AZ-303 : Microsoft Azure Architect Technologies : Part 01

AZ-303 : Microsoft Azure Architect Technologies : Part 01

1. You have an Azure subscription that contains 10 virtual machines on a virtual network.

   You need to create a graph visualization to display the traffic flow between the virtual machines.

   What should you do from Azure Monitor?

   • From Activity log, use quick insights.
   • From Metrics, create a chart.
   • From Logs, create a new query.
   • From Workbooks, create a workbook.

   Explanation:
   Navigate to Azure Monitor and select Logs to begin querying the data

2. HOTSPOT

   You plan to create an Azure Storage account in the Azure region of East US 2.

   You need to create a storage account that meets the following requirements:

   – Replicates synchronously
   – Remains available if a single data center in the region fails

   How should you configure the storage account? To answer, select the appropriate options in the answer area.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1: Zone-redundant storage (ZRS)
   Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.

   LRS would not remain available if a data center in the region fails
   GRS and RA GRS use asynchronous replication.

   Box 2: StorageV2 (general purpose V2)
   ZRS only support GPv2.

3. HOTSPOT

   You plan to deploy an Azure virtual machine named VM1 by using an Azure Resource Manager template.

   You need to complete the template.

   What should you include in the template? To answer, select the appropriate options in the answer area.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Within your template, the dependsOn element enables you to define one resource as a dependent on one or more resources. Its value can be a comma-separated list of resource names.

   Box 1: ‘Microsoft.Network/networkInterfaces’
   This resource is a virtual machine. It depends on two other resources:

   Microsoft.Storage/storageAccounts
   Microsoft.Network/networkInterfaces

   Box 2: ‘Microsoft.Network/virtualNetworks/’
   The dependsOn element enables you to define one resource as a dependent on one or more resources. The resource depends on two other resources:

   Microsoft.Network/publicIPAddresses
   Microsoft.Network/virtualNetworks

   

4. HOTSPOT

   Your network contains an Active Directory domain named adatum.com and an Azure Active Directory (Azure AD) tenant named adatum.onmicrosoft.com.

   Adatum.com contains the user accounts in the following table.

   

   Adatum.onmicrosoft.com contains the user accounts in the following table.

   

   You need to implement Azure AD Connect. The solution must follow the principle of least privilege.

   Which user accounts should you use in Adatum.com and Adatum.onmicrosoft.com to implement Azure AD Connect? To answer, select the appropriate options in the answer area.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1: User5
   In Express settings, the installation wizard asks for the following:

   AD DS Enterprise Administrator credentials
   Azure AD Global Administrator credentials

   The AD DS Enterprise Admin account is used to configure your on-premises Active Directory. These credentials are only used during the installation and are not used after the installation has completed. The Enterprise Admin, not the Domain Admin should make sure the permissions in Active Directory can be set in all domains.

   Box 2: UserA
   Azure AD Global Admin credentials are only used during the installation and are not used after the installation has completed. It is used to create the Azure AD Connector account used for synchronizing changes to Azure AD. The account also enables sync as a feature in Azure AD.

5. You have an Azure subscription that contains 100 virtual machines.

   You have a set of Pester tests in PowerShell that validate the virtual machine environment.

   You need to run the tests whenever there is an operating system update on the virtual machines. The solution must minimize implementation time and recurring costs.

   Which three resources should you use to implement the tests? Each correct answer presents part of the solution.

   NOTE: Each correct selection is worth one point.

   • Azure Automation runbook
   • an alert rule
   • an Azure Monitor query
   • a virtual machine that has network access to the 100 virtual machines
   • an alert action group
   Explanation:

   AE: You can call Azure Automation runbooks by using action groups or by using classic alerts to automate tasks based on alerts.

   B: Alerts are one of the key features of Azure Monitor. They allow us to alert on actions within an Azure subscription

6. HOTSPOT

   You have an Azure subscription that contains the resource groups shown in the following table.

   

   You create an Azure Resource Manager template named Template1 as shown in the following exhibit.

   

   From the Azure portal, you deploy Template1 four times by using the settings shown in the following table.

   

   What is the result of the deployment? To answer, select the appropriate options in the answer area.

   NOTE: Each correct selection is worth one point.

   

   

7. HOTSPOT

   You have an Azure subscription that contains multiple resource groups.

   You create an availability set as shown in the following exhibit.

   

   You deploy 10 virtual machines to AS1.

   Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1: 6
   Two out of three update domains would be available, each with at least 3 VMs.
   An update domain is a group of VMs and underlying physical hardware that can be rebooted at the same time.

   As you create VMs within an availability set, the Azure platform automatically distributes your VMs across these update domains. This approach ensures that at least one instance of your application always remains running as the Azure platform undergoes periodic maintenance.

   Box 2: the West Europe region and the RG1 resource group

8. You have an Azure subscription that contains an Azure Log Analytics workspace.

   You have a resource group that contains 100 virtual machines. The virtual machines run Linux.

   You need to collect events from the virtual machines to the Log Analytics workspace.

   Which type of data source should you configure in the workspace?

   • Syslog
   • Linux performance counters
   • custom fields
   Explanation:

   Syslog is an event logging protocol that is common to Linux. Applications will send messages that may be stored on the local machine or delivered to a Syslog collector. When the Log Analytics agent for Linux is installed, it configures the local Syslog daemon to forward messages to the agent. The agent then sends the message to Azure Monitor where a corresponding record is created.

9. You have a virtual network named VNet1 as shown in the exhibit. (Click the Exhibit tab.)

   

   No devices are connected to VNet1.

   You plan to peer VNet1 to another virtual network named VNet2. VNet2 has an address space of 10.2.0.0/16.

   You need to create the peering.

   What should you do first?

   • Configure a service endpoint on VNet2.
   • Add a gateway subnet to VNet1.
   • Create a subnet on VNet1 and VNet2.
   • Modify the address space of VNet1.
   Explanation:
   The virtual networks you peer must have non-overlapping IP address spaces. The exhibit indicates that VNet1 has an address space of 10.2.0.0/16, which is the same as VNet2, and thus overlaps. We need to change the address space for VNet1.

10. HOTSPOT

    You have an Azure Resource Manager template for a virtual machine named Template1. Template1 has the following parameters section.

    

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    

11. You have an Azure subscription.

    You have 100 Azure virtual machines.

    You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering.

    Which blade should you use?

    • Metrics
    • Customer insights
    • Monitor
    • Advisor
    Explanation: 
    Advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources. You can get cost recommendations from the Cost tab on the Advisor dashboard.

12. HOTSPOT

    You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

    

    The tenant contains computers that run Windows 10. The computers are configured as shown in the following table.

    

    You enable Enterprise State Roaming in contoso.com for Group1 and GroupA.

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Enterprise State Roaming provides users with a unified experience across their Windows devices and reduces the time needed for configuring a new device.

    Box 1: Yes

    Box 2: No

    Box 3: Yes

13. HOTSPOT

    You have an Azure Resource Manager template named Template1 in the library as shown in the following exhibit.

    

    Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

    NOTE: Each correct selection is worth one point.

    

    

14. HOTSPOT

    Your company hosts multiple websites by using Azure virtual machine scale sets (VMSS) that run Internet Information Server (IIS).

    All network communications must be secured by using end to end Secure Socket Layer (SSL) encryption. User sessions must be routed to the same server by using cookie-based session affinity.

    The image shown depicts the network traffic flow for the websites to the VMSS.

    

    Use the drop-down menus to select the answer choice that answers each question.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: Azure Application Gateway
    You can create an application gateway with URL path-based redirection using Azure PowerShell.

    Box 2: Path-based redirection and Websockets

15. DRAG DROP

    You have an Azure subscription that contains two virtual networks named VNet1 and VNet2. Virtual machines connect to the virtual networks.

    The virtual networks have the address spaces and the subnets configured as shown in the following table.

    

    You need to add the address space of 10.33.0.0/16 to VNet1. The solution must ensure that the hosts on VNet1 and VNet2 can communicate.

    Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

    

    

    Explanation:

    Step 1: Remove peering between Vnet1 and VNet2.
    You can’t add address ranges to, or delete address ranges from a virtual network’s address space once a virtual network is peered with another virtual network. To add or remove address ranges, delete the peering, add or remove the address ranges, then re-create the peering.

    Step 2: Add the 10.44.0.0/16 address space to VNet1.

    Step 3: Recreate peering between VNet1 and VNet2

16. You have an Azure App Service app.

    You need to implement tracing for the app. The tracing information must include the following:

    – Usage trends
    – AJAX call responses
    – Page load speed by browser
    – Server and browser exceptions

    What should you do?

    • Configure IIS logging in Azure Log Analytics.
    • Configure a connection monitor in Azure Network Watcher.
    • Configure custom logs in Azure Log Analytics.
    • Enable the Azure Application Insights site extension.
    Explanation:

    For web pages, Application Insights JavaScript SDK automatically collects AJAX calls as dependencies.

    Note: Some of the things you can track or collect are:

    What are the most popular webpages in your application, at what time of day and where is that traffic coming from?
    Dependency rates or response times and failure rates to find out if there’s an external service that’s causing performance issues on your app, maybe a user is using a portal to get through to your application and there are response time issues going through there for instance.
    Exceptions for both server and browser information, as well as page views and load performance from the end users’ side.

17. HOTSPOT

    You have an Azure subscription named Subscription1. Subscription1 contains the resources in the following table.

    

    VNet1 is in RG1. VNet2 is in RG2. There is no connectivity between VNet1 and VNet2.

    An administrator named Admin1 creates an Azure virtual machine named VM1 in RG1. VM1 uses a disk named Disk1 and connects to VNet1. Admin1 then installs a custom application in VM1.

    You need to move the custom application to VNet2. The solution must minimize administrative effort.

    Which two actions should you perform? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    We cannot just move a virtual machine between networks. What we need to do is identify the disk used by the VM, delete the VM itself while retaining the disk, and recreate the VM in the target virtual network and then attach the original disk to it.

18. You have an Azure subscription that contains the storage accounts shown in the following table.

    

    You enable Storage Advanced Threat Protection (ATP) for all the storage accounts.

    You need to identify which storage accounts will generate Storage ATP alerts.

    Which two storage accounts should you identify? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    • storagecontoso1
    • storagecontoso2
    • storagecontoso3
    • storagecontoso4
    • storagecontoso5
    Explanation:

    Storage Threat Detection is available for the Blob Service.

    

19. HOTSPOT

    Your company has an Azure Container Registry named Registry1.

    You have an Azure virtual machine named Server1 that runs Windows Server 2019.

    From Server1, you create a container image named image1 and then tag image1.

    You need to add image1 to Registry1.

    Which command should you run on Server1? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    An Azure container registry stores and manages private Docker container images, similar to the way Docker Hub stores public Docker images. You can use the Docker command-line interface (Docker CLI) for login, push, pull, and other operations on your container registry.

20. HOTSPOT

    You are developing an Azure Web App. You configure TLS mutual authentication for the web app.

    You need to validate the client certificate in the web app. To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.