The Microsoft AZ-303 Exam is challenging and thorough preparation is essential for success. This exam study guide is designed to help you prepare for the Azure Architect Technologies certification exam. It contains a detailed list of the topics covered on the Professional exam, as well as a detailed list of preparation resources. These study guides for Microsoft Azure Architect Technologies will help guide you through the study process for your certification.
AZ-303 Microsoft Azure Architect Technologies Exam Summary
● Exam Name: Microsoft Azure Architect Technologies
● Exam Code: AZ-303
● Exam Price: $165 (USD)
● Duration: 150 mins
● Number of Questions: 40-60
● Passing Score: 700 / 1000
● Books / Training:
● Schedule Exam: Pearson VUE
● Sample Questions: Microsoft Azure Architect Technologies Sample Questions
● Recommended Practice: Microsoft AZ-303 Certification Practice Exam
Exam Syllabus: AZ-303 Microsoft Certified - Azure Solutions Architect Expert
1. Implement and Monitor an Azure Infrastructure (50-55%)
● Implement cloud infrastructure monitoring
- monitor security
- monitor performance
● configure diagnostic settings on resources
● create a performance baseline for resources
● monitor for unused resources
● monitor performance capacity
● visualize diagnostics data using Azure Monitor
- monitor health and availability
● monitor networking
● monitor service health
- monitor cost
● monitor spend
● report on spend
- configure advanced logging
● implement and configure Azure Monitor insights, including App Insights, Networks, Containers
● configure a Log Analytics workspace
- configure logging for workloads
● initiate automated responses by using Action Groups
- configure and manage advanced alerts
● collect alerts and metrics across multiple subscriptions
● view Alerts in Azure Monitor logs
● Implement storage accounts
- select storage account options based on a use case
- configure Azure Files and blob storage
- configure network access to the storage account
- implement Shared Access Signatures and access policies
- implement Azure AD authentication for storage
- manage access keys
- implement Azure storage replication
- implement Azure storage account failover
● Implement VMs for Windows and Linux
- configure High Availability
- configure storage for VMs
- select virtual machine size
- implement Azure Dedicated Hosts
- deploy and configure scale sets
- configure Azure Disk Encryption
● Automate deployment and configuration of resources
- save a deployment as an Azure Resource Manager template
- modify Azure Resource Manager template
- evaluate location of new resources
- configure a virtual disk template
- deploy from a template
- manage a template library
- create and execute an automation runbook
● Implement virtual networking
- implement VNet to VNet connections
- implement VNet peering
● Implement Azure Active Directory
- add custom domains
- configure Azure AD Identity Protection
- implement self-service password reset
- implement Conditional Access including MFA
- configure user accounts for MFA
- configure fraud alerts
- configure bypass options
- configure Trusted IPs
- configure verification methods
- implement and manage guest accounts
- manage multiple directories
● Implement and manage hybrid identities
- install and configure Azure AD Connect
- identity synchronization options
- configure and manage password sync and password writeback
- configure single sign-on
- use Azure AD Connect Health
2. Implement Management and Security Solutions (25-30%)
● Manage workloads in Azure
- migrate workloads using Azure Migrate
● assess infrastructure
● select a migration method
● prepare the on-premises for migration
● recommend target infrastructure
- implement Azure Backup for VMs
- implement disaster recovery
- implement Azure Update Management
● Implement load balancing and network security
- implement Azure Load Balancer
- implement an application gateway
- implement a Web Application Firewall
- implement Azure Firewall
- implement the Azure Front Door Service
- implement Azure Traffic Manager
- implement Network Security Groups and Application Security Groups
- implement Bastion
● Implement and manage Azure governance solutions
- create and manage hierarchical structure that contains management groups, subscriptions and resource groups
- assign RBAC roles
- create a custom RBAC role
- configure access to Azure resources by assigning roles
- configure management access to Azure
- interpret effective permissions
- set up and perform an access review
- implement and configure an Azure Policy
- implement and configure an Azure Blueprint
● Manage security for applications
- implement and configure KeyVault
- implement and configure Azure AD Managed Identities
- register and manage applications in Azure AD
3. Implement Solutions for Apps (10-15%)
● Implement an application infrastructure
- create and configure Azure App Service
- create an App Service Web App for Containers
- create and configure an App Service plan
- configure an App Service
- configure networking for an App Service
- create and manage deployment slots
- implement Logic Apps
- implement Azure Functions
● Implement container-based applications
- create a container image
- configure Azure Kubernetes Service
- publish and automate image deployment to the Azure Container Registry
- publish a solution on an Azure Container Instance
4. Implement and Manage Data Platforms (10-15%)
● Implement NoSQL databases
- configure storage account tables
- select appropriate CosmosDB APIs
- set up replicas in CosmosDB
● Implement Azure SQL databases
- configure Azure SQL database settings
- implement Azure SQL Database managed instances
- configure HA for an Azure SQL database
- publish an Azure SQL database
Microsoft AZ-303 Certification Sample Questions and Answers
To make you familiar with Microsoft Azure Architect Technologies (AZ-303) certification exam structure, we have prepared this sample question set. We suggest you to try our Sample Questions for MCE Azure Solutions Architect AZ-303 Certification to test your understanding of Microsoft AZ-303process with the real Microsoft certification exam environment.
AZ-303 Microsoft Azure Architect Technologies Sample Questions:-
01. Your company has an Azure subscription. You enable multi-factor authentication (MFA) for all users. The company’s help desk reports an increase in calls from users who receive MFA requests while they work from the company’s main office.
You need to prevent the users from receiving MFA requests when they sign in from the main office. What should you do?
a) From Azure Active Directory (Azure AD), configure organizational relationships.
b) From the MFA service settings, create a trusted IP range.
c) From Conditional access in Azure Active Directory (Azure AD), create a custom control.
d) From Conditional access in Azure Active Directory (Azure AD), create a named location.
02. A company plans to use third-party application software to perform complex data analysis processes. The software will use up to 500 identical virtual machines (VMs) based on an Azure Marketplace VM image. You need to design the infrastructure for the third-party application server.
The solution must meet the following requirements:
- The number of VMs that are running at any given point in time must change when the user workload changes.
- When a new version of the application is available in Azure Marketplace it must be deployed without causing application downtime.
- Use VM scale sets.
- Minimize the need for ongoing maintenance.
Which two technologies should you recommend?
Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
a) single storage account
b) autoscale
c) single placement group
d) managed disks
03. You are developing a speech-enabled home automation control bot. The bot interprets some spoken words incorrectly. You need to improve the spoken word recognition for the bot. What should you implement?
a) The Skype for Business Channel and use scorable dialogs for improving conversation flow.
b) The Web Chat Channel and Speech priming using a Bing Speech Service and LUIS app.
c) The Skype Channel and use scorable dialogs for improving conversation flow.
d) The Cortana Channel and use scorable dialogs for improving conversation flow.
04. You are building a custom Azure function app to connect to Azure Event Grid. You need to ensure that resources are allocated dynamically to the function app. Billing must be based on the executions of the app.
What should you configure when you create the function app?
a) the Windows operating system and the App Service plan hosting plan
b) the Docker container and an App Service plan that uses the B1 pricing tier
c) the Windows operating system and the Consumption plan hosting plan
d) the Docker container and an App Service plan that uses the S1 pricing tier
05. You are creating an IoT solution using Azure Time Series Insights. You configure the environment to ensure that all data for the current year is available. What should you do?
a) Add a disaster recovery (DR) strategy.
b) Set a value for the Data retention time setting.
c) Change the pricing tier.
d) Create a reference data set.
06. You are designing an Azure solution. The solution must meet the following requirements:
- Distribute traffic to different pools of dedicated virtual machines (VMs) based on rules
- Provide SSL offloading capabilities
You need to recommend a solution to distribute network traffic. Which technology should you recommend?
a) server-level firewall rules
b) Azure Application Gateway
c) Azure Traffic Manager
d) Azure Load Balancer
07. An app uses a virtual network with two subnets. One subnet is used for the application server. The other subnet is used for a database server. A network virtual appliance (NVA) is used as a firewall.
Traffic destined for one specific address prefix is routed to the NVA and then to an on-premises database server that stores sensitive data. A Border Gateway Protocol (BGP) route is used for the traffic to the on-premises database server. You need to recommend a method for creating the user-defined route.
Which two options should you recommend?
Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
a) For the virtual network configuration, use a VPN.
b) For the next hop type, use a virtual network peering.
c) For the virtual network configuration, use Azure ExpressRoute.
d) For the next hop type, use a virtual network gateway.
08. You pull a Dockerfile from an online repository. You build a container image from this file, and you want to add it to an Azure Container Registry named mytestreg. The name of image is my-test-app. You need to deploy the image to the registry.
Which command should you run from your developer computer?
a) az container create --name mytestreg --image my-test-app
b) docker push mytestreg.azurecr.io/my-test-app
c) codocker run -p mytestreg my-test-app
d) az acr create --name mytestreglmy-test-app
09. A company hosts virtual machines (VMs) in an on-premises datacenter and in Azure. The on-premises and Azure-based VMs communicate using ExpressRoute.
The company wants to be able to continue regular operations if the ExpressRoute connection fails. Failover connections must use the Internet and must not require Multiprotocol Label Switching (MPLS) support.
You need to recommend a solution that provides continued operations. What should you recommend?
a) Set up a second ExpressRoute connection.
b) Increase the bandwidth of the existing ExpressRoute connection.
c) Increase the bandwidth for the on-premises internet connection.
d) Set up a VPN connection.
10. Your network contains an on-premises Active Directory and an Azure Active Directory (Azure AD) tenant. You deploy Azure AD Connect and configure pass-through authentication?
Your Azure subscription contains several web apps that are accessed from the Internet. You plan to enable Azure Multi-Factor Authentication (MFA) for the Azure tenant. You need to recommend a solution to prevent users from being prompted for Azure MFA when they access the web apps from the on-premises network.
What should you include in the recommendation?
a) a site-to-site VPN between the on-premises network and Azure
b) an Azure policy
c) an Azure ExpressRoute circuit
d) trusted IPs
Answers:-
Answer 1:- b
Answer 2:- b, d
Answer 3:- b
Answer 4:- c
Answer 5:- d
Answer 6:- b
Answer 7:- a, c
Answer 8:- b
Answer 9:- d
Answer 10:- d