The latest Microsoft AZ-303 Microsoft Azure Architect Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-303 Microsoft Azure Architect Technologies exam and earn Microsoft AZ-303 Microsoft Azure Architect Technologies certification.
Exam Question 31
You manage an Active Directory domain named contoso.local.
You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.
You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.
What should you do?
A. Use the Synchronization Service Manager to modify the Metaverse Designer tab.
B. Use Azure AD Connect to customize the synchronization options.
C. Use the Synchronization Rules Editor to create a synchronization rule.
D. Use Synchronization Service Manager to modify the Active Directory Domain Services (AD DS) Connector.
Correct Answer:
C. Use the Synchronization Rules Editor to create a synchronization rule.
Answer Description:
Filtering what objects are synced to Azure AD is a common request and there are many instances where filtering by OU just doesn’t cut it. One option is to filter users by their UPN suffix so that only users with the public FQDN as their UPN suffix are synced to Azure AD (e.g., [email protected] would be synced while [email protected] would not).
Filtering can be configured using either the GUI or PowerShell.
Through GUI:
Using The Synchronization Rules Editor
1. Open the Synchronization Rules Editor on the server where Azure AD Connect is installed.
2. Click the Add new rule button on the View and manage your synchronization rules window.
3. Fill out the appropriate fields on the Description tab and click Next >.
4. On the Scoping filter tab, click Add group, then Add clause, add a userPrincipalName attribute filter, and click Next >.
Attribute: userPrincipalName
Operator: ENDSWITH
Value: Your internal UPN suffix prefixed with @ (e.g., @internal.acme.com). Users with this UPN suffix will NOT be synced with Office 365.
Users with this UPN suffix will NOT be synced with Office 365.
Exam Question 32
You have an Azure Cosmos DB account named Account1. Account1 includes a database named DB1 that contains a container named Container1. The partition key for Container1 is set to /city.
You plan to change the partition key for Container1.
What should you do first?
A. Delete Container1.
B. Create a new Azure Cosmos DB account.
C. Implement the Azure Cosmos DB.NET.SDK.
D. Regenerate the keys for Account1.
Correct Answer:
B. Create a new Azure Cosmos DB account.
Answer Description:
The Change Feed Processor and Bulk Executor Library, in Azure Cosmos DB can be leveraged to achieve a live migration of your data from one container to another. This allows you to re-distribute your data to match the desired new partition key scheme, and make the relevant application changes afterwards, thus achieving the effect of “updating your partition key”.
Exam Question 33
You have an Azure subscription that contains the resource groups shown in the following table.
You have an Azure subscription that contains the resource groups shown in the following table.
You have the Azure SQL servers shown in the following table.
You have the Azure SQL servers shown in the following table.
You create an Azure SQL database named DB1 on Sql1 in an elastic pool named Pool1.
You need to create an Azure SQL database named DB2 in Pool1.
Where should you deploy DB2?
A. Sql1
B. Sql2
C. Sql3
D. Sql4
Correct Answer:
A. Sql1
Answer Description:
The databases in an elastic pool are on a single Azure SQL Database server and share a set number of resources at a set price.
Exam Question 34
You have an app named App1 that uses data from two on-premises Microsoft SQL Server databases named DB1 and DB2.
You plan to move DB1 and DB2 to Azure.
You need to implement Azure services to host DB1 and DB2. The solution must support server-side transactions across DB1 and DB2.
Solution: You deploy DB1 and DB2 as Azure SQL databases each on a different Azure SQL Database server.
Does this meet the goal?
A. Yes
B. No
Correct Answer:
B. No
Answer Description:
Instead deploy DB1 and DB2 to SQL Server on an Azure virtual machine.
Note: Understanding distributed transactions.
When both the database management system and client are under the same ownership (e.g. when SQL Server is deployed to a virtual machine), transactions are available and the lock duration can be controlled.
Exam Question 35
You have an app named App1 that uses data from two on-premises Microsoft SQL Server databases named DB1 and DB2.
You plan to move DB1 and DB2 to Azure.
You need to implement Azure services to host DB1 and DB2. The solution must support server-side transactions across DB1 and DB2.
Solution: You deploy DB1 and DB2 as Azure SQL databases on the same Azure SQL Database server.
Does this meet the goal?
A. Yes
B. No
Correct Answer:
B. No
Answer Description:
Instead deploy DB1 and DB2 to SQL Server on an Azure virtual machine.
Note: Understanding distributed transactions.
When both the database management system and client are under the same ownership (e.g. when SQL Server is deployed to a virtual machine), transactions are available and the lock duration can be controlled.
Testlet 2: Implement and Monitor an Azure Infrastructure
Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.
Existing Environment
Currently, Contoso uses multiple types of severs for business operations, including the following:
- File servers
- Domain controllers
- Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
- A SQL database
- A web front end
- A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Requirements
Planned Changes
Contoso plans to implement the following changes to the infrastructure:
- Move all the tiers of App1 to Azure.
- Move the existing product blueprint files to Azure Blob storage.
- Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.
Technical Requirements
Contoso must meet the following technical requirements:
- Move all the virtual machines for App1 to Azure.
- Minimize the number of open ports between the App1 tiers.
- Ensure that all the virtual machines for App1 are protected by backups.
- Copy the blueprint files to Azure over the Internet.
- Ensure that the blueprint files are stored in the archive storage tier.
- Ensure that partner access to the blueprint files is secured and temporary.
- Prevent user passwords or hashes of passwords from being stored in Azure.
- Use unmanaged standard storage for the hard disks of the virtual machines.
- Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
- Minimize administrative effort whenever possible.
User Requirements
Contoso identifies the following requirements for users:
- Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
- Designate a new user named Admin1 as the service admin for the Azure subscription.
- Admin1 must receive email alerts regarding service outages.
- Ensure that a new user named User3 can create network objects for the Azure subscription.
Question 36
You need to move the blueprint files to Azure.
What should you do?
A. Use the Azure Import/Export service.
B. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.
C. Use Azure Storage Explorer to copy the files.
D. Generate an access key. Map a drive, and then copy the files by using File Explorer.
Correct Answer:
D. Generate an access key. Map a drive, and then copy the files by using File Explorer.
Answer Description:
Scenario: Copy the blueprint files to Azure over the Internet.
To mount an Azure file share, you will need the primary (or secondary) storage key. SAS keys are not currently supported for mounting.
Question Set 1: Implement Management and Security Solutions
Exam Question 37
Your company has an Azure subscription.
You enable multi-factor authentication (MFA) for all users.
The company’s help desk reports an increase in calls from users who receive MFA requests while they work from the company’s main office.
You need to prevent the users from receiving MFA requests when they sign in from the main office.
What should you do?
A. From Conditional access in Azure Active Directory (Azure AD), create a named location.
B. From the MFA service settings, create a trusted IP range.
C. From Conditional access in Azure Active Directory (Azure AD), create a custom control.
D. From Azure Active Directory (Azure AD), configure organizational relationships.
Correct Answer:
B. From the MFA service settings, create a trusted IP range.
Answer Description:
The first thing you may want to do, before enabling Multi-Factor Authentication for any users, is to consider configuring some of the available settings. One of the most important features is a trusted IPs list. This will allow you to whitelist a range of IPs for your network. This way, when users are in the office, they will not get prompted with MFA, and when they take their devices elsewhere, they will. Here’s how to do it:
– Log in to your Azure Portal.
– Navigate to Azure AD > Conditional Access > Named locations.
– From the top toolbar select Configure MFA trusted IPs.
Exam Question 38
You have an application named App1 that does not support Azure Active Directory (Azure AD) authentication.
You need to ensure that App1 can send messages to an Azure Service Bus queue. The solution must prevent App1 from listening to the queue.
What should you do?
A. Configure Access control (IAM) for the Service Bus.
B. Add a shared access policy to the queue.
C. Modify the locks of the queue.
D. Configure Access control (IAM) for the queue.
Correct Answer:
B. Add a shared access policy to the queue.
Answer Description:
There are two ways to authenticate and authorize access to Azure Service Bus resources: Azure Activity Directory (Azure AD) and Shared Access Signatures (SAS).
Each Service Bus namespace and each Service Bus entity has a Shared Access Authorization policy made up of rules.
Exam Question 39
An administrator plans to create a function app in Azure that will have the following settings:
- Runtime stack: .NET Core
- Operating System: Linux
- Plan type: Consumption
- Enable Application Insights: Yes
You need to ensure that you can back up the function app.
Which settings should you recommend changing before creating the function app?
A. Runtime stack
B. Enable Application Insights
C. Operating System
D. Plan type
Correct Answer:
D. Plan type
Answer Description:
The Backup and Restore feature requires the App Service plan to be in the Standard, Premium or Isolated tier.
Exam Question 40
You have 10 Azure virtual machines on a subnet named Subnet1. Subnet1 is on a virtual network named VNet1.
You plan to deploy a public Azure Standard Load Balancer named LB1 to the same Azure region as the 10 virtual machines.
You need to ensure that traffic from all the virtual machines to the internet flows through LB1. The solution must prevent the virtual machines from being accessible on the internet.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Add health probes to LB1.
B. Add the network interfaces of the virtual machines to the backend pool of LB1.
C. Add an inbound rule to LB1.
D. Add an outbound rule to LB1.
E. Associate a network security group (NSG) to Subnet1.
F. Associate a user-defined route to Subnet1.
Correct Answer:
A. Add health probes to LB1.
B. Add the network interfaces of the virtual machines to the backend pool of LB1.
D. Add an outbound rule to LB1.
Answer Description:
A: To allow the Load Balancer to monitor the status of your app, you use a health probe. The health probe dynamically adds or removes VMs from the Load Balancer rotation based on their response to health checks.
B: To distribute traffic to the VMs, a backend address pool contains the IP addresses of the virtual (NICs) connected to the Load Balancer.
D: A Load Balancer rule is used to define how traffic is distributed to the VMs. Only outbound traffic is allowed.