AZ-303 Free Practice Test

- (Exam Topic 2)
The developers at your company request that you create databases in Azure Cosmos DB as shown in the following table.

You need to create the Azure Cosmos DB databases to meet the developer request. The solution must minimize costs.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

1. A. Create three Azure Cosmos DB accounts, one for the databases that use the Core (SQL) API, one for CosmosDB2, and one for CosmosDB4.
2. B. Create two Azure Cosmos DB accounts, one for CosmosDB2 and CosmosDB4 and one for CosmosDB1 and CosmosDB3.
3. C. Create one Azure Cosmos DB account for each database.
4. D. Create three Azure Cosmos DB accounts, one for the databases that use the MongoDB API, one for CosmosDB1, and one for CosmosDB3.

Correct Answer: BD
Note:
Microsoft recommends using the same API for all access to the data in a given account.
One throughput provisioned container per subscription for SQL, Gremlin API, and Table accounts. Up to three throughput provisioned collections per subscription for MongoDB accounts.
The throughput provisioned on an Azure Cosmos container is exclusively reserved for that container. The container receives the provisioned throughput all the time.
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/set-throughput#set-throughput-on-a-container

- (Exam Topic 2)
You have resources in three Azure regions. Each region contains two virtual machines. Each virtual machine has a public IP address assigned to its network interface and a locally installed application named App1.
You plan to implement Azure Front Door-based load balancing across all the virtual machines.
You need to ensure that App1 on the virtual machines will only accept traffic routed from Azure Front Door. What should you implement?

1. A. Azure Private Link
2. B. service endpoints
3. C. network security groups (NSGs) with service tags
4. D. network security groups (NSGs) with application security groups

Correct Answer: C
Configure IP ACLing for your backends to accept traffic from Azure Front Door's backend IP address space and Azure's infrastructure services only. Refer the IP details below for ACLing your backend:
Refer AzureFrontDoor.Backend section in Azure IP Ranges and Service Tags for Front Door's IPv4 backend IP address range or you can also use the service tag AzureFrontDoor.Backend in your network security groups.
Reference:
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-faq

- (Exam Topic 2)
You have an Azure Container Registry and an Azure container instance.
You pull an image from the registry, and then update the local copy of the image.
You need to ensure that the updated image can be deployed to the container instance. The solution must ensure that you can deploy the updated image or the previous version of the image.
What should you do?

1. A. Run the docker image push command and specify the tag parameter.
2. B. Run the az image copy command and specify the tag paramete
3. C. Run the az aks update command and specify the attach-acr parameter.
4. D. Run the kubect1 apply command and specify the dry-run parameter.

Correct Answer: B

- (Exam Topic 2)
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server 2019. Server1 is a container host. You are creating a Dockerfile to build a container image.
You need to add a file named File1.txt from Server1 to a folder named C:Folder1 in the container image. Solution: You add the following line to the Dockerfile.
ADD File1.txt C:/Folder1/
You then build the container image. Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: B
Copy is the correct command to copy a file to the container image. The ADD command can also be used. However, the root directory is specified as '/' and not as 'C:/'.
Reference:
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy https://docs.docker.com/engine/reference/builder/

- (Exam Topic 2)
Your company has an Azure subscription.
You enable multi-factor authentication (MFA) for all users.
The company’s help desk reports an increase in calls from users who receive MFA requests while they work from the company’s main office.
You need to prevent the users from receiving MFA requests when they sign in from the main office. What should you do?

1. A. From Azure Active Directory (Azure AD), configure organizational relationships.
2. B. From the MFA service settings, create a trusted IP range.
3. C. From Conditional access in Azure Active Directory (Azure AD), create a custom control.
4. D. From Conditional access in Azure Active Directory (Azure AD), create a named location.

Correct Answer: B
The first thing you may want to do, before enabling Multi-Factor Authentication for any users, is to consider configuring some of the available settings. One of the most important features is a trusted IPs list. This will allow you to whitelist a range of IPs for your network. This way, when users are in the office, they will not get prompted with MFA, and when they take their devices elsewhere, they will. Here’s how to do it:
Log in to your Azure Portal.
Navigate to Azure AD > Conditional Access > Named locations. From the top toolbar select Configure MFA trusted IPs. References:
https://www.kraftkennedy.com/implementing-azure-multi-factor-authentication/