AZ-303 Microsoft Azure Architect Technologies Exam Questions and Answers – Page 1

The latest Microsoft AZ-303 Microsoft Azure Architect Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-303 Microsoft Azure Architect Technologies exam and earn Microsoft AZ-303 Microsoft Azure Architect Technologies certification.

AZ-303 Microsoft Azure Architect Technologies Exam Questions and Answers

Exam Question 1

You have an Azure subscription that contains 10 virtual machines on a virtual network.
You need to create a graph visualization to display the traffic flow between the virtual machines.
What should you do from Azure Monitor?

A. From Activity log, use quick insights.
B. From Metrics, create a chart.
C. From Logs, create a new query.
D. From Workbooks, create a workbook.

Correct Answer:
C. From Logs, create a new query.
Answer Description:
Navigate to Azure Monitor and select Logs to begin querying the data

Exam Question 2

You have an Azure subscription that contains an Azure Log Analytics workspace.
You have a resource group that contains 100 virtual machines. The virtual machines run Linux.
You need to collect events from the virtual machines to the Log Analytics workspace.
Which type of data source should you configure in the workspace?

A. Syslog
B. Linux performance counters
C. custom fields

Correct Answer:
A. Syslog
Answer Description:
Syslog is an event logging protocol that is common to Linux. Applications will send messages that may be stored on the local machine or delivered to a Syslog collector. When the Log Analytics agent for Linux is installed, it configures the local Syslog daemon to forward messages to the agent. The agent then sends the message to Azure Monitor where a corresponding record is created.

Exam Question 3

You have a virtual network named VNet1 as shown in the exhibit. (Click the Exhibit tab.)

You have a virtual network named VNet1 as shown in the exhibit.
You have a virtual network named VNet1 as shown in the exhibit.

No devices are connected to VNet1.
You plan to peer VNet1 to another virtual network named VNet2. VNet2 has an address space of 10.2.0.0/16.
You need to create the peering.
What should you do first?

A. Configure a service endpoint on VNet2.
B. Add a gateway subnet to VNet1.
C. Create a subnet on VNEt1 and VNet2.
D. Modify the address space of VNet1.

Correct Answer:
D. Modify the address space of VNet1.
Answer Description:
The virtual networks you peer must have non-overlapping IP address spaces. The exhibit indicates that VNet1 has an address space of 10.2.0.0/16, which is the same as VNet2, and thus overlaps. We need to change the address space for VNet1.

Exam Question 4

You have an Azure subscription.
You have 100 Azure virtual machines.
You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering.
Which blade should you use?

A. Metrics
B. Customer insights
C. Monitor
D. Advisor

Correct Answer:
D. Advisor
Answer Description:
Advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources. You can get cost recommendations from the Cost tab on the Advisor dashboard.

Exam Question 5

You have an Azure App Service app.
You need to implement tracing for the app. The tracing information must include the following:

  • Usage trends
  • AJAX call responses
  • Page load speed by browser
  • Server and browser exceptions

What should you do?

A. Configure IIS logging in Azure Log Analytics.
B. Configure a connection monitor in Azure Network Watcher.
C. Configure custom logs in Azure Log Analytics.
D. Enable the Azure Application Insights site extension.

Correct Answer:
D. Enable the Azure Application Insights site extension.
Answer Description:
For web pages, Application Insights JavaScript SDK automatically collects AJAX calls as dependencies.
Note: Some of the things you can track or collect are: What are the most popular webpages in your application, at what time of day and where is that traffic coming from?
Dependency rates or response times and failure rates to find out if there’s an external service that’s causing performance issues on your app, maybe a user is using a portal to get through to your application and there are response time issues going through there for instance.
Exceptions for both server and browser information, as well as page views and load performance from the end users’ side.

Exam Question 6

You have an Azure subscription that contains the storage accounts shown in the following table.

You have an Azure subscription that contains the storage accounts
You have an Azure subscription that contains the storage accounts

You enable Storage Advanced Threat Protection (ATP) for all the storage accounts.
You need to identify which storage accounts will generate Storage ATP alerts.
Which two storage accounts should you identify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. storagecontoso1
B. storagecontoso2
C. storagecontoso3
D. storagecontoso4
E. storagecontoso5

Correct Answer:
A. storagecontoso1
B. storagecontoso2
Answer Description:
Storage Threat Detection is available for the Blob Service.

Storage Threat Detection is available for the Blob Service.
Storage Threat Detection is available for the Blob Service.

Exam Question 7

You have an Azure virtual machine named VM1 and an Azure Active Directory (Azure AD) tenant named adatum.com.
VM1 has the following settings:

  • IP address: 10.10.0.10
  • System-assigned managed identity: On

You need to create a script that will run from within VM1 to retrieve the authentication token of VM1.
Which address should you use in the script?

A. vm1.adatum.com.onmicrosoft.com
B. 169.254.169.254
C. 10.10.0.10
D. vm1.adatum.com

Correct Answer:
B. 169.254.169.254
Answer Description:
Your code that’s running on the VM can request a token from the Azure Instance Metadata Service identity endpoint, accessible only from within the VM: http://169.254.169.254/metadata/identity/oauth2/token

Exam Question 8

You are designing an Azure solution.
The solution must meet the following requirements:

  • Distribute traffic to different pools of dedicated virtual machines (VMs) based on rules.
  • Provide SSL offloading capabilities.

You need to recommend a solution to distribute network traffic.
Which technology should you recommend?

A. Azure Application Gateway
B. Azure Load Balancer
C. Azure Traffic Manager
D. server-level firewall rules

Correct Answer:
A. Azure Application Gateway
Answer Description:
If you require “SSL offloading”, application layer treatment, or wish to delegate certificate management to Azure, you should use Azure’s layer 7 load balancer Application Gateway instead of the Load Balanacer.

Exam Question 9

You manage an Active Directory domain named contoso.local.
You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.
You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.
Solution: You use Azure AD Connect to customize the synchronization options.
Does this meet the goal?

A. Yes
B. No

Correct Answer:
B. No
Answer Description:
Instead use Synchronization Rules Editor to create a synchronization rule.
Note: Filtering what objects are synced to Azure AD is a common request and there are many instances where filtering by OU just doesn’t cut it. One option is to filter users by their UPN suffix so that only users with the public FQDN as their UPN suffix are synced to Azure AD (e.g., [email protected] would be synced while [email protected] would not).
Filtering can be configured using either the GUI (Synchronization Rules Editor) or PowerShell.

Exam Question 10

You manage an Active Directory domain named contoso.local.
You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.
You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.
Solution: You use Synchronization Rules Editor to create a synchronization rule.
Does this meet the goal?

A. Yes
B. No

Correct Answer:
A. Yes
Answer Description:
Filtering what objects are synced to Azure AD is a common request and there are many instances where filtering by OU just doesn’t cut it. One option is to filter users by their UPN suffix so that only users with the public FQDN as their UPN suffix are synced to Azure AD (e.g., [email protected] would be synced while [email protected] would not).
Filtering can be configured using either the GUI or PowerShell.
Through GUI:
Using The Synchronization Rules Editor
1. Open the Synchronization Rules Editor on the server where Azure AD Connect is installed.

Open the Synchronization Rules Editor on the server where Azure AD Connect is installed.
Open the Synchronization Rules Editor on the server where Azure AD Connect is installed.

2. Click the Add new rule button on the View and manage your synchronization rules window.
3. Fill out the appropriate fields on the Description tab and click Next >.
4. On the Scoping filter tab, click Add group, then Add clause, add a userPrincipalName attribute filter, and click Next >.
Attribute: userPrincipalName
Operator: ENDSWITH
Value: Your internal UPN suffix prefixed with @ (e.g., @internal.acme.com). Users with this UPN suffix will NOT be synced with Office 365.

Users with this UPN suffix will NOT be synced with Office 365.
Users with this UPN suffix will NOT be synced with Office 365.