AZ-303 Dumps Updated Apr 03, 2022 Practice Test and 218 unique questions
2022 Latest 100% Exam Passing Ratio - AZ-303 Dumps PDF
NEW QUESTION 120
You play to deploy an Azure virtual machine named VM1 by using an Azure Resource Manager template.
You need to complete the template.
What should you include in the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Within your template, the dependsOn element enables you to define one resource as a dependent on one or more resources. Its value can be a comma-separated list of resource names.
Box 1: 'Microsoft.Network/networkInterfaces'
This resource is a virtual machine. It depends on two other resources:
Microsoft.Storage/storageAccounts
Microsoft.Network/networkInterfaces
Box 2: 'Microsoft.Network/virtualNetworks/'
The dependsOn element enables you to define one resource as a dependent on one or more resources. The resource depends on two other resources:
Microsoft.Network/publicIPAddresses
Microsoft.Network/virtualNetworks
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-create-templates-with-dependent-resources
NEW QUESTION 121
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1.
You need to enable multi-factor authentication (MFA) for the users in Group1 only.
Solution: From the Azure portal, you configure an authentication method policy.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
Section: [none]
Explanation:
We should use a Conditional Access policy.
Note: There are two ways to secure user sign-in events by requiring multi-factor authentication in Azure AD.
The first, and preferred, option is to set up a Conditional Access policy that requires multi-factor authentication under certain conditions. The second option is to enable each user for Azure Multi-Factor Authentication. When users are enabled individually, they perform multi-factor authentication each time they sign in (with some exceptions, such as when they sign in from trusted IP addresses or when the remembered devices feature is turned on).
Enabling Azure Multi-Factor Authentication using Conditional Access policies is the recommended approach.
Changing user states is no longer recommended unless your licenses don't include Conditional Access as it requires users to perform MFA every time they sign in.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
NEW QUESTION 122
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage an Active Directory domain named contoso.local.
You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.
You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.
Solution: You use Synchronization Rules Editor to create a synchronization rule.
Does this meet the goal?
- A. Yes
- B. No
Answer: A
Explanation:
Filtering what objects are synced to Azure AD is a common request and there are many instances where filtering by OU just doesn't cut it. One option is to filter users by their UPN suffix so that only users with the public FQDN as their UPN suffix are synced to Azure AD (e.g., [email protected] would be synced while [email protected] would not).
Filtering can be configured using either the GUI or PowerShell.
Through GUI:
Using The Synchronization Rules Editor
1. Open the Synchronization Rules Editor on the server where Azure AD Connect is installed.
2. Click the Add new rule button on the View and manage your synchronization rules window.
3. Fill out the appropriate fields on the Description tab and click Next >.
4. On the Scoping filter tab, click Add group, then Add clause, add a userPrincipalName attribute filter, and click Next >.
Attribute: userPrincipalName
Operator: ENDSWITH
Value: Your internal UPN suffix prefixed with @ (e.g., @internal.acme.com). Users with this UPN suffix will NOT be synced with Office 365.
Reference:
https://www.sidekicktech.com/blog/field-notes/2019/upn-suffix-filtering-ad-connect/
NEW QUESTION 123
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available, Admin1 is assigned the User administrator. Compliance administrator, and Security administrator roles.
You need to ensure that Admin1 can create access reviews in contoso.com.
Solution: You purchase an Azure Active Directory Premium P2 license for contoso.com Does this meet the goal?
- A. No
- B. Yes
Answer: A
NEW QUESTION 124
You create a virtual machine scale set named Scale1. Scale1 is configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
Answer:
Explanation:
Explanation
4 virtual machines
4 virtual machines
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-autoscale-portal
NEW QUESTION 125
DRAG DROP
You are designing a solution to secure a company's Azure resources. The environment hosts 10 teams. Each team manages a project and has a project manager, a virtual machine (VM) operator, developers, and contractors.
Project managers must be able to manage everything except access and authentication for users. VM operators must be able to manage VMs, but not the virtual network or storage account to which they are connected. Developers and contractors must be able to manage storage accounts.
You need to recommend roles for each member.
What should you recommend? To answer, drag the appropriate roles to the correct employee types. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Answer:
Explanation:
Section: [none]
NEW QUESTION 126
You plan to create an Azure logic app that will access secrets stored in an Azure key vault.
You need to ensure that the logic app can authenticate to the key vault by using Azure Active Directory (Azure AD).
What should you do?
- A. Add an Azure Active Directory authorization policy.
- B. Turn on the system-assigned managed identity.
- C. Create an app registration.
- D. Modify the access keys.
Answer: B
Explanation:
Azure Key Vault provides a way to securely store credentials and other secrets, but your code needs to authenticate to Key Vault to retrieve them. Managed identities for Azure resources helps to solve this problem by giving Azure services an automatically managed identity in Azure AD. You can use this identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without having to display credentials in your code.
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/tutorial-net-create-vault-azure-web-app
NEW QUESTION 127
You have an Azure subscription that contains a resource group named RG1. RG1 contains multiple resources.
You need to trigger an alert when the resources in RG1 consume $1,000 USD.
What should you do?
- A. From RG1, create an event subscription.
- B. From Cost Management + Billing, add a cloud connector.
- C. From Cost Management + Billing create a budget.
- D. From the subscription, create an event subscription.
Answer: C
Explanation:
Section: [none]
Explanation:
Create budgets to manage costs and create alerts that automatically notify you are your stakeholders of spending anomalies and overspending.
To set it up, go to the Azure Portal, select 'Cost Management + Billing' -> 'Cost Management' -> 'Go to Cost Management'.
Note: Cost alerts are automatically generated based when Azure resources are consumed. Alerts show all active cost management and billing alerts together in one place. When your consumption reaches a given threshold, alerts are generated by Cost Management. There are three types of cost alerts: budget alerts, credit alerts, and department spending quota alerts.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/getting-started
NEW QUESTION 128
You have an Azure Resource Manager template for a virtual machine named Template1. Template1 has the following parameters section.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Yes
The Resource group is not specified.
Box 2: No
The default value for the operating system is Windows 2016 Datacenter.
Box 3: Yes
Location is no default value.
References:
https://docs.microsoft.com/bs-latn-ba/azure/virtual-machines/windows/ps-template
NEW QUESTION 129
You have an Azure subscription that contains an Azure Sentinel workspace. Sentinel is configured to monitor several Azure resources.
You need to send notification emails to resource owners when alerts or recommendations are generated for a resource.
What should you use?
- A. Azure Pipelines
- B. Azure Security Center
- C. Logic Apps Designer
- D. Azure Machine Learning Studio
Answer: C
Explanation:
Currently there is no built-in functionality that notifies you via email if there is an incident that is generated in Azure Sentinel. However, you can set up an Azure Logic App playbook to send incident information to your email.
Reference:
https://azsec.azurewebsites.net/2020/01/19/notify-azure-sentinel-alert-to-your-email-automatically/
NEW QUESTION 130
You have an Azure subscription that contains the virtual networks shown in the following table.
You create an Azure Cosmos DB account as shown in the exhibit. (Click the Exhibit tab.) For each of the following statements, select yes if the statement is true. Otherwise, select no.
Answer:
Explanation:
Explanation
NEW QUESTION 131
You have an Azure Cosmos DB account named Account1. Account1 includes a database named DB1 that contains a container named Container 1. The partition key tor Container1 is set to /city.
You plan to change the partition key for Container1
What should you do first?
- A. Delete Container1
- B. Implement the Azure CosmosDB.NET SDK
- C. Create a new container in DB1
- D. Regenerate the keys for Account1.
Answer: C
Explanation:
The good news is that there are two features, the Change Feed Processor and Bulk Executor Library, in Azure Cosmos DB that can be leveraged to achieve a live migration of your data from one container to another. This allows you to re-distribute your data to match the desired new partition key scheme, and make the relevant application changes afterwards, thus achieving the effect of "updating your partition key".
Reference:
https://devblogs.microsoft.com/cosmosdb/how-to-change-your-partition-key/
NEW QUESTION 132
You plan to create an Azure Storage account in the Azure region of East US 2.
You need to create a storage account that meets the following requirements:
* Replicates synchronously
* Remains available if a single data center in the region fails
How should you configure the storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails
GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2)
ZRS only support GPv2.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs
NEW QUESTION 133
HOTSPOT
You have an Azure logic app named App1 and an Azure Service Bus queue named Queue1.
You need to ensure that App1 can read messages from Queue1. App1 must authenticate by using Azure Active Directory (Azure AD).
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Section: [none]
Explanation:
On App1: Turn on the managed identity
To use Service Bus with managed identities, you need to assign the identity the role and the appropriate scope.
The procedure in this section uses a simple application that runs under a managed identity and accesses Service Bus resources.
Once the application is created, follow these steps:
1. Go to Settings and select Identity.
2. Select the Status to be On.
3. Select Save to save the setting.
On Queue1: Configure Access Control (IAM)
Azure Active Directory (Azure AD) authorizes access rights to secured resources through role-based access control (RBAC). Azure Service Bus defines a set of built-in RBAC roles that encompass common sets of permissions used to access Service Bus entities and you can also define custom roles for accessing the data.
Assign RBAC roles using the Azure portal
In the Azure portal, navigate to your Service Bus namespace. Select Access Control (IAM) on the left menu to display access control settings for the namespace. If you need to create a Service Bus namespace.
Select the Role assignments tab to see the list of role assignments. Select the Add button on the toolbar and then select Add role assignment.
Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/authenticate-application
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-managed-service-identity
NEW QUESTION 134
You have an Azure subscription that contains the resource groups shown in the following table.
The subscription contains the storage accounts shown in the following table.
You create a Recovery Services vault named Vault1 in RG1 in the West US location.
You need to identify which storage accounts can be used to archive the diagnostics logs of Vault1.
Which storage accounts should you identify?
- A. storage3 only
- B. storage1 or storage2 only
- C. storage1 only
- D. storage1 or stoage3 only
- E. storage2 only
Answer: B
NEW QUESTION 135
You have several Azure virtual machines on a virtual network named VNet1.
You configure an Azure Storage account as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: Never
Box 2: Never
After you configure firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an exception to enable Azure Backup service to access the network restricted storage account.
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
https://azure.microsoft.com/en-us/blog/azure-backup-now-supports-storage-accounts-secured-with-azure-storage-firewalls-and-virtual-networks/
NEW QUESTION 136
You manage a solution in Azure that consists of a single application which runs on a virtual machine (VM).
Traffic to the application has increased dramatically.
The application must not experience any downtime and scaling must be dynamically defined.
You need to define an auto-scale strategy to ensure that the VM can handle the workload.
Which three options should you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- A. Deploy application automatic vertical scaling.
- B. Deploy a custom auto-scale implementation.
- C. Deploy application automatic horizontal scaling.
- D. Create a VM availability set.
- E. Create a VM scale set.
Answer: B,C,E
NEW QUESTION 137
You have several Azure virtual machines on a virtual network named VNet1.
You configure an Azure Storage account as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
After you configure firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an exception to enable Azure Backup service to access the network restricted storage account.
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
https://azure.microsoft.com/en-us/blog/azure-backup-now-supports-storage-accounts-secured-with-azure-storage-firewalls-and-virtual-networks/
NEW QUESTION 138
You have an Azure Cosmos DB account named Account1. Account1 includes a database named DB1 that contains a container named Container 1. The partition key tor Container1 is set to /city.
You plan to change the partition key for Container1
What should you do first?
- A. Create a new container in DB1 account.
- B. Delete Container1
- C. Implement the Azure CosmosDB.NET SDK
- D. Regenerate the keys for Account1.
Answer: A
Explanation:
Explanation
The good news is that there are two features, the Change Feed Processor and Bulk Executor Library, in Azure Cosmos DB that can be leveraged to achieve a live migration of your data from one container to another. This allows you to re-distribute your data to match the desired new partition key scheme, and make the relevant application changes afterwards, thus achieving the effect of "updating your partition key".
Reference:
https://devblogs.microsoft.com/cosmosdb/how-to-change-your-partition-key/
NEW QUESTION 139
You have an Azure subscription that contains the Azure SQL servers shown in the following table.
The subscription contains the elastic pool shown in the following table.
The subscription contains the Azure SQL databases shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-elastic-pool
NEW QUESTION 140
HOTSPOT
You create a virtual machine scale set named Scale1. Scale1 is configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Section: [none]
Explanation:
Box 1:
The Autoscale scale out rule increases the number of VMs by 2 if the CPU threshold is 80% or higher. The initial instance count is 4 and rises to 6 when the 2 extra instances of VMs are added.
Box 2:
The Autoscale scale in rule decreases the number of VMs by 4 if the CPU threshold is 30% or lower. The initial instance count is 4 and thus cannot be reduced to 0 as the minimum instances is set to 2. Instances are only added when the CPU threshold reaches 80%.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-overview
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-best-practices
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-common-scale-patterns
NEW QUESTION 141
You have an Azure SQL database named DB1.
You plan to create the following four tables in DB1 by using the following code.
You need to identify which table must be created last.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
- A. Table1
- B. Table4
- C. Table2
- D. Table3
Answer: C
Explanation:
Section: [none]
Explanation:
Table1 references Table4. Therefore Table4 must be created before Table1.
Table2 references Table1 and Table3. Therefore Table1 and Table3 must be created before Table2.
Note: FOREIGN KEY REFERENCES is a constraint that provides referential integrity for the data in the column or columns. FOREIGN KEY constraints require that each value in the column exists in the corresponding referenced column or columns in the referenced table. FOREIGN KEY constraints can reference only columns that are PRIMARY KEY or UNIQUE constraints in the referenced table or columns referenced in a UNIQUE INDEX on the referenced table.
Incorrect Answers:
A: Table1 is referenced by Table2 and should be crated before Table2.
C: Table3 is referenced by Table2 and should be crated before Table2.
D: Table4 is referenced by Table1 and should be crated before Table1.
Reference:
https://docs.microsoft.com/en-us/sql/t-sql/statements/create-table-transact-sql?view=sql-server-ver15
NEW QUESTION 142
......
Verified AZ-303 dumps Q&As - 100% Pass from ActualTorrent: https://pass4sure.actualtorrent.com/AZ-303-exam-guide-torrent.html