Microsoft Azure Architect Technologies AZ-303 Study Guide Updated

Microsoft Azure Architect Technologies AZ-303 Study Guide Updated

Microsoft Certified: Azure Solutions Architect Expert certification is achieved by passing AZ-303 and AZ-304 exams. To prepare for your AZ-303 Microsoft Azure Architect Technologies exam for this certification, you can choose the updated AZ-303 study guide at ITExamShop as the preparation materials. The most updated AZ-303 study guide come with 206 real exam questions, additionally, all the answers have been verified by the experienced team. We ensure that you can pass Microsoft Certification AZ-303 exam with the most updated study guide.

You can come here to read Microsoft Azure AZ-303 free questions below first:

Page 1 of 5

1. Topic 1, Contoso, Ltd


Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.

Contoso products are manufactured by using blueprint files that the company authors and maintains.

Existing Environment

Currently, Contoso uses multiple types of servers for business operations, including the following:

✑ File servers

✑ Domain controllers

✑ Microsoft SQL Server servers

Your network contains an Active Directory forest named All servers and client computers are joined to Active Directory.

You have a public-facing application named App1.

App1 is comprised of the following three tiers:

✑ A SQL database

✑ A web front end

✑ A processing middle tier

Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.


Planned Changes

Contoso plans to implement the following changes to the infrastructure:

✑ Move all the tiers of App1 to Azure.

✑ Move the existing product blueprint files to Azure Blob storage.

✑ Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.

Technical Requirements

Contoso must meet the following technical requirements:

✑ Move all the virtual machines for App1 to Azure.

✑ Minimize the number of open ports between the App1 tiers.

✑ Ensure that all the virtual machines for App1 are protected by backups.

✑ Copy the blueprint files to Azure over the Internet.

✑ Ensure that the blueprint files are stored in the archive storage tier.

✑ Ensure that partner access to the blueprint files is secured and temporary.

✑ Prevent user passwords or hashes of passwords from being stored in Azure.

✑ Use unmanaged standard storage for the hard disks of the virtual machines.

✑ Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.

Minimize administrative effort whenever possible.

User Requirements

Contoso identifies the following requirements for users:

Ensure that only users who are part of a group named Pilot can join devices to Azure AD.

Designate a new user named Admin1 as the service administrator of the Azure subscription.

Ensure that a new user named User3 can create network objects for the Azure subscription.

You need to move the blueprint files to Azure.

What should you do?

2. You need to implement a backup solution for App1 after the application is moved.

What should you create first?

3. You are planning the move of App1 to Azure.

You create a network security group (NSG).

You need to recommend a solution to provide users with access to App1.

What should you recommend?

4. You need to meet the user requirement for Admin1.

What should you do?


You need to recommend a solution for App1. The solution must meet the technical requirements.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.


You need to configure the Device settings to meet the technical requirements and the user requirements.

Which two settings should you modify? To answer, select the appropriate settings in the answer area.

7. You need to recommend an identify solution that meets the technical requirements.

What should you recommend?


You need to identify the storage requirements for Contoso.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

9. Topic 2, Litware inc.

Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview. General Overview

Litware, Inc. is a medium-sized finance company. Litware recently acquired a financial services company named Fabrikam, Ltd.

Overview. Physical Locations

Litware has a datacenter in Boston. Fabrikam has a datacenter in San Francisco.

Existing Environment. Identity Environment

The network of Litware contains an Active Directory forest named that syncs to an Azure Active Directory (Azure AD) tenant named by using Azure AD Connect.

Azure AD Seamless Single Sign-on (Azure AD Seamless SSO) is enabled for the tenant.

Users at Litware have a UPN suffix of

Litware has an internal certification authority (CA) that is trusted by all devices.

The network of Fabrikam contains an Active Directory forest named Users at Fabrikam have a UPN suffix of

Existing Environment. Azure Environment

Litware has an Azure subscription named Sub1 that is linked to the tenant.

Sub1 contains the resources shown in the following table.

Litware has Azure Resource Manager (ARM) templates that deploy Azure Policy definitions and assignments to a management group.

Fabrikam does NOT have an Azure environment.

Existing Environment. On-Premises Environment

The on-premises network of Litware contains the resources shown in the following table.

The on-premises network of Fabrikam contains a domain member server named SERVER1 that runs Windows Server 2019.

Existing Environment. Network Environment

Litware has a site-to-site VPN connection to VNet1.

The Litware and Fabrikam datacenters are not connected.

Requirements. Planned Changes

Litware plans to implement the following changes:

✑ Establish a trust relationship between the Litware and Fabrikam forests.

✑ Migrate data from the on-premises NoSQL datastores to Azure Table storage.

✑ Containerize WebApp1 and deploy the app to an Azure Kubernetes Service (AKS) cluster on VNet1.

✑ Create an Azure blueprint named BP1 and use the blueprint to provision a resource group named RG1.

Requirements. Deployment Requirements

Litware identifies the following deployment requirements:

✑ The existing ARM templates must be used for deployments to Sub1.

✑ WebApp1 must be deployed to the AKS cluster without having to change the source code.

Requirements. Authentication and Authorization Requirements

Litware identifies the following authentication and authorization requirements:

✑ The Fabrikam users must be able to authenticate to the tenant by using Azure AD Seamless SSO.

✑ The Fabrikam users and the Litware users must be able to manage the Azure resources in Sub1.

✑ Company policy must prohibit the creation of guest user accounts in the tenant.

✑ You must be able to configure deny permissions for RG1 and for the resources in RG1.

✑ WebApp1 running on the AKS cluster must be able to retrieve secrets from KV1.

Requirements. Security Requirements

Litware identifies the following security requirements:

✑ On-premises Litware users must access KVI by using the private IP address of the key vault.

✑ Azure virtual machines must have all their disks encrypted, including the temporary disks.

✑ Azure Storage must encrypt all data by using keys issued by the internal CA of Litware.

✑ Inbound HTTPS traffic to WebApp1 must be inspected for SQL injection attacks.

✑ The principle of least privilege must be used.

You need to configure Azure AD Seamless SSO for Fabrikam. The solution must meet the authentication and authorization requirements.

What should you install first?

10. You migrate WebApp1 to Azure.

You need to configure the AKS cluster to enable WebApp1 to access KV1. The solution must meet the authentication and authorization requirements.

What should you do?


Leave a Reply

Your email address will not be published.