Lead4Pass Role-based AZ-303 Exams "Microsoft Azure Architect Technologies (beta)".
Full Microsoft Role-based AZ-303 exam dumps: https://www.lead4pass.com/az-303.html
Microsoft Role-based AZ-303 exam tips list:
[p.s.1] Microsoft AZ-303 exam practice questions
[p.s.2] Microsoft AZ-303 exam Pdf
[p.s.3] Microsoft Role-based up-to-date information
[p.s.4] Lead4pass Coupon 2020
[p.s.1] Share a part of the Microsoft Role-based AZ-303 exam practice questions from Lead4Pass for free
You have a server named Server1 that runs Windows Server 2019. Server1 is a container host. You are creating a Dockerfile to build a container image. You need to add a file named File1.txt from Server1 to a folder named C:\Folder1 in the container image. Solution: You add the following line to the Dockerfile. COPY File1.txt /Folder1/ You then build the container image. Does this meet the goal?
Correct Answer: A
The copy is the correct command to copy a file to the container image.
HOTSPOT You plan to deploy an Azure virtual machine named VM1 by using an Azure Resource Manager template. You need to complete the template. What should you include in the template? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: Within your template, the dependsOn element enables you to define one resource as dependent on one or more resources. Its value can be a comma-separated list of resource names.
Box 1: \\'Microsoft.Network/networkInterfaces\\' This resource is a virtual machine. It depends on two other
resources: Microsoft.Storage/storageAccounts Microsoft.Network/networkInterfaces
Box 2: \\'Microsoft.Network/virtualNetworks/\\' The dependsOn element enables you to define one resource as a dependent on one or more resources. The resource depends on two other
resources: Microsoft.Network/publicIPAddresses Microsoft.Network/virtualNetworks
You have an Azure Active Directory (Azure AD) tenant named contoso.com. A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access review settings are unavailable. Admin1 discovers that all the other identity Governance settings are available. Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles. You need to ensure that Admin1 can create access reviews in contoso.com. Solution: You purchase an Azure Directory Premium P2 license for contoso.com. Does this meet the goal?
Correct Answer: B
Instead, use Azure AD Privileged Identity Management. Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include: Conduct access reviews to ensure users still need roles Reference: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
You have resources in three Azure regions. Each region contains two virtual machines. Each virtual machine has a public IP address assigned to its network interface and a locally installed application named App1. You plan to implement Azure Front Door-based load balancing across all the virtual machines. You need to ensure that App1 on the virtual machines will only accept traffic routed from Azure Front Door. What should you implement?
A. Azure Private Link
B. service endpoints
C. network security groups (NSGs) with service tags
D. network security groups (NSGs) with application security groups
Correct Answer: C
Configure IP ACLing for your backends to accept traffic from Azure Front Door\\'s backend IP address space and Azure\\'s infrastructure services only. Refer to the IP details below for ACLing your backend: Refer AzureFrontDoor.Backend section in Azure IP Ranges and Service Tags for Front Door\\'s IPv4 backend IP address range or you can also use the service tag AzureFrontDoor.Backend in your network security groups.
You have an Azure subscription that contains 100 virtual machines. You have a set of Pester tests in PowerShell that validate the virtual machine environment. You need to run the tests whenever there is an operating system update on the virtual machines. The solution must minimize implementation time and recurring costs. Which three resources should you use to implement the tests? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Azure Automation runbook
B. an alert rule
C. an Azure Monitor query
D. a virtual machine that has network access to the 100 virtual machines
E. an alert action group
Correct Answer: ABE
AE: You can call Azure Automation runbooks by using action groups or by using classic alerts to automate tasks based on alerts.
B: Alerts are one of the key features of Azure Monitor. They allow us to alert on actions within an Azure subscription
HOTSPOT You plan to create an Azure Storage account in the Azure region of East US 2. You need to create a storage account that meets the following requirements: Replicates synchronously Remains available if a single data center in the region fails How should you configure the storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Box 1: Zone-redundant storage (ZRS) Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region. LRS would not remain available if a data center in the region fails GRS and RA GRS use asynchronous replication.
Your company has an Azure subscription. You enable multi-factor authentication (MFA) for all users. The company\\'s help desk reports an increase in calls from users who receive MFA requests while they work from the company\\'s main office. You need to prevent the users from receiving MFA requests when they sign in from the main office. What should you do?
A. From Conditional access in Azure Active Directory (Azure AD), create a named location.
B. From the MFA service settings create a trusted IP range.
C. From Conditional access in Azure Active Directory (Azure AD), create a custom control.
D. From Azure Active Directory (Azure AD), configure organizational relationships. Correct Answer: B
The first thing you may want to do, before enabling Multi-Factor Authentication for any users, is to consider configuring some of the available settings. One of the most important features is a trusted IPs list. This will allow you to whitelist a range of IPs for your network. This way, when users are in the office, they will not get prompted with MFA, and when they take their devices elsewhere, they will. Here\\'s how to do it: Log in to your Azure Portal. Navigate to Azure AD > Conditional Access > Named locations. From the top toolbar select, Configure MFA trusted IPs.
HOTSPOT You need to identify the storage requirements for Contoso. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Box 1: Yes Scenario: Move the existing product blueprint files to Azure Blob storage. Scenario: Use unmanaged standard storage for the hard disks of the virtual machines. Page blobs are optimized for writes at random locations within a blob. They also support Unmanaged Disks. Scenario: SQL Server Data Files in Microsoft Azure enables native support for SQL Server database files stored as blobs. It allows you to create a database in SQL Server running on-premises or in a virtual machine in Microsoft Azure with a dedicated storage location for your data in Microsoft Azure Blob storage. Box 2: No Box 3: No
You have an Azure App Service app. You need to implement tracing for the app. The tracing information must include the following: Usage trends AJAX call responses Page load speed by browser Server and browser exceptions What should you do?
A. Configure IIS logging in Azure Log Analytics.
B. Configure a connection monitor in Azure Network Watcher.
C. Configure custom logs in Azure Log Analytics.
D. Enable the Azure Application Insights site extension.
Correct Answer: D
Note: Some of the things you can track or collect are: What are the most popular webpages in your application, at what time of day, and where is that traffic coming from? Dependency rates or response times and failure rates to find out if there\\'s an external service that\\'s causing performance issues on your app, maybe a user is using a portal to get through to your application and there are response time issues going through there for instance. Exceptions for both server and browser information, as well as page views and load performance from the end users\\' side.
HOTSPOT Your company has an Azure Container Registry named Registry1. You have an Azure virtual machine named Server1 that runs Windows Server 2019. From Server1, you create a container image named image1. You need to add image1 to Registry1. Which command should you run on Server1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
An Azure container registry stores and manages private Docker container images, similar to the way Docker Hub stores public Docker images. You can use the Docker command-line interface (Docker CLI) for login, push, pull, and other operations on your container registry.
HOTSPOT You have an Azure subscription. You plan to deploy an app that has a web front end and an application tier. You need to recommend a load balancing solution that meets the following requirements: Internet to web tier: -Provides URL-based routing -Supports connection draining -Prevents SQL injection attacks Web tier to application tier: -Provides port forwarding - Supports HTTPS health probes - Supports an availability set as a backend pool Which load balancing solution should you recommend for each tier? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Box 1: An Azure Application Gateway that has a web application firewall (WAF) Azure Application Gateway offers a web application firewall (WAF) that provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities. SQL injection and cross-site scripting are among the most common attacks. Application Gateway operates as an application delivery controller (ADC). It offers Secure Sockets Layer (SSL) termination, cookie-based session affinity, round-robin load distribution, content-based routing, ability to host multiple websites, and security enhancements.
Box 2: An internal Azure Standard Load Balancer The internet to web tier is the public interface, while the web tier to application tier should be internal. Note: When using load-balancing rules with Azure Load Balancer, you need to specify a health probes to allow the Load Balancer to detect the backend endpoint status. Health probes support the TCP, HTTP, HTTPS protocols.
You have a virtual network named VNet1 as shown in the exhibit. (Click the Exhibit tab.)
No devices are connected to
VNet1. You plan to peer VNet1 to another virtual network named
VNet2. VNet2 has an address space of 10.2.0.0/16. You need to create the peering. What should you do first?
A. Configure a service endpoint on VNet2.
B. Add a gateway subnet to VNet1.
C. Create a subnet on VNEt1 and VNet2.
D. Modify the address space of VNet1.
Correct Answer: D
The virtual networks you peer must have non-overlapping IP address spaces. The exhibit indicates that VNet1 has an address space of 10.2.0.0/16, which is the same as VNet2, and thus overlaps. We need to change the address space for VNet1.
HOTSPOT Your company has a virtualization environment that contains the virtualization hosts shown in the following table.
All virtual machines use basic disks. VM1 is protected by using BitLocker Drive Encryption (BitLocker). You plan to migrate the virtual machines to Azure by using Azure Site Recovery. You need to identify which virtual machines can be migrated. Which virtual machines should you identify for each server? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
[p.s.2] Get Google Drive Microsoft Role-based AZ-303 dumps PDF from Lead4Pass for free:
[p.s.3] Exam AZ-303: Microsoft Azure Architect Technologies: https://docs.microsoft.com/en-us/learn/certifications/exams/az-303
Candidates for this exam should have subject matter expertise in designing and implementing solutions that run on Microsoft Azure, including aspects like compute, network, storage, and security.
Responsibilities for an Azure Solution Architect include advising stakeholders and translating business requirements into secure, scalable, and reliable cloud solutions.
An Azure Solution Architect partners with cloud administrators, cloud DBAs, and clients to implement solutions.
A candidate for this exam should have advanced experience and knowledge of IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platform, budgeting, and governance–this role should manage how decisions in each area affect an overall solution. In addition, this role should have expert-level skills in Azure administration and have experience with Azure development and DevOps processes.
1. The content of this exam will be updated on November 24, 2020. Please download the exam skills outline below to see what will be changing.
2. Implement and monitor an Azure infrastructure (50-55%)
3. Implement management and security solutions (25-30%)
4. Implement solutions for apps (10-15%)
5. Implement and manage data platforms (10-15%)
[p.s.4] [12% off]Lead4pass Coupon code 2020: "lead4pass2020"