AZ-303 : Microsoft Azure Architect Technologies : Part 03

AZ-303 : Microsoft Azure Architect Technologies : Part 03

1. HOTSPOT

   You create a virtual machine scale set named Scale1. Scale1 is configured as shown in the following exhibit.

   

   Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1:
   The Autoscale scale out rule increases the number of VMs by 2 if the CPU threshold is 80% or higher. The initial instance count is 4 and rises to 6 when the 2 extra instances of VMs are added.

   Box 2:
   The Autoscale scale in rule decreases the number of VMs by 4 if the CPU threshold is 30% or lower. The initial instance count is 4 and thus cannot be reduced to 0 as the minimum instances is set to 2. Instances are only added when the CPU threshold reaches 80%.

2. You plan to automate the deployment of a virtual machine scale set that uses the Windows Server 2016 Datacenter image.

   You need to ensure that when the scale set virtual machines are provisioned, they have web server components installed.

   Which two actions should you perform? Each correct answer presents part of the solution.

   NOTE: Each correct selection is worth one point.

   • Upload a configuration script.
   • Create an Azure policy.
   • Modify the extensionProfile section of the Azure Resource Manager template.
   • Create a new virtual machine scale set in the Azure portal.
   • Create an automation account.

3. HOTSPOT

   You have several Azure virtual machines on a virtual network named VNet1. Vnet1 has two subnets that have 10.2.0.0/24 and 10.2.9.0/24 address spaces.

   You configure an Azure Storage account as shown in the following exhibit.

   

   Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1: always
   Endpoint status is enabled.

   Box 2: Never
   After you configure firewall and virtual network settings for your storage account, select Allow trusted Microsoft services to access this storage account as an exception to enable Azure Backup service to access the network restricted storage account.

   

4. HOTSPOT

   You create and save an Azure Resource Manager template named Template1 that includes the following four sections.

   Section1.

   

   Section2.

   

   Section3.

   

   Section4.

   

   You deploy Template1.

   For each of the following statements, select Yes if the statement is true. Otherwise, select No.

   NOTE: Each correct selection is worth one point.

   

   

5. DRAG DROP

   You have virtual machines (VMs) that run a mission-critical application.

   You need to ensure that the VMs never experience down time.

   What should you recommend? To answer, drag the appropriate solutions to the correct scenarios. Each solution may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

   NOTE: Each correct selection is worth one point

   

   

   Explanation:

   Box 1: Scale set
   A virtual machine scale set allows you to deploy and manage a set of identical, autoscaling virtual machines.

   Box 2: Availability Set
   An Availability Set is a logical grouping capability for isolating VM resources from each other when they’re deployed. Azure makes sure that the VMs you place within an Availability Set run across multiple physical servers, compute racks, storage units, and network switches. If a hardware or software failure happens, only a subset of your VMs are impacted and your overall solution stays operational. Availability Sets are essential for building reliable cloud solutions.

   Box 3: Fault domain
   A fault domain is a logical group of underlying hardware that share a common power source and network switch, similar to a rack within an on-premises datacenter. As you create VMs within an availability set, the Azure platform automatically distributes your VMs across these fault domains. This approach limits the impact of potential physical hardware failures, network outages, or power interruptions.

   Incorrect Answers:
   An update domain is a group of VMs and underlying physical hardware that can be rebooted at the same time.

6. You have an Azure subscription.

   You have an on-premises virtual machine named VM1. The settings for VM1 are shown in the exhibit. (Click the Exhibit tab.)

   

   You need to ensure that you can use the disks attached to VM1 as a template for Azure virtual machines.

   What should you modify on VM1?

   • the memory
   • Integration Services
   • the hard drive
   • the network adapters
   • the processor
   Explanation:

   From the exhibit we see that the disk is in the VHDX format.

   Before you upload a Windows virtual machines (VM) from on-premises to Microsoft Azure, you must prepare the virtual hard disk (VHD or VHDX). Azure supports only generation 1 VMs that are in the VHD file format and have a fixed sized disk. The maximum size allowed for the VHD is 1,023 GB. You can convert a generation 1 VM from the VHDX file system to VHD and from a dynamically expanding disk to fixed-sized.

7. Your company has an office in Seattle.

   You have an Azure subscription that contains a virtual network named VNET1.

   You create a site-to-site VPN between the Seattle office and VNET1.

   VNET1 contains the subnets shown in the following table.

   

   You need to route all Internet-bound traffic from Subnet1 to the Seattle office.

   What should you create?

   • a route for GatewaySubnet that uses the virtual network gateway as the next hop
   • a route for Subnet1 that uses the local network gateway as the next hop
   • a route for Subnet1 that uses the virtual network gateway as the next hop
   • a route for GatewaySubnet that uses the local network gateway as the next hop
   Explanation:
   A route with the 0.0.0.0/0 address prefix instructs Azure how to route traffic destined for an IP address that is not within the address prefix of any other route in a subnet’s route table. When a subnet is created, Azure creates a default route to the 0.0.0.0/0 address prefix, with the Internet next hop type. We need to create a custom route in Azure to use a virtual network gateway in the Seattle office as the next hop.

8. HOTSPOT

   You have Azure Storage accounts as shown in the following exhibit.

   

   Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1: storageaccount1 and storageaccount2 only

   Box 2: All the storage accounts

   Note: The three different storage account options are: General-purpose v2 (GPv2) accounts, – General-purpose v1 (GPv1) accounts, and Blob storage accounts.
   – General-purpose v2 (GPv2) accounts are storage accounts that support all of the latest features for blobs, files, queues, and tables.
   – Blob storage accounts support all the same block blob features as GPv2, but are limited to supporting only block blobs.
   – General-purpose v1 (GPv1) accounts provide access to all Azure Storage services, but may not have the latest features or the lowest per gigabyte pricing.

9. You create an Azure virtual machine named VM1 in a resource group named RG1.

   You discover that VM1 performs slower than expected.

   You need to capture a network trace on VM1.

   What should you do?

   • From the VM1 blade, configure Connection troubleshoot.
   • From Diagnostic settings for VM1, configure the performance counters to include network counters.
   • From the VM1 blade, install performance diagnostics and run advanced performance analysis.
   • From Diagnostic settings for VM1, configure the log level of the diagnostic agent.
   Explanation:

   The performance diagnostics tool helps you troubleshoot performance issues that can affect a Windows or Linux virtual machine (VM). Supported troubleshooting scenarios include quick checks on known issues and best practices, and complex problems that involve slow VM performance or high usage of CPU, disk space, or memory.

   Advanced performance analysis, included in the performance diagnostics tool, includes all checks in the performance analysis, and collects one or more of the traces, as listed in the following sections. Use this scenario to troubleshoot complex issues that require additional traces. Running this scenario for longer periods will increase the overall size of diagnostics output, depending on the size of the VM and the trace options that are selected.

10. You have an Azure subscription named Subscription1 that contains an Azure virtual network named VNet1. VNet1 connects to your on-premises network by using Azure ExpressRoute.

    You need to connect VNet1 to the on-premises network by using a site-to-site VPN. The solution must minimize cost.

    Which three actions should you perform? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    • Create a gateway subnet.
    • Create a VPN gateway that uses the VpnGw1 SKU.
    • Create a connection.
    • Create a local site VPN gateway.
    • Create a VPN gateway that uses the Basic SKU.

11. Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.

    

    You plan to install Azure AD Connect and enable SSO.

    You need to specify which user to use to enable SSO. The solution must use the principle of least privilege.

    Which user should you specify?

    • User3
    • User2
    • User1
    • User4
    Explanation:

    You need to have domain administrator credentials for each Active Directory forest that:
    You synchronize to Azure AD through Azure AD Connect.
    Contains users you want to enable for Seamless SSO.

    Note: The domain administrator credentials are not stored in Azure AD Connect or in Azure AD. They’re used only to enable Seamless SSO through Azure AD Connect.

12. HOTSPOT

    You have an Azure subscription that contains the resource groups shown in the following table.

    

    RG1 contains the virtual machines shown in the following table.

    

    RG2 contains the virtual machines shown in the following table.

    

    All the virtual machines are configured to use premium disks and are accessible from the Internet.

    VM1 and VM2 are in an availability set named AVSET1. VM3 and VM4 are in the same availability zone. VM5 and VM6 are in different availability zones.

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: Yes
    VM1 and VM2 are in an available set named AVSET1.
    For all Virtual Machines that have two or more instances deployed in the same Availability Set, we [Microsoft] guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.95% of the time.

    Box 2: No
    VM3 and VM4 are in the same availability zone and are in an availability set named AVSET2.

    Box 3: Yes
    VM5 and VM6 are in different availability zones.

    For all Virtual Machines that have two or more instances deployed across two or more Availability Zones in the same Azure region, we [Microsoft] guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.99% of the time.

13. A company plans to use third-party application software to perform complex data analysis processes. The software will use up to 500 identical virtual machines (VMs) based on an Azure Marketplace VM image.

    You need to design the infrastructure for the third-party application server. The solution must meet the following requirements:

    – The number of VMs that are running at any given point in time must change when the user workload changes.
    – When a new version of the application is available in Azure Marketplace it must be deployed without causing application downtime.
    – Use VM scale sets.
    – Minimize the need for ongoing maintenance.

    Which two technologies should you recommend? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    • single placement group
    • single storage account
    • managed disks
    • autoscale

14. You have a resource group named RG1 that contains the following:

    – A virtual network that contains two subnets named – Subnet1 and AzureFirewallSubnet
    – An Azure Storage account named contososa1
    – An Azure firewall deployed to AzureFirewallSubnet

    You need to ensure that contososa1 is accessible from Subnet1 over the Azure backbone network.

    What should you do?

    • Modify the Firewalls and virtual networks settings for contososa1.
    • Create a stored access policy for contososa1.
    • Implement a virtual network service endpoint.
    • Remove the Azure firewall.
    Explanation:

    Storage firewall rules apply to the public endpoint of a storage account. You don’t need any firewall access rules to allow traffic for private endpoints of a storage account. The process of approving the creation of a private endpoint grants implicit access to traffic from the subnet that hosts the private endpoint.

    Note: Storage accounts have a public endpoint that is accessible through the internet. ou can also create Private Endpoints for your storage account, which assigns a private IP address from your VNet to the storage account, and secures all traffic between your VNet and the storage account over a private link. The Azure storage firewall provides access control access for the public endpoint of your storage account. You can also use the firewall to block all access through the public endpoint when using private endpoints. Your storage firewall configuration also enables select trusted Azure platform services to access the storage account securely.

15. You have an Azure subscription that contains 100 virtual machines.

    You have a set of PowerShell scripts that validate the virtual machine environment.

    You need to run the scripts whenever there is an operating system update on the virtual machines. The solution must minimize implementation time and recurring costs.

    Which three resources should you use to implement the scripts? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    • an alert action group
    • an Azure Monitor query
    • an Azure Automation runbook
    • a virtual machine that has network access to the 100 virtual machines
    • an alert rule
    Explanation:

    E: Step 1: Create alert
    In your Automation account, select Alerts under Monitoring, and then select New alert rule.

    A: Step 2: Configure action groups for your alerts
    Once you have your alerts configured, you can set up an action group, which is a group of actions to use across multiple alerts. The actions can include email notifications, runbooks, webhooks, and much more.

    C: Use an Azure Automation runbook to run the powershell scripts.

    Note: The Azure Automation Process Automation feature supports several types of runbooks, such as the PowerShell runbook, which is a text runbook based on Windows PowerShell.scripting.

16. You have an Active Directory forest named contoso.com.

    You install and configure Azure AD Connect to use password hash synchronization as the single sign-on (SSO) method. Staging mode is enabled.

    You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs.

    You need to ensure that the synchronization completes successfully.

    What should you do?

    • Run Azure AD Connect and disable staging mode.
    • From Synchronization Service Manager, run a full import.
    • Run Azure AD Connect and set the SSO method to Pass-through Authentication.
    • From Azure PowerShell, run Start-AdSyncSyncCycle –PolicyType Initial.
    Explanation:
    In staging mode, the server is active for import and synchronization, but it does not run any exports. A server in staging mode is not running password sync or password writeback, even if you selected these features during installation. When you disable staging mode, the server starts exporting, enables password sync, and enables password writeback.

17. Your on-premises network contains 100 virtual machines that run Windows Server 2019.

    You have an Azure subscription that contains an Azure Log Analytics workspace named Workspace1.

    You need to collect errors from the Windows event logs on the virtual machines.

    Which two actions should you perform? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    • Create an Azure Event Grid domain.
    • Deploy the Microsoft Monitoring Agent.
    • Configure Windows Event Forwarding on the virtual machines.
    • Create an Azure Sentinel workspace.
    • Modify Agent configuration settings in Workspace1.
    Explanation:

    The Azure Log Analytics agent collects telemetry from Windows and Linux virtual machines in any cloud, on-premises machines, and those monitored by System Center Operations Manager and sends it collected data to your Log Analytics workspace in Azure Monitor.

    Note: You may also see the Log Analytics agent referred to as the Microsoft Monitoring Agent (MMA) or OMS Linux agent.

    Data is collected using the Log Analytics agent, which reads various security-related configurations and event logs from the machine and copies the data to your workspace for analysis.

18. You have an Azure subscription named Subscription1.

    You deploy a Linux virtual machine named VM1 to Subscription1.

    You need to monitor the metrics and the logs of VM1.

    What should you use?

    • Azure HDInsight
    • Azure Analysis Services
    • Linux Diagnostic Extension (LAD)
    • the AzurePerformanceDiagnostics extension
    Explanation:
    You can use extensions to configure diagnostics on your VMs to collect additional metric data.
    The basic host metrics are available, but to see more granular and VM-specific metrics, you need to install the Azure diagnostics extension on the VM. The Azure diagnostics extension allows additional monitoring and diagnostics data to be retrieved from the VM.

19. HOTSPOT

    You plan to deploy five virtual machines to a virtual network subnet.

    Each virtual machine will have a public IP address and a private IP address.

    Each virtual machine requires the same inbound and outbound security rules.

    What is the minimum number of network interfaces and network security groups that you require? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: 5
    We have five virtual machines. Each virtual machine will have a public IP address and a private IP address. Each will require a network interface.

    Box 2: 1
    Each virtual machine requires the same inbound and outbound security rules. We can add tem to one group.

20. You have an Azure subscription named Subscription1 that includes an Azure File share named share1.

    You create several Azure virtual machines in Subscription1. All of the virtual machines belong to the same virtual network.

    You have an on-premises Hyper-V server named Server1. Server1 hosts a virtual machine named VM1.

    You plan to replicate VM1 to Azure.

    You need to create additional objects in Subscription1 to support the planned deployment.

    Which three objects should you create? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    • Hyper-V site
    • Azure Recovery Services Vault
    • storage account
    • replication policy
    • Azure Traffic Manager instance
    • endpoint