Download Microsoft Azure Architect Technologies.AZ-300.BrainDumps.2020-01-04.137q.vcex

Vendor: Microsoft
Exam Code: AZ-300
Exam Name: Microsoft Azure Architect Technologies
Date: Jan 04, 2020
File Size: 6 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
You have an Azure Active Directory (Azure AD) tenant. 
You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the Global Administrators group authenticate to Azure AD from untrusted locations. 
You need to ensure that members of the Global Administrators group will also be forced to use multi-factor authentication when authenticating from untrusted locations. 
What should you do?
  1. From the Azure portal, modify session control of Policy1.
  2. From multi-factor authentication page, modify the user settings.
  3. From multi-factor authentication page, modify the service settings.
  4. From the Azure portal, modify grant control of Policy1.
Correct answer: D
Explanation:
We need to modify the grant control of Policy1. The grant control can trigger enforcement of one or more controls. Require multi-factor authentication (Azure Multi-Factor Authentication) Require device to be marked as compliant (Intune) Require Hybrid Azure AD joined device Require approved client app Require app protection policy Note: It is now possible to explicitly apply the Require MFA for admins rule.Reference:https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/untrusted-networkshttps://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-baseline-protection
We need to modify the grant control of Policy1. 
The grant control can trigger enforcement of one or more controls. 
  • Require multi-factor authentication (Azure Multi-Factor Authentication) 
  • Require device to be marked as compliant (Intune) 
  • Require Hybrid Azure AD joined device 
  • Require approved client app 
  • Require app protection policy 
Note: It is now possible to explicitly apply the Require MFA for admins rule.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/untrusted-networks
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-baseline-protection
Question 2
You have an Azure subscription named Subscription1 that is used by several departments at your company. Subscription1 contains the resources in the following table. 
  
Another administrator deploys a virtual machine named VM1 and an Azure Storage account named Storage2 by using a single Azure Resource Manager template. 
You need to view the template used for the deployment. 
From the Azure Portal, for which blade can you view the template that was used for the deployment?
  1. Container1
  2. VM1
  3. Storage2
  4. RG1
Correct answer: D
Explanation:
You can verify the deployment by exploring the resource group from the Azure portal Reference:https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deployment-manager-tutorialhttps://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-create-first-template?tabs=azure-powershell
You can verify the deployment by exploring the resource group from the Azure portal 
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deployment-manager-tutorial
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-create-first-template?tabs=azure-powershell
Question 3
You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant. 
Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16. 
Subscription2 contains a virtual network named VNet2. Vnet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24. 
You need to connect VNet1 to VNet2. 
What should you do first?
  1. Modify the IP address space of VNet2.
  2. Move VM1 to Subscription2.
  3. Provision virtual network gateways.
  4. Move VNet1 to Subscription2.
Correct answer: C
Explanation:
We require a virtual network gateway for VNet-to-VNet connectivity. Incorrect Answers:A: There is no need to modify the address space. If you update the address space for one VNet, the other VNet automatically knows to route to the updated address space.Reference:https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-cli
We require a virtual network gateway for VNet-to-VNet connectivity. 
Incorrect Answers:
A: There is no need to modify the address space. If you update the address space for one VNet, the other VNet automatically knows to route to the updated address space.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-cli
Question 4
You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1. 
VM1 runs services that will be used to deploy resources to RG1. 
You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1. 
What should you do first?
  1. From the Azure portal, modify the Access control (IAM) settings of RG1.
  2. From the Azure portal, modify the Policies settings of RG1.
  3. From the Azure portal, modify the Access control (IAM) settings of VM1.
  4. From the Azure portal, modify the value of the Managed Service Identity option for VM1.
Correct answer: D
Explanation:
Through a create process, Azure creates an identity in the Azure AD tenant that's trusted by the subscription in use. After the identity is created, the identity can be assigned to one or more Azure service instances. Reference:https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identityhttps://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
Through a create process, Azure creates an identity in the Azure AD tenant that's trusted by the subscription in use. After the identity is created, the identity can be assigned to one or more Azure service instances. 
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
Question 5
You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network. 
Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com. 
You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. 
You need to ensure that the users can use single-sign on (SSO) to access Azure resources. 
What should you do first?
  1. From on-premises network, deploy Active Directory Federation Services (AD FS).
  2. From Azure AD, add and verify a custom domain name.
  3. From on-premises network, request a new certificate that contains the Active Directory domain name.
  4. From the server that runs Azure AD Connect, modify the filtering options.
Correct answer: B
Explanation:
The UPN is used by Azure AD to allow users to sign-in. The UPN that a user can use, depends on whether or not the domain has been verified. If the domain has been verified, then a user with that suffix will be allowed to sign-in to Azure AD. To do so, you need to add and verify a custom domain in Azure AD before you can start syncing the users. Reference:https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-design-concepts#azure-ad-sign-inhttps://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-objectsync#detect-upn-mismatch-if-object-is-synced-to-azure-active-directory
The UPN is used by Azure AD to allow users to sign-in. The UPN that a user can use, depends on whether or not the domain has been verified. If the domain has been verified, then a user with that suffix will be allowed to sign-in to Azure AD. 
To do so, you need to add and verify a custom domain in Azure AD before you can start syncing the users. 
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-design-concepts#azure-ad-sign-in
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-objectsync#detect-upn-mismatch-if-object-is-synced-to-azure-active-directory
Question 6
You have an Active Directory forest named contoso.com. 
You install and configure Azure AD Connect to use password hash synchronization as the single sign-on(SSO) method. Staging mode is enabled. 
You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs. 
You need to ensure that the synchronization completes successfully. 
What should you do?
  1. From Azure PowerShell, run Start-AdSyncSyncCycle –PolicyType Initial.
  2. Run Azure AD Connect and set the SSO method to Pass-through Authentication.
  3. From Synchronization Service Manager, run a full import.
  4. Run Azure AD Connect and disable staging mode.
Correct answer: D
Explanation:
In staging mode, the server is active for import and synchronization, but it does not run any exports. A server in staging mode is not running password sync or password writeback, even if you selected these features during installation. When you disable staging mode, the server starts exporting, enables password sync, and enables password writeback. Reference:https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-staging-serverhttps://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-operations
In staging mode, the server is active for import and synchronization, but it does not run any exports. A server in staging mode is not running password sync or password writeback, even if you selected these features during installation. When you disable staging mode, the server starts exporting, enables password sync, and enables password writeback. 
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-staging-server
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-operations
Question 7
You have an Azure subscription that contains 100 virtual machines. 
You regularly create and delete virtual machines. 
You need to identify unattached disks that can be deleted. 
What should you do?
  1. From Microsoft Azure Storage Explorer, view the Account Management properties.
  2. From Azure Cost Management, create a Cost Management report.
  3. From the Azure portal, configure the Advisor recommendations.
  4. From Azure Cost Management, open the Optimizer tab and create a report.
Correct answer: D
Explanation:
You can find unused disks in the Azure Storage Explorer console. Once you drill down to the Blob containers under a storage account, you can see the lease state of the residing VHD (the lease state determines if the VHD is being used by any resource) and the VM to which it is leased out. If you find that the lease state and the VM fields are blank, it means that the VHD in question is unused. Note: The ManagedBy property stores the Id of the VM to which Managed Disk is attached to. If the ManagedBy property is $null then it means that the Managed Disk is not attached to a VMReference:https://cloud.netapp.com/blog/reduce-azure-storage-costs
You can find unused disks in the Azure Storage Explorer console. Once you drill down to the Blob containers under a storage account, you can see the lease state of the residing VHD (the lease state determines if the VHD is being used by any resource) and the VM to which it is leased out. If you find that the lease state and the VM fields are blank, it means that the VHD in question is unused. 
Note: The ManagedBy property stores the Id of the VM to which Managed Disk is attached to. If the ManagedBy property is $null then it means that the Managed Disk is not attached to a VM
Reference:
https://cloud.netapp.com/blog/reduce-azure-storage-costs
Question 8
You have an Azure subscription that contains 10 virtual machines. 
You need to ensure that you receive an email message when any virtual machines are powered off, restarted, or deallocated. 
What is the minimum number of rules and action groups that you require?
  1. three rules and three action groups
  2. one rule and one action group
  3. three rules and one action group
  4. one rule and three action groups
Correct answer: C
Question 9
You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image. 
You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed. 
Which two actions should you perform? Each correct answer presents part of the solution. 
NOTE: Each correct selection is worth one point.
  1. Upload a configuration script.
  2. Create an automation account.
  3. Create a new virtual machine scale set in the Azure portal.
  4. Create an Azure policy.
  5. Modify the extensionProfile section of the Azure Resource Manager template.
Correct answer: CE
Explanation:
References:https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template
References:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template
Question 10
You have an Azure subscription. 
You have 100 Azure virtual machines. 
You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering. 
Which blade should you use?
  1. Customer insights
  2. Monitor
  3. Advisor
  4. Metrics
Correct answer: C
Explanation:
Advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources. You can get cost recommendations from the Cost tab on the Advisor dashboard. Reference:https://docs.microsoft.com/en-us/azure/advisor/advisor-cost-recommendations
Advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources. You can get cost recommendations from the Cost tab on the Advisor dashboard. 
Reference:
https://docs.microsoft.com/en-us/azure/advisor/advisor-cost-recommendations
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!