: Turn on the managed identity
To use Service Bus with managed identities, you need to assign the identity the role and the appropriate scope.
The procedure in this section uses a simple application that runs under a managed identity and accesses Service Bus resources.
Once the application is created, follow these steps:
* Go to Settings and select Identity.
* Select the Status to be On.
* Select Save to save the setting.
On Queue1: Configure Access Control (IAM)
Azure Active Directory (Azure AD) authorizes access rights to secured resources through role-based access control (RBAC). Azure Service Bus defines a set of built-in RBAC roles that encompass common sets of permissions used to access Service Bus entities and you can also define custom roles for accessing the data.
Assign RBAC roles using the Azure portal
In the Azure portal, navigate to your Service Bus namespace. Select Access Control (IAM) on the left menu to display access control settings for the namespace. If you need to create a Service Bus namespace.
Select the Role assignments tab to see the list of role assignments. Select the Add button on the toolbar and then select Add role assignment.
Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/authenticate-application
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-managed-service-identity

 

NEW QUESTION 142
You create the user-assigned identities shown in the following table.

You create a virtual machine that has the following configurations:
* Name:VM1
* Location: West US
* Resource group: RG1
Which managed identities can you add to VM1?

  • A. Identity1 and Identity3 only
  • B. Identity1, idenity1 and Identity3
  • C. Identity1 only
  • D. Identity1 and Identity2 only

Answer: C

 

NEW QUESTION 143
You create a new Azure subscription. You create a resource group named RG1. In RG1, you create the resources shown in the following table.

You need to configure an encrypted tunnel between your on-premises network and VNET1.
Which two additional resources should you create in Azure? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. a site-to-site connection
  • B. a VPN gateway
  • C. a local network gateway
  • D. a VNet-to- VNet connection
  • E. a point-to-site configuration

Answer: B,C

Explanation:
Section: [none]
Explanation:
A Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device, a local network gateway, located on-premises that has an externally facing public IP address assigned to it.
Finally, create a Site-to-Site VPN connection between your virtual network gateway and your on-premises VPN device.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

 

NEW QUESTION 144
You need to recommend an identify solution that meets the technical requirements.
What should you recommend?

  • A. federated single-on (SSO) and Active Directory Federation Services (AD FS)
  • B. password hash synchronization and single sign-on (SSO)
  • C. cloud-only user accounts
  • D. Pass-through Authentication and single sign-on (SSO)

Answer: D

 

NEW QUESTION 145
You have the Azure SQL Database servers shown in the following table.

You have the Azure SQL databases shown in the following table.

You create a failover group named failover1 that has the following settings:
* Primary server: sqlserver1
* Secondary server: sqlserver2
* Read/Write failover policy: Automatic
* Read/Write grace period (hours): 1 hour

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/auto-failover-group-overview

 

NEW QUESTION 146
......


Who should take the AZ-303: Microsoft Azure Architect Technologies Exam

The certification is for IT professionals who are responsible for planning, deploying, and managing cloud-based IT services with Azure. Hubcreate high availability, disaster recovery plans, and high performance networks by creating virtual machines for networking. Relational datamigrate your Microsoft SQL Server databases to Windows Azure. Proficient knowledge in the process of designing, developing, and implementing cloud solutions using Azure. Typically, the following is needed to take this exam: 3+ years of experience in administering Windows Server or domain-based Active Directory. Microsoft AZ-303 exam dumps are the best solution out there. Addresses the most recent development in your field of work, with the help of our AZ-303 exam products. Prospects are arising with a Microsoft Certified Solutions Associate (MCSA) AZ-303 certification.

Diagnostic access and use the tools and utilities to diagnose the issues. DNScreate and maintain a zone for a client computer in Active Directory Domain Services (AD DS). Certificates and keysuse and administer the certificate and key features of AD DS. Administration of Active Directorycreate and maintain Active Directory domains and forests, domain controllers, and trust relationships. Appeared with the help of our AZ-303 exam products. Depth of the exam is based on the industry. Rewarding opportunities are arising with a Microsoft Certified Solutions Associate (MCSA) AZ-303 certification.


Microsoft AZ-303 will evaluate the candidates’ competence and knowledge in a range of topics. Therefore, it is recommended to go through the official website to review the updated skills that will be measured in the test. The domains that are highlighted by Microsoft are as follows:

  • Implementation of Management & Security Solutions: 25-30%

    This domain requires that the applicants have the skills in managing workloads in Azure and implementing network security and load balancing. These include the implementation of Azure Load Balancer, application gateway, Azure Firewall, Web Application Firewall, Azure Firewall Manager, and Bastion, among others. It also covers the details of the implementation and management of Azure governance solutions as well as the management of app security.

  • Data Platforms Implementation & Management: 10-15%

    The questions from this subject area will measure your knowledge of the implementation of NoSQL databases. Therefore, you should develop competence in storage account tables’ configuration, installing replicas in CosmosDB, and selecting relevant CosmosDB APIs. It will also evaluate your expertise in implementing the managed instances of Azure SQL Database. This domain covers the examinees’ skills in configuring Azure SQL database settings and publishing Azure SQL databases.

  • Implementation of Solutions for Applications: 10-15%

    Here, you must be able to implement Azure application infrastructure. It covers the skills in the creation and configuration of the Azure App Services and Application Service plan. This part also focuses on one’s ability to configure App Service and networking for App Services. The individuals should also have expertise in implementing Logic Apps and Azure Functions as well as creating and operating deployment slots. This area will also evaluate your skills in implementing the container-based applications.

  • Implementation & Monitoring of Azure Infrastructures: 50-55%

    The potential candidates should be able to demonstrate the skills in implementing Cloud infrastructure monitoring processes, such as monitoring security, performance, cost, health, and availability. This section also evaluates their expertise in configuring advanced logging and logging for workloads. It also focuses on the knowledge related to the implementation of storage accounts, VMs for Linux and Windows, Azure AD, Virtual networking, and hybrid identities. It will also measure your skills in automating the configuration and deployment of resources.

 

AZ-303 Exam Dumps - Free Demo & 365 Day Updates: https://pass4itsure.passleadervce.com/Azure-Solutions-Architect-Expert/reliable-AZ-303-exam-learning-guide.html

Related Articles

more
Microsoft AZ-303 Certification Practice Exam