Online Access Free Microsoft.AZ-303.v2021-09-11.q138 Practice Test (Page 21)

AZ-303 Exam Question 96

You are designing a solution to secure a company's Azure resources. The environment hosts 10 teams. Each team manages a project and has a project manager, a virtual machine (VM) operator, developers, and contractors.
Project managers must be able to manage everything except access and authentication for users. VM operators must be able to manage VMs, but not the virtual network or storage account to which they are connected. Developers and contractors must be able to manage storage accounts.
You need to recommend roles for each member.
What should you recommend? To answer, drag the appropriate roles to the correct employee types. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

AZ-303 Exam Question 97

You have Azure Storage accounts as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

AZ-303 Exam Question 98

You have an Azure key vault named KV1.
You need to ensure that applications can use KV1 to provision certificates automatically from an external certification authority (CA).
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A.From KV1, create a certificate issuer resource.

B.Obtain the CA account credentials.

C.Obtain the root CA certificate.

D.From KV1, create a certificate signing request (CSR).

E.From KV1, create a private key,

Correct Answer: C,D

C: Obtain the root CA certificate (step 4 in the picture below)
D: From KV1, create a certificate signing request (CSR) (step 2 in the picture below) Note:
Creating a certificate with a CA not partnered with Key Vault
This method allows working with other CAs than Key Vault's partnered providers, meaning your organization can work with a CA of its choice.

The following step descriptions correspond to the green lettered steps in the preceding diagram.
In the diagram above, your application is creating a certificate, which internally begins by creating a key in your key vault.
Key Vault returns to your application a Certificate Signing Request (CSR).
Your application passes the CSR to your chosen CA.
Your chosen CA responds with an X509 Certificate.
Your application completes the new certificate creation with a merger of the X509 Certificate from your CA.
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/certificates/certificate-scenarios
Topic 1, Contoso, Ltd
Overview
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.
Existing Environment
Currently, Contoso uses multiple types of servers for business operations, including the following:
* File servers
* Domain controllers
* Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
* A SQL database
* A web front end
* A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Requirements
Planned Changes
Contoso plans to implement the following changes to the infrastructure:
* Move all the tiers of App1 to Azure.
* Move the existing product blueprint files to Azure Blob storage.
* Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.
Technical Requirements
Contoso must meet the following technical requirements:
* Move all the virtual machines for App1 to Azure.
* Minimize the number of open ports between the App1 tiers.
* Ensure that all the virtual machines for App1 are protected by backups.
* Copy the blueprint files to Azure over the Internet.
* Ensure that the blueprint files are stored in the archive storage tier.
* Ensure that partner access to the blueprint files is secured and temporary.
* Prevent user passwords or hashes of passwords from being stored in Azure.
* Use unmanaged standard storage for the hard disks of the virtual machines.
* Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
Minimize administrative effort whenever possible.
User Requirements
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
Designate a new user named Admin1 as the service administrator of the Azure subscription.
Ensure that a new user named User3 can create network objects for the Azure subscription

AZ-303 Exam Question 99

You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

The tenant contains computers that run Windows 10. The computers are configured as shown in the following table.

You enable Enterprise State Roaming in contoso.com for Group1 and GroupA.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

AZ-303 Exam Question 100

You have an Azure Active Directory (Azure AD) tenant linked to an Azure subscription. The tenant contains a group named Admins.
You need to prevent users, except for the members of Admins, from using the Azure portal and Azure PowerShell to access the subscription.
What should you do?

A.From Azure AD, configure the User settings.

B.From the Azure subscription, assign an Azure policy.

C.From Azure AD, create a conditional access policy.

D.From the Azure subscription, configure Access control (IAM).

Premium Bundle

Newest AZ-303 Exam PDF Dumps shared by Actual4test.com for Helping Passing AZ-303 Exam! Actual4test.com now offer the updated AZ-303 exam dumps, the Actual4test.com AZ-303 exam questions have been updated and answers have been corrected get the latest Actual4test.com AZ-303 pdf dumps with Exam Engine here:

Access AZ-303 Premium Version

(220 Q&As Dumps, 30%OFF Special Discount: Freepdfdumps)

Other Version: 2053Microsoft.AZ-303.v2022-11-15.q184; 1460Microsoft.AZ-303.v2022-08-20.q77; 56Microsoft.Newpassleader.AZ-303.v2022-05-25.by.betty.145q.pdf; 3015Microsoft.AZ-303.v2022-04-08.q145; 108Microsoft.Itpassleader.AZ-303.v2021-09-11.by.adolph.153q.pdf

Latest Upload: 170ACSM.020-222.v2025-09-11.q48; 157VMware.5V0-31.23.v2025-09-10.q73; 131Oracle.1z0-915-1.v2025-09-10.q24; 160Citrix.1Y0-231.v2025-09-10.q87; 135SAP.C-THR85-2505.v2025-09-09.q29; 166Adobe.AD0-E727.v2025-09-09.q76; 130Oracle.1Z0-1123-25.v2025-09-09.q20; 136SAP.C_SIGPM_2403.v2025-09-08.q20; 259EXIN.ITIL.v2025-09-08.q161; 172BCS.PC-BA-FBA-20.v2025-09-08.q45