Practice Free AZ-204 Exam Online Questions
HOTSPOT
You are building a website to access project data related to terms within your organization. The website does not allow anonymous access. Authentication performed using an Azure Active Directory (Azure AD) app named internal.
The website has the following authentication requirements:
• Azure AD users must be able to login to the website.
• Personalization of the website must be based on membership in Active Directory groups.
You need to configure the application’s manifest to meet the authentication requirements.
How should you configure the manifest? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: groupMembershipClaims
Personalization of the website must be based on membership in Active Directory groups.
Group claims can also be configured in the Optional Claims section of the Application Manifest. Enable group membership claims by changing the groupMembershipClaim
The valid values are:
– "All"
– "SecurityGroup"
– "DistributionList"
– "DirectoryRole"
Here we need to mention that we want to get the groups for the users. Hence we need to mention to set the groupMembershipClaims property to All.
Box 2: oauth2AllowImplicitFlow
Azure AD users must be able to login to the website.
auth2Permissions can only accept collections value like an array, not a boolean.
oauth2AllowImplicitFlow accepts boolean value.
Here from the list of options given, if we want the application to fetch the required tokens , we would need to allow Implicit Flow.
HOTSPOT
You develop a web app that interacts with Azure Active Directory (Azure AD) groups by using Microsoft Graph.
You build a web page that shows all Azure AD groups that are not of the type ‘Unified’.
You need to build the Microsoft Graph query for the page.
How should you complete the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are developing an Azure Service application that processes queue data when it receives a message from a mobile application. Messages may not be sent to the service consistently.
You have the following requirements:
✑ Queue size must not grow larger than 80 gigabytes (GB).
✑ Use first-in-first-out (FIFO) ordering of messages.
✑ Minimize Azure costs.
You need to implement the messaging solution.
Solution: Use the .Net API to add a message to an Azure Service Bus Queue from the mobile application. Create an Azure Function App that uses an Azure Service Bus Queue trigger.
Does the solution meet the goal?
- A . Yes
- B . No
A
Explanation:
You can create a function that is triggered when messages are submitted to an Azure Storage queue.
Reference: https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-storage-queue-triggered-function
HOTSPOT
You plan to implement an Azure Functions app.
The Azure Functions app has the following requirements:
• Must be triggered by a message placed in an Azure Storage queue.
• Must use the queue name set by an app setting named input-queue.
• Must create an Azure Blob Storage named the same as the content of the message.
You need to identify how to reference the queue and blob name in the function. Just file of the Azure Functions app.
How should you reference the names? To answer, select the appropriate values in the answer area. NOTE: Each correct selection is worth one point.
You develop a solution that uses Azure Virtual Machines (VMs).
The VMs contain code that must access resources in an Azure resource group. You grant the VM access to the resource group in Resource Manager.
You need to obtain an access token that uses the VMs system-assigned managed identity.
Which two actions should you perform? Each correct answer presents part of the solution.
- A . Use PowerShell on a remote machine to make a request to the local managed identity for Azure resources endpoint.
- B . Use PowerShell on the VM to make a request to the local managed identity for Azure resources endpoint.
- C . From the code on the VM. call Azure Resource Manager using an access token.
- D . From the code on the VM. call Azure Resource Manager using a SAS token.
- E . From the code on the VM. generate a user delegation SAS token.
You need to save customized items to Azure Cosmos DB.
Which Azure Cosmos DB configuration should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You develop Azure solutions.
You must grant a virtual machine (VM) access to specific resource groups in Azure Resource Manager.
You need to obtain an Azure Resource Manager access token.
Solution: Run the Invoke-RestMethod cmdlet to make a request to the local managed identity for Azure resources endpoint.
Does the solution meet the goal?
- A . Yes
- B . No
A
Explanation:
Get an access token using the VM’s system-assigned managed identity and use it to call Azure Resource Manager
You will need to use PowerShell in this portion.
In the portal, navigate to Virtual Machines and go to your Windows virtual machine and in the Overview, click Connect.
Enter in your Username and Password for which you added when you created the Windows VM.
Now that you have created a Remote Desktop Connection with the virtual machine, open PowerShell in the remote session.
Using the Invoke-WebRequest cmdlet, make a request to the local managed identity for Azure resources endpoint to get an access token for Azure Resource Manager.
Example:
$response = Invoke-WebRequest -Uri
‘http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-
01&resource=https://management.azure.com/’ -Method GET -Headers @{Metadata="true"}
Reference: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-arm
DRAG DROP
You have an application that provides weather forecasting data to external partners. You use Azure API Management to publish APIs.
You must change the behavior of the API to meet the following requirements:
• Support alternative input parameters.
• Remove formatting text from responses.
• Provide additional context to back-end services.
Which types of policies should you implement? To answer, drag the policy types to the correct scenarios. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
HOTSPOT
You are creating an app that uses Event Grid to connect with other services. Your app’s event data will be sent to a serverless function that checks compliance. This function is maintained by your company.
You write a new event subscription at the scope of your resource. The event must be invalidated after a specific period of time. You need to configure Event Grid to ensure security.
What should you implement? To answer, select the appropriate options in [he answer area. NOTE: Each correct selection is worth one point
Explanation:
Box 1: SAS tokens
Custom topics use either Shared Access Signature (SAS) or key authentication. Microsoft recommends SAS, but key authentication provides simple programming, and is compatible with many existing webhook publishers.
In this case we need the expiration time provided by SAS tokens.
Box 2: ValidationCode handshake
Event Grid supports two ways of validating the subscription: ValidationCode handshake (programmatic) and ValidationURL handshake (manual).
If you control the source code for your endpoint, this method is recommended.
Incorrect Answers:
ValidationURL handshake (manual): In certain cases, you can’t access the source code of the endpoint to implement the ValidationCode handshake. For example, if you use a third-party service (like Zapier or IFTTT), you can’t programmatically respond with the validation code.
Reference: https://docs.microsoft.com/en-us/azure/event-grid/security-authentication
you need to reduce read latency for the retail store solution.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . Create a new composite index for the store location data queries in Azure Cosmos DB. Modify the queries to support parameterized SQL and update the Azure function app to call the new Queries.
- B . Configure Azure Cosmos DB consistency to strong consistency Increase the RUs for the container supporting store location data.
- C . Provision an Azure Cosmos OB dedicated gateway, update blob storage to use the new dedicated gateway endpoint.
- D . Configure Azure Cosmos DB consistency to session consistency. Cache session tokens in a new Azure Redis cache instance after every write. Update reads to use the session token stored in Azure Redis.
- E . Provision an Azure Cosmos DB dedicated gateway Update the Azure Function app connection string to use the new dedicated gateway endpoint.