Pass Your AZ-303 Exam at the First Try with 100% Real Exam Questions [Q72-Q87]

Pass Your AZ-303 Exam at the First Try with 100% Real Exam Questions

New Microsoft AZ-303 Dumps & Questions Updated on 2022

NEW QUESTION 72
You have an app named App1 that uses data from two on-premises Microsoft SQL Server databases named DB1 and DB2.
You plan to move DB1 and DB2 to Azure.
You need to implement Azure services to host DB1 and DB2. The solution must support server-side transactions across DB1 and DB2.
Solution: You deploy DB1 and DB2 to SQL Server on an Azure virtual machine.
Does this meet the goal?

• A. NO
• B. Yes

Answer: B

Explanation:
Explanation
Understanding distributed transactions.
When both the database management system and client are under the same ownership (e.g. when SQL Server is deployed to a virtual machine), transactions are available and the lock duration can be controlled.
Reference:
https://docs.particular.net/nservicebus/azure/understanding-transactionality-in-azure

NEW QUESTION 73
You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table:

VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and VNet2. An administrator named Admin1 creates an Azure virtual machine VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1.
You need to move the custom application to VNet2. The solution must minimize administrative effort.
Which two actions should you perform? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://blogs.technet.microsoft.com/canitpro/2014/06/16/step-by-step-move-a-vm-to-a-different-vnet-on-azure/
https://4sysops.com/archives/move-an-azure-vm-to-another-virtual-network-vnet/#migrate-an-azure-vm-between-vnets

NEW QUESTION 74
SIMULATION
Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.






When you are finished performing all the tasks, click the 'Next' button.
Note that you cannot return to the lab once you click the 'Next' button. Scoring occur in the background while you complete the rest of the exam.
Overview
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment.
While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
To start the lab
You may start the lab by clicking the Next button.
You plan to prevent users from accidentally deleting blob data from Azure.
You need to ensure that administrators can recover any blob data that is deleted accidentally from the corpdata7523690n1 storage account for 14 days after the deletion occurred.
What should you do from the Azure portal?

Answer:

Explanation:
See explanation below.
Section: [none]
Explanation:
Task A: Create a Recovery Services vault (if a vault already exists skip this task, go to Task B below) A1. From Azure Portal, On the Hub menu, click All services and in the list of resources, type Recovery Services and click Recovery Services vaults.

If there are recovery services vaults in the subscription, the vaults are listed.
A2. On the Recovery Services vaults menu, click Add.

A3. The Recovery Services vault blade opens, prompting you to provide a Name, Subscription, Resource group, and Location Task B. Create a backup goal B1. On the Recovery Services vault blade (for the vault you just created), in the Getting Started section, click Backup, then on the Getting Started with Backup blade, select Backup goal.

The Backup Goal blade opens. If the Recovery Services vault has been previously configured, then the Backup Goal blades opens when you click Backup on the Recovery Services vault blade.
B2. From the Where is your workload running? drop-down menu, select Azure.

B3. From the What do you want to backup? menu, select Blob Storage, and click OK.
B4. Finish the Wizard.
Task C. create a backup schedule
C1. Open the Microsoft Azure Backup agent. You can find it by searching your machine for Microsoft Azure Backup.

C2. In the Backup agent's Actions pane, click Schedule Backup to launch the Schedule Backup Wizard.

C3. On the Getting started page of the Schedule Backup Wizard, click Next.
C4. On the Select Items to Backup page, click Add Items.
The Select Items dialog opens.
C5. Select Blob Storage you want to protect, and then click OK.
C6.In the Select Items to Backup page, click Next.
On the Specify Backup Schedule page, specify Schedule a backup every day, and click Next.

C7. On the Select Retention Policy page, set it to 14 days, and click Next.

C8. Finish the Wizard.
References:
https://docs.microsoft.com/en-us/azure/backup/backup-configure-vault

NEW QUESTION 75
You have an Azure subscription named Subscription1.
Subscription1 contains the virtual machines in the following table:

Subscription1 contains a virtual network named VNet1 that has the subnets in the following table.

VM3 has multiple network adapters, including a network adapter named NIC3. IP forwarding is enabled on NIC3. Routing is enabled on VM3.
You create a route table named RT1 that contains the routers in the following table.

You apply RT1 to Subnet1 and Subnet2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
IP forwarding enables the virtual machine a network interface is attached to:
Receive network traffic not destined for one of the IP addresses assigned to any of the IP configurations assigned to the network interface.
Send network traffic with a different source IP address than the one assigned to one of a network interface's IP configurations.
The setting must be enabled for every network interface that is attached to the virtual machine that receives traffic that the virtual machine needs to forward. A virtual machine can forward traffic whether it has multiple network interfaces or a single network interface attached to it.
Box 1: Yes
The routing table allows connections from VM3 to VM1 and VM2. And as IP forwarding is enabled on VM3, VM3 can connect to VM1.
Box 2: No
VM3, which has IP forwarding, must be turned on, in order for VM2 to connect to VM1.
Box 3: Yes
The routing table allows connections from VM1 and VM2 to VM3. IP forwarding on VM3 allows VM1 to connect to VM2 via VM3.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
https://www.quora.com/What-is-IP-forwarding

NEW QUESTION 76
You need to implement a backup solution for App1 after the application is moved.
What should you create first?

• A. a backup policy
• B. an Azure Backup Server
• C. a recovery plan
• D. a Recovery Services vault

Answer: D

Explanation:
Scenario: Ensure that all the virtual machines for App1 are protected by backups.
You can back up Azure VMs using a couple of methods:
* Single Azure VM: You can back up an Azure VM directly from the VM settings.
* Multiple Azure VMs: You can set up a Recovery Services vault and configure backup for multiple Azure VMs.
References:
https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm Legacy AZ-300: Implement Workloads and Security Question Set 1

NEW QUESTION 77
You have a resource group named RG1 that contains the following:
A virtual network that contains two subnets named Subnet1 and Subnet2
An Azure Storage account named contososa1
An Azure firewall deployed to Subnet2
You need to ensure that contososa1 is accessible from Subnet1 over the Azure backbone network.
What should you do?

• A. Deploy an Azure firewall to Subnet1.
• B. Implement a virtual network service endpoint.
• C. Create a stored access policy for contososa1.
• D. Remove the Azure firewall.

Answer: B

Explanation:
Section: [none]
Explanation:
Virtual Network (VNet) service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network.
Virtual Network (VNet) service endpoints extend your virtual network private address space and the identity of your VNet to the Azure services, over a direct connection. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Traffic from your VNet to the Azure service always remains on the Microsoft Azure backbone network.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview

NEW QUESTION 78
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription.
You have an on-premises file server named Server1 that runs Windows Server 2019.
You manage Server1 by using Windows Admin Center.
You need to ensure that if Server1 fails, you can recover Server1 files from Azure.
Solution: You register Windows Admin Center in Azure and configure Azure Backup.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Section: [none]
Explanation:
Instead use Azure Storage Sync service and configure Azure File.
Use Azure File Sync to centralize your organization's file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms Windows Server into a quick cache of your Azure file share.
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction

NEW QUESTION 79
No. Access control via ACLs is enabled for a storage account as long as the Hierarchical Namespace (HNS) feature is turned ON.

• A. Note 1: We [Microsoft] are pleased to share the general availability of Azure Active Directory (AD) based access control for Azure Storage Blobs and Queues. Enterprises can now grant specific data access permissions to users and service identities from their Azure AD tenant using Azure's Role-based access control (RBAC).
• B. Note 2: Azure Data Lake Storage Gen2 implements an access control model that supports both Azure role-based access control (Azure RBAC) and POSIX-like access control lists (ACLs).

Answer: A

Explanation:
Topic 2, Litware inc.
Overview. General Overview
Litware, Inc. is a medium-sized finance company. Litware recently acquired a financial services company named Fabrikam, Ltd.
Overview. Physical Locations
Litware has a datacenter in Boston. Fabrikam has a datacenter in San Francisco.
Existing Environment
Identity Environment
The network of Litware contains an Active Directory forest named Litware.com that syncs to an Azure Active Directory (Azure AD) tenant named Litware.com by using Azure AD Connect.
Azure AD Seamless Single Sign-on (Azure AD Seamless SSO) is enabled for the Litware.com tenant.
Users at Litware have a UPN suffix of Litware.com
Litware has an internal certification authority (CA) that is trusted by all devices.
The network of Fabrikam contains an Active Directory forest named fabrikam.com. Users at Fabrikam have a UPN suffix of fabrikam.com.
Existing Environment. Azure Environment
Litware has an Azure subscription named Sub1 that is linked to the Litware.com tenant. Sub1 contains the resources shown in the following table.

Litware has Azure Resource Manager (ARM) templates that deploy Azure Policy definitions and assignments to a management group.
Fabrikam does NOT have an Azure environment.
Existing Environment. On-Premises Environment
The on-premises network of Litware contains the resources shown in the following table.

The on-premises network of Fabrikam contains a domain member server named SERVER1 that runs Windows Server 2019.
Existing Environment. Network Environment
Litware has a site-to-site VPN connection to VNet1.
The Litware and Fabrikam datacenters are not connected.
Requirements. Planned Changes
Litware plans to implement the following changes:
Establish a trust relationship between the Litware and Fabrikam forests.
Migrate data from the on-premises NoSQL datastores to Azure Table storage.
Containerize WebApp1 and deploy the app to an Azure Kubernetes Service (AKS) cluster on VNet1.
Create an Azure blueprint named BP1 and use the blueprint to provision a resource group named RG1.
Requirements. Deployment Requirements
Litware identifies the following deployment requirements:
The existing ARM templates must be used for deployments to Sub1.
WebApp1 must be deployed to the AKS cluster without having to change the source code.
Requirements. Authentication and Authorization Requirements
Litware identifies the following authentication and authorization requirements:
The Fabrikam users must be able to authenticate to the Litware.com tenant by using Azure AD Seamless SSO.
The Fabrikam users and the Litware users must be able to manage the Azure resources in Sub1.
Company policy must prohibit the creation of guest user accounts in the Litware.com tenant.
You must be able to configure deny permissions for RG1 and for the resources in RG1.
WebApp1 running on the AKS cluster must be able to retrieve secrets from KV1.
Requirements. Security Requirements
Litware identifies the following security requirements:
On-premises Litware users must access KVI by using the private IP address of the key vault.
Azure virtual machines must have all their disks encrypted, including the temporary disks.
Azure Storage must encrypt all data by using keys issued by the internal CA of Litware.
Inbound HTTPS traffic to WebApp1 must be inspected for SQL injection attacks.
The principle of least privilege must be used.

NEW QUESTION 80
You discover that VM3 does NOT meet the technical requirements.
You need to verify whether the issue relates to the NSGs.
What should you use?

• A. Diagnose and solve problems in Traffic Manager profiles
• B. the security recommendations in Azure Advisor
• C. Diagnostic settings in Azure Monitor
• D. Diagram in VNet1
• E. IP flow verify in Azure Network Watcher

Answer: E

Explanation:
Section: [none]
Explanation:
Scenario: Contoso must meet technical requirements including:
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
IP flow verify checks if a packet is allowed or denied to or from a virtual machine. The information consists of direction, protocol, local IP, remote IP, local port, and remote port. If the packet is denied by a security group, the name of the rule that denied the packet is returned. While any source or destination IP can be chosen, IP flow verify helps administrators quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview

NEW QUESTION 81
You deploy an Azure virtual machine scale set named VSSI that contains 30 virtual machine instances across three zones in the same Azure region. The instances host an application named App1 that must be accessible by using HTTP and HTTPS traffic. Currently, VSS1 is inaccessible from the internet.
You need to use Azure Load Balancer to provide access to App1 across all the instances from the internet by using a single IP address.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION 82
You need to configure the Device settings to meet the technical requirements and the user requirements.
Which two settings should you modify? To answer, select the appropriate settings in the answer area.

Answer:

Explanation:

NEW QUESTION 83
You need to move the blueprint files to Azure.
What should you do?

• A. Use the Azure Import/Export service.
• B. Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.
• C. Use Azure Storage Explorer to copy the files.
• D. Generate an access key. Map a drive, and then copy the files by using File Explorer.

Answer: C

NEW QUESTION 84
You have an Azure Active Directory (Azure AD) tenant that contains the user groups shown in the following table.

You enable self-service password reset (SSPR) for Group1.
You configure the Notifications settings as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: Yes
Notify all admins when other admins reset their passwords: Yes.
Box 2: No
Notify users on password resets: No.
Box 3: No
* Notify users on password resets
If this option is set to Yes, then users resetting their password receive an email notifying them that their password has been changed. The email is sent via the SSPR portal to their primary and alternate email addresses that are on file in Azure AD. No one else is notified of the reset event.
* Notify all admins when other admins reset their passwords
If this option is set to Yes, then all administrators receive an email to their primary email address on file in Azure AD. The email notifies them that another administrator has changed their password by using SSPR.
Example: There are four administrators in an environment. Administrator A resets their password by using SSPR. Administrators B, C, and D receive an email alerting them of the password reset.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr

NEW QUESTION 85
Your company has a virtualization environment that contains the virtualization hosts shown in the following table.

The virtual machines are configured as shown in the following table.

All the virtual machines use basic disks. VM1 is protected by using BitLocker Drive Encryption (BitLocker).
You plan to migrate the virtual machines to Azure by using Azure Site Recovery.
You need to identify which virtual machines can be migrated.
Which virtual machines should you identify for each server? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION 86
You have an Azure subscription that contains a resource group named RG1.
You have a group named Group1 that is assigned the Contributor role for RG1.
You need to enhance security for the virtual machines in RG1 to meet the following requirements:
* Prevent Group1 from assigning external IP addresses to the virtual machines.
* Ensure that Group1 can establish an RDP connection to the virtual machines through a shared external IP address.
What should you use to meet each requirement? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://blog.nillsf.com/index.php/2019/11/02/using-azure-policy-to-deny-public-ips-on-specific-vnets/
https://azure.microsoft.com/en-us/services/azure-bastion/

NEW QUESTION 87
......

Updated Exam AZ-303 Dumps with New Questions: https://exams4sure.pdftorrent.com/AZ-303-latest-dumps.html