Hello Readers, here are sample questions to help you crack the AZ-303 Microsoft Azure Architect Technologies certification exam. In this article, you can answer 10 multiple choice questions, verify the correct answer at the end and grab your certificate quickly.
Here goes the Quiz:
- You are designing an Azure solution. The solution must meet the following requirements:
Distribute traffic to different pools of dedicated virtual machines (VMs) based on rules.
Provide SSL offloading capabilities.
Now, you need to recommend a solution to distribute network traffic. Which technology would you recommend? Select one:
a. Azure Traffic Manager
b. Server-level firewall rules
c. Azure Application Gateway
d. Azure Load Balancer
- You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines. You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text. What would you create to store the password? Select one:
a. Azure Active Directory (AD) Identity Protection and an Azure policy.
b. A Recovery Services vault and a backup policy.
c. An Azure Storage account and an access policy.
d. An Azure Key Vault and an access policy
- You have a web app named WebApp1 that uses an Azure App Service plan named Plan1. Plan1 uses the D1 pricing tier and has an instance count of 1. You need to ensure that all connections to WebApp1 use HTTPS. What would you do first? Select one:
a. Scale-up Plan1.
b. Disable anonymous access to WebApp1.
c. Modify the connection strings for WebApp1.
d. Scale-out Plan1.
- You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts. You purchase 10 Azure AD Premium P2 licenses for the tenant. You need to ensure that 10 users can use all the Azure AD Premium features. What would you do? Select one:
a. From the Azure AD domain, add an enterprise application
b. From the Groups blade of each user, invite the users to a group.
c. From the Licenses blade of Azure AD, assign a license.d. From the Directory role blade of each user, modify the directory role
- You have two Azure SQL Database-managed instances in different Azure regions. You plan to configure the managed instances in an instance failover group. What should you configure before you can add the managed instances to the instance failover group? Select one:
a. an Azure Application Gateway that has managed instance endpoints in a backend pool
b. an internal Azure Load Balancer instance that has managed instance endpoints in a backend pool
c. Azure Private Link that has endpoints on two virtual networks
d. a Site-to-Site VPN between the virtual networks that contain the instances
- Your company has an Azure subscription. You need to enable multi-factor authentication (MFA) for all users. The company’s help desk reports an increase in calls from users who receive MFA requests while they work from the company’s main office. You need to prevent the users from receiving MFA requests when they sign in from the main office.
What should you do? Select one:
a. From Conditional access in Azure Active Directory (Azure AD), create a custom control.
b. From Conditional access in Azure Active Directory (Azure AD), create a named location.
c. From the MFA service settings create a trusted IP range.
d. From Azure Active Directory (Azure AD), configure organizational relationships.
- You have an Azure subscription named Subscription1. Subscription1 contains the resource groups in the following table.RG1 has a web app named WebApp1. WebApp1 is located in West Europe.
You move WebApp1 to RG2. What would be the effect of the move? Select one:
a. The App Service plan for WebApp1 moves to North Europe. Policy2 applies to WebApp1
b. The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1
c. The App Service plan for WebApp1 moves to North Europe. Policy1 applies to WebApp1.
d. The App Service plan for WebApp1 remains in West Europe. Policy1 applies to WebApp1
- You are implementing authentication for applications in your company. You plan to implement self-service password reset (SSPR) and multifactor authentication. (MFA) in Azure Active Directory (Azure AD). You need to select authentication mechanisms that can be used for both MFA and SSPR. Which two authentication methods should you use? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point
a. Authentication app
b. Email addresses
c. Security questions
d. Short Message Service (SMS) messages
- You plan to use the Azure Import/Export service to copy files to a storage account. Which two files should you create before you prepare the drives for the import job? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
a. a driveset CSV file
b. a dataset CSV file
c. an XML manifest file
d. a JSON configuration file
e. a PowerShell PS1 file
- You have resources in three Azure regions. Each region contains two virtual machines. Each virtual machine has a public IP address assigned to its network interface and a locally installed application named App1. You plan to implement Azure Front Door-based load balancing across all the virtual machines. You need to ensure that App1 on the virtual machines will only accept traffic routed from Azure Front Door.What should you implement? Select one:
a. Service endpoints
b. Azure Private Link
c. Network security groups (NSGs) with application security groups
d. Network security groups (NSGs) with service tags
Explanation: If you require “SSL offloading”, application layer treatment, or wish to delegate certificate management to Azure, you should use Azure’s layer 7 load balancer. Application Gateway instead of the Load Balancer.
Explanation: The D1 (Shared) pricing tier does not support HTTPS.
Explanation: For two managed instances to participate in a failover group, there must be either ExpressRoute or a gateway configured between the virtual networks of the two managed instances to allow network communication.You create the two VPN gateways and connect them.
a. Create the gateway for the virtual network of your primary managed instance using the Azure portal.
b. Create the gateway for the virtual network of your secondary managed instance using the Azure portal.
c. Create a bidirectional connection between the two gateways of the two virtual networks.Reference: https://docs.microsoft.com/en-us/azure/azure-sql/managed-instance/failover-group-add-instance-tutorial?tabs=azure-portal#4—create-a-primary-gateway
Explanation: The first thing you may want to do, before enabling Multi-Factor Authentication for any users, is to consider configuring some of the available settings. One of the most important features is a trusted IPs list. This will allow you to whitelist a range of IPs for your network. This way, when users are in the office, they will not get prompted with MFA, and when they take their devices elsewhere, they will. Here’s how to do it:Log in to your Azure Portal.
Navigate to Azure AD > Conditional Access > Named locations.
From the top toolbar select, Configure MFA trusted IPs.
Explanation: You can move an app to another App Service plan, as long as the source plan and the target plan are in the same resource group and geographical region.The region in which your app runs is the region of the App Service plan it is in. However, you cannot change an App Service plan’s region.
- a & e
Explanation: The following authentication mechanisms can be used for both MFA and SSPR:Short Message Service (SMS) messagesAzure AD passwordsMicrosoft Authenticator appVoice call.
The following authentication mechanisms can be used for both MFA and SSPR:
Short Message Service (SMS) messagesAzure AD passwordsMicrosoft Authenticator appVoice call.
- a & b
Explanation: Modify the driveset.csv file in the root folder where the tool resides.
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-import-export-data-to-filesModify the dataset.csv file in the root folder where the tool resides. Depending on whether you want to import a file or folder or both, add entries in the dataset.csv file.
Explanation: Configure IP ACLing for your backends to accept traffic from Azure Front Door’s backend IP address space and Azure’s infrastructure services only. Refer to the IP details below for ACLing your backend:Refer AzureFrontDoor.Backend section in Azure IP Ranges and Service Tags for Front Door’s IPv4 backend IP address range or you can also use the service tag AzureFrontDoor.Backend in your network security groups.
This brings us to the end of the correct answers section. For more such practice sessions and hands-on labs, check out the TestPrep material.
Disclaimer: These questions are NOT appearing in the certification exam. I personally or CloudThat do not have any official tie-up with Microsoft regarding the certification or the kind of questions asked. These are my best guesses for the kind of questions to expect with Microsoft in general and with the examination.
Feel free to drop any questions in the comment box, I would love to address them. I hope you enjoyed the article. Best of luck!