Use Real AZ-303 Dumps - Microsoft Correct Answers updated on 2021
Azure Solutions Architect Expert AZ-303 Exam Practice Dumps
NEW QUESTION 19
You have an Azure subscription that contains the storage accounts shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 20
You have an Azure Resource Manager template named Template1 in the library as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-syntax
NEW QUESTION 21
You are developing an Azure Web App. You configure TLS mutual authentication for the web app.
You need to validate the client certificate in the web app. To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 22
You have an Azure subscription that contains 10 virtual machines on a virtual network.
You need to create a graph visualization to display the traffic flow between the virtual machines.
What should you do from Azure Monitor?
- A. From Workbooks, create a workbook.
- B. From Logs, create a new query.
- C. From Metrics, create a chart.
- D. From Activity log, use quick insights.
Answer: A
Explanation:
Workbooks support visualizing arbitrary graphs based on data from logs to show the relationships between monitoring entities.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/metrics-supported
NEW QUESTION 23
You create and save an Azure Resource Manager template named Template1 that includes the following four sections.
You deploy template1.
For each of the following statement, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 24
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are planning to create a virtual network that has a scale set that contains six virtual machines (VMs).
A monitoring solution on a different network will need access to the VMs inside the scale set.
You need to define public access to the VMs.
Solution: Implement an Azure Load Balancer.
Does the solution meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
Section: [none]
NEW QUESTION 25
You have an Azure subscription that contains an Azure Log Analytics workspace. You have a resource group that contains 100 virtual machines. The virtual machines run Linux. You need to collect events from the virtual machines to the Log Analytics workspace. Which type of data source should you configure in the workspace?
- A. custom fields
- B. Syslog
- C. Linux performance counters
Answer: B
Explanation:
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-azurevm Explanation:
Syslog is an event logging protocol that is common to Linux. Applications will send messages that may be stored on the local machine or delivered to a Syslog collector. When the Log Analytics agent for Linux is installed, it configures the local Syslog daemon to forward messages to the agent. The agent then sends the message to Azure Monitor where a corresponding record is created.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs
NEW QUESTION 26
A company is migrating an existing on-premises third-party website to Azure. The website is stateless.
The company does not have access to the source code for the website. They have the original installer.
The number of visitors at the website varies throughout the year. The on-premises infrastructure was resized to accommodate peaks but the extra capacity was not used.
You need to implement a virtual machine scale set instance.
What should you do?
- A. Use an autoscale setting to define one or more profiles that have one or more autoscale rules.
- B. Use only default diagnostics metrics to trigger autoscaling.
- C. Use an autoscale setting with unlimited maximum number of instances.
- D. Use an autoscale setting to scale instances vertically.
Answer: A
Explanation:
Section: [none]
Explanation:
With Azure Monitor you can auto scale by custom metric for Virtual Machine Scale Sets.
Note: By default, Resource Manager-based Virtual Machines and Virtual Machine Scale Sets emit basic (host- level) metrics. In addition, when you configure diagnostics data collection for an Azure VM and VMSS, the Azure diagnostic extension also emits guest-OS performance counters (commonly known as "guest-OS metrics"). You use all these metrics in autoscale rules.
Note 2: In-guest VM metrics with the Azure diagnostics extension
The Azure diagnostics extension is an agent that runs inside a VM instance. The agent monitors and saves performance metrics to Azure storage. These performance metrics contain more detailed information about the status of the VM, such as AverageReadTime for disks or PercentIdleTime for CPU. You can create autoscale rules based on a more detailed awareness of the VM performance, not just the percentage of CPU usage or memory consumption.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-custom-metric
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-common-metrics
NEW QUESTION 27
HOTSPOT
You plan to deploy an Azure virtual machine named VM1 by using an Azure Resource Manager template.
You need to complete the template.
What should you include in the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Section: [none]
Explanation:
Within your template, the dependsOn element enables you to define one resource as a dependent on one or more resources. Its value can be a comma-separated list of resource names.
Box 1: 'Microsoft.Network/networkInterfaces'
This resource is a virtual machine. It depends on two other resources:
Microsoft.Storage/storageAccounts
Microsoft.Network/networkInterfaces
Box 2: 'Microsoft.Network/virtualNetworks/'
The dependsOn element enables you to define one resource as a dependent on one or more resources. The resource depends on two other resources:
Microsoft.Network/publicIPAddresses
Microsoft.Network/virtualNetworks
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-create-templates- with-dependent-resources
NEW QUESTION 28
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You install a line-of-business application on VM1.
You need to create a scale set by using VM1 as a custom image.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation:
Step 1: Run sysprep.exe on VM1.
The final step to prepare your VM for use as a custom image is to generalize the VM. Sysprep removes all your personal account information and configurations, and resets the VM to a clean state for future deployments.
Step 2: From Azure CLI, deallocate VM1 and mark VM1 as generalized,
To create an image, the VM needs to be deallocated. Deallocate the VM with Stop-AzVm. Then, set the state of the VM as generalized with Set-AzVm so that the Azure platform knows the VM is ready for use a custom image. You can only create an image from a generalized VM.
It may take a few minutes to deallocate and generalize the VM.
Then create an image of the VM with New-AzImageConfig and New-AzImage.
Step 3: Create a virtual machine scale set.
Create a scale set with New-AzVmss that uses the -ImageName parameter to define the custom VM image created in the previous step.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-use-custom-image-powershell
NEW QUESTION 29
You have an Azure Resource Manager template named Template1 in the library as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-syntax
NEW QUESTION 30
HOTSPOT
You have an Azure subscription.
You are planning data security for Azure resources.
You need to ensure that the data meets the following requirements:
* Data in Azure SQL databases that is at rest, in transit, and in use must be encrypted.
* The confidentiality of code on virtual machines must be protected while the code is being processed.
Which feature should you use for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Section: [none]
Explanation:
SQL Databases: Transparent Data Encryption (TDE)
Azure SQL Database currently supports encryption at rest for Microsoft-managed service side and client-side encryption scenarios.
Support for server encryption is currently provided through the SQL feature called Transparent Data Encryption.
Once an Azure SQL Database customer enables TDE key are automatically created and managed for them.
Encryption at rest can be enabled at the database and server levels.
Virtual machine code: Azure confidential compute
Azure confidential computing protects your data while it's in use. It is the final piece to enable data protection through its lifecycle whether at rest, in transit, or in use. It is the cornerstone of Microsoft's 'Confidential Cloud' vision, which aims to make data and code opaque to the cloud provider.
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest
https://azure.microsoft.com/en-us/blog/protect-data-in-use-with-the-public-preview-of-azure-confidential- computing/
NEW QUESTION 31
You create the following Azure role definition.
You need to create Role1 by using the role definition.
Which two values should you modify before you create Role1? Each correct answer presents part of solution.
NOTE: Each correct selection is worth one point.
- A. IsCustom
- B. AssignableScopes
- C. Description
- D. Id
- E. DataActions
Answer: A,B
Explanation:
Part of example:
"IsCustom": true,
"AssignableScopes": [
"/subscriptions/{subscriptionId1}",
"/subscriptions/{subscriptionId2}",
"/subscriptions/{subscriptionId3}"
The following shows what a custom role looks like as displayed in JSON format. This custom role can be used for monitoring and restarting virtual machines.
{
"Name": "Virtual Machine Operator",
"Id": "88888888-8888-8888-8888-888888888888",
"IsCustom": true,
"Description": "Can monitor and restart virtual machines.",
"Actions": [
"Microsoft.Storage/*/read",
"Microsoft.Network/*/read",
"Microsoft.Compute/*/read",
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.Compute/virtualMachines/restart/action",
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Support/*"
],
"NotActions": [],
"DataActions": [],
"NotDataActions": [],
"AssignableScopes": [
"/subscriptions/{subscriptionId1}",
"/subscriptions/{subscriptionId2}",
"/subscriptions/{subscriptionId3}"
]
}
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles
NEW QUESTION 32
HOTSPOT
You need to design an authentication solution that will integrate on-premises Active Directory and Azure Active Directory (Azure AD). The solution must meet the following requirements:
* Active Directory users must not be able to sign in to Azure AD-integrated apps outside of the sign-in hours configured in the Active Directory user accounts.
* Active Directory users must authenticate by using multi-factor authentication (MFA) when they sign in to Azure AD-integrated apps.
* Administrators must be able to obtain Azure AD-generated reports that list the Active Directory users who have leaked credentials.
* The infrastructure required to implement and maintain the solution must be minimized.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Section: [none]
Explanation:
Box 1: Pass-through Authentication with Azure AD Seamless SSO
Azure AD Seamless SSO versus Active Directory Federation Services
Companies with a security requirement to immediately enforce on-premises user account states, password policies, and sign-in hours might use Azure AD Pass-through Authentication.
You can combine Pass-through Authentication with the Seamless Single Sign-On feature.
Note: Azure AD supports the following authentication methods for hybrid identity solutions.
* Azure AD password hash synchronization
* Azure AD Pass-through Authentication
Box 2: Azure MFA
One key benefit with Azure AD Pass-through Authentication is that it works seamlessly with Azure MFA.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn
NEW QUESTION 33
You are designing a virtual network to support a web application. The web application uses Blob storage to store large images. The web application will be deployed to an Azure App Service Web App.
You have the following requirements:
Secure all communications by using Secured Socket layer (SSL)
SSL encryption and decryption must be processed efficiently to support high traffic load on the web application Protect the web application from web vulnerabilities and attacks without modification to backend code Optimize web application responsiveness and reliability by routing HTTP request and responses to the endpoint with the lowest network latency for the client.
You need to configure the Azure components to meet the requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: Azure application Gateway
Azure Application Gateway supports end-to-end encryption of traffic. Application Gateway terminates the SSL connection at the application gateway. The gateway then applies the routing rules to the traffic, re-encrypts the packet, and forwards the packet to the appropriate back-end server based on the routing rules defined. Any response from the web server goes through the same process back to the end user.
Box 2: Azure application Gateway
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview Box 3: Azure Traffic Manager Azure Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions, while providing high availability and responsiveness.
References:
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-end-to-end-ssl-powershell
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
https://docs.microsoft.com/en-us/azure/security-center/security-center-intro
NEW QUESTION 34
You need to design an authentication solution that will integrate on-premises Active Directory and Azure Active Directory (Azure AD). The solution must meet the following requirements:
Active Directory users must not be able to sign in to Azure AD-integrated apps outside of the sign-in hours configured in the Active Directory user accounts.
Active Directory users must authenticate by using multi-factor authentication (MFA) when they sign in to Azure AD-integrated apps.
Administrators must be able to obtain Azure AD-generated reports that list the Active Directory users who have leaked credentials.
The infrastructure required to implement and maintain the solution must be minimized.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn
NEW QUESTION 35
You Wave an Acme Directory forest named contoso.com.
You install and configure Azure AD Connect to use password hath synchronization as the single sign-on (SSO) method Staging mode is enabled You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs.
You need to ensure that the synchronization completes successfully.
What should you do?
- A. Run Azure AD Connect and disable staging mode._
- B. From Synchronization Service Manager, run a full import
- C. Run Azure AD Connect and set the SSO method to Pass-through Authentication
- D. From Azure PowerShell, run Start-AdSyncCycle -PolicyType initial.
Answer: A
Explanation:
In staging mode, the server is active for import and synchronization, but it does not run any exports. A server in staging mode is not running password sync or password writeback, even if you selected these features during installation. When you disable staging mode, the server starts exporting, enables password sync, and enables password writeback.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-staging-server
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-operations
NEW QUESTION 36
You need to implement a backup solution for App1 after the application is moved.
What should you create first?
- A. a Recovery Services vault
- B. a recovery plan
- C. a backup policy
- D. an Azure Backup Server
Answer: A
Explanation:
A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure VMs. When the backup job for a protected resource runs, it creates a recovery point inside the Recovery Services vault.
Scenario:
There are three application tiers, each with five virtual machines.
Move all the virtual machines for App1 to Azure.
Ensure that all the virtual machines for App1 are protected by backups.
References:
https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal
NEW QUESTION 37
HOTSPOT
You have a task that includes a WebJob that should run continuously. The WebJob Log exhibit shows the text that is displayed when the WebJob runs. (Click the WebJob Log tab.)
The WebJob is configured as shown in the WebJob Configuration exhibit. (Click the WebJob Configuration tab.)
The WebJob is not functioning as expected. The WebJob Code exhibit has a comment that shows where code should be added. (Click the WebJob Code tab.)
You need to identify any issues with the WebJob. For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Section: [none]
NEW QUESTION 38
You have an Azure Active Directory (Azure AD) tenant linked to an Azure subscription. The tenant contains a group named Admins.
You need to prevent users, except for the members of Admins, from using the Azure portal and Azure PowerShell to access the subscription.
What should you do?
- A. From the Azure subscription, configure Access control (IAM).
- B. From Azure AD, create a conditional access policy.
- C. From the Azure subscription, assign an Azure policy.
- D. From Azure AD, configure the User settings.
Answer: A
NEW QUESTION 39
You need to identify the storage requirements for Contoso.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: Yes
Contoso is moving the existing product blueprint files to Azure Blob storage.
Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for these.
Box 2: No
NEW QUESTION 40
......
Skills measured
- Implement solutions for apps (10-15%)
- Implement and monitor an Azure infrastructure (50-55%)
- The content of this exam was updated on July 26, 2021. Please download the exam skills outline below to see what changed.
- Implement and manage data platforms (10-15%)
- Implement management and security solutions (25-30%)
Microsoft AZ-303: Career Path
To earn the Microsoft Certified: Azure Solutions Architect Expert certification, the candidates must pass two exams. So, you need to be ready that after completing the Microsoft AZ-303 test, you will have to deal with another one. Nonetheless, with this certificate, you can explore different career opportunities. Some of the positions that the certified professionals can land include an Azure Solutions Architect, a Microsoft Solutions Architect, a Senior Office 365 Architect, and an Azure Engineer. The average salary for these job titles is $88,000 per annum.
Get ready to pass the AZ-303 Exam right now using our Azure Solutions Architect Expert Exam Package: https://www.crampdf.com/AZ-303-exam-prep-dumps.html
AZ-303 Premium Files Test pdf - Free Dumps Collection: https://drive.google.com/open?id=1C9T614EJBa4p3rA4H23DWYNHEe9JJXPu