Microsoft AZ-204 Online Practice Questions and Exam Preparation

Microsoft AZ-204 Online Questions & Answers

• Question 281:

  DRAG DROP

  You have a static website hosted in an Azure Storage account named storage1. You access the website by using a URL that ends with the web.core.windows.net suffix.

  You plan to configure the website to be accessible through the URL www.contoso.com. The website must be accessible during configuration.

  The contoso.com zone is hosted in Azure DNS.

  You need to complete the website configuration

  Which four actions should you perform in sequence?

  To answer, move the appropriate domain name configuration steps from the list of domain name configuration steps to the answer area and arrange them in the correct order.

  Select and Place:

  

  

• Question 282:

  You need to ensure that all messages from Azure Event Grid are processed.

  What should you use?

  A. Azure Event Grid topic
  B. Azure Service Bus topic
  C. Azure Service Bus queue
  D. Azure Storage queue
  E. Azure Logic App custom connector
  B. Azure Service Bus topic

  ---

  Explanation

  As a solution architect/developer, you should consider using Service Bus queues when: Your solution needs to receive messages without having to poll the queue. With Service Bus, you can achieve it by using a long-polling receive operation using the TCP-based protocols that Service Bus supports.

  https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-azure-andservice-bus-queues-compared-contrasted

• Question 283:

  HOTSPOT

  You need to configure App Service to support the corporate website migration.

  Which configuration should you use? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Basic

  App Service plan

  Basic would be the cheapest, while still be able to scale.

  Dedicated compute: The Basic, Standard, Premium, PremiumV2, and PremiumV3 tiers run apps on dedicated Azure VMs. Only apps in the same App Service plan share the same compute resources. The higher the tier, the more VM instances are available to you for scale-out.

  Scenario:

  Corporate website

  The site must be migrated to Azure App Service.

  Costs must be minimized when hosting in Azure.

  Incorrect:

  * Isolated: The Isolated and IsolatedV2 tiers run dedicated Azure VMs on dedicated Azure Virtual Networks. It provides network isolation on top of compute isolation to your apps. It provides the maximum scale-out capabilities.

  Box 2: Deployment slot

  Scenario: All code changes must be validated by internal staff before release to production.

  You can validate app changes in a staging deployment slot before swapping it with the production slot.

  https://learn.microsoft.com/en-us/azure/app-service/overview-hosting-plans

  https://learn.microsoft.com/en-us/azure/app-service/deploy-staging-slots

• Question 284:

  You are developing an ASP.NET Core Web API web service. The web service uses Azure Application Insights for all telemetry and dependency tracking. The web service reads and writes data to a database other than Microsoft SQL Server.

  You need to ensure that dependency tracking works for calls to the third-party database.

  Which two Dependency Telemetry properties should you store in the database? Each correct answer presents part of the solution.

  NOTE: Each correct selection is worth one point.

  A. Telemetry.Context.Operation.Id
  B. Telemetry.Name
  C. Telemetry.Context.Cloud.RoleInstance
  D. Telemetry.Context.Session.Id
  E. Telemetry.Id
  A. Telemetry.Context.Operation.Id
  E. Telemetry.Id

  ---

  Explanation

  Example:

  public async Task Enqueue(string payload)

  {

  // StartOperation is a helper method that initializes the telemetry item

  // and allows correlation of this operation with its parent and children.

  var operation = telemetryClient.StartOperation<DependencyTelemetry>("enqueue " + queueName);

  operation.Telemetry.Type = "Azure Service Bus";

  operation.Telemetry.Data = "Enqueue " + queueName;

  var message = new BrokeredMessage(payload);

  // Service Bus queue allows the property bag to pass along with the message.

  // We will use them to pass our correlation identifiers (and other context)

  // to the consumer.

  message.Properties.Add("ParentId", operation.Telemetry.Id);

  message.Properties.Add("RootId", operation.Telemetry.Context.Operation.Id); References:

  https://docs.microsoft.com/en-us/azure/azure-monitor/app/custom-operations-tracking

• Question 285:

  HOTSPOT

  You are developing an application that includes two Docker containers.

  The application must meet the following requirements:

  1. The containers must not run as root.

  2. The containers must be deployed to Azure Container Instances by using a YAML file.

  3. The containers must share a lifecycle, resources, local network, and storage volume.

  4. The storage volume must persist through container crashes.

  5. The storage volume must be deployed on stop or restart of the containers.

  You need to configure Azure Container Instances for the application.

  Which configuration values should you use? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Container group

  A YAML file is a convenient way to configure a container group for reproducible deployments. It's a concise alternative to using a Resource Manager template or the Azure Container Instances SDKs to create or update a container group.

  A container group is a collection of containers that get scheduled on the same host machine. The containers in a container group share a lifecycle, resources, local network, and storage volumes. It's similar in concept to a pod in Kubernetes.

  Box 2: Cloned Git Repo

  The gitRepo volume mounts a directory and clones the specified Git repository into it at container startup.

  Incorrect:

  * Azure File Share

  Azure file share volume mount requires the Linux container run as root.

  Note: By default, Azure Container Instances are stateless. If the container is restarted, crashes, or stops, all of its state is lost. To persist state beyond the lifetime of the container, you must mount a volume from an external store. Azure Container Instances can mount an Azure file share created with Azure Files. Azure Files offers fully managed file shares hosted in Azure Storage that are accessible via the industry standard Server Message Block (SMB) protocol. Using an Azure file share with Azure Container Instances provides file-sharing features similar to using an Azure file share with Azure virtual machines.

  Limitations

  You can only mount Azure Files shares to Linux containers. Review more about the differences in feature support for Linux and Windows container groups in the overview.

  Azure file share volume mount requires the Linux container run as root.

  Azure File share volume mounts are limited to CIFS support.

  * Secret

  Use a secret volume to supply sensitive information to the containers in a container group. The secret volume stores your secrets in files within the volume, accessible by the containers in the container group. By storing secrets in a secret volume, you can avoid adding sensitive data like SSH keys or database credentials to your application code.

  * Emtpy

  The emptyDir volume provides a writable directory accessible to each container in a container group. Containers in the group can read and write the same files in the volume, and it can be mounted using the same or different paths in each container.

  https://learn.microsoft.com/en-us/azure/container-instances/container-instances-reference-yaml

  https://learn.microsoft.com/en-us/azure/container-instances/container-instances-container-groups

• Question 286:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  Your company has an azure subscription that includes a storage account, a resource group, a blob container and a file share.

  A fellow administrator named Jon Ross used an Azure Resource Manager template to deploy a virtual machine and an Azure Storage account.

  You need to identify the Azure Resource Manager template the Jon Ross used.

  Solution: You access the Virtual Machine blade.

  Does the solution meet the goal?

  A. Yes
  B. No
  B. No

  ---

  Explanation

  View template from deployment history

  Go to the resource group for your new resource group. Notice that the portal shows the result of the last deployment. Select this link.

  

  You see a history of deployments for the group. In your case, the portal probably lists only one deployment. Select this deployment.

  

  The portal displays a summary of the deployment. The summary includes the status of the deployment and its operations and the values that you provided for parameters. To see the template that you used for the deployment, select View template.

  

  https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-export-template

• Question 287:

  DRAG DROP

  You are authoring a set of nested Azure Resource Manager templates to deploy multiple Azure resources.

  The templates must be tested before deployment and must follow recommended practices.

  You need to validate and test the templates before deployment.

  Which tools should you use? To answer, drag the appropriate tools to the correct requirements. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  

• Question 288:

  You are building a loyalty program for a major snack producer. When customers buy a snack at any of 100 participating retailers the event is recorded in Azure Event Hub. Each retailer is given a unique identifier that is used as the primary identifier for the loyalty program.

  Retailers must be able to be added or removed at any time. Retailers must only be able to record sales for themselves.

  You need to ensure that retailers can record sales.

  What should you do?

  A. Use publisher policies for retailers.
  B. Create a partition for each retailer.
  C. Define a namespace for each retailer.
  A. Use publisher policies for retailers.

  ---

  Explanation

  Event Hubs enables granular control over event publishers through publisher policies. Publisher policies are run-time features designed to facilitate large numbers of independent event publishers. With publisher policies, each publisher uses its own unique identifier when publishing events to an event hub.

  Incorrect:

  Not C: An Event Hubs namespace is a management container for event hubs (or topics, in Kafka parlance). It provides DNS-integrated network endpoints and a range of access control and network integration management features such as IP filtering, virtual network service endpoint, and Private Link.

  https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-features

• Question 289:

  HOTSPOT

  You plan to implement an Azure Functions app.

  The Azure Functions app has the following requirements:

  Must be triggered by a message placed in an Azure Storage queue.

  Must use the queue name set by an app setting named input_queue.

  Must create an Azure Blob Storage named the same as the content of the message.

  You need to identify how to reference the queue and blob name in the function.json file of the Azure Functions app.

  How should you reference the names? To answer, select the appropriate values in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: {input_queue}

  Queue name

  Must be triggered by a message placed in an Azure Storage queue.

  Must use the queue name set by an app setting named input_queue.

  Most expressions are identified by wrapping them in curly braces.

  Box 2: {queueTrigger}

  Blob name

  Must create an Azure Blob Storage named the same as the content of the message.

  Most expressions are identified by wrapping them in curly braces. For example, in a queue trigger function, {queueTrigger} resolves to the queue message text. If the path property for a blob output binding is container/{queueTrigger} and the function is triggered by a queue message HelloWorld, a blob named HelloWorld is created.

  Incorrect:

  * {input_queue}/{id} Reference:

  https://learn.microsoft.com/en-us/azure/azure-functions/functions-bindings-expressions-patterns

• Question 290:

  You are developing a Java application to be deployed in Azure. The application stores sensitive data in Azure Cosmos DB. You need to configure Always Encrypted to encrypt the sensitive data inside the application.

  What should you do first?

  A. Create a customer-managed key (CMK) and store the key in a new Azure Key Vault instance.
  B. Create an Azure AD managed identity and assign the identity to a new Azure Key Vault instance.
  C. Create a data encryption key (DEK) by using the Azure Cosmos DB SDK and store the key in Azure Cosmos DB.
  D. Create a new container to include an encryption policy with the JSON properties to be encrypted.
  A. Create a customer-managed key (CMK) and store the key in a new Azure Key Vault instance.

  ---

  Explanation

  Encryption keys

  Customer-managed keys

  Before DEKs get stored in Azure Cosmos DB, they are wrapped by a customer-managed key (CMK). By controlling the wrapping and unwrapping of DEKs, CMKs effectively control the access to the data that's encrypted with their corresponding DEKs. CMK storage is designed as an extensible, with a default implementation that expects them to be stored in Azure Key Vault.

  Incorrect:

  * Create a data encryption key (DEK) by using the Azure Cosmos DB SDK and store the key in Azure Cosmos DB.

  It must be wrapped by a CMK before it is stored.

  Data encryption keys

  When using Always Encrypted, data is encrypted with data encryption keys (DEK) that should be created ahead. These DEKs are stored in the Azure Cosmos DB service and are defined at the database level, so a DEK can be shared across multiple containers. The creation of the DEKs is done client-side by using the Azure Cosmos DB SDK.

  You can:

  Create one DEK per property to encrypt, or Use the same DEK to encrypt multiple properties.

  https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-always-encrypted