Microsoft AZ-204 Online Practice Questions and Exam Preparation

Microsoft AZ-204 Online Questions & Answers

• Question 411:

  HOTSPOT

  A software as a service (SaaS) company provides document management services. The company has a service that consists of several Azure web apps. All Azure web apps run in an Azure App Service Plan named PrimaryASP.

  You are developing a new web service by using a web app named ExcelParser. The web app contains a third-party library for processing Microsoft Excel files. The license for the third-party library stipulates that you can only run a single instance of the library.

  You need to configure the service.

  How should you complete the script? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  https://docs.microsoft.com/en-us/azure/app-service/manage-scale-per-app

• Question 412:

  You develop and deploy an Azure Logic app that calls an Azure Function app. The Azure Function app includes an OpenAPI (Swagger) definition and uses an Azure Blob storage account. All resources are secured by using Azure Active Directory (Azure AD).

  The Azure Logic app must securely access the Azure Blob storage account. Azure AD resources must remain if the Azure Logic app is deleted.

  You need to secure the Azure Logic app.

  What should you do?

  A. Create a user-assigned managed identity and assign role-based access controls.
  B. Create an Azure AD custom role and assign the role to the Azure Blob storage account.
  C. Create an Azure Key Vault and issue a client certificate.
  D. Create a system-assigned managed identity and issue a client certificate.
  E. Create an Azure AD custom role and assign role-based access controls.
  A. Create a user-assigned managed identity and assign role-based access controls.

  ---

  Explanation

  To give a managed identity access to an Azure resource, you need to add a role to the target resource for that identity.

  Note: To easily authenticate access to other resources that are protected by Azure Active Directory (Azure AD) without having to sign in and provide credentials or secrets, your logic app can use a managed identity (formerly known as Managed Service Identity or MSI). Azure manages this identity for you and helps secure your credentials because you don't have to provide or rotate secrets.

  If you set up your logic app to use the system-assigned identity or a manually created, user-assigned identity, the function in your logic app can also use that same identity for authentication.

  https://docs.microsoft.com/en-us/azure/logic-apps/create-managed-service-identity

  https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates-for-clients

• Question 413:

  You develop and deploy a web application to Azure App Service. The application accesses data stored in an Azure Storage account. The account contains several containers with several blobs with large amounts of data. You deploy all Azure resources to a single region.

  You need to move the Azure Storage account to the new region. You must copy all data to the new region.

  What should you do first?

  A. Export the Azure Storage account Azure Resource Manager template
  B. Initiate a storage account failover
  C. Configure object replication for all blobs
  D. Use the AzCopy command line tool
  E. Create a new Azure Storage account in the current region
  F. Create a new subscription in the current region
  A. Export the Azure Storage account Azure Resource Manager template

  ---

  Explanation

  To move a storage account, create a copy of your storage account in another region. Then, move your data to that account by using AzCopy, or another tool of your choice and finally, delete the resources in the source region.

  To get started, export, and then modify a Resource Manager template.

  https://docs.microsoft.com/en-us/azure/storage/common/storage-account-move?tabs=azure-portal

• Question 414:

  HOTSPOT

  You have an Azure Batch project that processes and converts files and stores the files in Azure storage. You are developing a function to start the batch job.

  You add the following parameters to the function.

  

  You must ensure that converted files are placed in the container referenced by the outputContainerSasUrl parameter. Files which fail to convert are placed in the container referenced by the failedContainerSasUrl parameter.

  You need to ensure the files are correctly processed.

  How should you complete the code segment? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: CreateJob

  Box 2: TaskSuccess

  TaskSuccess: Upload the file(s) only after the task process exits with an exit code of 0.

  Incorrect:

  TaskCompletion: Upload the file(s) after the task process exits, no matter what the exit code was.

  Box 3: TaskFailure

  TaskFailure:Upload the file(s) only after the task process exits with a nonzero exit code.

  Box 4: OutputFiles

  To specify output files for a task, create a collection of OutputFile objects and assign it to the CloudTask.OutputFiles property when you create the task.

  References:

  https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.batch.protocol.models.outputfileuploadcondition

  https://docs.microsoft.com/en-us/azure/batch/batch-task-output-files

• Question 415:

  You deploy an Azure Container Apps app and disable ingress on the container app.

  Users report that they are unable to access the container app. You investigate and observe that the app has scaled to 0 instances.

  You need to resolve the issue with the container app.

  Solution: Enable ingress and configure the minimum replicas to 1 for the container app.

  Does the solution meet the goal?

  A. Yes
  B. No
  B. No

  ---

  Explanation

  Correct Solution: Enable ingress, create an HTTP scale rule, and apply the rule to the container app.

  Scale a container app

  Azure Container Apps manages automatic horizontal scaling through a set of declarative scaling rules. As a container app scales out, new instances of the container app are created on-demand. These instances are known as replicas.

  Add scale rule

  Add an HTTP scale rule to your container app by running the az containerapp update command.

  az containerapp update \

  --name my-container-app \

  --resource-group my-container-apps \

  --scale-rule-name my-http-scale-rule \

  --scale-rule-http-concurrency 1

  This command adds an HTTP scale rule to your container app with the name my-http-scale-rule and a concurrency setting of 1. If your app receives more than one concurrent HTTP request, the runtime creates replicas of your app to handle the requests.

  The update command returns the new configuration as a JSON response to verify your request was a success.

  https://learn.microsoft.com/en-us/azure/container-apps/tutorial-scaling

• Question 416:

  DRAG DROP

  You are developing a software solution for an autonomous transportation system. The solution uses large data sets and Azure Batch processing to simulate navigation sets for entire fleets of vehicles.

  You need to create compute nodes for the solution on Azure Batch.

  What should you do?

  Put the actions in the correct order.

  Select and Place:

  

  

  ---

  With Python:

  Step 1: In the Azure portal, create a Batch account.

  First we create a batch account.

  Step 2: In Python, implement the class: PoolAddParameter

  Now that you have a Batch account, create a sample pool of Windows compute nodes for test purposes. To create a Batch pool, the app uses the PoolAddParameter class to set the number of nodes, VM size, and a pool configuration.

  Step 3: In Python, implement the class: JobAddParameter

  Now that you have a pool, create a job to run on it. A Batch job is a logical group for one or more tasks. A job includes settings common to the tasks, such as priority and the pool to run tasks on. Initially the job has no tasks. The app uses the JobAddParameter class to create a job on your pool.

  Step 4: In Python, implement the class: TaskAddParameter

  Now create sample tasks to run in the job. Typically you create multiple tasks that Batch queues and distributes to run on the compute nodes. The app creates a list of task objects using the TaskAddParameter class.

  References:

  https://docs.microsoft.com/en-us/azure/batch/quick-create-portal

  https://docs.microsoft.com/en-us/azure/batch/quick-run-python

• Question 417:

  You are developing an internal website for employees to view sensitive data. The website uses Azure Active Directory (AAD) for authentication.

  You need to implement multifactor authentication for the website.

  What should you do? Each correct answer presents part of the solution.

  NOTE: Each correct selection is worth one point.

  A. Upgrade to Azure AD Premium.
  B. In Azure AD conditional access, enable the baseline policy.
  C. In Azure AD, create a new conditional access policy.
  D. In Azure AD, enable application proxy.
  E. Configure the website to use Azure AD B2C.
  A. Upgrade to Azure AD Premium.
  C. In Azure AD, create a new conditional access policy.

  ---

  Explanation

  A: Multi-Factor Authentication comes as part of the following offerings: Azure Active Directory Premium licenses - Full featured use of Azure Multi-Factor Authentication Service (Cloud) or Azure Multi-Factor Authentication Server (On-premises).

  Multi-Factor Authentication for Office 365

  Azure Active Directory Global Administrators

  C: MFA Enabled by conditional access policy. It is the most flexible means to enable two-step verification for your users. Enabling using conditional access policy only works for Azure MFA in the cloud and is a premium feature of Azure AD.

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted

• Question 418:

  HOTSPOT

  A company is developing a Java web app. The web app code is hosted in a GitHub repository located at https://github.com/Contoso/webapp.

  The web app must be evaluated before it is moved to production. You must deploy the initial code release to a deployment slot named staging.

  You need to create the web app and deploy the code.

  How should you complete the commands? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: group

  # Create a resource group.

  az group create --location westeurope --name myResourceGroup

  Box 2: appservice plan

  # Create an App Service plan in STANDARD tier (minimum required by deployment slots).

  az appservice plan create --name $webappname --resource-group myResourceGroup --sku S1

  Box 3: webapp

  # Create a web app.

  az webapp create --name $webappname --resource-group myResourceGroup \

  --plan $webappname Box 4: webapp deployment slot

  #Create a deployment slot with the name "staging".

  az webapp deployment slot create --name $webappname --resource-group myResourceGroup \

  --slot staging Box 5: webapp deployment source

  # Deploy sample code to "staging" slot from GitHub.

  az webapp deployment source config --name $webappname --resource-group myResourceGroup \

  --slot staging --repo-url $gitrepo --branch master --manual-integration

  References:

  https://docs.microsoft.com/en-us/azure/app-service/scripts/cli-deploy-staging-environment

• Question 419:

  You are a developer at your company.

  You need to update the definitions for an existing Logic App.

  What should you use?

  A. the Enterprise Integration Pack (EIP)
  B. the Logic App Code View
  C. the API Connections
  D. the Logic Apps Designer
  B. the Logic App Code View

  ---

  Explanation

  Edit JSON - Azure portal

  Sign in to the Azure portal.

  From the left menu, choose All services. In the search box, find "logic apps", and then from the results, select your logic app.

  On your logic app's menu, under Development Tools, select Logic App Code View. The Code View editor opens and shows your logic app definition in JSON format.

  https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-enterprise-integration-overview

  https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-author-definitions

• Question 420:

  DRAG DROP

  You need to deploy a new version of the LabelMaker application to ACR.

  Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

  Select and Place:

  

  

  ---

  Step 1: Build a new application image by using dockerfile

  Step 2: Create an alias if the image with the fully qualified path to the registry

  Before you can push the image to a private registry, you've to ensure a proper image name. This can be achieved using the docker tag command. For demonstration purpose, we'll use Docker's hello world image, rename it and push it to

  ACR.

  # pulls hello-world from the public docker hub

  $ docker pull hello-world

  # tag the image in order to be able to push it to a private registry

  $ docker tag hello-word <REGISTRY_NAME>/hello-world

  # push the image

  $ docker push <REGISTRY_NAME>/hello-world

  Step 3: Log in to the registry and push image

  In order to push images to the newly created ACR instance, you need to login to ACR form the Docker CLI. Once logged in, you can push any existing docker image to your ACR instance.

  Scenario:

  Coho Winery plans to move the application to Azure and continue to support label creation.

  LabelMaker app

  Azure Monitor Container Health must be used to monitor the performance of workloads that are deployed to Kubernetes environments and hosted on Azure Kubernetes Service (AKS).

  You must use Azure Container Registry to publish images that support the AKS deployment.

  https://thorsten-hans.com/how-to-use-a-private-azure-container-registry-with-kubernetes-9b86e67b93b6

  https://docs.microsoft.com/en-us/azure/container-registry/container-registry-tutorial-quick-task