Microsoft AZ-204 Online Practice Questions and Exam Preparation

Microsoft AZ-204 Online Questions & Answers

• Question 501:

  You need to ensure that the solution can meet the scaling requirements for Policy Service.

  Which Azure Application Insights data model should you use?

  A. an Application Insights dependency
  B. an Application Insights event
  C. an Application Insights trace
  D. an Application Insights metric
  D. an Application Insights metric

  ---

  Explanation

  Application Insights provides three additional data types for custom telemetry:

  Trace - used either directly, or through an adapter to implement diagnostics logging using an instrumentation framework that is familiar to you, such as Log4Net or System.Diagnostics.

  Event - typically used to capture user interaction with your service, to analyze usage patterns.

  Metric - used to report periodic scalar measurements.

  Scenario:

  Policy service must use Application Insights to automatically scale with the number of policy actions that it is performing.

  https://docs.microsoft.com/en-us/azure/azure-monitor/app/data-model

• Question 502:

  HOTSPOT

  You are validating the configuration of an Azure Search indexer.

  The service has been configured with an indexer that uses the Import Data option. The index is configured using options as shown in the Index Configuration exhibit. (Click the Index Configuration tab.)

  

  You use an Azure table as the data source for the import operation. The table contains three records with item inventory data that matches the fields in the Storage data exhibit. These records were imported when the index was created. (Click the Storage Data tab.) When users search with no filter, all three records are displayed.

  

  When users search for items by description, Search explorer returns no records. The Search Explorer exhibit shows the query and results for a test. In the test, a user is trying to search for all items in the table that have a description that contains the word bag. (Click the Search Explorer tab.)

  

  You need to resolve the issue.

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Yes

  The ItemDescription field in not searchable.

  Box 2: No

  The ItemDescription field in not searchable, but we would need to recreate the index.

  Box 3: Yes

  An indexer in Azure Search is a crawler that extracts searchable data and metadata from an external Azure data source and populates an index based on field-to-field mappings between the index and your data source. This approach is sometimes referred to as a 'pull model' because the service pulls data in without you having to write any code that adds data to an index.

  Box 4: No

  References:

  https://docs.microsoft.com/en-us/azure/search/search-what-is-an-index

  https://docs.microsoft.com/en-us/azure/search/search-indexer-overview

• Question 503:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.

  You are developing and deploying several ASP.NET web applications to Azure App Service. You plan to save session state information and HTML output.

  You must use a storage mechanism with the following requirements:

  1. Share session state across all ASP.NET web applications.

  2. Support controlled, concurrent access to the same session state data for multiple readers and a single writer.

  3. Save full HTTP responses for concurrent requests.

  You need to store the information.

  Proposed Solution: Deploy and configure Azure Cache for Redis. Update the web applications.

  Does the solution meet the goal?

  A. Yes
  B. No
  A. Yes

  ---

  Explanation

  The session state provider for Azure Cache for Redis enables you to share session information between different instances of an ASP.NET web application.

  The same connection can be used by multiple concurrent threads.

  Redis supports both read and write operations.

  The output cache provider for Azure Cache for Redis enables you to save the HTTP responses generated by an ASP.NET web application.

  Note: Using the Azure portal, you can also configure the eviction policy of the cache, and control access to the cache by adding users to the roles provided. These roles, which define the operations that members can perform, include Owner, Contributor, and Reader. For example, members of the Owner role have complete control over the cache (including security) and its contents, members of the Contributor role can read and write information in the cache, and members of the Reader role can only retrieve data from the cache.

  https://docs.microsoft.com/en-us/azure/architecture/best-practices/caching

• Question 504:

  DRAG DROP

  You have downloaded an Azure Resource Manager template to deploy numerous virtual machines. The template is based on a current virtual machine, but must be adapted to reference an administrative password.

  You need to make sure that the password is not stored in plain text.

  You are preparing to create the necessary components to achieve your goal.

  Which of the following should you create to achieve your goal? Answer by dragging the correct option from the list to the answer area.

  Select and Place:

  

  

• Question 505:

  You have two Hyper-V hosts named Host1 and Host2. Host1 has an Azure virtual machine named VM1 that was deployed by using a custom Azure Resource Manager template.

  You need to move VM1 to Host2.

  What should you do?

  A. From the Update management blade, click Enable.
  B. From the Overview blade, move VM1 to a different subscription.
  C. From the Redeploy blade, click Redeploy.
  D. From the Profile blade, modify the usage location.
  C. From the Redeploy blade, click Redeploy.

  ---

  Explanation

  When you redeploy a VM, it moves the VM to a new node within the Azure infrastructure and then powers it back on, retaining all your configuration options and associated resources.

  https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node

• Question 506:

  HOTSPOT

  You are developing an Azure Function App. You develop code by using a language that is not supported by the Azure Function App host. The code language supports HTTP primitives.

  You must deploy the code to a production Azure Function App environment.

  You need to configure the app for deployment.

  Which configuration values should you use? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: Docker container

  A custom handler can be deployed to every Azure Functions hosting option. If your handler requires operating system or platform dependencies (such as a language runtime), you may need to use a custom container. You can create and deploy your code to Azure Functions as a custom Docker container.

  Box 2: PowerShell core

  When creating a function app in Azure for custom handlers, we recommend you select .NET Core as the stack. A "Custom" stack for custom handlers will be added in the future.

  PowerShell Core (PSC) is based on the new .NET Core runtime.

  Box 3: 7.0

  On Windows: The Azure Az PowerShell module is also supported for use with PowerShell 5.1 on Windows.

  On Linux: PowerShell 7.0.6 LTS, PowerShell 7.1.3, or higher is the recommended version of PowerShell for use with the Azure Az PowerShell module on all platforms.

  https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-function-linux-custom-image

  https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-7.1.0

• Question 507:

  You deploy an API to API Management

  You must secure all operations on the API by using a client certificate.

  You need to secure access to the backend service of the API by using client certificates.

  Which two security features can you use?

  A. Azure AD token
  B. Self-signed certificate
  C. Certificate Authority (CA) certificate
  D. Triple DES (3DES) cipher
  E. Subscription key
  B. Self-signed certificate
  C. Certificate Authority (CA) certificate

• Question 508:

  HOTSPOT

  You are developing a web application that makes calls to the Microsoft Graph API. You register the application in the Azure portal and upload a valid X509 certificate.

  You create an appsettings.json file containing the certificate name, client identifier for the application, and the tenant identifier of the Azure Active Directory (Azure AD). You create a method named ReadCertificate to return the X509 certificate by name.

  You need to implement code that acquires a token by using the certificate.

  How should you complete the code segment? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: ConfidentialClientApplicationBuilder

  Here's the code to instantiate the confidential client application with a client secret:

  app = ConfidentialClientApplicationBuilder.Create(config.ClientId)

  .WithClientSecret(config.ClientSecret).WithAuthority(new Uri(config.Authority))

  .Build(); Box 2: scopes

  After you've constructed a confidential client application, you can acquire a token for the app by calling AcquireTokenForClient, passing the scope, and optionally forcing a refresh of the token.

  Sample code: result = await app.AcquireTokenForClient(scopes)

  .ExecuteAsync(); Reference:

  https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-app-configuration

  https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-acquire-token

• Question 509:

  You are developing an application to transfer data between on-premises file servers and Azure Blob storage. The application stores keys, secrets, and certificates in Azure Key Vault and makes use of the Azure Key Vault APIs.

  You want to configure the application to allow recovery of an accidental deletion of the key vault or key vault objects for 90 days after deletion.

  What should you do?

  A. Run the Add-AzKeyVaultKey cmdlet.
  B. Run the az keyvault update --enable-soft-delete true --enable-purge-protection true CLI.
  C. Implement virtual network service endpoints for Azure Key Vault.
  D. Run the az keyvault update --enable-soft-delete false CLI.
  B. Run the az keyvault update --enable-soft-delete true --enable-purge-protection true CLI.

  ---

  Explanation

  When soft-delete is enabled, resources marked as deleted resources are retained for a specified period (90 days by default). The service further provides a mechanism for recovering the deleted object, essentially undoing the deletion.

  Purge protection is an optional Key Vault behavior and is not enabled by default. Purge protection can only be enabled once soft-delete is enabled.

  When purge protection is on, a vault or an object in the deleted state cannot be purged until the retention period has passed. Soft-deleted vaults and objects can still be recovered, ensuring that the retention policy will be followed.

  The default retention period is 90 days, but it is possible to set the retention policy interval to a value from 7 to 90 days through the Azure portal. Once the retention policy interval is set and saved it cannot be changed for that vault.

  https://docs.microsoft.com/en-us/azure/key-vault/general/overview-soft-delete

• Question 510:

  Your company is developing an Azure API.

  You need to implement authentication for the Azure API. You have the following requirements:

  1. All API calls must be secure.

  2. Callers to the API must not send credentials to the API.

  Which authentication mechanism should you use?

  A. Basic
  B. Anonymous
  C. Managed identity
  D. Client certificate
  C. Managed identity

  ---

  Explanation

  Use the authentication-managed-identity policy to authenticate with a backend service using the managed identity of the API Management service. This policy essentially uses the managed identity to obtain an access token from Azure Active Directory for accessing the specified resource. After successfully obtaining the token, the policy will set the value of the token in the Authorization header using the Bearer scheme.

  https://docs.microsoft.com/bs-cyrl-ba/azure/api-management/api-management-authentication-policies