Microsoft AZ-204 Exam Dumps

Microsoft AZ-204 Sample Question Answers

Question # 1

You need to audit the retail store sales transactions.What are two possible ways to achieve the goal? Each correct answer presents a completesolution.NOTE: Each correct selection is worth one point.

A. Update the retail store location data upload process to include blob index tags. Createan Azure Function to process the blob index tags and filter by store location
B. Enable blob versioning for the storage account. Use an Azure Function to process a listof the blob versions per day.
C. Process an Azure Storage blob inventory report by using an Azure Function. Create rulefilters on the blob inventory report,
D. Subscribe to blob storage events by using an Azure Function and Azure Event Grid.Filter the events by store location.
E. Process the change feed logs of the Azure Blob storage account by using an AzureFunction. Specify a time range for the change feed data.

Show Answer

Question # 2

You need to implement a solution to resolve the retail store location data issue.Which three Azure Blob features should you enable? Each correct answer presents pan olthe solution.NOTE Each correct selection is worth one point

A. Immutability
B. Snapshots
C. Versioning
D. Soft delete
E. Object replication
F. Change feed

Show Answer

Question # 3

You need to secure the Azure Functions to meet the security requirements.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

A. Store the RSA-HSM key in Azure Cosmos DB. Apery the built-in policies for customermanaged keys and allowed locations.
B. Create a free tier Azure App Configuration instance with a new Azure AD serviceprincipal.
C. Store the RSA-HSM key in Azure Key Vault with soft-delete and purge-protectionfeatures enabled.
D. Store the RSA-HSM key in Azure Blob storage with an Immutability policy applied to thecontainer.
E. Create a standard tier Azure App Configuration instance with an assigned Azure AD managed identity.

Show Answer

Question # 4

You need to access data from the user claim object in the e-commerce web app.What should you do first?

A. Write custom code to make a Microsoft Graph API call from the e-commerce web app.
B. Assign the Contributor RBAC role to the e-commerce web app by using the ResourceManager create role assignment API.
C. Update the e-commerce web app to read the HTTP request header values.
D. Using the Azure CLI, enable Cross-origin resource sharing (CORS) from the ecommerce checkout API to the e-commerce web app.

Show Answer

Question # 5

You need to ensure the security policies are met.What code do you add at line CS07 of ConfigureSSE.ps1?

A. –PermissionsToKeys create, encrypt, decrypt
B. –PermissionsToCertificates create, encrypt, decrypt
C. –PermissionsToCertificates wrapkey, unwrapkey, get
D. –PermissionsToKeys wrapkey, unwrapkey, get

Show Answer

Question # 6

You need to resolve the log capacity issue. What should you do?

A. Create an Application Insights Telemetry Filter
B. Change the minimum log level in the host.json file for the function
C. Implement Application Insights Sampling
D. Set a LogCategoryFilter during startup

Show Answer

Question # 7

You need to ensure receipt processing occurs correctly.What should you do?

A. Use blob properties to prevent concurrency problems
B. Use blob SnapshotTime to prevent concurrency problems
C. Use blob metadata to prevent concurrency problems
D. Use blob leases to prevent concurrency problems

Show Answer

Question # 8

You need to resolve a notification latency issue. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. 

A. Set Always On to true.
B. Ensure that the Azure Function is using an App Service plan.
C. Set Always On to false.
D. Ensure that the Azure Function is set to use a consumption plan.

Show Answer

Question # 9

You need to ensure that the solution can meet the scaling requirements for Policy Service. Which Azure Application Insights data model should you use?

A. an Application Insights dependency
B. an Application Insights event
C. an Application Insights trace
D. an Application Insights metric

Show Answer

Question # 10

You need to ensure that all messages from Azure Event Grid are processed. What should you use?

A. Azure Event Grid topic
B. Azure Service Bus topic
C. Azure Service Bus queue
D. Azure Storage queue
E. Azure Logic App custom connector

Show Answer

Question # 11

You need to authenticate the user to the corporate website as indicated by the architectural diagram.Which two values should you use? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. 

A. ID token signature
B. ID token claims 
C. HTTP response code
D. Azure AD endpoint URI 
E. Azure AD tenant ID

Show Answer

Question # 12

You need to investigate the Azure Function app error message in the development environment.What should you do?

A. Connect Live Metrics Stream from Application Insights to the Azure Function app and filter the metrics. 
B. Create a new Azure Log Analytics workspace and instrument the Azure Function app with Application Insights
C. Update the Azure Function app with extension methods from Microsoft.Extensions.Logging to log events by using the log instance. 
D. Add a new diagnostic setting to the Azure Function app to send logs to Log Analytics. 

Show Answer

Question # 13

You need to correct the RequestUserApproval Function app error.What should you do?

A. Update line RA13 to use the async keyword and return an HttpRequest object value. 
B. Configure the Function app to use an App Service hosting plan. Enable the Always On setting of the hosting plan. 
C. Update the function to be stateful by using Durable Functions to process the request payload.
D. Update the functionTimeout property of the host.json project file to 15 minutes. 

Show Answer

Question # 14

You are developing a Java application that uses Cassandra to store key and value data. You plan to use a new Azure Cosmos DB resource and the Cassandra API in the application. You create an Azure Active Directory (Azure AD) group named Cosmos DB Creators to enable provisioning of Azure Cosmos accounts, databases, and containers. The Azure AD group must not be able to access the keys that are required to access the data. You need to restrict access to the Azure AD group. Which role-based access control should you use?

A. DocumentDB Accounts Contributor
B. Cosmos Backup Operator 
C. Cosmos DB Operator
D. Cosmos DB Account Reader 

Show Answer

Question # 15

You develop a solution that uses Azure Virtual Machines (VMs). The VMs contain code that must access resources in an Azure resource group. You grant the VM access to the resource group in Resource Manager. You need to obtain an access token that uses the VMs system-assigned managed identity. Which two actions should you perform? Each correct answer presents part of the solution. 

A. Use PowerShell on a remote machine to make a request to the local managed identity for Azure resources endpoint. 
B. Use PowerShell on the VM to make a request to the local managed identity for Azureresources endpoint. 
C. From the code on the VM. call Azure Resource Manager using an access token. 
D. From the code on the VM. call Azure Resource Manager using a SAS token. 
E. From the code on the VM. generate a user delegation SAS token.

Show Answer

Question # 16

You develop and add several functions to an Azure Function app that uses the latestruntime host. The functions contain several REST API endpoints secured by using SSL.The Azure Function app runs in a Consumption plan.You must send an alert when any of the function endpoints are unavailable or respondingtoo slowly.You need to monitor the availability and responsiveness of the functions.What should you do?

A. Create a URL ping test. 
B. Create a timer triggered function that calls TrackAvailability() and send the results to Application Insights.
C. Create a timer triggered function that calls GetMetric("Request Size") and send the results to
C. Create a timer triggered function that calls GetMetric("Request Size") and send the results to Application Insights. 
D. Add a new diagnostic setting to the Azure Function app. Enable the FunctionAppLogs and Send to Log Analytics options. 

Show Answer

Question # 17

You develop and deploy an Azure App Service web app named App1. You create a new Azure Key Vault named Vault 1. You import several API keys, passwords, certificates, and cryptographic keys into Vault1.You need to grant App1 access to Vault1 and automatically rotate credentials Credentials must not be stored in code. What should you do?  

A. Enable App Service authentication for Appt. Assign a custom RBAC role to Vault1. 
B. Add a TLS/SSL binding to App1. 
C. Assign a managed identity to App1. 
D. Upload a self-signed client certificate to Vault1. Update App1 to use the client certificate. 

Show Answer

Question # 18

You are developing a web application that runs as an Azure Web App. The web application stores data in Azure SQL Database and stores files in an Azure Storage account. The web application makes HTTP requests to external services as part of normal operations. The web application is instrumented with Application Insights. The external services are OpenTelemetry compliant. You need to ensure that the customer ID of the signed in user is associated with all operations throughout the overall system. What should you do?

A. Create a new SpanContext with the TraceRags value set to the customer ID for the signed in user. 
B. On the current SpanContext, set the Traceld to the customer ID for the signed in user. 
C. Add the customer ID for the signed in user to the CorrelationContext in the web application. 
D. Set the header Ocp-Apim-Trace to the customer ID for the signed in user. 

Show Answer

Question # 19

An organization hosts web apps in Azure. The organization uses Azure Monitor You discover that configuration changes were made to some of the web apps. You need to identify the configuration changes. Which Azure Monitor log should you review?

A. AppServiceEnvironmentPlatformLogs
B. AppServiceApplogs 
C. AppServiceAuditLogs 
D. AppServiceConsoteLogs 

Show Answer

Question # 20

You develop Azure solutions.You must connect to a No-SQL globally-distributed database by using the .NET API.You need to create an object to configure and execute requests in the database.Which code segment should you use?

A. new Container(EndpointUri, PrimaryKey);
B. new Database(Endpoint, PrimaryKey); 
C. new CosmosClient(EndpointUri, PrimaryKey); 

Show Answer

Question # 21

You have an existing Azure storage account that stores large volumes of data acrossmultiple containers.You need to copy all data from the existing storage account to a new storage account. Thecopy process must meet the following requirements:Automate data movement.Minimize user input required to perform the operation.Ensure that the data movement process is recoverable.What should you use?

A. AzCopy 
B. Azure Storage Explorer 
C. Azure portal 
D. .NET Storage Client Library

Show Answer

Question # 22

You develop and deploy a web app to Azure App Service. The Azure App Service uses aBasic plan in a single region.You need to capture the telemetry.Which three actions should you perform? Each correct answer presents part of the solutionNOTE; Each correct selection is worth one pewit

A. Upgrade the Azure App Service plan to Premium. 
B. Enable remote debugging. 
C. Enable Profiler 
D. Restart an apps in the App Service plan 
E. Enable Snapshot debugger 
F. Enable Application Insights site extensions. 
G. Enable the Always On setting for the app service. 

Show Answer

Question # 23

A development team is creating a new REST API. The API will store data in Azure Blobstorage. You plan to deploy the API to Azure App Service.Developers must access the Azure Blob storage account to develop the API for the nexttwo months. The Azure Blob storage account must not be accessible by the developersafter the two-month time period.You need to grant developers access to the Azure Blob storage account.What should you do?

A. Generate a shared access signature (SAS) for the Azure Blob storage account and provide the SAS to all developers. 
B. Create and apply a new lifecycle management policy to include a last accessed date value. Apply the policy to the Azure Blob storage account.
C. Provide all developers with the access key for the Azure Blob storage account. Update the API to include the Coordinated Universal Time (UTC) timestamp for the request header. 
D. Grant all developers access to the Azure Blob storage account by assigning role-based access control (RBAC) roles. 

Show Answer

Question # 24

You are developing an Azure App Service REST API.The API must be called by an Azure App Service web app. The API must retrieve andupdate user profile information stored in Azure Active Directory (Azure AD).You need to configure the API to make the updates.Which two tools should you use? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

A. Microsoft Graph API 
B. Microsoft Authentication Library (MSAL) 
C. Azure API Management 
D. Microsoft Azure Security Center 
E. Microsoft Azure Key Vault SDK 

Show Answer

Question # 25

You are developing an Azure function that connects to an Azure SQL Database instance. The function is triggered by an Azure Storage queue.You receive reports of numerous System.InvalidOperationExceptions with the following message: “Timeout expired. The timeout period elapsed prior to obtaining a connection from the pool. This may have occurred because all pooled connections were in use and max pool size was reached.” You need to prevent the exception. What should you do?  

A. In the host.json file, decrease the value of the batchSize option 
B. Convert the trigger to Azure Event Hub 
C. Convert the Azure Function to the Premium plan 
D. In the function.json file, change the value of the type option to queueScaling 

Show Answer

Question # 26

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2.When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute.You need to design the process that starts the photo processing.Does the solution meet the goal? Solution: Use the Azure Blob Storage change feed to trigger photo processing.  

A. Yes
B. No

Show Answer

Question # 27

You develop and deploy an Azure App Service web app. The app is deployed to multipleregions and uses Azure Traffic Manager. Application Insights is enabled for the app.You need to analyze app uptime for each month.Which two solutions win achieve the goal? Each correct answer presents a completesolutionNOTE: Each correct selection is worth one point

A. Application Insights alerts 
B. Application Insights web tests 
C. Azure Monitor logs 
D. Azure Monitor metrics 

Show Answer

Question # 28

You manage a data processing application that receives requests from an Azure Storagequeue.You need to manage access to the queue. You have the following requirements:Provide other applications access to the Azure queue.Ensure that you can revoke access to the queue without having to regenerate thestorage account keys. Specify access at the queue level and not at the storage account level.Which type of shared access signature (SAS) should you use?

A. Service SAS with a stored access policy
B. Account SAS
C. User Delegation SAS
D. Service SAS with ad hoc SAS

Show Answer

Question # 29

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You are developing a website that will run as an Azure Web App. Users will authenticate by using their Azure Active Directory (Azure AD) credentials.You plan to assign users one of the following permission levels for the website: admin, normal, and reader. A user’s Azure AD group membership must be used to determine the permission level.You need to configure authorization.Solution: Configure and use Integrated Windows Authentication in the website. In the website, query Microsoft Graph API to load the group to which the user is a member.Does the solution meet the goal?  

A. Yes
B. No

Show Answer

Question # 30

You are developing a web application that uses Azure Cache for Redis. You anticipate thatthe cache will frequently fill and you will need to evict keys.You must configure Azure Cache for Redis based on the following predicted usage pattern:A small subset of elements will be accessed much more often than the rest.You need to configure the Azure Cache for Redis to optimize performance for the predictedusage pattern.Which two eviction policies will achieve the goal?NOTE: Each correct selection is worth one point. 

A. noeviction 
B. allkeys-lru 
C. volatile-lru 
D. allkeys-random 
E. volatile-ttl 
F. volatile-random

Show Answer