Free AZ-303 Sample Questions — Microsoft Azure Architect Technologies

You are implementing authentication for applications in your company. You plan to implement self-service password reset (SSPR) and multifactor authentication (MFA) in Azure Active Directory (Azure AD). You need to select authentication mechanisms that can be used for both MFA and SSPR. Which two authentication methods should you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

• A. Authenticator app
• B. Email addresses
• C. App passwords
• D. Short Message Service (SMS) messages
• E. Security questions

You have an Active Directory forest named contoso.com. You install and configure Azure AD Connect to use password hash synchronization as the single sign-on (SSO) method. Staging mode is enabled. You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs. You need to ensure that the synchronization completes successfully. What should you do?

• A. Run Azure AD Connect and disable staging mode
• B. From Synchronization Service Manager, run a full import
• C. Run Azure AD Connect and set the SSO method to Pass-through Authentication
• D. From Azure PowerShell, run Start-AdSyncSyncCycle ""PolicyType Initial

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using Azure ExpressRoute. You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Create a gateway subnet
• B. Create a VPN gateway that uses the VpnGw1 SKU
• C. Create a connection
• D. Create a local site VPN gateway
• E. Create a VPN gateway that uses the Basic SKU

You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines. You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text. What should you create to store the password?

• A. an Azure Key Vault and an access policy
• B. Azure Active Directory (AD) Identity Protection and an Azure policy
• C. a Recovery Services vault and a backup policy
• D. an Azure Storage account and an access policy

You have an Azure subscription that contains two storage accounts named storagecontoso1 and storagecontoso2. Each storage account contains a queue service, a table service, and a blob service. You develop two apps named App1 and App2. You need to configure the apps to store different types of data to all the storage services on both the storage accounts. How many endpoints should you configure for each app?

• A. 2
• B. 3
• C. 6
• D. 12

You have an Azure subscription named Subscription1 that includes an Azure File share named share1. You create several Azure virtual machines in Subscription1. All of the virtual machines belong to the same virtual network. You have an on-premises Hyper-V server named Server1. Server1 hosts a virtual machine named VM1. You plan to replicate VM1 to Azure. You need to create additional objects in Subscription1 to support the planned deployment. Which three objects should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Hyper-V site
• B. Azure Recovery Services Vault
• C. storage account
• D. replication policy
• E. Azure Traffic Manager instance
• F. endpoint

You have an Azure subscription. You have 100 Azure virtual machines. You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering. Which blade should you use?

• A. Metrics
• B. Customer insights
• C. Monitor
• D. Advisor

You have an Azure web app named App1 that is configured to run between two and five instances. There are currently three instances of App1 running. App1 has the following autoscale rules: Increase the instance count by one when the CPU percentage is greater or equal to 80. Decrease the instance count by one when the CPU percentage is less than or equal to 60. You are evaluating the following CPU percentage of utilization for App1: ✑ 60% ✑ 55% ✑ 50% ✑ 45% You need to identify which utilizations will cause App1 to scale in.

• A. 45% only
• B. 45% and 50% only
• C. 50% and 55% only
• D. 45%, 50%, and 55% only

You have an on-premises network that contains a Hyper-V host named Host1. Host1 runs Windows Server 2016 and hosts 10 virtual machines that run Windows Server 2016. You plan to replicate the virtual machines to Azure by using Azure Site Recovery. You create a Recovery Services vault named ASR1 and a Hyper-V site named Site1. You need to add Host1 to ASR1. What should you do?

• A. Download the installation file for the Azure Site Recovery Provider. Download the storage account key. Install the Azure Site Recovery Provider on each virtual machine and register the virtual machines
• B. Download the installation file for the Azure Site Recovery Provider. Download the vault registration key. Install the Azure Site Recovery Provider on Host1 and register the server
• C. Download the installation file for the Azure Site Recovery Provider. Download the storage account key. Install the Azure Site Recovery Provider on Host1 and register the server
• D. Download the installation file for the Azure Site Recovery Provider. Download the vault registration key. Install the Azure Site Recovery Provider on each virtual machine and register the virtual machines

You set the multi-factor authentication status for a user named [email protected] to Enabled. Admin1 accesses the Azure portal by using a web browser. Which additional security verifications can Admin1 use when accessing the Azure portal?

• A. an app password, a text message that contains a verification code, and a verification code sent from the Microsoft Authenticator app
• B. a phone call, a text message that contains a verification code, and a notification or a verification code sent from the Microsoft Authenticator app
• C. a phone call, an email message that contains a verification code, and a text message that contains an app password
• D. an app password, a text message that contains a verification code, and a notification sent from the Microsoft Authenticator app

You have a server named Server1 that runs Windows Server 2019. Server1 is a container host. You plan to create a container image. You create the following instructions in a text editor. FROM mcr.microsoft.com/windows/servercore:lts2019 LABEL maintainer="[email protected]" RUN dism.exe /online /enable-feature /all /featurename:iis-webserver /NoRestart RUN echo "Hello World!" > c:\inetpub\wwwroot\index.html You need to be able to automate the container image creation by using the instructions. To which file should you save the instructions?

• A. dockerconfig.json
• B. Dockerfile
• C. daemon.json
• D. Build.ini

You have an Azure Kubernetes Service (AKS) cluster named Clus1 in a resource group named RG1. An administrator plans to manage Clus1 from an Azure AD-joined device. You need to ensure that the administrator can deploy the YAML application manifest file for a container application. You install the Azure CLI on the device. Which command should you run next?

• A. kubectl get nodes
• B. az aks enable-addons --addons virtual-node -name Clust1 --resource-group RG1
• C. az aks install-cli
• D. kubectl apply ""f app1.yaml

You have several Azure web apps that use access keys to access databases. You plan to migrate the access keys to Azure Key Vault. Each app must authenticate by using Azure Active Directory (Azure AD) to gain access to the access keys. What should you create in Azure to ensure that the apps can access the access keys?

• A. managed identities
• B. managed applications
• C. Azure policies
• D. an App Service plan

You have two Azure SQL Database managed instances in different Azure regions. You plan to configure the managed instances in an instance failover group. What should you configure before you can add the managed instances to the instance failover group?

• A. an internal Azure Load Balancer instance that has managed instance endpoints in a backend pool
• B. Azure Private Link that has endpoints on two virtual networks
• C. an Azure Application Gateway that has managed instance endpoints in a backend pool
• D. a Site-to-Site VPN between the virtual networks that contain the instances

You have Azure virtual machines deployed to three Azure regions. Each region contains a single virtual network that has four virtual machines on the same subnet. Each virtual machine runs an application named App1. App1 is accessible by using HTTPS. Currently, the virtual machines are inaccessible from the internet. You need to use Azure Front Door to load balance requests for App1 across all the virtual machines. Which additional Azure service should you provision?

• A. Azure Traffic Manager
• B. an internal Azure Load Balancer
• C. a public Azure Load Balancer
• D. Azure Private Link

You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant. Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16. Subscription2 contains a virtual network named VNet2. Vnet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24. You need to connect VNet1 to VNet2. What should you do first?

• A. Modify the IP address space of VNet2
• B. Move VM1 to Subscription2
• C. Provision virtual network gateways
• D. Move VNet1 to Subscription2

You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image. You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Upload a configuration script
• B. Create an Azure policy
• C. Modify the extensionProfile section of the Azure Resource Manager template
• D. Create a new virtual machine scale set in the Azure portal
• E. Create an automation account

You have an Azure subscription that contains 100 virtual machines. You have a set of Pester tests in PowerShell that validate the virtual machine environment. You need to run the tests whenever there is an operating system update on the virtual machines. The solution must minimize implementation time and recurring costs. Which three resources should you use to implement the tests? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Azure Automation runbook
• B. an alert rule
• C. an Azure Monitor query
• D. a virtual machine that has network access to the 100 virtual machines
• E. an alert action group

Your company plans to develop an application that will use a NoSQL database. The database will be used to store transactions and customer information by using JSON documents. Which two Azure Cosmos DB APIs can developers use for the application? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

• A. Gremlin (graph)
• B. MongoDB
• C. Cassandra
• D. Core (SQL)
• E. Azure Table

You have 10 Azure virtual machines on a subnet named Subnet1. Subnet1 is on a virtual network named VNet1. You plan to deploy a public Azure Standard Load Balancer named LB1 to the same Azure region as the 10 virtual machines. You need to ensure that traffic from all the virtual machines to the internet flows through LB1. The solution must prevent the virtual machines from being accessible on the internet. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Add health probes to LB1
• B. Add the network interfaces of the virtual machines to the backend pool of LB1
• C. Add an inbound rule to LB1
• D. Add an outbound rule to LB1
• E. Associate a network security group (NSG) to Subnet1
• F. Associate a user-defined route to Subnet1