Download Microsoft Azure Architect Technologies.AZ-303.DumpsBase.2021-05-10.182q.vcex

Vendor: Microsoft
Exam Code: AZ-303
Exam Name: Microsoft Azure Architect Technologies
Date: May 10, 2021
File Size: 14 MB
Downloads: 3

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.  
Contoso products are manufactured by using blueprint files that the company authors and maintains.  
Existing Environment  
Currently, Contoso uses multiple types of servers for business operations, including the following: 
  • File servers  
  • Domain controllers  
  • Microsoft SQL Server servers  
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.  
You have a public-facing application named App1.  
App1 is comprised of the following three tiers: 
  • A SQL database  
  • A web front end  
  • A processing middle tier  
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.  
Requirements  
Planned Changes  
Contoso plans to implement the following changes to the infrastructure: 
  • Move all the tiers of App1 to Azure.  
  • Move the existing product blueprint files to Azure Blob storage.  
  • Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.  
  
Technical Requirements  
Contoso must meet the following technical requirements: 
  • Move all the virtual machines for App1 to Azure.  
  • Minimize the number of open ports between the App1 tiers.  
  • Ensure that all the virtual machines for App1 are protected by backups.  
  • Copy the blueprint files to Azure over the Internet.  
  • Ensure that the blueprint files are stored in the archive storage tier.  
  • Ensure that partner access to the blueprint files is secured and temporary.  
  • Prevent user passwords or hashes of passwords from being stored in Azure.  
  • Use unmanaged standard storage for the hard disks of the virtual machines.  
  • Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.  
Minimize administrative effort whenever possible.  
User Requirements  
Contoso identifies the following requirements for users: 
Ensure that only users who are part of a group named Pilot can join devices to Azure AD.  
Designate a new user named Admin1 as the service administrator of the Azure subscription.  
Ensure that a new user named User3 can create network objects for the Azure subscription.  
You need to implement a backup solution for App1 after the application is moved.  
What should you create first?
  1. a recovery plan
  2. an Azure Backup Server
  3. a backup policy
  4. a Recovery Services vault
Correct answer: D
Explanation:
A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure VMs. When the backup job for a protected resource runs, it creates a recovery point inside the Recovery Services vault.  Scenario: There are three application tiers, each with five virtual machines.  Move all the virtual machines for App1 to Azure.  Ensure that all the virtual machines for App1 are protected by backups.  References: https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal
A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure VMs. 
When the backup job for a protected resource runs, it creates a recovery point inside the Recovery Services vault.  
Scenario: 
There are three application tiers, each with five virtual machines.  
Move all the virtual machines for App1 to Azure.  
Ensure that all the virtual machines for App1 are protected by backups.  
References: https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal
Question 2
You need to recommend an identify solution that meets the technical requirements. What should you recommend?
  1. federated single-on (SSO) and Active Directory Federation Services (AD FS)
  2. password hash synchronization and single sign-on (SSO)
  3. cloud-only user accounts
  4. Pass-through Authentication and single sign-on (SSO)
Correct answer: D
Explanation:
Active Directory Federation Services is a feature and web service in the Windows Server Operating  System that allows sharing of identity information outside a company’s network.  Scenario: Technical Requirements include: Prevent user passwords or hashes of passwords from being stored in Azure.  References: https://www.sherweb.com/blog/active-directory-federation-services/
Active Directory Federation Services is a feature and web service in the Windows Server Operating  
System that allows sharing of identity information outside a company’s network.  
Scenario: Technical Requirements include: 
Prevent user passwords or hashes of passwords from being stored in Azure.  
References: https://www.sherweb.com/blog/active-directory-federation-services/
Question 3
You need to move the blueprint files to Azure. What should you do?
  1. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.
  2. Use the Azure Import/Export service.
  3. Generate an access key. Map a drive, and then copy the files by using File Explorer.
  4. Use Azure Storage Explorer to copy the files. 
Correct answer: D
Explanation:
Azure Storage Explorer is a free tool from Microsoft that allows you to work with Azure Storage data on Windows, macOS, and Linux. You can use it to upload and download data from Azure blob storage.  Scenario: Planned Changes include: move the existing product blueprint files to Azure Blob storage. Technical Requirements include: Copy the blueprint files to Azure over the Internet. References: https://docs.microsoft.com/en-us/azure/machine-learning/team-data-science-process/move-data-to-azure-blob-using-azure-storage-explorer
Azure Storage Explorer is a free tool from Microsoft that allows you to work with Azure Storage data on Windows, macOS, and Linux. 
You can use it to upload and download data from Azure blob storage.  
Scenario: 
Planned Changes include: move the existing product blueprint files to Azure Blob storage. 
Technical Requirements include: Copy the blueprint files to Azure over the Internet. 
References: 
https://docs.microsoft.com/en-us/azure/machine-learning/team-data-science-process/move-data-to-azure-blob-using-azure-storage-explorer
Question 4
You need to configure the Device settings to meet the technical requirements and the user requirements.  
Which two settings should you modify? To answer, select the appropriate settings in the answer area.  
Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
Box 1: Selected Only selected users should be able to join devices  Box 2: Yes Require Multi-Factor Auth to join devices.  From scenario: Ensure that only users who are part of a group named Pilot can join devices to Azure AD  Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
Box 1: Selected 
Only selected users should be able to join devices  
Box 2: Yes 
Require Multi-Factor Auth to join devices.  
From scenario: 
  • Ensure that only users who are part of a group named Pilot can join devices to Azure AD  
  • Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
Question 5
You need to recommend a solution for App1. The solution must meet the technical requirements.  
What should you include in the recommendation? To answer, select the appropriate options in the answer area. 
NOTE: Each correct selection is worth one point. 
 
Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
Box 1: 3 One virtual network for every tier  Box 2: 1 Only one subnet for each tier, to minimize the number of open ports.  Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: A SQL database  A web front end  A processing middle tier  Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.  Technical requirements: Move all the virtual machines for App1 to Azure.  Minimize the number of open ports between the App1 tiers.
Box 1: 3 
One virtual network for every tier  
Box 2: 1 
Only one subnet for each tier, to minimize the number of open ports.  
Scenario: You have a public-facing application named App1. 
App1 is comprised of the following three tiers: 
  • A SQL database  
  • A web front end  
  • A processing middle tier  
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.  
Technical requirements: 
  • Move all the virtual machines for App1 to Azure.  
  • Minimize the number of open ports between the App1 tiers.
Question 6
You need to identify the storage requirements for Contoso.  
For each of the following statements, select Yes if the statement is true. Otherwise, select No. 
NOTE: Each correct selection is worth one point.  
 
Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
Box 1: Yes Contoso is moving the existing product blueprint files to Azure Blob storage.  Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for these.  Box 2: No Box 3: No
Box 1: Yes 
Contoso is moving the existing product blueprint files to Azure Blob storage.  
Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for these.  
Box 2: No 
Box 3: No
Question 7
You need to meet the user requirement for Admin1. What should you do?
  1. From the Subscriptions blade, select the subscription, and then modify the Properties.
  2. From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.
  3. From the Azure Active Directory blade, modify the Properties.
  4. From the Azure Active Directory blade, modify the Groups.
Correct answer: A
Explanation:
Change the Service administrator for an Azure subscription  Sign in to Account Center as the Account administrator.  Select a subscription.  On the right side, select Edit subscription details.  Scenario: Designate a new user named Admin1 as the service administrator of the Azure subscription. References: https://docs.microsoft.com/en-us/azure/billing/billing-add-change-azure-subscription-administrator
Change the Service administrator for an Azure subscription  
  • Sign in to Account Center as the Account administrator.  
  • Select a subscription.  
  • On the right side, select Edit subscription details.  
Scenario: Designate a new user named Admin1 as the service administrator of the Azure subscription. 
References: 
https://docs.microsoft.com/en-us/azure/billing/billing-add-change-azure-subscription-administrator
Question 8
You are planning the move of App1 to Azure. You create a network security group (NSG). You need to recommend a solution to provide users with access to App1.  
What should you recommend?
  1. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.
  2. Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.
  3. Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
  4. Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
Correct answer: C
Explanation:
As App1 is public-facing we need an incoming security rule, related to the access of the web servers.  Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: a SQL database, a web front end, and a processing middle tier. Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
As App1 is public-facing we need an incoming security rule, related to the access of the web servers.  
Scenario: 
You have a public-facing application named App1. App1 is comprised of the following three tiers: 
a SQL database, a web front end, and a processing middle tier. Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Question 9
Topic 2, Misc. Questions   
You have Azure virtual machines deployed to three Azure regions. 
Each region contains a single virtual  network that has four virtual machines on the same subnet. Each virtual machine runs an application named App1. 
App1 is accessible by using HTTPS. Currently, the virtual machines are inaccessible from  the internet.  
You need to use Azure Front Door to load balance requests for App1 across all the virtual machines.  
Which additional Azure service should you provision?
  1. a public Azure Load Balancer
  2. Azure Traffic Manager
  3. an internal Azure Load Balancer
  4. Azure Private Link
Correct answer: C
Explanation:
Can we deploy Azure Load Balancer behind Front Door?  Azure Front Door needs a public VIP or a publicly available DNS name to route the traffic to. Deploying an Azure Load Balancer behind Front Door is a common use case.  Reference: https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq
Can we deploy Azure Load Balancer behind Front Door?  
Azure Front Door needs a public VIP or a publicly available DNS name to route the traffic to. Deploying an Azure Load Balancer behind Front Door is a common use case.  
Reference: 
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq
Question 10
You have an Azure subscription that contains an Azure Sentinel workspace. Sentinel is configured to monitor several Azure resources.  
You need to send notification emails to resource owners when alerts or recommendations are generated for a resource.  
What should you use?
  1. Logic Apps Designer
  2. Azure Security Center
  3. Azure Pipelines
  4. Azure Machine Learning Studio
Correct answer: A
Explanation:
Currently there is no built-in functionality that notifies you via email if there is an incident that is generated in Azure Sentinel. However, you can set up an Azure Logic App playbook to send incident information to your email.  Reference: https://azsec.azurewebsites.net/2020/01/19/notify-azure-sentinel-alert-to-your-email-automatically/
Currently there is no built-in functionality that notifies you via email if there is an incident that is generated in Azure Sentinel. 
However, you can set up an Azure Logic App playbook to send incident information to your email.  
Reference: 
https://azsec.azurewebsites.net/2020/01/19/notify-azure-sentinel-alert-to-your-email-automatically/
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!