What High Value AZ-303 Training Tools Is

NEW QUESTION 1

You have the virtual machines shown in the following table.

You deploy an Azure bastion named Bastion1 to VNET1.
To which virtual machines can you connect by using Bastion1?

• A. VM1 only
• B. VM1 and VM2 only
• C. VM2 and VM3 only
• D. VM1, VM2, and VM3

Answer: C

NEW QUESTION 2

You have an Azure logic app named App1 and an Azure Service Bus queue named Queue1.
You need to ensure that App1 can read messages from Queue1. App1 must authenticate by using Azure Active Directory (Azure AD).
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
On App1: Turn on the managed identity
To use Service Bus with managed identities, you need to assign the identity the role and the appropriate scope. The procedure in this section uses a simple application that runs under a managed identity and accesses Service Bus resources.
Once the application is created, follow these steps:
Go to Settings and select Identity.
Select the Status to be On.
Select Save to save the setting.
On Queue1: Configure Access Control (IAM)
Azure Active Directory (Azure AD) authorizes access rights to secured resources through role-based access control (RBAC). Azure Service Bus defines a set of built-in RBAC roles that encompass common sets of permissions used to access Service Bus entities and you can also define custom roles for accessing the data.
Assign RBAC roles using the Azure portal
In the Azure portal, navigate to your Service Bus namespace. Select Access Control (IAM) on the left menu to display access control settings for the namespace. If you need to create a Service Bus namespace.
Select the Role assignments tab to see the list of role assignments. Select the Add button on the toolbar and then select Add role assignment.
Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/authenticate-application https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-managed-service-identity

NEW QUESTION 3

Your company has an office in Seattle.
You have an Azure subscription that contains a virtual network named VNET1. You create a site-to-site VPN between the Seattle office and VNET1.
VNET1 contains the subnets shown in the following table.

You need to redirect all Internet-bound traffic from Subnet1 to the Seattle office. What should you create?

• A. a route for Subnet1 That uses the virtual network gateway as the next hop
• B. a route for GatewaySubnet that uses the virtual network gateway as the next hop
• C. a route for GatewaySubnet that uses the local network gateway as the next hop
• D. a route for Subnet1 that uses The local network gateway as the next hop

Answer: B

Explanation:
A route with the 0.0.0.0/0 address prefix instructs Azure how to route traffic destined for an IP address that is not within the address prefix of any other route in a subnet's route table. When a subnet is created, Azure creates a default route to the 0.0.0.0/0 address prefix, with the Internet next hop type. We need to create a custom route in Azure to use a virtual network gateway in the Seattle office as the next hop.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview

NEW QUESTION 4

You have an Azure Active Directory (Azure AD) tenant that contains the user groups shown in the following table.

You enable self-service password reset (SSPR) for Group1.
You configure the Notifications settings as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Yes
Notify all admins when other admins reset their passwords: Yes. Box 2: No
Notify users on password resets: No. Box 3: No
Notify users on password resets
If this option is set to Yes, then users resetting their password receive an email notifying them that their password has been changed. The email is sent via the SSPR portal to their primary and alternate email addresses that are on file in Azure AD. No one else is notified of the reset event.
Notify all admins when other admins reset their passwords
If this option is set to Yes, then all administrators receive an email to their primary email address on file in Azure AD. The email notifies them that another administrator has changed their password by using SSPR.
Example: There are four administrators in an environment. Administrator A resets their password by using SSPR. Administrators B, C, and D receive an email alerting them of the password reset.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr

NEW QUESTION 5

Your network contains an on-premises Active Directory domain named contoso.com that contains a user named User1. The domain syncs to Azure Active Directory (Azure AD). You have the Windows 10 devices shown in the following table.

The User Sign-In settings are configured as shown in the following exhibit.


For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 6

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server 2021. Server1 is a container host. You are creating a Dockerfile to build a container image.
You need to add a file named File1.txt from Server1 to a folder named C:Folder1 in the container image. Solution: You add the following line to the Dockerfile.
XCOPY File1.txt C:Folder1
You then build the container image. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Copy is the correct command to copy a file to the container image. Furthermore, the root directory is specified as '/' and not as 'C:/'.
References:
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy https://docs.docker.com/engine/reference/builder/

NEW QUESTION 7

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server 2021. Server1 is a container host. You are creating a Dockerfile to build a container image.
You need to add a file named File1.txt from Server1 to a folder named C:Folder1 in the container image. Solution: You add the following line to the Dockerfile.
COPY File1.txt /Folder1/
You then build the container image. Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
Copy is the correct command to copy a file to the container image. References:
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy https://docs.docker.com/engine/reference/builder/

NEW QUESTION 8

You need to identify the storage requirements for Contoso.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Yes
Contoso is moving the existing product blueprint files to Azure Blob storage.
Use unmanaged standard storage for the hard disks of the virtual machines. We use Page Blobs for these. Box 2: No
Box 3: No

NEW QUESTION 9

Your network contains an on-premises Active Directory domain named contoso.com that contains a member server named Server1.
You have the accounts shown in the following table.

You are installing Azure AD Connect on Server1.
You need to specify the account for Azure AD Connect synchronization.
The solution must use the principle of least privilege.
Which account should you specify?

• A. CONTOSOUser2
• B. SERVER1User4
• C. CONTOSOUser1
• D. CONTOSOUser3

Answer: A

Explanation:
The default Domain User permissions are sufficient Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions

NEW QUESTION 10

An administrator plans to create a function app in Azure that will have the following settings:
Runtime stack: .NET Core
Operating System: Linux
Plan type: Consumption
Enable Application Insights: Yes
You need to ensure that you can back up the function app.
Which settings should you recommend changing before creating the function app? D18912E1457D5D1DDCBD40AB3BF70D5D

• A. Runtime stack
• B. Enable Application Insights
• C. Operating System
• D. Plan type

Answer: D

Explanation:
The Backup and Restore feature requires the App Service plan to be in the Standard, Premium or Isolated tier. Reference:
https://docs.microsoft.com/en-us/azure/app-service/manage-backup#requirements-and-restrictions

NEW QUESTION 11

You have SQL Server on an Azure virtual machine named SQL1.
You need to automate the backup of the databases on SQL1 by using Automated Backup v2 for the virtual machines. The backups must meet the following requirements:
• Meet a recovery point objective (RPO) of 15 minutes.
• Retain the backups for 30 days.
• Encrypt the backups at rest.
What should you provision as part of the backup solution?

• A. Azure Key Vault
• B. an Azure Storage account
• C. a Recovery Services vault
• D. Elastic Database jobs

Answer: B

Explanation:
An Azure storage account is used for storing Automated Backup files in blob storage. A container is created at this location to store all backup files. The backup file naming convention includes the date, time, and database GUID.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/automated-backup

NEW QUESTION 12

You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

The tenant contains computers that run Windows 10. The computers are configured as shown in the following table.

You enable Enterprise State Roaming in contoso.com for Group1 and GroupA.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Enterprise State Roaming provides users with a unified experience across their Windows devices and reduces the time needed for configuring a new device.
Box 1: Yes
Box 2: No
Box 3: Yes References:
https://docs.microsoft.com/en-us/azure//////active-directory/devices/enterprise-state-roaming-overview

NEW QUESTION 13

You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. Virtual machines connect to the virtual networks.
The virtual networks have the address spaces and the subnets configured as shown in the following table.

You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and VNet2 can communicate.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Step 1: Remove peering between Vnet1 and VNet2.
You can't add address ranges to, or delete address ranges from a virtual network's address space once a virtual network is peered with another virtual network. To add or remove address ranges, delete the peering, add or remove the address ranges, then re-create the peering. Step 2: Add the 10.44.0.0/16 address space to VNet1. Step 3: Recreate peering between VNet1 and VNet2 References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering

NEW QUESTION 14

You need to recommend a solution for App1. The solution must meet the technical requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: 3
One virtual network for every tier Box 2: 1
Only one subnet for each tier, to minimize the number of open ports.
Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: A SQL database
A web front end
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only. Technical requirements:
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.

NEW QUESTION 15

You need to recommend an identify solution that meets the technical requirements.
What should you recommend?

• A. federated single-on (SSO) and Active Directory Federation Services (AD FS)
• B. password hash synchronization and single sign-on (SSO)
• C. cloud-only user accounts
• D. Pass-through Authentication and single sign-on (SSO)

Answer: D

Explanation:
Active Directory Federation Services is a feature and web service in the Windows Server Operating System that allows sharing of identity information outside a company’s network.
Scenario: Technical Requirements include:
Prevent user passwords or hashes of passwords from being stored in Azure. References: https://www.sherweb.com/blog/active-directory-federation-services/

NEW QUESTION 16

You have an Azure Resource Manager template for a virtual machine named Template1. Template1 has the following parameters section.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Yes
The Resource group is not specified.
Box 2: No
The default value for the operating system is Windows 2021 Datacenter.
Box 3: Yes
Location is no default value. References:
https://docs.microsoft.com/bs-latn-ba/azure/virtual-machines/windows/ps-template

NEW QUESTION 17

: 292 HOTSPOT
From Azure Cosmos DB, you create the containers shown in the following table.

You add the following item to Container1.

You plan to add items to Azure Cosmos DB as shown in the following table.

You need to identify which items can be added successfully to Container1 and Container2.
What should you identify for each container? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 18

You have an Azure subscription.
You create a custom role in Azure by using the following Azure Resource Manager template.

You assign the role to a user named User1. Which action can User1 perform?

• A. Delete virtual machines.
• B. Create resource groups.
• C. Create virtual machines.
• D. Create support requests

Answer: D

Explanation:
The "Microsoft.Support/*" operation will allow the user to create support tickets. References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell

NEW QUESTION 19

You have an Azure subscription that contains an Azure key vault named KeyVault1 and the virtual machines shown in the following table.

KeyVault1 has an access policy that provides several users with Create Key permissions. You need to ensure that the users can only register secrets in KeyVault1 from VM1. What should you do?

• A. Create a network security group (NSG) that is linked to Subnet1.
• B. Configure the Firewall and virtual networks settings for KeyVault1.
• C. Modify the access policy for KeyVault1.
• D. Configure KeyVault1 to use a hardware security module (HSM).

Answer: C

Explanation:
You grant data plane access by setting Key Vault access policies for a key vault. Note 1: Grant our VM’s system-assigned managed identity access to the Key Vault.
Select Access policies and click Add new.
In Configure from template, select Secret Management.
Choose Select Principal, and in the search field enter the name of the VM you created earlier. Select the VM in the result list and click Select.
Click OK to finishing adding the new access policy, and OK to finish access policy selection.
Note 2: Access to a key vault is controlled through two interfaces: the management plane and the data plane. The management plane is where you manage Key Vault itself. Operations in this plane include creating and deleting key vaults, retrieving Key Vault properties, and updating access policies. The data plane is where you work with the data stored in a key vault. You can add, delete, and modify keys, secrets, and certificates.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm https://docs.microsoft.com/en-us/azure/key-vault/general/secure-your-key-vault2

NEW QUESTION 20

You have Azure Storage accounts as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Note: The three different storage account options are: General-purpose v2 (GPv2) accounts, General-purpose v1 (GPv1) accounts, and Blob storage accounts.
General-purpose v2 (GPv2) accounts are storage accounts that support all of the latest features for blobs, files, queues, and tables.
Blob storage accounts support all the same block blob features as GPv2, but are limited to supporting only block blobs.
General-purpose v1 (GPv1) accounts provide access to all Azure Storage services, but may not have the latest features or the lowest per gigabyte pricing.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-options

NEW QUESTION 21
......