The Up To The Immediate Present Guide To AZ-303 Preparation Exams

Master the AZ-303 Microsoft Azure Architect Technologies (beta) content and be ready for exam day success quickly with this Testking AZ-303 exam engine. We guarantee it!We make it a reality and give you real AZ-303 questions in our Microsoft AZ-303 braindumps.Latest 100% VALID Microsoft AZ-303 Exam Questions Dumps at below page. You can use our Microsoft AZ-303 braindumps and pass your exam.

Also have AZ-303 free dumps questions for you:

NEW QUESTION 1

You have an Azure subscription that contains the resources shown in the following table.
AZ-303 dumps exhibit
Subnet1 is on VNET1. VM1 connects to Subnet1.
You plan to create a virtual network gateway on VNET1.
You need to prepare the environment for the planned virtual network gateway.
What are two ways to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

  • A. Create a subnet named GatewaySubnet on VNET1.
  • B. Delete Subnet1.
  • C. Modify the address space used by Subnet1.
  • D. Modify the address space used by VNET1
  • E. Create a local network gateway.

Answer: AD

NEW QUESTION 2

You have an Azure subscription that contains the Azure SQL servers shown in the following table.
AZ-303 dumps exhibit
The subscription contains the elastic pool shown in the following table.
AZ-303 dumps exhibit
The subscription contains the Azure SQL databases shown in the following table.
AZ-303 dumps exhibit
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Note: You cannot add databases from different servers into the same pool Box 1: Yes
Pool2 contains DB2 but DB1 and DB2 are on Sql1. DB1 can thus be added to Pool2. Box 2: Yes
Pool3 is empty. Box 3: Yes
Pool1 contains DB1 but DB3 and DB1 are on Sql1. DB3 can thus be added to Pool1. References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-elastic-pool

NEW QUESTION 3

You have an Azure subscription named Subscription1 that is used by several departments at your company. Subscription1 contains the resources in the following table.
AZ-303 dumps exhibit
Another administrator deploys a virtual machine named VM1 and an Azure Storage account named Storage2 by using a single Azure Resource Manager template.
You need to view the template used for the deployment.
From which blade can you view the template that was used for the deployment?

  • A. Container1
  • B. VM1
  • C. Storage2
  • D. RG1

Answer: D

NEW QUESTION 4

You have several Azure virtual machines on a virtual network named VNet1. You configure an Azure Storage account as shown in the following exhibit.
AZ-303 dumps exhibit
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Never
Box 2: Never
After you configure firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an exception to enable Azure Backup service to access the network restricted storage account.
AZ-303 dumps exhibit
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows https://azure.microsoft.com/en-us/blog/azure-backup-now-supports-storage-accounts-secured-with-azure-storage

NEW QUESTION 5

You play to deploy an Azure virtual machine named VM1 by using an Azure Resource Manager template. You need to complete the template.
What should you include in the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Within your template, the dependsOn element enables you to define one resource as a dependent on one or more resources. Its value can be a comma-separated list of resource names.
Box 1: 'Microsoft.Network/networkInterfaces'
This resource is a virtual machine. It depends on two other resources: Microsoft.Storage/storageAccounts Microsoft.Network/networkInterfaces
Box 2: 'Microsoft.Network/virtualNetworks/'
The dependsOn element enables you to define one resource as a dependent on one or more resources. The resource depends on two other resources: Microsoft.Network/publicIPAddresses Microsoft.Network/virtualNetworks
AZ-303 dumps exhibit
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-create-templates-with

NEW QUESTION 6

You have an Azure subscription that contains the resource groups shown in the following table.
AZ-303 dumps exhibit
You create an Azure Resource Manager template named Template1 as shown in the following exhibit.
AZ-303 dumps exhibit
From the Azure portal, you deploy Template1 four times by using the settings shown in the following table.
AZ-303 dumps exhibit
What is the result of the deployment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
AZ-303 dumps exhibit

NEW QUESTION 7

You have the virtual machines shown in the following table.
AZ-303 dumps exhibit
You deploy an Azure bastion named Bastion1 to VNET1.
To which virtual machines can you connect by using Bastion1?

  • A. VM1 only
  • B. VM1 and VM2 only
  • C. VM2 and VM3 only
  • D. VM1, VM2, and VM3

Answer: C

NEW QUESTION 8

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2021 Datacenter image. You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

  • A. Create a new virtual machine scale set in the Azure portal.
  • B. Create an automation account.
  • C. Upload a configuration script.
  • D. Modify the extensionProfile section of the Azure Resource Manager template.
  • E. Create an Azure policy.

Answer: AD

Explanation:
References:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template

NEW QUESTION 9

A company runs multiple Windows virtual machines (VMs) in Azure.
The IT operations department wants to apply the same policies as they have for on-premises VMs to the VMs running in Azure, including domain administrator permissions and schema extensions.
You need to recommend a solution for the hybrid scenario that minimizes the amount of maintenance required. What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Join the VMs to a new domain controller VM in Azure
Azure provides two solutions for implementing directory and identity services in Azure:
AZ-303 dumps exhibit (Used in this scenario) Extend your existing on-premises Active Directory infrastructure to Azure, by deploying a VM in Azure that runs AD DS as a Domain Controller. This architecture is more common when the on-premises network and the Azure virtual network (VNet) are connected by a VPN or ExpressRoute connection.
AZ-303 dumps exhibit Use Azure AD to create an Active Directory domain in the cloud and connect it to your on-premises Active Directory domain. Azure AD Connect integrates your on-premises directories with Azure AD.
Box 2: Set up VPN connectivity.
This architecture is more common when the on-premises network and the Azure virtual network (VNet) are connected by a VPN or ExpressRoute connection.
References:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/

NEW QUESTION 10

You have an Azure key vault named KV1.
You need to ensure that applications can use KV1 to provision certificates automatically from an external
certification authority (CA).
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. From KV1, create a certificate issuer resource.
  • B. Obtain the CA account credentials.
  • C. Obtain the root CA certificate.
  • D. From KV1, create a certificate signing request (CSR).
  • E. From KV1, create a private key,

Answer: CD

Explanation:
C: Obtain the root CA certificate (step 4 in the picture below)
D: From KV1, create a certificate signing request (CSR) (step 2 in the picture below) Note:
Creating a certificate with a CA not partnered with Key Vault
This method allows working with other CAs than Key Vault's partnered providers, meaning your organization can work with a CA of its choice.
AZ-303 dumps exhibit
The following step descriptions correspond to the green lettered steps in the preceding diagram.
AZ-303 dumps exhibit In the diagram above, your application is creating a certificate, which internally begins by creating a key in your key vault.
AZ-303 dumps exhibit Key Vault returns to your application a Certificate Signing Request (CSR).
AZ-303 dumps exhibit Your application passes the CSR to your chosen CA.
AZ-303 dumps exhibit Your chosen CA responds with an X509 Certificate.
AZ-303 dumps exhibit Your application completes the new certificate creation with a merger of the X509 Certificate from your CA.
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/certificates/certificate-scenarios

NEW QUESTION 11

You have an Azure subscription.
You create a custom role in Azure by using the following Azure Resource Manager template.
AZ-303 dumps exhibit
You assign the role to a user named User1. Which action can User1 perform?

  • A. Delete virtual machines.
  • B. Create resource groups.
  • C. Create virtual machines.
  • D. Create support requests

Answer: D

Explanation:
The "Microsoft.Support/*" operation will allow the user to create support tickets. References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell

NEW QUESTION 12

You are implementing authentication for applications in your company. You plan to implement self-service password reset (SSPR) and multifactor authentication (MFA) in Azure Active Directory (Azure AD).
You need to select authentication mechanisms that can be used for both MFA and SSPR.
Which two authentication methods should you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

  • A. Short Message Service (SMS) messages
  • B. Authentication app
  • C. Email addresses
  • D. Security questions
  • E. App passwords

Answer: AB

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods

NEW QUESTION 13

The developers at your company request that you create databases in Azure Cosmos DB as shown in the following table.
AZ-303 dumps exhibit
You need to create the Azure Cosmos DB databases to meet the developer request. The solution must minimize costs.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Create three Azure Cosmos DB accounts, one for the databases that use the Core (SQL) API, one for CosmosDB2, and one for CosmosDB4.
  • B. Create two Azure Cosmos DB accounts, one for CosmosDB2 and CosmosDB4 and one for CosmosDB1 and CosmosDB3.
  • C. Create one Azure Cosmos DB account for each database.
  • D. Create three Azure Cosmos DB accounts, one for the databases that use the MongoDB API, one for CosmosDB1, and one for CosmosDB3.

Answer: BD

Explanation:
Note:
Microsoft recommends using the same API for all access to the data in a given account.
One throughput provisioned container per subscription for SQL, Gremlin API, and Table accounts. Up to three throughput provisioned collections per subscription for MongoDB accounts.
The throughput provisioned on an Azure Cosmos container is exclusively reserved for that container. The container receives the provisioned throughput all the time.
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/set-throughput#set-throughput-on-a-container

NEW QUESTION 14

You have an Azure subscription that contains the storage accounts shown in the following table.
AZ-303 dumps exhibit
You enable Azure Advanced Threat Protection (ATP) for all the storage accounts. You need to identify which storage accounts will generate Azure ATP alerts.
Which two storage accounts should you identify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

  • A. storagecontoso1
  • B. storagecontoso2
  • C. storagecontoso3
  • D. storagecontoso4
  • E. storaaecontoso5

Answer: AB

Explanation:
Advanced threat protection for Azure Storage is currently available only for Blob Storage.
AZ-303 dumps exhibit
https://docs.microsoft.com/en-us/azure/storage/common/storage-advanced-threat-protection?tabs=azure-portal

NEW QUESTION 15

You have an Azure virtual machine named VM1 and an Azure Active Directory (Azure AD) tenant named adatum.com.
D18912E1457D5D1DDCBD40AB3BF70D5D
VM1 has the following settings:
AZ-303 dumps exhibit IP address: 10.10.0.10
AZ-303 dumps exhibit System-assigned managed identity: On
You need to create a script that will run from within VM1 to retrieve the authentication token of VM1. Which address should you use in the script?

  • A. vm1.adatum.com.onmicrosoft.com
  • B. 169.254.169.254
  • C. 10.10.0.10
  • D. vm1.adatum.com

Answer: B

Explanation:
Your code that's
running on the VM can request a token from the Azure Instance Metadata Service identity endpoint, accessible only from within the VM: http://169.254.169.254/metadata/identity/oauth2/token
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

NEW QUESTION 16

You have an Azure logic app named App1 and an Azure Service Bus queue named Queue1.
You need to ensure that App1 can read messages from Queue1. App1 must authenticate by using Azure Active Directory (Azure AD).
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
On App1: Turn on the managed identity
To use Service Bus with managed identities, you need to assign the identity the role and the appropriate scope. The procedure in this section uses a simple application that runs under a managed identity and accesses Service Bus resources.
Once the application is created, follow these steps:
AZ-303 dumps exhibit Go to Settings and select Identity.
AZ-303 dumps exhibit Select the Status to be On.
AZ-303 dumps exhibit Select Save to save the setting.
On Queue1: Configure Access Control (IAM)
Azure Active Directory (Azure AD) authorizes access rights to secured resources through role-based access control (RBAC). Azure Service Bus defines a set of built-in RBAC roles that encompass common sets of permissions used to access Service Bus entities and you can also define custom roles for accessing the data.
Assign RBAC roles using the Azure portal
In the Azure portal, navigate to your Service Bus namespace. Select Access Control (IAM) on the left menu to display access control settings for the namespace. If you need to create a Service Bus namespace.
Select the Role assignments tab to see the list of role assignments. Select the Add button on the toolbar and then select Add role assignment.
Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/authenticate-application https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-managed-service-identity

NEW QUESTION 17

You have an Azure Active Directory (Azure AD) tenant that contains the user groups shown in the following table.
AZ-303 dumps exhibit
You enable self-service password reset (SSPR) for Group1.
You configure the Notifications settings as shown in the following exhibit.
AZ-303 dumps exhibit
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Yes
Notify all admins when other admins reset their passwords: Yes. Box 2: No
Notify users on password resets: No. Box 3: No
AZ-303 dumps exhibit Notify users on password resets
If this option is set to Yes, then users resetting their password receive an email notifying them that their password has been changed. The email is sent via the SSPR portal to their primary and alternate email addresses that are on file in Azure AD. No one else is notified of the reset event.
AZ-303 dumps exhibit Notify all admins when other admins reset their passwords
If this option is set to Yes, then all administrators receive an email to their primary email address on file in Azure AD. The email notifies them that another administrator has changed their password by using SSPR.
Example: There are four administrators in an environment. Administrator A resets their password by using SSPR. Administrators B, C, and D receive an email alerting them of the password reset.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr

NEW QUESTION 18

You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table:
AZ-303 dumps exhibit
VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and VNet2. An administrator named Admin1 creates an Azure virtual machine VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1.
You need to move the custom application to VNet2. The solution must minimize administrative effort. Which two actions should you perform? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
We cannot just move a virtual machine between networks. What we need to do is identify the disk used by the VM, delete the VM itself while retaining the disk, and recreate the VM in the target virtual network and then attach the original disk to it.
Reference:
https://blogs.technet.microsoft.com/canitpro/2014/06/16/step-by-step-move-a-vm-to-a-different-vnet-on-azure/
https://4sysops.com/archives/move-an-azure-vm-to-another-virtual-network-vnet/#migrate-an-azure-vm-betwee

NEW QUESTION 19

You have the Azure SQL Database servers shown in the following table.
AZ-303 dumps exhibit
You have the Azure SQL databases shown in the following table.
AZ-303 dumps exhibit
You create a failover group named failover1 that has the following settings:
• Primary server: sqlserver1
• Secondary server: sqlserver2
• Read/Write failover policy: Automatic
• Read/Write grace period (hours): 1 hour
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
AZ-303 dumps exhibit

NEW QUESTION 20

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company is deploying an on-premises application named Appl. Users will access App1 by using a URL of https://app1.contoso.com. You register App1 in Azure Active Directory (Azure AD) and publish Appl by using the Azure AD Application Proxy. You need to ensure that Appl appears in the My Apps portal for all the users.
Solution: You create an offer for App1 and publish the offer to Azure Marketplace.

  • A. Yes
  • B. No

Answer: A

NEW QUESTION 21

You have SQL Server on an Azure virtual machine named SQL1.
You need to automate the backup of the databases on SQL1 by using Automated Backup v2 for the virtual machines. The backups must meet the following requirements:
• Meet a recovery point objective (RPO) of 15 minutes.
• Retain the backups for 30 days.
• Encrypt the backups at rest.
What should you provision as part of the backup solution?

  • A. Azure Key Vault
  • B. an Azure Storage account
  • C. a Recovery Services vault
  • D. Elastic Database jobs

Answer: B

Explanation:
An Azure storage account is used for storing Automated Backup files in blob storage. A container is created at this location to store all backup files. The backup file naming convention includes the date, time, and database GUID.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/automated-backup

NEW QUESTION 22

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1. You need to enable multi-factor authentication (MFA) for the users in Group1 only.
Solution: From Multi-Factor Authentication, you select Bulk update, and you provide a CSV file that contains the members of Group1.
Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
We should use a Conditional Access policy.
Note: There are two ways to secure user sign-in events by requiring multi-factor authentication in Azure AD. The first, and preferred, option is to set up a Conditional Access policy that requires multi-factor authentication under certain conditions. The second option is to enable each user for Azure Multi-Factor Authentication. When users are enabled individually, they perform multi-factor authentication each time they sign in (with some exceptions, such as when they sign in from trusted IP addresses or when the remembered devices feature is turned on).
Enabling Azure Multi-Factor Authentication using Conditional Access policies is the recommended approach. Changing user states is no longer recommended unless your licenses don't include Conditional Access as it requires users to perform MFA every time they sign in.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

NEW QUESTION 23

You need to configure the Device settings to meet the technical requirements and the user requirements. Which two settings should you modify? To answer, select the appropriate settings in the answer area.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Selected

NEW QUESTION 24

You need to recommend an identify solution that meets the technical requirements.
What should you recommend?

  • A. federated single-on (SSO) and Active Directory Federation Services (AD FS)
  • B. password hash synchronization and single sign-on (SSO)
  • C. cloud-only user accounts
  • D. Pass-through Authentication and single sign-on (SSO)

Answer: D

Explanation:
Active Directory Federation Services is a feature and web service in the Windows Server Operating System that allows sharing of identity information outside a company’s network.
Scenario: Technical Requirements include:
Prevent user passwords or hashes of passwords from being stored in Azure. References: https://www.sherweb.com/blog/active-directory-federation-services/

NEW QUESTION 25
......

P.S. Dumpscollection.com now are offering 100% pass ensure AZ-303 dumps! All AZ-303 exam questions have been updated with correct answers: https://www.dumpscollection.net/dumps/AZ-303/ (0 New Questions)