Microsoft AZ-303 Exam Practice Test Instant Access

Question 1

You have an Azure Kubernetes Service (AKS) cluster named Cluster1 in a resource group named RG1.

An administrator plans to manage Clus1 from an Azure AD-joined device.

You need to ensure that the administrator can deploy the YAML application manifest file for a container application.

You install the Azure CLI on the device.

Which command should you run next?

Akubectl get nodes

Baz aks install-cli

Ckubectl apply --f app1.yaml

Daz aks get-credentials --resource-group RG1 --name Clus1

Answer : C

kubectl apply --f appl.yaml applies a configuration change to a resource from a file or stdin.

https://kubernetes.io/docs/reference/kubectl/overview/

https://docs.microsoft.com/en-us/cli/azure/aks

Question 2

You migrate WebApp1 to Azure.

You need to configure the AKS cluster to enable WebApp1 to access KV1. The solution must meet the authentication and authorization requirements.

What should you do?

AConfigure Azure role-based access control (Azure R8AQ for Kubernetes Authorization.

BConfigure a pod-managed identity.

CImplement pod security policies.

DImplement the Secrets Store CSl Driver.

Answer : B

Scenario: WebApp1 running on the AKS cluster must be able to retrieve secrets from KV1.

KV1 is an Azure Key Vault

Managed Identities are assigned to Azure resources which needs access to Azure Key Vault. This is the recommended approach as Azure automatically rotates the identity and app/service doesn't have to manage the secret.

Azure Active Directory (Azure AD) pod-managed identities use Kubernetes primitives to associate managed identities for Azure resources and identities in Azure AD with pods.

https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

https://docs.microsoft.com/en-us/azure/aks/use-azure-ad-pod-identity

Question 3

A company hosts virtual machines (VMs) in an on-premises datacenter and in Azure. The on-premises and Azure-based VMs communicate using ExpressRoute.

The company wants to be able to continue regular operations if the ExpressRoute connection fails. Failover connections must use the Internet and must not require Multiprotocol Label Switching (MPLS) support.

You need to recommend a solution that provides continued operations.

What should you recommend?

ASet up a second ExpressRoute connection.

BIncrease the bandwidth of the existing ExpressRoute connection.

CIncrease the bandwidth for the on-premises internet connection.

DSet up a VPN connection.

Answer : D

https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/expressroutevpn-failover

Question 4

You have an Azure subscription that contains the storage accounts shown in the following table.

You enable Azure Advanced Threat Protection (ATP) for all the storage accounts.

You need to identify which storage accounts will generate Azure ATP alerts.

Which two storage accounts should you identify? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Astoragecontoso1

Bstoragecontoso2

Cstoragecontoso3

Dstoragecontoso4

Estoraaecontoso5

Answer : A, B

Advanced threat protection for Azure Storage is currently available only for Blob Storage. https://docs.microsoft.com/en-us/azure/storage/common/storage-advanced-threat-protection?tabs=azure-portal

Question 5

You need to configure Azure AD Seamless SSO for Fabrikam. The solution must meet the authentication and authorization requirements.

What should you install first?

Athe Azure AD Connect provisioning agent on SERVER1

Bthe Azure AD Connect provisioning agent on DC1

CAzure AD Connect in staging mode on SERVER1

Dan Azure AD Connect primary server on SERVER1

Answer : A

The Litware and Fabrikam datacenters are not connected.

Azure AD Connect Cloud Sync provides support for synchronizing to an Azure AD tenant from a multi-forest disconnected Active Directory forest environment.

https://docs.microsoft.com/en-us/azure/active-directory/cloud-sync/what-is-cloud-sync

Question 6

You have an Azure SQL database named Db1 that runs on an Azure SQL server named SQLserver1.

You need to ensure that you can use the query editor on the Azure portal to query Db1.

What should you do?

AModify the Advanced Data Security settings of Db1

BConfigure the Firewalls and virtual networks settings for SQLserver1

CCopy the ADO.NET connection string of Db1 and paste the string to the query editor

DApprove private endpoint connections for SQLserver1

Answer : B

https://docs.microsoft.com/en-us/azure/sql-database/sql-database-connect-query-portal

Question 7

You need to move the blueprint files to Azure.

What should you do?

AGenerate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.

BUse the Azure Import/Export service.

CGenerate an access key. Map a drive, and then copy the files by using File Explorer.

DUse Azure Storage Explorer to copy the files.

Answer : D

Azure Storage Explorer is a free tool from Microsoft that allows you to work with Azure Storage data on Windows, macOS, and Linux. You can use it to upload and download data from Azure blob storage.

Scenario:

Planned Changes include: move the existing product blueprint files to Azure Blob storage.

Technical Requirements include: Copy the blueprint files to Azure over the Internet.

Microsoft AZ-303 Microsoft Azure Architect Technologies Exam Practice Test