Free AZ-303 Exam Braindumps

You have an Azure subscription that contains 10 virtual machines on a virtual network.
You need to create a graph visualization to display the traffic flow between the virtual machines. What should you do from Azure Monitor?

  1. From Activity log, use quick insights.
  2. From Metrics, create a chart.
  3. From Logs, create a new query.
  4. From Workbooks, create a workbook.

Answer(s): C

Explanation:

Navigate to Azure Monitor and select Logs to begin querying the data


Reference:

https://azure.microsoft.com/en-us/blog/analysis-of-network-connection-data-with-azure-monitor-for-virtual-machines/



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Cosmos DB database that contains a container named Container1. The partition key for Container1 is set to /day. Container1 contains the items shown in the following table.


You need to programmatically query Azure Cosmos DB and retrieve Item1 and Item2 only. Solution: You run the following query.

SELECT day FROM c
WHERE c.value = "10" OR c.value = "15"

You set the EnableCrossPartitionQuery property to True. Does this meet the goal?

  1. Yes
  2. No

Answer(s): B

Explanation:

Returns Item1, Item2, Item3, and Item4.


Reference:

https://docs.microsoft.com/en-us/azure/cosmos-db/sql-query-where



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Cosmos DB database that contains a container named Container1. The partition key for Container1 is set to /day. Container1 contains the items shown in the following table.


You need to programmatically query Azure Cosmos DB and retrieve Item1 and Item2 only.
Solution: You run the following query.


You set the EnableCrossPartitionQuery property to True. Does this meet the goal?

  1. Yes
  2. No

Answer(s): A

Explanation:

Returns Item1 and Item2 only.


Reference:

https://docs.microsoft.com/en-us/azure/cosmos-db/sql-query-where
https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.documents.client.feedoptions.enablecrosspartitionquery?view=azure-dotnet



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You manage an Active Directory domain named contoso.local.
You install Azure AD Connect and connect to an Azure Active Directory (Azure AD) tenant named contoso.com without syncing any accounts.

You need to ensure that only users who have a UPN suffix of contoso.com in the contoso.local domain sync to Azure AD.

Solution: You use the Synchronization Service Manager to modify the Metaverse Designer tab. Does this meet the goal?

  1. Yes
  2. No

Answer(s): B

Explanation:

Instead use Synchronization Rules Editor to create a synchronization rule.

Note: Filtering what objects are synced to Azure AD is a common request and there are many instances where filtering by OU just doesn't cut it. One option is to filter users by their UPN suffix so that only users with the public FQDN as their UPN suffix are synced to Azure AD (e.g., john.doe@acme.com would be synced while jane.doe@internal.acme.com would not).
Filtering can be configured using either the GUI (Synchronization Rules Editor) or PowerShell.


Reference:

https://www.sidekicktech.com/blog/field-notes/2019/upn-suffix-filtering-ad-connect/



You have an Azure subscription that contains a resource group named RG1. You have a group named Group1 that is assigned the Contributor role for RG1.
You need to enhance security for the virtual machines in RG1 to meet the following requirements:

Prevent Group1 from assigning external IP addresses to the virtual machines.
Ensure that Group1 can establish an RDP connection to the virtual machines through a shared external IP address.

What should you use to meet each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.
Hot Area:

  1. Please refer to Explanation below for the answer.

Answer(s): A

Explanation:



Box 1: Azure Policy
There is a built-in policy in the Azure Policy service that allows you to block public IPs on all NICs of a VM.

Note: Azure Policy is a powerful tool in your Azure toolbox. It allows you to enforce specific governance principals you want to see implemented in your environment. Some key examples of what Azure Policy allows you to do is:

Automatically tag resources
Block VMs from having a public IP Enforce specific regions
Enforce VM size

Box 2: Azure Bastion
Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP and SSH access to your virtual machines directly through the Azure Portal.
Azure Bastion is provisioned directly in your Virtual Network (VNet) and supports all VMs in your Virtual Network (VNet) using SSL without any exposure through public IP addresses.

Incorrect Answers:
Virtual Network (VNet) service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Service Endpoints enables private IP addresses in the VNet to reach the endpoint of an Azure service without needing a public IP address on the VNet.


Reference:

https://blog.nillsf.com/index.php/2019/11/02/using-azure-policy-to-deny-public-ips-on-specific-vnets/
https://azure.microsoft.com/en-us/services/azure-bastion/