Microsoft AZ-303 Exam Practice Test Instant Access

Question 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription.

You have an on-premises file server named Server1 that runs Windows Server 2019.

You manage Server1 by using Windows Admin Center.

You need to ensure that if Server1 fails, you can recover Server1 files from Azure.

Solution: From the Azure portal, you create a Recovery Services vault. On Server1, you install the Azure Backup agent and you successfully perform a backup.

Does this meet the goal?

AYes

BNo

Answer : B

Instead use Azure Storage Sync service and configure Azure File.

Use Azure File Sync to centralize your organization's file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms Windows Server into a quick cache of your Azure file share.

https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction

Question 2

You are designing an Azure solution.

The solution must meet the following requirements:

* Distribute traffic to different pools of dedicated virtual machines (VMs) based on rules

* Provide SSL offloading capabilities

You need to recommend a solution to distribute network traffic.

Which technology should you recommend?

Aserver-level firewall rules

BAzure Application Gateway

CAzure Traffic Manager

DAzure Load Balancer

Answer : B

If you require 'SSL offloading', application layer treatment, or wish to delegate certificate management to

Azure, you should use Azure's layer 7 load balancer Application Gateway instead of the Load Balanacer.

Question 3

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.

You plan to install Azure AD Connect and enable SSO.

You need to specify which user to use to enable SSO. The solution must use the principle of least privilege.

Which user should you specify?

AUser4

BUser1

CUser3

DUser2

Answer : B

You need to have domain administrator credentials for each Active Directory forest that:

You synchronize to Azure AD through Azure AD Connect.

Contains users you want to enable for Seamless SSO.

Note: The domain administrator credentials are not stored in Azure AD Connect or in Azure AD. They're used only to enable Seamless SSO through Azure AD Connect.

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start

Question 4

You have an Azure Container Registry and an Azure container instance.

You pull an image from the registry, and then update the local copy of the image.

You need to ensure that the updated image can be deployed to the container instance. The solution must ensure that you can deploy the updated image or the previous version of the image.

What should you do?

ARun the docker image push command and specify the tag parameter.

BRun the az image copy command and specify the tag parameter.

CRun the az aks update command and specify the attach-acr parameter.

DRun the kubectl apply command and specify the dry-run parameter.

Answer : A

The command 'docker image push' pushes an image or a repository to a registry.

https://docs.docker.com/engine/reference/commandline/image_push/

https://docs.microsoft.com/en-us/cli/azure/ext/image-copy-extension/image

https://docs.microsoft.com/en-us/cli/azure/aks

https://kubernetes.io/docs/reference/kubectl/cheatsheet/#kubectl-apply

Question 5

You create the user-assigned identities shown in the following table.

You create a virtual machine that has the following configurations:

* Name:VM1

* Location: West US

* Resource group: RG1

Which managed identities can you add to VM1?

AIdentity1 and Identity2 only

BIdentity1 only

CIdentity1, idenity2 and Identity3

DIdentity1 and Identity3 only

Answer : C

https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/managed-identities-faq

Question 6

You need to ensure that you can implement Azure AD Seamless SSO for Fabrikam. The solution must meet the following requirements:

Support the planned changes.

Meet the authentication and authorization requirements.

What should you do?

ACreate a new Azure AD tenant named fabrikam.com

BFrom the Fabrikam forest, configure an additional UPN suffix of Litware.com.

CFrom the Fabrikam forest, configure all users to have a UPN suffix ofLitware.com.

DFrom the Litware.com tenant, add a custom domain named fabrikam com.

Answer : D

Question 7

You have Azure virtual machines deployed to three Azure regions. Each region contains a single virtual network that has four virtual machines on the same subnet. Each virtual machine runs an application named App1. App1 is accessible by using HTTPS. Currently, the virtual machines are inaccessible from the internet.

You need to use Azure Front Door to load balance requests for App1 across all the virtual machines.

Which additional Azure service should you provision?

Aa public Azure Load Balancer

BAzure Traffic Manager

Can internal Azure Load Balancer

DAzure Private Link

Answer : C

Can we deploy Azure Load Balancer behind Front Door?

Azure Front Door needs a public VIP or a publicly available DNS name to route the traffic to. Deploying an Azure Load Balancer behind Front Door is a common use case.

https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq

Microsoft Azure Architect Technologies AZ-303 Exam Practice Test