AZ-300 Microsoft Azure Architect Practice Exam Questions NEW Set 2

To create and assign Azure Role Based Access you require Microsoft.Authorization/roleAssignments/* permission. Which roles grant this access? Choose all that apply. Owner User Access Administrator Security Administrator Conditional Access Administrator Virtual Machine Contributor


Options are :

  • User Access Administrator (Correct)
  • Conditional Access Administrator
  • Security Administrator
  • Owner (Correct)
  • Virtual Machine Contributor

Answer : User Access Administrator Owner

AZ-300 Microsoft Azure Architect Practice Exam Questions NEW Set 3

Which option best describes the solution to route traffic from an Azure subnet 10.50.25.0/24 to a virtual firewall appliance?


Options are :

  • Network Security Gateway
  • Route Table (Correct)
  • Virtual Gateway
  • VNET Peering

Answer : Route Table

You are setting up replication in a Cosmos DB. What does the following NodeJS/JavaScript mean? Choose the answer that best describes the outcome of the script. var connectionPolicy = new DocumentBase.ConnectionPolicy(); connectionPolicy.PreferredLocations = ['West US', 'East US', 'North Europe']; var client = new DocumentDBClient(host, { masterKey: masterKey }, connectionPolicy);


Options are :

  • The NodeJS/JavaScript will create a ConnectionPolicy object, then set its preferred location regions: West US, East US and North Europe. Then finally initializes the connection. (Correct)
  • The NodeJS/JavaScript will create a ConnectionPolicy object, then set its preferred location regions in the following order: West US, East US and North Europe. Then finally un-encrypts the Cosmos DB
  • The NodeJS/JavaScript will create a ConnectionPolicy object, then set its preferred location regions in the following order: West US, East US and North Europe. Then finally initializes the connection.
  • The NodeJS/JavaScript will create a ConnectionPolicy object, then set its preferred location regions: West US, East US and North Europe. Then finally un-encrypts the Cosmos DB

Answer : The NodeJS/JavaScript will create a ConnectionPolicy object, then set its preferred location regions: West US, East US and North Europe. Then finally initializes the connection.

You want to host some code in Azure that will be run on request, but will be run infrequently. Which option is the best fit to allow to do this at the lowest cost?


Options are :

  • Function App on a App Service Plan
  • Create a Linux Virtual Machine which will host the code. The VM will be shutdown after midnight each day.
  • Function App on a Consumption plan (Correct)
  • Create a Windows Virtual Machine which will host the code. The VM will be shutdown after midnight each day.

Answer : Function App on a Consumption plan

Examine the options provided and decide which are required to set-up Azure Site Recovery for a Windows VM called "adrex01" stored in the East US region? Choose all that apply. Create a recovery vault in North Europe region Create a recovery vault in the East US region Install the ASR preparation tool "asrprep" Install all the latest Windows Updates Ensure disk encryption is disabled


Options are :

  • Install all the latest Windows Updates (Correct)
  • Create a recovery vault in North Europe region (Correct)
  • Install the ASR preparation tool "asrprep"
  • Create a recovery vault in the East US region
  • Ensure disk encryption is disabled

Answer : Install all the latest Windows Updates Create a recovery vault in North Europe region

Your DevOps Manager asks you to set-up Transient Fault Handling for a business critical sales application. The application needs to retry connections after a fault first by waiting a short time before the first retry, and then exponentially increasing times between each subsequent retry. For example, it may retry the operation after 5 seconds, 15 seconds, 30 seconds Which strategy should you adopt for the retry interval?


Options are :

  • Incremental intervals
  • Randomization
  • Regular intervals
  • Exponential back-off (Correct)

Answer : Exponential back-off

Log entries of Autoscale failures are created in which log?


Options are :

  • Activity Log (Correct)
  • Autoscale log
  • Scale log
  • Azure Sentinel

Answer : Activity Log

AZ-300 Microsoft Azure Architect Practice Exam Questions NEW Set 3

A new member of the team is starting today at CycleShare.com called "Bob". He will be working on a project that manages some resources in Azure. He needs to be able to administrate Storage Accounts and be able to view cost data in your Azure subscription. Where possible you should limit the access to any other objects in Azure. This should also been achieved with the least amount of administrative effort going forward. What is the best option to achieve this?


Options are :

  • Login to each Azure object that "Bob" needs access to. In Access Control (IAM) under Roles add "Bob" as "Contributor" (Correct)
  • In Access Control (IAM) under Roles add "Bob" to the "Storage Account Contributor" and "Cost Management Reader"
  • In Access Control (IAM) under Roles add "Bob" as "Contributor"
  • In Access Control (IAM) under Roles add the "Bob" to the "Storage Account Administrator" and "Cost Management Reader"

Answer : Login to each Azure object that "Bob" needs access to. In Access Control (IAM) under Roles add "Bob" as "Contributor"

You want to protect a SQL Database. By protecting sensitive data at rest, during movement between client and server, and whilst the data is in use. You will do this be ensuring that sensitive data never appears as plaintext inside the database system. After you encrypt data, only client applications, or app servers that have access to the keys can access plaintext data. Which method would do this?


Options are :

  • Always Encrypted with the Windows certificate store (Correct)
  • Transparent Data Encryption with Azure SQL
  • Session
  • Transparent Data Encryption with Bring your own key

Answer : Always Encrypted with the Windows certificate store

In configuring a Site-to-Site VPN between an on-premises environment and Azure what do you require to configure the on-premises VPN?


Options are :

  • Public IP Address of the Virtual Network Gateway and the BGP ASN
  • Public IP Address of the Virtual Network Gateway and a Shared Key (Correct)
  • Private IP Address of the Virtual Network Gateway and Azure Subscription name
  • Public IP Address of the Virtual Network Gateway, the BGP ASN and a Shared Key

Answer : Public IP Address of the Virtual Network Gateway and a Shared Key

AZ-300 Microsoft Azure Architect Practice Exam Questions NEW Set 2

You have a requirement to create a solution to notify you by email when a resource is deleted in the resource group "athuRG1" Which option would create and send these emails?


Options are :

  • Service Bus
  • Logic App
  • Event Hub
  • Event Grid (Correct)

Answer : Event Grid

The Business Continuity Process team at CycleShare.com have asked for your help in planning for disasters. There are 40 critical VMs at your on-premises data centre location in Paris that need to have a disaster recovery plan. You decide to enable Azure Site Recovery to protect these VMs. As part of the configuration you need to ensure outbound connectivity is enabled to certain Microsoft URLs. Which of the following are the URLs that are required? Choose all that apply. *.blob.core.windows.net login.microsoftonline.com portal.azure.com login.msonline.windows.com *.hypervrecoverymanager.windowsazure.com *.servicebus.windows.net *.recoveryservice.windowsazure.com


Options are :

  • *.recoveryservice.windowsazure.com
  • login.msonline.windows.com (Correct)
  • *.servicebus.windows.net (Correct)
  • portal.azure.com
  • *.hypervrecoverymanager.windowsazure.com (Correct)
  • *.blob.core.windows.net (Correct)

Answer : login.msonline.windows.com *.servicebus.windows.net *.hypervrecoverymanager.windowsazure.com *.blob.core.windows.net

What Azure CLI command would you run to create a new managed Kubernetes cluster?


Options are :

  • az kuberpod create
  • az kubernetesclus create
  • az kubernetes create
  • az aks create (Correct)

Answer : az aks create

You are required to create a solution that will integrate a Twitter account. When a new Tweet is posted mentioning your business "CycleShare.com" it will write a log to a Storage Account and then email you. You need to achieve this without having to write any code. What option is the best fit to fulfil these requirements?


Options are :

  • Create a Logic App (Correct)
  • Create a Function App
  • Create an Integration Account and a Storage Account
  • Create an Service Bus

Answer : Create a Logic App

Examine the statement below and decide if it is true, or false. "A Cosmos DB container is a schema-free collection of JSON items"


Options are :

  • FALSE
  • TRUE (Correct)

Answer : TRUE

You are setting up Azure Site Recovery for an environment of 12 servers. They comprise of 2 SQL servers, 4 middleware application servers, 5 web servers and a jump off server. You need to create a Recovery Plan. Pick the best option that describes the most fitting recovery plan.


Options are :

  • Create failover group 1 with the Application servers, then create failover group 2 with the Web servers and then group 3 with the SQL servers and jump off server. Recovery of the groups will happen one group at a time 1 to 2 and then 3.
  • Create failover group 1 with the Application servers and web severs then create failover group 2 with the SQL servers and jump off server. Recovery of the groups will happen one group at a time 1 and then 2.
  • Create failover group 1 with the jump off server and SQL servers, then create failover group 2 with the Application servers and then group 3 with the web servers. Recovery of the groups will happen one group at a time 1 to 2 and then 3. (Correct)
  • Create a failover group the servers. Azure Site Recovery automatically works out the order in which servers need to be started.

Answer : Create failover group 1 with the jump off server and SQL servers, then create failover group 2 with the Application servers and then group 3 with the web servers. Recovery of the groups will happen one group at a time 1 to 2 and then 3.

AZ-300 Microsoft Azure Architect Practice Exam Questions NEW Set 4

The DevOps Manager at icemachinecorpz.com has asked you to setup a web app in Azure called "iceapp01". The Application needs to be in a separate DMZ to other applications and Virtual Machines. The application should be able to scale and also requires 3GB of memory. Which App tier plan should you choose to achieve this?


Options are :

  • Basic (B2)
  • Premium (P1v2)
  • Isolated 1 (I1) (Correct)
  • Isolated 3 (I3)

Answer : Isolated 1 (I1)

Which of the following are NOT a core Kubernetes components? Choose all that apply. kube-apiserver kube-engine kube-scheduler etcd kube-master


Options are :

  • kube-scheduler
  • etcd
  • kube-master (Correct)
  • kube-apiserver
  • kube-engine (Correct)

Answer : kube-master kube-engine

You work for GroovyConfectionery a company that refreshes confectionary stock in vending machines across Europe and Africa. The DevOps manager has asked you to create a solution to notify field staff of new products via push notifications. The solution is required to work on Android and iOS mobile devices that the field staff use. Which solution works best?


Options are :

  • Azure Alerts
  • Notification Hub (Correct)
  • Event Grid
  • Service Bus

Answer : Notification Hub

AZ-300 Microsoft Azure Architect Practice Exam Questions NEW Set 2

At CycleShare.com you are required to assign role-based permissions to staff. A new member of the Service Desk is due to start and you need to give him permission to reset users' passwords. Which role would give this level of access but not too much access?


Options are :

  • Security Administrator
  • Service Desk Administrator
  • Global Administrator
  • Password Administrator (Correct)

Answer : Password Administrator

A member of the Service Desk approaches you stating they are having problems with a user who uses Office 2010.  Since MFA has been enabled they can no longer sign-in to the Outlook client.   What setting would enable this member of staff to sign-in successfully?


Options are :

  • Enable App Passwords (Correct)
  • Skip multi-factor authentication for users, then enter the IP in MFA trusted IPs
  • Enable Office compatibility for MFA
  • The only option is to disable MFA for the user

Answer : Enable App Passwords

What would be the result of the following Azure PowerShell statement?  Choose the option that best describes its use. New-AzApplicationGatewayIPConfiguration


Options are :

  • Creates a front-end IP configuration. This setting maps a private or public IP address to the front end of the application gateway.
  • Configures the back-end IP address pool with the IP addresses of the back-end web servers.
  • Configures the front-end IP port for the public IP endpoint. This port is the port that end users connect to
  • Creates an IP configuration for an application gateway. The IP configuration contains the subnet in which application gateway is deployed. (Correct)

Answer : Creates an IP configuration for an application gateway. The IP configuration contains the subnet in which application gateway is deployed.

You have configured Cloud MFA to secure your tenancy. You want to identify the users that have not registered with MFA. What is the correct PowerShell command to give you this information?


Options are :

  • Get-MsolUser -All | where {$_.StrongAuthenticationMethods -ne $null} | Select-Object -Property UserPrincipalName
  • Get-MsolUser -All | where {$_.NoneAuthenticationMethods -ne $null} | Select-Object -Property UserPrincipalName
  • Get-MsolUser -All | where {$_.StrongAuthenticationMethods.Count -eq 0} | Select-Object -Property UserPrincipalName (Correct)
  • Get-MsolUser -All | where {$_.WeakAuthenticationMethods.Count -eq 0} | Select-Object -Property UserPrincipalName

Answer : Get-MsolUser -All | where {$_.StrongAuthenticationMethods.Count -eq 0} | Select-Object -Property UserPrincipalName

Examine the following Azure CLI statement and choose which option best describes what the statement is doing. az container logs --resource-group azswRG --name azsmattco


Options are :

  • List available containers
  • Pulls the container instance logs (Correct)
  • Imports Azure Container logs
  • Shows events stored in a container

Answer : Pulls the container instance logs

What would be the result of the following Azure PowerShell statement? Choose one, some, or all of the options listed. Get-AzExpressRouteServiceProvider Name Cost PeeringLocations BandwidthsOffered Status


Options are :

  • PeeringLocations (Correct)
  • Cost
  • BandwidthsOffered (Correct)
  • Name (Correct)
  • Status

Answer : PeeringLocations BandwidthsOffered Name

AZ-300 Microsoft Azure Architect Practice Exam Questions NEW Set 4

You need to migrate 60 Virtual Machines from an on-premises VMware environment to Azure. 12 of the Virtual Machines are business critical database servers. You have done a full assessment of the Virtual Machines and are aware of the costs. Which tool would you use to migrate the VMs to Azure? Choose the best solution.


Options are :

  • VMware Converter
  • Azure Database Migration Service
  • Azure Site Recovery (Correct)
  • Azure Migrate

Answer : Azure Site Recovery

You work for a tech firm, HelpTech Support.

You have been asked to build a solution that will record support desk interactions, analyse them and respond by emailing them a video guide based on their specific issue.

You decide that you need to use an Azure Cognitive solution.

Which solution will you choose to best fit your requirements?


Options are :

  • Translator Text
  • Q and A maker
  • Text analytics
  • LUIS (Correct)

Answer : LUIS

You have a Azure Cosmos DB that is configured using a Multi-Master Replication Mode in two regions. Which of the following Consistency levels allows you to achieve a recovery point objective (RPO) of 15 minutes or less? Select all that apply. Strong Bounded Staleness Session Consistent Prefix Eventual


Options are :

  • Consistent Prefix (Correct)
  • Eventual (Correct)
  • Strong (Correct)
  • Bounded Staleness
  • Session (Correct)

Answer : Consistent Prefix Eventual Strong Session

CycleShare.com has a Cosmos DB with Multi-region accounts with a single-write region. West US is setup to write, while East US and North Europe are setup as read. The Dev Ops Manager is concerned about availability against the database in the event that a region suffers a write-region outage. What solution should you configure to protect against such an outage?


Options are :

  • There is no need to change the configuration, Cosmos DB has multiple layers of availability
  • You should configure "Multi-write regions"
  • You should enable “enable automatic failover” (Correct)
  • You should configure "single-region account"

Answer : You should enable “enable automatic failover”

You are required to configure an Azure Load Balancer to assign requests to the same back-end server from the same client IP address. As long as the back-end server is available. Which setting should you configure to enable this configuration?


Options are :

  • Amend the load balancing rule to enable "Floating IP"
  • Amend the Health Probe session persistence to be "Client IP"
  • Amend the Health Probe to enable "Floating IP"
  • Amend the load balancing rule session persistence to be "Client IP" (Correct)

Answer : Amend the load balancing rule session persistence to be "Client IP"

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions