AZ-303 Microsoft Azure Architect Technologies Exam Questions and Answers

The latest Microsoft AZ-303 Microsoft Azure Architect Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-303 Microsoft Azure Architect Technologies exam and earn Microsoft AZ-303 Microsoft Azure Architect Technologies certification.

AZ-303 Microsoft Azure Architect Technologies Exam Questions and Answers
AZ-303 Microsoft Azure Architect Technologies Exam Questions and Answers

Question 51: You have an Azure subscription.
You create a custom role in Azure by using the following Azure Resource Manager template.

You assign the role to a user named User1.
Which action can User1 perform?
A. Create virtual machines.
B. Create resource groups.
C. Delete virtual machines.
D. Create support requests.

Question 52: A company hosts virtual machines (VMs) in an on-premises datacenter and in Azure. The on-premises and Azure-based VMs communicate using ExpressRoute.
The company wants to be able to continue regular operations if the ExpressRoute connection fails. Failover connections must use the Internet and must not require Multiprotocol Label Switching (MPLS) support.
You need to recommend a solution that provides continued operations.
What should you recommend?
A. Increase the bandwidth of the existing ExpressRoute connection.
B. Increase the bandwidth for the on-premises internet connection.
C. Set up a VPN connection.
D. Set up a second ExpressRoute connection.

Question 53: You have an Azure subscription that contains the resources shown in the following table.

You have an Azure subscription that contains the resources shown in the following table.
You have an Azure subscription that contains the resources shown in the following table.

Subnet1 is on VNET1. VM1 connects to Subnet1.
You plan to create a virtual network gateway on VNET1.
You need to prepare the environment for the planned virtual network gateway.
What are two ways to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Create a local network gateway.
B. Modify the address space used by Subnet1.
C. Create a subnet named GatewaySubnet on VNET1.
D. Modify the address space used by VNET1.
E. Delete Subnet1.

Question 54: Your network contains an on-premises Active Directory and an Azure Active Directory (Azure AD) tenant.
You deploy Azure AD Connect and configure pass-through authentication.
Your Azure subscription contains several web apps that are accessed from the Internet.
You plan to use Azure Multi-Factor Authentication (MFA) with the Azure Active Directory tenant.
You need to recommend a solution to prevent users from being prompted for Azure MFA when they access the web apps from the on-premises network.
What should you include in the recommendation?
A. an Azure policy
B. trusted IPs
C. a site-to-site VPN between the on-premises network and Azure
D. an Azure ExpressRoute circuit

Question 55: You create a new Azure subscription. You create a resource group named RG1. In RG1, you create the resources shown in the following table.

In RG1, you create the resources shown in the following table.
In RG1, you create the resources shown in the following table.

You need to configure an encrypted tunnel between your on-premises network and VNET1.
Which two additional resources should you create in Azure? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. a VPN gateway
B. a site-to-site connection
C. a point-to-site configuration
D. a VNet-to-VNet connection
E. a local network gateway

Question 56: You plan to create an Azure Storage account named storage1 that will store blobs and be accessed by Azure Databricks.
You need to ensure that you can set permissions for individual blobs by using Azure Active Directory (Azure AD) authentication.
Which Advanced setting should you enable for storage1?
A. Large file shares
B. Hierarchical namespace
C. NFS v3
D. Blob soft delete

Question 57: You have the following Azure Active Directory (Azure AD) tenants:

  • Contoso.onmicrosoft.com: Linked to a Microsoft Office 365 tenant and syncs to an Active Directory forest named contoso.com by using password hash synchronization
  • Contosoazure.onmicrosoft.com: Linked to an Azure subscription named Subscription1

You need to ensure that you can assign the users in contoso.com access to the resources in Subscription1.
What should you do?
A. Configure contoso.onmicrosoft.com to use pass-through authentication.
B. Create guest accounts for all the contoso.com users in contosoazure.onmicrosoft.com.
C. Deploy a second Azure AD Connect server and sync contoso.com to contosoazure.onmicrosoft.com.
D. Configure Active Directory Federation Services (AD FS) federation between contosoazure.onmicrosoft.com and contoso.com.

Question 58: You have several Azure web apps that use access keys to access databases.
You plan to migrate the access keys to Azure Key Vault. Each app must authenticate by using Azure Active Directory (Azure AD) to gain access to the access keys.
What should you create in Azure to ensure that the apps can access the access keys?
A. managed identities
B. managed applications
C. Azure policies
D. an App Service plan

Question 59: You have an Azure key vault named KV1.
You need to implement a process that will digitally sign the blobs stored in Azure Storage.
What is required in KV1 to sign the blobs?
A. a key
B. a secret
C. a certificate

Question 60: You set the multi-factor authentication status for a user named admin1@contoso.com to Enabled.
Admin1 accesses the Azure portal by using a web browser.
Which additional security verifications can Admin1 use when accessing the Azure portal?
A. a phone call, an email message that contains a verification code, and a text message that contains an app password.
B. an app password, a text message that contains a verification code, and a verification code sent from the Microsoft Authenticator app.
C. an app password, a text message that contains a verification code, and a notification sent from the Microsoft Authenticator app.
D. a phone call, a text message that contains a verification code, and a notification or a verification code sent from the Microsoft Authenticator app.

Testlet 2: Implement Management and Security Solutions

Case study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview

Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.

Contoso products are manufactured by using blueprint files that the company authors and maintains.

Existing Environment

Currently, Contoso uses multiple types of severs for business operations, including the following:

  • File servers
  • Domain controllers
  • Microsoft SQL Server servers

Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.

You have a public-facing application named App1. App1 is comprised of the following three tiers:

  • A SQL database
  • A web front end
  • A processing middle tier

Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

Requirements

Planned Changes

Contoso plans to implement the following changes to the infrastructure:

  • Move all the tiers of App1 to Azure.
  • Move the existing product blueprint files to Azure Blob storage.
  • Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.

Technical Requirements

Contoso must meet the following technical requirements:

  • Move all the virtual machines for App1 to Azure.
  • Minimize the number of open ports between the App1 tiers.
  • Ensure that all the virtual machines for App1 are protected by backups.
  • Copy the blueprint files to Azure over the Internet.
  • Ensure that the blueprint files are stored in the archive storage tier.
  • Ensure that partner access to the blueprint files is secured and temporary.
  • Prevent user passwords or hashes of passwords from being stored in Azure.
  • Use unmanaged standard storage for the hard disks of the virtual machines.
  • Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
  • Minimize administrative effort whenever possible.

User Requirements

Contoso identifies the following requirements for users:

  • Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
  • Designate a new user named Admin1 as the service admin for the Azure subscription.
  • Admin1 must receive email alerts regarding service outages.
  • Ensure that a new user named User3 can create network objects for the Azure subscription.

Keyword: AZ-303 Free Exam Dumps, AZ-303 Exam Questions, AZ-303 Exam Dumps, AZ-303 Braindumps, AZ-303 Real Questions, AZ-303 Practice Test, AZ-303 Practice Exam, AZ-303 Free Test, AZ-303 Free Questions, AZ-303 Real Exam Questions and Answers, AZ-303 VCE Dumps, AZ-303 ETE Dumps, AZ-303 PDF Dumps, and AZ-303 Study Guide.

Published by Julie Robert

, passionate about technology, Windows, and everything that has a power button, I spent most of the time to develop new skills and learning more about the tech world because I derive great satisfaction from helping readers eliminate technological headaches that plague their day-to-day lives.