Practice Free AZ-204 Exam Online Questions
you need to reduce read latency for the retail store solution.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . Create a new composite index for the store location data queries in Azure Cosmos DB. Modify the queries to support parameterized SQL and update the Azure function app to call the new Queries.
- B . Configure Azure Cosmos DB consistency to strong consistency Increase the RUs for the container supporting store location data.
- C . Provision an Azure Cosmos OB dedicated gateway, update blob storage to use the new dedicated gateway endpoint.
- D . Configure Azure Cosmos DB consistency to session consistency. Cache session tokens in a new Azure Redis cache instance after every write. Update reads to use the session token stored in Azure Redis.
- E . Provision an Azure Cosmos DB dedicated gateway Update the Azure Function app connection string to use the new dedicated gateway endpoint.
HOTSPOT
You need to implement event routing for retail store location data.
Which configuration should you use?
You need to implement a solution to resolve the retail store location data issue.
Which three Azure Blob features should you enable? Each correct answer presents part of the solution. NOTE Each correct selection is worth one point
- A . Immutability
- B . Snapshots
- C . Versioning
- D . Soft delete
- E . Object replication
- F . Change feed
CDF
Explanation:
Scenario: You must perform a point-in-time restoration of the retail store location data due to an unexpected and accidental deletion of data.
Before you enable and configure point-in-time restore, enable its prerequisites for the storage account: soft delete, change feed, and blob versioning.
Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/point-in-time-restore-manage
HOTSPOT
You develop several Azure Grid to include hundreds of event types, such as billing, inventory, and shipping updates.
Events must be sent to a single endpoint for the Azure Functions app to process. The events must be filtered by event type before processing. You must have authorization and authentication control to partition your tenants to receive the event data.
You need to configure Azure Event Grid.
Which configuration should you use? To answer, select the appropriate values in the answer area. NOTE: Each correct selection is worth one point.
You are developing an Azure App Service REST API.
The API must be called by an Azure App Service web app. The API must retrieve and update user profile information stored in Azure Active Directory (Azure AD).
You need to configure the API to make the updates.
Which two tools should you use? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Microsoft Graph API
- B . Microsoft Authentication Library (MSAL)
- C . Azure API Management
- D . Microsoft Azure Security Center
- E . Microsoft Azure Key Vault SDK
AC
Explanation:
A: You can use the Azure AD REST APIs in Microsoft Graph to create unique workflows between Azure AD resources and third-party services.
Enterprise developers use Microsoft Graph to integrate Azure AD identity management and other services to automate administrative workflows, such as employee onboarding (and termination), profile maintenance, license deployment, and more.
C: API Management (APIM) is a way to create consistent and modern API gateways for existing back-end services.
API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services.
Reference: https://docs.microsoft.com/en-us/graph/azuread-identity-access-management-concept-overview
HOTSPOT
You develop an application that sells Al generated images based on user input. You recently started a marketing campaign that displays unique ads every second day.
Sales data is stored in Azure Cosmos DB with the date of each sale being stored in a property named ‘whenFinished’.
The marketing department requires a view that shows the number of sales for each unique ad.
You need to implement the query for the view.
How should you complete the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an application that includes an Azure Web app and several Azure Function apps.
Application secrets including connection strings and certificates are stored in Azure Key Vault.
Secrets must not be stored in the application or application runtime environment. Changes to Azure Active Directory (Azure AD) must be minimized.
You need to design the approach to loading application secrets.
What should you do?
- A . Create a single user-assigned Managed Identity with permission to access Key Vault and configure each App Service to use that Managed Identity.
- B . Create a single Azure AD Service Principal with permission to access Key Vault and use a client secret from within the App Services to access Key Vault.
- C . Create a system assigned Managed Identity in each App Service with permission to access Key Vault.
- D . Create an Azure AD Service Principal with Permissions to access Key Vault for each App Service and use a certificate from within the App Services to access Key Vault.
C
Explanation:
Use Key Vault references for App Service and Azure Functions.
Key Vault references currently only support system-assigned managed identities. User-assigned identities cannot be used.
Reference: https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references
An organization deploys Azure Cosmos DB.
You need to ensure that the index is updated as items are created, updated, or deleted.
What should you do?
- A . Set the value of the EnableScanlnQuery option to True.
- B . Set the indexing mode to Consistent.
- C . Set the indexing mode to Lazy.
- D . Set the value of the automatic property of the indexing policy to False.
HOTSPOT
You need to ensure that network security policies are met.
How should you configure network security? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Valid root certificate
Scenario: All websites and services must use SSL from a valid root certificate authority.
Box 2: Azure Application Gateway
Scenario:
Any web service accessible over the Internet must be protected from cross site scripting attacks.
All Internal services must only be accessible from Internal Virtual Networks (VNets)
All parts of the system must support inbound and outbound traffic restrictions.
Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities. SQL injection and cross-site scripting are among the most common attacks.
Application Gateway supports autoscaling, SSL offloading, and end-to-end SSL, a web application firewall (WAF), cookie-based session affinity, URL path-based routing, multisite hosting, redirection, rewrite HTTP headers and other features.
Note: Both Nginx and Azure Application Gateway act as a reverse proxy with Layer 7 loadbalancing features plus a WAF to ensure strong protection against common web vulnerabilities and exploits.
You can modify Nginx web server configuration/SSL for X-XSS protection. This helps to prevent cross-site scripting exploits by forcing the injection of HTTP headers with X-XSS protection.
Reference: https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview
https://www.upguard.com/articles/10-tips-for-securing-your-nginx-deployment
DRAG DROP
You have an application that provides weather forecasting data to external partners. You use Azure API Management to publish APIs.
You must change the behavior of the API to meet the following requirements:
• Support alternative input parameters.
• Remove formatting text from responses.
• Provide additional context to back-end services.
Which types of policies should you implement? To answer, drag the policy types to the correct scenarios. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
