Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • [Q64-Q81] Use Real AZ-303 - 100% Cover Real Exam Questions [Oct-2021]

[Q64-Q81] Use Real AZ-303 - 100% Cover Real Exam Questions [Oct-2021]

Share

Use Real AZ-303 - 100% Cover Real Exam Questions [Oct-2021] 

Dumps Brief Outline Of The AZ-303 Exam - TestSimulate

NEW QUESTION 64
You network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD) tenant named adatum.onmicrosoft.com.
Adatum.com contains the user accounts in the following table.

Adatum.onmicrosoft.com contains the user accounts in the following table.

You need to implement Azure AD Connect. The solution must follow the principle of least privilege.
Which user accounts should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: User5
In Express settings, the installation wizard asks for the following:
AD DS Enterprise Administrator credentials
Azure AD Global Administrator credentials
The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are only used during the installation and are not used after the installation has completed. The Enterprise Admin, not the Domain Admin should make sure the permissions in Active Directory can be set in all domains.
Box 2: UserA
Azure AD Global Admin credentials are only used during the installation and are not used after the installation has completed. It is used to create the Azure AD Connector account used for synchronizing changes to Azure AD. The account also enables sync as a feature in Azure AD.
References:
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-accounts-permissions

 

NEW QUESTION 65
You create a virtual machine scale set named Scale1. Scale1 is configured as shown in the following exhibit.
The subscription contains the Azure SQL databases shown in the following table.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-overview
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-best-practices
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-common-scale-patterns

 

NEW QUESTION 66
You are designing a solution to secure a company's Azure resources. The environment hosts 10 teams. Each team manages a project and has a project manager, a virtual machine (VM) operator, developers, and contractors.
Project managers must be able to manage everything except access and authentication for users. VM operators must be able to manage VMs, but not the virtual network or storage account to which they are connected. Developers and contractors must be able to manage storage accounts.
You need to recommend roles for each member.
What should you recommend? To answer, drag the appropriate roles to the correct employee types. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 67
You have an on-premises virtual machine named VM1 configured as shown in the following exhibit.

VM is started.
You need to create a new virtual machine image in Azure from VM1.
Which three actions should you perform before you create the new image? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Run Add-AzureRmVhdand specify a file share as the destination
  • B. Reduce the amount of memory to 16 GB
  • C. Convert the disk type to VHD
  • D. Run Add-AzureRmVhdand specify a blob service container as the destination
  • E. Generalize VM1
  • F. Remove the Backup (volume shadow copy) integration service

Answer: C,D,E

Explanation:
Section: [none]
Explanation:
B: Sysprep removes all your personal account and security information, and then prepares the machine to be used as an image.
C, F: The Add-AzureRmVhd cmdlet uploads on-premises virtual hard disks, in .vhd file format, to a blob storage account as fixed virtual hard disks.
References:
https://docs.microsoft.com/en-us/powershell/module/azurerm.compute/add-azurermvhd?view=azurermps-
6.13.0
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/capture-image-resource

 

NEW QUESTION 68
You have an Azure subscription that contains the storage accounts shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 69
You have an Azure Active Directory (Azure AD) tenant linked to an Azure subscription. The tenant contains a group named Admins.
You need to prevent users, except for the members of Admins, from using the Azure portal and Azure PowerShell to access the subscription.
What should you do?

  • A. From the Azure subscription, configure Access control (IAM).
  • B. From Azure AD, configure the User settings.
  • C. From the Azure subscription, assign an Azure policy.
  • D. From Azure AD, create a conditional access policy.

Answer: D

Explanation:
Section: [none]
Explanation:
Typically, you use Conditional Access to control access to your cloud apps. You can also set up policies to control access to Azure management.
The policy you create applies to all Azure management endpoints, including the following:
* Azure portal
* Azure Resource Manager provider
* Classic Service Management APIs
* Azure PowerShell
* Visual Studio subscriptions administrator portal
* Azure DevOps
* Azure Data Factory portal
To create a policy for Azure management, you select Microsoft Azure Management under Cloud apps when choosing the app to which to apply the policy.

Incorrect Answers:
A: From User Settings you can only restrict access to Azure Portal, not access to Azure Powershell.
Note: Microsoft allows restricting standard user access to Azure Active Directory administration portal.
1. Log in to Azure portal as Global Administrator
2. Go to Azure Active Directory | User Settings
3. Then click on Yes under Restrict access to Azure AD administration portal

Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/conditional-access-azure-management
https://www.rebeladmin.com/2019/04/step-step-guide-restrict-azure-ad-administration-portal/

 

NEW QUESTION 70
You have an Azure virtual machine named VM1 that runs Windows Server 2016.
You install a line-to-business application on VM1.
You need to create an Azure virtual machine by using VM1 as a custom image.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

1 - Run sysprep.exe on VM1.
2 - From Azure CLI, deallocate VM1 and mark VM1 as generalized
3 - Create a virtual machine scale set
Explanation:
References:
https://thesolving.com/server-room/when-and-how-to-use-sysprep/
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-use-custom-image-powershell

 

NEW QUESTION 71
You have an Azure subscription that contains the resources shown in the following table.

You need to grant App1 read-only access to Table1. What should you use?

  • A. anonymous public read access
  • B. an X.509 certificate
  • C. a shared access signature (SAS)
  • D. a storage access key

Answer: C

 

NEW QUESTION 72
You have an Azure subscription that contains the web apps shown in the following table.

For which web app can you configure a WebJob?

  • A. WebApp1
  • B. WebApp3
  • C. WebApp2
  • D. WebApp4

Answer: D

Explanation:
Explanation
Publishing a .NET Core WebJob to App Service from Visual Studio uses the same tooling as publishing an ASP.NET Core app.
References:
https://docs.microsoft.com/en-us/azure/app-service/webjobs-dotnet-deploy-vs

 

NEW QUESTION 73
You have a resource group named RG1 that contains the following:
A virtual network that contains two subnets named Subnet1 and Subnet2
An Azure Storage account named contososa1
An Azure firewall deployed to Subnet2
You need to ensure that contososa1 is accessible from Subnet1 over the Azure backbone network.
What should you do?

  • A. Deploy an Azure firewall to Subnet1.
  • B. Implement a virtual network service endpoint.
  • C. Create a stored access policy for contososa1.
  • D. Remove the Azure firewall.

Answer: B

Explanation:
Section: [none]
Explanation:
Virtual Network (VNet) service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network.
Virtual Network (VNet) service endpoints extend your virtual network private address space and the identity of your VNet to the Azure services, over a direct connection. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Traffic from your VNet to the Azure service always remains on the Microsoft Azure backbone network.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview

 

NEW QUESTION 74
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available, Admin1 is assigned the User administrator. Compliance administrator, and Security administrator roles.
You need to ensure that Admin1 can create access reviews in contoso.com.
Solution: You purchase an Azure Active Directory Premium P2 license for contoso.com Does this meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
Explanation
Instead use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
* Conduct access reviews to ensure users still need roles
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

 

NEW QUESTION 75
A company plans to use third-party application software to perform complex data analysis processes. The software will use up to 500 identical virtual machines (VMs) based on an Azure Marketplace VM image.
You need to design the infrastructure for the third-party application server. The solution must meet the following requirements:
* The number of VMs that are running at any given point in time must change when the user workload changes.
* When a new version of the application is available in Azure Marketplace it must be deployed without causing application downtime.
* Use VM scale sets.
* Minimize the need for ongoing maintenance.
Which two technologies should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. managed disks
  • B. single storage account
  • C. single placement group
  • D. autoscale

Answer: A,D

Explanation:
Introduction to Azure managed disks https://docs.microsoft.com/en-us/azure/virtual-machines/windows/managed-disks-overview "Using managed disks, you can create up to 50,000 VM disks of a type in a subscription per region, allowing you to create thousands of VMs in a single subscription. This feature also further increases the scalability of virtual machine scale sets by allowing you to create up to 1,000 VMs in a virtual machine scale set using a Marketplace image."
Topic 1, Contoso, Ltd
Overview
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.
Existing Environment
Currently, Contoso uses multiple types of servers for business operations, including the following:
* File servers
* Domain controllers
* Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
* A SQL database
* A web front end
* A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Requirements
Planned Changes
Contoso plans to implement the following changes to the infrastructure:
* Move all the tiers of App1 to Azure.
* Move the existing product blueprint files to Azure Blob storage.
* Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.
Technical Requirements
Contoso must meet the following technical requirements:
* Move all the virtual machines for App1 to Azure.
* Minimize the number of open ports between the App1 tiers.
* Ensure that all the virtual machines for App1 are protected by backups.
* Copy the blueprint files to Azure over the Internet.
* Ensure that the blueprint files are stored in the archive storage tier.
* Ensure that partner access to the blueprint files is secured and temporary.
* Prevent user passwords or hashes of passwords from being stored in Azure.
* Use unmanaged standard storage for the hard disks of the virtual machines.
* Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
Minimize administrative effort whenever possible.
User Requirements
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
Designate a new user named Admin1 as the service administrator of the Azure subscription.
Ensure that a new user named User3 can create network objects for the Azure subscription

 

NEW QUESTION 76
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Cosmos DB database that contains a container named Container1. The partition key for Container1 is set to /day. Container1 contains the items shown in the following table.

You need to programmatically query Azure Cosmos DB and retrieve Item1 and Item2 only.
Solution: You run the following query.

You set the EnableCrossPartitionQuery property to True.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: B

Explanation:
Section: [none]
Explanation:
Returns Item1 and Item2 only.
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/sql-query-where
https://docs.microsoft.com/en-us/dotnet/api/
microsoft.azure.documents.client.feedoptions.enablecrosspartitionquery?view=azure-dotnet

 

NEW QUESTION 77
You need to configure the Device settings to meet the technical requirements and the user requirements.
Which two settings should you modify? To answer, select the appropriate settings in the answer area.

Answer:

Explanation:

Explanation:
Box 1: Selected
Only selected users should be able to join devices
Box 2: Yes
Require Multi-Factor Auth to join devices.
From scenario:
* Ensure that only users who are part of a group named Pilot can join devices to Azure AD
* Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.

 

NEW QUESTION 78
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named fabrikam.com. The forest contains two child domains named corp.fabrikam.com and research.fabrikam.com.
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
You install Azure AD Connect and sync all the on-premises user accounts to the Azure AD tenant. You implement seamless single sign-on (SSO).
You plan to change the source of authority for all the user accounts in research.fabrikam.com to Azure AD.
You need to prevent research.fabrikam.com from resyncing to Azure AD.
Solution: You use Active Directory Domains and Trusts from a computer joined to fabrikam.com.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
Section: [none]
Explanation:
Instead you should customize the default synchronization rule.
Note:
To delete a custom domain name, you must first ensure that no resources in your directory rely on the domain name. You can't delete a domain name from your directory if:
* Any user has a user name, email address, or proxy address that includes the domain name.
* Any group has an email address or proxy address that includes the domain name.
* Any application in your Azure AD has an app ID URI that includes the domain name.
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-create-custom-sync-rule

 

NEW QUESTION 79
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
You need to meet the vendor notification requirement.
Solution: Update the Delivery API to send emails by using a cloud-based email service.
Does the solution meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
Section: [none]
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-configure-notifications

 

NEW QUESTION 80
You need to configure the Device settings to meet the technical requirements and the user requirements.
Which two settings should you modify? To answer, select the appropriate settings in the answer area.

Answer:

Explanation:

Explanation:
Box 1: Selected
Only selected users should be able to join devices
Box 2: Yes
Require Multi-Factor Auth to join devices.
From scenario:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.

 

NEW QUESTION 81
......

Certification Training for AZ-303 Exam Dumps Test Engine: https://www.testsimulate.com/AZ-303-study-materials.html

Related Blogs

more
Go To AZ-303 Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.