AZ-303 Exam - Microsoft Azure Architect Technologies (beta)

NEW QUESTION 1

You have an Azure subscription that contains the storage accounts shown in the following table.

You enable Azure Advanced Threat Protection (ATP) for all the storage accounts. You need to identify which storage accounts will generate Azure ATP alerts.
Which two storage accounts should you identify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. storagecontoso1
• B. storagecontoso2
• C. storagecontoso3
• D. storagecontoso4
• E. storaaecontoso5

Answer: AB

Explanation:
Advanced threat protection for Azure Storage is currently available only for Blob Storage.

https://docs.microsoft.com/en-us/azure/storage/common/storage-advanced-threat-protection?tabs=azure-portal

NEW QUESTION 2

You have an Azure subscription that contains 10 virtual machines on a virtual network.
You need to create a graph visualization to display the traffic flow between the virtual machines. What should you do from Azure Monitor?

• A. From Activity log, use quick insights.
• B. From Metrics, create a chart.
• C. From Logs, create a new query.
• D. From Workbooks, create a workbook.

Answer: C

Explanation:
Navigate to Azure Monitor and select Logs to begin querying the data Reference:
https://azure.microsoft.com/en-us/blog/analysis-of-network-connection-data-with-azure-monitor-for-virtual-mac

NEW QUESTION 3

You have a web server app named App1 that is hosted in three Azure regions. You plan to use Azure Traffic Manager to distribute traffic optimally for App1.
You need to enable Real User Measurements to monitor the network latency data for App1. What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Select Generate key
You can configure your web pages to send Real User Measurements to Traffic Manager by obtaining a Real User Measurements (RUM) key and embedding the generated code to web page.
Obtain a Real User Measurements key
The measurements you take and send to Traffic Manager from your client application are identified by the service using a unique string, called the Real User Measurements (RUM) Key. You can get a RUM key using the Azure portal, a REST API, or by using the PowerShell or Azure CLI.
To obtain the RUM Key using Azure portal:
From a browser, sign in to the Azure portal. If you don’t already have an account, you can sign up for a free one-month trial.
In the portal’s search bar, search for the Traffic Manager profile name that you want to modify, and then click the Traffic Manager profile in the results that the displayed.
In the Traffic Manager profile blade, click Real User Measurements under Settings.
Click Generate Key to create a new RUM Key.
Box 2: Embed the Traffic Manager JavaScript code snippet. Embed the code to an HTML web page
After you have obtained the RUM key, the next step is to embed this copied JavaScript into an HTML page that your end users visit.
This example shows how to update an HTML page to add this script. You can use this guidance to adapt it to your HTML source management workflow.
Open the HTML page in a text editor
Paste the JavaScript code you had copied in the earlier step to the BODY section of the HTML (the copied code is on line 8 & 9, see figure 3).

Reference:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-create-rum-web-pages

NEW QUESTION 4

You have an Azure subscription that contains an Azure Log Analytics workspace. You have a resource group that contains 100 virtual machines. The virtual machines run Linux. You need to collect events from the virtual machines to the Log Analytics workspace. Which type of data source should you configure in the workspace?

• A. Syslog
• B. Linux performance counters
• C. custom fields

Answer: A

Explanation:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-azurevm
Syslog is an event logging protocol that is common to Linux. Applications will send messages that may be stored on the local machine or delivered to a Syslog collector. When the Log Analytics agent for Linux is installed, it configures the local Syslog daemon to forward messages to the agent. The agent then sends the message to Azure Monitor where a corresponding record is created.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs

NEW QUESTION 5

You have an Azure Active Directory (Azure AD) tenant.
You need to create a conditional access policy that requires all users to use multi-factor authentication when they access the Azure portal.
Which three settings should you configure? To answer, select the appropriate settings to the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policies

NEW QUESTION 6

You have an Azure Cosmos DB account named Account1. Account1 includes a database named DB1 that contains a container named Container 1. The partition key tor Container1 is set to /city.
You plan to change the partition key for Container1 What should you do first?

• A. Delete Container1
• B. Create a new container in DB1
• C. Regenerate the keys for Account1.
• D. Implement the Azure CosmosDB.NET SDK

Answer: B

Explanation:
The good news is that there are two features, the Change Feed Processor and Bulk Executor Library, in Azure Cosmos DB that can be leveraged to achieve a live migration of your data from one container to another. This allows you to re-distribute your data to match the desired new partition key scheme, and make the relevant application changes afterwards, thus achieving the effect of “updating your partition key”.
Reference:
https://devblogs.microsoft.com/cosmosdb/how-to-change-your-partition-key/

NEW QUESTION 7

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1. You need to enable multi-factor authentication (MFA) for the users in Group1 only.
Solution: From Multi-Factor Authentication, you select Bulk update, and you provide a CSV file that contains the members of Group1.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
We should use a Conditional Access policy.
Note: There are two ways to secure user sign-in events by requiring multi-factor authentication in Azure AD. The first, and preferred, option is to set up a Conditional Access policy that requires multi-factor authentication under certain conditions. The second option is to enable each user for Azure Multi-Factor Authentication. When users are enabled individually, they perform multi-factor authentication each time they sign in (with some exceptions, such as when they sign in from trusted IP addresses or when the remembered devices feature is turned on).
Enabling Azure Multi-Factor Authentication using Conditional Access policies is the recommended approach. Changing user states is no longer recommended unless your licenses don't include Conditional Access as it requires users to perform MFA every time they sign in.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

NEW QUESTION 8

Your company hosts multiple websites by using Azure virtual machine scale sets (VMSS) that run Internet Information Server (IIS).
All network communications must be secured by using end to end Secure Socket Layer (SSL) encryption. User sessions must be routed to the same server by using cookie-based session affinity.
The image shown depicts the network traffic flow for the websites to the VMSS.

Use the drop-down menus to select the answer choice that answers each question.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Azure Application Gateway
You can create an application gateway with URL path-based redirection using Azure PowerShell. Box 2: Path-based redirection and Websockets
Reference:
https://docs.microsoft.com/bs-latn-ba/azure//application-gateway/tutorial-url-redirect-powershell

NEW QUESTION 9

You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. Virtual machines connect to the virtual networks.
The virtual networks have the address spaces and the subnets configured as shown in the following table.

You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and VNet2 can communicate.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Step 1: Remove peering between Vnet1 and VNet2.
You can't add address ranges to, or delete address ranges from a virtual network's address space once a virtual network is peered with another virtual network. To add or remove address ranges, delete the peering, add or remove the address ranges, then re-create the peering. Step 2: Add the 10.44.0.0/16 address space to VNet1. Step 3: Recreate peering between VNet1 and VNet2 References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering

NEW QUESTION 10

You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

The tenant contains computers that run Windows 10. The computers are configured as shown in the following table.

You enable Enterprise State Roaming in contoso.com for Group1 and GroupA.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Enterprise State Roaming provides users with a unified experience across their Windows devices and reduces the time needed for configuring a new device.
Box 1: Yes
Box 2: No
Box 3: Yes References:
https://docs.microsoft.com/en-us/azure//////active-directory/devices/enterprise-state-roaming-overview

NEW QUESTION 11

You have an Azure subscription that contains multiple resource groups. You create an availability set as shown in the following exhibit.

You deploy 10 virtual machines to AS1.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: 6
Two out of three update domains would be available, each with at least 3 VMs.
An update domain is a group of VMs and underlying physical hardware that can be rebooted at the same time. As you create VMs within an availability set, the Azure platform automatically distributes your VMs across these update domains. This approach ensures that at least one instance of your application always remains running as the Azure platform undergoes periodic maintenance.
Box 2: the West Europe region and the RG1 resource group References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/regions-and-availability

NEW QUESTION 12

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company is deploying an on-premises application named Appl. Users will access App1 by using a URL of https://app1.contoso.com. You register App1 in Azure Active Directory (Azure AD) and publish Appl by using the Azure AD Application Proxy. You need to ensure that Appl appears in the My Apps portal for all the users.
Solution: You create a conditional access policy for App1.

• A. Yes
• B. No

Answer: B

NEW QUESTION 13

You have the virtual machines shown in the following table.

You deploy an Azure bastion named Bastion1 to VNET1.
To which virtual machines can you connect by using Bastion1?

• A. VM1 only
• B. VM1 and VM2 only
• C. VM2 and VM3 only
• D. VM1, VM2, and VM3

Answer: C

NEW QUESTION 14

You have two Azure SQL Database managed instances in different Azure regions. You plan to configure the managed instances in an instance failover group.
What should you configure before you can add the managed instances to the instance failover group?

• A. Azure Private Link that has endpoints on two virtual networks
• B. an internal Azure Load Balancer instance that has managed instance endpoints in a backend pool
• C. an Azure Application Gateway that has managed instance endpoints in a backend pool
• D. a Site-to-Site VPN between the virtual networks that contain the instances

Answer: D

Explanation:
For two managed instances to participate in a failover group, there must be either ExpressRoute or a gateway configured between the virtual networks of the two managed instances to allow network communication.
You create the two VPN gateways and connect them.
Create a bidirectional connection between the two gateways of the two virtual networks.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/managed-instance/failover-group-add-instance-tutorial?tabs=az

NEW QUESTION 15

You have an Azure subscription that contains the resources shown in the following table.

Subnet1 is on VNET1. VM1 connects to Subnet1.
You plan to create a virtual network gateway on VNET1.
You need to prepare the environment for the planned virtual network gateway.
What are two ways to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

• A. Create a subnet named GatewaySubnet on VNET1.
• B. Delete Subnet1.
• C. Modify the address space used by Subnet1.
• D. Modify the address space used by VNET1
• E. Create a local network gateway.

Answer: AD

NEW QUESTION 16

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image. You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Create a new virtual machine scale set in the Azure portal.
• B. Create an automation account.
• C. Upload a configuration script.
• D. Modify the extensionProfile section of the Azure Resource Manager template.
• E. Create an Azure policy.

Answer: AD

Explanation:
References:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template

NEW QUESTION 17

You have the Azure SQL Database servers shown in the following table.

You have the Azure SQL databases shown in the following table.

You create a failover group named failover1 that has the following settings:
• Primary server: sqlserver1
• Secondary server: sqlserver2
• Read/Write failover policy: Automatic
• Read/Write grace period (hours): 1 hour

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 18

You have an Azure virtual machine named VM1 and an Azure Active Directory (Azure AD) tenant named adatum.com.
D18912E1457D5D1DDCBD40AB3BF70D5D
VM1 has the following settings:
IP address: 10.10.0.10
System-assigned managed identity: On
You need to create a script that will run from within VM1 to retrieve the authentication token of VM1. Which address should you use in the script?

• A. vm1.adatum.com.onmicrosoft.com
• B. 169.254.169.254
• C. 10.10.0.10
• D. vm1.adatum.com

Answer: B

Explanation:
Your code that's
running on the VM can request a token from the Azure Instance Metadata Service identity endpoint, accessible only from within the VM: http://169.254.169.254/metadata/identity/oauth2/token
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

NEW QUESTION 19

Your company has an office in Seattle.
You have an Azure subscription that contains a virtual network named VNET1. You create a site-to-site VPN between the Seattle office and VNET1.
VNET1 contains the subnets shown in the following table.

You need to redirect all Internet-bound traffic from Subnet1 to the Seattle office. What should you create?

• A. a route for Subnet1 That uses the virtual network gateway as the next hop
• B. a route for GatewaySubnet that uses the virtual network gateway as the next hop
• C. a route for GatewaySubnet that uses the local network gateway as the next hop
• D. a route for Subnet1 that uses The local network gateway as the next hop

Answer: B

Explanation:
A route with the 0.0.0.0/0 address prefix instructs Azure how to route traffic destined for an IP address that is not within the address prefix of any other route in a subnet's route table. When a subnet is created, Azure creates a default route to the 0.0.0.0/0 address prefix, with the Internet next hop type. We need to create a custom route in Azure to use a virtual network gateway in the Seattle office as the next hop.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

NEW QUESTION 20
......