[2021] Valid AZ-303 test answers & Microsoft AZ-303 exam pdf
Verified AZ-303 dumps Q&As - Pass Guarantee or Full Refund
NEW QUESTION 12
From Azure Cosmos DB, you create the containers shown in the following table.
You add the following item to Container1.
You plan to add items to Azure Cosmos DB as shown in the following table.
You need to identify which items can be added successfully to Container1 and Container2.
What should you identify for each container? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 13
You have an Azure subscription named Subscription1 that includes an Azure File share named share1.
You create several Azure virtual machines in Subscription1. All of the virtual machines belong to the same virtual network.
You have an on-premises Hyper-V server named Server1. Server1 hosts a virtual machine named VM1.
You plan to replicate VM1 to Azure.
You need to create additional objects in Subscription1 to support the planned deployment.
Which three objects should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Hyper-V site
- B. Azure Recovery Services Vault
- C. endpoint
- D. Azure Traffic Manager instance
- E. replication policy
- F. storage account
Answer: A,B,E
Explanation:
Section: [none]
NEW QUESTION 14
No. Access control via ACLs is enabled for a storage account as long as the Hierarchical Namespace (HNS) feature is turned ON.
Note 1: We [Microsoft] are pleased to share the general availability of Azure Active Directory (AD) based access control for Azure Storage Blobs and Queues. Enterprises can now grant specific data access permissions to users and service identities from their Azure AD tenant using Azure's Role-based access control (RBAC).
- A. Note 2: Azure Data Lake Storage Gen2 implements an access control model that supports both Azure role-based access control (Azure RBAC) and POSIX-like access control lists (ACLs).
Answer: A
Explanation:
You can associate a security principal with an access level for files and directories. These associations are captured in an access control list (ACL). Each file and directory in your storage account has an access control list. When a security principal attempts an operation on a file or directory, An ACL check determines whether that security principal (user, group, service principal, or managed identity) has the correct permission level to perform the operation.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control#access-control-lists-on-files-and-directories
https://azure.microsoft.com/en-us/blog/azure-storage-support-for-azure-ad-based-access-control-now-generally-available/
NEW QUESTION 15
HOTSPOT
You have an Azure logic app named App1 and an Azure Service Bus queue named Queue1.
You need to ensure that App1 can read messages from Queue1. App1 must authenticate by using Azure Active Directory (Azure AD).
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Section: [none]
Explanation:
On App1: Turn on the managed identity
To use Service Bus with managed identities, you need to assign the identity the role and the appropriate scope.
The procedure in this section uses a simple application that runs under a managed identity and accesses Service Bus resources.
Once the application is created, follow these steps:
1. Go to Settings and select Identity.
2. Select the Status to be On.
3. Select Save to save the setting.
On Queue1: Configure Access Control (IAM)
Azure Active Directory (Azure AD) authorizes access rights to secured resources through role-based access control (RBAC). Azure Service Bus defines a set of built-in RBAC roles that encompass common sets of permissions used to access Service Bus entities and you can also define custom roles for accessing the data.
Assign RBAC roles using the Azure portal
In the Azure portal, navigate to your Service Bus namespace. Select Access Control (IAM) on the left menu to display access control settings for the namespace. If you need to create a Service Bus namespace.
Select the Role assignments tab to see the list of role assignments. Select the Add button on the toolbar and then select Add role assignment.
Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/authenticate-application
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-managed-service-identity
NEW QUESTION 16
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Cosmos DB database that contains a container named Container1. The partition key for Container1 is set to /day. Container1 contains the items shown in the following table.
You need to programmatically query Azure Cosmos DB and retrieve item1 and item2 only.
Solution: You run the following query.
You set the EnableCrossPartitionQuery property to False.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
Returns Item1 only as EnableCrossPartitionQuery property to False. If EnableCrossPartitionQuery property is set to true, it will return Item1 and Item3.
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/sql-query-where
NEW QUESTION 17
You network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD) tenant named adatum.onmicrosoft.com.
Adatum.com contains the user accounts in the following table.
Adatum.onmicrosoft.com contains the user accounts in the following table.
You need to implement Azure AD Connect. The solution must follow the principle of least privilege.
Which user accounts should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: User5
In Express settings, the installation wizard asks for the following:
AD DS Enterprise Administrator credentials
Azure AD Global Administrator credentials
The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are only used during the installation and are not used after the installation has completed. The Enterprise Admin, not the Domain Admin should make sure the permissions in Active Directory can be set in all domains.
Box 2: UserA
Azure AD Global Admin credentials are only used during the installation and are not used after the installation has completed. It is used to create the Azure AD Connector account used for synchronizing changes to Azure AD. The account also enables sync as a feature in Azure AD.
References:
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-accounts-permissions
NEW QUESTION 18
You have an Azure subscription that contains a resource group named RG1.
You have a group named Group1 that is assigned the Contributor role for RG1.
You need to enhance security for the virtual machines in RG1 to meet the following requirements:
* Prevent Group1 from assigning external IP addresses to the virtual machines.
* Ensure that Group1 can establish an RDP connection to the virtual machines through a shared external IP address.
What should you use to meet each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 19
You have an Azure subscription that contains the resource groups shown in the following table.
You create an Azure Resource Manager template named Template1 as shown in the following exhibit.
From the Azure portal, you deploy Template1 four times by using the settings shown in the following table.
What is the result of the deployment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 20
You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table:
VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and VNet2. An administrator named Admin1 creates an Azure virtual machine VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1.
You need to move the custom application to VNet2. The solution must minimize administrative effort.
Which two actions should you perform? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
We cannot just move a virtual machine between networks. What we need to do is identify the disk used by the VM, delete the VM itself while retaining the disk, and recreate the VM in the target virtual network and then attach the original disk to it.
Reference:
https://blogs.technet.microsoft.com/canitpro/2014/06/16/step-by-step-move-a-vm-to-a-different-vnet-on-azure/
https://4sysops.com/archives/move-an-azure-vm-to-another-virtual-network-vnet/#migrate-an-azure-vm-between
NEW QUESTION 21
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
* Reader
* Security Admin
* Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do?
- A. Remove User1 from the Security Reader and Reader roles for Subscription1.
- B. Assign User1 the Network Contributor role for VNet1.
- C. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1.
- D. Assign User1 the Owner role for VNet1.
Answer: D
Explanation:
Section: [none]
NEW QUESTION 22
You monitor Azure virtual machines by using Azure Monitor.
You plan to restart the virtual machines when CPU usage exceeds 95 percent for more than 30 minutes.
You need to create an alert in Azure Monitor to restart the virtual machines. The solution must minimize administrative effort.
Which type of action should you use in the alert?
- A. Webhook
- B. Automation Runbook
- C. ITSM
Automation runbooks allows you to automatically perform standard remediations in response to VM alerts, like restarting or stopping the VM.
Previously, during VM alert rule creation you were able to specify an Automation webhook to a runbook in order to run the runbook whenever the alert triggered. However, this required you to do the work of creating the runbook, creating the webhook for the runbook, and then copying and pasting the webhook during alert rule creation. With this new release, the process is much easier because you can directly choose a runbook from a list during alert rule creation, and you can choose an Automation account which will run the runbook or easily create an account. - D. Logic App
Answer: B
Explanation:
Reference:
https://azure.microsoft.com/en-us/blog/automatically-remediate-azure-vm-alerts-with-automation-runbooks/
NEW QUESTION 23
HOTSPOT
You are developing a SMS-based testing solution. The solution sends users a question by using SMS. Early responders may qualify for prizes.
Users must respond with an answer choice within 90 seconds. You must be able to track how long it takes each user to respond. You create a durable Azure Function named SendSmsQuizQuestion that uses Twilio to send messages.
You need to write the code for MessageQuiz.
How should you complete the code? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Section: [none]
NEW QUESTION 24
HOTSPOT
You have an Azure subscription that contains the resource groups shown in the following table.
RG1 contains the virtual machines shown in the following table.
RG2 contains the virtual machines shown in the following table.
All the virtual machines are configured to use premium disks and are accessible from the Internet.
VM1 and VM2 are in an availability set named AVSET1. VM3 and VM4 are in the same availability zone and are in an availability set named AVSET2. VM5 and VM6 are in different availability zones.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Section: [none]
Explanation:
Box 1: Yes
VM1 and VM2 are in an available set named AVSET1.
For all Virtual Machines that have two or more instances deployed in the same Availability Set, we [Microsoft] guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.95% of the time.
Box 2: No
VM3 and VM4 are in the same availability zone and are in an availability set named AVSET2.
Box 3: Yes
VM5 and VM6 are in different availability zones.
For all Virtual Machines that have two or more instances deployed across two or more Availability Zones in the same Azure region, we [Microsoft] guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.99% of the time.
References:
https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_8/
NEW QUESTION 25
You are implementing authentication for applications in your company. You plan to implement self-service password reset (SSPR) and multifactor authentication (MFA) in Azure Active Directory (Azure AD).
You need to select authentication mechanisms that can be used for both MFA and SSPR.
Which two authentication methods should you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- A. Authentication app
- B. Email addresses
- C. Security questions
- D. Short Message Service (SMS) messages
- E. App passwords
Answer: A,D
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods
NEW QUESTION 26
You play to deploy an Azure virtual machine named VM1 by using an Azure Resource Manager template.
You need to complete the template.
What should you include in the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Within your template, the dependsOn element enables you to define one resource as a dependent on one or more resources. Its value can be a comma-separated list of resource names.
Box 1: 'Microsoft.Network/networkInterfaces'
This resource is a virtual machine. It depends on two other resources:
Microsoft.Storage/storageAccounts
Microsoft.Network/networkInterfaces
Box 2: 'Microsoft.Network/virtualNetworks/'
The dependsOn element enables you to define one resource as a dependent on one or more resources. The resource depends on two other resources:
Microsoft.Network/publicIPAddresses
Microsoft.Network/virtualNetworks
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-create-templates-with-dependent-resources
NEW QUESTION 27
You have an Azure subscription that contains the resource groups shown in the following table.
The subscription contains the storage accounts shown in the following table.
You create a Recovery Services vault named Vault1 in RG1 in the West US location.
You need to identify which storage accounts can be used to archive the diagnostics logs of Vault1.
Which storage accounts should you identify?
- A. storage1 or storage2 only
- B. storage1 or stoage3 only
- C. storage2 only
- D. storage1 only
- E. storage3 only
Answer: A
NEW QUESTION 28
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.
You need to ensure that the Admin1 can create access reviews in contoso.com.
Solution: You consent to Azure AD Privileged Identity Management (PIM).
Does this meet the goal?
- A. No
- B. Yes
Answer: B
Explanation:
Section: [none]
Explanation:
PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
* Conduct access reviews to ensure users still need roles
Note: Azure Active Directory (Azure AD) Privileged Identity Management (PIM) is a service that enables you to manage, control, and monitor access to important resources in your organization. This includes access to resources in Azure AD, Azure resources, and other Microsoft Online Services like Office 365 or Microsoft Intune.
References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
NEW QUESTION 29
You create and save an Azure Resource Manager template named Template1 that includes the following four sections.
You deploy template1.
For each of the following statement, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 30
You have an Azure Resource Manager template for a virtual machine named Template1. Template1 has the following parameters section.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Yes
The Resource group is not specified.
Box 2: No
The default value for the operating system is Windows 2016 Datacenter.
Box 3: Yes
Location is no default value.
References:
https://docs.microsoft.com/bs-latn-ba/azure/virtual-machines/windows/ps-template
NEW QUESTION 31
You create and save an Azure Resource Manager template named Template1 that includes the following four sections.
You deploy template1.
For each of the following statement, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 32
......
The Microsoft AZ-303 test is one of the two exams for attaining the Microsoft Certified: Azure Solutions Architect Expert certification that will prove your mastery of Azure architect solutions, data platforms, and Azure infrastructure.
AZ-303 Exam Questions – Valid AZ-303 Dumps Pdf: https://www.test4sure.com/AZ-303-pass4sure-vce.html