Renewal Microsoft Azure Architect Technologies (beta) AZ-303 Exam Prep

Actualtests AZ-303 Questions are updated and all AZ-303 answers are verified by experts. Once you have completely prepared with our AZ-303 exam prep kits you will be ready for the real AZ-303 exam without a problem. We have Up to the minute Microsoft AZ-303 dumps study guide. PASSED AZ-303 First attempt! Here What I Did.

Also have AZ-303 free dumps questions for you:

NEW QUESTION 1

You have an Azure subscription.
You create a custom role in Azure by using the following Azure Resource Manager template.
AZ-303 dumps exhibit
You assign the role to a user named User1. Which action can User1 perform?

  • A. Delete virtual machines.
  • B. Create resource groups.
  • C. Create virtual machines.
  • D. Create support requests

Answer: D

Explanation:
The "Microsoft.Support/*" operation will allow the user to create support tickets. References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell

NEW QUESTION 2

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles. You need to ensure that Admin1 can create access reviews in contoso.com.
Solution: You create an access package. Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
You do not use access packages for Identity Governance. Instead use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
Conduct access reviews to ensure users still need roles References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview

NEW QUESTION 3

Your company has an Azure subscription.
You enable multi-factor authentication (MFA) for all users.
The company’s help desk reports an increase in calls from users who receive MFA requests while they work from the company’s main office.
You need to prevent the users from receiving MFA requests when they sign in from the main office. What should you do?

  • A. From Azure Active Directory (Azure AD), configure organizational relationships.
  • B. From the MFA service settings, create a trusted IP range.
  • C. From Conditional access in Azure Active Directory (Azure AD), create a custom control.
  • D. From Conditional access in Azure Active Directory (Azure AD), create a named location.

Answer: B

Explanation:
The first thing you may want to do, before enabling Multi-Factor Authentication for any users, is to consider configuring some of the available settings. One of the most important features is a trusted IPs list. This will allow you to whitelist a range of IPs for your network. This way, when users are in the office, they will not get prompted with MFA, and when they take their devices elsewhere, they will. Here’s how to do it:
Log in to your Azure Portal.
Navigate to Azure AD > Conditional Access > Named locations. From the top toolbar select Configure MFA trusted IPs. References:
https://www.kraftkennedy.com/implementing-azure-multi-factor-authentication/

NEW QUESTION 4

You have a virtual network named VNet1 as shown in the exhibit.
AZ-303 dumps exhibit
No devices are connected to VNet1.
You plan to peer VNet1 to another virtual network named Vnet2 in the same region. VNet2 has an address space of 10.2.0.0/16.
You need to create the peering. What should you do first?

  • A. Modify the address space of VNet1.
  • B. Configure a service endpoint on VNet2
  • C. Add a gateway subnet to VNet1.
  • D. Create a subnet on VNet1 and VNet2.

Answer: A

Explanation:
The virtual networks you peer must have non-overlapping IP address spaces. References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-cons

NEW QUESTION 5

You have an Azure virtual machine named VM1 and an Azure Active Directory (Azure AD) tenant named adatum.com.
D18912E1457D5D1DDCBD40AB3BF70D5D
VM1 has the following settings:
AZ-303 dumps exhibit IP address: 10.10.0.10
AZ-303 dumps exhibit System-assigned managed identity: On
You need to create a script that will run from within VM1 to retrieve the authentication token of VM1. Which address should you use in the script?

  • A. vm1.adatum.com.onmicrosoft.com
  • B. 169.254.169.254
  • C. 10.10.0.10
  • D. vm1.adatum.com

Answer: B

Explanation:
Your code that's
running on the VM can request a token from the Azure Instance Metadata Service identity endpoint, accessible only from within the VM: http://169.254.169.254/metadata/identity/oauth2/token
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

NEW QUESTION 6

You create an Azure virtual machine named VM1 in a resource group named RG1. You discover that VM1 performs slower than expected.
You need to capture a network trace on VM1. What should you do?

  • A. From Diagnostic settings for VM1. configure the performance counters to include network counters.
  • B. From the VM1 blade, configure Connection troubleshoot.
  • C. From the VM1 blade, install performance diagnostics and run advanced performance analysis
  • D. From Diagnostic settings for VM1, configure the log level of the diagnostic agent.

Answer: C

Explanation:
The performance diagnostics tool helps you troubleshoot performance issues that can affect a Windows or Linux virtual machine (VM). Supported troubleshooting scenarios include quick checks on known issues and best practices, and complex problems that involve slow VM performance or high usage of CPU, disk space, or memory.
Advanced performance analysis, included in the performance diagnostics tool, includes all checks in the performance analysis, and collects one or more of the traces, as listed in the following sections. Use this scenario to troubleshoot complex issues that require additional traces. Running this scenario for longer periods will increase the overall size of diagnostics output, depending on the size of the VM and the trace options that are selected.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/performance-diagnostics

NEW QUESTION 7

You have an Azure Active Directory (Azure AD) tenant linked to an Azure subscription. The tenant contains a group named Admins.
You need to prevent users, except for the members of Admins, from using the Azure portal and Azure PowerShell to access the subscription.
What should you do?

  • A. From Azure AD, configure the User settings.
  • B. From the Azure subscription, assign an Azure policy.
  • C. From Azure AD, create a conditional access policy.
  • D. From the Azure subscription, configure Access control (IAM).

Answer: D

NEW QUESTION 8

An administrator plans to create a function app in Azure that will have the following settings:
AZ-303 dumps exhibit Runtime stack: .NET Core
AZ-303 dumps exhibit Operating System: Linux
AZ-303 dumps exhibit Plan type: Consumption
AZ-303 dumps exhibit Enable Application Insights: Yes
You need to ensure that you can back up the function app.
Which settings should you recommend changing before creating the function app? D18912E1457D5D1DDCBD40AB3BF70D5D

  • A. Runtime stack
  • B. Enable Application Insights
  • C. Operating System
  • D. Plan type

Answer: D

Explanation:
The Backup and Restore feature requires the App Service plan to be in the Standard, Premium or Isolated tier. Reference:
https://docs.microsoft.com/en-us/azure/app-service/manage-backup#requirements-and-restrictions

NEW QUESTION 9

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.
AZ-303 dumps exhibit
You plan to install Azure AD Connect and enable SSO.
You need to specify which user to use to enable SSO. The solution must use the principle of least privilege. Which user should you specify?

  • A. User4
  • B. User1
  • C. User3
  • D. User2

Answer: C

NEW QUESTION 10

You have an Azure subscription that contains an Azure Log Analytics workspace. You have a resource group that contains 100 virtual machines. The virtual machines run Linux. You need to collect events from the virtual machines to the Log Analytics workspace. Which type of data source should you configure in the workspace?

  • A. Syslog
  • B. Linux performance counters
  • C. custom fields

Answer: A

Explanation:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-azurevm
Syslog is an event logging protocol that is common to Linux. Applications will send messages that may be stored on the local machine or delivered to a Syslog collector. When the Log Analytics agent for Linux is installed, it configures the local Syslog daemon to forward messages to the agent. The agent then sends the message to Azure Monitor where a corresponding record is created.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs

NEW QUESTION 11

You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table:
AZ-303 dumps exhibit
VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and VNet2. An administrator named Admin1 creates an Azure virtual machine VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1.
You need to move the custom application to VNet2. The solution must minimize administrative effort. Which two actions should you perform? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
We cannot just move a virtual machine between networks. What we need to do is identify the disk used by the VM, delete the VM itself while retaining the disk, and recreate the VM in the target virtual network and then attach the original disk to it.
Reference:
https://blogs.technet.microsoft.com/canitpro/2014/06/16/step-by-step-move-a-vm-to-a-different-vnet-on-azure/
https://4sysops.com/archives/move-an-azure-vm-to-another-virtual-network-vnet/#migrate-an-azure-vm-betwee

NEW QUESTION 12

A company hosts virtual machines (VMs) in an on-premises datacenter and in Azure. The on-premises and Azure-based VMs communicate using ExpressRoute.
The company wants to be able to continue regular operations if the ExpressRoute connection fails. Failover connections must use the Internet and must not require Multiprotocol Label Switching (MPLS) support.
You need to recommend a solution that provides continued operations. What should you recommend?

  • A. Set up a second ExpressRoute connection.
  • B. Increase the bandwidth of the existing ExpressRoute connection.
  • C. Increase the bandwidth for the on-premises internet connection.
  • D. Set up a VPN connection.

Answer: D

Explanation:

References:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/expressroutevpn-

NEW QUESTION 13

You have an Azure subscription that contains the storage accounts shown in the following table.
AZ-303 dumps exhibit
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
AZ-303 dumps exhibit

NEW QUESTION 14

You have the Azure SQL Database servers shown in the following table.
AZ-303 dumps exhibit
You have the Azure SQL databases shown in the following table.
AZ-303 dumps exhibit
You create a failover group named failover1 that has the following settings:
• Primary server: sqlserver1
• Secondary server: sqlserver2
• Read/Write failover policy: Automatic
• Read/Write grace period (hours): 1 hour
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
AZ-303 dumps exhibit

NEW QUESTION 15

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles. You need to ensure that Admin1 can create access reviews in contoso.com.
Solution: You assign the Service administrator role to Admin1. Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
Instead use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
AZ-303 dumps exhibit Conduct access reviews to ensure users still need roles References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

NEW QUESTION 16

You need to move the blueprint files to Azure. What should you do?

  • A. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.
  • B. Use the Azure Import/Export service.
  • C. Generate an access ke
  • D. Map a drive, and then copy the files by using File Explorer.
  • E. Use Azure Storage Explorer to copy the files.

Answer: D

Explanation:
Azure Storage Explorer is a free tool from Microsoft that allows you to work with Azure Storage data on Windows, macOS, and Linux. You can use it to upload and download data from Azure blob storage.
Scenario:
Planned Changes include: move the existing product blueprint files to Azure Blob storage. Technical Requirements include: Copy the blueprint files to Azure over the Internet. References:
https://docs.microsoft.com/en-us/azure/machine-learning/team-data-science-process/move-data-to-azure-blob-us

NEW QUESTION 17

You plan to create an Azure Storage account named storage! that will store blobs and be accessed by Azure Databricks.
You need to ensure that you can set permissions for individual blobs by using Azure Active Directory (Azure AD) authentication.
Which Advanced setting should you enable for storage1?

  • A. Hierarchical namespace
  • B. Large file shares
  • C. Blob soft delete
  • D. NFSv3

Answer: C

NEW QUESTION 18

You have several Azure virtual machines on a virtual network named VNet1. You configure an Azure Storage account as shown in the following exhibit.
AZ-303 dumps exhibit
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Never
Box 2: Never
After you configure firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an exception to enable Azure Backup service to access the network restricted storage account.
AZ-303 dumps exhibit
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows https://azure.microsoft.com/en-us/blog/azure-backup-now-supports-storage-accounts-secured-with-azure-storage

NEW QUESTION 19

You plan to create an Azure Storage account in the Azure region of East US 2. You need to create a storage account that meets the following requirements:
AZ-303 dumps exhibit Replicates synchronously
AZ-303 dumps exhibit Remains available if a single data center in the region fails
How should you configure the storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2) ZRS only support GPv2.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs

NEW QUESTION 20

You have three Azure SQL Database servers shown in the following table.
AZ-303 dumps exhibit
You plan to specify sqlserver1 as the primary server in a failover group. Which servers can be used as a secondary server?

  • A. sqlserver4 and sqlserver5 only
  • B. sqlserver2 and sqlserver3 only
  • C. sqlserver1 and sqlserver3 only
  • D. sqlserver2 and sqlserver4 only

Answer: D

Explanation:
The Resource Group must be the same.
The secondary server can have another location.
The secondary server cannot be the same as the primary server. Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/auto-failover-group-configure

NEW QUESTION 21

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using Azure ExpressRoute.
You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Create a VPN gateway that uses the VpnGw1 SKU.
  • B. Create a connection.
  • C. Create a local site VPN gateway.
  • D. Create a gateway subnet.
  • E. Create a VPN gateway that uses the Basic SKU.

Answer: ABC

Explanation:
References:
https://docs.microsoft.com/en-za/archive/blogs/canitpro/step-by-step-configuring-a-site-to-site-vpn-gateway-bet

NEW QUESTION 22

You have an Azure subscription that contains the resources shown in the following table.
AZ-303 dumps exhibit
In RG2, you need to create a new virtual machine named VM2 that will connect to VNET1. VM2 will use a network interface named VM2_Interface.
In which region should you create VM2 and VM2_Interface? To answer, drag the appropriate regions to the correct targets. Each region may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
VM2: West US
In RG2, which is in West US, you need to create a new virtual machine named VM2. VM2_interface: East US
VM2 will use a network interface named VM2_Interface to connect to VNET1, which is in East US. References:
https://docs.microsoft.com/en-us/azure/virtual-network/associate-public-ip-address-vm

NEW QUESTION 23

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company is deploying an on-premises application named Appl. Users will access App1 by using a URL of https://app1.contoso.com. You register App1 in Azure Active Directory (Azure AD) and publish Appl by using the Azure AD Application Proxy. You need to ensure that Appl appears in the My Apps portal for all the users.
Solution: You create an offer for App1 and publish the offer to Azure Marketplace.

  • A. Yes
  • B. No

Answer: A

NEW QUESTION 24

You have an Azure subscription that contains 10 virtual machines on a virtual network.
You need to create a graph visualization to display the traffic flow between the virtual machines. What should you do from Azure Monitor?

  • A. From Activity log, use quick insights.
  • B. From Metrics, create a chart.
  • C. From Logs, create a new query.
  • D. From Workbooks, create a workbook.

Answer: C

Explanation:
Navigate to Azure Monitor and select Logs to begin querying the data Reference:
https://azure.microsoft.com/en-us/blog/analysis-of-network-connection-data-with-azure-monitor-for-virtual-mac

NEW QUESTION 25
......

Recommend!! Get the Full AZ-303 dumps in VCE and PDF From DumpSolutions.com, Welcome to Download: https://www.dumpsolutions.com/AZ-303-dumps/ (New 0 Q&As Version)