Skip Navigation Links
 

Microsoft - AZ-303: Microsoft Azure Architect Technologies

Sample Questions

Question: 256
Measured Skill: Implement and manage data platforms (10-15%)
Note: This questions is based on a case study. The case study is not shown in this demo.

You need to ensure that the NoSQL data is encrypted. The solution must meet the security requirements.

What should you do first?

AUpgrade storage2 to StorageV2 (general purpose v2).
B Create a new general-purpose v2 storage account.
C Create a new Azure Blob storage account.
D Modify the Encryption settings of storage2.

Correct answer: B

Explanation:

The Planned Changes section contains the following.

Migrate data from the on-premises NoSQL datastores to Azure Table storage.

The Security Requirements section contains the following.

Azure Storage must encrypt all data by using keys issued by the internal CA of Litware.

Azure Storage encrypts all data in a storage account at rest. By default, Queue storage and Table storage use a key that is scoped to the service and managed by Microsoft. You can also opt to use customer-managed keys to encrypt queue or table data. To use customer-managed keys with queues and tables, you must first create a storage account that uses an encryption key that is scoped to the account, rather than to the service. After you have created an account that uses the account encryption key for queue and table data, you can configure customer-managed keys for that storage account.

This article describes how to create a storage account that relies on a key that is scoped to the account. When the account is first created, Microsoft uses the account key to encrypt the data in the account, and Microsoft manages the key. You can subsequently configure customer-managed keys for the account to take advantage of those benefits, including the ability to provide your own keys, update the key version, rotate the keys, and revoke access controls.

You must configure a new storage account to use the account encryption key for queues and tables at the time that you create the storage account. The scope of the encryption key cannot be changed after the account is created.

The storage account must be of type general-purpose v2. You can create the storage account and configure it to rely on the account encryption key by using the Azure portal, PowerShell, Azure CLI, or an Azure Resource Manager template.

Reference: Create an account that supports customer-managed keys for tables and queues



Question: 257
Measured Skill: Implement and monitor an Azure infrastructure (50-55%)
Note: This questions is based on a case study. The case study is not shown in this demo.

You need to configure Azure AD Seamless SSO for Fabrikam. The solution must meet the authentication and authorization requirements.

What should you install first?

AThe Azure AD Connect provisioning agent on Server1.
B The Azure AD Connect provisioning agent on DC1.
C Azure AD Connect in staging mode on Server1.
D An Azure AD Connect primary server on Server1.

Correct answer: A

Explanation:

The Authentication and Authorization Requirements section contains the following.

The Fabrikam users must be able to authenticate to the litware.com tenant by using Azure AD Seamless SSO.

The Network Environment section contains the following.

The Litware and Fabrikam datacenters are not connected.

Azure AD Connect cloud sync is new offering from Microsoft designed to meet and accomplish your hybrid identity goals for synchronization of users, groups and contacts to Azure AD. It accomplishes this by using the Azure AD cloud provisioning agent instead of the Azure AD Connect application. However, it can be used alongside Azure AD Connect sync and it provides the following benefits:

  • Support for synchronizing to an Azure AD tenant from a multi-forest disconnected Active Directory forest environment: The common scenarios include merger & acquisition (where the acquired company's AD forests are isolated from the parent company's AD forests), and companies that have historically had multiple AD forests.
  • Simplified installation with light-weight provisioning agents: The agents act as a bridge from AD to Azure AD, with all the sync configuration managed in the cloud.
  • Multiple provisioning agents can be used to simplify high availability deployments, particularly critical for organizations relying upon password hash synchronization from AD to Azure AD.
  • Support for large groups with up to 50K members. It is recommended to use only the OU scoping filter when synchronizing large groups.

With Azure AD Connect cloud sync, provisioning from AD to Azure AD is orchestrated in Microsoft Online Services. An organization only needs to deploy, in their on-premises or IaaS-hosted environment, a light-weight agent that acts as a bridge between Azure AD and AD. The provisioning configuration is stored in Azure AD and managed as part of the service.

Reference: What is Azure AD Connect cloud sync?



Question: 258
Measured Skill: Implement and monitor an Azure infrastructure (50-55%)
Note: This questions is based on a case study. The case study is not shown in this demo.

You need to ensure that the virtual machine disks are encrypted. The solution must meet the security requirements.

Which three actions should you perform in Sub1 in sequence?

(To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)

www.cert2brain.com

ASequence: 4, 1, 3
B Sequence: 4, 1, 5
C Sequence: 2, 1, 3
D Sequence: 2, 1, 5

Correct answer: C

Explanation:

The Security Requirements section contains the following.

Azure virtual machines must have all their disks encrypted, including the temporary disks.

When you enable encryption at host, data stored on the VM host is encrypted at rest and flows encrypted to the Storage service.

Temporary disks and ephemeral OS disks are encrypted at rest with platform-managed keys when you enable end-to-end encryption. The OS and data disk caches are encrypted at rest with either customer-managed or platform-managed keys, depending on what you select as the disk encryption type. For example, if a disk is encrypted with customer-managed keys, then the cache for the disk is encrypted with customer-managed keys, and if a disk is encrypted with platform-managed keys then the cache for the disk is encrypted with platform-managed keys.

You must enable the feature for your subscription before you use the EncryptionAtHost property for your VM/VMSS.  To enable the feature run the following command from the Azure Cloud Shell:

Register-AzProviderFeature -FeatureName "EncryptionAtHost" -ProviderNamespace "Microsoft.Compute"

Reference: Use the Azure portal to enable end-to-end encryption using encryption at host



Question: 259
Measured Skill: Implement management and security solutions (25-30%)

You have an Azure data factory named ADF1.

A pipeline in ADF1 must authenticate to an Azure SQL database to perform scheduled data exports.

You need to recommend an authentication solution for the connection. The solution must minimize the risks associated with stored usernames and passwords.

Which type of authentication should you recommend?

AAzure Active Directory with MFA
B Windows Authentication
C SQL Server authentication
D Managed Service Identity (MSI)

Correct answer: D

Explanation:

Managed identities for Azure resources is a feature of Azure Active Directory. Managed identities eliminate the need for developers to manage credentials. Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. Applications or services may use the managed identity to obtain Azure AD tokens. For example, an application may use a managed identity to access resources like Azure Key Vault where developers can store credentials in a secure manner or to access storage accounts or databases.

Azure SQL Database supports Azure AD authentication.

References:

What are managed identities for Azure resources?

Tutorial: Use a Windows VM system-assigned managed identity to access Azure SQL



Question: 260
Measured Skill: Implement and monitor an Azure infrastructure (50-55%)

You have an on-premises server that runs Windows Server 2019 and hosts a web app named App1.

You have an Azure subscription named Subscription1.

You plan to migrate App1 to Subsciption1 by using Azure Migrate.

To which type of Azure service will App1 be migrated, and what should you provide during the migration?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AAzure service type: Azure Logic App
During the migration, provide: An X.509 certificate
B Azure service type: Azure App Service
During the migration, provide: The device code
C Azure service type: Azure App Service
During the migration, provide: A personal access token (PAT)
D Azure service type: Azure Virtual machine
During the migration, provide: An X.509 certificate
E Azure service type: Azure Virtual machine
During the migration, provide: A personal access token (PAT)
F Azure service type: Azure Container instance
During the migration, provide: The device code

Correct answer: B

Explanation:

Azure Migrate provides a centralized hub to assess and migrate to Azure on-premises servers, infrastructure, applications, and data. It provides the following:

  • Unified migration platform: A single portal to start, run, and track your migration to Azure.
  • Range of tools: A range of tools for assessment and migration. Azure Migrate tools include Azure Migrate: Discovery and assessment and Azure Migrate: Server Migration. Azure Migrate also integrates with other Azure services and tools, and with independent software vendor (ISV) offerings.
  • Assessment and migration: In the Azure Migrate hub, you can assess and migrate:
    • Servers, databases, and web apps: Assess on-premises servers including web apps and SQL Server instances and migrate them to Azure virtual machines or Azure VMware Solution (AVS) (Preview).
    • Databases: Assess on-premises databases and migrate them to Azure SQL Database or to SQL Managed Instance.
    • Web applications: Assess on-premises web applications and migrate them to Azure App Service.
    • Virtual desktops: Assess your on-premises virtual desktop infrastructure (VDI) and migrate it to Windows Virtual Desktop in Azure.
    • Data: Migrate large amounts of data to Azure quickly and cost-effectively using Azure Data Box products.

Using App Service Migration Assistant you can migrate your on-premise app onto Azure App Service. App Service Migration Assistant is designed to simplify your journey to the cloud through a free, simple, and fast solution to migrate applications from on-premises to the cloud.

With Azure App Service Migration Assistant, you can quickly:

  • Scan your app URL to assess whether it's a good candidate for migration
  • Download the Migration Assistant to begin your migration.
  • Use the tool to run readiness checks and general assessment of your app's configuration settings
  • Migrate your app or site to Azure App Service via the tool.

The device code is a special code to associate the assessment on your server to your Azure account.

References:

About Azure Migrate

Migrate to Azure App Service





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2021 by cert2brain.com