AZ-303 Practice Test Questions – Microsoft Azure Architect Technologies

AZ-303 exam is the new version of Microsoft Azure Architect Technologies instead of AZ-300. You can take both AZ-300 and AZ-303 exam before September 30, 2020. PassQuestion fully loaded AZ-303 Practice Test Questions are the absolute perfect and preferred way of preparing for the Microsoft AZ-303 by thousands of successful certified professionals across the world. Each and every PassQuestion AZ-303 Practice Test Questions are backed by our 100% pass guarantee. We guaranteed that you will pass your Microsoft AZ-303 actual test with your first attempt.

AZ-303 Practice Test Questions – Microsoft Azure Architect Technologies

1. You have an Azure subscription that contains 10 virtual machines on a virtual network. You need to create a graph visualization to display the traffic flow between the virtual machines.

What should you do from Azure Monitor?

From Activity log, use quick insights.

From Metrics, create a chart.

From Logs, create a new query.

From Workbooks, create a workbook.

2. You have an Azure subscription that contains 100 virtual machines. You have a set of Pester tests in PowerShell that validate the virtual machine environment. You need to run the tests whenever there is an operating system update on the virtual machines. The solution must minimize implementation time and recurring costs.

Which three resources should you use to implement the tests? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Azure Automation runbook

an alert rule

an Azure Monitor query

a virtual machine that has network access to the 100 virtual machines

an alert action group

3. You have an Azure subscription that contains an Azure Log Analytics workspace.

You have a resource group that contains 100 virtual machines. The virtual machines run Linux.

You need to collect events from the virtual machines to the Log Analytics workspace.

Which type of data source should you configure in the workspace?

Syslog

Linux performance counters

custom fields

4. You have a virtual network named VNet1 as shown in the exhibit. (Click the Exhibit tab.)

No devices are connected to VNet1.

You plan to peer VNet1 to another virtual network named VNet2. VNet2 has an address space of 10.2.0.0/16.

You need to create the peering.

What should you do first?

Configure a service endpoint on VNet2.

Add a gateway subnet to VNet1.

Create a subnet on VNEt1 and VNet2.

Modify the address space of VNet1.

5. You have an Azure subscription.

You have 100 Azure virtual machines.

You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering.

Which blade should you use?

Metrics

Customer sights

Monitor

Advisor

6. You have an Azure App Service app.

You need to implement tracing for the app.

The tracing information must include the following:

– Usage trends

– AJAX call responses

– Page load speed by browser

– Server and browser exceptions

What should you do?

Configure IIS logging in Azure Log Analytics.

Configure a connection monitor in Azure Network Watcher.

Configure custom logs in Azure Log Analytics.

Enable the Azure Application Insights site extension.

7. You have an Azure subscription that contains the storage accounts shown in the following table.

You enable Storage Advanced Threat Protection (ATP) for all the storage accounts. You need to identify which storage accounts will generate Storage ATP alerts.

Which two storage accounts should you identify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

storagecontoso1

storagecontoso2

storagecontoso3

storagecontoso4

storagecontoso5

8. You have an Azure virtual machine named VM1 and an Azure Active Directory (Azure AD) tenant named adatum.com.

VM1 has the following settings:

– IP address: 10.10.0.10

– System-assigned managed identity: On

You need to create a script that will run from within VM1 to retrieve the authentication token of VM1.

Which address should you use in the script?

vm1.adatum.com.onmicrosoft.com

169.254.169.254

10.10.0.10

vm1.adatum.com

9. You are designing an Azure solution.

The solution must meet the following requirements:

– Distribute traffic to different pools of dedicated virtual machines (VMs) based on rules.

– Provide SSL offloading capabilities.

You need to recommend a solution to distribute network traffic.

Which technology should you recommend?

Azure Application Gateway

Azure Load Balancer

Azure Traffic Manager

server-level firewall rules

10. You are implementing authentication for applications in your company. You plan to implement self-service password reset (SSPR) and multifactor authentication (MFA) in Azure Active Directory (Azure AD). You need to select authentication mechanisms that can be used for both MFA and SSPR.

Which two authentication methods should you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Authenticator app

Email addresses

App passwords

Short Message Service (SMS) messages

Security questions

11. Topic 1, Contoso, Ltd

Overview

Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.

Contoso products are manufactured by using blueprint files that the company authors and maintains.

Existing Environment

Currently, Contoso uses multiple types of servers for business operations, including the following:

✑ File servers

✑ Domain controllers

✑ Microsoft SQL Server servers

Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.

You have a public-facing application named App1.

App1 is comprised of the following three tiers:

✑ A SQL database

✑ A web front end

✑ A processing middle tier

Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

Requirements

Planned Changes

Contoso plans to implement the following changes to the infrastructure:

✑ Move all the tiers of App1 to Azure.

✑ Move the existing product blueprint files to Azure Blob storage.

✑ Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.

Technical Requirements

Contoso must meet the following technical requirements:

✑ Move all the virtual machines for App1 to Azure.

✑ Minimize the number of open ports between the App1 tiers.

✑ Ensure that all the virtual machines for App1 are protected by backups.

✑ Copy the blueprint files to Azure over the Internet.

✑ Ensure that the blueprint files are stored in the archive storage tier.

✑ Ensure that partner access to the blueprint files is secured and temporary.

✑ Prevent user passwords or hashes of passwords from being stored in Azure.

✑ Use unmanaged standard storage for the hard disks of the virtual machines.

✑ Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.

Minimize administrative effort whenever possible.

User Requirements

Contoso identifies the following requirements for users:

Ensure that only users who are part of a group named Pilot can join devices to Azure AD.

Designate a new user named Admin1 as the service administrator of the Azure subscription.

Ensure that a new user named User3 can create network objects for the Azure subscription.

You need to implement a backup solution for App1 after the application is moved.

What should you create first?

a recovery plan

an Azure Backup Server

a backup policy

a Recovery Services vault

12. You need to recommend an identify solution that meets the technical requirements.

What should you recommend?

federated single-on (SSO) and Active Directory Federation Services (AD FS)

password hash synchronization and single sign-on (SSO)

cloud-only user accounts

Pass-through Authentication and single sign-on (SSO)

13. You need to move the blueprint files to Azure.

What should you do?

Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.

Use the Azure Import/Export service.

Generate an access key. Map a drive, and then copy the files by using File Explorer.

Use Azure Storage Explorer to copy the files.

14. HOTSPOT

You need to configure the Device settings to meet the technical requirements and the user requirements.

Which two settings should you modify? To answer, select the appropriate settings in the answer area.

15. HOTSPOT

You need to recommend a solution for App1. The solution must meet the technical requirements .

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

16. HOTSPOT

You need to identify the storage requirements for Contoso.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

17. You need to meet the user requirement for Admin1.

What should you do?

From the Subscriptions blade, select the subscription, and then modify the Properties.

From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.

From the Azure Active Directory blade, modify the Properties.

From the Azure Active Directory blade, modify the Groups.

18. You are planning the move of App1 to Azure.

You create a network security group (NSG).

You need to recommend a solution to provide users with access to App1.

What should you recommend?

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

19. Topic 2, Misc. Questions

You have Azure virtual machines deployed to three Azure regions. Each region contains a single virtual network that has four virtual machines on the same subnet. Each virtual machine runs an application named App1. App1 is accessible by using HTTPS. Currently, the virtual machines are inaccessible from the internet.

You need to use Azure Front Door to load balance requests for App1 across all the virtual machines.

Which additional Azure service should you provision?

a public Azure Load Balancer

Azure Traffic Manager

an internal Azure Load Balancer

Azure Private Link

20. You have an Azure subscription that contains an Azure Sentinel workspace. Sentinel is configured to monitor several Azure resources.

You need to send notification emails to resource owners when alerts or recommendations are generated for a resource.

What should you use?

Logic Apps Designer

Azure Security Center

Azure Pipelines

Azure Machine Learning Studio

21. You have an Azure App Service app.

You need to implement tracing for the app.

The tracing information must include the following:

✑ Usage trends

✑ AJAX call responses

✑ Page load speed by browser

✑ Server and browser exceptions

What should you do?

Configure IIS logging in Azure Log Analytics.

Configure a connection monitor in Azure Network Watcher.

Configure custom logs in Azure Log Analytics.

Enable the Azure Application Insights site extension.

22. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company is deploying an on-premises application named Appl. Users will access App1 by using a URL of https://app1.contoso.com. You register App1 in Azure Active Directory (Azure AD) and publish Appl by using the Azure AD Application Proxy. You need to ensure that Appl appears in the My Apps portal for all the users.

Solution: You create a conditional access policy for App1.

Yes

23. You have an app named App1 that uses data from two on-premises Microsoft SQL Server databases named DB1 and DB2.

You plan to move DB1 and DB2 to Azure.

You need to implement Azure services to host DB1 and DB2. The solution must support server-side transactions across DB1 and DB2.

Solution: You deploy DB1 and DB2 to SQL Server on an Azure virtual machine.

Does this meet the goal?

Yes

24. HOTSPOT

Your company hosts multiple websites by using Azure virtual machine scale sets (VMSS) that run Internet Information Server (IIS).

All network communications must be secured by using end to end Secure Socket Layer (SSL) encryption. User sessions must be routed to the same server by using cookie-based session affinity.

The image shown depicts the network traffic flow for the websites to the VMSS.

Use the drop-down menus to select the answer choice that answers each question. NOTE: Each correct selection is worth one point.

25. HOTSPOT

You have an Azure subscription that contains the resource groups shown in the following table.

You create an Azure Resource Manager template named Template1 as shown in the following exhibit.

From the Azure portal, you deploy Template1 four times by using the settings shown in the following table.

What is the result of the deployment? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

26. HOTSPOT

You plan to implement an access review to meet the following requirements:

✑ The access review must be enforced until otherwise configured.

✑ Each user or group that has access to the Azure environment must be in the scope of the access review.

✑ The access review must be completed within two weeks.

✑ A lack of response must not cause changes in the operational environment.

An administrator creates the access review shown in the answer area.

Which two sections of the access review should you modify to meet the requirements? To answer, select the appropriate sections in the answer area. NOTE: Each correct selection is worth one point.

27. HOTSPOT

A company runs multiple Windows virtual machines (VMs) in Azure.

The IT operations department wants to apply the same policies as they have for on-premises VMs to the VMs running in Azure, including domain administrator permissions and schema extensions.

You need to recommend a solution for the hybrid scenario that minimizes the amount of maintenance required.

What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

28. HOTSPOT

Your network contains an on-premises Active Directory domain named contoso.com that contains a user named User1. The domain syncs to Azure Active Directory (Azure AD).

You have the Windows 10 devices shown in the following table.

The User Sign-In settings are configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point

29. Your on-premises network contains several Hyper-V hosts.

You have an hybrid deployment of Azure Active Directory (Azure AD).

You create an Azure Migrate project.

You need to ensure that you can evaluate virtual machines by using Azure Migrate.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Deploy the Azure Migrate appliance to an on-premises Hyper-V host.

Deploy the Microsoft Monitoring Agent to each Hyper-V virtual machine.

Assign the migrate account to the administrator group on each Hyper-V host.

Deploy the Azure Migrate appliance as an Azure virtual machine.

Deploy the Microsoft Monitoring Agent to each Hyper-V host.

Assign the migrate account to the Administrators group on each Hyper-V virtual machine.

30. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

The tenant contains the users shown in the following table.

The tenant contains computers that run Windows 10.

The computers are configured as shown in the following table.

You enable Enterprise State Roaming in contoso.com for Group1 and GroupA.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

31. Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a server named Server1 that runs Windows Server 2019. Server1 is a container host.

You are creating a Dockerfile to build a container image.

You need to add a file named File1.txt from Server1 to a folder named C:Folder1 in the container image.

Solution: You add the following line to the Dockerfile.

ADD File1.txt C:/Folder1/

You then build the container image.

Does this meet the goal?

Yes

32. HOTSPOT

You create a virtual machine scale set named Scale1.

Scale1 is configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

33. HOTSPOT

Your company has a virtualization environment that contains the virtualization hosts shown in the following table.

The virtual machines are configured as shown in the following table.

All the virtual machines use basic disks. VM1 is protected by using BitLocker Drive Encryption (BitLocker).

You plan to migrate the virtual machines to Azure by using Azure Site Recovery.

You need to identify which virtual machines can be migrated.

Which virtual machines should you identify for each server? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

34. HOTSPOT

You have an Azure subscription that contains a virtual network named VNet1.

VNet1 uses an IP address space of 10.0.0.0/16 and contains the subnets in the following table.

Subnet1 contains a virtual appliance named VM1 that operates as a router.

You create a routing table named RT1.

You need to route all inbound traffic to VNet1 through VM1.

How should you configure RT1? To answer, select the appropriate options in the answer area.

35. You have an app named App1 that uses data from two on-premises Microsoft SQL Server

databases named DB1 and DB2.

You plan to move DB1 and DB2 to Azure.

You need to implement Azure services to host DB1 and DB2. The solution must support server-side transactions across DB1 and D&2.

Solution: You deploy DB1 and DB2 to an Azure SQL Database managed instance.

Does this meet the goal?

Yes

36. You have a virtual network named VNet1 as shown in the exhibit.

No devices are connected to VNet1.

You plan to peer VNet1 to another virtual network named Vnet2 in the same region. VNet2 has an address space of 10.2.0.0/16.

You need to create the peering.

What should you do first?

Modify the address space of VNet1.

Configure a service endpoint on VNet2

Add a gateway subnet to VNet1.

Create a subnet on VNet1 and VNet2.

37. You are implementing authentication for applications in your company. You plan to implement self-service password reset (SSPR) and multifactor authentication (MFA) in Azure Active Directory (Azure AD).

You need to select authentication mechanisms that can be used for both MFA and SSPR.

Which two authentication methods should you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Short Message Service (SMS) messages

Authentication app

Email addresses

Security questions

App passwords

38. You have an Azure key vault named KV1.

You need to implement a process that will digitally sign the blobs stored in Azure Storage .

What is required in KV1 to sign the blobs?

a key

a secret

a certificate

39. HOTSPOT

You create a virtual machine scale set named Scale1. Scale1 is configured as shown in the following exhibit.

The subscription contains the Azure SQL databases shown in the following table.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

40. Your company plans to develop an application that will use a NoSQL database. The database will be used to store transactions and customer information by using JSON documents .

Which two Azure Cosmos DB APIs can developers use for the application? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Cassandra

Gremlin (graph)

MongoDB

Azure Table

Core (SQL)

41. You have an Azure subscription that contains a policy-based virtual network gateway named GW1 and a virtual network named VNetl. You need to ensure that you can configure a point to-site connection from an on-premises computer to VNetV .

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point

Delete GW1.

Reset GW1.

Add a service endpomt to VNetl.

Add a connection to GW1.

Add a public IP address space to VNetl.

Create a route-based virtual network gateway.

42. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You manage an Active Directory domain named contoso.local.

You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.

You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.

Solution: You use the Synchronization Service Manager to modify the Active Directory Domain Services (AD DS) Connector.

Does this meet the goal?

Yes

43. You create an Azure virtual machine named VM1 in a resource group named RG1.

You discover that VM1 performs slower than expected.

You need to capture a network trace on VM1.

What should you do?

From Diagnostic settings for VM1. configure the performance counters to include network counters.

From the VM1 blade, configure Connection troubleshoot.

From the VM1 blade, install performance diagnostics and run advanced performance analysis

From Diagnostic settings for VM1, configure the log level of the diagnostic agent.

44. You have an Azure subscription that contains the storage accounts shown in the following table.

You enable Azure Advanced Threat Protection (ATP) for all the storage accounts.

You need to identify which storage accounts will generate Azure ATP alerts.

Which two storage accounts should you identify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

storagecontoso1

storagecontoso2

storagecontoso3

storagecontoso4

storaaecontoso5

45. You have a server named Server1 that runs Windows Server 2019. Server! is a container host.

You plan to create a container image.

You create the following instructions in a text editor.

You need 10 be able to automate the container image creation by using the instructions.

To which file should you save the instructions?

Dockerfile

daemon.json

dockerconfig.json

dockerconfig.sjon

46. You have an Azure subscription that contains 10 virtual machines on a virtual network.

You need to create a graph visualization to display the traffic flow between the virtual machines.

What should you do from Azure Monitor?

From Activity log, use quick insights.

From Metrics, create a chart.

From Logs, create a new query.

From Workbooks, create a workbook.

47. You have SQL Server on an Azure virtual machine named SQL1.

You need to automate the backup of the databases on SQL1 by using Automated Backup v2 for the virtual machines.

The backups must meet the following requirements:

• Meet a recovery point objective (RPO) of 15 minutes.

• Retain the backups for 30 days.

• Encrypt the backups at rest.

What should you provision as part of the backup solution?

Azure Key Vault

an Azure Storage account

a Recovery Services vault

Elastic Database jobs

48. HOTSPOT

You have an Azure subscription named Subscription1.

In Subscription1, you create an alert rule named Alert1.

The Alert1 action group is configured as shown in the following exhibit.

Alert1 alert criteria is triggered every minute.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

49. Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Cosmos DB database that contains a container named Container1. The partition key for Container1 is set to /day.

Container1 contains the items shown in the following table.

You need to programmatically query Azure Cosmos DB and retrieve item1 and item2 only.

Solution: You run the following query.

You set the EnableCrossPartitionQuery property to True.

Does this meet the goal?

Yes

50. You have an Azure subscription that contains the resource groups shown in the following table.

The subscription contains the storage accounts shown in the following table.

You create a Recovery Services vault named Vault1 in RG1 in the West US location.

You need to identify which storage accounts can be used to archive the diagnostics logs of Vault1.

Which storage accounts should you identify?

storage1 only

storage2 only

storage3 only

storage1 or storage2 only

storage1 or stoage3 only

51. You have an Azure subscription.

You have an on-premises virtual machine named VM1.

The settings for VM1 are shown in the exhibit. (Click the Exhibit tab.)

You need to ensure that you can use the disks attached to VM1 as a template for Azure virtual machines.

What should you modify on VM1?

the hard drive

Integration Services

the memory

the network adapters

the processor

52. HOTSPOT

You have an Azure subscription that contains the virtual networks shown in the following table.

You create an Azure Cosmos DB account as shown in the exhibit. (Click the Exhibit tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

53. HOTSPOT

You plan to create an Azure Storage account in the Azure region of East US 2.

You need to create a storage account that meets the following requirements:

✑ Replicates synchronously

✑ Remains available if a single data center in the region fails

How should you configure the storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

54. You have an Azure SQL database named DB1.

You plan to create the following four tables in DB1 by using the following code.

You need to identify which table must be created last.

What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Table1

Table2

Table3

Table4

55. You have an Azure Cosmos DB account named Account1. Account1 includes a database named DB1 that contains a container named Container1. The partition key for Container1 is set to /city.

You plan to change the partition key for Container1.

What should you do first?

Delete Container1.

Create a new Azure Cosmos DB account.

Implement the Azure Cosmos D

Regenerate the keys for Account1.

56. You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using Azure ExpressRoute.

You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.

Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Create a VPN gateway that uses the VpnGw1 SK

Create a connection.

Create a local site VPN gateway.

Create a gateway subnet.

Create a VPN gateway that uses the Basic SK

57. You create the following Azure role definition.

You need to create Role1 by using the role definition.

Which two values should you modify before you create Role1? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

AssignableScopes

Description

DataActions

IsCustom

58. You have an Azure subscription that contains 100 virtual machines.

You have a set of Pester tests in PowerShell that validate the virtual machine environment.

You need to run the tests whenever there is an operating system update on the virtual machines. The solution must minimize implementation time and recurring costs.

Which three resources should you use to implement the tests? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Azure Automation runbook

an alert rule

an Azure Monitor query

a virtual machine that has network access to the 100 virtual machines

an alert action group

59. HOTSPOT

You have an Azure Resource Manager template for a virtual machine named Template1.

Template1 has the following parameters section.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

60. A company hosts virtual machines (VMs) in an on-premises datacenter and in Azure. The

on-premises and Azure-based VMs communicate using ExpressRoute.

The company wants to be able to continue regular operations if the ExpressRoute connection fails. Failover connections must use the Internet and must not require Multiprotocol Label Switching (MPLS) support.

You need to recommend a solution that provides continued operations.

What should you recommend?

Set up a second ExpressRoute connection.

Increase the bandwidth of the existing ExpressRoute connection.

Increase the bandwidth for the on-premises internet connection.

Set up a VPN connection.

61. Your company has an office in Seattle.

You have an Azure subscription that contains a virtual network named VNET1.

You create a site-to-site VPN between the Seattle office and VNET1.

VNET1 contains the subnets shown in the following table.

You need to redirect all Internet-bound traffic from Subnet1 to the Seattle office.

What should you create?

a route for Subnet1 That uses the virtual network gateway as the next hop

a route for GatewaySubnet that uses the virtual network gateway as the next hop

a route for GatewaySubnet that uses the local network gateway as the next hop

a route for Subnet1 that uses The local network gateway as the next hop

62. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it As a result, these questions will not appear in the review screen.

You have an Azure Active Directory {Azure AD) tenant named contoso.com.

A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin 1 discovers that all the other Identity Governance settings are available.

Admin1 is assigned The User administrator. Compliance administrator, and Security administrator roles.

You need to ensure that Admin1 can create access reviews in contoso.com. .

Solution: You assign the Global administrator role to Admin1.

Does this meet the goal?

Yes

63. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You manage an Active Directory domain named contoso.local.

You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.

You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.

Solution: You use Synchronization Rules Editor to create a synchronization rule.

Does this meet the goal?

Yes

64. You have an Azure subscription.

You create a custom role in Azure by using the following Azure Resource Manager template.

You assign the role to a user named User1.

Which action can User1 perform?

Delete virtual machines.

Create resource groups.

Create virtual machines.

Create support requests

65. HOTSPOT

You have an Azure subscription named Subscription1.

Subscription1 contains the resources in the following table:

VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and VNet2. An administrator named Admin1 creates an Azure virtual machine VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1.

You need to move the custom application to VNet2. The solution must minimize administrative effort.

Which two actions should you perform? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

66. Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1.

You need to enable multi-factor authentication (MFA) for the users in Group1 only.

Solution: From Multi-Factor Authentication, you select Bulk update, and you provide a CSV file that contains the members of Group1.

Does this meet the goal?

Yes

67. You have an Azure subscription that contains an Azure key vault named KeyVault1 and the virtual machines shown in the following table.

KeyVault1 has an access policy that provides several users with Create Key permissions.

You need to ensure that the users can only register secrets in KeyVault1 from VM1.

What should you do?

Create a network security group (NSG) that is linked to Subnet1.

Configure the Firewall and virtual networks settings for KeyVault1.

Modify the access policy for KeyVault1.

Configure KeyVault1 to use a hardware security module (HSM).

68. You create the user-assigned identities shown in the following table.

You create a virtual machine that has the following configurations:

• Name:VM1

• Location: West US

• Resource group: RG1

Which managed identities can you add to VM1?

Identity1 and Identity2 only

Identity1 only

Identity1, idenity1 and Identity3

Identity1 and Identity3 only

69. You create the Azure resources shown in the following table.

You attempt to add a role assignment to a resource group as shown in the following exhibit.

What should you do to ensure that you can assign VM2 the Reader role for the resource group?

Modify the Reader role at the subscription level.

Configure just in time (JIT) VM access on VM2.

Configure Access control (IAM) on VM2.

Assign a managed identity to VM2.

70. You create an Azure Kubernetes Service (AKS) cluster configured as shown in the exhibit. (Click the Exhibit tab.)

You deploy a containerized application named App1 to the agentPool node pool.

You need to create a containerized application named App2 that runs on four nodes of size DS3 v2.

What should you do first?

Create a new node pool.

modify the autoscaling settings for the agentPool node.

Enable virtual nodes for the AKS cluster.

Upgrade the AKS cluster.

71. You need to meet the user requirement for Admin1.

What should you do?

From the Subscriptions blade, select the subscription, and then modify the Properties.

From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.

From the Azure Active Directory blade, modify the Properties.

From the Azure Active Directory blade, modify the Groups.

72. HOTSPOT

You need to configure the Device settings to meet the technical requirements and the user requirements.

Which two settings should you modify? To answer, select the appropriate settings in the answer area.

73. You need to move the blueprint files to Azure.

What should you do?

Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.

Use the Azure Import/Export service.

Generate an access key. Map a drive, and then copy the files by using File Explorer.

Use Azure Storage Explorer to copy the files.

74. You need to recommend an identify solution that meets the technical requirements.

What should you recommend?

federated single-on (SSO) and Active Directory Federation Services (AD FS)

password hash synchronization and single sign-on (SSO)

cloud-only user accounts

Pass-through Authentication and single sign-on (SSO)

75. You are planning the move of App1 to Azure.

You create a network security group (NSG).

You need to recommend a solution to provide users with access to App1.

What should you recommend?

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.

Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.

76. You need to implement a backup solution for App1 after the application is moved.

What should you create first?

a recovery plan

an Azure Backup Server

a backup policy

a Recovery Services vault

77. Topic 2, Misc. Questions

HOTSPOT

You have an Azure subscription named Subscription1 that contains a virtual network named VNet1.

You add the users in the following table.

Which user can perform each configuration? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

78. You create a new Azure subscription. You create a resource group named RG1.

In RG1. you create the resources shown in the following table.

You need to configure an encrypted tunnel between your on-premises network and VNET1.

Which two additional resources should you create in Azure? Each correct answer presents part of the solution.

a point-to-site configuration

a local network gateway

a VNet-to-VNet connection

a VPN gateway

a site-to-site connection

79. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an app named App1 that uses data from two on-premises Microsoft SQL Server databases named DB1 and DB2.

You plan to move DB1 and DB2 to Azure.

You need to implement Azure services to host DB1 and DB2. The solution must support server-side transactions across DB1 and DB2.

Solution: You deploy DB1 and DB2 as Azure SQL databases on the same Azure SQL Database server.

Does this meet the goal?

Yes

80. HOTSPOT

You plan to create an Azure Storage account in the Azure region of East US 2.

You need to create a storage account that meets the following requirements:

✑ Replicates synchronously

✑ Remains available if a single data center in the region fails

How should you configure the storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

81. HOTSPOT

You have an Azure subscription that includes an Azure key vault named Vault1.

You create the Azure virtual machines shown in the following table.

You enable Azure Disk Encryption for all the virtual machines and use the CVolumeType All parameter.

You add data disks to the virtual machines as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

82. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant.

You need to create a conditional access policy that requires all users to use multi-factor authentication when they access the Azure portal.

Which three settings should you configure? To answer, select the appropriate settings to the answer area. NOTE: Each correct selection is worth one point.

83. : 302

You create an Azure Kubernetes Service (AKS) duster and an Azure Container Registry.

You need to perform continuous deployments of a containerized application to the AKS cluster as soon as the image updates in the registry.

What should you use to perform the deployments?

an Azure Pipelines release pipeline

an Azure Automation runbook

an Azure Resource Manager template

a kubectl script from a CRON job

84. You have SQL Server on an Azure virtual machine named SQL1.

You need to automate the backup of the databases on SQL1 by using Automated Backup v2 for the virtual machines.

The backups must meet the following requirements:

• Meet a recovery point objective (RPO) of 15 minutes.

• Retain the backups for 30 days.

• Encrypt the backups at rest.

What should you provision as part of the backup solution?

Azure Key Vault

an Azure Storage account

a Recovery Services vault

Elastic Database jobs

85. HOTSPOT

Your company has a virtualization environment that contains the virtualization hosts shown in the following table.

The virtual machines are configured as shown in the following table.

86. You have an Azure subscription that contains an Azure key vault named KeyVault1 and the virtual machines shown in the following table.

KeyVault1 has an access policy that provides several users with Create Key permissions.

You need to ensure that the users can only register secrets in KeyVault1 from VM1.

What should you do?

Create a network security group (NSG) that is linked to Subnet1.

Configure the Firewall and virtual networks settings for KeyVault1.

Modify the access policy for KeyVault1.

Configure KeyVault1 to use a hardware security module (HSM).

87. You have an Azure Kubernetes Service (AKS) cluster named Clus1 in a resource group named RG1.

An administrator plans to manage Clus1 from an Azure AD-joined device.

You need to ensure that the administrator can deploy the YAML application manifest file for a container application.

You install the Azure CLI on the device.

Which command should you run next?

kubectl get nodes

az aks install-cli

kubectl apply Cf app1.yaml

az aks get-credentials –resource-group RG1 –name Clus1

88. You have an app named App1 that uses data from two on-premises Microsoft SQL Server databases named DB1 and DB2.

You plan to move DB1 and DB2 to Azure.

You need to implement Azure services to host DB1 and DB2. The solution must support server-side transactions across DB1 and DB2.

Solution: You deploy DB1 and DB2 as Azure SQL databases on the some Azure SQL Database server.

Does this meet the goal?

Yes

89. Your company has an Azure subscription.

You enable multi-factor authentication (MFA) for all users.

The company’s help desk reports an increase in calls from users who receive MFA requests while they work from the company’s main office.

You need to prevent the users from receiving MFA requests when they sign in from the main office.

What should you do?

From Azure Active Directory (Azure AD), configure organizational relationships.

From the MFA service settings, create a trusted IP range.

From Conditional access in Azure Active Directory (Azure AD), create a custom control.

From Conditional access in Azure Active Directory (Azure AD), create a named location.

90. You have an application named App1 that does not support Azure Active Directory (Azure AD) authentication.

You need to ensure that App1 can send messages to an Azure Service Bus queue. The solution must prevent Appl from listening to the queue.

What should you do?

Modify the locks of the Queue

Configure Access control (IAM) for the Service Bus

Configure Access control (IAM) for the queue.

Add a shared access policy to the queue

91. HOTSPOT

You have an Azure subscription named Subscription1.

Subscription1 contains the resources in the following table:

92. You have an Azure subscription that contains the resource groups shown in the following table.

The subscription contains the storage accounts shown in the following table.

storage1 only

storage2 only

storage3 only

storage1 or storage2 only

storage1 or stoage3 only

93. You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using Azure ExpressRoute.

You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.

Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Create a VPN gateway that uses the VpnGw1 SK

Create a connection.

Create a local site VPN gateway.

Create a gateway subnet.

Create a VPN gateway that uses the Basic SK

94. HOTSPOT

You have Azure Storage accounts as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

95. HOTSPOT

A company runs multiple Windows virtual machines (VMs) in Azure.

The IT operations department wants to apply the same policies as they have for on-premises VMs to the VMs running in Azure, including domain administrator permissions and schema extensions.

You need to recommend a solution for the hybrid scenario that minimizes the amount of maintenance required.

What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

96. You are designing an Azure solution.

The solution must meet the following requirements:

* Distribute traffic to different pools of dedicated virtual machines (VMs) based on rules

* Provide SSL offloading capabilities

You need to recommend a solution to distribute network traffic.

Which technology should you recommend?

server-level firewall rules

Azure Application Gateway

Azure Traffic Manager

Azure Load Balancer

97. You have the following Azure Active Directory (Azure AD) tenants

• Contosoonmicrosoft.com Linked to a Microsoft Office 365 tenant and syncs to an Active Directory forest named contoso.com by using password hash synchronization

• Contosoazure onmicrosoft.com Linked to an Azure subscription named Subscription1.

You need to ensure that you can assign the users in contoso.com access to the resources in Subscription1.

What should you do?

Configure contosoxHVTttcrosoft.com to use pass-through authentication.

Associate Subscription1 to contoso.onmicrosoft.com Reassign all the roles in Subscnption1.

Deploy a second Azure AD Connect server and sync contoso.com to contosoazure.
onmicrosoft.com.

Configure Active Directory federation Services (AD FS) federation between contosoazure.onmicrosoft.com and contoso.com.

98. HOTSPOT

You deploy an Azure virtual machine scale set named VSSI that contains 30 virtual machine instances across three zones in the same Azure region. The instances host an application named App1 that must be accessible by using HTTP and HTTPS traffic. Currently, VSS1 is inaccessible from the internet.

You need to use Azure Load Balancer to provide access to App1 across all the instances from the internet by using a single IP address.

What should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

99. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an app named App1 that uses data from two on-premises Microsoft SQL Server databases named DB1 and DB2.

You plan to move DB1 and DB2 to Azure.

You need to implement Azure services to host DB1 and DB2. The solution must support server-side transactions across DB1 and DB2.

Solution: You deploy DB1 and DB2 as Azure SQL databases each on a different Azure SQL Database server.

Does this meet the goal?

Yes

100. DRAG DROP

You have an Azure subscription that contains the resources shown in the following table.

In RG2, you need to create a new virtual machine named VM2 that will connect to VNET1.

VM2 will use a network interface named VM2_Interface.

In which region should you create VM2 and VM2_Interface? To answer, drag the appropriate regions to the correct targets. Each region may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

101. The developers at your company request that you create databases in Azure Cosmos DB as shown in the following table.

You need to create the Azure Cosmos DB databases to meet the developer request. The solution must minimize costs.

What are two possible ways to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Create three Azure Cosmos DB accounts, one for the databases that use the Core (SQL) API, one for CosmosDB2, and one for CosmosDB4.

Create two Azure Cosmos DB accounts, one for CosmosDB2 and CosmosDB4 and one for CosmosDB1 and CosmosDB3.

Create one Azure Cosmos DB account for each database.

Create three Azure Cosmos DB accounts, one for the databases that use the MongoDB API, one for CosmosDB1, and one for CosmosDB3.

102. HOTSPOT

You have a hierarchy of management groups and Azure subscriptions as shown in the following table.

You create the Azure resources shown in the following table.

You assign roles to users as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point

103. HOTSPOT

You are developing an Azure Web App. You configure TLS mutual authentication for the web app.

You need to validate the client certificate in the web app. To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

104. HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.

You need to deploy a load-balancing solution for two Azure web apps named App1 and App2 to meet the following requirements:

✑ App1 must support command injection protection.

✑ App2 must be able to use a static public IP address.

✑ App1 must have a Service Level Agreement (SLA) of 99.99 percent.

✑ App2 load balancing solution must be able to autoscale.

Which resource should you use as the load-balancing solution for each app? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

105. HOTSPOT

You have an Azure logic app named App1 and an Azure Service Bus queue named Queue1.

You need to ensure that App1 can read messages from Queue1. App1 must authenticate by using Azure Active Directory (Azure AD).

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

106. HOTSPOT

You play to deploy an Azure virtual machine named VM1 by using an Azure Resource Manager template.

You need to complete the template.

What should you include in the template? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

107. HOTSPOT

From Azure Cosmos DB, you create the containers shown in the following table.

You add the following item to Container1.

You plan to add items to Azure Cosmos DB as shown in the following table.

You need to identify which items can be added successfully to Container1 and Container2.

What should you identify for each container? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

108. HOTSPOT

You have an Azure subscription named Subscription1.

In Subscription1, you create an alert rule named Alert1.

The Alert1 action group is configured as shown in the following exhibit.

109. You have three Azure SQL Database servers shown in the following table.

You plan to specify sqlserver1 as the primary server in a failover group.

Which servers can be used as a secondary server?

sqlserver4 and sqlserver5 only

sqlserver2 and sqlserver3 only

sqlserver1 and sqlserver3 only

sqlserver2 and sqlserver4 only

110. DRAG DROP

You have an Azure virtual machine named VM1 that runs Windows Server 2016.

You install a line-to-business application on VM1.

You need to create an Azure virtual machine by using VM1 as a custom image.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

111. DRAG DROP

You are designing a solution to secure a company’s Azure resources. The environment hosts 10 teams. Each team manages a project and has a project manager, a virtual machine (VM) operator, developers, and contractors.

Project managers must be able to manage everything except access and authentication for users. VM operators must be able to manage VMs, but not the virtual network or storage account to which they are connected. Developers and contractors must be able to manage storage accounts.

You need to recommend roles for each member.

What should you recommend? To answer, drag the appropriate roles to the correct employee types. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

112. You have a resource group named RG1 that contains the following:

• A virtual network that contains two subnets named Subnet 1 and AzureFirewallSubnet

• An Azure Storage account named contososa1

• An Azure firewall deployed to AzureFirewallSubnet

You need to ensure that contososa1 is accessible from Subnet 1 over the Azure backbone network.

What should you do?

Create a stored access policy for contososa1.

Remove the Azure firewall-

implement a virtual network service endpoint.

Modify the Firewall and virtual networks settings for contososa1.

113. You manage an Active Directory domain named contoso.local.

You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.

You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.

What should you do?

Use the Synchronization Service Manager to modify the Metaverse Designer tab.

Use Azure AD Connect to customize the synchronization options.

Use the Synchronization Rules Editor to create a synchronization rule.

Use Synchronization Service Manager to modify the Active Directory Domain Services (AD DS) Connector.

114. A company plans to use third-party application software to perform complex data analysis processes. The software will use up to 500 identical virtual machines (VMs) based on an Azure Marketplace VM image.

You need to design the infrastructure for the third-party application server.

The solution must meet the following requirements:

✑ The number of VMs that are running at any given point in time must change when the user workload changes.

✑ When a new version of the application is available in Azure Marketplace it must be deployed without causing application downtime.

✑ Use VM scale sets.

✑ Minimize the need for ongoing maintenance.

Which two technologies should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

single storage account

autoscale

single placement group

managed disks

115. You have an Azure virtual network that contains a subnet named Subnet1. Subnet1 contains 50 virtual machines. Twenty-five of the virtual machines are web servers and the other 25 are application servers.

You need to filter traffic the web servers and the application servers by using application security groups.

Which additional resources should you provision?

Azure Private Link

a network security group (NSG)

a user-defined route

Azure-firewall

116. You create the Azure resources shown in the following table.

You attempt to add a role assignment to a resource group as shown in the following exhibit.

What should you do to ensure that you can assign VM2 the Reader role for the resource group?

Modify the Reader role at the subscription level.

Configure just in time (JIT) VM access on VM2.

Configure Access control (IAM) on VM2.

Assign a managed identity to VM2.

117. HOTSPOT

You have the Azure SQL Database servers shown in the following table.

You have the Azure SQL databases shown in the following table.

You create a failover group named failover1 that has the following settings:

• Primary server: sqlserver1

• Secondary server: sqlserver2

• Read/Write failover policy: Automatic

• Read/Write grace period (hours): 1 hour

118. You have an Azure subscription that contains a resource group named RG1. RG1 contains multiple resources.

You need to trigger an alert when the resources in RG1 consume $1,000 USD.

What should you do?

From Cost Management + Billing, add a cloud connector.

From the subscription, create an event subscription.

From Cost Management + Billing create a budget.

From RG1, create an event subscription.

119. An administrator plans to create a function app in Azure that will have the following settings:

✑ Runtime stack: .NET Core

✑ Operating System: Linux

✑ Plan type: Consumption

✑ Enable Application Insights: Yes

You need to ensure that you can back up the function app.

Which settings should you recommend changing before creating the function app?

Runtime stack

Enable Application Insights

Operating System

Plan type

120. HOTSPOT

You have an Azure subscription that contains the resource groups shown in the following table.

You create an Azure Resource Manager template named Template1 as shown in the following exhibit.

From the Azure portal, you deploy Template1 four times by using the settings shown in the following table.

What is the result of the deployment? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

121. Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.

Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.

You need to ensure that Admin1 can create access reviews in contoso.com.

Solution: You assign the Service administrator role to Admin1.

Does this meet the goal?

Yes

122. Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a server named Server1 that runs Windows Server 2019. Server1 is a container host.

You are creating a Dockerfile to build a container image.

You need to add a file named File1.txt from Server1 to a folder named C:Folder1 in the container image.

Solution: You add the following line to the Dockerfile.

XCOPY File1.txt C:Folder1

You then build the container image.

Does this meet the goal?

Yes

123. HOTSPOT

You create a virtual machine scale set named Scale1.

Scale1 is configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

124. Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Cosmos DB database that contains a container named Container1.

The partition key for Container1 is set to /day. Container1 contains the items shown in the following table.

You need to programmatically query Azure Cosmos DB and retrieve item1 and item2 only.

Solution: You run the following query.

You set the EnableCrossPartitionQuery property to True.

Does this meet the goal?

Yes

125. You create the following Azure role definition.

AssignableScopes

Description

DataActions

IsCustom

126. You have an Azure Container Registry and an Azure container instance.

You pull an image from the registry, and then update the local copy of the image.

You need to ensure that the updated image can be deployed to the container instance. The solution must ensure that you can deploy the updated image or the previous version of the image.

What should you do?

Run the docker image push command and specify the tag parameter.

Run the az image copy command and specify the tag parameter. Run the az aks update command and specify the attach-acr parameter.

Run the kubect1 apply command and specify the dry-run parameter.

127. Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Cosmos DB database that contains a container named Container1. The partition key for Container1 is set to /day.

Container1 contains the items shown in the following table.

You need to programmatically query Azure Cosmos DB and retrieve item1 and item2 only.

Solution: You run the following query.

You set the EnableCrossPartitionQuery property to True.

Does this meet the goal?

Yes

128. You have 10 Azure virtual machines on a subnet named Subnet1. Subnet1 is on a virtual network named VNet1.

You plan to deploy a public Azure Standard Load Balancer named LB1 to the same Azure region as the 10 virtual machines.

You need to ensure that traffic from all the virtual machines to the internet flows through LB1. The solution must prevent the virtual machines from being accessible on the internet.

Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Add health probes to LB1.

Add the network interfaces of the virtual machines to the backend pool of LB1.

Add an inbound rule to LB1.

Add an outbound rule to LB1.

Associate a network security group (NSG) to Subnet1.

Associate a user-defined route to Subnet1.

129. Topic 1, Contoso, Ltd

Overview

Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.

Contoso products are manufactured by using blueprint files that the company authors and maintains.

Existing Environment

Currently, Contoso uses multiple types of servers for business operations, including the following:

– File servers

– Domain controllers

– Microsoft SQL Server servers

Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.

You have a public-facing application named App1.

App1 is comprised of the following three tiers:

– A SQL database

– A web front end

– A processing middle tier

Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

Requirments

Planned Changes

Contoso plans to implement the following changes to the infrastructure:

– Move all the tiers of App1 to Azure.

– Move the existing product blueprint files to Azure Blob storage.

– Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.

Technical Requirements

Contoso must meet the following technical requirements:

– Move all the virtual machines for App1 to Azure.

– Minimize the number of open ports between the App1 tiers.

– Ensure that all the virtual machines for App1 are protected by backups.

– Copy the blueprint files to Azure over the Internet.

– Ensure that the blueprint files are stored in the archive storage tier.

– Ensure that partner access to the blueprint files is secured and temporary.

– Prevent user passwords or hashes of passwords from being stored in Azure.

– Use unmanaged standard storage for the hard disks of the virtual machines.

– Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.

Minimize administrative effort whenever possible.

HOTSPOT

You need to identify the storage requirements for Contoso.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

130. HOTSPOT

You need to recommend a solution for App1. The solution must meet the technical requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

AZ-303 Practice Test Questions – Microsoft Azure Architect Technologies

AZ-303 Practice Test Questions – Microsoft Azure Architect Technologies

Leave a Reply Cancel reply