Practice Free Microsoft AZ-204 Exam Questions Online, AZ-204 Free Demo

Question 31 Selectable Answer

You need to authenticate the user to the corporate website as indicated by the architectural diagram.
Which two values should you use? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. ID token signature
B. ID token claims
C. HTTP response code
D. Azure AD endpoint URI
E. Azure AD tenant ID

Answer:
Explanation:
Claims in access tokens
JWTs (JSON Web Tokens) are split into three pieces:
✑ Header - Provides information about how to validate the token including information about the type of token and how it was signed.
✑ Payload - Contains all of the important data about the user or app that is attempting to call your service.
✑ Signature - Is the raw material used to validate the token.
Your client can get an access token from either the v1.0 endpoint or the v2.0 endpoint using a variety of protocols.
Scenario: User authentication (see step 5 below)
The following steps detail the user authentication process:
✑ The user selects Sign in in the website.
✑ The browser redirects the user to the Azure Active Directory (Azure AD) sign in page.
✑ The user signs in.
✑ Azure AD redirects the user’s session back to the web application. The URL
includes an access token.
✑ The web application calls an API and includes the access token in the authentication header. The application ID is sent as the audience (‘aud’) claim in the access token.
✑ The back-end API validates the access token.
Reference: https://docs.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies

Question 32 Selectable Answer

You need to store the user agreements.
Where should you store the agreement after it is completed?

A. Azure Storage queue
B. Azure Event Hub
C. Azure Service Bus topic
D. Azure Event Grid topic

Answer:
Explanation:
Azure Event Hub is used for telemetry and distributed data streaming.
This service provides a single solution that enables rapid data retrieval for real-time processing as well as repeated replay of stored raw data. It can capture the streaming data into a file for processing and analysis.
It has the following characteristics:
✑ low latency
✑ capable of receiving and processing millions of events per second
✑ at least once delivery
Reference: https://docs.microsoft.com/en-us/azure/event-grid/compare-messaging-services

Question 33 Selectable Answer

Topic 7, VanArsdel. Ltd

Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Background
VanArsdel. Ltd. is a global office supply company. The company fs based in Canada and has retail store locations across the world. The company is developing several cloud-based solutions to support their stores, distributors, suppliers, and delivery services.

Current environment
Requirements
The application components must meet the following requirements:
Corporate website
• Secure the website by using SSL
• Minimize costs tor data storage and hosting.
• Implement native GitHub workflows for continuous integration and continuous deployment (Cl/CO).
• Distribute the website content globally for local use.
• Implement monitoring by using Application Insights and availability web tests including SSL certificate validity and custom header value verification.
• The website must have 99.95 percent uptime.

Corporate website
The company provides a public website located at htlp://www. vanaisdelttd.com. The website consists of a React JavaScript user interface, HTML,CSS, image assets, and several APIs hosted in Azure functions.

Retail store locations
• Azure Functions must process data immediately when data is uploaded to Blob storage. Azure Functions must update Azure Cosmos D3 by using native SQL language queries.
• Audit store sale transaction information nightly to validate data, process sates financials, and reconcile inventory.

Delivery services
• Store service telemetry data in Azure Cosmos DB by using an Azure Function. Data must include an item id. the delivery vehicle license plate, vehicle package capacity, and current vehicle location coordinates.
• Store delivery driver profile information in Azure Active Directory Azure AD) by using an Azure Function called from the corporate website.

Inventory services
The company has contracted a third-party to develop an API for inventory processing that requires access to a specific blob within the retail store storage account for three months to include read-only access to the data.

Security
• All Azure Functions must centralize management and distribution of configuration data for different environments and geographies, encrypted by using a company-provided RSA-HSM key.
• Authentication and authorization must use Azure AD and services must use managed identities where possible.

Retail Store Locations
• You must perform a point-in-time restoration of the retail store location data due to an unexpected and accidental deletion of data.
• Azure Cosmos DB queries from the Azure Function exhibit high Request Unit (RU) usage and contain multiple, complex queries that exhibit high point read latency for large items as the function app is scaling.

You need to audit the retail store sales transactions.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

A. Update the retail store location data upload process to include blob index tags. Create an Azure Function to process the blob index tags and filter by store location
B. Enable blob versioning for the storage account. Use an Azure Function to process a list of the blob versions per day.
C. Process an Azure Storage blob inventory report by using an Azure Function. Create rule filters on the blob inventory report,
D. Subscribe to blob storage events by using an Azure Function and Azure Event Grid. Filter the events by store location.
E. Process the change feed logs of the Azure Blob storage account by using an Azure Function. Specify a time range for the change feed data.

Answer:
Explanation:
Scenario: Audit store sale transaction information nightly to validate data, process sales financials, and reconcile inventory.
"Process the change feed logs of the Azure Blob storage account by using an Azure Function. Specify a time range for the change feed data": Change feed support is well-suited for scenarios that process data based on objects that have changed. For example, applications can:
Store, audit, and analyze changes to your objects, over any period of time, for security, compliance or intelligence for enterprise data management.
"Subscribe to blob storage events by using an Azure Function and Azure Event Grid. Filter the events by store location": Azure Storage events allow applications to react to events, such as the creation and deletion of blobs. It does so without the need for complicated code or expensive and inefficient polling services. The best part is you only pay for what you use.
Blob storage events are pushed using Azure Event Grid to subscribers such as Azure Functions, Azure Logic Apps, or even to your own http listener. Event Grid provides reliable event delivery to your applications through rich retry policies and dead-lettering.
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-change-feed
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-event-overview

Question 34 Selectable Answer

You need to investigate the http server log output to resolve the issue with the ContentUploadService.
Which command should you use first?

A. az webapp log
B. az ams live-output
C. az monitor activity-log
D. az container attach

Answer:
Explanation:
Scenario: Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.
"502 bad gateway" and "503 service unavailable" are common errors in your app hosted in Azure App Service.
Microsoft Azure publicizes each time there is a service interruption or performance degradation.
The az monitor activity-log command manages activity logs.
Note: Troubleshooting can be divided into three distinct tasks, in sequential order:
✑ Observe and monitor application behavior
✑ Collect data
✑ Mitigate the issue
Reference: https://docs.microsoft.com/en-us/cli/azure/monitor/activity-log

Question 35 Selectable Answer

A company uses Azure SQL Database to store data for an app. The data includes sensitive information.
You need to implement measures that allow only members of the managers group to see sensitive information.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. Option A
B. Option B
C. Option C
D. Option D
E. Option E

Answer:
Explanation:
Dynamic data masking helps prevent unauthorized access to sensitive data by enabling customers to designate how much of the sensitive data to reveal with minimal impact on the application layer.
SQL users excluded from masking - A set of SQL users or AAD identities that get unmasked data in the SQL query results.
Note: The New-AzureRmSqlDatabaseDataMaskingRule cmdlet creates a data masking rule for an Azure SQL database.
References: https://docs.microsoft.com/en-us/powershell/module/azurerm.sql/new-azurermsqldatabasedatamaskingrule?view=azurermps-6.13.0

Question 36 Written Answer

DRAG DROP
You need to add code at line PC32 in Processing.cs to implement the GetCredentials method in the Processing class.
How should you complete the code? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: AzureServiceTokenProvider()
Box 2: tp.GetAccessTokenAsync("..")
Acquiring an access token is then quite easy. Example code:
private async Task<string> GetAccessTokenAsync()
{
var tokenProvider = new AzureServiceTokenProvider();
return await tokenProvider.GetAccessTokenAsync("https://storage.azure.com/");
}

Question 37 Written Answer

HOTSPOT
You need to secure the Shipping Function app.
How should you configure the app? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Scenario: Shipping Function app: Implement secure function endpoints by using app-level security and include Azure Active Directory (Azure AD).
Box 1: Function
Box 2: JSON based Token (JWT)
Azure AD uses JSON based tokens (JWTs) that contain claims
Box 3: HTTP
How a web app delegates sign-in to Azure AD and obtains a token
User authentication happens via the browser. The OpenID protocol uses standard HTTP protocol messages.
References: https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-scenarios

Question 38 Written Answer

HOTSPOT
You need to add code at line PC26 of Processing.cs to ensure that security policies are met.
How should you complete the code that you will add at line PC26? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: var key = await
Resolver.ResolveKeyAsyn(keyBundle,KeyIdentifier.CancellationToken.None);
Box 2: var x = new BlobEncryptionPolicy(key,resolver); Example:
// We begin with cloudKey1, and a resolver capable of resolving and caching Key Vault secrets.
BlobEncryptionPolicy encryptionPolicy = new BlobEncryptionPolicy(cloudKey1, cachingResolver);
client.DefaultRequestOptions.EncryptionPolicy = encryptionPolicy;
Box 3: cloudblobClient. DefaultRequestOptions.EncryptionPolicy = x;

Question 39 Written Answer

HOTSPOT
You are developing an application to collect the following telemetry data for delivery drivers: first name, last name, package count, item id, and current location coordinates. The app will store the data in Azure Cosmos DB.
You need to configure Azure Cosmos DB to query the data.
Which values should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Table
Description automatically generated
Box 1: Core (SQL)
Core (SQL) API stores data in document format. It offers the best end-to-end experience as we have full control over the interface, service, and the SDK client libraries. SQL API supports analytics and offers performance isolation between operational and analytical workloads.
Box 2: item id
item id is a unique identifier and is suitable for the partition key.

Question 40 Written Answer

HOTSPOT
You need to implement the delivery service telemetry data
How should you configure the solution? NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Graphical user interface, text, application
Description automatically generated

Question 41 Written Answer

DRAG DROP
A web service provides customer summary information for e-commerce partners. The web service is implemented as an Azure Function app with an HTTP trigger. Access to the API is provided by an Azure API Management instance. The API Management instance is configured in consumption plan mode. All API calls are authenticated by using OAuth.
API calls must be cached. Customers must not be able to view cached data for other customers.
You need to configure API Management policies for caching.
How should you complete the policy statement?

Answer:

Explanation:
Box 1: internal caching-type
Choose between the following values of the attribute:
✑ internal to use the built-in API Management cache,
✑ external to use the external cache as Azure Cache for Redis
✑ prefer-external to use external cache if configured or internal cache otherwise.
Box 2: private
downstream-caching-type
This attribute must be set to one of the following values.
✑ none - downstream caching is not allowed.
✑ private - downstream private caching is allowed.
✑ public - private and shared downstream caching is allowed.
Box 3: Authorization
<vary-by-header>Authorization</vary-by-header>

Note: Start caching responses per value of specified header, such as Accept, Accept-Charset, Accept-Encoding, Accept-Language, Authorization, Expect, From, Host, If-Match

Question 42 Written Answer

DRAG DROP
You are developing an application. You have an Azure user account that has access to two subscriptions.
You need to retrieve a storage account key secret from Azure Key Vault.
In which order should you arrange the PowerShell commands to develop the solution? To answer, move all commands from the list of commands to the answer area and arrange them in the correct order.

Answer:

Explanation:
Step 1: Get-AzSubscription
If you have multiple subscriptions, you might have to specify the one that was used to create your key vault. Enter the following to see the subscriptions for your account: Get-AzSubscription
Step 2: Set-AzContext -SubscriptionId
To specify the subscription that's associated with the key vault you'll be logging, enter:
Set-AzContext -SubscriptionId <subscriptionID>
Step 3: Get-AzStorageAccountKey
You must get that storage account key.
Step 4: $secretvalue = ConvertTo-SecureString <storageAccountKey> -AsPlainText -Force Set-AzKeyVaultSecret -VaultName <vaultName> -Name <secretName> -SecretValue $secretvalue
After retrieving your secret (in this case, your storage account key), you must convert that key to a secure string, and then create a secret with that value in your key vault.
Step 5: Get-AzKeyVaultSecret
Next, get the URI for the secret you created. You'll need this URI in a later step to call the
key vault and retrieve your secret. Run the following PowerShell command and make note
of the ID value, which is the secret's URI:
Get-AzKeyVaultSecret CVaultName <vaultName>

Question 43 Written Answer

DRAG DROP
You need to support the message processing for the ocean transport workflow.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:
Step 1: Create an integration account in the Azure portal
You can define custom metadata for artifacts in integration accounts and get that metadata during runtime for your logic app to use. For example, you can provide metadata for artifacts, such as partners, agreements, schemas, and maps - all store metadata using key-value pairs.
Step 2: Link the Logic App to the integration account
A logic app that's linked to the integration account and artifact metadata you want to use.
Step 3: Add partners, schemas, certificates, maps, and agreements
Step 4: Create a custom connector for the Logic App.
References: https://docs.microsoft.com/bs-latn-ba/azure/logic-apps/logic-apps-enterprise-integration-metadata

Question 44 Written Answer

HOTSPOT
YOU need to reliably identify the delivery driver profile information.
How should you configure the system? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Text, letter
Description automatically generated

Question 45 Selectable Answer

You develop and deploy a web application to Azure App Service. The application accesses data stored in an Azure Storage account. The account contains several containers with several blobs with large amounts of data. You deploy all Azure resources to a single region.
You need to move the Azure Storage account to the new region. You must copy all data to the new region.
What should you do first?

A. Export the Azure Storage account Azure Resource Manager template
B. Initiate a storage account failover
C. Configure object replication for all blobs
D. Use the AzCopy command line tool
E. Create a new Azure Storage account in the current region
F. Create a new subscription in the current region

Answer:
Explanation:
To move a storage account, create a copy of your storage account in another region. Then, move your data to that account by using AzCopy, or another tool of your choice and finally, delete the resources in the source region.
To get started, export, and then modify a Resource Manager template.
Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-account-move?tabs=azure-portal

Test Online Free Microsoft AZ-204 Exam Questions and Answers