The Secret Of Microsoft AZ-304 Pdf Exam

NEW QUESTION 1

You are designing a large Azure environment that will contain many subscriptions. You plan to use Azure Policy as part of a governance solution.
To which three scopes can you assign Azure Policy definitions? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

• A. management groups
• B. subscriptions
• C. Azure Active Directory (Azure AD) tenants
• D. resource groups
• E. Azure Active Directory (Azure AD) administrative units
• F. compute resources

Answer: ABD

Explanation:
Azure Policy evaluates resources in Azure by comparing the properties of those resources to business rules. Once your business rules have been formed, the policy definition or initiative is assigned to any scope of resources that Azure supports, such as management groups, subscriptions, resource groups, or individual resources.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview

NEW QUESTION 2

You have 100 servers that run Windows Server 2012 R2 and host Microsoft SQL Server 2012 R2 instances. The instances host databases that have the following characteristics:
The largest database is currently 3 TB. None of the databases will ever exceed 4 TB.
Stored procedures are implemented by using CLR.
You plan to move all the data from SQL Server to Azure.
You need to recommend an Azure service to host the databases. The solution must meet the following requirements:
Whenever possible, minimize management overhead for the migrated databases.
Minimize the number of database changes required to facilitate the migration.
Ensure that users can authenticate by using their Active Directory credentials.
What should you include in the recommendation?

• A. Azure SQL Database single databases
• B. Azure SQL Database Managed Instance
• C. Azure SQL Database elastic pools
• D. SQL Server 2016 on Azure virtual machines

Answer: B

Explanation:
References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance

NEW QUESTION 3

You design a solution for the web tier of WebApp1 as shown in the exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Yes
Any new deployments to Azure must be redundant in case an Azure region fails.
Traffic Manager uses DNS to direct client requests to the most appropriate service endpoint based on a
traffic-routing method and the health of the endpoints. An endpoint is any Internet-facing service hosted inside or outside of Azure. Traffic Manager provides a range of traffic-routing methods and endpoint monitoring options to suit different application needs and automatic failover models. Traffic Manager is resilient to failure, including the failure of an entire Azure region.
Box 2: Yes
Recent changes in Azure brought some significant changes in autoscaling options for Azure Web Apps (i.e. Azure App Service to be precise as scaling happens on App Service plan level and has effect on all Web Apps running in that App Service plan).
Box 3: No
Traffic Manager provides a range of traffic-routing methods and endpoint monitoring options to suit different application needs and automatic failover models. Traffic Manager is resilient to failure, including the failure of an entire Azure region.
Reference:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview https://blogs.msdn.microsoft.com/hsirtl/2017/07/03/autoscaling-azure-web-apps/

NEW QUESTION 4

You need to design a solution for securing access to the historical transaction data.
What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 5

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named Storage1. You plan to archive data to Storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create a file share and snapshots. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Instead you could create an Azure Blob storage container, and you configure a legal hold access policy. References:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage

NEW QUESTION 6

You are designing an order processing system in Azure that will contain the Azure resources shown in the following table.

The order processing system will have the following transaction flow:
A customer will place an order by using App1.
When the order is received, App1 will generate a message to check for product availability at vendor 1 and vendor 2.
An integration component will process the message, and then trigger either Function1 or Function2 depending on the type of order.
Once a vendor confirms the product availability, a status message for App1 will be generated by Function1 or Function2.
All the steps of the transaction will be logged to storage1.
Which type of resource should you recommend for the integration component? D18912E1457D5D1DDCBD40AB3BF70D5D
Which type of resource should you recommend for the integration component?

• A. an Azure Data Factory pipeline
• B. an Azure Service Bus queue
• C. an Azure Event Grid domain
• D. an Azure Event Hubs capture

Answer: A

Explanation:
A data factory can have one or more pipelines. A pipeline is a logical grouping of activities that together perform a task.
The activities in a pipeline define actions to perform on your data.
Data Factory has three groupings of activities: data movement activities, data transformation activities, and control activities.
Azure Functions is now integrated with Azure Data Factory, allowing you to run an Azure function as a step in your data factory pipelines.
Reference:
https://docs.microsoft.com/en-us/azure/data-factory/concepts-pipelines-activities

NEW QUESTION 7

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it As a result, these questions will not appear In the review screen.
You have an on-premises Hyper-V cluster that hosts 20 virtual machines. Some virtual machines run Windows Server 2016 and some run Linux.
You plan to migrate the virtual machines to an Azure subscription.
You need to recommend a solution to replicate the disks of the virtual machines to Azure. The solution must ensure that the virtual machines remain available during the migration of the disks.
Solution: You recommend implementing an Azure Storage account and then running AzCopy. Does this meet the goal?

• A. Yes
• B. NO

Answer: B

Explanation:
AzCopy only copy files, not the disks. Instead use Azure Site Recovery. References:
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview

NEW QUESTION 8

You are planning to deploy an application named App1 that will run in containers on Azure Kubernetes Service (AKS) clusters. The AKS clusters will be distributed across four Azure regions.
You need to recommend a storage solution for App1. Updated container images must be replicated automatically to all the AKS clusters.
Which storage solution should you recommend?

• A. Premium SKU Azure Container Registry
• B. Azure Content Delivery Network (CDN)
• C. geo redundant storage (GRS) accounts
• D. Azure Cache for Redis

Answer: A

Explanation:
Enable geo-replication for container images.
Best practice: Store your container images in Azure Container Registry and geo-replicate the registry to each AKS region.
To deploy and run your applications in AKS, you need a way to store and pull the container images. Container Registry integrates with AKS, so it can securely store your container images or Helm charts. Container Registry supports multimaster geo-replication to automatically replicate your images to Azure regions around the world.
Geo-replication is a feature of Premium SKU container registries. Note:
When you use Container Registry geo-replication to pull images from the same region, the results are: Faster: You pull images from high-speed, low-latency network connections within the same Azure region.
More reliable: If a region is unavailable, your AKS cluster pulls the images from an available container registry.
Cheaper: There's no network egress charge between datacenters. Reference:
https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-multi-region

NEW QUESTION 9

You have an Azure Active Directory (Azure AD) tenant.
You plan to provide users with access to shared files by using Azure Storage. The users will be provided with different levels of access to various Azure file shares based on their user account or their group membership.
You need to recommend which additional Azure services must be used to support the planned deployment. What should you include in the recommendation?

• A. an Azure AD enterprise application
• B. Azure Information Protection
• C. an Azure AD Domain Services (Azure AD DS) instance
• D. an Azure Front Door instance

Answer: C

Explanation:
Azure Filessupports identity-based authentication over Server Message Block (SMB) throughtwo types of Domain Services: on-premises Active Directory Domain Services (AD DS) and Azure Active Directory Domain Services (Azure AD DS).
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service

NEW QUESTION 10

Note: This question Is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question In this section, you will NOT be able to return to It As a result, these questions will not appear In the review screen.
You have an on-premises Hyper-V cluster that hosts 20 virtual machines. Some virtual machines run Windows Server 2016 and some run Linux.
You plan to migrate the virtual machines to an Azure subscription.
You need to recommend a solution to replicate the disks of the virtual machines to Azure. The solution must ensure that the virtual machines remain available during the migration of the disks.
Solution: You recommend implementing an Azure Storage account that has a file service and a blob service, and then using the Data Migration Assistant
Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Data Migration Assistant is used to migrate SQL databases. Instead use Azure Site Recovery.
References:
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview

NEW QUESTION 11

Your company has users who work remotely from laptops.
You plan to move some of the applications accessed by the remote users to Azure virtual machines. The users will access the applications in Azure by using a point-to-site VPN connection. You will use certificates generated from an on-premises-based certification authority (CA).
You need to recommend which certificates are required for the deployment.
What should you include in the recommendation? To answer, drag the appropriate certificates to the correct targets. Each certificate may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 12

You have an Azure Active Directory (Azure AD) tenant.
You plan to deploy Azure Cosmos DB databases that will use the SQL API.
You need to recommend a solution to provide specific Azure AD user accounts with read access to the Cosmos DB databases.
What should you include in the recommendation?

• A. a resource token and an Access control (IAM) role assignment
• B. shared access signatures (SAS) and conditional access policies
• C. master keys and Azure Information Protection policies
• D. certificates and Azure Key Vault

Answer: A

Explanation:
The Access control (IAM) pane in the Azure portal is used to configure role-based access control on Azure Cosmos resources. The roles are applied to users, groups, service principals, and managed identities in Active Directory. You can use built-in roles or custom roles for individuals and groups. The following screenshot shows Active Directory integration (RBAC) using access control (IAM) in the Azure portal:

Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/role-based-access-control

NEW QUESTION 13

You need to recommend a backup solution for the data store of the payment processing. What should you include in the recommendation?

• A. Microsoft System Center Data Protection Manager (DPM)
• B. long-term retention
• C. a Recovery Services vault
• D. Azure Backup Server

Answer: B

Explanation:

References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-long-term-backup-retention-configure

NEW QUESTION 14

You architect a solution that calculates 3D geometry from height-map data. You have the following requirements:
Perform calculations in Azure.
Each node must communicate data to every other node.
Maximize the number of nodes to calculate multiple scenes as fast as possible. Require the least amount of effort to implement.
You need to recommend a solution.
Which two actions should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Create a render farm that uses Azure Batch.
• B. Enable parallel file systems on Azure.
• C. Enable parallel task execution on compute nodes.
• D. Create a render farm that uses virtual machine (VM) scale sets.
• E. Create a render farm that uses virtual machines (VMs).

Answer: AC

NEW QUESTION 15

You need to recommend a solution for protecting the content of the payment processing system. What should you include in the recommendation?

• A. Transparent Data Encryption (TDE)
• B. Azure Storage Service Encryption
• C. Always Encrypted with randomized encryption
• D. Always Encrypted with deterministic encryption

Answer: D

NEW QUESTION 16

You are building an application that will run in a virtual machine (VM). The application will use Azure Managed Identity.
The application uses Azure Key Vault, Azure SQL Database, and Azure Cosmos DB. You need to ensure the application can use secure credentials to access these services.
Which authentication method should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Note: Managed identities for Azure resources is the new name for the service formerly known as Managed
Service Identity (MSI). Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

NEW QUESTION 17

You need to recommend a strategy for migrating the database content of WebApp1 to Azure. What should you include in the recommendation?

• A. Use Azure Site Recovery to replicate the SQL servers to Azure.
• B. Use SQL Server transactional replication.
• C. Copy the BACPAC file that contains the Azure SQL database file to Azure Blob storage.
• D. Copy the VHD that contains the Azure SQL database files to Azure Blob storage

Answer: D

Explanation:
Before you upload a Windows virtual machine (VM) from on-premises to Azure, you must prepare the virtual hard disk (VHD or VHDX).
Scenario: WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V. Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhd-image

NEW QUESTION 18

You are designing a storage solution that will use Azure Blob storage. The data will be stored in a cool access tier or an archive access tier based on the access patterns of the data.
You identify the following types of infrequently accessed data: Telemetry data: Deleted after two years D18912E1457D5D1DDCBD40AB3BF70D5D
Promotional material: Deleted after 14 days
Virtual machine audit data: Deleted after 200 days
A colleague recommends using the archive access tier to store the data. Which statement accurately describes the recommendation?

• A. Storage costs will be based on a minimum of 30 days.
• B. Access to the data is guaranteed within five minutes.
• C. Access to the data is guaranteed within 30 minutes.
• D. Storage costs will be based on a minimum of 180 days.

Answer: D

Explanation:
The following table shows a comparison of premium performance block blob storage, and the hot, cool, and archive access tiers.

Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers

NEW QUESTION 19

What should you include in the identity management strategy to support the planned changes?

• A. Move all the domain controllers from corp.fabrikam.com to virtual networks in Azure.
• B. Deploy domain controllers for corp.fabrikam.com to virtual networks in Azure.
• C. Deploy a new Azure AD tenant for the authentication of new R&D projects.
• D. Deploy domain controllers for the rd.fabrikam.com forest to virtual networks in Azure.

Answer: B

Explanation:
Directory synchronization between Azure Active Directory (Azure AD) and corp.fabrikam.com must not be affected by a link failure between Azure and the on-premises network. (This requires domain controllers in Azure)
Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails. (This requires domain controllers on-premises)

NEW QUESTION 20

The developers at your company are building a containerized Python Django app.
You need to recommend platform to host the app. The solution must meet the following requirements:
Support autoscaling.
Support continuous deployment from an Azure Container Registry.
Provide built-in functionality to authenticate app users by using Azure Active Directory (Azure AD). Which platform should you include in the recommendation?

• A. Azure Container instances
• B. an Azure App Service instance that uses containers
• C. Azure Kubernetes Service (AKS)

Answer: C

Explanation:
To keep up with application demands in Azure Kubernetes Service (AKS), you may need to adjust the number of nodes that run your workloads. The cluster autoscaler component can watch for pods in your cluster that can't be scheduled because of resource constraints. When issues are detected, the number of nodes in a node pool is increased to meet the application demand.
Azure Container Registry is a private registry for hosting container images. It integrates well with orchestrators like Azure Container Service, including Docker Swarm, DC/OS, and the new Azure Kubernetes service.
Moreover, ACR provides capabilities such as Azure Active Directory-based authentication, webhook support, and delete operations.
Reference:
https://docs.microsoft.com/en-us/azure/aks/cluster-autoscaler
https://medium.com/velotio-perspectives/continuous-deployment-with-azure-kubernetes-service-azurecontainer- registry-jenkins-ca337940151b

NEW QUESTION 21

You need to recommend a solution to deploy containers that run an application. The application has two tiers.
Each tier is implemented as a separate Docker Linux-based image. The solution must meet the following requirements:
The front-end tier must be accessible by using a public IP address on port 80.
The backend tier must be accessible by using port 8080 from the front-end tier only.
Both containers must be able to access the same Azure file share.
If a container fails, the application must restart automatically.
Costs must be minimized.
What should you recommend using to host the application?

• A. Azure Kubernetes Service (AKS)
• B. Azure Service Fabric
• C. Azure Container instances

Answer: C

Explanation:
Azure Container Instances enables a layered approach to orchestration, providing all of the scheduling and management capabilities required to run a single container, while allowing orchestrator platforms to manage multi-container tasks on top of it.
Because the underlying infrastructure for container instances is managed by Azure, an orchestrator platform does not need to concern itself with finding an appropriate host machine on which to run a single container.
Azure Container Instances can schedule both Windows and Linux containers with the same API. Orchestration of container instances exclusively
Because they start quickly and bill by the second, an environment based exclusively on Azure Container Instances offers the fastest way to get started and to deal with highly variable workloads.
Reference:
https://docs.microsoft.com/en-us/azure/container-instances/container-instances-overview https://docs.microsoft.com/en-us/azure/container-instances/container-instances-orchestrator-relationship

NEW QUESTION 22

You need to recommend a solution for configuring the Azure Multi-Factor Authentication (MFA) settings. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-mfa-policy

NEW QUESTION 23

To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: 2
The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.
Box 2: 1
Box 3: 1
Scenario:
Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.
Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials. All administrative access to the Azure portal must be secured by using multi-factor authentication.
Note:
Users must always authenticate by using their corp.fabrikam.com UPN identity.
The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.
Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication.
Rd.fabrikam.com is used by the research and development (R&D) department only.

NEW QUESTION 24

You are developing a web application that provides streaming video to users. You configure the application to use continuous integration and deployment.
The app must be highly available and provide a continuous streaming experience for users.
You need to recommend a solution that allows the application to store data in a geographical location that is closest to the user.
What should you recommend?

• A. Azure App Service Web Apps
• B. Azure App Service Isolated
• C. Azure Redis Cache
• D. Azure Content Delivery Network (CDN)

Answer: D

Explanation:
Azure Content Delivery Network (CDN) is a global CDN solution for delivering high-bandwidth content. It can be hosted in Azure or any other location. With Azure CDN, you can cache static objects loaded from Azure Blob storage, a web application, or any publicly accessible web server, by using the closest point of presence (POP) server. Azure CDN can also accelerate dynamic content, which cannot be cached, by leveraging various network and routing optimizations.
References:
https://docs.microsoft.com/en-in/azure/cdn/

NEW QUESTION 25

You need to recommend a strategy for the web tier of WebApp1. The solution must minimize What should you recommend?

• A. Create a runbook that resizes virtual machines automatically to a smaller size outside of business hours.
• B. Configure the Scale Up settings for a web app.
• C. Deploy a virtual machine scale set that scales out on a 75 percent CPU threshold.
• D. Configure the Scale Out settings for a web app.

Answer: D

NEW QUESTION 26
......