IT認証試験問題集
毎月、GOWUKAKUは1500人以上の受験者が試験準備を助けて、試験に合格するために受験者にご協力します
 ホームページ / AZ-303 問題集  / AZ-303 問題練習

Microsoft AZ-303 問題練習

Microsoft Azure Architect Technologies 試験

最新更新時間: 2022/07/31,合計60問。

八月キャンペーン割引特典:AZ-303 最新真題を買う時、日本語版と英語版両方を同時に獲得できます。

実際の問題集を練習し、試験のポイントを了解し、テストに申し込むするかどうかを決めることができます。

さらに試験準備時間の35%を節約するには、AZ-303 問題集を使用してください。

 / 4

Question No : 1
HOTSPOT
You network contains an Active Directory domain that is synced to Azure Active Directory (Azure AD) as shown in the following exhibit.



You have a user account configured as shown in the following exhibit.



For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.



正解:


Explanation:
Box 1: No
Password writeback is disabled.
Note: Having a cloud-based password reset utility is great but most companies still have an on-premises directory where their users exist.
How does Microsoft support keeping traditional on-premises Active Directory (AD) in sync with password changes in the cloud? Password writeback is a feature enabled with Azure AD Connect that allows password changes in the cloud to be written back to an existing on-premises directory in real time.
Box 2: No
Box 3: Yes
Yes, there is an Edit link for Location Info.
References: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback

Question No : 2
You have an Azure key vault named KV1.
You need to implement a process that will digitally sign the blobs stored in Azure Storage.
What is required in KV1 to sign the blobs?

正解:
Explanation:
Use an Azure key vault secret to key of your blob storage account container.
Reference: https://docs.microsoft.com/en-us/azure/key-vault/general/integrate-databricks-blob-storage

Question No : 3
You manage an Active Directory domain named contoso.local.
You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.
You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.
What should you do?

正解:
Explanation:
Filtering what objects are synced to Azure AD is a common request and there are many instances where filtering by OU just doesn't cut it. One option is to filter users by their UPN suffix so that only users with the public FQDN as their UPN suffix are synced to Azure AD (e.g., [email protected] would be synced while [email protected] would not).
Filtering can be configured using either the GUI or PowerShell.
Through GUI:
Using The Synchronization Rules Editor

Question No : 4
You create an Azure virtual machine named VM1 in a resource group named RG1.
You discover that VM1 performs slower than expected.
You need to capture a network trace on VM1.
What should you do?

正解:
Explanation:
omplex issues that require additional traces. Running this scenario for longer periods will increase t
The performance diagnostics tool helps you troubleshoot performance issues that can affect a Windows or Linux virtual machine (VM). Supported troubleshooting scenarios include quick checks on known issues and best practices, and complex problems that involve slow VM performance or high usage of CPU, disk space, or memory.
Advanced performance analysis, included in the performance diagnostics tool, includes all checks in the performance analysis, and collects one or more of the traces, as listed in the following sections. Use this scenario to troubleshoot c he overall size of diagnostics output, depending on the size of the VM and the trace options that are selected.
References: https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/performance-diagnostics

Question No : 5
You have an Azure SQL database named DB1.



You plan to create the following four tables in DB1 by using the following code:

正解:

Question No : 6
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage an Active Directory domain named contoso.local.
You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.
You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.
Solution: You use Synchronization Rules Editor to create a synchronization rule.
Does this meet the goal?

正解:
Explanation:
Filtering what objects are synced to Azure AD is a common request and there are many instances where filtering by OU just doesn't cut it. One option is to filter users by their UPN suffix so that only users with the public FQDN as their UPN suffix are synced to Azure AD (e.g., [email protected] would be synced while [email protected] would not).
Filtering can be configured using either the GUI or PowerShell.
Through GUI:
Using The Synchronization Rules Editor

Question No : 7
You have an Azure subscription that contains the resources shown in the following table.



A certificate named Certificate! is stored in Vault!
You need to grant VM1 and VM2 access to Certificate1 by using the same security principal.
What should you do?

正解:

Question No : 8
HOTSPOT
You have an Azure subscription that contains multiple resource groups.
You create an availability set as shown in the following exhibit.



You deploy 10 virtual machines to AS1.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.



正解:


Explanation:
Box 1: 6
Two out of three update domains would be available, each with at least 3 VMs.
An update domain is a group of VMs and underlying physical hardware that can be rebooted at the same time.
As you create VMs within an availability set, the Azure platform automatically distributes your VMs across these update domains. This approach ensures that at least one instance of your application always remains running as the Azure platform undergoes periodic maintenance.
Box 2: the West Europe region and the RG1 resource group
References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/regions-and-availability

Question No : 9
HOTSPOT
You create and save an Azure Resource Manager template named Template1 that includes the following four sections.



You deploy template1.
For each of the following statement, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.



正解:

Question No : 10
You download an Azure Resource Manager template based on an existing virtual machine.
The template will be used to deploy 100 virtual machines.
You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.
What should you create to store the password?

正解:

Question No : 11
You have resources in three Azure regions. Each region contains two virtual machines. Each virtual machine has a public IP address assigned to its network interface and a locally installed application named App1.
You plan to implement Azure Front Door-based load balancing across all the virtual machines.
You need to ensure that App1 on the virtual machines will only accept traffic routed from Azure Front Door.
What should you implement?

正解:
Explanation:
Configure IP ACLing for your backends to accept traffic from Azure Front Door's backend IP address space and Azure's infrastructure services only. Refer the IP details below for ACLing your backend:
✑ Refer AzureFrontDoor.Backend section in Azure IP Ranges and Service Tags for Front Door's IPv4 backend IP address range or you can also use the service tag AzureFrontDoor.Backend in your network security groups.
Reference: https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq

Question No : 12
You have an Azure subscription named Subscription1.
You create several Azure virtual machines in Subscription1. All of the virtual machines belong to the same virtual network.
You have an on-premises Hyper-V server named Server1. Server1 hosts a virtual machine named VM1.
You plan to replicate VM1 to Azure.
You need to create additional objects in Subscription1 to support the planned deployment.
Which three objects should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

正解:
Explanation:
"There's no need to specify storage accounts to store the backup data. The Recovery Services vault and the Azure Backup service handle that automatically." (Source: https://docs.microsoft.com/en-us/azure/backup/backup-create-rs-vault)

Question No : 13
You have the following Azure Active Directory (Azure AD) tenants
• Contosoonmicrosoft.com Linked to a Microsoft Office 365 tenant and syncs to an Active Directory forest named contoso.com by using password hash synchronization
• Contosoazure onmicrosoft.com Linked to an Azure subscription named Subscription1.
You need to ensure that you can assign the users in contoso.com access to the resources in Subscription1.
What should you do?

正解:
Explanation:
Azure AD Connect allows you to quickly onboard to Azure AD and Office 365.
Note: The most common topology is a single on-premises forest, with one or multiple domains, and a single Azure AD tenant. For Azure AD authentication, password hash synchronization is used. The express installation of Azure AD Connect supports only this topology.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies

Question No : 14
You have an Azure subscription that contains 20 virtual machines. The virtual machines require authenticated access to several Azure resources.
You need to ensure that the virtual machines can authenticate by using Azure Active Directory (Azure AD).
Solution: You configure the Identity settings for each virtual machine.
Does this meet the goal?

正解:

Question No : 15
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server 2019. Server1 is a container host.
You are creating a Dockerfile to build a container image.
You need to add a file named File1.txt from Server1 to a folder named C:\Folder1 in the container image.
Solution: You add the following line to the Dockerfile.
COPY File1.txt C:/Folder1/
You then build the container image.
Does this meet the goal?

正解:
Explanation:
Copy is the correct command to copy a file to the container image but the root directory is specified as '/' and not as 'C:/'.
References:
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy
https://docs.docker.com/engine/reference/builder/

 / 4