Microsoft AZ-300 Q & A

1) The DevOps manager asks you to ensure that a critical web application is monitored.  She wants the DevOps engineers to receive emails when the web app stops for any reason. What should you configure to fulfil this requirement? Choose the best option.
Create Diagnostic Logs for the WebApp by configuring a resource, condition and action group.​
Create an Alert for the WebApp by configuring a resource, condition, action group and alert details.​
Create Resource Health for the WebApp by configuring a resource, condition and action group.​
Create an Alert for the WebApp by configuring a resource, condition, alert group and alert details.

Create an Alert for the WebApp by configuring a resource, condition, action group and alert details.

2) You Lead is configuring Public Addresses for Virtual Machines in availability sets. As per client requirement , The Virtual Machine disks need to be redundant over different zones, but be located in the same Azure region. What solution best meets this requirement?​
A Basic SKU Public IP Address needs to be configured​
A Standard SKU Public IP Address needs to be configured​

The correct answer is:
A Standard SKU Public IP Address needs to be configured

3) When adding a Route to an Azure Route Table which of the following are available Next Hop Types? Select all that apply.​
Internet​
Virtual Network Gateway​
Storage Account​
Network Security Gateway​
Virtual Appliance​
Virtual Network

The correct answers are:
Virtual Network Gateway
Virtual Network
Internet
Virtual Appliance

4) Which of the following cannot be configured as a valid IP address in Azure? Choose one or more answers.​
255.255.255.255/32​
224.0.0.0/4​
10.2.0.0/16​

The correct answers are:
224.0.0.0/4
255.255.255.255/32

5) Your Team Lead wants to enable Enterprise State Roaming.Where can you find this configuration option in the Azure portal?
Azure Active Directory > Devices > Enterprise State Roaming​
Intune > Devices > Enterprise State Roaming​
Azure Active Directory > App Registrations > Enterprise State Roaming

The correct answer is:
Azure Active Directory > Devices > Enterprise State Roaming

6) In Active Directory you want to ensure users will see relevant disclaimers for legal, or compliance requirements which you have received from the head of the Legal Team.Where should you configure this information?​
Azure Active Directory > Identity Governance, then click Publish a Terms of use.​
Azure Active Directory > Properties, then click Create a Company legal policy

The correct answer is:
Azure Active Directory > Identity Governance, then click Publish a Terms of use.

7) The Head of Security requires that users must logon securely at all times.Company security policy requires that users answer security questions as well as passwords when logging in from outside of the US. Specify the technologies that you should enable to meet company requirements.Choose two options from the possible answers.​
Privileged Identity Management​
Self-Service Password Reset​
MFA​
Conditional Access

The correct answers are:
MFA

Conditional Access

8) In a hybrid environment what is the requirement for client machines to use Azure Seamless Single Sign-On?​
Azure AD Joined​
Domain Joined​

The correct answer is:
Domain Joined

9) Select the appropriate solution which would meet the following criteria: a) Ensure no password hashes are stored in the cloud. b)Enable my users to sign in and access cloud services using their on-premises password.c)Ensure no new on-premises servers are created.​
Azure AD Connect with Connect Health​
Pass-through authentication (PTA) and single sign-on

The correct answer is:
Pass-through authentication (PTA) and single sign-on

10) Which feature allows you to keep on-premises Active Directory passwords in-synch with passwords in the Cloud?
Password writeback
Password Synchronisation feature

The correct answer is:
Password writeback

11) You need to configure Azure MFA to set a time period to allow authentication attempts.What must you configure?
App Password​
Caching Rule

The correct answer is:
Caching Rule

12) To access the application the client requests an OAuth 2.0 authentication token. To receive an OAuth 2.0 bearer token what does the client supply to the bearer?
Client Agent Type
​Authorization code​
Client_id

The correct answers are:
Client_id
Authorization code

12) Your Client has given requirement to protect confidential data which is as below:1) Encrypts data at rest 2) Data is protected in the Trusted Execution Environment enclave 3) Stops malicious insiders with administrative privilege, or direct access to hardware, from gaining access . Select the solution which meets your company requirements.​
Encrypt data at rest using Azure Key Vault​
Azure Confidential Computing

The correct answer is:
Azure Confidential Computing

13) You need to delete the certificate “cloud” from the “vikas”.
What is the correct REST API call that will perform this task successfully?
DELETE vikas.vault.azure.net/certificates/cloud?api-version=7.0
DELETE
DELETE
DELETE

The correct answer is:
DELETE

14) Choose the option that best describes the outcome of running the PowerShell script:
Set-AzStorageAccount -Name “cloudvikas” -ResourceGroupName “Store2RG” -EnableHttpsTrafficOnly $True
Enable “Secure transfer required” setting for the Storage Account named “cloudvikas”
Enable “Only HTTP traffic” setting for the Storage Account named “cloudvikas”

The correct answer is:
Enable “Secure transfer required” setting for the Storage Account named “cloudvikas”

15) You have a VM called ‘cloudvikas’ and you want to view resource usage for the VM for the last week. What should you configure to show you this? Select all that apply.​
Azure Monitoring Alerts
Azure Monitoring Metrics​
Azure Monitoring Insights

The correct answers are:
Azure Monitoring Metrics
Azure Monitoring Insights

16) You are configuring diagnostic logging in Azure for a VM called “application”.When you are configuring a sink, to which Azure service can configure?
Azure Security Centre
Storage Account

The correct answer is:

Storage Account

17) The business has a requirement to allow a remote office to write file data to a Storage Account called “cloudvikas” during a two week project.
It essential that you set this up quickly and in the most secure manner.
Apply your knowledge of Storage Accounts to select the correct answer that meets the requirements.

Provide the remote office the second shared access key that is configured when the storage account is setup.•
Provide the remote office the second shared access key that is configured when the storage account is setup.
Configure Shared access signature in “cloudvikas” with the following settings:
Allowed permissions = Write
Set an expiry date of two weeks.

Configure Shared access signature in “cloudvikas” with the following settings: Allowed permissions = “Write” Set the “Allowed IP addresses” to include the remote offices IP address
Set an expiry date of two weeks.

The correct answer is:
Configure Shared access signature in “cloudvikas” with the following settings: Allowed permissions = “Write” Set the “Allowed IP addresses” to include the remote offices IP address
Set an expiry date of two weeks.

18) You have been using a Storage Account called “cloud” for application data. You believe an ex-employee has saved the key 1 details. How should you secure the data and keep the application online?​
Use key 2 for the application that uses the storage account and regenerate key 1
Regenerate key 1

The correct answer is:
Use key 2 for the application that uses the storage account and regenerate key 1

19) The junior team asks you for guidance in backing up a Storage Account. What solution would you suggest that would enable them to create the back-up?​
Use WMI (Windows Management Instrumentation)​
Use Storage Explorer to create a snapshot of the Blob Storage

The correct answer is:
Use Storage Explorer to create a snapshot of the Blob Storage

20) Your team lead has to select a Storage Account type to store addresses.The data will be structured and will need a key attribute. Choose the most appropriate Azure Storage Account type which best fits the scenario.​
Blob Storage​
Table Storage

The correct answer is:
Table Storage

21) In your project, You have a requirement to configure a solution to replace an on-premises device.The share is currently mapped to Windows 10 devices. Recommend a solution would best meet this requirement?​
Azure Blob Storage with an CIFS Share​
Azure File Storage with an SMB Share

The correct answer is:
Azure File Storage with an SMB Share

22) You want to examine whether any of the current Azure workloads are sized too large, or are not being utilized. What Azure tool could you run to achieve this?​
Azure Sentinel​
Azure Advisor

The correct answer is:
Azure Advisor

23) In defining “autoscaling rule sets” what is the “cooldown” parameter?​
How often that the metrics are collected for analysis.​
The amount of time to wait before the rule is applied again so that the autoscale actions have time to take effect.

The correct answer is:
The amount of time to wait before the rule is applied again so that the autoscale actions have time to take effect.

24) A recent security audit states that to be compliant you must configure an alternative method of authentication which does not utilize passwords. What you have to do?​
Azure Key Vault Service​
SSH Public Key Authentication

The correct answer is:
SSH Public Key Authentication

25) When configuring an Azure Application Gateway what criteria is supported for the configuration of custom Health probes?Select all that apply.​
HTTP response status code match​
SSH response status code match​
HTTP response body match

The correct answers are:
HTTP response status code match
HTTP response body match

26) The DevOps Manager has tasked you with deploying a Linux VM. What Class in the JSON template would you configure the “Choose the Linux Distribution” option?​
machineConfig​
imageReference

The correct answer is:
imageReference

27) The Manager has tasked you with deploying a Linux VM. You decide to use an ARM template to achieve this. What value in the JSON template would you configure to lock down SSH access to the VM?​
sshLockdown​
adminPublicKey

The correct answer is:
adminPublicKey

28) Which script languages can you run to deploy ARM templates? Select all languages that apply.​
C++​
JavaScript​
json

The correct answer are:
.json

29) What PowerShell cmdlet would you execute to deploy a Virtual Machine from the Azure Marketplace?​
New-AzVm​
New-AzResourceGroupDeployment

The correct answer is:
New-AzResourceGroupDeployment

30) Your DevOps Manager asks you to specify the viable platforms that allow you to deploy code to Azure. Choose all that apply.​
CloudForge
​Github​
Bitbucket

The correct answers are:
Bitbucket
Github