Top Tips Of Improve AZ-303 Vce

Actualtests offers free demo for AZ-303 exam. "Microsoft Azure Architect Technologies (beta)", also known as AZ-303 exam, is a Microsoft Certification. This set of posts, Passing the Microsoft AZ-303 exam, will help you answer those questions. The AZ-303 Questions & Answers covers all the knowledge points of the real exam. 100% real Microsoft AZ-303 exams and revised by experts!

Free demo questions for Microsoft AZ-303 Exam Dumps Below:

NEW QUESTION 1

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1. You need to enable multi-factor authentication (MFA) for the users in Group1 only.
Solution: From the Azure portal, you configure an authentication method policy. Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
We should use a Conditional Access policy.
Note: There are two ways to secure user sign-in events by requiring multi-factor authentication in Azure AD. The first, and preferred, option is to set up a Conditional Access policy that requires multi-factor authentication under certain conditions. The second option is to enable each user for Azure Multi-Factor Authentication. When users are enabled individually, they perform multi-factor authentication each time they sign in (with some exceptions, such as when they sign in from trusted IP addresses or when the remembered devices feature is turned on).
Enabling Azure Multi-Factor Authentication using Conditional Access policies is the recommended approach. Changing user states is no longer recommended unless your licenses don't include Conditional Access as it requires users to perform MFA every time they sign in.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

NEW QUESTION 2

You have an Azure subscription that contains 10 virtual machines on a virtual network.
You need to create a graph visualization to display the traffic flow between the virtual machines. What should you do from Azure Monitor?

  • A. From Activity log, use quick insights.
  • B. From Metrics, create a chart.
  • C. From Logs, create a new query.
  • D. From Workbooks, create a workbook.

Answer: C

Explanation:
Navigate to Azure Monitor and select Logs to begin querying the data Reference:
https://azure.microsoft.com/en-us/blog/analysis-of-network-connection-data-with-azure-monitor-for-virtual-mac

NEW QUESTION 3

You have an Azure subscription that contains the resource groups shown in the following table.
AZ-303 dumps exhibit
You create an Azure Resource Manager template named Template1 as shown in the following exhibit.
AZ-303 dumps exhibit
From the Azure portal, you deploy Template1 four times by using the settings shown in the following table.
AZ-303 dumps exhibit
What is the result of the deployment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
AZ-303 dumps exhibit

NEW QUESTION 4

You have a virtual network named VNet1 as shown in the exhibit.
AZ-303 dumps exhibit
No devices are connected to VNet1.
You plan to peer VNet1 to another virtual network named Vnet2 in the same region. VNet2 has an address space of 10.2.0.0/16.
You need to create the peering. What should you do first?

  • A. Modify the address space of VNet1.
  • B. Configure a service endpoint on VNet2
  • C. Add a gateway subnet to VNet1.
  • D. Create a subnet on VNet1 and VNet2.

Answer: A

Explanation:
The virtual networks you peer must have non-overlapping IP address spaces. References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-cons

NEW QUESTION 5

You need to move the blueprint files to Azure. What should you do?

  • A. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.
  • B. Use the Azure Import/Export service.
  • C. Generate an access ke
  • D. Map a drive, and then copy the files by using File Explorer.
  • E. Use Azure Storage Explorer to copy the files.

Answer: D

Explanation:
Azure Storage Explorer is a free tool from Microsoft that allows you to work with Azure Storage data on Windows, macOS, and Linux. You can use it to upload and download data from Azure blob storage.
Scenario:
Planned Changes include: move the existing product blueprint files to Azure Blob storage. Technical Requirements include: Copy the blueprint files to Azure over the Internet. References:
https://docs.microsoft.com/en-us/azure/machine-learning/team-data-science-process/move-data-to-azure-blob-us

NEW QUESTION 6

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server 2019. Server1 is a container host. You are creating a Dockerfile to build a container image.
You need to add a file named File1.txt from Server1 to a folder named C:\Folder1 in the container image. Solution: You add the following line to the Dockerfile.
Copy-Item File1.txt C:\Folder1\File1.txt You then build the container image. Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
Copy-Item is not supported. Copy is the correct command to copy a file to the container image. References:
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy https://docs.docker.com/engine/reference/builder/

NEW QUESTION 7

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles. You need to ensure that Admin1 can create access reviews in contoso.com.
Solution: You create an access package. Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
You do not use access packages for Identity Governance. Instead use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
Conduct access reviews to ensure users still need roles References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview

NEW QUESTION 8

You have an Azure subscription.
You plan to deploy an app that has a web front end and an application tier.
You need to recommend a load balancing solution that meets the following requirements:
AZ-303 dumps exhibit Internet to web tier:
- Provides URL-based routing
- Supports connection draining
- Prevents SQL injection attacks
AZ-303 dumps exhibit Web tier to application tier:
- Provides port forwarding
- Supports HTTPS health probes
- Supports an availability set as a backend pool
Which load balancing solution should you recommend for each tier? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: An Azure Application Gateway that has a web application firewall (WAF)
Azure Application Gateway offers a web application firewall (WAF) that provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities. SQL injection and cross-site scripting are among the most common attacks.
Application Gateway operates as an application delivery controller (ADC). It offers Secure Sockets Layer (SSL) termination, cookie-based session affinity, round-robin load distribution, content-based routing, ability to host multiple websites, and security enhancements.
Box 2: An internal Azure Standard Load Balancer
The internet to web tier is the public interface, while the web tier to application tier should be internal. Note: When using load-balancing rules with Azure Load Balancer, you need to specify a health probes to
allow Load Balancer to detect the backend endpoint status.
Health probes support the TCP, HTTP, HTTPS protocols. References:
https://docs.microsoft.com/en-us/azure/application-gateway/waf-overview https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview

NEW QUESTION 9

You have 10 Azure virtual machines on a subnet named Subnet1. Subnet1 is on a virtual network named VNet1.
You plan to deploy a public Azure Standard Load Balancer named LB1 to the same Azure region as the 10 virtual machines.
You need to ensure that traffic from all the virtual machines to the internet flows through LB1. The solution must prevent the virtual machines from being accessible on the internet.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Add health probes to LB1.
  • B. Add the network interfaces of the virtual machines to the backend pool of LB1.
  • C. Add an inbound rule to LB1.
  • D. Add an outbound rule to LB1.
  • E. Associate a network security group (NSG) to Subnet1.
  • F. Associate a user-defined route to Subnet1.

Answer: ABD

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-standard-manage-portal2

NEW QUESTION 10

A company hosts virtual machines (VMs) in an on-premises datacenter and in Azure. The on-premises and Azure-based VMs communicate using ExpressRoute.
The company wants to be able to continue regular operations if the ExpressRoute connection fails. Failover connections must use the Internet and must not require Multiprotocol Label Switching (MPLS) support.
You need to recommend a solution that provides continued operations. What should you recommend?

  • A. Set up a second ExpressRoute connection.
  • B. Increase the bandwidth of the existing ExpressRoute connection.
  • C. Increase the bandwidth for the on-premises internet connection.
  • D. Set up a VPN connection.

Answer: D

Explanation:

References:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/expressroutevpn-

NEW QUESTION 11

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server 2019. Server1 is a container host. You are creating a Dockerfile to build a container image.
You need to add a file named File1.txt from Server1 to a folder named C:\Folder1 in the container image. Solution: You add the following line to the Dockerfile.
COPY File1.txt /Folder1/
You then build the container image. Does this meet the goal?

  • A. Yes
  • B. No

Answer: A

Explanation:
Copy is the correct command to copy a file to the container image. References:
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy https://docs.docker.com/engine/reference/builder/

NEW QUESTION 12

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles. You need to ensure that Admin1 can create access reviews in contoso.com.
Solution: You assign the Service administrator role to Admin1. Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
Instead use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
AZ-303 dumps exhibit Conduct access reviews to ensure users still need roles References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

NEW QUESTION 13

You need to implement a backup solution for App1 after the application is moved. What should you create first?

  • A. a recovery plan
  • B. an Azure Backup Server
  • C. a backup policy
  • D. a Recovery Services vault

Answer: D

Explanation:
A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure VMs. When the backup job for a protected resource runs, it creates a recovery point inside the Recovery Services vault.
Scenario:
There are three application tiers, each with five virtual machines. Move all the virtual machines for App1 to Azure.
Ensure that all the virtual machines for App1 are protected by backups.
References: https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal

NEW QUESTION 14

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image. You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

  • A. Create a new virtual machine scale set in the Azure portal.
  • B. Create an automation account.
  • C. Upload a configuration script.
  • D. Modify the extensionProfile section of the Azure Resource Manager template.
  • E. Create an Azure policy.

Answer: AD

Explanation:
References:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template

NEW QUESTION 15

Your company has an Azure subscription.
You enable multi-factor authentication (MFA) for all users.
The company’s help desk reports an increase in calls from users who receive MFA requests while they work from the company’s main office.
You need to prevent the users from receiving MFA requests when they sign in from the main office. What should you do?

  • A. From Azure Active Directory (Azure AD), configure organizational relationships.
  • B. From the MFA service settings, create a trusted IP range.
  • C. From Conditional access in Azure Active Directory (Azure AD), create a custom control.
  • D. From Conditional access in Azure Active Directory (Azure AD), create a named location.

Answer: B

Explanation:
The first thing you may want to do, before enabling Multi-Factor Authentication for any users, is to consider configuring some of the available settings. One of the most important features is a trusted IPs list. This will allow you to whitelist a range of IPs for your network. This way, when users are in the office, they will not get prompted with MFA, and when they take their devices elsewhere, they will. Here’s how to do it:
Log in to your Azure Portal.
Navigate to Azure AD > Conditional Access > Named locations. From the top toolbar select Configure MFA trusted IPs. References:
https://www.kraftkennedy.com/implementing-azure-multi-factor-authentication/

NEW QUESTION 16

You create the Azure resources shown in the following table.
AZ-303 dumps exhibit
You attempt to add a role assignment to a resource group as shown in the following exhibit.
AZ-303 dumps exhibit
AZ-303 dumps exhibit
What should you do to ensure that you can assign VM2 the Reader role for the resource group?

  • A. Modify the Reader role at the subscription level.
  • B. Configure just in time (JIT) VM access on VM2.
  • C. Configure Access control (IAM) on VM2.
  • D. Assign a managed identity to VM2.

Answer: D

NEW QUESTION 17

You have an Azure key vault named KV1.
You need to ensure that applications can use KV1 to provision certificates automatically from an external
certification authority (CA).
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. From KV1, create a certificate issuer resource.
  • B. Obtain the CA account credentials.
  • C. Obtain the root CA certificate.
  • D. From KV1, create a certificate signing request (CSR).
  • E. From KV1, create a private key,

Answer: CD

Explanation:
C: Obtain the root CA certificate (step 4 in the picture below)
D: From KV1, create a certificate signing request (CSR) (step 2 in the picture below) Note:
Creating a certificate with a CA not partnered with Key Vault
This method allows working with other CAs than Key Vault's partnered providers, meaning your organization can work with a CA of its choice.
AZ-303 dumps exhibit
The following step descriptions correspond to the green lettered steps in the preceding diagram.
AZ-303 dumps exhibit In the diagram above, your application is creating a certificate, which internally begins by creating a key in your key vault.
AZ-303 dumps exhibit Key Vault returns to your application a Certificate Signing Request (CSR).
AZ-303 dumps exhibit Your application passes the CSR to your chosen CA.
AZ-303 dumps exhibit Your chosen CA responds with an X509 Certificate.
AZ-303 dumps exhibit Your application completes the new certificate creation with a merger of the X509 Certificate from your CA.
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/certificates/certificate-scenarios

NEW QUESTION 18

You have a web server app named App1 that is hosted in three Azure regions. You plan to use Azure Traffic Manager to distribute traffic optimally for App1.
You need to enable Real User Measurements to monitor the network latency data for App1. What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
AZ-303 dumps exhibit

  • A. Mastered
  • B. Not Mastered

Answer: A

Explanation:
Box 1: Select Generate key
You can configure your web pages to send Real User Measurements to Traffic Manager by obtaining a Real User Measurements (RUM) key and embedding the generated code to web page.
Obtain a Real User Measurements key
The measurements you take and send to Traffic Manager from your client application are identified by the service using a unique string, called the Real User Measurements (RUM) Key. You can get a RUM key using the Azure portal, a REST API, or by using the PowerShell or Azure CLI.
To obtain the RUM Key using Azure portal:
AZ-303 dumps exhibit From a browser, sign in to the Azure portal. If you don’t already have an account, you can sign up for a free one-month trial.
AZ-303 dumps exhibit In the portal’s search bar, search for the Traffic Manager profile name that you want to modify, and then click the Traffic Manager profile in the results that the displayed.
AZ-303 dumps exhibit In the Traffic Manager profile blade, click Real User Measurements under Settings.
AZ-303 dumps exhibit Click Generate Key to create a new RUM Key.
Box 2: Embed the Traffic Manager JavaScript code snippet. Embed the code to an HTML web page
After you have obtained the RUM key, the next step is to embed this copied JavaScript into an HTML page that your end users visit.
This example shows how to update an HTML page to add this script. You can use this guidance to adapt it to your HTML source management workflow.
AZ-303 dumps exhibit Open the HTML page in a text editor
AZ-303 dumps exhibit Paste the JavaScript code you had copied in the earlier step to the BODY section of the HTML (the copied code is on line 8 & 9, see figure 3).
AZ-303 dumps exhibit
Reference:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-create-rum-web-pages

NEW QUESTION 19

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using Azure ExpressRoute.
You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Create a VPN gateway that uses the VpnGw1 SKU.
  • B. Create a connection.
  • C. Create a local site VPN gateway.
  • D. Create a gateway subnet.
  • E. Create a VPN gateway that uses the Basic SKU.

Answer: ABC

Explanation:
References:
https://docs.microsoft.com/en-za/archive/blogs/canitpro/step-by-step-configuring-a-site-to-site-vpn-gateway-bet

NEW QUESTION 20
......

100% Valid and Newest Version AZ-303 Questions & Answers shared by DumpSolutions.com, Get Full Dumps HERE: https://www.dumpsolutions.com/AZ-303-dumps/ (New 0 Q&As)