AZ-303 Microsoft Azure Architect Technologies exam is a hot Microsoft certification exam, Exam4Training offers you the latest free online AZ-303 dumps to practice. You can get online training in the following questions, all these questions are verified by Microsoft experts. If this exam changed, we will share new update questions.
HOTSPOT
You need to recommend a solution to provide KV1 with access to the on-premises network of Litware. The solution must meet the security requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer: 
Explanation:
Graphical user interface, text, application
Description automatically generated
You are planning the move of App1 to Azure.
You create a network security group (NSG).
You need to recommend a solution to provide users with access to App1.
What should you recommend?
A . Create an outgoing security rule for port 443 from the Internet. Associate the NSG to all the subnets.
B . Create an incoming security rule for port 443 from the Internet. Associate the NSG to all the subnets.
C . Create an incoming security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
D . Create an outgoing security rule for port 443 from the Internet. Associate the NSG to the subnet that contains the web servers.
Answer: C
Explanation:
As App1 is public-facing we need an incoming security rule, related to the access of the web servers.
Scenario: You have a public-facing application named App1. App1 is comprised of the following three tiers: a SQL database, a web front end, and a processing middle tier. Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that contains the user groups shown in the following table.
You enable self-service password reset (SSPR) for Group1.
You configure the Notifications settings as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Answer: 
Explanation:
Box 1: Yes
Notify all admins when other admins reset their passwords: Yes.
Box 2: No
Notify users on password resets: No.
Box 3: No
✑ Notify users on password resets
If this option is set to Yes, then users resetting their password receive an email notifying them that their password has been changed. The email is sent via the SSPR portal to their primary and alternate email addresses that are on file in Azure AD. No one else is notified of the reset event.
✑ Notify all admins when other admins reset their passwords
If this option is set to Yes, then all administrators receive an email to their primary email address on file in Azure AD. The email notifies them that another administrator has changed their password by using SSPR.
Example: There are four administrators in an environment. Administrator A resets their password by using SSPR. Administrators B, C, and D receive an email alerting them of the password reset.
You have an Azure subscription named Subscription1.
You create several Azure virtual machines in Subscription1. All of the virtual machines belong to the same virtual network.
You have an on-premises Hyper-V server named Server1. Server1 hosts a virtual machine named VM1.
You plan to replicate VM1 to Azure.
You need to create additional objects in Subscription1 to support the planned deployment.
Which three objects should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A . Hyper-V site
B . Azure Recovery Services Vault
C . storage account
D . replication policy
E . Azure Traffic Manager instance
F . endpoint
Answer: A,B,D
Explanation:
"There’s no need to specify storage accounts to store the backup data. The Recovery Services vault and the Azure Backup service handle that automatically." (Source: https://docs.microsoft.com/en-us/azure/backup/backup-create-rs-vault)
HOTSPOT
You plan to migrate WebApp1 to Azure.
You need to implement the AKS cluster that will host WebApp1. The solution must meet the deployment requirements.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer: 
Explanation:
Graphical user interface, text, application
Description automatically generated
You need to ensure that the NoSQL data is encrypted. The solution must meet the security requirements.
What should you do first?
A . Upgrade storage2 to StorageV2 (general purpose v2).
B . Create a new general-purpose v2 storage account.
C . Create a new Azure Blob storage account.
D . Modify the Encryption settings of storage2.
Answer: B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/storage/common/account-encryption-key-create?toc=%2Fazure%2Fstorage%2Ftables%2Ftoc.json&tabs=portal
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage an Active Directory domain named contoso.local.
You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.
You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.
Solution: You use Synchronization Rules Editor to create a synchronization rule.
Does this meet the goal?
A . Yes
B . No
Answer: A
Explanation:
Filtering what objects are synced to Azure AD is a common request and there are many instances where filtering by OU just doesn’t cut it. One option is to filter users by their UPN suffix so that only users with the public FQDN as their UPN suffix are synced to Azure AD (e.g., [email protected] would be synced while [email protected] would not).
Filtering can be configured using either the GUI or PowerShell.
Through GUI:
Using The Synchronization Rules Editor
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1.
You need to enable multi-factor authentication (MFA) for the users in Group1 only.
Solution: From the Azure portal, you configure an authentication method policy.
Does this meet the goal?
A . Yes
B . No
Answer: B
Explanation:
We should use a Conditional Access policy.
Note: There are two ways to secure user sign-in events by requiring multi-factor authentication in Azure AD. The first, and preferred, option is to set up a Conditional Access policy that requires multi-factor authentication under certain conditions. The second option is to enable each user for Azure Multi-Factor Authentication. When users are enabled individually, they perform multi-factor authentication each time they sign in (with some exceptions, such as when they sign in from trusted IP addresses or when the remembered devices feature is turned on).
Enabling Azure Multi-Factor Authentication using Conditional Access policies is the recommended approach. Changing user states is no longer recommended unless your licenses don’t include Conditional Access as it requires users to perform MFA every time they sign in.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates
You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image. You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A . Create a new virtual machine scale set in the Azure portal.
B . Create an automation account.
C . Upload a configuration script.
D . Modify the extensionProfile section of the Azure Resource Manager template.
E . Create an Azure policy.
Answer: A,D
Explanation:
References: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/tutorial-install-apps-
template
Topic 3, Misc. Questions
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an app named App1 that uses data from two on-premises Microsoft SQL Server databases named DB1 and DB2.
You plan to move DB1 and DB2 to Azure.
You need to implement Azure services to host DB1 and DB2. The solution must support server-side transactions across DB1 and DB2.
Solution: You deploy DB1 and DB2 as Azure SQL databases on the same Azure SQL Database server.
Does this meet the goal?
A . Yes
B . No
Answer: B
Explanation:
Instead deploy DB1 and DB2 to SQL Server on an Azure virtual machine.
Note: Understanding distributed transactions.
When both the database management system and client are under the same ownership (e.g. when SQL Server is deployed to a virtual machine), transactions are available and the lock duration can be controlled.
Reference: https://docs.particular.net/nservicebus/azure/understanding-transactionality-in-azure