March Sale Special - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

Note! AZ-303 has been withdrawn. The new exam code is AZ-305

AZ-303 Microsoft Azure Architect Technologies Questions and Answers

Question # 6

You migrate WebApp1 to Azure.

You need toconfigure the AKS cluster to enable WebApp1 to access KV1. The solution must meet the authentication and authorization requirements.

What should you do?

A.

Configure Azure role-based access control (Azure R8AQ for KubernetesAuthorization.

B.

Configure a pod-managed identity.

C.

Implement pod security policies.

D.

Implement the Secrets Store CSl Driver.

Full Access
Question # 7

You migrate WebApp1 to Azure.

You need to implementa traffic filtering solution for WebApp1. The solution must meet the security requirements.

What should you do?

A.

Configure the Threat intelligence settings for FW1.

B.

Deploy an Azure Application Gateway to VNet1.

C.

Deploy Azure Bastion to VNet1

D.

Configure an inbound rule on FW1.

Full Access
Question # 8

You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation?To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-303 question answer

Full Access
Question # 9

You create the following Azure role definition.

AZ-303 question answer

Youneed to create Role1 by using the role definition.

Which two values should you modify before you create Role1? Each correct answer presents part of the solution.

NOTE:Each correct selection is worth one point.

A.

AssignableScopes

B.

Description

C.

DataActions

D.

IsCustom

E.

Id

Full Access
Question # 10

You need to configure the Device settings to meet the technical requirements and the user requirements.

Which two settings should you modify? To answer, select the appropriate settings in the answer area.

AZ-303 question answer

Full Access
Question # 11

You need to move the blueprint files to Azure.

What should you do?

A.

Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.

B.

Use the Azure Import/Export service.

C.

Generate an access key. Map a drive, and then copy the files by using File Explorer.

D.

Use Azure Storage Explorer to copy the files.

Full Access
Question # 12

You need to identify the storage requirements for Contoso.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE:Each correct selection is worthone point.

AZ-303 question answer

Full Access
Question # 13

Youhave an Azure SQL database named DB1.

You plan to create the following four tables in DB1 by using the following code.

AZ-303 question answer

You need to identify which table must be created last.

What should you identify? To answer, select the appropriate options inthe answer area.

NOTE:Each correct selection is worth one point.

A.

Table1

B.

Table2

C.

Table3

D.

Table4

Full Access
Question # 14

You have the virtual machines shown in the following table.

AZ-303 question answer

You deploy an Azure bastion named Bastion1 to VNET1.

To which virtual machines can you connect by using Bastion1?

A.

VM1 only

B.

VM1 and VM2only

C.

VM2 and VM3 only

D.

VM1, VM2, and VM3

Full Access
Question # 15

A company hosts virtual machines (VMs) in an on-premises datacenter and in Azure. The on-premises and Azure-based VMs communicate using ExpressRoute.

The company wants to be able to continue regular operations if the ExpressRoute connection fails. Failover connections must use the Internet and must not require Multiprotocol Label Switching (MPLS)support.

You need to recommend a solution that provides continued operations.

What should you recommend?

A.

Set up a second ExpressRoute connection.

B.

Increase the bandwidth of the existing ExpressRoute connection.

C.

Increase the bandwidth for theon-premises internet connection.

D.

Set up a VPN connection.

Full Access
Question # 16

You have an Azure subscription that contains an Azure Sentinel workspace. Sentinel is configured to monitor several Azure resources.

You need to send notification emails to resource owners when alerts or recommendations are generated for a resource.

What should you use?

A.

Logic Apps Designer

B.

Azure Security Center

C.

Azure Pipelines

D.

Azure Machine Learning Studio

Full Access
Question # 17

You have an Azure key vault named KV1 and an Azure web app named WebApp1. WebApp1 runs in a Shared App Service plan.

You need to grantWebApp1 permissions to KV1.

What should you do?

A.

Change to a Standard App Service plan.

B.

Add a certificate to WebApp1

C.

Change to a Basic App Service plan.

D.

Add a managed identity to WebApp1.

Full Access
Question # 18

You have an application named App1 that does not support Azure Active Directory (Azure AD) authentication.

You need to ensure that App1 can sendmessages to an Azure Service Bus queue. The solution must prevent Appl from listening to the queue.

What should you do?

A.

Modify the locks of the Queue

B.

Configure Access control (IAM) for the Service Bus

C.

Configure Access control (IAM)for the queue.

D.

Add a shared access policy to the queue

Full Access
Question # 19

You have an Azure Kubernetes Service (AKS) cluster named cluster1.

You plan to create a Helm chart that will deploy a customcontainerized application named App1. App1 has a dependency on another chart

You need to recommend a solution that meets the following requirements:

• Creates the Helm chart directory structure

• Updates the contents of the directory structure toinclude the chart dependency

Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

AZ-303 question answer

Full Access
Question # 20

You need to design an authentication solution that will integrate on-premises Active Directory and Azure Active Directory (Azure AD). The solution must meet the following requirements:

  • ActiveDirectory users must not be able to sign in to Azure AD-integrated apps outside of the sign-in hours configured in the Active Directory user accounts.
  • Active Directory users must authenticate by using multi-factor authentication (MFA) when they sign in toAzure AD-integrated apps.
  • Administrators must be able to obtain Azure AD-generated reports that list the Active Directory users who have leaked credentials.
  • The infrastructure required to implement and maintain the solution must be minimized.

Whatshould you include in the solution? To answer, select the appropriate options in the answer area.

NOTE:Each correct selection is worth one point.

AZ-303 question answer

Full Access
Question # 21

You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using Azure ExpressRoute.

You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.

Which three actions should you perform? Eachcorrect answer presents part of the solution.

NOTE:Each correct selection is worth one point.

A.

Create a VPN gateway that uses the VpnGw1 SKU.

B.

Create a connection.

C.

Create a local site VPN gateway.

D.

Create a gateway subnet.

E.

Create a VPNgateway that uses the Basic SKU.

Full Access
Question # 22

You have an Azure data factory named ADF1.

A pipeline in ADF1 must authenticate to an Azure SQL database to perform scheduled data exports.

You need to recommend an authentication solution for the connection. The solution must minimize the risks associated with stored usernames and passwords.

Which type of authentication should you recommend?

A.

Azure Active Directory - Universal with MFA

B.

Windows Authentication

C.

SQL Server authentication

D.

Managed Service Identity (MSI)

Full Access