ExamGecko
Search Search Login
Home Home / Microsoft / AZ-204

Microsoft AZ-204 Practice Test - Questions Answers, Page 10

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT You develop an application that sells Al generated images based on user input. You recently started a marketing campaign that displays unique ads every second day. Sales data is stored in Azure Cosmos DB with the date of each sale being stored in a property named 'whenFinished'. The marketing department requires a view that shows the number of sales for each unique ad. You need to implement the query for the view. How should you complete the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You need to audit the retail store sales transactions. What are two possible ways to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
HOTSPOT You have an Azure Web app that uses Cosmos DB as a data store. You create a CosmosDB container by running the following PowerShell script: $resourceGroupName = "testResourceGroup" $accountName = "testCosmosAccount" $databaseName = "testDatabase" $containerName = "testContainer" $partitionKeyPath = "/EmployeeId" $autoscaleMaxThroughput = 5000 New-AzCosmosDBSqlContainer -ResourceGroupName $resourceGroupName -AccountName $accountName -DatabaseName $databaseName -Name $containerName -PartitionKeyKind Hash -PartitionKeyPath $partitionKeyPath -AutoscaleMaxThroughput $autoscaleMaxThroughput You create the following queries that target the container: SELECT * FROM c WHERE c.EmployeeId > '12345' SELECT * FROM c WHERE c.UserID = '12345' For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You deploy an Azure Container Apps app and disable ingress on the container app. Users report that they are unable to access the container app. You investigate and observe that the app has scaled to 0 instances. You need to resolve the issue with the container app. Solution: Enable ingress, create a TCP scale rule, and apply the rule to the container app. Does the solution meet the goal?
You are developing a road tollway tracking application that sends tracking events by using Azure Event Hubs using premium tier. Each road must have a throttling policy uniquely assigned. You need to configure the event hub to allow for per-road throttling. What should you do?
HOTSPOT You plan to implement an Azure Functions app. The Azure Functions app has the following requirements: * Must be triggered by a message placed in an Azure Storage queue. * Must use the queue name set by an app setting named input-queue. * Must create an Azure Blob Storage named the same as the content of the message. You need to identify how to reference the queue and blob name in the function. Just file of the Azure Functions app. How should you reference the names? To answer, select the appropriate values in the answer area. NOTE: Each correct selection is worth one point.
Note: This question-is part of a series of questions that present the same scenario. Each question-in the series contains a unique solution that might meet the stated goals. Some question-sets might have more than one correct solution, while others might not have a correct solution. After you answer a question-in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop Azure solutions. You must grant a virtual machine (VM) access to specific resource groups in Azure Resource Manager. You need to obtain an Azure Resource Manager access token. Solution: Run the Invoke-RestMethod cmdlet to make a request to the local managed identity for Azure resources endpoint. Does the solution meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are developing an Azure solution to collect point-of-sale (POS) device data from 2,000 stores located throughout the world. A single device can produce 2 megabytes (MB) of data every 24 hours. Each store location has one to five devices that send data. You must store the device data in Azure Blob storage. Device data must be correlated based on a device identifier. Additional stores are expected to open in the future. You need to implement a solution to receive the device data. Solution: Provision an Azure Event Grid. Configure the machine identifier as the partition key and enable capture. Does the solution meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it As a result, these questions will not appear in the review screen. You deploy an Azure Container Apps app and disable ingress on the container app. Users report that they are unable to access the container app. You investigate and observe that the app has scaled to 0 instances. You need to resolve the issue with the container app. Solution: Enable ingress and configure the minimum replicas to 1 for the container app. Does the solution meet the goal?
You need to implement farmer authentication. Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Question 91

Report
Export
Collapse

DRAG DROP

You develop an Azure solution that uses Cosmos DB.

The current Cosmos DB container must be replicated and must use a partition key that is optimized for queries.

You need to implement a change feed processor solution.

Which change feed processor components should you use? To answer, drag the appropriate components to the correct requirements. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view the content.

NOTE: Each correct selection is worth one point.


Question 91
Correct answer: Question 91

Explanation:

Box 1: The monitored container

The monitored container has the data from which the change feed is generated. Any inserts and updates to the monitored container are reflected in the change feed of the container.

Box 2: The lease container

The lease container acts as a state storage and coordinates processing the change feed across multiple workers. The lease container can be stored in the same account as the monitored container or in a separate account.

Box 3: The host: A host is an application instance that uses the change feed processor to listen for changes. Multiple instances with the same lease configuration can run in parallel, but each instance should have a different instance name.

Box 4: The delegate

The delegate is the code that defines what you, the developer, want to do with each batch of changes that the change feed processor reads.

Reference:

https://docs.microsoft.com/en-us/azure/cosmos-db/change-feed-processor

Question 92

Report
Export
Collapse

HOTSPOT

You are developing a web application that will use Azure Storage. Older data will be less frequently used than more recent data.

You need to configure data storage for the application. You have the following requirements:

Retain copies of data for five years.

Minimize costs associated with storing data that is over one year old.

Implement Zone Redundant Storage for application data.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 92
Correct answer: Question 92

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers

https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy?toc=/azure/storage/blobs/toc.json

Question 93

Report
Export
Collapse

You develop and deploy a web application to Azure App Service. The application accesses data stored in an Azure Storage account. The account contains several containers with several blobs with large amounts of data. You deploy all

Azure resources to a single region.

You need to move the Azure Storage account to the new region. You must copy all data to the new region.

What should you do first?

A.
Export the Azure Storage account Azure Resource Manager template
A.
Export the Azure Storage account Azure Resource Manager template
Answers
B.
Initiate a storage account failover
B.
Initiate a storage account failover
Answers
C.
Configure object replication for all blobs
C.
Configure object replication for all blobs
Answers
D.
Use the AzCopy command line tool
D.
Use the AzCopy command line tool
Answers
E.
Create a new Azure Storage account in the current region
E.
Create a new Azure Storage account in the current region
Answers
F.
Create a new subscription in the current region
F.
Create a new subscription in the current region
Answers
Suggested answer: A

Explanation:

To move a storage account, create a copy of your storage account in another region. Then, move your data to that account by using AzCopy, or another tool of your choice and finally, delete the resources in the source region.

To get started, export, and then modify a Resource Manager template.

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/storage-account-move?tabs=azure-portal

Question 94

Report
Export
Collapse

Your company is developing an Azure API.

You need to implement authentication for the Azure API. You have the following requirements:

All API calls must be secure.

Callers to the API must not send credentials to the API.

Which authentication mechanism should you use?

A.
Basic
A.
Basic
Answers
B.
Anonymous
B.
Anonymous
Answers
C.
Managed identity
C.
Managed identity
Answers
D.
Client certificate
D.
Client certificate
Answers
Suggested answer: C

Explanation:

Use the authentication-managed-identity policy to authenticate with a backend service using the managed identity of the API Management service. This policy essentially uses the managed identity to obtain an access token from Azure Active Directory for accessing the specified resource. After successfully obtaining the token, the policy will set the value of the token in the Authorization header using the Bearer scheme.

Reference: https://docs.microsoft.com/bs-cyrl-ba/azure/api-management/api-management-authentication-policies

Question 95

Report
Export
Collapse

You are a developer for a SaaS company that offers many web services.

All web services for the company must meet the following requirements:

Use API Management to access the services

Use OpenID Connect for authentication

Prevent anonymous usage

A recent security audit found that several web services can be called without any authentication.

Which API Management policy should you implement?

A.
jsonp
A.
jsonp
Answers
B.
authentication-certificate
B.
authentication-certificate
Answers
C.
check-header
C.
check-header
Answers
D.
validate-jwt
D.
validate-jwt
Answers
Suggested answer: D

Explanation:

Add the validate-jwt policy to validate the OAuth token for every incoming request.

Incorrect Answers:

A: The jsonp policy adds JSON with padding (JSONP) support to an operation or an API to allow cross-domain calls from JavaScript browser-based clients. JSONP is a method used in JavaScript programs to request data from a server in a different domain. JSONP bypasses the limitation enforced by most web browsers where access to web pages must be in the same domain.

JSONP - Adds JSON with padding (JSONP) support to an operation or an API to allow cross-domain calls from JavaScript browser-based clients.

Reference: https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad

Question 96

Report
Export
Collapse

You have a new Azure subscription. You are developing an internal website for employees to view sensitive data. The website uses Azure Active Directory (Azure AD) for authentication.

You need to implement multifactor authentication for the website.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.
Configure the website to use Azure AD B2C.
A.
Configure the website to use Azure AD B2C.
Answers
B.
In Azure AD, create a new conditional access policy.
B.
In Azure AD, create a new conditional access policy.
Answers
C.
Upgrade to Azure AD Premium.
C.
Upgrade to Azure AD Premium.
Answers
D.
In Azure AD, enable application proxy.
D.
In Azure AD, enable application proxy.
Answers
E.
In Azure AD conditional access, enable the baseline policy.
E.
In Azure AD conditional access, enable the baseline policy.
Answers
Suggested answer: B, C

Explanation:

B: MFA Enabled by conditional access policy. It is the most flexible means to enable two-step verification for your users. Enabling using conditional access policy only works for Azure MFA in the cloud and is a premium feature of Azure AD.

C: Multi-Factor Authentication comes as part of the following offerings:

Azure Active Directory Premium licenses - Full featured use of Azure Multi-Factor Authentication Service (Cloud) or Azure Multi-Factor Authentication Server (On-premises).

Multi-Factor Authentication for Office 365

Azure Active Directory Global Administrators

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted

Question 97

Report
Export
Collapse

Note: This question-is part of a series of questions that present the same scenario. Each question-in the series contains a unique solution that might meet the stated goals. Some question-sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question-in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You develop Azure solutions.

You must grant a virtual machine (VM) access to specific resource groups in Azure Resource Manager.

You need to obtain an Azure Resource Manager access token.

Solution: Use an X.509 certificate to authenticate the VM with Azure Resource Manager.

Does the solution meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

Instead run the Invoke-RestMethod cmdlet to make a request to the local managed identity for Azure resources endpoint.

Reference: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-arm

Question 98

Report
Export
Collapse

Note: This question-is part of a series of questions that present the same scenario. Each question-in the series contains a unique solution that might meet the stated goals. Some question-sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question-in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You develop Azure solutions.

You must grant a virtual machine (VM) access to specific resource groups in Azure Resource Manager.

You need to obtain an Azure Resource Manager access token.

Solution: Use the Reader role-based access control (RBAC) role to authenticate the VM with Azure Resource Manager.

Does the solution meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: B

Explanation:

Instead run the Invoke-RestMethod cmdlet to make a request to the local managed identity for Azure resources endpoint.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-arm

Question 99

Report
Export
Collapse

Note: This question-is part of a series of questions that present the same scenario. Each question-in the series contains a unique solution that might meet the stated goals. Some question-sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question-in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You develop Azure solutions.

You must grant a virtual machine (VM) access to specific resource groups in Azure Resource Manager.

You need to obtain an Azure Resource Manager access token.

Solution: Run the Invoke-RestMethod cmdlet to make a request to the local managed identity for Azure resources endpoint.

Does the solution meet the goal?

A.
Yes
A.
Yes
Answers
B.
No
B.
No
Answers
Suggested answer: A

Explanation:

Get an access token using the VM's system-assigned managed identity and use it to call Azure Resource Manager

You will need to use PowerShell in this portion.

1. In the portal, navigate to Virtual Machines and go to your Windows virtual machine and in the Overview, click Connect.

2. Enter in your Username and Password for which you added when you created the Windows VM.

3. Now that you have created a Remote Desktop Connection with the virtual machine, open PowerShell in the remote session.

4. Using the Invoke-WebRequest cmdlet, make a request to the local managed identity for Azure resources endpoint to get an access token for Azure Resource Manager.

Example:

$response = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/' -Method GET -Headers @{Metadata="true"}

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-arm

Question 100

Report
Export
Collapse

DRAG DROP

Contoso, Ltd. provides an API to customers by using Azure API Management (APIM). The API authorizes users with a JWT token.

You must implement response caching for the APIM gateway. The caching mechanism must detect the user ID of the client that accesses data for a given location and cache the response for that user ID.

You need to add the following policies to the policies file:

a set-variable policy to store the detected user identity

a cache-lookup-value policy

a cache-store-value policy

a find-and-replace policy to update the response body with the user profile information

To which policy section should you add the policies? To answer, drag the appropriate sections to the correct policies. Each section may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.


Question 100
Correct answer: Question 100

Explanation:

Box 1: Inbound.

A set-variable policy to store the detected user identity.

Example:

<policies>

<inbound>

<!-- How you determine user identity is application dependent -->

<set-variable

name="enduserid"

value="@(context.Request.Headers.GetValueOrDefault("Authorization","").Split(' ')[1].AsJwt()?.Subject)" />

Box 2: Inbound

A cache-lookup-value policy

Example:

<inbound>

<base />

<cache-lookup vary-by-developer="true | false" vary-by-developer-groups="true | false" downstream-caching-type="none | private | public" must-revalidate="true | false">

<vary-by-query-parameter>parameter name</vary-by-query-parameter> <!-- optional, can repeated several times -->

</cache-lookup>

</inbound>

Box 3: Outbound

A cache-store-value policy.

Example:

<outbound>

<base />

<cache-store duration="3600" />

</outbound>

Box 4: Outbound

A find-and-replace policy to update the response body with the user profile information.

Example:

<outbound>

<!-- Update response body with user profile-->

<find-and-replace

from='"$userprofile$"'

to="@((string)context.Variables["userprofile"])" />

<base />

</outbound>

Reference:

https://docs.microsoft.com/en-us/azure/api-management/api-management-caching-policies

https://docs.microsoft.com/en-us/azure/api-management/api-management-sample-cache-by-key

Total 345 questions
Go to page: of 35
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms