The latest Microsoft AZ-303 Microsoft Azure Architect Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-303 Microsoft Azure Architect Technologies exam and earn Microsoft AZ-303 Microsoft Azure Architect Technologies certification.
Exam Question 111
You need to deploy a virtual machine (VM) to Azure from a third-party online template.
Which PowerShell cmdlet should you use?
A. New-AzVMConfig
B. New-AzResourceGroupDeployment
C. New-AzureQuickVM
D. New-AzVM
Correct Answer:
B. New-AzResourceGroupDeployment
Answer Description:
You should use New-AzResourceGroupDeployment. This cmdlet allows you to use Azure Resource Manager (ARM) templates to create Azure resources. In this scenario, it allows you to create a VM from an ARM template.
You should not use New-AzureQuickVM or New-AzVM. Both cmdlets allows you to create a VM from a PowerShell command, not from a third-party online template. You can use New-AzureQuickVM and New-AzVM to create VMs using the classic deployment and Azure Resource Manager, respectively.
You should not use New-AzVMConfig. This cmdlet creates a VM configuration, not an actual VM.
References:
Microsoft Docs > Quickstart: Create and deploy ARM templates by using the Azure portal
Microsoft Docs > Deploy resources with ARM templates and Azure PowerShell
Microsoft Docs > Azure Resource Manager vs. classic deployment: Understand deployment models and the state of your resource
Microsoft Docs > New-AzVM
Microsoft Docs > New-AzVMConfig
Exam Question 112
You used the Azure portal to deploy resources. You now want to create a similar deployment based on the ARM template that you used with this earlier deployment.
Which four actions should you perform in sequence?
A. 1. Open the Azure portal. 2. Select the resource group that you recently deployed. 3. From the group’s deployment history, select the appropriate deployment. 4. Redeploy and provide different values as needed.
B. 1. Open the Azure portal. 2. Select the resource group that you recently deployed. 3. Redeploy and provide different values as needed. 4. From the group’s deployment history, select the appropriate deployment.
C. 1. Open the Azure portal. 2. Select Automation script. 3. Redeploy and provide different values as needed. 4. From the group’s deployment history, select the appropriate deployment.
D. 1. Open the Azure portal. 2. Select Automation script. 3. From the group’s deployment history, select the appropriate deployment. 4. Redeploy and provide different values as needed.
Correct Answer:
A. 1. Open the Azure portal. 2. Select the resource group that you recently deployed. 3. From the group’s deployment history, select the appropriate deployment. 4. Redeploy and provide different values as needed.
Answer Description:
You should perform the following steps in order:
- Open the Azure portal.
- Select the resource group that you recently deployed.
- From the group’s deployment history, select the appropriate deployment.
- Redeploy and provide different values as needed.
You use the Azure portal to perform this procedure. You find the resource group that you deployed previously, view the deployments for this resource group, and then select the deployment that you want to repeat. The template from this previous deployment is used for the new deployment.
You should not select Automation script. This option generates a new ARM template for the resource group. It does not use the template from a previous deployment.
You should not view the deployment’s template and edit any parameters as required for the current deployment. You can provide new values when you redeploy, but you cannot edit the template during this step.
References:
Microsoft Docs > Manage Azure resources by using the Azure portal
Exam Question 113
An Azure resource group was initially deployed from an Azure Resource Manager (ARM) template. Resources have since been added and modified manually through the Azure portal.
You need to create a new template based on the current state of the resource group.
Which PowerShell cmdlet should you use?
A. Export-AzResourceGroup
B. New-AzResourceGroupDeployment
C. Save-AzDeploymentTemplate
D. Save-AzResourceGroupDeploymentTemplate
Correct Answer:
A. Export-AzResourceGroup
Answer Description:
You should use the Export-AzResourceGroup cmdlet. This cmdlet captures a specified resource group and saves it as a template to a JSON file. This gives you a way to create a template based on the current resources in a resource group. You also have the option of exporting a running resource group as a template from the Azure portal.
You should not use the Save-AzResourceGroupDeploymentTemplate cmdlet. This saves a resource group deployment, not the current resource group, to a file. You must specify both the deployment name and resource group name.
You should not use the Save-AzDeploymentTemplate cmdlet. This saves an existing deployment template to a new template file.
You should not use the New-AzResourceGroupDeployment cmdlet. This cmdlet is used to apply a template to an existing resource group, not to create a new template file.
References:
Microsoft Docs > Single and multi-resource export to a template in Azure portal
Microsoft Docs > Save-AzResourceGroupDeploymentTemplate
Microsoft Docs > Export-AzResourceGroup
Microsoft Docs > New-AzResourceGroupDeployment
Microsoft Docs > Save-AzDeploymentTemplate
Exam Question 114
You create an Azure Automation Account with an Azure PowerShell runbook to stop Azure Virtual Machines (VMs) with a given tag.
When you execute this runbook, you see the error message shown in the exhibit.
You need to fix the runbook.
What should you do?
A. Update the AzureRM.Compute module from the modules gallery.
B. Re-create the runbook as a graphical runbook.
C. Create a new Azure Automation Run As account.
D. Import the Az.Compute module from the modules gallery.
Correct Answer:
D. Import the Az.Compute module from the modules gallery.
Answer Description:
You should import the Az.Compute module from the modules gallery. This kind of error occurs when you try to run a runbook without the required modules installed. You can import the Az.Compute module from the modules gallery to enable the Get-AzVM PowerShell cmdlet and fix the error shown in the exhibit.
You should not update the AzureRM.Compute module from the modules gallery. This module is available by default in the Automation Account. You can use this module if your runbook uses the AzureRM PowerShell module to stop Azure VMs, like the Get-AzureRmVM cmdlet.
You should not create a new Azure Automation Run As account. The Azure Automation Run As account is a service principal with the Contributor role at the subscription level and is used by the Azure Automation Account. You would see a different error message if the runbook failed for insufficient permission reasons.
You should not re-create the runbook as a graphical runbook. You can use a graphical runbook to create a PowerShell-based script using a graphical editor. Re-creating the runbook and using the Get-AzVM PowerShell cmdlet would result in the same error if you did not import the Az.Compute module.
References:
Microsoft Docs > Use runbooks and modules in PowerShell Gallery
Microsoft Docs > Manage modules in Azure Automation
Microsoft Docs > Az.Compute
Microsoft Docs > AzureRM.Compute
Microsoft Docs > Manage an Azure Automation Run As account
Microsoft Docs > Azure Automation runbook types
Exam Question 115
You plan to automate the deployment of an Azure Virtual Machine (VM) scale set to a new Azure subscription. The scale set uses a Ubuntu Server 18.04 LTS image.
After the deployment is complete, all VMs in the scale set must have the Nginx web server installed.
You need to ensure that the web server is installed after the VM scale set is provisioned.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Modify the Azure Resource Manager (ARM) template with a Custom Script extension.
B. Import a runbook from the gallery.
C. Create an Azure Resource Manager (ARM) template for the VM scale set.
D. Upload a Desired State Configuration (DSC) script.
Correct Answer:
A. Modify the Azure Resource Manager (ARM) template with a Custom Script extension.
C. Create an Azure Resource Manager (ARM) template for the VM scale set.
Answer Description:
You should create an Azure Resource Manager (ARM) template for the VM scale set. You can create an ARM template to automate the configuration of the VM scale set in the new subscription. You can reuse the same ARM template and configure parameters to make the template more customizable.
You should also modify the ARM template with a Custom Script extension. You can install the web server after the VM scale set is provisioned by using a Custom Script extension. You could use the following command to install the web server:
sudo apt-get install nginx -y.
You should not upload a DSC script or import a runbook from the gallery. You can use a DSC script or a runbook to install the Nginx web server. However, you need an Automation Account configured to run these scripts.
References:
Microsoft Docs > Tutorial: Deploy virtual machine extensions with ARM templates
Microsoft Docs > An introduction to Azure Automation
Microsoft Docs > Runbook execution in Azure Automation
Microsoft Docs > Azure Automation State Configuration overview
Exam Question 116
You are planning to automate when an Azure Virtual Machine (Azure VM) named vm1 is turned on by using an Azure Runbook.
Vm1 is provisioned in a resource group named rg1. You write the runbook script as shown in the exhibit.
You need to run this runbook in your Azure subscription.
Which three actions should you perform in sequence?
A. 1. Create an Azure Automation Account. 2.Import the necessary modules from the modules gallery. 3. Create a PowerShell runbook and execute the runbook.
B. 1. Create an Azure Automation Account. 2. Create a PowerShell runbook and execute the runbook. 3.Import the necessary modules from the modules gallery.
C. 1. Create an Azure Automation Account. 2. Create a graphical runbook and execute the runbook. 3.Import the necessary modules from the modules gallery.
D. 1. Create an Azure Automation Account. 2.Import the necessary modules from the modules gallery. 3. Create a PowerShell Workflow runbook and execute the runbook.
Correct Answer:
A. 1. Create an Azure Automation Account. 2.Import the necessary modules from the modules gallery. 3. Create a PowerShell runbook and execute the runbook.
Answer Description:
You should perform the following actions in order:
- Create an Azure Automation Account.
- Import the necessary modules from the modules gallery.
- Create a PowerShell runbook and execute the runbook.
You should create an Azure Automation Account. You can use the Azure Automation Account to manage your runbooks, configuration management, and authenticate your Azure subscription.
You should also import the necessary modules from the modules gallery. You need to import the Az.Accounts and the Az.Compute modules from the modules gallery. These modules are required by your runbook script, and they are not available by default when you create your Automation Account.
Finally, you should create a PowerShell runbook and execute the runbook. You need to create a PowerShell runbook to execute your script, and you can run your runbook to turn on the Azure VM.
You should not create a PowerShell Workflow runbook and execute the runbook. You can use a PowerShell Workflow runbook to support additional features to run your runbook, like checkpoints, parallel execution, and runspaces. The syntax of a PowerShell Workflow is slightly different than a PowerShell script.
You should not create a graphical runbook and execute the runbook. You can create a runbook by using a graphical interface to build your workflow. To create a graphical runbook from a script, you need to import from a PowerShell Workflow runbook.
References:
Microsoft Docs > Tutorial: Create a PowerShell runbook
Microsoft Docs > Create an Azure Automation account
Microsoft Docs > Azure Automation runbook types
Exam Question 117
You have a resource group named rg1 with a storage account named storage1 in your Azure subscription. Both resources are provisioned in the East US region.
You export rg1 to an Azure Resource Manager (ARM) template file and modify it as shown in the exhibit:
You run the following Azure command-line interface (CLI) command to deploy the ARM template to a new resource group:
az group create --name rg2 --location "West US"
az deployment group create \
--name deployment\
--resource-group rg2 \
--template-file template.json \
--parameters location="East US"
You need to evaluate the results of running this command.
Choose all that apply:
A. The rg2 resource group is provisioned in the West US region.
B. The new storage account is provisioned in the West US region.
C. This ARM template outputs the new storage account and its region.
Correct Answer:
A. The rg2 resource group is provisioned in the West US region.
Answer Description:
The rg2 resource group is provisioned in the West US region. The az group create command has the –location parameter configured as West US. This creates rg2 in the specified region.
The new storage account is not provisioned in the West US region. The new storage account is provisioned in the East US region as specified in the –parameters parameter in the az deployment group create command. To provision the storage account in the West US region, you should define this region in the –parameters parameter or omit the –parameters location parameter to use the resource group default location that is retrieved by the location defaultValue “[resourceGroup().location]”.
This ARM template does not output the new storage account and its region. This template outputs the generated storage account name, but it does not output the storage account region.
References:
Microsoft Docs > Set resource location in ARM template
Microsoft Docs > az group
Microsoft Docs > Understand the structure and syntax of ARM templates
Exam Question 118
You create an Azure Resource Manager (ARM) template to deploy an Azure virtual machine (VM) running Windows Server 2019.
You need to allow other users to deploy this ARM template multiple times without exposing the administrator password.
What should you do?
A. Create a user-assigned managed identity for the VMs.
B. Create a parameter file referencing an Azure Key Vault key.
C. Create a parameter file referencing an Azure Key Vault secret.
D. Create a parameter file containing the password.
Correct Answer:
C. Create a parameter file referencing an Azure Key Vault secret.
Answer Description:
You should create a parameter file referencing an Azure Key Vault secret. You can create an Azure Key Vault secret and integrate it with the ARM template by adding a reference for this secret in the parameter file. This securely stores the administrator password without exposing it to other users.
You should not create a parameter file containing the password. You can use a parameter file to store the values you pass in during deployment. The parameter file contains Javascript Object Notion (JSON) plain text, which would expose the administrator password.
You should not create a user-assigned managed identity for the VMs. You can use a managed identity to authenticate your VMs with any service that supports Azure Active Directory (Azure AD) authentication without saving any credentials in your code. You cannot store the VM administrator password using a managed identity.
You should not create a parameter file referencing an Azure Key Vault key. You can use an Azure Key Vault key to store cryptographic keys. Azure Key Vault supports multiple types of keys and algorithms. However, you should use a secret to store a password in a Key Vault.
References:
Microsoft Docs > Tutorial: Integrate Azure Key Vault in your ARM template deployment
Microsoft Docs > Tutorial: Use parameter files to deploy your ARM template
Exam Question 119
You have three virtual networks (VNets) named VNET1, VNET2 and VNET3. The VNets have the following subnets:
- VNET1: Subnet11, Subnet12
- VNET2: Subnet21
- VNET3: Subnet31, Subnet32
You perform the following actions:
- Add peering from VNET1 to VNET2
- Add peering from VNET2 to VNET3
- Add peering from VNET3 to VNET2
You need to identify network connectivity between the subnets.
Which network connectivity should you identify for each subnet?
Subnet 11 has connectivity with:
- Subnet12 only
- Subnet12 and Subnet21 only
- Subnet12, Subnet21 and Subnet31 only
- Subnet12, Subnet21, Subnet31 and Subnet32
Subnet 21 has connectivity with:
- Subnet11 only
- Subnet11 and Subnet12 only
- Subnet31 and Subnet32 only
- Subnet11, Subnet12, Subnet31 and Subnet32
Correct Answer:
Subnet 11 has connectivity with: Subnet12 only
Subnet 21 has connectivity with: Subnet31 and Subnet32 only
Answer Description:
Virtual network (VNet) peering enables you to connect VNets. Peered VNets appear as one for connectivity purposes. You must add peering to both VNets that you want to connect. If you add peering to only one VNet, peering is in the Initiated state, and VNets will not have connectivity.
You should select Subnet11 has network connectivity with Subnet12 only. Those two subnets are on the same VNet. Subnets on the same VNet always have full network connectivity.
Subnet11 does not have network connectivity with Subnet21. Subnet11 is on VNET1, and Subnet21 is on VNET2. You have only added peering between VNET1 and VNET2 in one direction. For this reason, peering is in the Initiated state and the two VNets do not have connectivity. Because the VNets are not connected, Subnet11 does not have connectivity with Subnet21.
You should select Subnet21 has network connectivity with Subnet31 and Subnet32 only. Subnet21 is on a different VNet than Subnet31 and Subnet32. You add peering from VNET2 to VNET3 and from VNET3 to VNET2. Because the VNets are connected, the subnets on VNET2 have full connectivity to subnets on VNET3.
You added peering from VNET1 to VNET2, but you did not add peering from VNET2 to VNET1. Because the peering was only added to one of the VNets, there is no network connectivity between VNET1 and VNET2 and Subnet21 does not have connectivity with Subnet11 and Subnet12.
References:
Microsoft Docs > Virtual network peering
Microsoft Docs > Create, change, or delete a virtual network peering
Exam Question 120
You are implementing network communication between two Azure Virtual Machines (VMs).
The Azure subscription resources are shown in the exhibit.
| Resource Group | Region |
|---|---|
| rg1 | Central US |
| rg2 | East US |
| Virtual Network | Address space | Resource Group | Region |
|---|---|---|---|
| vnet1 | 10.0.0.0/16 | rg1 | Central US |
| vnet2 | 10.1.0.0/16 | rg2 | East US |
| Azure VM | Private IP | Virtual Network | Resource Group | Region |
|---|---|---|---|---|
| vm1 | 10.0.0.4 | vnet1 | rg1 | Central US |
| vm2 | 10.1.0.5 | vnet2 | rg2 | East US |
You need to ensure that vm1 can connect to vm2 using the private IP address.
What should you do?
A. Add a new network interface card (NIC) on vm1 associated with vnet2.
B. Move vm1 to resource group rg2.
C. Associate the vm2 network interface card (NIC) with vnet1.
D. Create a virtual network peering between vnet1 and vnet2
Correct Answer:
D. Create a virtual network peering between vnet1 and vnet2
Answer Description:
You should create a virtual network peering between vnet1 and vnet2. You can use virtual network peering to enable connections between virtual networks in the same or different Azure regions. The traffic between Azure VMs uses the Microsoft private network only, resulting in a high-bandwidth, low-latency connection across virtual networks.
You should not add a new NIC on vm1 associated with vnet2. You can attach more network adapters on an Azure VM depending on the VM size to increase network throughput or enable connection with other virtual networks. However, all resources (the network adapter, the VM, and the virtual network) must be provisioned in the same Azure region.
You should not associate the vm2 NIC with vnet1. You can change the subnet, but not the virtual network associated with a NIC.
You should not move vm1 to resource group rg2. You can move an Azure VM to another resource group in your subscription. However, it does not affect VM connectivity or resource location. Vm1 will continue to be connected with vnet1 and in the same region (Central US).
References:
Microsoft Docs > Virtual network peering
Microsoft Docs > Add network interfaces to or remove network interfaces from virtual machines
Microsoft Docs > Create, change, or delete a network interface
Microsoft Docs > Move a VM to another subscription or resource group