The latest Microsoft AZ-303 Microsoft Azure Architect Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-303 Microsoft Azure Architect Technologies exam and earn Microsoft AZ-303 Microsoft Azure Architect Technologies certification.
Exam Question 131
You are implementing a web app that runs in multiple regions. Each region has an Azure App Service web app provisioned. The web app address is named company1.com.
You need to route the users to the closest region when they access the web app address.
Solution: Implement Azure Front Door and configure latency based traffic-routing.
Does this solution meet the goal?
A. Yes
B. No
Correct Answer:
A. Yes
Answer Description:
This solution meets the goal. You can use Azure Front Door to define global routing for multi-region web apps. Azure Front Door works as a global HTTP/HTTPS layer load balancer, and it is integrated with Microsoft Content Delivery Network (CDN) and DNS based global routing. Azure Front Door supports a range of traffic-routing methods for DNS based routing, such as latency based traffic-routing that routes the web traffic to the closest region.
References:
Microsoft Docs > What is Azure Front Door?
Microsoft Docs > Front Door routing methods
Exam Question 132
You are implementing a web app that runs in multiple regions. Each region has an Azure App Service web app provisioned. The web app address is named company1.com.
You need to route the users to the closest region when they access the web app address.
Solution: Implement Azure Traffic Manager and configure geographic traffic-routing.
Does this solution meet the goal?
A. Yes
B. No
Correct Answer:
B. No
Answer Description:
This solution does not meet the goal. You can use Azure Traffic Manager to define DNS based global routing for multi-region web apps. However, the geographic traffic-routing does not route the web traffic to the closest region, but to a specific region based on the user’s location. You should use the performance traffic-routing to route the web traffic to the closest region.
References:
Microsoft Docs > What is Traffic Manager?
Microsoft Docs > Traffic Manager routing methods
Exam Question 133
You are implementing a web app that runs in multiple regions. Each region has an Azure App Service web app provisioned. The web app address is named company1.com.
You need to route the users to the closest region when they access the web app address.
Solution: Implement Azure Application Gateway and configure multiple backend pools.
Does this solution meet the goal?
A. Yes
B. No
Correct Answer:
B. No
Answer Description:
This solution does not meet the goal. You can use Azure Application Gateway as an HTTP/HTTPS layer load balancer to route web traffic for one or multiple web apps. You can configure multiple websites to respond to a specific backend pool. However, you cannot route web traffic to the closest region with Azure Application Gateway. You need to implement a service that supports DNS based load balancing, such as Azure Traffic Manager or Azure Front Door.
References:
Microsoft Docs > What is Azure Application Gateway?
Microsoft Docs > Application Gateway multiple site hosting
Exam Question 134
You have three application virtual machines (VMs) hosted in one region in Azure. You plan to prepare a strategy that will create backups for all data from the VMs. The backup will occur every day at 1 A.M. on each VM.
You need to ensure that the data is protected upon configuring the solution. You want to minimize the required administrative effort.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of possible actions to the answer area and arrange them in the correct order.
A. 1. Create a Recovery Services vault. 2. Define a backup policy to protect the VMs. 3. Perform the initial backup.
B. 1. Create a Storage account for files. 2. Define a backup policy to protect the VMs. 3. Perform the initial backup.
C. 1. Create a Storage account for files. 2. Define a separate backup policy on each VM. 3. Perform the initial backup.
D. 1. Create a Recovery Services vault. 2. Define a separate backup policy on each V. 3. Perform the initial backup.
Correct Answer:
A. 1. Create a Recovery Services vault. 2. Define a backup policy to protect the VMs. 3. Perform the initial backup.
Answer Description:
You should perform the following steps in order:
- Create a Recovery Services vault.
- Define a backup policy to protect the VMs.
- Perform the initial backup.
First, you create a Recovery Services vault to contain the backup data and the backup policy.
Then, you define the backup policy to protect the VMs, which defines when and how often recovery points are taken.
Finally, you perform an initial backup. It is disaster recovery best practice to trigger the first backup so that your data is protected.
You should not define a separate backup policy for each VM. To minimize administrative effort, you should create only one policy to apply to all VMs.
Unless you plan to perform backups manually, you should not create a storage account for files. Recovery Services manages the files internally.
References:
Microsoft Docs > Use Azure portal to back up multiple virtual machines
Exam Question 135
You are planning to assess and migrate your company’s Hyper-V on-premises clusters to the Azure cloud using Azure Migrate.
The cluster configuration is shown in the exhibit.
| Cluster | Nodes | Virtual Machines (VMs) |
|---|---|---|
| Cluster1 | 3 | 6 |
| Cluster2 | 1 | 2 |
| Cluster3 | 2 | 4 |
You need to determine how many Azure Migrate appliances and Microsoft Azure Recovery Services (MARS) agents you should provision to assess and migrate the clusters.
How many appliances and agents should you provision?
Azure Migrate appliance(s):
- 1
- 3
- 6
- 12
MARS agent(s):
- 1
- 3
- 6
- 12
Correct Answer:
Azure Migrate appliance(s):
MARS agent(s):
Answer Description:
You should provision three Azure Migrate appliances on your clusters. The Azure Migrate appliance is used during the assessment phase of the migration and is provisioned as a Hyper-V VHD. You should deploy one appliance for each cluster in your environment.
You should provision six MARS agents on your clusters. The MARS agent is used to replicate Hyper-V VMs during the migration phase. You should deploy one agent for each Hyper-V Host or node in your environment.
References:
Microsoft Docs > Prepare for assessment and migration of Hyper-V VMs to Azure
Microsoft Docs > Migrate Hyper-V VMs to Azure
Microsoft Docs > Support matrix for Hyper-V migration
Exam Question 136
You plan to migrate a virtual machine (VM) that runs Windows Server 2012 from Amazon Web Services (AWS) to Azure.
You decide to perform the migration by using Azure Site Recovery (ASR).
You need to prepare the migration.
Which three steps should you perform first? Each correct answer presents part of the solution.
A. Create a storage account.
B. Prepare a vault.
C. Set the recovery point to latest processed.
D. Turn on replication.
E. Set up an Azure network.
Correct Answer:
A. Create a storage account.
B. Prepare a vault.
E. Set up an Azure network.
Answer Description:
You should create an Azure storage account. Images of replicated machines are held in Azure Storage. Azure VMs are created from storage when you failover from on-premises to Azure.
You should prepare a vault to store all recovery points in Azure Recovery Services. This allows you to configure recovery points to meet the recovery time objective (RTO).
You should set up an Azure network. When Azure VMs are created after the migration (failover), they are joined to this Azure network.
You should not set the recovery point to last processed during preparation steps. The recovery point configuration is done during testing of the failover. The last-processed option means that the VM fails over to the latest recovery point that was processed by Site Recovery.
You should not turn on replication during the preparation steps. This can be done after the configuration is prepared and sources and targets are configured.
References:
Microsoft Docs > Migrate Amazon Web Services (AWS) VMs to Azure
Exam Question 137
You are running SQL Server on a virtual machine (VM) in Azure.
You need to create an outbound load balancing rule.
Which command should you use?
A. az network private-endpoint
B. az network nic
C. az network local-gateway
D. az network lb
Correct Answer:
D. az network lb
Answer Description:
You should use the az network lb command to create an outbound rule. You can specify various parameters, which as protocol, ports, or a list of frontend IP configuration names.
You should not use the az network nic command to create an outbound rule. This command is used to create, update, or delete a network interface. A network interface allows an Azure VM to communicate with the Internet, Azure, and on-premises resources.
You should not use the az network local-gateway command to create an outbound rule. This command is used to create, update, or delete a local VPN gateway. The local network gateway typically refers to your on-premises location.
You should not use the az network private-endpoint command to create an outbound rule. This command is used to manage interface endpoints.
References:
Microsoft Docs > Load Balancer outbound rules
Microsoft Docs > Quickstart: Create a public load balancer to load balance VMs using Azure CLI
Microsoft Docs > az network lb
Microsoft Docs > az network nic
Microsoft Docs > az network local-gateway
Microsoft Docs > az network private-endpoint
Exam Question 138
You need to configure an application gateway for your company websites.
Two web applications must be hosted on the same application gateway instance. Each website has the following requirements:
- It must be directed to its own backend pool.
- It must have its own domain.
- It must be hosted on its own virtual machine (VM).
Choose all that apply:
A. You must create a virtual network for each application.
B. The application gateway must have two request routing rules.
C. Each web application must have its own HTTP listener.
Correct Answer:
B. The application gateway must have two request routing rules.
C. Each web application must have its own HTTP listener.
Answer Description:
You do not need to create a virtual network for each application. You should create only one virtual network for the applications. The virtual network acts as a container for all objects that you need to create.
You should create two request routing rules. Because each application has its own VM, traffic must be redirected to each of them.
You should include an HTTP listener for each web application that specifies a host name, protocol, frontend IP configuration, and frontend port. The HTTP listeners must be used in the request routing rules, which connects this configuration to the backend pool.
References:
Microsoft Docs > What is Azure Application Gateway?
Exam Question 139
You are implementing a solution that runs in multiple Azure App Service web apps. Each web app is provisioned in a Basic tier App Service Plan. All web traffic to the web app should be routed through an Azure Application Gateway instance. The web app address is named company1.com.
You need to configure the Azure Application Gateway instance, and secure all traffic with Secure Sockets Layer (SSL) with the least administrative efforts.
Which two actions should you perform to meet the requirements? Each correct answer presents part of the solution.
A. Upgrade the web apps to Standard pricing tier.
B. Add a SSL certificate for company1.com to the Azure Application gateway.
C. Enable the Use for App service setting in the Azure Application Gateway’s HTTP setting.
D. Add a SSL wildcard certificate for company1.com to each web app.
Correct Answer:
B. Add a SSL certificate for company1.com to the Azure Application gateway.
C. Enable the Use for App service setting in the Azure Application Gateway’s HTTP setting.
Answer Description:
You should enable the Use for App service setting in the Azure Application Gateway’s HTTP setting. Since App Service is a multi-tenant service, you need to pass the host header in the incoming request to resolve to the correct App Service endpoint. You must enable this setting to pick the host name from backend address and pass it through the host header. This setting also enables the Create a probe with pick host name from backend address and Pick host name from backend address automatically switches.
You should also add an SSL wildcard certificate for company1.com to the Azure Application Gateway. Azure Application Gateway supports TSL termination at the gateway, offloading the application server to process TLS decryption, and centralizing in one place the certificate management, such as configuring and renew this certificate in the future.
You should not upgrade the web apps to Standard pricing tier. You can use the Basic pricing tier to integrate App Service web apps with Azure Application Gateway or configure custom domains and SSL certificates. You should upgrade to Standard tier if you need to integrate with Azure Traffic Manager to implement a multi-region web application with DSN based traffic-routing.
You should not add an SSL wildcard certificate for company1.com to each web app. You can use the Basic pricing tier to configure custom domains and SSL certificates in the App Service. However, you need to configure the SSL certificate and renew it in the future for each App Service, increasing the administrative efforts.
References:
Microsoft Docs > Configure App Service with Application Gateway
Azure Pricing > App Service pricing
Microsoft Docs > What is Traffic Manager?
Exam Question 140
You are managing network resources that will be used by two new applications. You can use the network resources shown in the exhibit.
| Name | Type | Tier |
|---|---|---|
| lb1 | Public Load Balancer | Basic |
| appgtw1 | Application Gateway | WAF |
| lb2 | Public Load Balancer | Standard |
| appgtw2 | Application Gateway | Standard V2 |
The new applications have the requirements below:
- application1 requires a static public IP.
- application2 requires protection against common web vulnerabilities, like SQL injection.
You need to use the most cost-effective network resource for each application.
Which network resources should you use?
application1:
- lb1
- appgtw1
- lb2
- appgtw2
application2:
- lb1
- appgtw1
- lb2
- appgtw2
Correct Answer:
application1: lb1
application2: lb2
Answer Description:
You should use the lb1 resource for application1. You can assign a static public IP address with lb1, which is a Public Load Balancer with the Basic SKU. This is the most cost-effective resource from the options that meet the requirements for application1.
You should use the appgtw1 resource for application2. To protect application2 against common web vulnerabilities like SQL injection, you should use a resource that supports Web Application Firewall (WAF). You should use appgtw1 because it is the only option that supports WAF among the options.
You should not use the lb2 resource. You can also assign a static public IP address with lb2, as long as you use the same SKU for the public IP address (a Standard Public Load Balancer with a standard public IP address). However, a Public Load Balancer with the Basic SKU can also assign a static public IP address and is more cost-effective than a Public Load Balancer with Standard SKU.
You should not use the appgtw2 resource. You can use an Application Gateway with the V2 SKU offer if you need additional features like autoscaling for the Application Gateway deployment size and zone redundancy. However, the Standard V2 tier does not support WAF.
References:
Microsoft Docs > Azure Load Balancer SKUs
Microsoft Docs > Autoscaling and Zone-redundant Application Gateway v2
Microsoft Docs > Azure Application Gateway features
Microsoft Docs > What is Azure Web Application Firewall?