Microsoft AZ-204 Online Practice
Questions and Exam Preparation
AZ-204 Exam Details
Exam Code
:AZ-204
Exam Name
:Developing Solutions for Microsoft Azure
Certification
:Microsoft Certifications
Vendor
:Microsoft
Total Questions
:588 Q&As
Last Updated
:May 25, 2026
Microsoft AZ-204 Online Questions &
Answers
Question 111:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen.
You are implementing an application by using Azure Event Grid to push near-real-time information to customers.
You have the following requirements: You must send events to thousands of customers that include hundreds of various event types.
The events must be filtered by event type before processing.
Authentication and authorization must be handled by using Microsoft Entra ID.
The events must be published to a single endpoint.
You need to implement Azure Event Grid.
Solution: Publish events to a partner topic. Create an event subscription for each customer.
Does the solution meet the goal?
A. Yes B. No
A. Yes
Explanation
Partner Events overview for customers - Azure Event Grid
Azure Event Grid's Partner Events allows customers to subscribe to events that originate in a registered system using the same mechanism they would use for any other event source on Azure, such as an Azure service. Those registered systems integrate with Event Grid are known as "partners".
This feature also enables customers to send events to partner systems that support receiving and routing events to customer's solutions/endpoints in their platform.
Note: Partners
A partner is a kind of publisher that sends events from its system to make them available to Azure customers. A partner is typically a SaaS or ERP provider that integrates with Azure Event Grid to help customers realize event-driven use cases across platforms. Partners not only can publish events to Azure Event Grid, but they can also receive events from it. These capabilities are enabled through the Partner Events feature.
Note 2: Why should I use Partner Events?
You may want to use the Partner Events feature if you've one or more of the following requirements.
You want to subscribe to events that originate in a partner system and route them to event handlers on Azure or to any application or service with a public endpoint.
You want to take advantage of the rich set Event Grid's destinations/event handlers that react to events from partners.
*-> You want to forward events raised by your custom application on Azure, an Azure service, or a Microsoft service to your application or service hosted by the partner system. For example, you may want to send Microsoft Entra ID, Teams, SharePoint, or Azure Storage events to a partner system on which you're a tenant for processing.
You need a resilient push delivery mechanism with send-retry support and at-least once semantics.
You want to use Cloud Events 1.0 schema for your events.
Note 3: Partner topic
Receive events from a partner
You receive events from a partner in a partner topic that's' created on your behalf by a partner. Here are the high-level steps to subscribe to events from a partner.
1. Authorize partner to create a partner topic in a resource group you designate. Authorizations are stored in partner configurations (Azure resources).
2. Request partner to forward your events from its service to your partner topic. Partner provisions a partner topic in the specified resource group of your Azure subscription.
3. After the partner creates a partner topic in your Azure subscription and resource group, activate your partner topic.
4. Subscribe to events by creating one or more event subscriptions on the partner topic.
You are developing a .NET Core MVC application for customers to research hotels. The application will use Azure Search. The application will search the index by using various criteria to locate documents related to hotels. The index will include search fields for rate, a list of amenities, and distance to the nearest airport.
The application must support the following scenarios for specifying search criteria and organizing results:
Search the index by using regular expressions.
Organize results by counts for name-value pairs.
List hotels within a specified distance to an airport and that fall within a specific price range.
You need to configure the SearchParameters class.
Which properties should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Box 1: QueryType
The SearchParameters.QueryType Property gets or sets a value that specifies the syntax of the search query. The default is 'simple'. Use 'full' if your query uses the Lucene query syntax.
You can write queries against Azure Search based on the rich Lucene Query Parser syntax for specialized query forms: wildcard, fuzzy search, proximity search, regular expressions are a few examples.
Box 2: Facets
The facets property gets or sets the list of facet expressions to apply to the search query. Each facet expression contains a field name, optionally followed by a comma-separated list of name:value pairs.
Box 3: Filter
The Filter property gets or sets the OData $filter expression to apply to the search query.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are developing a web app named mywebapp1. Mywebapp1 uses the address myapp1.azurewebsites.net. You protect mywebapp1 by implementing an Azure Web Application Firewall (WAF). The traffic to mywebapp1 is routed through an Azure Application Gateway instance that is also used by other web apps.
You want to secure all traffic to mywebapp1 by using SSL.
Solution: You open the Azure Application Gateway's HTTP setting and set the Override backend path option to mywebapp1.azurewebsites.net. You then add an authentication certificate for mywebapp1.azurewebsites.net.
Does this meet the goal?
A. Yes B. No
B. No
Explanation
In case of end to end SSL, trusted Azure services such as Azure App service web apps do not require whitelisting the backends in the application gateway. Therefore, there is no need to add any authentication certificates.
You are developing an ASP.NET Core web application. You plan to deploy the application to Azure Web App for Containers.
The application needs to store runtime diagnostic data that must be persisted across application restarts. You have the following code:
You need to configure the application settings so that diagnostic data is stored as required.
How should you configure the web app's settings? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Box 1: If WEBSITES_ENABLE_APP_SERVICE_STORAGE
If WEBSITES_ENABLE_APP_SERVICE_STORAGE setting is unspecified or set to true, the /home/ directory will be shared across scale instances, and files written will persist across restarts
You have an Azure API Management (APIM) Standard tier instance named APIM1 that uses a managed gateway.
You plan to use APIM1 to publish an API named API1 that uses a backend database that supports only a limited volume of requests per minute. You also need a policy for API1 that will minimize the possibility that the number of requests to the backend database from an individual IP address you specify exceeds the supported limit.
You need to identify a policy for API1 that will meet the requirements.
Which policy should you use?
A. ip-filter B. quota-by-key C. rate-limit-by-key D. rate-limit
C. rate-limit-by-key
Explanation
rate-limit-by-key
Limit call rate by key
The rate-limit-by-key policy prevents API usage spikes on a per key basis by limiting the call rate to a specified number per a specified time period. The key can have an arbitrary string value and is typically provided using a policy expression.
Optional increment condition can be added to specify which requests should be counted towards the limit. When this call rate is exceeded, the caller receives a 429 Too Many Requests response status code.
Example
In the following example, the rate limit of 10 calls per 60 seconds is keyed by the caller IP address. After each policy execution, the remaining calls allowed in the time period are stored in the variable remainingCallsPerIP.
Rate limits and quotas are used for different purposes.
Rate limits
Rate limits are usually used to protect against short and intense volume bursts. For example, if you know your backend service has a bottleneck at its database with a high call volume, you could set a rate-limit-by-key policy to not allow high call volume by using this setting.
Quotas
Quotas are usually used for controlling call rates over a longer period of time. For example, they can set the total number of calls that a particular subscriber can make within a given month.
Incorrect:
* quota-by-key
The quota-by-key policy enforces a renewable or lifetime call volume and/or bandwidth quota, on a per key basis. The key can have an arbitrary string value and is typically provided using a policy expression. Optional increment condition can be added to specify which requests should be counted towards the quota. If multiple policies would increment the same key value, it is incremented only once per request. When the quota is exceeded, the caller receives a 403 Forbidden response status code, and the response includes a Retry-After header whose value is the recommended retry interval in seconds.
* rate-limit
Limit call rate by subscription
The rate-limit policy prevents API usage spikes on a per subscription basis by limiting the call rate to a specified number per a specified time period. When the call rate is exceeded, the caller receives a 429 Too Many Requests response status code.
In Asp.Net core apps it turns out that trace logs do not show up in Application Insights out of the box. We need to add the following code snippet to our Configure method in Startup.cs:
You are building an application to track cell towers that are available to phones in near real time. A phone will send information to the application by using the Azure Web PubSub service. The data will be processed by using an Azure Functions app. Traffic will be transmitted by using a content delivery network (CDN).
The Azure function must be protected against misconfigured or unauthorized invocations.
You need to ensure that the CDN allows for the Azure function protection.
Which HTTP header should be on the allowed list?
A. Authorization B. WebHook-Request-Callback C. Resource D. WebHook-Request-Origin
D. WebHook-Request-Origin
Explanation
CloudEvents extension for Azure Web PubSub event handler with HTTP protocol
The Web PubSub service delivers client events to the upstream webhook using the CloudEvents HTTP protocol binding.
Webhook validation
The Webhook validation follows CloudEvents. The request always contains
WebHook-Request-Origin: xxx.webpubsub.azure.com in the header.
If and only if the delivery target does allow delivery of the events, it MUST reply to the request by including WebHook-Allowed-Origin header, for example:
WebHook-Allowed-Origin: *
Or:
WebHook-Allowed-Origin: xxx.webpubsub.azure.com
For now, WebHook-Request-Rate and WebHook-Request-Callback are not supported.
Incorrect:
* WebHook-Request-Callback. An optional field that provides the webhook with an alternative to grant permission asynchronously, by way of a HTTP callback.
A company uses Azure SQL Database to store data for an app. The data includes sensitive information.
You need to implement measures that allow only members of the managers group to see sensitive information.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Include the managers group. B. Exclude the managers group. C. Exclude the administrators group. D. Navigate to the following URL: PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resouceGroupos/rg01/providers/Microsoft.Sql/servers/server01/databases/customers/transparentDataEncryption/current?api-version=2014-04-01 E. Run the following Azure PowerShell command: New-AzureRmSqlDatabaseDataMaskingRule -SchemaName "dbo" -TableName "customers" -ColumnName "ssn" -MaskingFunction "Default"
B. Exclude the managers group. E. Run the following Azure PowerShell command: New-AzureRmSqlDatabaseDataMaskingRule -SchemaName "dbo" -TableName "customers" -ColumnName "ssn" -MaskingFunction "Default"
Explanation
Dynamic data masking helps prevent unauthorized access to sensitive data by enabling customers to designate how much of the sensitive data to reveal with minimal impact on the application layer.
SQL users excluded from masking - A set of SQL users or AAD identities that get unmasked data in the SQL query results.
Note: The New-AzureRmSqlDatabaseDataMaskingRule cmdlet creates a data masking rule for an Azure SQL database.
You are building an application that stores sensitive customer data in Azure Blob storage. The data must be encrypted with a key that is unique for each customer.
If the encryption key has been corrupted it must not be used for encryption.
You need to ensure that the blob is encrypted.
How should you complete the code segment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Box 1: CustomerProvidedKey(key)
The data must be encrypted with a key that is unique for each customer.
A company maintains multiple web and mobile applications. Each application uses custom in-house identity providers as well as social identity providers.
You need to implement single sign-on (SSO) for all the applications.
What should you do?
A. Use Azure Active Directory B2C (Azure AD B2C) with custom policies. B. Use Azure Active Directory B2B (Azure AD B2B) and enable external collaboration. C. Use Azure Active Directory B2C (Azure AD B2C) with user flows. D. Use Azure Active Directory B2B (Azure AD B2B).
A. Use Azure Active Directory B2C (Azure AD B2C) with custom policies.
External collaboration settings let you specify what roles in your organization can invite external users for B2B collaboration. These settings also include options for allowing or blocking specific domains, and options for restricting what external guest users can see in your Azure AD directory.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Microsoft exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your AZ-204 exam preparations
and Microsoft certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.
