Practice Free Microsoft AZ-204 Exam Questions Online, AZ-204 Free Demo

Question 16 Written Answer

DRAG DROP
You need to add YAML markup at line CS17 to ensure that the ContentUploadService can access Azure Storage access keys.
How should you complete the YAML markup? To answer, drag the appropriate YAML segments to the correct locations. Each YAML segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: volumeMounts
Example:
volumeMounts:
- mountPath: /mnt/secrets name: secretvolume1 volumes:
- name: secretvolume1 secret:
mysecret1: TXkgZmlyc3Qgc2VjcmV0IEZPTwo=
Box 2: volumes
Box 3: secret

Question 17 Selectable Answer

You have an application that includes an Azure Web app and several Azure Function apps. Application secrets including connection strings and certificates are stored in Azure Key Vault.
Secrets must not be stored in the application or application runtime environment. Changes to Azure Active Directory (Azure AD) must be minimized.
You need to design the approach to loading application secrets.
What should you do?

A. Create a single user-assigned Managed Identity with permission to access Key Vault and configure each App Service to use that Managed Identity.
B. Create a single Azure AD Service Principal with permission to access Key Vault and use a client secret from within the App Services to access Key Vault.
C. Create a system assigned Managed Identity in each App Service with permission to access Key Vault.
D. Create an Azure AD Service Principal with Permissions to access Key Vault for each App Service and use a certificate from within the App Services to access Key Vault.

Answer:
Explanation:
Use Key Vault references for App Service and Azure Functions.
Key Vault references currently only support system-assigned managed identities. User-assigned identities cannot be used.
Reference: https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references

Question 18 Written Answer

Topic 4, Proseware, Inc

Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Background
You are a developer for Proseware, Inc. You are developing an application that applies a set of governance policies for Proseware’s internal services, external services, and applications. The application will also provide a shared library for common functionality.

Requirements
Policy service
You develop and deploy a stateful ASP.NET Core 2.1 web application named Policy service to an Azure App Service Web App. The application reacts to events from Azure Event Grid and performs policy actions based on those events.
The application must include the Event Grid Event ID field in all Application Insights telemetry.
Policy service must use Application Insights to automatically scale with the number of policy actions that it is performing.

Policies
Log policy
All Azure App Service Web Apps must write logs to Azure Blob storage. All log files should be saved to a container named logdrop. Logs must remain in the container for 15 days.

Authentication events
Authentication events are used to monitor users signing in and signing out. All authentication events must be processed by Policy service. Sign outs must be processed as quickly as possible.

PolicyLib
You have a shared library named PolicyLib that contains functionality common to all ASP.NET Core web services and applications.
The PolicyLib library must:
✑ Exclude non-user actions from Application Insights telemetry.
✑ Provide methods that allow a web service to scale itself.
✑ Ensure that scaling actions do not disrupt application usage.

Other
Anomaly detection service
You have an anomaly detection service that analyzes log information for anomalies. It is implemented as an Azure Machine Learning model. The model is deployed as a web service. If an anomaly is detected, an Azure Function that emails administrators is called by using an HTTP WebHook.

Health monitoring
All web applications and services have health monitoring at the /health service endpoint.

Issues
Policy loss
When you deploy Policy service, policies may not be applied if they were in the process of being applied during the deployment.

Performance issue
When under heavy load, the anomaly detection service undergoes slowdowns and rejects connections.

Notification latency
Users report that anomaly detection emails can sometimes arrive several minutes after an anomaly is detected.

App code
EventGridController.cs
Relevant portions of the app files are shown below. Line numbers are included for reference only and include a two-character prefix that denotes the specific file to which they belong.

LoginEvent.cs
Relevant portions of the app files are shown below. Line numbers are included for reference only and include a two-character prefix that denotes the specific file to which they belong.

HOTSPOT
You need to implement the Log policy.
How should you complete the EnsureLogging method in EventGridController.cs? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: logdrop
All log files should be saved to a container named logdrop.
Box 2: 15
Logs must remain in the container for 15 days.
Box 3: UpdateApplicationSettings
All Azure App Service Web Apps must write logs to Azure Blob storage.

Question 19 Written Answer

HOTSPOT
You need to configure Azure App Service to support the REST API requirements.
Which values should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Plan: Standard
Standard support auto-scaling
Instance Count: 10
Max instances for standard is 10.
Scenario:
The REST API’s that support the solution must meet the following requirements:
✑ Allow deployment to a testing location within Azure while not incurring additional costs.
✑ Automatically scale to double capacity during peak shipping times while not causing application downtime.
✑ Minimize costs when selecting an Azure payment model.
References: https://azure.microsoft.com/en-us/pricing/details/app-service/plans/

Question 20 Selectable Answer

Topic 5, Litware Inc

Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Background
You are a developer for Litware Inc., a SaaS company that provides a solution for managing employee expenses. The solution consists of an ASP.NET Core Web API project that is deployed as an Azure Web App.

Overall architecture
Employees upload receipts for the system to process. When processing is complete, the employee receives a summary report email that details the processing results. Employees then use a web application to manage their receipts and perform any additional tasks needed for reimbursement.

Receipt processing
Employees may upload receipts in two ways:
✑ Uploading using an Azure Files mounted folder
✑ Uploading using the web application

Data Storage
Receipt and employee information is stored in an Azure SQL database.

Documentation
Employees are provided with a getting started document when they first use the solution. The documentation includes details on supported operating systems for Azure File upload, and instructions on how to configure the mounted folder.

Solution details
Users table

Web Application
You enable MSI for the Web App and configure the Web App to use the security principal name WebAppIdentity.

Processing
Processing is performed by an Azure Function that uses version 2 of the Azure Function runtime. Once processing is completed, results are stored in Azure Blob Storage and an Azure SQL database. Then, an email summary is sent to the user with a link to the processing report. The link to the report must remain valid if the email is forwarded to another user.

Logging
Azure Application Insights is used for telemetry and logging in both the processor and the web application. The processor also has TraceWriter logging enabled. Application Insights must always contain all log messages.

Requirements
Receipt processing
Concurrent processing of a receipt must be prevented.

Disaster recovery
Regional outage must not impact application availability. All DR operations must not be dependent on application running and must ensure that data in the DR region is up to date.

Security
✑ User’s SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins.
✑ All certificates and secrets used to secure data must be stored in Azure Key Vault.
✑ You must adhere to the principle of least privilege and provide privileges which are essential to perform the intended function.
✑ All access to Azure Storage and Azure SQL database must use the application’s Managed Service Identity (MSI).
✑ Receipt data must always be encrypted at rest.
✑ All data must be protected in transit.
✑ User’s expense account number must be visible only to logged in users. All other views of the expense account number should include only the last segment, with the remaining parts obscured.
✑ In the case of a security breach, access to all summary reports must be revoked without impacting other parts of the system.

Issues
Upload format issue
Employees occasionally report an issue with uploading a receipt using the web application. They report that when they upload a receipt using the Azure File Share, the receipt does not appear in their profile. When this occurs, they delete the file in the file share and use the web application, which returns a 500 Internal Server error page.

Capacity issue
During busy periods, employees report long delays between the time they upload the receipt and when it appears in the web application.

Log capacity issue
Developers report that the number of log messages in the trace output for the processor is too high, resulting in lost log messages.

Application code
Processing.cs

Database.cs

ReceiptUploader.cs

ConfigureSSE.ps1

You need to resolve the capacity issue.
What should you do?

A. Convert the trigger on the Azure Function to an Azure Blob storage trigger
B. Ensure that the consumption plan is configured correctly to allow scaling
C. Move the Azure Function to a dedicated App Service Plan
D. Update the loop starting on line PC09 to process items in parallel

Answer:
Explanation:
If you want to read the files in parallel, you cannot use for Each. Each of the async callback function calls does return a promise. You can await the array of promises that you'll get with Promise.all.
Scenario: Capacity issue: During busy periods, employees report long delays between the time they upload the receipt and when it appears in the web application.

Reference: https://stackoverflow.com/questions/37576685/using-async-await-with-a-foreach-loop

Question 21 Selectable Answer

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are developing an Azure solution to collect point-of-sale fPOS) device data from 2,000 stores located throughout the world. A single device can produce 2 megabytes (MB) of data every 24 hours. Each store location has one to five devices that send data.
You must store the device data in Azure Blob storage. Device data must be correlated based on a device identifier. Additional stores are expected to open in the future.
You need to implement a solution to receive the device data.
Solution: Provision an Azure Event Hub. Configure the machine identifier as the partition key and enable capture.

A. Yes
B. No

Answer:
Explanation:
References: https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-programming-guide

Question 22 Selectable Answer

You need to ensure that the solution can meet the scaling requirements for Policy Service.
Which Azure Application Insights data model should you use?

A. an Application Insights dependency
B. an Application Insights event
C. an Application Insights trace
D. an Application Insights metric

Answer:
Explanation:
Application Insights provides three additional data types for custom telemetry:
Trace - used either directly, or through an adapter to implement diagnostics logging using an instrumentation framework that is familiar to you, such as Log4Net or System.Diagnostics. Event - typically used to capture user interaction with your service, to analyze usage patterns.
Metric - used to report periodic scalar measurements.
Scenario:
Policy service must use Application Insights to automatically scale with the number of policy actions that it is performing.
Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/app/data-model

Question 23 Selectable Answer

You need to secure the Azure Functions to meet the security requirements.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. Store the RSA-HSM key in Azure Cosmos D
B. Apery the built-in policies for customer-managed keys and allowed locations.
C. Create a free tier Azure App Configuration instance with a new Azure AD service principal.
D. Store the RSA-HSM key in Azure Key Vault with soft-delete and purge-protection features enabled.
E. Store the RSA-HSM key in Azure Blob storage with an Immutability policy applied to the container.
F. Create a standard tier Azure App Configuration instance with an assigned Azure AD managed identity.

Answer:
Explanation:
Scenario: All Azure Functions must centralize management and distribution of configuration data for different environments and geographies, encrypted by using a company-provided RSA-HSM key.
Microsoft Azure Key Vault is a cloud-hosted management service that allows users to encrypt keys and small secrets by using keys that are protected by hardware security modules (HSMs).
You need to create a managed identity for your application.
Reference: https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references

Question 24 Selectable Answer

Your company has several containers based on the following operating systems:
• Windows Server 2019 Nano Server
• Windows Server 2019 Server Core
• Windows Server 2022 Nano Server
• Windows Server 2022 Server Core
• Linux
You plan to migrate the containers to an Azure Kubernetes cluster.
What is the minimum number of node pools that the cluster must have?

A. 1
B. 2
C. 3
D. 6

Answer:

Question 25 Selectable Answer

Set the DataSource property of the SearchServiceCIient
Does the solution meet the goal?

A. Yes
B. No

Answer:
Explanation:
Use the following method:

Question 26 Written Answer

HOTSPOT
You need to Implement the retail store location Azure Function.
How should you configure the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Graphical user interface, application
Description automatically generated
Scenario: Retail store locations: Azure Functions must process data immediately when data is uploaded to Blob storage.
Box 1: HTTP
Binding configuration example: https://<storage_account_name>.blob.core.windows.net
Box 2: Input
Read blob storage data in a function: Input binding
Box 3: Blob storage
The Blob storage trigger starts a function when a new or updated blob is detected. Azure Functions integrates with Azure Storage via triggers and bindings. Integrating with Blob storage allows you to build functions that react to changes in blob data as well as read and write values.

Question 27 Written Answer

HOTSPOT
You need to add code at line AM10 of the application manifest to ensure that the requirement for manually reviewing content can be met.
How should you complete the code? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: sid
Sid: Session ID, used for per-session user sign-out. Personal and Azure AD accounts.
Scenario: Manual review
To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role.
Box 2: email
Scenario: All completed reviews must include the reviewer’s email address for auditing purposes.

Question 28 Selectable Answer

You need to secure the Shipping Logic App.
What should you use?

A. Azure App Service Environment (ASE)
B. Azure AD B2B integration
C. Integration Service Environment (ISE)
D. VNet service endpoint

Answer:
Explanation:
Scenario: The Shipping Logic App requires secure resources to the corporate VNet and use dedicated storage resources with a fixed costing model.
You can access to Azure Virtual Network resources from Azure Logic Apps by using integration service environments (ISEs).
Sometimes, your logic apps and integration accounts need access to secured resources, such as virtual machines (VMs) and other systems or services, that are inside an Azure virtual network. To set up this access, you can create an integration service environment (ISE) where you can run your logic apps and create your integration accounts.
References: https://docs.microsoft.com/en-us/azure/logic-apps/connect-virtual-network-vnet-isolated-environment-overview

Question 29 Selectable Answer

You need to implement a solution to resolve the retail store location data issue.
Which three Azure Blob features should you enable? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point

A. Immutability
B. Snapshots
C. Versioning
D. Soft delete
E. Object replication
F. Change feed

Answer:
Explanation:
Scenario: You must perform a point-in-time restoration of the retail store location data due to an unexpected and accidental deletion of data.
Before you enable and configure point-in-time restore, enable its prerequisites for the storage account: soft delete, change feed, and blob versioning.
Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/point-in-time-restore-manage

Question 30 Written Answer

HOTSPOT
You need to resolve the Shipping web site error.
How should you configure the Azure Table Storage service? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: AllowedOrigins
A CORS request will fail if Access-Control-Allow-Origin is missing.
Scenario:
The following error message displays while you are testing the website:

Box 2: http://test-shippingapi.wideworldimporters.com
Syntax: Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: <origin>
Access-Control-Allow-Origin: null
<origin> Specifies an origin. Only a single origin can be specified.
Box 3: AllowedOrigins
Box 4: POST
The only allowed methods are GET, HEAD, and POST. In this case POST is used.
"<Corsrule>" "allowedmethods" Failed to load no "Access-control-Origin" header is present
References: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

Test Online Free Microsoft AZ-204 Exam Questions and Answers