Microsoft AZ-204 Online Practice Questions and Exam Preparation

Microsoft AZ-204 Online Questions & Answers

• Question 351:

  You are developing an e-Commerce Web App.

  You want to use Azure Key Vault to ensure that sign-ins to the e-Commerce Web App are secured by using Azure App Service authentication and Azure Active Directory (AAD).

  What should you do on the e-Commerce Web App?

  A. Run the az keyvault secret command.
  B. Enable Azure AD Connect.
  C. Enable Managed Service Identity (MSI).
  D. Create an Azure AD service principal.
  C. Enable Managed Service Identity (MSI).

  ---

  Explanation

  A managed identity from Azure Active Directory allows your app to easily access other AAD-protected resources such as Azure Key Vault.

  https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity

  https://docs.microsoft.com/en-us/samples/azure-samples/app-service-msi-keyvault-dotnet/keyvault-msi-appservice-sample/

• Question 352:

  DRAG DROP

  You are developing a software solution for an autonomous transportation system. The solution uses large data sets and Azure Batch processing to simulate navigation sets for entire fleets of vehicles.

  You need to create compute nodes for the solution on Azure Batch.

  What should you do?

  Put the actions in the correct order.

  Select and Place:

  

  

  ---

  With the Azure Portal: Step 1: In the Azure portal, create a Batch account.

  First we create a batch account.

  Step 2: In the Azure portal, create a pool of compute nodes

  Now that you have a Batch account, create a sample pool of Windows compute nodes for test purposes.

  Step 3: In the Azure portal, add a Job.

  Now that you have a pool, create a job to run on it. A Batch job is a logical group for one or more tasks. A job includes settings common to the tasks, such as priority and the pool to run tasks on. Initially the job has no tasks.

  Step 4: In the Azure portal, create tasks

  Now create sample tasks to run in the job. Typically you create multiple tasks that Batch queues and distributes to run on the compute nodes.

  References:

  https://docs.microsoft.com/en-us/azure/batch/quick-create-portal

• Question 353:

  Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

  You are developing a solution for a public facing API.

  The API back end is hosted in an Azure App Service instance. You have implemented a RESTful service for the API back end.

  You must configure back-end authentication for the API Management service instance.

  Solution: You configure Basic gateway credentials for the HTTP(s) endpoint.

  Does the solution meet the goal?

  A. Yes
  B. No
  B. No

  ---

  Explanation

  API Management allows to secure access to the back-end service of an API using client certificates. Furthermore, the API back end is hosted in an Azure App Service instance. It is an Azure resource and not an HTTP(s) endpoint.

  https://docs.microsoft.com/en-us/rest/api/apimanagement/apimanagementrest/azure-api-management-rest-api-backend-entity

• Question 354:

  You develop a gateway solution for a public facing news API. The news API back end is implemented as a RESTful service and uses an OpenAPI specification.

  You need to ensure that you can access the news API by using an Azure API Management service instance.

  Which Azure PowerShell command should you run?

  A. Import-AzureRmApiManagementApi -Context $ApiMgmtContext -SpecificationFormat "Swagger" -SpecificationPath $SwaggerPath -Path $Path
  B. New-AzureRmApiManagementBackend -Context $ApiMgmtContext-Url $Url -Protocol http
  C. New-AzureRmApiManagement -ResourceGroupName $ResourceGroup -Name $Name ocation $Location -Organization $Org -AdminEmail $AdminEmail
  D. New-AzureRmApiManagementBackendProxy -Url $ApiUrl
  D. New-AzureRmApiManagementBackendProxy -Url $ApiUrl

  ---

  Explanation

  New-AzureRmApiManagementBackendProxy creates a new Backend Proxy Object which can be piped when creating a new Backend entity.

  Example: Create a Backend Proxy In-Memory Object PS C:\>$secpassword = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force PS C:\>$proxyCreds = New-Object System.Management.Automation.PSCredential ("foo", $secpassword) PS C:\>$credential = New-

  AzureRmApiManagementBackendProxy -Url "

  http://12.168.1.1:8080"

  - ProxyCredential $proxyCreds PS C:\>$apimContext = New-AzureRmApiManagementContext -ResourceGroupName "Api-Default- WestUS" -ServiceName "contoso"

  PS C:\>$backend = New-AzureRmApiManagementBackend -Context $apimContext -BackendId 123 -Url '

  https://contoso.com/awesomeapi'

  -Protocol http -Title "first backend" -SkipCertificateChainValidation $true -Proxy $credential - Description "backend with proxy server" Creates a Backend Proxy Object and sets up Backend

  Incorrect Answers:

  A: The Import-AzureRmApiManagementApi cmdlet imports an Azure API Management API from a file or a URL in Web Application Description Language (WADL), Web Services Description Language (WSDL), or Swagger format.

  B: New-AzureRmApiManagementBackend creates a new backend entity in Api Management.

  C: The New-AzureRmApiManagement cmdlet creates an API Management deployment in Azure API Management.

  https://docs.microsoft.com/en-us/powershell/module/azurerm.apimanagement/new-azurermapimanagementbackendproxy?view=azurermps-6.13.0

• Question 355:

  HOTSPOT

  You need to configure Azure Service Bus to Event Grid integration.

  Which Azure Service Bus settings should you use? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Premium

  Service Bus can now emit events to Event Grid when there are messages in a queue or a subscription when no receivers are present. You can create Event Grid subscriptions to your Service Bus namespaces, listen to these events, and then react to the events by starting a receiver. With this feature, you can use Service Bus in reactive programming models.

  To enable the feature, you need the following items:

  A Service Bus Premium namespace with at least one Service Bus queue or a Service Bus topic with at least one subscription.

  Contributor access to the Service Bus namespace.

  Box 2: Contributor

  https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-to-event-grid-integration-concept

• Question 356:

  You are developing a .NET Core MVC application that allows customers to research independent holiday accommodation providers.

  You want to implement Azure Search to allow the application to search the index by using various criteria to locate documents related to accommodation venues.

  You want the application to list holiday accommodation venues that fall within a specific price range and are within a specified distance to an airport.

  What should you do?

  A. Configure the SearchMode property of the SearchParameters class.
  B. Configure the QueryType property of the SearchParameters class.
  C. Configure the Facets property of the SearchParameters class.
  D. Configure the Filter property of the SearchParameters class.
  D. Configure the Filter property of the SearchParameters class.

  ---

  Explanation

  The Filter property gets or sets the OData $filter expression to apply to the search query.

  https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.search.models.searchparameters

  https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.search.models.searchparameters.querytype

• Question 357:

  HOTSPOT

  You develop an image upload service that is exposed using Azure API Management. Images are analyzed after upload for automatic tagging.

  Images over 500 KB are processed by a different backend that offers a lower tier of service that costs less money. The lower tier of service is denoted by a header named x-large-request. Images over 500 KB must never be processed by backends for smaller images and must always be charged the lower price.

  You need to implement API Management policies to ensure that images are processed correctly.

  How should you complete the API Management inbound policy? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: delete

  The lower tier of service is denoted by a header named x-large-request.

  If the image size is 500KB or below then set header named x-large-request to delete, which removes the header from the request.

  Note: Set HTTP header

  The set-header policy assigns a value to an existing response and/or request header or adds a new response and/or request header.

  Use the policy to insert a list of HTTP headers into an HTTP message. When placed in an inbound pipeline, this policy sets the HTTP headers for the request being passed to the target service. When placed in an outbound pipeline, this policy sets the HTTP headers for the response being sent to the gateway's client.

  Policy statement

  <set-header name="header name" exists-action="override | skip | append | delete">

  <value>value</value> <!--for multiple headers with the same name add additional value elements-->

  </set-header>

  - override - replaces the value of the existing header.

  - skip - does not replace the existing header value.

  - append - appends the value to the existing header value.

  - delete - removes the header from the request.

  Box 2: set-backend-service

  Images over 500 KB are processed by a different backend that offers a lower tier of service that costs less money.

  Note: Set backend service

  Use the set-backend-service policy to redirect an incoming request to a different backend than the one specified in the API settings for that operation. This policy changes the backend service base URL of the incoming request to the one specified in the policy.

  Box 3: base-url

  Policy statement

  <set-backend-service base-url="base URL of the backend service" />

  or <set-backend-service backend-id="name of the backend entity specifying base URL of the backend service" />

  https://learn.microsoft.com/en-us/azure/api-management/api-management-transformation-policies

• Question 358:

  You develop and deploy an Azure App Service web app named App1. You create a new Azure Key Vault named Vault 1. You import several API keys, passwords, certificates, and cryptographic keys into Vault1.

  You need to grant App1 access to Vault1 and automatically rotate credentials Credentials must not be stored in code.

  What should you do?

  A. Enable App Service authentication for Appt. Assign a custom RBAC role to Vault1.
  B. Add a TLS/SSL binding to App1.
  C. Assign a managed identity to App1.
  D. Upload a self-signed client certificate to Vault1. Update App1 to use the client certificate.
  C. Assign a managed identity to App1.

  ---

  Explanation

  To grant App1 access to Vault1 and automatically rotate credentials without storing them in code, you should assign a managed identity to App1. Managed identities for Azure resources enable Azure services to authenticate to other Azure resources without needing to manage the authentication details.

  After you enable a managed identity for App1, you can grant the identity access to Vault1 and use Azure Key Vault's built-in rotation feature to automatically rotate the credentials.

  Additionally, you can use Azure Key Vault's built-in rotation feature to automatically rotate the credentials.

• Question 359:

  HOTSPOT

  You have a Dockerfile that builds a container image named image1. The container image and its base image are stored in separate repositories of an Azure Container registry named registry1. The codebase of image1 is stored in a GitHub repo named app1 of an account named account1.

  You plan to implement automatic updates to image1 whenever its base image is updated or an update to the main branch of the GitHub repo occurs.

  You need to complete the Azure CLI command that will apply the planned implementation.

  How should you complete the command? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

• Question 360:

  You manage an Azure subscription that contains 100 Azure App Service web apps. Each web app is associated with an individual Application Insights instance.

  You plan to remove Classic availability tests from all Application Insights instances that have this functionality configured.

  You have the following PowerShell statement:

  Get-AzApplicationInsightsWebTest | Where-Object { $condition }

  You need to set the value of the $condition variable.

  Which value should you use?

  A. $_.Type -eq "ping"
  B. $_.WebTestKind -eq "ping"
  C. $_.WebTestKind -eq "standard"
  D. $_.Type -eq "standard"
  B. $_.WebTestKind -eq "ping"