[Nov 24, 2021] Fully Updated Dumps PDF - Latest AZ-304 Exam Questions and Answers [Q149-Q174]

[Nov 24, 2021] Fully Updated Dumps PDF - Latest AZ-304 Exam Questions and Answers

100% Free AZ-304 Exam Dumps to Pass Exam Easily from SureTorrent

NEW QUESTION 149
You have an Azure subscription that contains a custom application named Application1. Application1 was developed by an external company named Fabrikam, Ltd. Developers at Fabrikam were assigned role-based access control (RBAC) permissions to the Application1 components. All users are licensed for the Microsoft
365 E5 plan.
You need to recommend a solution to verify whether the Fabrikam developers still require permissions to Application1. The solution must meet the following requirements:
* To the manager of the developers, send a monthly email message that lists the access permissions to Application1.
* If the manager does not verify an access permission, automatically revoke that permission.
* Minimize development effort.
What should you recommend?

A. In Azure Active Directory (AD) Privileged Identity Management, create a custom role assignment for the Application1 resources.
B. Create an Azure Automation runbook that runs the Get-AzureADUserAppRoleAssignment cmdlet.
C. In Azure Active Directory (Azure AD), create an access review of Application1.
D. Create an Azure Automation runbook that runs the Get-AzureRmRoleAssignment cmdlet.

Answer: C

Explanation:
Explanation/Reference:
Design Data Storage
Question Set 1

NEW QUESTION 150
You are designing an Azure Cosmos DB solution that will host multiple writable replicas in multiple Azure regions.
You need to recommend the strongest database consistency level for the design. The solution must meet the following requirements:
Provide a latency-based Service Level Agreement (SLA) for writes.
Support multiple regions.
Which consistency level should you recommend?

A. consistent prefix
B. strong
C. bounded staleness
D. session

Answer: C

Explanation:
Each level provides availability and performance tradeoffs. The following image shows the different consistency levels as a spectrum.

Note: The service offers comprehensive 99.99% SLAs which covers the guarantees for throughput, consistency, availability and latency for the Azure Cosmos DB Database Accounts scoped to a single Azure region configured with any of the five Consistency Levels or Database Accounts spanning multiple Azure regions, configured with any of the four relaxed Consistency Levels.
Reference:
https://azure.microsoft.com/en-us/support/legal/sla/cosmos-db/v1_3/
https://docs.microsoft.com/en-us/azure/cosmos-db/consistency-levels#consistency-levels-and-latency

NEW QUESTION 151
You have an Azure App Service Web App that includes Azure Blob storage and an Azure SQL Database instance. The application is instrumented by using the Application Insights SDK.
You need to design a monitoring solution for the web app.
Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION 152
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage account that contains two 1-GB data files named File1 and File2. The data files are set to use the archive access tier.
You need to ensure that File1 is accessible immediately when a retrieval request is initiated.
Solution: You move File1 to a new storage account. For File1, you set Access tier to Archive.
Does this meet the goal?

A. Yes
B. No

Answer: B

Explanation:
Instead use the hot access tier.
The hot access tier has higher storage costs than cool and archive tiers, but the lowest access costs. Example usage scenarios for the hot access tier include:
Data that's in active use or expected to be accessed (read from and written to) frequently.
Data that's staged for processing and eventual migration to the cool access tier.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers

NEW QUESTION 153
A company plans to implement an HTTP-based API to support a web app. The web app allows customers to check the status of their orders.
The API must meet the following requirements:
* Implement Azure Functions
* Provide public read-only operations
* Do not allow write operations
You need to recommend configuration options.
What should you recommend? To answer, configure the appropriate options in the dialog box in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Allowed authentication methods: GET only
Authorization level: Anonymous
The option is Allow Anonymous requests. This option turns on authentication and authorization in App Service, but defers authorization decisions to your application code. For authenticated requests, App Service also passes along authentication information in the HTTP headers.
This option provides more flexibility in handling anonymous requests.
References:
https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization

NEW QUESTION 154
You have an Azure web app named App1 and an Azure key vault named KV1.
App1 stores database connection strings in KV1.
App1 performs the following types of requests to KV1:
Get
List
Wrap
Delete
Unwrap
Backup
Decrypt
Encrypt
You are evaluating the continuity of service for App1.
You need to identify the following if the Azure region that hosts KV1 becomes unavailable:
To where will KV1 fail over?
During the failover, which request type will be unavailable?
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: A server in the same paired region
The contents of your key vault are replicated within the region and to a secondary region at least 150 miles away, but within the same geography to maintain high durability of your keys and secrets.
Box 2: Delete
During failover, your key vault is in read-only mode. Requests that are supported in this mode are:
List certificates
Get certificates
List secrets
Get secrets
List keys
Get (properties of) keys
Encrypt
Decrypt
Wrap
Unwrap
Verify
Sign
Backup
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidance

NEW QUESTION 155
You are designing a cost-optimized solution that uses Azure Batch to run two types of jobs on Linux nodes. The first job type will consist of short-running tasks for a development environment. The second jot type will consist of long-running Message Passing Interface (MPI) applications for a production environment that requires timely job completion.
You need to recommend the pool type and node type for each job type. The solution must minimize compute charges and leverage Azure Hybrid Benefit whenever possible.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/batch/batch-low-pri-vms

NEW QUESTION 156
You plan to deploy the backup policy shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION 157
You are designing a container solution in Azure that will include two containers. One container will host a web API that will be available to the public. The other container will perform health monitoring of the web API and will remain private. The two containers will be deployed together as a group.
You need to recommend a compute service for the containers. The solution must minimize costs and maintenance overhead.
What should you include in the recommendation?

A. Azure Kubernetes Service (AKS)
B. Azure Container Instances
C. Azure Container registries
D. Azure Service Fabric

Answer: B

Explanation:
Azure Container Instances supports the deployment of multiple containers onto a single host using a container group. A container group is useful when building an application sidecar for logging, monitoring, or any other configuration where a service needs a second attached process.
Reference:
https://docs.microsoft.com/en-us/azure/container-instances/container-instances-multi-container-group

NEW QUESTION 158
You have a web application that uses a MongoDB database. You plan to migrate the web application to Azure.
You must migrate to Cosmos DB while minimizing code and configuration changes.
You need to design the Cosmos DB configuration.
What should you recommend? To answer, select the appropriate values in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

References:
https://docs.microsoft.com/en-us/azure/cosmos-db/create-mongodb-dotnet

NEW QUESTION 159
Your company has the divisions shown in the following table.

Sub1 contains an Azure web app that runs an ASP.NET application named App1 uses the Microsoft identity platform (v2.0) to handler user authentication. users from east.contoso.com can authenticate to App1.
You need to recommend a solution to allow users from west.contoso.com to authenticate to App1.
What should you recommend for the west.contoso.com Azure AD tenant?

A. pass-through authentication
B. an app registration
C. a conditional access policy
D. guest accounts

Answer: B

NEW QUESTION 160
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains a group named Group1. Group1 contains all the administrative user accounts.
You discover several login attempts to the Azure portal from countries where administrative users do NOT work.
You need to ensure that all login attempts to the Azure portal from those countries require Azure Multi-Factor Authentication (MFA).
Solution: You implement an access package.
Does this meet the goal?

A. Yes
B. No

Answer: B

Explanation:
Instead implement Azure AD Privileged Identity Management.
Note: Azure Active Directory (Azure AD) Privileged Identity Management (PIM) is a service that enables you to manage, control, and monitor access to important resources in your organization.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

NEW QUESTION 161
You ate designing an Azure governance solution.
All Azure resources must be easily identifiable based on the following operational information environment, owner, department and cost center You need 10 ensure that you can use the operational information when you generate reports for the Azure resources.
What should you include in the solution?

A. an Azure management group that uses parent groups to create a hierarchy
B. an Azure data catalog that uses the Azure REST API as a data source
C. an Azure policy that enforces tagging rules
D. Azure Active Directory (Azure AD) administrative units

Answer: C

NEW QUESTION 162
You have an Azure SQL database named DB1.
You need to recommend a data security solution for DB1. the solution must meet the following requirements:
* When helpdesk supervisors query DS1. they must see the full number of each credit card.
* When helpdesk operators Query DB1. they must see only the last four digits of each credit card number
* A column named Credit Rating must never appear in plain text within the database system, and only client applications must be able to decrypt the Credit Rating column.
What should you include in the recommendation To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: Dynamic data masking
Dynamic data masking helps prevent unauthorized access to sensitive data by enabling customers to designate how much of the sensitive data to reveal with minimal impact on the application layer. It's a policy-based security feature that hides the sensitive data in the result set of a query over designated database fields, while the data in the database is not changed.
Box 2: Always encrypted
Data stored in the database is protected even if the entire machine is compromised, for example by malware.
Always Encrypted leverages client-side encryption: a database driver inside an application transparently encrypts data, before sending the data to the database. Similarly, the driver decrypts encrypted data retrieved in query results.
Reference:
https://azure.microsoft.com/en-us/blog/transparent-data-encryption-or-always-encrypted/

NEW QUESTION 163
You have the application architecture shown in the following exhibit.

Use the drop-down menus to select choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring

NEW QUESTION 164
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains several administrative user accounts. You need to recommend a solution to identify which administrative user accounts have NOT signed in during the previous 30 days.
Which service should you include in the recommendation?

A. Azure Advisor
B. Azure Activity log
C. Azure AD Identity Protection
D. Azure AD Privileged identity Management (PIM)

Answer: D

Explanation:
Explanation
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-use-audit-lo

NEW QUESTION 165
You plan to deploy an Azure web app named Appl that will use Azure Active Directory (Azure AD) authentication.
App1 will be accessed from the internet by the users at your company. All the users have computers that run Windows 10 and are joined to Azure AD.
You need to recommend a solution to ensure that the users can connect to App1 without being prompted for authentication and can access App1 only from company-owned computers.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: An Azure AD app registration
Azure active directory (AD) provides cloud based directory and identity management services.You can use azure AD to manage users of your application and authenticate access to your applications using azure active directory.
You register your application with Azure active directory tenant.
Box 2: A conditional access policy
Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action.
By using Conditional Access policies, you can apply the right access controls when needed to keep your organization secure and stay out of your user's way when not needed.

Reference:
https://codingcanvas.com/using-azure-active-directory-authentication-in-your-web-application/
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

NEW QUESTION 166
You have the application architecture shown in the following exhibit.

Use the drop-down menus to select choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

NEW QUESTION 167
You have an Azure subscription that contains 300 Azure virtual machines that run Windows Server 2016.
You need to centrally monitor all warning events in the System logs of the virtual machines.
What should you include in the solutions? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows

NEW QUESTION 168
You need to design an architecture to capture the creation of users and the assignment of roles. The captured data must be stored in Azure Cosmos DB.
Which Azure services should you include in the design? To answer, drag the appropriate services to the correct targets. Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION 169
You have an Azure SQL database named DB1.
You need to recommend a data security solution for DB1. the solution must meet the following requirements:
* When helpdesk supervisors query DS1. they must see the full number of each credit card.
* When helpdesk operators Query DB1. they must see only the last four digits of each credit card number
* A column named Credit Rating must never appear in plain text within the database system, and only client applications must be able to decrypt the Credit Rating column.
What should you include in the recommendation To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

NEW QUESTION 170
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it As a result, these questions will not appear In the review screen.
You have an on-premises Hyper-V cluster that hosts 20 virtual machines. Some virtual machines run Windows Server 2016 and some run Linux.
You plan to migrate the virtual machines to an Azure subscription.
You need to recommend a solution to replicate the disks of the virtual machines to Azure. The solution must ensure that the virtual machines remain available during the migration of the disks.
Solution: You recommend implementing an Azure Storage account and then running AzCopy.
Does this meet the goal?

A. Yes
B. NO

Answer: B

Explanation:
Explanation
AzCopy only copy files, not the disks.
Instead use Azure Site Recovery.
References:
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview

NEW QUESTION 171
You have an Azure subscription that contains the SQL servers shown in the following table.

The subscription contains the storage accounts shown in the following table.

You create the Azure SQL databases shown in the following table.

Answer:

Explanation:

Explanation

Box 1: Yes
Be sure that the destination is in the same region as your database and server.
Box 2: No
Box 3: No
Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing

NEW QUESTION 172
You have 100 Microsoft SQL Server integration Services (SSIS) packages that are configured to use 10 on-premises SQL Server databases as their destinations.
You plan to migrate the 10 on-premises databases to Azure SQL Database
You need to recommend a solution to host the SSlS packages in Azure. The solution must ensure that the packages can target the SQL Database instances as their destinations.
What should you include in the recommendation?

A. Azure Data Factory
B. Data Migration Assistant
C. SQL Server Migration Assistant (SSMA)
D. Azure Data Catalog

Answer: B

NEW QUESTION 173
Your company has 20 web APIs that were developed in-house.
The company is developing 10 web apps that will use the web APIs. The web apps and the APIs are registered in the company's Azure Active Directory (Azure AD) tenant. The web APIs are published by using Azure API Management.
You need to recommend a solution to block unauthorized requests originating from the web apps from reaching the web APIs. The solution must meet the following requirements:
Use Azure AD-generated claims.
Minimize configuration and management effort.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.