At ValidExamDumps, we consistently monitor updates to the Microsoft AZ-303 exam questions by Microsoft. Whenever our team identifies changes in the exam questions,exam objectives, exam focus areas or in exam requirements, We immediately update our exam questions for both PDF and online practice exams. This commitment ensures our customers always have access to the most current and accurate questions. By preparing with these actual questions, our customers can successfully pass the Microsoft Azure Architect Technologies Exam exam on their first attempt without needing additional materials or study guides.
Other certification materials providers often include outdated or removed questions by Microsoft in their Microsoft AZ-303 exam. These outdated questions lead to customers failing their Microsoft Azure Architect Technologies Exam exam. In contrast, we ensure our questions bank includes only precise and up-to-date questions, guaranteeing their presence in your actual exam. Our main priority is your success in the Microsoft AZ-303 exam, not profiting from selling obsolete exam questions in PDF or Online Practice Test.
You have an Azure SQL database named Db1 that runs on an Azure SQL server named SQLserver1.
You need to ensure that you can use the query editor on the Azure portal to query Db1.
What should you do?
You create the following Azure role definition.
You need to create Role1 by using the role definition.
Which two values should you modify before you create Role1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Part of example:
'IsCustom': true,
'AssignableScopes': [
'/subscriptions/{subscriptionId1}',
'/subscriptions/{subscriptionId2}',
'/subscriptions/{subscriptionId3}'
The following shows what a custom role looks like as displayed in JSON format. This custom role can be used for monitoring and restarting virtual machines.
{
'Name': 'Virtual Machine Operator',
'Id': '88888888-8888-8888-8888-888888888888',
'IsCustom': true,
'Description': 'Can monitor and restart virtual machines.',
'Actions': [
'Microsoft.Storage/*/read',
'Microsoft.Network/*/read',
'Microsoft.Compute/*/read',
'Microsoft.Compute/virtualMachines/start/action',
'Microsoft.Compute/virtualMachines/restart/action',
'Microsoft.Authorization/*/read',
'Microsoft.ResourceHealth/availabilityStatuses/read',
'Microsoft.Resources/subscriptions/resourceGroups/read',
'Microsoft.Insights/alertRules/*',
'Microsoft.Insights/diagnosticSettings/*',
'Microsoft.Support/*'
],
'NotActions': [],
'DataActions': [],
'NotDataActions': [],
'AssignableScopes': [
'/subscriptions/{subscriptionId1}',
'/subscriptions/{subscriptionId2}',
'/subscriptions/{subscriptionId3}'
]
}
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles
You are designing an Azure solution.
The solution must meet the following requirements:
* Distribute traffic to different pools of dedicated virtual machines (VMs) based on rules
* Provide SSL offloading capabilities
You need to recommend a solution to distribute network traffic.
Which technology should you recommend?
If you require 'SSL offloading', application layer treatment, or wish to delegate certificate management to
Azure, you should use Azure's layer 7 load balancer Application Gateway instead of the Load Balanacer.
You have an Azure subscription that contains an Azure key vault named KeyVault1 and the virtual machines shown in the following table.
KeyVault1 has an access policy that provides several users with Create Key permissions.
You need to ensure that the users can only register secrets in KeyVault1 from VM1.
What should you do?
You grant data plane access by setting Key Vault access policies for a key vault.
Note 1: Grant our VM's system-assigned managed identity access to the Key Vault.
Select Access policies and click Add new.
In Configure from template, select Secret Management.
Choose Select Principal, and in the search field enter the name of the VM you created earlier. Select the VM in the result list and click Select.
Click OK to finishing adding the new access policy, and OK to finish access policy selection.
Note 2: Access to a key vault is controlled through two interfaces: the management plane and the data plane. The management plane is where you manage Key Vault itself. Operations in this plane include creating and deleting key vaults, retrieving Key Vault properties, and updating access policies. The data plane is where you work with the data stored in a key vault. You can add, delete, and modify keys, secrets, and certificates.
https://docs.microsoft.com/en-us/azure/key-vault/general/secure-your-key-vault2
You have two Azure SQL Database managed instances in different Azure regions.
You plan to configure the managed instances in an instance failover group.
What should you configure before you can add the managed instances to the instance failover group?
For two managed instances to participate in a failover group, there must be either ftoute or a gateway configured between the virtual networks of the two managed instances to allow network communication.
You create the two VPN gateways and connect them.
Create the gateway for the virtual network of your primary managed instance using the Azure portal.
Create the gateway for the virtual network of your secondary managed instance using the Azure portal.
Create a bidirectional connection between the two gateways of the two virtual networks.
