Microsoft AZ-204 Online Practice Questions and Exam Preparation

Microsoft AZ-204 Online Questions & Answers

• Question 331:

  HOTSPOT

  You need to retrieve the database connection string.

  Which values should you use? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Azure database connection string retrieve REST API vault.azure.net/secrets/

  Box 1: cpandlkeyvault

  We specify the key vault, cpandlkeyvault.

  Scenario: The database connection string is stored in Azure Key Vault with the following attributes:

  Azure Key Vault name: cpandlkeyvault

  Secret name: PostgreSQLConn

  Id: 80df3e46ffcd4f1cb187f79905e9a1e8

  Box 2: PostgreSQLConn

  We specify the secret, PostgreSQLConn

  Example, sample request:

  https://myvault.vault.azure.net//secrets/mysecretname/4387e9f3d6e14c459867679a90fd0f79?api-version=7.1

  Box 3: Querystring

  https://docs.microsoft.com/en-us/rest/api/keyvault/getsecret/getsecret

• Question 332:

  You develop a web application that sells access to last-minute openings for child camps that run on the weekends. The application uses Azure Application Insights for all alerting and monitoring.

  The application must alert operators when a technical issue is preventing sales to camps.

  You need to build an alert to detect technical issues.

  Which alert type should you use?

  A. Metric alert using multiple time series
  B. Metric alert using dynamic thresholds
  C. Log alert using multiple time series
  D. Log alert using dynamic thresholds
  B. Metric alert using dynamic thresholds

  ---

  Explanation

  Availability alerts

  Application Insights availability tests send web requests to your application at regular intervals from points around the world. You can receive alerts if your application isn't responding or if it responds too slowly.

  Create a custom alert rule

  If you need advanced capabilities, you can create a custom alert rule on the Alerts tab. Select Create > Alert rule. Choose Metrics for Signal type to show all available signals and select Availability.

  In the Alert logic section:

  * Threshold

  Select if the threshold should be evaluated based on a static value or a dynamic value.

  A static threshold evaluates the rule by using the threshold value that you configure.

  Dynamic thresholds use machine learning algorithms to continuously learn the metric behavior patterns and calculate the appropriate thresholds for unexpected behavior.

  * Etc.

  https://learn.microsoft.com/en-us/azure/azure-monitor/app/availability-alerts

  https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-new-alert-rule

• Question 333:

  HOTSPOT

  You have an Azure Web app that uses Azure Cosmos DB as a data store. You create a CosmosDB container by running the following PowerShell script:

  

  You create the following queries that target the container:

  SELECT * FROM c WHERE c.EmployeeId > '12345'

  SELECT * FROM c WHERE c.UserID = '12345'

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: No

  You set the highest, or maximum RU/s Tmax you don't want the system to exceed. The system automatically scales the throughput T such that 0.1* Tmax <= T <=

  Tmax.

  In this example we have autoscaleMaxThroughput = 5000, so the minimum throughput for the container is 500 R/Us.

  Box 2: No

  First query: SELECT * FROM c WHERE c.EmployeeId > '12345'

  Here's a query that has a range filter on the partition key and won't be scoped to a single physical partition. In order to be an in-partition query, the query must have an equality filter that includes the partition key:

  SELECT * FROM c WHERE c.DeviceId > 'XMS-0001'

  Box 3: Yes

  Example of In-partition query: Consider the below query with an equality filter on DeviceId. If we run this query on a container partitioned on DeviceId, this query will filter to a single physical partition.

  SELECT * FROM c WHERE c.DeviceId = 'XMS-0001'

  https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-choose-offer

  https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-query-container

• Question 334:

  You need to ensure the security policies are met.

  What code do you add at line CS07 of ConfigureSSE.ps1?

  A. -PermissionsToKeys create, encrypt, decrypt
  B. -PermissionsToCertificates create, encrypt, decrypt
  C. -PermissionsToCertificates wrapkey, unwrapkey, get
  D. -PermissionsToKeys wrapkey, unwrapkey, get
  B. -PermissionsToCertificates create, encrypt, decrypt

  ---

  Explanation

  Scenario: All certificates and secrets used to secure data must be stored in Azure Key Vault.

  You must adhere to the principle of least privilege and provide privileges which are essential to perform the intended function.

  The Set-AzureRmKeyValutAccessPolicy parameter -PermissionsToKeys specifies an array of key operation permissions to grant to a user or service principal. The acceptable values for this parameter: decrypt, encrypt, unwrapKey, wrapKey, verify, sign, get, list, update, create, import, delete, backup, restore, recover, purge

  Incorrect Answers:

  A, C: The Set-AzureRmKeyValutAccessPolicy parameter -PermissionsToCertificates specifies an array of certificate permissions to grant to a user or service principal. The acceptable values for this parameter: get, list, delete, create, import, update, managecontacts, getissuers, listissuers, setissuers, deleteissuers, manageissuers, recover, purge, backup, restore

  https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/set-azurermkeyvaultaccesspolicy

• Question 335:

  You deploy an Azure Container Apps app and disable ingress on the container app.

  Users report that they are unable to access the container app. You investigate and observe that the app has scaled to 0 instances.

  You need to resolve the issue with the container app.

  Solution: Enable ingress, create a custom scale rule, and apply the rule to the container app.

  Does the solution meet the goal?

  A. Yes
  B. No
  B. No

  ---

  Explanation

  Correct Solution: Enable ingress, create an HTTP scale rule, and apply the rule to the container app.

  Scale a container app

  Azure Container Apps manages automatic horizontal scaling through a set of declarative scaling rules. As a container app scales out, new instances of the container app are created on-demand. These instances are known as replicas.

  Add scale rule

  Add an HTTP scale rule to your container app by running the az containerapp update command.

  az containerapp update \

  --name my-container-app \

  --resource-group my-container-apps \

  --scale-rule-name my-http-scale-rule \

  --scale-rule-http-concurrency 1

  This command adds an HTTP scale rule to your container app with the name my-http-scale-rule and a concurrency setting of 1. If your app receives more than one concurrent HTTP request, the runtime creates replicas of your app to handle the requests.

  The update command returns the new configuration as a JSON response to verify your request was a success.

  https://learn.microsoft.com/en-us/azure/container-apps/tutorial-scaling

• Question 336:

  DRAG DROP

  You are developing a web service that will run on Azure virtual machines that use Azure Storage. You configure all virtual machines to use managed identities.

  You have the following requirements:

  1. Secret-based authentication mechanisms are not permitted for accessing an Azure Storage account.

  2. Must use only Azure Instance Metadata Service endpoints.

  You need to write code to retrieve an access token to access Azure Storage. To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once or not at all. You may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  

  ---

  Azure Instance Metadata Service endpoints "/oauth2/token"

  Box 1:

  http://169.254.169.254/metadata/identity/oauth2/token

  Sample request using the Azure Instance Metadata Service (IMDS) endpoint (recommended):

  GET '

  http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-

  01&resource=

  https://management.azure.com/'

  HTTP/1.1 Metadata: true

  Box 2: JsonConvert.DeserializeObject<Dictionary<string,string>>(payload); Deserialized token response; returning access code.

• Question 337:

  You are developing a medical records document management website. The website is used to store scanned copies of patient intake forms. If the stored intake forms are downloaded from storage by a third party, the content of the forms must not be compromised.

  You need to store the intake forms according to the requirements.

  Solution: uk.co.certification.simulator.questionpool.

  PList@1898d9c0 Does the solution meet the goal?

  A. Yes
  B. No
  B. No

  ---

  Explanation

  Instead use an Azure Key vault and public key encryption. Store the encrypted from in Azure Storage Blob storage.

• Question 338:

  HOTSPOT

  A company is developing a gaming platform. Users can join teams to play online and see leaderboards that include player statistics. The solution includes an entity named Team.

  You plan to implement an Azure Redis Cache instance to improve the efficiency of data operations for entities that rarely change.

  You need to invalidate the cache when team data is changed.

  How should you complete the code? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: IDatabase cache = connection.GetDatabase();

  Connection refers to a previously configured ConnectionMultiplexer.

  Box 2: cache.StringSet("teams",")

  To specify the expiration of an item in the cache, use the TimeSpan parameter of StringSet.

  cache.StringSet("key1", "value1", TimeSpan.FromMinutes(90)); Reference:

  https://azure.microsoft.com/sv-se/blog/lap-around-azure-redis-cache-preview/

  https://docs.microsoft.com/en-us/cli/azure/webapp/config/container

• Question 339:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You are developing a medical records document management website. The website is used to store scanned copies of patient intake forms.

  If the stored intake forms are downloaded from storage by a third party, the contents of the forms must not be compromised.

  You need to store the intake forms according to the requirements.

  Solution: Store the intake forms as Azure Key Vault secrets.

  Does the solution meet the goal?

  A. Yes
  B. No
  B. No

  ---

  Explanation

  Instead use an Azure Key vault and public key encryption. Store the encrypted from in Azure Storage Blob storage.

• Question 340:

  HOTSPOT

  You are developing an Azure App Service hosted ASP.NET Core web app to deliver video on-demand streaming media. You enable an Azure Content Delivery Network (CDN) Standard for the web endpoint. Customer videos are downloaded from the web app by using the following example URL.: http://www.contoso.com/content.mp4?quality=1

  All media content must expire from the cache after one hour. Customer videos with varying quality must be delivered to the closest regional point of presence (POP) node.

  You need to configure Azure CDN caching rules.

  Which options should you use? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Override

  Override: Ignore origin-provided cache duration; use the provided cache duration instead. This will not override cache-control: no-cache.

  Set if missing: Honor origin-provided cache-directive headers, if they exist; otherwise, use the provided cache duration.

  Incorrect:

  Bypass cache: Do not cache and ignore origin-provided cache-directive headers.

  Box 2: 1 hour

  All media content must expire from the cache after one hour.

  Box 3: Cache every unique URL

  Cache every unique URL: In this mode, each request with a unique URL, including the query string, is treated as a unique asset with its own cache. For example, the response from the origin server for a request for example.ashx?q=test1 is cached at the POP node and returned for subsequent caches with the same query string. A request for example.ashx?q=test2 is cached as a separate asset with its own time-to-live setting.

  Incorrect Answers:

  Bypass caching for query strings: In this mode, requests with query strings are not cached at the CDN POP node. The POP node retrieves the asset directly from the origin server and passes it to the requestor with each request.

  Ignore query strings: Default mode. In this mode, the CDN point-of-presence (POP) node passes the query strings from the requestor to the origin server on the first request and caches the asset. All subsequent requests for the asset that are served from the POP ignore the query strings until the cached asset expires.

  https://docs.microsoft.com/en-us/azure/cdn/cdn-query-string