2021 AZ-303 Question Bank: Free PDF Download Recently Updated Questions

AZ-303 Certification Exam Dumps with 211 Practice Test Questions

The benefit of obtaining the AZ-303: Microsoft Azure Architect Technologies Exam Certification

• AZ-303 Certification provides practical experience to candidates from all the aspects to be a proficient worker in the organization.

• AZ-303 certification has more useful and relevant networks that help them in setting career goals for themselves. AZ-303 networks provide them with the correct career guidance than non certified generally are unable to get.

• AZ-303 credential delivers higher earning opportunity and increases promotion opportunities because it shows a good understanding of Azure Architect Technologies

• AZ-303 Exam provide proven knowledge to use the tools to complete the task efficiently and cost-effectively than the other non-certified professionals lack in doing so.

• AZ-303 Certified professionals are distinguished among competitors when appearing for employment or promotion interviews.

• This certification will be judging your skills and knowledge on your understanding of Azure Architect Technologies concepts & Understanding of how to operate on Planning and Administering Azure Architect Technologies.

• This certification credential will give you an edge over other counterparts. Apart from knowledge from AZ-303: Microsoft Azure Architect Technologies Exam.

NEW QUESTION 115
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company is deploying an on-premises application named Appl. Users will access App1 by using a URL of https://app1.contoso.com. You register App1 in Azure Active Directory (Azure AD) and publish Appl by using the Azure AD Application Proxy. You need to ensure that Appl appears in the My Apps portal for all the users.
Solution: You create a conditional access policy for App1.

• A. No
• B. Yes

Answer: A

Explanation:
Instead you modify User and Groups for App1.
Reference:
https://cloud.google.com/architecture/identity/integrating-google-services-and-apps-with-azure-ad-portal#adding_links

 

NEW QUESTION 116
Your network contains an on-premises Active Directory domain named contoso.com that contains a member server named Server1.
You have the accounts shown in the following table.

You are installing Azure AD Connect on Server1.
You need to specify the account for Azure AD Connect synchronization. The solution must use the principle of least privilege.
Which account should you specify?

• A. CONTOSO\User3
• B. CONTOSO\User1
• C. CONTOSO\User2
• D. SERVER1\User4

Answer: C

Explanation:
Explanation
The default Domain User permissions are sufficient
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions

 

NEW QUESTION 117
You have an Azure subscription that contains the Azure SQL servers shown in the following table.

The subscription contains the elastic pool shown in the following table.

The subscription contains the Azure SQL databases shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Note: You cannot add databases from different servers into the same pool Box 1: Yes Pool2 contains DB2 but DB1 and DB2 are on Sql1. DB1 can thus be added to Pool2.
Box 2: Yes
Pool3 is empty.
Box 3: Yes
Pool1 contains DB1 but DB3 and DB1 are on Sql1. DB3 can thus be added to Pool1.
References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-elastic-pool

 

NEW QUESTION 118
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage an Active Directory domain named contoso.local.
You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.
You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.
Solution: You use Synchronization Rules Editor to create a synchronization rule.
Does this meet the goal?

• A. No
• B. Yes

Answer: B

Explanation:
Filtering what objects are synced to Azure AD is a common request and there are many instances where filtering by OU just doesn't cut it. One option is to filter users by their UPN suffix so that only users with the public FQDN as their UPN suffix are synced to Azure AD (e.g., [email protected] would be synced while [email protected] would not).
Filtering can be configured using either the GUI or PowerShell.
Through GUI:
Using The Synchronization Rules Editor
1. Open the Synchronization Rules Editor on the server where Azure AD Connect is installed.

2. Click the Add new rule button on the View and manage your synchronization rules window.
3. Fill out the appropriate fields on the Description tab and click Next >.
4. On the Scoping filter tab, click Add group, then Add clause, add a userPrincipalName attribute filter, and click Next >.
Attribute: userPrincipalName
Operator: ENDSWITH
Value: Your internal UPN suffix prefixed with @ (e.g., @internal.acme.com). Users with this UPN suffix will NOT be synced with Office 365.

Reference:
https://www.sidekicktech.com/blog/field-notes/2019/upn-suffix-filtering-ad-connect/

 

NEW QUESTION 119
You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.
You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.
What should you create to store the password?

• A. Azure Active Directory (AD) Identity Protection and an Azure policy
• B. a Recovery Services vault and a backup policy
• C. an Azure Key Vault and an access policy
• D. an Azure Storage account and an access policy

Answer: C

Explanation:
Section: [none]

 

NEW QUESTION 120
What should you create to configure AG2?

• A. an additional public IP address
• B. basic listeners
• C. basic routing rules
• D. multi-site listeners
• E. URL path-based routing rules

Answer: D

Explanation:
Section: [none]
Explanation:
- AG2 must load balance incoming traffic in the following manner:
- http://www.adatum.com will be load balanced across Pool21.
- http://fabrikam.com will be load balanced across Pool22.
You need to configure an Azure Application Gateway with multi-site listeners to direct different URLs to different pools.
References:
https://docs.microsoft.com/en-us/azure/application-gateway/multiple-site-overview Testlet 5 Case study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.
Existing Environment
Currently, Contoso uses multiple types of servers for business operations, including the following:
* File servers
* Domain controllers
* Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
* A SQL database
* A web front end
* A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Requirements
Planned Changes
Contoso plans to implement the following changes to the infrastructure:
* Move all the tiers of App1 to Azure.
* Move the existing product blueprint files to Azure Blob storage.
* Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.
Technical Requirements
Contoso must meet the following technical requirements:
* Move all the virtual machines for App1 to Azure.
* Minimize the number of open ports between the App1 tiers.
* Ensure that all the virtual machines for App1 are protected by backups.
* Copy the blueprint files to Azure over the Internet.
* Ensure that the blueprint files are stored in the archive storage tier.
* Ensure that partner access to the blueprint files is secured and temporary.
* Prevent user passwords or hashes of passwords from being stored in Azure.
* Use unmanaged standard storage for the hard disks of the virtual machines.
* Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
* Minimize administrative effort whenever possible.
User Requirements
Contoso identifies the following requirements for users:
* Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
* Designate a new user named Admin1 as the service admin for the Azure subscription.
* Admin1 must receive email alerts regarding service outages.
* Ensure that a new user named User3 can create network objects for the Azure subscription.

 

NEW QUESTION 121
HOTSPOT
You have an app named App1 that reads messages from an Azure Service Bus queue. App1 has the following requirements:
* Messages must be processed in the order in which they are received.
* No message is to remain in a Service Bus queue named Queue1 for longer than 14 days.
* Messages that cannot be delivered must be retained until they are reviewed, and then manually deleted.
You need to create Queue1.
Which two settings should you modify for Queue1? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Explanation:

Section: [none]
Explanation:
* Enable dead lettering on message expiration
Expired messages can optionally be moved to a dead-letter queue by setting the EnableDeadLetteringOnMessageExpiration property, or checking the respective box in the portal. If the option is left disabled, expired messages are dropped.
Note: The purpose of the dead-letter queue is to hold messages that can't be delivered to any receiver, or messages that couldn't be processed. Messages can then be removed from the DLQ and inspected. An application might, with help of an operator, correct issues and resubmit the message, log the fact that there was an error, and take corrective action.
* Enable sessions
The session feature in Service Bus enables a specific receive operation, in the form of MessageSession in the C# and Java APIs. You enable the feature by setting the requiresSession property on the queue or subscription via Azure Resource Manager, or by setting the flag in the portal. It's required before you attempt to use the related API operations.
Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-dead-letter-queues

 

NEW QUESTION 122
You have an Azure subscription that contains the storage accounts shown in the following table.

You enable Storage Advanced Threat Protection (ATP) for all the storage accounts.
You need to identify which storage accounts will generate Storage ATP alerts.
Which two storage accounts should you identify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. storagecontoso1
• B. storagecontoso4
• C. storagecontoso5
• D. storagecontoso2
• E. storagecontoso3

Answer: A,D

Explanation:
Storage Threat Detection is available for the Blob Service.

Reference:
https://azure.microsoft.com/en-us/blog/advanced-threat-protection-for-azure-storage-now-in-public-preview/

 

NEW QUESTION 123
You have a virtual network named VNet1 as shown in the exhibit. (Click the Exhibit tab.)

No devices are connected to VNet1.
You plan to peer VNet1 to another virtual network named VNet2. VNet2 has an address space of
10.2.0.0/16.
You need to create the peering.
What should you do first?

• A. Modify the address space of VNet1.
• B. Add a gateway subnet to VNet1.
• C. Configure a service endpoint on VNet2.
• D. Create a subnet on VNEt1 and VNet2.

Answer: A

Explanation:
The virtual networks you peer must have non-overlapping IP address spaces. The exhibit indicates that VNet1 has an address space of 10.2.0.0/16, which is the same as VNet2, and thus overlaps. We need to change the address space for VNet1.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and- constraints

 

NEW QUESTION 124
HOTSPOT
You have the Azure SQL Database servers shown in the following table.

You have the Azure SQL databases shown in the following table.

You create a failover group named failover1 that has the following settings:
* Primary server: sqlserver1
* Secondary server: sqlserver2
* Read/Write failover policy: Automatic
* Read/Write grace period (hours): 1 hour
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Explanation:

Section: [none]
Explanation:
Box 1: Yes
DB1 is on the primary server
Box 2: No
DB3 is on the secondary server.
You can put all or several databases within an elastic pool into the same failover group.
Box 3: No
A failover group is a named group of databases managed by a single server or within a managed instance that can fail over as a unit to another region in case all or some primary databases become unavailable due to an outage in the primary region.
The secondary cannot be in the same region as the primary.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/auto-failover-group-overview

 

NEW QUESTION 125
You have an Azure SQL database named DB1.
You plan to create the following four tables in DB1 by using the following code:

• A. Table 2
• B. Table 4
• C. Table 1
• D. Table 3

Answer: A

 

NEW QUESTION 126
Your on-premises network contains 100 virtual machines that run Windows Server 2019.
You have an Azure subscription that contains an Azure Log Analytics workspace named Workspace1.
You need to collect errors from the Windows event logs on the virtual machines.
Which two actions should you perform' Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. Create an Azure Event Grid domain
• B. Configure Windows Event Forwarding on the virtual machines
• C. Configure the Data Collection settings for Workspace1.
• D. Create an Azure Sentinel workspace.
• E. Deploy the Microsoft Monitoring Agent

Answer: C,E

Explanation:
The Azure Log Analytics agent collects telemetry from Windows and Linux virtual machines in any cloud, on-premises machines, and those monitored by System Center Operations Manager and sends it collected data to your Log Analytics workspace in Azure Monitor.
Note: You may also see the Log Analytics agent referred to as the Microsoft Monitoring Agent (MMA) or OMS Linux agent.
Data is collected using the Log Analytics agent, which reads various security-related configurations and event logs from the machine and copies the data to your workspace for analysis.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent
https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection

 

NEW QUESTION 127
You network contains an Active Directory domain that is synced to Azure Active Directory (Azure AD) as shown in the following exhibit.

You have a user account configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback

 

NEW QUESTION 128
You have an Azure subscription that contains the resource groups shown in the following table.

You have the Azure SQL servers shown in the following table.

You create an Azure SQL database named DB1 on Sql1 in an elastic pool named Poo11.
You need to create an Azure SQL database named DB2 in Poo11.
Where should you deploy DB2?

• A. Sql1
• B. Sql3
• C. Sql2
• D. Sql4

Answer: A

Explanation:
Section: [none]
Explanation:
The databases in an elastic pool are on a single Azure SQL Database server and share a set number of resources at a set price.
Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-elastic-pool

 

NEW QUESTION 129
HOTSPOT
From Azure Cosmos DB, you create the containers shown in the following table.

You add the following item to Container1.

You plan to add items to Azure Cosmos DB as shown in the following table.

You need to identify which items can be added successfully to Container1 and Container2.
What should you identify for each container? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Answer:

Explanation:

Section: [none]

 

NEW QUESTION 130
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server 2019. Server1 is a container host.
You are creating a Dockerfile to build a container image.
You need to add a file named File1.txt from Server1 to a folder named C:\Folder1 in the container image.
Solution: You add the following line to the Dockerfile.
XCOPY File1.txt C:\Folder1\
You then build the container image.
Does this meet the goal?

• A. No
• B. Yes

Answer: A

Explanation:
Copy is the correct command to copy a file to the container image. Furthermore, the root directory is specified as '/' and not as 'C:/'.
References:
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy
https://docs.docker.com/engine/reference/builder/

 

NEW QUESTION 131
You have virtual machines (VMs) that run a mission-critical application.
You need to ensure that the VMs never experience down time.
What should you recommend? To answer, drag the appropriate solutions to the correct scenarios. Each solution may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: Scale set
A virtual machine scale set allows you to deploy and manage a set of identical, autoscaling virtual machines.
Box 2: Availability Set
An Availability Set is a logical grouping capability for isolating VM resources from each other when they're deployed. Azure makes sure that the VMs you place within an Availability Set run across multiple physical servers, compute racks, storage units, and network switches. If a hardware or software failure happens, only a subset of your VMs are impacted and your overall solution stays operational. Availability Sets are essential for building reliable cloud solutions.
Box 3: Fault domain
A fault domain is a logical group of underlying hardware that share a common power source and network switch, similar to a rack within an on-premises datacenter. As you create VMs within an availability set, the Azure platform automatically distributes your VMs across these fault domains. This approach limits the impact of potential physical hardware failures, network outages, or power interruptions.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-create-vmss
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-availability-sets

 

NEW QUESTION 132
You need to meet the user requirement for Admin1.
What should you do?

• A. From the Azure Active Directory blade, modify the Groups.
• B. From the Azure Active Directory blade, modify the Properties.
• C. From the Subscriptions blade, select the subscription, and then modify the Properties.
• D. From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.

Answer: C

Explanation:
Change the Service administrator for an Azure subscription
* Sign in to Account Center as the Account administrator.
* Select a subscription.
* On the right side, select Edit subscription details.
Scenario: Designate a new user named Admin1 as the service administrator of the Azure subscription.
References:
https://docs.microsoft.com/en-us/azure/billing/billing-add-change-azure-subscription-administrator

 

NEW QUESTION 133
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription.
You have an on-premises file server named Server1 that runs Windows Server 2019.
You manage Server1 by using Windows Admin Center.
You need to ensure that if Server1 fails, you can recover the data from Azure.
Solution: From the Azure portal, you create a Recovery Services vault. On VM1, you install the Azure Backup agent and you schedule a backup.
Does this meet the goal?

• A. No
• B. Yes

Answer: A

Explanation:
Section: [none]
Explanation:
Instead use Azure Storage Sync service and configure Azure File.
Use Azure File Sync to centralize your organization's file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms Windows Server into a quick cache of your Azure file share.
References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction

 

NEW QUESTION 134
You network contains an Active Directory domain that is synced to Azure Active Directory (Azure AD) as shown in the following exhibit.

You have a user account configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: No
Password writeback is disabled.
Note: Having a cloud-based password reset utility is great but most companies still have an on-premises directory where their users exist. How does Microsoft support keeping traditional on-premises Active Directory (AD) in sync with password changes in the cloud? Password writeback is a feature enabled with Azure AD Connect that allows password changes in the cloud to be written back to an existing on-premises directory in real time.
Box 2: No
Box 3: Yes
Yes, there is an Edit link for Location Info.
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback

 

NEW QUESTION 135
You have an Azure subscription.
You create a custom role in Azure by using the following Azure Resource Manager template.

You assign the role to a user named User1.
Which action can User1 perform?

• A. Delete virtual machines.
• B. Create support requests.
• C. Create virtual machines.
• D. Create resource groups.

Answer: B

Explanation:
Section: [none]
Explanation:
The "Microsoft.Support/*" operation will allow the user to create support tickets.
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell

 

NEW QUESTION 136
......

New AZ-303 Exam Dumps with High Passing Rate: https://www.testsimulate.com/AZ-303-study-materials.html