The Secret Of Microsoft AZ-303 Free Practice Test

NEW QUESTION 1

You need to meet the user requirement for Admin1. What should you do?

• A. From the Subscriptions blade, select the subscription, and then modify the Properties.
• B. From the Subscriptions blade, select the subscription, and then modify the Access control (IAM) settings.
• C. From the Azure Active Directory blade, modify the Properties.
• D. From the Azure Active Directory blade, modify the Groups.

Answer: A

Explanation:
Change the Service administrator for an Azure subscription
Sign in to Account Center as the Account administrator.
Select a subscription.
On the right side, select Edit subscription details.
Scenario: Designate a new user named Admin1 as the service administrator of the Azure subscription. References:
https://docs.microsoft.com/en-us/azure/billing/billing-add-change-azure-subscription-administrator

NEW QUESTION 2

You have an Azure Active Directory (Azure AD) tenant linked to an Azure subscription. The tenant contains a group named Admins.
You need to prevent users, except for the members of Admins, from using the Azure portal and Azure PowerShell to access the subscription.
What should you do?

• A. From Azure AD, configure the User settings.
• B. From the Azure subscription, assign an Azure policy.
• C. From Azure AD, create a conditional access policy.
• D. From the Azure subscription, configure Access control (IAM).

Answer: D

NEW QUESTION 3

You have a web server app named App1 that is hosted in three Azure regions. You plan to use Azure Traffic Manager to distribute traffic optimally for App1.
You need to enable Real User Measurements to monitor the network latency data for App1. What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Select Generate key
You can configure your web pages to send Real User Measurements to Traffic Manager by obtaining a Real User Measurements (RUM) key and embedding the generated code to web page.
Obtain a Real User Measurements key
The measurements you take and send to Traffic Manager from your client application are identified by the service using a unique string, called the Real User Measurements (RUM) Key. You can get a RUM key using the Azure portal, a REST API, or by using the PowerShell or Azure CLI.
To obtain the RUM Key using Azure portal:
From a browser, sign in to the Azure portal. If you don’t already have an account, you can sign up for a free one-month trial.
In the portal’s search bar, search for the Traffic Manager profile name that you want to modify, and then click the Traffic Manager profile in the results that the displayed.
In the Traffic Manager profile blade, click Real User Measurements under Settings.
Click Generate Key to create a new RUM Key.
Box 2: Embed the Traffic Manager JavaScript code snippet. Embed the code to an HTML web page
After you have obtained the RUM key, the next step is to embed this copied JavaScript into an HTML page that your end users visit.
This example shows how to update an HTML page to add this script. You can use this guidance to adapt it to your HTML source management workflow.
Open the HTML page in a text editor
Paste the JavaScript code you had copied in the earlier step to the BODY section of the HTML (the copied code is on line 8 & 9, see figure 3).

Reference:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-create-rum-web-pages

NEW QUESTION 4

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server 2019. Server1 is a container host. You are creating a Dockerfile to build a container image.
You need to add a file named File1.txt from Server1 to a folder named C:\Folder1 in the container image. Solution: You add the following line to the Dockerfile.
Copy-Item File1.txt C:\Folder1\File1.txt You then build the container image. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Copy-Item is not supported. Copy is the correct command to copy a file to the container image. References:
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy https://docs.docker.com/engine/reference/builder/

NEW QUESTION 5

You have a hierarchy of management groups and Azure subscriptions as shown in the following table.

You create the Azure resources shown in the following table.

You assign roles to users as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 6

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles. You need to ensure that the Admin1 can create access reviews in contoso.com.
Solution: You purchase an Azure Directory Premium P2 license for contoso.com. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Instead use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
Conduct access reviews to ensure users still need roles References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

NEW QUESTION 7

You are developing an Azure Web App. You configure TLS mutual authentication for the web app.
You need to validate the client certificate in the web app. To answer, select the appropriate options in the answer area.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 8

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company is deploying an on-premises application named Appl. Users will access App1 by using a URL of https://app1.contoso.com. You register App1 in Azure Active Directory (Azure AD) and publish Appl by using the Azure AD Application Proxy. You need to ensure that Appl appears in the My Apps portal for all the users.
Solution: You create a conditional access policy for App1.

• A. Yes
• B. No

Answer: B

NEW QUESTION 9

You have an Azure subscription that contains an Azure key vault named KeyVault1 and the virtual machines shown in the following table.

KeyVault1 has an access policy that provides several users with Create Key permissions. You need to ensure that the users can only register secrets in KeyVault1 from VM1. What should you do?

• A. Create a network security group (NSG) that is linked to Subnet1.
• B. Configure the Firewall and virtual networks settings for KeyVault1.
• C. Modify the access policy for KeyVault1.
• D. Configure KeyVault1 to use a hardware security module (HSM).

Answer: C

Explanation:
You grant data plane access by setting Key Vault access policies for a key vault. Note 1: Grant our VM’s system-assigned managed identity access to the Key Vault.
Select Access policies and click Add new.
In Configure from template, select Secret Management.
Choose Select Principal, and in the search field enter the name of the VM you created earlier. Select the VM in the result list and click Select.
Click OK to finishing adding the new access policy, and OK to finish access policy selection.
Note 2: Access to a key vault is controlled through two interfaces: the management plane and the data plane. The management plane is where you manage Key Vault itself. Operations in this plane include creating and deleting key vaults, retrieving Key Vault properties, and updating access policies. The data plane is where you work with the data stored in a key vault. You can add, delete, and modify keys, secrets, and certificates.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm https://docs.microsoft.com/en-us/azure/key-vault/general/secure-your-key-vault2

NEW QUESTION 10

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1. You need to enable multi-factor authentication (MFA) for the users in Group1 only.
Solution: From the Azure portal, you configure an authentication method policy. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
We should use a Conditional Access policy.
Note: There are two ways to secure user sign-in events by requiring multi-factor authentication in Azure AD. The first, and preferred, option is to set up a Conditional Access policy that requires multi-factor authentication under certain conditions. The second option is to enable each user for Azure Multi-Factor Authentication. When users are enabled individually, they perform multi-factor authentication each time they sign in (with some exceptions, such as when they sign in from trusted IP addresses or when the remembered devices feature is turned on).
Enabling Azure Multi-Factor Authentication using Conditional Access policies is the recommended approach. Changing user states is no longer recommended unless your licenses don't include Conditional Access as it requires users to perform MFA every time they sign in.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

NEW QUESTION 11

You create the following Azure role definition.

You need to create Role1 by using the role definition.
Which two values should you modify before you create Role1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. AssignableScopes
• B. Description
• C. DataActions
• D. IsCustom
• E. Id

Answer: AD

Explanation:
Part of example: "IsCustom": true,
"AssignableScopes": [ "/subscriptions/{subscriptionId1}", "/subscriptions/{subscriptionId2}",
"/subscriptions/{subscriptionId3}"
The following shows what a custom role looks like as displayed in JSON format. This custom role can be used for monitoring and restarting virtual machines.
{
"Name": "Virtual Machine Operator",
"Id": "88888888-8888-8888-8888-888888888888",
"IsCustom": true,
"Description": "Can monitor and restart virtual machines.", "Actions": [
"Microsoft.Storage/*/read", "Microsoft.Network/*/read", "Microsoft.Compute/*/read", "Microsoft.Compute/virtualMachines/start/action", "Microsoft.Compute/virtualMachines/restart/action", "Microsoft.Authorization/*/read", "Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Insights/alertRules/*", "Microsoft.Insights/diagnosticSettings/*", "Microsoft.Support/*"
],
"NotActions": [],
"DataActions": [], "NotDataActions": [], "AssignableScopes": [ "/subscriptions/{subscriptionId1}",
"/subscriptions/{subscriptionId2}", "/subscriptions/{subscriptionId3}"
]
}
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles

NEW QUESTION 12

A company hosts virtual machines (VMs) in an on-premises datacenter and in Azure. The on-premises and Azure-based VMs communicate using ExpressRoute.
The company wants to be able to continue regular operations if the ExpressRoute connection fails. Failover connections must use the Internet and must not require Multiprotocol Label Switching (MPLS) support.
You need to recommend a solution that provides continued operations. What should you recommend?

• A. Set up a second ExpressRoute connection.
• B. Increase the bandwidth of the existing ExpressRoute connection.
• C. Increase the bandwidth for the on-premises internet connection.
• D. Set up a VPN connection.

Answer: D

Explanation:

References:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/expressroutevpn-

NEW QUESTION 13

A company plans to use third-party application software to perform complex data analysis processes. The software will use up to 500 identical virtual machines (VMs) based on an Azure Marketplace VM image.
You need to design the infrastructure for the third-party application server. The solution must meet the following requirements:
The number of VMs that are running at any given point in time must change when the user workload changes.
When a new version of the application is available in Azure Marketplace it must be deployed without causing application downtime.
Use VM scale sets.
Minimize the need for ongoing maintenance.
Which two technologies should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. single storage account
• B. autoscale
• C. single placement group
• D. managed disks

Answer: BD

Explanation:
Introduction to Azure managed disks
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/managed-disks-overview "Using managed disks, you can create up to 50,000 VM disks of a type in a subscription per region, allowing you to create thousands of VMs in a single subscription. This feature also further increases the scalability of virtual machine scale sets by allowing you to create up to 1,000 VMs in a virtual machine scale set using a Marketplace image."

NEW QUESTION 14

You are planning the move of App1 to Azure. You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1. What should you recommend?

• A. Create an outgoing security rule for port 443 from the Interne
• B. Associate the NSG to all the subnets.
• C. Create an incoming security rule for port 443 from the Interne
• D. Associate the NSG to all the subnets.
• E. Create an incoming security rule for port 443 from the Interne
• F. Associate the NSG to the subnet that contains the web servers.
• G. Create an outgoing security rule for port 443 from the Interne
• H. Associate the NSG to the subnet that contains the web servers.

Answer: C

Explanation:
As App1 is public-facing we need an incoming security rule, related to the access of the web servers. Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: a SQL database, a web front end, and a processing middle tier.
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.

NEW QUESTION 15

You have an Azure subscription that contains the resource groups shown in the following table.

RG1 contains the virtual machines shown in the following table.

RG2 contains the virtual machines shown in the following table.

All the virtual machines are configured to use premium disks and are accessible from the Internet.
VM1 and VM2 are in an available set named AVSET1. VM3 and VM4 are in the same availability zone and are in an availability set named AVSET2. VM5 and VM6 are in different availability zones.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Yes
VM1 and VM2 are in an available set named AVSET1.
For all Virtual Machines that have two or more instances deployed in the same Availability Set, we [Microsoft] guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.95% of the time.
Box 2: No
VM3 and VM4 are in the same availability zone and are in an availability set named AVSET2. Box 3: Yes
VM5 and VM6 are in different availability zones.
For all Virtual Machines that have two or more instances deployed across two or more Availability Zones in the same Azure region, we [Microsoft] guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.99% of the time.
References:
https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_8/

NEW QUESTION 16

You have an Azure subscription that contains the resource groups shown in the following table.

You create an Azure Resource Manager template named Template1 as shown in the following exhibit.

From the Azure portal, you deploy Template1 four times by using the settings shown in the following table.

What is the result of the deployment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 17

You need to identify the storage requirements for Contoso.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Yes
Contoso is moving the existing product blueprint files to Azure Blob storage.
Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for these. Box 2: No
Box 3: No

NEW QUESTION 18

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server 2019. Server1 is a container host. You are creating a Dockerfile to build a container image.
You need to add a file named File1.txt from Server1 to a folder named C:\Folder1 in the container image. Solution: You add the following line to the Dockerfile.
XCOPY File1.txt C:\Folder1\
You then build the container image. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Copy is the correct command to copy a file to the container image. Furthermore, the root directory is specified as '/' and not as 'C:/'.
References:
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy https://docs.docker.com/engine/reference/builder/

NEW QUESTION 19

You have an Azure SQL database named Db1 that runs on an Azure SQL server named SQLserver1. You need to ensure that you can use the query editor on the Azure portal to query Db1.
What should you do?

• A. Modify the Advanced Data Security settings of Db1
• B. Configure the Firewalls and virtual networks settings for SQLserver1
• C. Copy the ADO.NET connection string of Db1 and paste the string to the query editor
• D. Approve private endpoint connections for SQLserver1

Answer: B

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-connect-query-portal

NEW QUESTION 20
......