Practice Free AZ-204 Exam Online Questions
HOTSPOT
You have an App Service plan named aspl based on the Free pricing tier.
You plan to use aspl to implement an Azure Function app with a queue trigger. Your solution must minimize cost.
You need to identify the configuration options that will meet the requirements.
Which value should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You have an App Service plan named aspl based on the Free pricing tier.
You plan to use aspl to implement an Azure Function app with a queue trigger. Your solution must minimize cost.
You need to identify the configuration options that will meet the requirements.
Which value should you configure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an existing Azure storage account that stores large volumes of data across multiple containers.
You need to copy all data from the existing storage account to a new storage account.
The copy process must meet the following requirements:
✑ Automate data movement.
✑ Minimize user input required to perform the operation.
✑ Ensure that the data movement process is recoverable.
What should you use?
- A . AzCopy
- B . Azure Storage Explorer
- C . Azure portal
- D . .NET Storage Client Library
A
Explanation:
You can copy blobs, directories, and containers between storage accounts by using the AzCopy v10 command-line utility.
The copy operation is synchronous so when the command returns, that indicates that all files have been copied.
Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-blobs-copy
You are implementing an Azure API app that uses built-in authentication and authorization functionality.
All app actions must be associated with information about the current user.
You need to retrieve the information about the current user.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . HTTP headers
- B . environment variables
- C . /.auth/me HTTP endpoint
- D . /.auth/login endpoint
AC
Explanation:
A: After App Service Authentication has been configured, users trying to access your API are prompted to sign in with their organizational account that belongs to the same Azure AD as the Azure AD application used to secure the API. After signing in, you are able to access the information about the current user through the HttpContext.Current.User property.
C: While the server code has access to request headers, client code can access GET /.auth/me to get the same access tokens (
Reference:
https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-auth-aad
https://docs.microsoft.com/en-us/sharepoint/dev/spfx/web-parts/guidance/connect-to-api-secured-with-aad
You need to secure the Azure Functions to meet the security requirements.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Store the RSA-HSM key in Azure Key Vault with soft-delete and purge-protection features enabled
- B . Store the RSA-HSM key in Azure Blob storage with an immutability policy applied to the container.
- C . Store the RSA-HSM key in Azure Cosmos DB. Apply the built-in policies for customer-managed Keys and allowed locations
- D . Create a standard tier Azure App Configuration instance with an assigned Azure AD managed identity.
- E . Create a free tier Azure App Configuration instance with a new Azure AD service principal.
DRAG DROP
You develop a gateway solution for a public facing news API.
The news API back end is implemented as a RESTful service and hosted in an Azure App Service instance.
You need to configure back-end authentication for the API Management service instance.
Which target and gateway credential type should you use? To answer, drag the appropriate values to the correct parameters. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Azure Resource
Box 2: Client cert
API Management allows to secure access to the back-end service of an API using client certificates.
Reference: https://docs.microsoft.com/en-us/rest/api/apimanagement/apimanagementrest/azure-api-management-rest-api-backend-entity
You are developing a web app that is protected by Azure Web Application Firewall (WAF). All traffic to the web app is routed through an Azure Application Gateway instance that is used by multiple web apps. The web app address is contoso.azurewebsites.net.
All traffic must be secured with SSL. The Azure Application Gateway instance is used by multiple web apps.
You need to configure the Azure Application Gateway for the app.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . In the Azure Application Gateway’s HTTP setting, enable the Use for App service setting.
- B . Convert the web app to run in an Azure App service environment (ASE).
- C . Add an authentication certificate for contoso.azurewebsites.net to the Azure Application gateway.
- D . In the Azure Application Gateway’s HTTP setting, set the value of the Override backend path option to contoso22.azurewebsites.net.
AD
Explanation:
D: The ability to specify a host override is defined in the HTTP settings and can be applied to any back-end pool during rule creation.
The ability to derive the host name from the IP or FQDN of the back-end pool members. HTTP settings also provide an option to dynamically pick the host name from a back-end pool member’s FQDN if configured with the option to derive host name from an individual back-end pool member.
A (not C): SSL termination and end to end SSL with multi-tenant services.
In case of end to end SSL, trusted Azure services such as Azure App service web apps do not require whitelisting the backends in the application gateway. Therefore, there is no need to add any authentication certificates.
Reference: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-web-app-overview
You are a developing a SaaS application that stores data as key value pairs.
You must make multiple editions of the application available. In the lowest cost edition, the performance must be best-effort, and there is no regional failover.
In higher cos! editions customers must be able to select guaranteed performance and support for multiple regions. Azure costs must be minimized.
Which Azure Cosmos OB API should you use for the application?
- A . Core
- B . MongoDB
- C . Cassandra
- D . Table API
HOTSPOT
You are developing an online game that allows players to vote for their favorite photo that illustrates a word. The game is built by using Azure Functions and uses durable entities to track the vote count
The voting window is 30 seconds. You must minimize latency.
You need to implement the Azure Function for voting.
How should you complete the code? To answer, select the appropriate options in the answer area.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You develop an HTTP triggered Azure Function app to process Azure Storage blob data. The app is triggered using an output binding on the blob.
The app continues to time out after four minutes. The app must process the blob data.
You need to ensure the app does not time out and processes the blob data.
Solution: Use the Durable Function async pattern to process the blob data.
Does the solution meet the goal?
- A . Yes
- B . No
B
Explanation:
Instead pass the HTTP trigger payload into an Azure Service Bus queue to be processed by a queue trigger function and return an immediate HTTP success response.
Note: Large, long-running functions can cause unexpected timeout issues. General best practices include:
Whenever possible, refactor large functions into smaller function sets that work together and return responses fast. For example, a webhook or HTTP trigger function might require an acknowledgment response within a certain time limit; it’s common for webhooks to require an immediate response.
You can pass the HTTP trigger payload into a queue to be processed by a queue trigger function. This approach lets you defer the actual work and return an immediate response.
Reference: https://docs.microsoft.com/en-us/azure/azure-functions/functions-best-practices