The latest updated Microsoft AZ-303 exam dumps and free AZ-303 exam practice questions and answers! Latest updates from leads4pass Microsoft AZ-303 Dumps PDF and AZ-303 Dumps VCE, leads4pass AZ-303 exam questions updated and answers corrected!
Get the full Microsoft AZ-303 dumps from https://www.leads4pass.com/az-303.html (VCE&PDF)
Latest AZ-303 PDF for free
Share the Microsoft AZ-303 Dumps PDF for free From leads4pass AZ-303 Dumps part of the distraction collected on Google Drive shared by leads4pass
https://drive.google.com/file/d/1X4pNue3LHQL_f8DuIL9BaoHzydZ37rpX/
Latest leads4pass AZ-303 Youtube
Share the latest Microsoft AZ-303 exam practice questions and answers for free from Led4Pass Dumps viewed online by Youtube Videos
The latest updated Microsoft AZ-303 Exam Practice Questions and Answers Online Practice Test is free to share from leads4pass (Q1-Q13)
QUESTION 1
You have an Azure Active Directory (Azure AD) tenant linked to an Azure subscription. The tenant contains a group
named Admins.
You need to prevent users, except for the members of Admins, from using the Azure portal and Azure PowerShell to
access the subscription.
What should you do?
A. From Azure AD, configure the User settings.
B. From the Azure subscription, assign an Azure policy.
C. From Azure AD, create a conditional access policy.
D. From the Azure subscription, configure Access control (IAM).
Correct Answer: D
Â
QUESTION 2
HOTSPOT
You plan to create an Azure Storage account in the Azure region of East US 2.
You need to create a storage account that meets the following requirements:
Replicates synchronously
Remains available if a single data center in the region fails
How should you configure the storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Zone-redundant storage (ZRS)
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
LRS would not remain available if a data center in the region fails
GRS and RA GRS use asynchronous replication.
Box 2: StorageV2 (general purpose V2)
ZRS only supports GPv2.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs
Â
QUESTION 3
You need to recommend an identity solution that meets the technical requirements.
What should you recommend?
A. password hash synchronization and single sign-on (SSO)
B. federated single sign-on (SSO) and Active Directory Federation Services (AD FS)
C. Pass-through Authentication and single sign-on (SSO)
D. cloud-only user accounts
Correct Answer: C
With Pass-through Authentication, the on-premises passwords are never stored in the cloud in any form.
Scenario:
Prevent user passwords or hashes of passwords from being stored in Azure.
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their
identity.
Minimize administrative effort whenever possible.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta
Â
QUESTION 4
HOTSPOT
Your network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD), tenant
named adatum.onmicrosoft.com.
Adatum.com contains the user accounts in the following table.
Adatum.onmicrosoft.com contains the user accounts in the following table.
You need to implement Azure AD Connect. The solution must follow the principle of least privilege.
Which user accounts should you use in Adatum.com and Adatum.onmicrosoft.com to implement Azure AD Connect? To
answer select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: User5
In Express settings, the installation wizard asks for the following:
AD DS Enterprise Administrator credentials
Azure AD Global Administrator credentials
The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are
only used during the installation and are not used after the installation has completed. The Enterprise Admin, not the
Domain
Admin should make sure the permissions in Active Directory can be set in all domains.
Box 2: UserA
Azure AD Global Admin credentials are only used during the installation and are not used after the installation has
completed. It is used to create the Azure AD Connector account used for synchronizing changes to Azure AD. The
account
also enables sync as a feature in Azure AD.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-accounts-permissions
Â
QUESTION 5
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that contains the user groups shown in the following table.
You enable self-service password reset (SSPR) for Group1.
You configure the Notifications settings as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Yes
Notify all admins when other admins reset their passwords: Yes.
Box 2: No
Notify users on password resets: No.
Box 3: No Notify users on password resets
If this option is set to Yes, then users resetting their password receive an email notifying them that their password has
been changed. The email is sent via the SSPR portal to their primary and alternate email addresses that are on file in
Azure AD. No one else is notified of the reset event. Notify all admins when other admins reset their passwords
If this option is set to Yes, then all administrators receive an email to their primary email address on file in Azure AD.
The email notifies them that another administrator has changed their password by using SSPR.
Example: There are four administrators in an environment. Administrator A resets their password by using SSPR.
Administrators B, C, and D receive an email alerting them of the password reset.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr
Â
QUESTION 6
You have an Azure Cosmos DB account named Account1. Account1 includes a database named DB1 that contains a
container named Container 1. The partition key tor Container1 is set to /city.
You plan to change the partition key for Container1
What should you do first?
A. Delete Container1
B. Create a new container in DB1
C. Regenerate the keys for Account1.
D. Implement the Azure CosmosDB.NET SDK
Correct Answer: B
The good news is that there are two features, the Change Feed Processor and Bulk Executor Library, in Azure Cosmos
DB that can be leveraged to achieve a live migration of your data from one container to another. This allows you to
redistribute your data to match the desired new partition key scheme, and make the relevant application changes afterward, thus achieving the effect of “updating your partition key”.
Reference:
https://devblogs.microsoft.com/cosmosdb/how-to-change-your-partition-key/
Â
QUESTION 7
You have an Azure Kubernetes Service (AKS) cluster named Clus1 in a resource group named RG1.
An administrator plans to manage Clus1 from an Azure AD-joined device.
You need to ensure that the administrator can deploy the YAML application manifest file for a container application.
You install the Azure CLI on the device.
Which command should you run next?
A. kubectl get nodes
B. az aks install-CLI
C. kubectl apply –f app1.YAML
D. az aks get-credentials –resource-group RG1 –name Clus1
Correct Answer: C
References:
https://kubernetes.io/docs/reference/kubectl/overview/
https://docs.microsoft.com/en-us/cli/azure/aks
Â
QUESTION 8
You have two Azure SQL Database managed instances in different Azure regions.
You plan to configure the managed instances in an instance failover group.
What should you configure before you can add the managed instances to the instance failover group?
A. Azure Private Link that has endpoints on two virtual networks
B. A Site-to-Site VPN between the virtual networks that contain the instances.
C. An Azure Application Gateway that has managed instance endpoints in a backend pool.
D. An internal Azure Load Balancer instance that has managed instance endpoints in a backend pool.
Correct Answer: B
Â
QUESTION 9
You need to meet the user requirement for Admin1. What should you do?
A. From the Subscriptions blade, select the subscription and then modify the Properties.
B. From the Subscriptions blade, select the subscription and then modify the Access control (IAM) settings.
C. From the Azure Active Directory blade, modify the Properties.
D. From the Azure Active Directory blade, modify the Groups.
Correct Answer: A
Change the Service administrator for an Azure subscription
Sign in to Account Center as the Account administrator.
Select a subscription.
On the right side, select Edit subscription details.
Scenario: Designate a new user named Admin1 as the service administrator of the Azure subscription.
References:
https://docs.microsoft.com/en-us/azure/billing/billing-add-change-azure-subscription-administrator
Â
QUESTION 10
You are designing an Azure solution.
The solution must meet the following requirements:
*
Distribute traffic to different pools of dedicated virtual machines (VMs) based on rules
*
Provide SSL offloading capabilities
You need to recommend a solution to distribute network traffic.
Which technology should you recommend?
A.
server-level firewall rules
B.
Azure Application Gateway
C.
Azure Traffic Manager
D.
Azure Load Balancer
Correct Answer: B
If you require “SSL offloading”, application layer treatment, or wish to delegate certificate management to Azure, you
should use Azure\\’s layer 7 load balancer Application Gateway instead of the Load Balancer. References:
https://docs.microsoft.com/en-us/azure/application-gateway/overview
Â
QUESTION 11
You create a container image named Image1 on a developer workstation.
You plan to create an Azure Web App for Containers named WebAppContainer that will use Image1.
You need to upload Image1 to Azure. The solution must ensure that WebAppContainer can use Image1.
To which storage type should you upload Image1?
A. Azure Container Registry
B. an Azure Storage account that contains a blob container
C. an Azure Storage account that contains a file share
D. Azure Container Instances
Correct Answer: A
Configure registry credentials in the web app.
App Service needs information about your registry and image to pull the private image. In the Azure portal, go to
Container settings from the web app and update the Image source, Registry and save.
References:
https://docs.microsoft.com/en-us/azure/devops/pipelines/targets/webapp-on-container-linux
Â
QUESTION 12
You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter
image. You need to ensure that when the scale set virtual machines are provisioned, they have web server components
installed. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each
correct selection is worth one point.
A. Create a new virtual machine scale set in the Azure portal.
B. Create an automation account.
C. Upload a configuration script.
D. Modify the extensionProfile section of the Azure Resource Manager template.
E. Create an Azure policy.
Correct Answer: AD
References: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-template
Â
QUESTION 13
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers
that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are
available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.
You need to ensure that Admin1 can create access reviews in contoso.com.
Solution: You create an access package.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
You do not use access packages for Identity Governance. Instead, use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key
features of PIM include:
Conduct access reviews to ensure users still need roles
References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview
Fulldumps shares the latest updated Microsoft AZ-303 exam exercise questions, AZ-303 dumps pdf, and Youtube video learning for free.
All exam questions and answers come from the leads4pass exam dumps shared part! leads4pass updates throughout the year and shares a portion of your exam questions for free to help you understand the exam content and enhance your exam experience!
Get the full Microsoft AZ-303 exam readiness dump questions at https://www.leads4pass.com/az-303.html (pdf&vce)
ps.
Get free Microsoft AZ-303 dumps PDF online: https://drive.google.com/file/d/1X4pNue3LHQL_f8DuIL9BaoHzydZ37rpX/