Reliable Azure Solutions Architect Expert AZ-304 Dumps PDF Dec 28, 2021 Recently Updated Questions
Pass Your Microsoft AZ-304 Exam with Correct 273 Questions and Answers
The Microsoft AZ-304 exam targets solutions architects who want to improve their Azure architecture and development skills to reach the highest level of proficiency in these fields.
NEW QUESTION 24
You are designing a software as a service (SaaS) application that will enable Azure Active Directory (Azure AD) users to create and publish surveys. The SaaS application will have a front-end web app and a back-end web API. The web app will rely on the web API to handle updates to customer surveys.
You need to design an authorization flow for the SaaS application. The solution must meet the following requirements:
* To access the back-end web API, the web app must authenticate by using OAuth 2 bearer tokens.
* The web app must authenticate by using the identities of individual users.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
References:
https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-dotnet-webapi
NEW QUESTION 25
You plan to deploy the backup policy shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 26
You have an Azure subscription that contains the resources shown in the following table.
You create an Azure SQL database named DB1 that is hosted in the East US region.
To DB1, you add a diagnostic setting named Settings1. Settings1 archives SQLInsights to storage1 and sends SQLInsights to Workspace1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selections is worth one point.
Answer:
Explanation:
Explanation:
Box 1: No
You archive logs only to Azure Storage accounts.
Box 2: Yes
Box 3: Yes
Sending logs to Event Hubs allows you to stream data to external systems such as third-party SIEMs and other log analytics solutions.
Note: A single diagnostic setting can define no more than one of each of the destinations. If you want to send data to more than one of a particular destination type (for example, two different Log Analytics workspaces), then create multiple settings. Each resource can have up to 5 diagnostic settings.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/diagnostic-settings
NEW QUESTION 27
You are designing an access policy for the sales department at your company.
Occasionally, the developers at the company must stop, start, and restart Azure virtual machines. The development team changes often.
You need to recommend a solution to provide the developers with the required access to the virtual machines. The solution must meet the following requirements:
Provide permissions only when needed.
Use the principle of least privilege.
Minimize costs.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 28
You nave 200 resource groups across 20 Azure subscriptions.
Your company's security policy states that the security administrator most verify all assignments of the Owner role for the subscriptions and resource groups once a month. All assignments that are not approved try the security administrator must be removed automatically. The security administrator must be prompted every month to perform the verification.
What should you use to implement the security policy?
- A. Access reviews in identity Governance
- B. Identity Secure Score in Azure Security Center
- C. the user risk policy Azure Active Directory (Azure AD) Identity Protection
- D. role assignments in Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
Answer: A
Explanation:
Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments. User's access can be reviewed on a regular basis to make sure only the right people have continued access.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview
NEW QUESTION 29
You have an Azure subscription that contains 300 Azure virtual machines that run Windows Server 2016.
You need to centrally monitor all warning events in the System logs of the virtual machines.
What should you include in the solutions? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows
NEW QUESTION 30
Your company plans to use a separate Azure subscription for each of its business units. You identify the following governance requirements:
* Each business unit will analyze costs for different workloads such as production, development, and testing.
* The company will analyze costs by business unit and workload.
What should you use to meet the governance requirements?
- A. Microsoft Intune and compliance policies
- B. tags and Azure Policy
- C. Azure management groups and RBAC
- D. Azure Advisor alerts and Azure Logic Apps
Answer: B
NEW QUESTION 31
You need to recommend an Azure Storage Account configuration for two applications named Application1 and Applications. The configuration must meet the following requirements:
* Storage for Application1 must provide the highest possible transaction rates and the lowest possible latency.
* Storage for Application2 must provide the lowest possible storage costs per GB.
* Storage for both applications must be optimized for uploads and downloads.
* Storage for both applications must be available in an event of datacenter failure.
What should you recommend ? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point
Answer:
Explanation:
Explanation
NEW QUESTION 32
You have an Azure Active Directory (Azure AD) tenant named Contoso.com. The tenant contains a group named Group1. Group1 contains all the administrator user accounts.
You discover several login attempts to the Azure portal from countries administrator users do NOT work.
You need to ensure that all login attempts to the portal from those countries require Azure Multi-Factor Authentication (MFA).
Solution: Implement Azure AD Privileged Identity Management.
Does this meet the goal?
- A. Yes
- B. No
Answer: A
Explanation:
Explanation
Azure Active Directory (Azure AD) Privileged Identity Management (PIM) is a service that enables you to manage, control, and monitor access to important resources in your organization.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
NEW QUESTION 33
Your company has the offices shown in the following table.
The network contains an Active Directory domain named contoso.com that is synced to Azure Active Directory (Azure AD).
All users connect to an application hosted in Microsoft 365.
You need to recommend a solution to ensure that all the users use Azure Multi-Factor Authentication (MFA) to connect to the application from one of the offices.
What should you include in the recommendation?
- A. a named location and two Microsoft Cloud App Security policies
- B. a conditional access policy and two virtual networks
- C. a virtual network and two Microsoft Cloud App Security policies
- D. a conditional access policy and two named locations
Answer: D
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa#named-locations
NEW QUESTION 34
You plan to create an Azure environment that will have a root management group and five child and five child management groups. Each child management group will contains five Azure subscriptions. You plan to have between 10 and 30 resource group in each subscription.
Ensure that you can update RBAC role assignment all the subscription and resource groups.
Minimize administrative effort.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 35
You configure OAuth2 authorization in API Management as shown in the exhibit.
Use the drop-domain to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: Web applications
The Authorization Code Grant Type is used by both web apps and native apps to get an access token after a user authorizes an app.
Note: The Authorization Code grant type is used by confidential and public clients to exchange an authorization code for an access token.
After the user returns to the client via the redirect URL, the application will get the authorization code from the URL and use it to request an access token.
Answers:
Not Headless device authentication:
A headless system is a computer that operates without a monitor, graphical user interface (GUI) or peripheral devices, such as keyboard and mouse.
Headless computers are usually embedded systems in various devices or servers in multi-server data center environments. Industrial machines, automobiles, medical equipment, cameras, household appliances, airplanes, vending machines and toys are among the myriad possible hosts of embedded systems.
Box 2: Client Credentials
How to include additional client data
In case you need to store additional details about a client that don't fit into the standard parameter set the custom data parameter comes to help:
POST /c2id/clients HTTP/1.1
Host: demo.c2id.com
Content-Type: application/json
Authorization: Bearer ztucZS1ZyFKgh0tUEruUtiSTXhnexmd6
{
"redirect_uris" : [ "https://myapp.example.com/callback" ],
"data" : { "reg_type" : "3rd-party",
"approved" : true,
"author_id" : 792440 }
}
The data parameter permits arbitrary content packaged in a JSON object. To set it you will need the master registration token or a one-time access token with a client-reg:data scope.
Incorrect Answers:
Authorization protocols provide a state parameter that allows you to restore the previous state of your application. The state parameter preserves some state object set by the client in the Authorization request and makes it available to the client in the response.
Reference:
https://developer.okta.com/blog/2018/04/10/oauth-authorization-code-grant-type
https://connect2id.com/products/server/docs/guides/client-registration
NEW QUESTION 36
You need to recommend a strategy for migrating the database content of WebApp1 to Azure. What should you include in the recommendation?
- A. Use SQL Server transactional replication.
- B. Copy the VHD that contains the Azure SQL database files to Azure Blob storage
- C. Copy the BACPAC file that contains the Azure SQL database file to Azure Blob storage.
- D. Use Azure Site Recovery to replicate the SQL servers to Azure.
Answer: B
Explanation:
Before you upload a Windows virtual machine (VM) from on-premises to Azure, you must prepare the virtual hard disk (VHD or VHDX).
Scenario: WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhd-image
NEW QUESTION 37
You are planning an Azure Storage solution for sensitive dat
a. The data will be accessed daily. The data set is less than 10 GB.
You need to recommend a storage solution that meets the following requirements:
* All the data written to storage must be retained for five years.
* Once the data is written, the data can only be read. Modifications and deletion must be prevented.
* After five years, the data can be deleted, but never modified.
* Data access charges must be minimized
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 38
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.
Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network.
You need to enable single sign-on (SSO) for company users.
Solution: Install and configure an Azure AD Connect server to use pass-through authentication and select the Enable single sign-on option.
Does the solution meet the goal?
- A. Yes
- B. No
Answer: A
Explanation:
Explanation
Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) automatically signs users in when they are on their corporate devices connected to your corporate network. When enabled, users don't need to type in their passwords to sign in to Azure AD, and usually, even type in their usernames. This feature provides your users easy access to your cloud-based applications without needing any additional on-premises components.
Seamless SSO can be combined with either the Password Hash Synchronization or Pass-through Authentication sign-in methods.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso
NEW QUESTION 39
You are designing an order processing system in Azure that will contain the Azure resources shown in the following table.
The order processing system will have the following transaction flow:
* A customer will place an order by using App1.
* When the order is received, App1 will generate a message to check for product availability at vendor 1 and vendor 2.
* An integration component will process the message, and then trigger either Function1 or Function2 depending on the type of order.
* Once a vendor confirms the product availability, a status message for App1 will be generated by Function1 or Function2.
* All the steps of the transaction will be logged to storage1.
Which type of resource should you recommend for the integration component?
D18912E1457D5D1DDCBD40AB3BF70D5D
Which type of resource should you recommend for the integration component?
- A. an Azure Data Factory pipeline
- B. an Azure Service Bus queue
- C. an Azure Event Hubs capture
- D. an Azure Event Grid domain
Answer: A
Explanation:
Explanation
A data factory can have one or more pipelines. A pipeline is a logical grouping of activities that together perform a task.
The activities in a pipeline define actions to perform on your data.
Data Factory has three groupings of activities: data movement activities, data transformation activities, and control activities.
Azure Functions is now integrated with Azure Data Factory, allowing you to run an Azure function as a step in your data factory pipelines.
Reference:
https://docs.microsoft.com/en-us/azure/data-factory/concepts-pipelines-activities
NEW QUESTION 40
Your company develops a web service that is deployed to at, Azure virtual machine named VM1 the web service allows an API to access real- time data from VM1. The current virtual machine deployment is shown in the Deployment exhibit. (Click the Deployment tab).
The chief technology officer (CTO) sends you the following email message: "Our developers have deployed the web service to a virtual machine named WL Testing has shown that the API is accessible from VM1 and VM? Our partners must be able to connect to the API over the Internet Partners will me this data in applications that they develop:
You deploy an Azure API Management service. The relevant API Management configuration is shown in the API ambit. (Click the API tab).
For each of the following statements, select. Yes, if the statement is true. Otherwise. select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 41
You are building an application that will run in a virtual machine (VM). The application will use Azure Managed Identity.
The application uses Azure Key Vault, Azure SQL Database, and Azure Cosmos DB.
You need to ensure the application can use secure credentials to access these services.
Which authentication method should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Note: Managed identities for Azure resources is the new name for the service formerly known as Managed Service Identity (MSI).
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
NEW QUESTION 42
You plan to import data from your on-premises environment into Azure. The data is shown in the following table.
What should you recommend using to migrate the data? To answer, drag the appropriate tools to the correct data sources. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/dms/tutorial-sql-server-to-azure-sql
https://docs.microsoft.com/en-us/azure/cosmos-db/import-data
NEW QUESTION 43
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing an Azure solution for a company that has four departments. Each department will deploy several Azure app services and Azure SQL databases.
You need to recommend a solution to report the costs for each department to deploy the app services and the databases. The solution must provide a consolidated view for cost reporting that displays cost broken down by department.
Solution: Place all resources in the same resource group. Assign tags to each resource.
Does the solution meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
Instead, create a resources group for each resource type. Assign tags to each resource Note: Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to organize resources for billing or management.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
NEW QUESTION 44
You configure the Diagnostics settings for an Azure SQL database as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 45
......
Microsoft AZ-304 (Microsoft Azure Architect Design) is one of the exams that candidates need to ace to obtain the Microsoft Certified: Azure Solutions Architect Expert certification. The other test that is also required for this certificate is AZ-303 (Microsoft Azure Architect Technologies).
Latest 2021 Realistic Verified AZ-304 Dumps: https://www.guidetorrent.com/AZ-304-pdf-free-download.html