admin
Microsoft az-303 exam ready here! Get the latest az-303 exam exercise questions and exam dumps pdf for free! 100% pass the exam to select
the full Microsoft az-303 dumps https://www.leads4pass.com/az-303.html the link to get VCE or PDF. All exam questions are updated!
Latest Updated Microsoft AZ-303 Practice Exam
QUESTION 1
DRAG DROP
You have an Azure subscription that contains the following resources:
1.
a virtual network named VNet1
2.
a replication policy named ReplPoHcy1
3.
a Recovery Services vault named Vault1
4.
an Azure Storage account named Storage1
You have an Amazon Web Services (AWS) EC2 virtual machine named VM1 that runs Windows Server 2016.
You need to migrate VM1 to VNet1 by using Azure Site Recovery.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order
Select and Place:
…
The final summary of Microsoft certification exam practice questions and answers is updated at https://www.fulldumps.com/,
you can get more and more complete Microsoft exam certification dumps, more Microsoft AZ-303 exam questions and answers: https://www.fulldumps.com/microsoft-az-303-exam-dumps-and-online-practice-questions-are-available-from-lead4pass-2/
Lead4pass offers the latest Microsoft az-303 Google Drive
[Latest updates] Free Microsoft az-303 dumps pdf download from Google Drive: https://drive.google.com/file/d/1X4pNue3LHQL_f8DuIL9BaoHzydZ37rpX/
Micvce Exam Table of Contents:
- Microsoft az-303 Practice testing questions from Youtube
- latest updated Microsoft az-303 exam questions and answers
- Lead4Pass Microsoft discount code
- About lead4pass
latest updated Microsoft az-303 exam questions and answers
QUESTION 1
You have an Azure Active Directory (Azure AD) tenant linked to an Azure subscription. The tenant contains a group
named Admins.
You need to prevent users, except for the members of Admins, from using the Azure portal and Azure PowerShell to
access the subscription.
What should you do?
A. From Azure AD, configure the User settings.
B. From the Azure subscription, assign an Azure policy.
C. From Azure AD, create a conditional access policy.
D. From the Azure subscription, configure Access control (IAM).
Correct Answer: D
QUESTION 2
HOTSPOT
You plan to create an Azure Storage account in the Azure region of East US 2.
You need to create a storage account that meets the following requirements:
Replicates synchronously
Remains available if a single data center in the region fails
How should you configure the storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails
GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2)
ZRS only supports GPv2.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs
QUESTION 3
You need to recommend an identity solution that meets the technical requirements.
What should you recommend?
A. password hash synchronization and single sign-on (SSO)
B. federated single sign-on (SSO) and Active Directory Federation Services (AD FS)
C. Pass-through Authentication and single sign-on (SSO)
D. cloud-only user accounts
Correct Answer: C
With Pass-through Authentication, the on-premises passwords are never stored in the cloud in any form.
Scenario:
Prevent user passwords or hashes of passwords from being stored in Azure.
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their
identity.
Minimize administrative effort whenever possible.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta
QUESTION 4
HOTSPOT
Your network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD), tenant
named adatum.onmicrosoft.com.
Adatum.com contains the user accounts in the following table.
Adatum.onmicrosoft.com contains the user accounts in the following table.
You need to implement Azure AD Connect. The solution must follow the principle of least privilege.
Which user accounts should you use in Adatum.com and Adatum.onmicrosoft.com to implement Azure AD Connect? To
answer select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: User5
In Express settings, the installation wizard asks for the following:
AD DS Enterprise Administrator credentials
Azure AD Global Administrator credentials
The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are
only used during the installation and are not used after the installation has completed. The Enterprise Admin, not the
Domain
Admin should make sure the permissions in Active Directory can be set in all domains.
Box 2: UserA
Azure AD Global Admin credentials are only used during the installation and are not used after the installation has
completed. It is used to create the Azure AD Connector account used for synchronizing changes to Azure AD. The
account
also enables sync as a feature in Azure AD.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-accounts-permissions
QUESTION 5
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that contains the user groups shown in the following table.
You enable self-service password reset (SSPR) for Group1.
You configure the Notifications settings as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Yes
Notify all admins when other admins reset their passwords: Yes.
Box 2: No
Notify users on password resets: No.
Box 3: No Notify users on password resets
If this option is set to Yes, then users resetting their password receive an email notifying them that their password has
been changed. The email is sent via the SSPR portal to their primary and alternate email addresses that are on file in
Azure AD. No one else is notified of the reset event. Notify all admins when other admins reset their passwords
If this option is set to Yes, then all administrators receive an email to their primary email address on file in Azure AD.
The email notifies them that another administrator has changed their password by using SSPR.
Example: There are four administrators in an environment. Administrator A resets their password by using SSPR.
Administrators B, C, and D receive an email alerting them of the password reset.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr
QUESTION 6
You have an Azure Cosmos DB account named Account1. Account1 includes a database named DB1 that contains a
container named Container 1. The partition key tor Container1 is set to /city.
You plan to change the partition key for Container1
What should you do first?
A. Delete Container1
B. Create a new container in DB1
C. Regenerate the keys for Account1.
D. Implement the Azure CosmosDB.NET SDK
Correct Answer: B
The good news is that there are two features, the Change Feed Processor and Bulk Executor Library, in Azure Cosmos
DB that can be leveraged to achieve a live migration of your data from one container to another. This allows you to
redistribute your data to match the desired new partition key scheme, and make the relevant application changes afterward, thus achieving the effect of “updating your partition key”.
Reference:
https://devblogs.microsoft.com/cosmosdb/how-to-change-your-partition-key/
QUESTION 7
You have an Azure Kubernetes Service (AKS) cluster named Clus1 in a resource group named RG1.
An administrator plans to manage Clus1 from an Azure AD-joined device.
You need to ensure that the administrator can deploy the YAML application manifest file for a container application.
You install the Azure CLI on the device.
Which command should you run next?
A. kubectl get nodes
B. az aks install-CLI
C. kubectl apply –f app1.YAML
D. az aks get-credentials –resource-group RG1 –name Clus1
Correct Answer: C
References:
https://kubernetes.io/docs/reference/kubectl/overview/
https://docs.microsoft.com/en-us/cli/azure/aks
QUESTION 8
You have two Azure SQL Database managed instances in different Azure regions.
You plan to configure the managed instances in an instance failover group.
What should you configure before you can add the managed instances to the instance failover group?
A. Azure Private Link that has endpoints on two virtual networks
B. A Site-to-Site VPN between the virtual networks that contain the instances.
C. An Azure Application Gateway that has managed instance endpoints in a backend pool.
D. An internal Azure Load Balancer instance that has managed instance endpoints in a backend pool.
Correct Answer: B
QUESTION 9
You need to meet the user requirement for Admin1. What should you do?
A. From the Subscriptions blade, select the subscription and then modify the Properties.
B. From the Subscriptions blade, select the subscription and then modify the Access control (IAM) settings.
C. From the Azure Active Directory blade, modify the Properties.
D. From the Azure Active Directory blade, modify the Groups.
Correct Answer: A
Change the Service administrator for an Azure subscription
Sign in to Account Center as the Account administrator.
Select a subscription.
On the right side, select Edit subscription details.
Scenario: Designate a new user named Admin1 as the service administrator of the Azure subscription.
References:
https://docs.microsoft.com/en-us/azure/billing/billing-add-change-azure-subscription-administrator
QUESTION 10
You are designing an Azure solution.
The solution must meet the following requirements:
*
Distribute traffic to different pools of dedicated virtual machines (VMs) based on rules
*
Provide SSL offloading capabilities
You need to recommend a solution to distribute network traffic.
Which technology should you recommend?
A.
server-level firewall rules
B.
Azure Application Gateway
C.
Azure Traffic Manager
D.
Azure Load Balancer
Correct Answer: B
If you require “SSL offloading”, application layer treatment, or wish to delegate certificate management to Azure, you
should use Azure\\’s layer 7 load balancer Application Gateway instead of the Load Balancer. References:
https://docs.microsoft.com/en-us/azure/application-gateway/overview
QUESTION 11
You create a container image named Image1 on a developer workstation.
You plan to create an Azure Web App for Containers named WebAppContainer that will use Image1.
You need to upload Image1 to Azure. The solution must ensure that WebAppContainer can use Image1.
To which storage type should you upload Image1?
A. Azure Container Registry
B. an Azure Storage account that contains a blob container
C. an Azure Storage account that contains a file share
D. Azure Container Instances
Correct Answer: A
Configure registry credentials in the web app.
App Service needs information about your registry and image to pull the private image. In the Azure portal, go to
Container settings from the web app and update the Image source, Registry and save.
References:
https://docs.microsoft.com/en-us/azure/devops/pipelines/targets/webapp-on-container-linux
QUESTION 12
You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter
image. You need to ensure that when the scale set virtual machines are provisioned, they have web server components
installed. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each
correct selection is worth one point.
A. Create a new virtual machine scale set in the Azure portal.
B. Create an automation account.
C. Upload a configuration script.
D. Modify the extensionProfile section of the Azure Resource Manager template.
E. Create an Azure policy.
Correct Answer: AD
References: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template
QUESTION 13
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers
that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are
available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.
You need to ensure that Admin1 can create access reviews in contoso.com.
Solution: You create an access package.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
You do not use access packages for Identity Governance. Instead, use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key
features of PIM include:
Conduct access reviews to ensure users still need roles
References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview
Lead4Pass Microsoft discount code
About lead4pass
Lead4Pass has 8 years of exam experience! A number of professional Microsoft exam experts! Update exam questions throughout the year! The most complete exam questions and answers! The safest buying experience! The greatest free sharing of exam practice questions and answers!
Our goal is to help more people pass the Microsoft exam! Exams are a part of life, but they are important!
In the study, you need to sum up the study! Trust Lead4Pass to help you pass the exam 100%!
Summarize:
MICVCE free to share Microsoft az-303 exam exercise questions, az-303 pdf, az-303 exam video! Lead4pass updated exam questions and answers throughout the year!
Make sure you pass the exam successfully. Select lead4Pass az-303 to pass the Microsoft az-303 exam “Microsoft Azure Architect Technologies“.
ps.
Latest update Lead4pass az-303 exam dumps: https://www.leads4pass.com/az-303.html (442 Q&As)
[Latest updates] Free Microsoft az-303 Dumps pdf download from Google Drive: https://drive.google.com/file/d/1X4pNue3LHQL_f8DuIL9BaoHzydZ37rpX/