The Secret Of Microsoft AZ-303 Exam Dumps

2020 Microsoft Official New Released AZ-303 ♥♥
https://www.certifytools.com/AZ-303-exam.html


we provide Precise Microsoft AZ-303 download which are the best for clearing AZ-303 test, and to get certified by Microsoft Microsoft Azure Architect Technologies (beta). The AZ-303 Questions & Answers covers all the knowledge points of the real AZ-303 exam. Crack your Microsoft AZ-303 Exam with latest dumps, guaranteed!

Free AZ-303 Demo Online For Microsoft Certifitcation:

NEW QUESTION 1

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles. You need to ensure that Admin1 can create access reviews in contoso.com.
Solution: You create an access package. Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
You do not use access packages for Identity Governance. Instead use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
Conduct access reviews to ensure users still need roles References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview

NEW QUESTION 2

You have an Azure subscription that contains 100 virtual machines.
You have a set of Pester tests in PowerShell that validate the virtual machine environment.
You need to run the tests whenever there is an operating system update on the virtual machines. The solution must minimize implementation time and recurring costs.
D18912E1457D5D1DDCBD40AB3BF70D5D
Which three resources should you use to implement the tests? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Azure Automation runbook
  • B. an alert rule
  • C. an Azure Monitor query
  • D. a virtual machine that has network access to the 100 virtual machines
  • E. an alert action group

Answer: ABE

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/automation/automation-create-alert-triggered-runbook https://techsnips.io/snips/how-to-create-and-test-azure-monitor-alerts/?page=13

NEW QUESTION 3

You have an Azure subscription.
You have an on-premises virtual machine named VM1. The settings for VM1 are shown in the exhibit. (Click the Exhibit tab.)
AZ-303 dumps exhibit
You need to ensure that you can use the disks attached to VM1 as a template for Azure virtual machines. What should you modify on VM1?

  • A. the hard drive
  • B. Integration Services
  • C. the memory
  • D. the network adapters
  • E. the processor

Answer: A

Explanation:
From the exhibit we see that the disk is in the VHDX format.
Before you upload a Windows virtual machines (VM) from on-premises to Microsoft Azure, you must prepare the virtual hard disk (VHD or VHDX). Azure supports only generation 1 VMs that are in the VHD file format and have a fixed sized disk. The maximum size allowed for the VHD is 1,023 GB. You can convert a generation 1 VM from the VHDX file system to VHD and from a dynamically expanding disk to fixed-sized.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhd-image?toc=azure virtual-machines windows toc.json

NEW QUESTION 4

: 292 HOTSPOT
From Azure Cosmos DB, you create the containers shown in the following table.
AZ-303 dumps exhibit
You add the following item to Container1.
AZ-303 dumps exhibit
You plan to add items to Azure Cosmos DB as shown in the following table.
AZ-303 dumps exhibit
You need to identify which items can be added successfully to Container1 and Container2.
What should you identify for each container? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
AZ-303 dumps exhibit

NEW QUESTION 5

Your company has an Azure subscription.
You enable multi-factor authentication (MFA) for all users.
The company’s help desk reports an increase in calls from users who receive MFA requests while they work from the company’s main office.
You need to prevent the users from receiving MFA requests when they sign in from the main office. What should you do?

  • A. From Azure Active Directory (Azure AD), configure organizational relationships.
  • B. From the MFA service settings, create a trusted IP range.
  • C. From Conditional access in Azure Active Directory (Azure AD), create a custom control.
  • D. From Conditional access in Azure Active Directory (Azure AD), create a named location.

Answer: B

Explanation:
The first thing you may want to do, before enabling Multi-Factor Authentication for any users, is to consider configuring some of the available settings. One of the most important features is a trusted IPs list. This will allow you to whitelist a range of IPs for your network. This way, when users are in the office, they will not get prompted with MFA, and when they take their devices elsewhere, they will. Here’s how to do it:
Log in to your Azure Portal.
Navigate to Azure AD > Conditional Access > Named locations. From the top toolbar select Configure MFA trusted IPs. References:
https://www.kraftkennedy.com/implementing-azure-multi-factor-authentication/

NEW QUESTION 6

You play to deploy an Azure virtual machine named VM1 by using an Azure Resource Manager template. You need to complete the template.
What should you include in the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Within your template, the dependsOn element enables you to define one resource as a dependent on one or more resources. Its value can be a comma-separated list of resource names.
Box 1: 'Microsoft.Network/networkInterfaces'
This resource is a virtual machine. It depends on two other resources: Microsoft.Storage/storageAccounts Microsoft.Network/networkInterfaces
Box 2: 'Microsoft.Network/virtualNetworks/'
The dependsOn element enables you to define one resource as a dependent on one or more resources. The resource depends on two other resources: Microsoft.Network/publicIPAddresses Microsoft.Network/virtualNetworks
AZ-303 dumps exhibit
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-create-templates-with

NEW QUESTION 7

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server 2019. Server1 is a container host. You are creating a Dockerfile to build a container image.
You need to add a file named File1.txt from Server1 to a folder named C:\Folder1 in the container image. Solution: You add the following line to the Dockerfile.
XCOPY File1.txt C:\Folder1\
You then build the container image. Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
Copy is the correct command to copy a file to the container image. Furthermore, the root directory is specified as '/' and not as 'C:/'.
References:
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy https://docs.docker.com/engine/reference/builder/

NEW QUESTION 8

Your company hosts multiple websites by using Azure virtual machine scale sets (VMSS) that run Internet Information Server (IIS).
All network communications must be secured by using end to end Secure Socket Layer (SSL) encryption. User sessions must be routed to the same server by using cookie-based session affinity.
The image shown depicts the network traffic flow for the websites to the VMSS.
AZ-303 dumps exhibit
Use the drop-down menus to select the answer choice that answers each question.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Azure Application Gateway
You can create an application gateway with URL path-based redirection using Azure PowerShell. Box 2: Path-based redirection and Websockets
Reference:
https://docs.microsoft.com/bs-latn-ba/azure//application-gateway/tutorial-url-redirect-powershell

NEW QUESTION 9

A company hosts virtual machines (VMs) in an on-premises datacenter and in Azure. The on-premises and Azure-based VMs communicate using ExpressRoute.
The company wants to be able to continue regular operations if the ExpressRoute connection fails. Failover connections must use the Internet and must not require Multiprotocol Label Switching (MPLS) support.
You need to recommend a solution that provides continued operations. What should you recommend?

  • A. Set up a second ExpressRoute connection.
  • B. Increase the bandwidth of the existing ExpressRoute connection.
  • C. Increase the bandwidth for the on-premises internet connection.
  • D. Set up a VPN connection.

Answer: D

Explanation:

References:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/expressroutevpn-

NEW QUESTION 10

Your network contains an on-premises Active Directory domain named contoso.com that contains a user named User1. The domain syncs to Azure Active Directory (Azure AD). You have the Windows 10 devices shown in the following table.
AZ-303 dumps exhibit
The User Sign-In settings are configured as shown in the following exhibit.
AZ-303 dumps exhibit
AZ-303 dumps exhibit
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
AZ-303 dumps exhibit

NEW QUESTION 11

You have an Azure subscription that contains multiple resource groups. You create an availability set as shown in the following exhibit.
AZ-303 dumps exhibit
You deploy 10 virtual machines to AS1.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: 6
Two out of three update domains would be available, each with at least 3 VMs.
An update domain is a group of VMs and underlying physical hardware that can be rebooted at the same time. As you create VMs within an availability set, the Azure platform automatically distributes your VMs across these update domains. This approach ensures that at least one instance of your application always remains running as the Azure platform undergoes periodic maintenance.
Box 2: the West Europe region and the RG1 resource group References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/regions-and-availability

NEW QUESTION 12

You have an Azure subscription that contains the Azure SQL servers shown in the following table.
AZ-303 dumps exhibit
The subscription contains the elastic pool shown in the following table.
AZ-303 dumps exhibit
The subscription contains the Azure SQL databases shown in the following table.
AZ-303 dumps exhibit
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Note: You cannot add databases from different servers into the same pool Box 1: Yes
Pool2 contains DB2 but DB1 and DB2 are on Sql1. DB1 can thus be added to Pool2. Box 2: Yes
Pool3 is empty. Box 3: Yes
Pool1 contains DB1 but DB3 and DB1 are on Sql1. DB3 can thus be added to Pool1. References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-elastic-pool

NEW QUESTION 13

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company is deploying an on-premises application named Appl. Users will access App1 by using a URL of https://app1.contoso.com. You register App1 in Azure Active Directory (Azure AD) and publish Appl by using the Azure AD Application Proxy. You need to ensure that Appl appears in the My Apps portal for all the users.
Solution: You create a conditional access policy for App1.

  • A. Yes
  • B. No

Answer: B

NEW QUESTION 14

You have an Azure subscription that contains the storage accounts shown in the following table.
AZ-303 dumps exhibit
You enable Azure Advanced Threat Protection (ATP) for all the storage accounts. You need to identify which storage accounts will generate Azure ATP alerts.
Which two storage accounts should you identify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

  • A. storagecontoso1
  • B. storagecontoso2
  • C. storagecontoso3
  • D. storagecontoso4
  • E. storaaecontoso5

Answer: AB

Explanation:
Advanced threat protection for Azure Storage is currently available only for Blob Storage.
AZ-303 dumps exhibit
https://docs.microsoft.com/en-us/azure/storage/common/storage-advanced-threat-protection?tabs=azure-portal

NEW QUESTION 15

You have an Azure virtual machine named VM1 and an Azure Active Directory (Azure AD) tenant named adatum.com.
D18912E1457D5D1DDCBD40AB3BF70D5D
VM1 has the following settings:
AZ-303 dumps exhibit IP address: 10.10.0.10
AZ-303 dumps exhibit System-assigned managed identity: On
You need to create a script that will run from within VM1 to retrieve the authentication token of VM1. Which address should you use in the script?

  • A. vm1.adatum.com.onmicrosoft.com
  • B. 169.254.169.254
  • C. 10.10.0.10
  • D. vm1.adatum.com

Answer: B

Explanation:
Your code that's
running on the VM can request a token from the Azure Instance Metadata Service identity endpoint, accessible only from within the VM: http://169.254.169.254/metadata/identity/oauth2/token
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

NEW QUESTION 16

You create a new Azure subscription. You create a resource group named RG1. In RG1. you create the resources shown in the following table.
AZ-303 dumps exhibit
You need to configure an encrypted tunnel between your on-premises network and VNET1.
Which two additional resources should you create in Azure? Each correct answer presents part of the solution.

  • A. a point-to-site configuration
  • B. a local network gateway
  • C. a VNet-to-VNet connection
  • D. a VPN gateway
  • E. a site-to-site connection

Answer: DE

Explanation:
A Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device, a local network gateway, located on-premises that has an externally facing public IP address assigned to it.
Finally, create a Site-to-Site VPN connection between your virtual network gateway and your on-premises VPN device.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

NEW QUESTION 17

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server 2019. Server1 is a container host. You are creating a Dockerfile to build a container image.
You need to add a file named File1.txt from Server1 to a folder named C:\Folder1 in the container image. Solution: You add the following line to the Dockerfile.
COPY File1.txt /Folder1/
You then build the container image. Does this meet the goal?

  • A. Yes
  • B. No

Answer: A

Explanation:
Copy is the correct command to copy a file to the container image. References:
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy https://docs.docker.com/engine/reference/builder/

NEW QUESTION 18

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1. You need to enable multi-factor authentication (MFA) for the users in Group1 only.
Solution: From the Azure portal, you configure an authentication method policy. Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
We should use a Conditional Access policy.
Note: There are two ways to secure user sign-in events by requiring multi-factor authentication in Azure AD. The first, and preferred, option is to set up a Conditional Access policy that requires multi-factor authentication under certain conditions. The second option is to enable each user for Azure Multi-Factor Authentication. When users are enabled individually, they perform multi-factor authentication each time they sign in (with some exceptions, such as when they sign in from trusted IP addresses or when the remembered devices feature is turned on).
Enabling Azure Multi-Factor Authentication using Conditional Access policies is the recommended approach. Changing user states is no longer recommended unless your licenses don't include Conditional Access as it requires users to perform MFA every time they sign in.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

NEW QUESTION 19

You are developing an Azure Web App. You configure TLS mutual authentication for the web app.
You need to validate the client certificate in the web app. To answer, select the appropriate options in the answer area.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
AZ-303 dumps exhibit

NEW QUESTION 20

You plan to create an Azure Storage account in the Azure region of East US 2. You need to create a storage account that meets the following requirements:
AZ-303 dumps exhibit Replicates synchronously
AZ-303 dumps exhibit Remains available if a single data center in the region fails
How should you configure the storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2) ZRS only support GPv2.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs

NEW QUESTION 21

You create a virtual machine scale set named Scale1. Scale1 is configured as shown in the following exhibit. The subscription contains the Azure SQL databases shown in the following table.
AZ-303 dumps exhibit
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1:
The Autoscale scale out rule increases the number of VMs by 2 if the CPU threshold is 80% or higher. The initial instance count is 4 and rises to 6 when the 2 extra instances of VMs are added.
Box 2:
The Autoscale scale in rule decreases the number of VMs by 4 if the CPU threshold is 30% or lower. The initial instance count is 4 and thus cannot be reduced to 0 as the minimum instances is set to 2. Instances are only added when the CPU threshold reaches 80%.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-overview
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-best-practices https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-common-scale-patterns

NEW QUESTION 22

You are planning the move of App1 to Azure. You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1. What should you recommend?

  • A. Create an outgoing security rule for port 443 from the Interne
  • B. Associate the NSG to all the subnets.
  • C. Create an incoming security rule for port 443 from the Interne
  • D. Associate the NSG to all the subnets.
  • E. Create an incoming security rule for port 443 from the Interne
  • F. Associate the NSG to the subnet that contains the web servers.
  • G. Create an outgoing security rule for port 443 from the Interne
  • H. Associate the NSG to the subnet that contains the web servers.

Answer: C

Explanation:
As App1 is public-facing we need an incoming security rule, related to the access of the web servers. Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: a SQL database, a web front end, and a processing middle tier.
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

NEW QUESTION 23

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server 2019. Server1 is a container host. You are creating a Dockerfile to build a container image.
You need to add a file named File1.txt from Server1 to a folder named C:\Folder1 in the container image. Solution: You add the following line to the Dockerfile.
ADD File1.txt C:/Folder1/
You then build the container image. Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
Copy is the correct command to copy a file to the container image. The ADD command can also be used. However, the root directory is specified as '/' and not as 'C:/'.
Reference:
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy https://docs.docker.com/engine/reference/builder/

NEW QUESTION 24
......

P.S. 2passeasy now are offering 100% pass ensure AZ-303 dumps! All AZ-303 exam questions have been updated with correct answers: https://www.2passeasy.com/dumps/AZ-303/ (0 New Questions)