This page was exported from Free Exams Dumps Materials [ http://exams.dumpsmaterials.com ] Export date:Wed Dec 4 8:24:14 2024 / +0000 GMT ___________________________________________________ Title: AZ-303 Actual Questions Answers PDF 100% Cover Real Exam Questions [Q87-Q111] --------------------------------------------------- AZ-303 Actual Questions Answers PDF 100% Cover Real Exam Questions AZ-303 Exam questions and answers Details to Explore The AZ-303 test is available in English, Korean, Japanese, and Simplified Chinese. The registration fee for the exam is $165 and the candidates must pay it before scheduling their test. The exam consists of 40-60 questions and the time allowed for the completion is 180 minutes. The learners must earn at least 700 points on a scale of 1000 to succeed in this test.   Q87. You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1.VM1 runs services that will be used to deploy resources to RG1.You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1.What should you do first?  From the Azure portal, modify the Access control (IAM) settings of RG1.  From the Azure portal, modify the Policies settings of RG1.  From the Azure portal, modify the Access control (IAM) settings of VM1.  From the Azure portal, modify the value of the Managed Service Identity option for VM1. Section: [none]Explanation:Through a create process, Azure creates an identity in the Azure AD tenant that’s trusted by the subscription in use. After the identity is created, the identity can be assigned to one or more Azure service instances.Reference:https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identityhttps://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overviewQ88. Your company has a virtualization environment that contains the virtualization hosts shown in the following table.The virtual machines are configured as shown in the following table.All the virtual machines use basic disks. VM1 is protected by using BitLocker Drive Encryption (BitLocker).You plan to migrate the virtual machines to Azure by using Azure Site Recovery.You need to identify which virtual machines can be migrated.Which virtual machines should you identify for each server? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/site-recovery/hyper-v-azure-support-matrix#azure-vm-requirementsQ89. You have an Azure subscription that contains a resource group named RG1.You have a group named Group1 that is assigned the Contributor role for RG1.You need to enhance security for the virtual machines in RG1 to meet the following requirements:* Prevent Group1 from assigning external IP addresses to the virtual machines.* Ensure that Group1 can establish an RDP connection to the virtual machines through a shared external IP address.What should you use to meet each requirement? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point. Reference:https://blog.nillsf.com/index.php/2019/11/02/using-azure-policy-to-deny-public-ips-on-specific-vnets/https://azure.microsoft.com/en-us/services/azure-bastion/Q90. You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. Virtual machines connect to the virtual networks.The virtual networks have the address spaces and the subnets configured as shown in the following table.You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and VNet2 can communicate.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Explanation:Step 1: Remove peering between Vnet1 and VNet2.You can’t add address ranges to, or delete address ranges from a virtual network’s address space once a virtual network is peered with another virtual network. To add or remove address ranges, delete the peering, add or remove the address ranges, then re-create the peering.Step 2: Add the 10.44.0.0/16 address space to VNet1.Step 3: Recreate peering between VNet1 and VNet2References:https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peeringQ91. You have the Azure virtual machines shown in the following table.You have a Recovery Services vault that protects VM1 and VM2.You need to protect VM3 and VM4 by using Recovery Services.What should you do first?  Create a new backup policy  Create a new Recovery Services vault  Configure the extensions for VM3 and VM4  Create a storage account Section: [none]Explanation:A Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. You can use Recovery Services vaults to hold backup data for various Azure services References:https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replicationQ92. You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. Virtual machines connect to the virtual networks.The virtual networks have the address spaces and the subnets configured as shown in the following table.You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and VNet2 can communicate.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Reference:https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peeringQ93. You network contains an Active Directory domain that is synced to Azure Active Directory (Azure AD) as shown in the following exhibit.You have a user account configured as shown in the following exhibit.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writebackQ94. You have an Azure Resource Manager template for a virtual machine named Template1. Template1 has the following parameters section.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. References:https://docs.microsoft.com/bs-latn-ba/azure/virtual-machines/windows/ps-templateQ95. Your network contains an on-premises Active Directory and an Azure Active Directory (Azure AD) tenant.You deploy Azure AD Connect and configure pass-through authentication?Your Azure subscription contains several web apps that are accessed from the Internet.You plan to use Azure Multi-Factor Authentication (MFA) with the Azure Active Directory tenant.You need to recommend a solution to prevent users from being prompted for Azure MFA when they access the web apps from the on-premises network.What should you include in the recommendation?  a site-to-site VPN between the on-premises network and Azure  an Azure policy  an Azure ExpressRoute circuit  trusted IPs The Trusted IPs feature of Azure Multi-Factor Authentication is used by administrators of a managed or federated tenant. The feature bypasses two-step verification for users who sign in from the company intranet.The feature is available with the full version of Azure Multi-Factor Authentication, and not the free version for administrators.References:https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#trusted-ipsQ96. You have an Azure virtual machine named VM1 that runs Windows Server 2016.You install a line-of-business application on VM1.You need to create a scale set by using VM1 as a custom image.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Reference:https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-use-custom-image-powershellQ97. You have an Azure logic app named App1 and an Azure Service Bus queue named Queue1.You need to ensure that App1 can read messages from Queue1. App1 must authenticate by using Azure Active Directory (Azure AD).What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Explanation:On App1: Turn on the managed identityTo use Service Bus with managed identities, you need to assign the identity the role and the appropriate scope. The procedure in this section uses a simple application that runs under a managed identity and accesses Service Bus resources.Once the application is created, follow these steps:* Go to Settings and select Identity.* Select the Status to be On.* Select Save to save the setting.On Queue1: Configure Access Control (IAM)Azure Active Directory (Azure AD) authorizes access rights to secured resources through role-based access control (RBAC). Azure Service Bus defines a set of built-in RBAC roles that encompass common sets of permissions used to access Service Bus entities and you can also define custom roles for accessing the data.Assign RBAC roles using the Azure portalIn the Azure portal, navigate to your Service Bus namespace. Select Access Control (IAM) on the left menu to display access control settings for the namespace. If you need to create a Service Bus namespace.Select the Role assignments tab to see the list of role assignments. Select the Add button on the toolbar and then select Add role assignment.Reference:https://docs.microsoft.com/en-us/azure/service-bus-messaging/authenticate-applicationhttps://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-managed-service-identityQ98. You have an Azure subscription that contains the Azure SQL servers shown in the following table.The subscription contains the elastic pool shown in the following table.The subscription contains the Azure SQL databases shown in the following table.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Explanation:Note: You cannot add databases from different servers into the same pool Box 1: Yes Pool2 contains DB2 but DB1 and DB2 are on Sql1. DB1 can thus be added to Pool2.Box 2: YesPool3 is empty.Box 3: YesPool1 contains DB1 but DB3 and DB1 are on Sql1. DB3 can thus be added to Pool1.References:https://docs.microsoft.com/en-us/azure/sql-database/sql-database-elastic-poolQ99. You have an Azure virtual machine named VM1 that runs Windows Server 2016.You install a line-to-business application on VM1.You need to create an Azure virtual machine by using VM1 as a custom image.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. 1 – Run sysprep.exe on VM1.2 – From Azure CLI, deallocate VM1 and mark VM1 as generalized3 – Create a virtual machine scale setReferences:https://thesolving.com/server-room/when-and-how-to-use-sysprep/https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-use-custom-image-powershellQ100. You have an Azure subscription that contains a resource group named RG1. RG1 contains multiple resources.You need to trigger an alert when the resources in RG1 consume $1,000 USD.What should you do?  From Cost Management + Billing, add a cloud connector.  From the subscription, create an event subscription.  From Cost Management + Billing create a budget.  From RG1, create an event subscription. ExplanationCreate budgets to manage costs and create alerts that automatically notify you are your stakeholders of spending anomalies and overspending.To set it up, go to the Azure Portal, select ‘Cost Management + Billing’ -> ‘Cost Management’ -> ‘Go to Cost Management’.Note: Cost alerts are automatically generated based when Azure resources are consumed. Alerts show all active cost management and billing alerts together in one place. When your consumption reaches a given threshold, alerts are generated by Cost Management. There are three types of cost alerts: budget alerts, credit alerts, and department spending quota alerts.Reference:https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/getting-startedQ101. You have an Azure subscription named Subscription1.Subscription1 contains the virtual machines in the following table:Subscription1 contains a virtual network named VNet1 that has the subnets in the following table.VM3 has multiple network adapters, including a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3.You create a route table named RT1 that contains the routers in the following table.You apply RT1 to Subnet1 and Subnet2.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Explanation:IP forwarding enables the virtual machine a network interface is attached to:* Receive network traffic not destined for one of the IP addresses assigned to any of the IP configurations assigned to the network interface.* Send network traffic with a different source IP address than the one assigned to one of a network interface’s IP configurations.The setting must be enabled for every network interface that is attached to the virtual machine that receives traffic that the virtual machine needs to forward. A virtual machine can forward traffic whether it has multiple network interfaces or a single network interface attached to it.Box 1: YesThe routing table allows connections from VM3 to VM1 and VM2. And as IP forwarding is enabled on VM3, VM3 can connect to VM1.Box 2: NoVM3, which has IP forwarding, must be turned on, in order for VM2 to connect to VM1.Box 3: YesThe routing table allows connections from VM1 and VM2 to VM3. IP forwarding on VM3 allows VM1 to connect to VM2 via VM3.References:https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overviewhttps://www.quora.com/What-is-IP-forwardingQ102. HOTSPOTYou have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.In Azure, you create a private DNS zone named adatum.com. You set the registration virtual network to VNet2.The adatum.com zone is configured is shown in the following exhibit.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area: Section: [none]Explanation:Box 1: NoAzure DNS provides automatic registration of virtual machines from a single virtual network that’s linked to a private zone as a registration virtual network. VM5 does not belong to the registration virtual network though.Box 2: NoForward DNS resolution is supported across virtual networks that are linked to the private zone as resolution virtual networks. VM5 does belong to a resolution virtual network.Box 3: YesVM6 belongs to registration virtual network, and an A (Host) record exists for VM9 in the DNS zone.By default, registration virtual networks also act as resolution virtual networks, in the sense that DNS resolution against the zone works from any of the virtual machines within the registration virtual network.References:https://docs.microsoft.com/en-us/azure/dns/private-dns-overviewQ103. SIMULATIONClick to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.When you are finished performing all the tasks, click the ‘Next’ button.Note that you cannot return to the lab once you click the ‘Next’ button. Scoring occur in the background while you complete the rest of the exam.OverviewThe following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment.While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.To start the labYou may start the lab by clicking the Next button.You plan to protect on-premises virtual machines and Azure virtual machines by using Azure Backup.You need to prepare the backup infrastructure in Azure. The solution must minimize the cost of storing the backups in Azure.What should you do from the Azure portal? See solution below.Section: [none]Explanation:First, create Recovery Services vault.Step 1: On the left-hand menu, select All services and in the services list, type Recovery Services. As you type, the list of resources filters. When you see Recovery Services vaults in the list, select it to open the Recovery Services vaults menu.Step 2: In the Recovery Services vaults menu, click Add to open the Recovery Services vault menu.Step 3: In the Recovery Services vault menu, for example,Type myRecoveryServicesVault in Name.The current subscription ID appears in Subscription. If you have additional subscriptions, you could choose another subscription for the new vault.For Resource group select Use existing and choose myResourceGroup. If myResourceGroup doesn’t exist, select Create new and type myResourceGroup.From the Location drop-down menu, choose West Europe.Click Create to create your Recovery Services vault.References:https://docs.microsoft.com/en-us/azure/backup/tutorial-backup-vm-at-scaleQ104. Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure Active Directory (Azure AD) tenant named contoso.com.A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.You need to ensure that the Admin1 can create access reviews in contoso.com.Solution: You purchase an Azure Directory Premium P2 license for contoso.com.Does this meet the goal?  Yes  No Section: [none]Explanation:Instead use Azure AD Privileged Identity Management.Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:* Conduct access reviews to ensure users still need rolesReferences:https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configureQ105. You have the following Azure Active Directory (Azure AD) tenants:* Contoso.onmicrosoft.com: Linked to a Microsoft 365 tenant and syncs to an Active Directory forest named contoso.com by using password hash synchronization* Contosoazure.onmicrosoft.com: Linked to an Azure subscription named Subscription1 You need to ensure that you can assign the users in contoso.com access to the resources in Subscription1.What should you do?  Associate Subscription1 to contoso.onmicrosoft.com. Reassign all the roles in Subscription1.  Configure the existing Azure AD Connect server to sync contoso.com to contosoazure.onmicrosoft.com.  Configure contoso.onmicrosoft.com to use pass-through authentication.  Configure contosoazure.onmicrosoft.com to use pass-through authentication. Section: [none]Explanation/Reference:https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#multiple-forests- multiple-sync-servers-to-one-azure-ad-tenantQ106. You have an Azure subscription named Subscription1 that includes an Azure File share named share1.You create several Azure virtual machines in Subscription1. All of the virtual machines belong to the same virtual network.You have an on-premises Hyper-V server named Server1. Server1 hosts a virtual machine named VM1.You plan to replicate VM1 to Azure.You need to create additional objects in Subscription1 to support the planned deployment.Which three objects should you create? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.  Hyper-V site  Azure Recovery Services Vault  storage account  replication policy  Azure Traffic Manager instance  endpoint Section: [none]Q107. You have the Azure SQL Database servers shown in the following table.You have the Azure SQL databases shown in the following table.You create a failover group named failover1 that has the following settings:* Primary server: sqlserver1* Secondary server: sqlserver2* Read/Write failover policy: Automatic* Read/Write grace period (hours): 1 hour Reference:https://docs.microsoft.com/en-us/azure/azure-sql/database/auto-failover-group-overviewQ108. You plan to migrate an on-premises Hyper-V environment to Azure by using Azure Site Recovery. The Hyper-V environment is managed by using Microsoft System Center Virtual Machine Manager (VMM).The Hyper-V environment contains the virtual machines in the following table:Which virtual machine can be migrated by using Azure Site Recovery?  FS1  CA1  DC1  SQL1 Section: [none]Explanation/Reference:References:https://docs.microsoft.com/en-us/azure/site-recovery/hyper-v-azure-support-matrix#azure-vm-requirementsQ109. You have an Azure logic app named App1 and an Azure Service Bus queue named Queue1.You need to ensure that App1 can read messages from Queue1. App1 must authenticate by using Azure Active Directory (Azure AD).What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationOn App1: Turn on the managed identityTo use Service Bus with managed identities, you need to assign the identity the role and the appropriate scope.The procedure in this section uses a simple application that runs under a managed identity and accesses Service Bus resources.Once the application is created, follow these steps:* Go to Settings and select Identity.* Select the Status to be On.* Select Save to save the setting.On Queue1: Configure Access Control (IAM)Azure Active Directory (Azure AD) authorizes access rights to secured resources through role-based access control (RBAC). Azure Service Bus defines a set of built-in RBAC roles that encompass common sets of permissions used to access Service Bus entities and you can also define custom roles for accessing the data.Assign RBAC roles using the Azure portalIn the Azure portal, navigate to your Service Bus namespace. Select Access Control (IAM) on the left menu to display access control settings for the namespace. If you need to create a Service Bus namespace.Select the Role assignments tab to see the list of role assignments. Select the Add button on the toolbar and then select Add role assignment.Reference:https://docs.microsoft.com/en-us/azure/service-bus-messaging/authenticate-applicationhttps://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-managed-service-identityQ110. You have an Azure subscription named Subscription1.In Subscription1, you create an alert rule named Alert1. The Alert1 action group is configured as shown in the following exhibit.Alert1 alert criteria is triggered every minute.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point. Explanation:Box 1: 60One alert per minute will trigger one email per minute.Box 2: 12No more than 1 SMS every 5 minutes can be send, which equals 12 per hour.Note: Rate limiting is a suspension of notifications that occurs when too many are sent to a particular phone number, email address or device. Rate limiting ensures that alerts are manageable and actionable.The rate limit thresholds are:SMS: No more than 1 SMS every 5 minutes.Voice: No more than 1 Voice call every 5 minutes.Email: No more than 100 emails in an hour.Other actions are not rate limited.References:https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/monitoring-and-diagnostics/monitoring-overview-alerts.mdQ111. You have an Azure web app that runs in a Premium App Service plan.Developers plan to update the app weekly.You need to ensure that the app can be switched from the current version to the new version. The solution must meet the following requirements:* Provide the developers with the ability to test the app in Azure prior to switching versions. Testing must use the same app instance.* Ensure that the app version can be rolled back.* Minimize downtime.What should you do?  Create a deployment slot.  Copy the App Service plan.  Add an instance of the app to the scale set.  Create an Azure Active Directory (Azure AD) enterprise application. Azure Functions deployment slots allow your function app to run different instances called “slots”. Slots are different environments exposed via a publicly available endpoint. One app instance is always mapped to the production slot, and you can swap instances assigned to a slot on demand.There are a number of advantages to using deployment slots. The following scenarios describe common uses for slots:* Different environments for different purposes: Using different slots gives you the opportunity to differentiate app instances before swapping to production or a staging slot.* Easy fallbacks: After a swap with production, the slot with a previously staged app now has the previous production app. If the changes swapped into the production slot aren’t as you expect, you can immediately reverse the swap to get your “last known good instance” back.* PrewarmingReference:https://docs.microsoft.com/en-us/azure/azure-functions/functions-deployment-slots Loading … DumpsMaterials AZ-303 Exam Practice Test Questions: https://www.dumpsmaterials.com/AZ-303-real-torrent.html --------------------------------------------------- Images: https://exams.dumpsmaterials.com/wp-content/plugins/watu/loading.gif https://exams.dumpsmaterials.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-12-26 12:29:01 Post date GMT: 2022-12-26 12:29:01 Post modified date: 2022-12-26 12:29:01 Post modified date GMT: 2022-12-26 12:29:01