AZ-103 Microsoft Azure Administrator Practice Exam Questions Set 2

What option best describes the solution that you need to configure to route traffic from your Azure subnet using 10.50.25.0/24 to a virtual firewall appliance?


Options are :

  • Virtual Gateway
  • VNet Peering
  • Network Security Gateway
  • Azure Route Table (Correct)

Answer : Azure Route Table

What Azure feature uses Azure DNS to direct client requests to the most appropriate service based on a traffic routing method and the health of the endpoints?


Options are :

  • Azure Scalability Sets
  • Azure Files
  • Azure Traffic Manager (Correct)
  • Azure Storage Blob Resiliency

Answer : Azure Traffic Manager

Which of the following options would be most suitable for deploying a Standard SKU Public IP address?


Options are :

  • Standard Back-end Load Balancer
  • Basic Internet-facing Load Balancer
  • Basic Back-end Load Balancer
  • Standard Internet-facing Load Balancer (Correct)

Answer : Standard Internet-facing Load Balancer

You are a consultant working for CycleShare.com which uses Azure Active Directory. Admin1 is a Global Administrator.

You notice that a group named Group1 contains several members that are Guest accounts.

You need to configure settings to ensure that Admin1 regularly checks that the list of Guest users within Group1 are still valid.

Select two options that you recommend?


Options are :

  • Create an access review that has selected users as reviewers. (Correct)
  • Create an access review that is scoped to Guest users only. (Correct)
  • Use Privileged Identity Management (PIM) to approve pending requests.
  • Use Privileged Identity Management (PIM) to review access.

Answer : Create an access review that has selected users as reviewers. Create an access review that is scoped to Guest users only.

AZ-300 Microsoft Azure Architect Practice Exam Questions NEW Set 2

CycleShare.com uses Azure Active Directory.

You need to recommend an Azure Active Directory group type that allows you to assign access to a SharePoint Online document library.

You need to assign the membership based on the company department where the user is employed.

CycleShare.com has the following departments:

SalesMarketingAdministration

What should you recommend?


Options are :

  • A security group type with assigned membership.
  • An Office 365 group type with assigned membership.
  • A security group type with a dynamic membership rule.
  • An Office 365 group type with a dynamic membership rule. (Correct)

Answer : An Office 365 group type with a dynamic membership rule.

You need to create a new cloud user from the ARM portal.

You launch the "Create User" wizard.

What properties can you configure?

Select all that apply.


Options are :

  • Profile (Correct)
  • Devices
  • Roles
  • Group Membership
  • Sync Settings
  • Licenses
  • Directory Role (Correct)
  • Groups (Correct)

Answer : Profile Directory Role Groups

A VM called bigVM01 needs to communicate with a third party SaaS application called SaaSApp1 on port 80.

The bigVM01 is unable to talk to SaaSApp1.

Select the feature of Azure Network Watcher that you should use to diagnose what might be preventing communication.


Options are :

  • Security Group View
  • Next Hop
  • IP Flow Verify (Correct)
  • Network Subscription limit

Answer : IP Flow Verify

AZ-103 Microsoft Azure Administrator Practice Exam Questions Set 2

You work for CycleShare.com as the Cloud Administrator.

A member of staff asks you to investigate a potential issue with communication with a VM named WebApp1.

WebApp1 has a NIC named WebApp1Nic.

You need to troubleshoot the VM.

What cmdlet will list the effective security rules in place?


Options are :

  • Get-AzEffectiveNetworkInterfaceRules ` -NetworkInterfaceName WebApp1Nic ` -ResourceGroupName myRGweb2
  • Diag-AzNetworkSecurityGroupRules ` -NetworkInterfaceName WebApp1Nic` -ResourceGroupName myRGweb2
  • Get-AzEffectiveNetworkSecurityGroup ` -NetworkInterfaceName WebApp1 ` -ResourceGroupName myRGweb2
  • Get-AzEffectiveNetworkSecurityGroup ` -NetworkInterfaceName WebApp1Nic ` -ResourceGroupName myRGweb2 (Correct)

Answer : Get-AzEffectiveNetworkSecurityGroup ` -NetworkInterfaceName WebApp1Nic ` -ResourceGroupName myRGweb2

You are planning Azure MFA Registration Policy for the CycleShare.com tenant.

Azure MFA Registration Policy requires users to have Azure Active Directory P2 licenses.

You need to obtain a list of all Azure MFA registered users within the CycleShare.com tenant.

Review the following PowerShell script:

Will the script fulfil your requirements?

Answer True or False.


Options are :

  • FALSE
  • TRUE (Correct)

Answer : TRUE

CycleShare.com has contracted with external consultant Consult1 that needs access to some of your Azure resources.

Consult1 signs in to their device with their Azure AD user account but is unable to access your Azure resources

What should you do to ensure the contractor is able to access your Azure esources?

Your solution should not reduce security and minimize administrative effort.


Options are :

  • Configure the LinkedIn account connections in Azure AD.
  • Add a new guest user in Azure AD for Consult1. (Correct)
  • Create a new user for Consult1 in Azure AD.
  • Configure the Multi-Factor Authentication settings for your Azure AD tenant.

Answer : Add a new guest user in Azure AD for Consult1.

AZ-300 Microsoft Azure Architect Practice Exam Questions NEW Set 1

CycleShare.com has deployed a hybrid environment.

What is the requirement for client devices to be able to use Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO)?


Options are :

  • Domain Joined (Correct)
  • Windows 8.1 and Windows 10 clients only
  • Azure AD Joined
  • Windows 10 clients only

Answer : Domain Joined

The Azure AD Connect service synchronizes information from on-premises Active Directory to Azure Active Directory.

Azure AD Connect uses 3 accounts in order to synchronize information.

What is the purpose of the AD DS Connector account?


Options are :

  • Used to read/write information to on-premises Active Directory (Correct)
  • Used to run the synchronization service and access the SQL database
  • Used to run all read/write/sync operations to on-premises Active Directory and Azure Active Directory
  • Used to write information to Azure AD

Answer : Used to read/write information to on-premises Active Directory

You have a policy-based VPN Gateway called CycleVPN1.

You want to change the VPN to be a route-based VPN.

Select the action that you need to take.


Options are :

  • You can change the VPN to a route-based VPN from within the portal however it will take up to 60 minutes to complete
  • You will have to recreate the VPN with a new IP address and Pre-Shared key (Correct)
  • You can change the VPN to a route-based VPN from within the portal however it require a new IP address
  • You can change the VPN to a route-based VPN from within the portal however it will recreate the shared key

Answer : You will have to recreate the VPN with a new IP address and Pre-Shared key

AZ-103 Microsoft Azure Administrator Practice Exam Questions Set 5

You need to add your companies custom domain CycleShare.com name to Azure Active Directory.

What DNS records do you need to configure to add and verify the domain?


Options are :

  • TXT Record - Alias, Destination and TTL (Correct)
  • MX Record - Alias, Destination, TTL & Priority
  • TXT Record - Alias, Destination and TTL
  • SRV Record - Alias, Destination, TTL & Priority CNAME Record - Destination, TTL TXT Record - Alias, Destination and TTL
  • A Record - Alias, Destination, TTL & Priority TXT Record - Alias, Destination and TTL

Answer : TXT Record - Alias, Destination and TTL

What protocol(s) are supported in communication for a Site-to-Site Virtual Network Gateway?

Choose all that apply.


Options are :

  • IPsec (Correct)
  • OpenVPN
  • TLS
  • SSTP

Answer : IPsec

Which of the following IT ranges cannot be configured as a valid IP address range in VNets?


Options are :

  • 10.2.0.0/16
  • 127.0.0.0/8 (Correct)
  • 168.63.129.16/32 (Correct)
  • 255.255.255.255/32 (Correct)
  • 224.0.0.0/4 (Correct)
  • 169.254.0.0/16 (Correct)

Answer : 127.0.0.0/8 168.63.129.16/32 255.255.255.255/32 224.0.0.0/4 169.254.0.0/16

Review the following statement:

"An Azure Site-to-Site connection requires a VPN device located on-premises that has a public IP address assigned to it and is not located behind a NAT."

Is the statement True or False?


Options are :

  • FALSE
  • TRUE (Correct)

Answer : TRUE

A member of the DevOps team, DevUser1, is given a Owner permission of a Resource Group named CycleRG1, and all the Virtual Machines in the group.

A deny assignment is being applied to DevUser1, to deny deletion of Virtual Machines.

Review the following statement:

"DevUser1 will be allowed to delete the any Virtual Machine resources from CycleRG1 because DevUser1 has Owner permission".

Is the statement True or False?


Options are :

  • FALSE (Correct)
  • TRUE

Answer : FALSE

You are the Cloud Administrator of CycleShare.com a large organisation with multiple sites across the world.

You have created an Azure tenant and want to add your companies domain name CycleShare.com as your primary domain.

Select the options that are required to add this custom domain.


Options are :

  • Logon to Azure as a Global Administrator. Click Azure Active Directory. Select Custom domain names, and then select Add custom domain. Type in CycleShare.com. Click Sync with registrar. Click Verify within the custom domains section of Azure. Mark the CycleShare.com domain as primary.
  • Logon to Azure as a Global Administrator. Click Azure Active Directory. Select Custom domain names, and then select Add custom domain. Type in CycleShare.com. Copy the DNS CSV record. Add this as a DNS CSV record with your domain registrar. Click Verify within the custom domains section of Azure. Mark the CycleShare.com domain as primary.
  • Logon to Azure as a Global Administrator. Click Azure Active Directory. Select Custom domain names, and then select Add custom domain. Type in CycleShare.com Copy the DNS SRV record. Add this as a DNS SRV record with your domain registrar. Click Verify within the custom domains section of Azure.
  • Logon to Azure as a Global Administrator. Click Azure Active Directory. Select Custom domain names, and then select Add custom domain. Type in CycleShare.com. Copy the DNS TXT record. Add this as a DNS TXT record with your domain registrar. Click Verify within the custom domains section of Azure. Mark the CycleShare.com domain as primary. (Correct)

Answer : Logon to Azure as a Global Administrator. Click Azure Active Directory. Select Custom domain names, and then select Add custom domain. Type in CycleShare.com. Copy the DNS TXT record. Add this as a DNS TXT record with your domain registrar. Click Verify within the custom domains section of Azure. Mark the CycleShare.com domain as primary.

A member of the IT Helpdesk approaches you stating they are having problems with User1 who uses Office 2010.  

You recently enable MFA for all users in your tenant.

You review the Helpdesk log, and read that User1 cannot sign-in to the Outlook client on their Windows 10 device.

You need to urgently resolve the problem so that  User1 can successfully access their email, whilst minimizing administrative effort and additional costs.

Select one of the following options.


Options are :

  • Upgrade the version of Outlook on User1's Windows 10 device.
  • Enable Office compatibility for MFA
  • Enable App Passwords (Correct)
  • Upgrade the version of Office on User1's Windows 10 device.
  • Skip multi-factor authentication for users, then enter the IP in MFA trusted IPs
  • Disable MFA for the user

Answer : Enable App Passwords

Which of the following features are not available when you use Azure Multi-Factor Authentication (MFA)?


Options are :

  • PIN mode (Correct)
  • Fraud alert
  • Mobile App verification code as a second factor
  • Conditional Access
  • One-Time Bypass (Correct)

Answer : PIN mode One-Time Bypass

CycleShare.com uses Azure Active Directory (AAD)

You have a group related to an obsolete project that has been used to receive emails in Exchange Online.

The group is now obsolete and you want the group to automatically be deleted in 180 days time.

What should you configure?


Options are :

  • In Azure Active Directory, configure an access review for the group.
  • In Azure Active Directory, configure the Exchange administrator role in Privileged Identity Management.
  • In Azure Active Directory, configure the Office 365 Group Expiration Policy. (Correct)
  • In Azure Active Directory, configure a conditional access policy for Exchange online.

Answer : In Azure Active Directory, configure the Office 365 Group Expiration Policy.

You need to connect 6 production servers that are located in your Chicago office to your resources in Azure.  

Your circuit speed is 100Mbps and you are required to use BGP routing protocol.  

What connectivity solution would be the best fit?


Options are :

  • Web Application Firewall Application Gateway
  • Site-to-Site VPN Gateway
  • Point-to-Site VPN Gateway
  • ExpressRoute (Correct)

Answer : ExpressRoute

You need to configure a Network Security Group rule to allow RDP access to an Windows Virtual Machine in Azure.

What default port will you need to specify?


Options are :

  • TCP 3389 (Correct)
  • TCP 3398
  • UDP 3398
  • UDP 3389

Answer : TCP 3389

You need to keep on-premises Active Directory passwords in sync with passwords in the cloud.

What feature should you implement?


Options are :

  • Password Writeback (Correct)
  • Password Synchronisation feature
  • Seamless SSO
  • Active Directory Federation Services

Answer : Password Writeback

AZ-300 Microsoft Azure Architect Practice Exam Questions NEW Set 1

You have the following load balancing requirements: Traffic sent to 131.107.1.200 on port 80 must be directed to VM1 or VM2. Traffic sent to 131.107.1.200 on port 443 must be directed to VM3, VM4 or VM5. Traffic sent to 131.107.1.100 on TCP port 12345 must be directed to a virtual machine scale set. Traffic sent to 131.107.1.150 on TCP port 54321 must be directed to an availability set. What is the minimum number of Azure Load Balancers do you need to create?


Options are :

  • 4
  • 2
  • 1 (Correct)
  • 3

Answer : 1

Your company uses Azure Active Directory Premium and Microsoft 365.

The Security Officer requires that staff always logon securely and wants to allow staff to logon to company resources when they work away from the office.

To increase security when staff travel overseas, your Security Officer stipulates that users must be presented with the following during the logon process:

Answer security questionsProvide a password

Select two technologies should you enable to comply with the Security Officer's requirements.


Options are :

  • Self-Service Password Reset
  • Privileged Access Management
  • Privileged Identity Management
  • MFA (Correct)
  • MFA (Correct)

Answer : MFA MFA

You are considering deploying an Azure Load Balancer.

Which of the following features is not supported by an Azure Load Balancer?


Options are :

  • IPv6 Load Balancing Rules.
  • SSL Offload (sometimes known as TLS termination). (Correct)
  • HTTP Health Probes.
  • Inbound NAT Rules.

Answer : SSL Offload (sometimes known as TLS termination).

AZ-300 Microsoft Azure Architect Practice Exam Questions NEW Set 4

What would be the result of running the following Azure PowerShell cmdlet?

Get-AzExpressRouteServiceProvider

Choose one or more of the options provided. 


Options are :

  • Status
  • PeeringLocations (Correct)
  • Name (Correct)
  • BandwidthsOffered (Correct)

Answer : PeeringLocations Name BandwidthsOffered

You are the Cloud Administrator of CycleShare.com which is a large organisation with multiple sites across the world.

The Sales Director asks you if there is anyway her team can reset their passwords while working away from the office without awaiting for the Helpdesk to respond. 

The Helpdesk are available during US business hours.

You decide to implement Azure Active Directory Self-Service Password Reset (SSPR) but your Security Manager has concerns that this will introduce a security weakness to the CycleShare.com environment.

What approach should you use that will enable the Sales Team to reset their passwords while travelling and also ensure that no security weaknesses are introduced to the CycleShare.com environment?


Options are :

  • Configure Self-Service Password Reset with the following settings: The number of methods required to reset are set to three. The methods used to reset are Mobile App code, Email and SMS text. Enable this for the "All Users".
  • Configure Self-Service Password Reset with the following settings: The number of methods required to reset are set to two. The methods used to reset are Mobile App code and Security Questions. Enable this for the "Sales Team" only. (Correct)
  • Configure Self-Service Password Reset with the following settings: The number of methods required to reset are set to two. The methods used to reset are Mobile App code and SMS text. Enable this for the "All Users".
  • Configure Self-Service Password Reset with the following settings: The number of methods required to reset are set to three. The methods used to reset are Mobile App code, Email and Security Questions. Enable this for the "Sales Team" only.

Answer : Configure Self-Service Password Reset with the following settings: The number of methods required to reset are set to two. The methods used to reset are Mobile App code and Security Questions. Enable this for the "Sales Team" only.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions