Approved Microsoft AZ-304 Study Guides Online

NEW QUESTION 1

You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
• Provide access to the full .NET framework.
• Provide redundancy if an Azure region fails.
• Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy an Azure virtual machine to two Azure regions, and you deploy an Azure Application Gateway.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
You need to deploy two Azure virtual machines to two Azure regions, but also create a Traffic Manager profile.

NEW QUESTION 2

To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: 2
The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.
Box 2: 1
Box 3: 1
Scenario:
Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.
Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials. All administrative access to the Azure portal must be secured by using multi-factor authentication.
Note:
Users must always authenticate by using their corp.fabrikam.com UPN identity.
The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.
Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication.
Rd.fabrikam.com is used by the research and development (R&D) department only.

NEW QUESTION 3

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named Storage1. You plan to archive data to Storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create a file share, and you configure an access policy. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Instead of a file share, an immutable Blob storage is required.
Time-based retention policy support: Users can set policies to store data for a specified interval. When a time-based retention policy is set, blobs can be created and read, but not modified or deleted. After the retention period has expired, blobs can be deleted but not overwritten.
Note: Set retention policies and legal holds
* 1. Create a new container or select an existing container to store the blobs that need to be kept in the immutable state. The container must be in a general-purpose v2 or Blob storage account.
* 2. Select Access policy in the container settings. Then select Add policy under Immutable blob storage.
* 3. To enable time-based retention, select Time-based retention from the drop-down menu.
* 4. Enter the retention interval in days (acceptable values are 1 to 146000 days). References:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutability-policies-manage

NEW QUESTION 4

A company has a hybrid ASP.NET Web API application that is based on a software as a service (SaaS) offering.
Users report general issues with the data. You advise the company to implement live monitoring and use ad hoc queries on stored JSON data. You also advise the company to set up smart alerting to detect anomalies in the data.
You need to recommend a solution to set up smart alerting. What should you recommend?

• A. Azure Application Insights and Azure Monitor Logs
• B. Azure Site Recovery and Azure Monitor Logs
• C. Azure Data Lake Analytics and Azure Monitor Logs
• D. Azure Security Center and Azure Data Lake Store

Answer: C

Explanation:
Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview

NEW QUESTION 5

You need to recommend a solution for protecting the content of the payment processing system. What should you include in the recommendation?

• A. Transparent Data Encryption (TDE)
• B. Azure Storage Service Encryption
• C. Always Encrypted with randomized encryption
• D. Always Encrypted with deterministic encryption

Answer: D

NEW QUESTION 6

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it As a result, these questions will not appear In the review screen.
You have an on-premises Hyper-V cluster that hosts 20 virtual machines. Some virtual machines run Windows Server 2016 and some run Linux.
You plan to migrate the virtual machines to an Azure subscription.
You need to recommend a solution to replicate the disks of the virtual machines to Azure. The solution must ensure that the virtual machines remain available during the migration of the disks.
Solution: You recommend implementing an Azure Storage account and then running AzCopy. Does this meet the goal?

• A. Yes
• B. NO

Answer: B

Explanation:
AzCopy only copy files, not the disks. Instead use Azure Site Recovery. References:
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview

NEW QUESTION 7

You plan to deploy a network-intensive application to several Azure virtual machines. You need to recommend a solution that meets the following requirements:
Minimizes the use of the virtual machine processors to transfer data
Minimizes network latency
Which virtual machine size and feature should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-hpc#h-series

NEW QUESTION 8

You have 70 TB of files on your on-premises file server.
You need to recommend solution for importing data to Azure. The solution must minimize cost. What Azure service should you recommend?

• A. Azure StorSimple
• B. Azure Batch
• C. Azure Data Box
• D. Azure Stack

Answer: C

Explanation:
Microsoft has engineered an extremely powerful solution that helps customers get their data to the Azure public cloud in a cost-effective, secure, and efficient manner with powerful Azure and machine learning at play. The solution is called Data Box.
Data Box and is in general availability status. It is a rugged device that allows organizations to have 100 TB of capacity on which to copy their data and then send it to be transferred to Azure.
Reference:
https://www.vembu.com/blog/what-is-microsoft-azure-data-box-disk-edge-heavy-gateway-overview/

NEW QUESTION 9

You need to recommend a solution for protecting the content of the back-end tier of the payment processing system.
What should you include in the recommendations?

• A. Always Encrypted with deterministic encryption
• B. Transparent Date Encryption (TDE)
• C. Azure Storage Service Encryption
• D. Always Encrypted with randomized encryption

Answer: A

NEW QUESTION 10

You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant. The subscription contains 10 resource groups, one for each department at your company. Each department has a specific spending limit for its Azure resources.
You need to ensure that when a department reaches its spending limit, the compute resources of the department shut down automatically.
Which two features should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. Azure Logic Apps
• B. Azure Monitor alerts
• C. the spending limit of an Azure account
• D. Cost Management budgets
• E. Azure Log Analytics alerts

Answer: CD

Explanation:
C: The spending limit in Azure prevents spending over your credit amount. All new customers who sign up for an Azure free account or subscription types that include credits over multiple months have the spending limit turned on by default. The spending limit is equal to the amount of credit and it can’t be changed.
D: Turn on the spending limit after removing
This feature is available only when the spending limit has been removed indefinitely for subscription types that include credits over multiple months. You can use this feature to turn on your spending limit automatically at the start of the next billing period.
Sign in to the Azure portal as the Account Administrator.
Search for Cost Management + Billing.
Etc.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/spending-limit

NEW QUESTION 11

Your company purchases an app named App1.
You plan to tun App1 on seven Azure virtual machines In an Availability Set. The number of fault domains is set to 3. The number of update domains is set to 20.
You need to identity how many App1 instances will remain available during a period of planned maintenance. How many Appl instances should you identify?

• A. 1
• B. 2
• C. 6
• D. 7

Answer: C

Explanation:
Only one update domain is rebooted at a time. Here there are 7 update domain with one VM each (and 13 update domain with no VM).
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability

NEW QUESTION 12

You need to recommend a strategy for migrating the database content of WebApp1 to Azure. What should you include in the recommendation?

• A. Use Azure Site Recovery to replicate the SQL servers to Azure.
• B. Use SQL Server transactional replication.
• C. Copy the BACPAC file that contains the Azure SQL database file to Azure Blob storage.
• D. Copy the VHD that contains the Azure SQL database files to Azure Blob storage

Answer: D

Explanation:
Before you upload a Windows virtual machine (VM) from on-premises to Azure, you must prepare the virtual hard disk (VHD or VHDX).
Scenario: WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V. Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhd-image

NEW QUESTION 13

What should you include in the identity management strategy to support the planned changes?

• A. Move all the domain controllers from corp.fabrikam.com to virtual networks in Azure.
• B. Deploy domain controllers for corp.fabrikam.com to virtual networks in Azure.
• C. Deploy a new Azure AD tenant for the authentication of new R&D projects.
• D. Deploy domain controllers for the rd.fabrikam.com forest to virtual networks in Azure.

Answer: B

Explanation:
Directory synchronization between Azure Active Directory (Azure AD) and corp.fabrikam.com must not be affected by a link failure between Azure and the on-premises network. (This requires domain controllers in Azure)
Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails. (This requires domain controllers on-premises)

NEW QUESTION 14

You have an on-premises Hyper-V cluster. The cluster contains Hyper-V hosts that run Windows Server 2016 Datacenter. The hosts are licensed under a Microsoft Enterprise Agreement that has Software Assurance.
The Hyper-V cluster hosts 3 virtual machines that run Windows Server 2012 R2. Each virtual machine runs a different workload. The workloads have predictable consumption patterns.
You plan to replace the virtual machines with Azure virtual machines that run Windows Server 2016. The virtual machines will be sized according to the consumption pattern of each workload.
You need to recommend a solution to minimize the compute costs of the Azure virtual machines.
Which two recommendations should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. Purchase Azure Reserved Virtual Machine Instances for the Azure virtual machines
• B. Create a virtual machine scale set that uses autoscaling
• C. Configure a spending limit in the Azure account center
• D. Create a lab in Azure DevTest Labs and place the Azure virtual machines in the lab
• E. Activate Azure Hybrid Benefit for the Azure virtual machines

Answer: AE

Explanation:
Reference:
https://azure.microsoft.com/en-us/pricing/reserved-vm-instances/ https://docs.microsoft.com/en-us/azure/virtual-machines/windows/hybrid-use-benefit-licensing

NEW QUESTION 15

You need to recommend a data storage strategy for WebApp1. What should you include in in the recommendation?

• A. an Azure SQL Database elastic pool
• B. a vCore-baswl Azure SQL database
• C. an Azure virtual machine that runs SQL Server
• D. a fixed-size DTU AzureSQL database.

Answer: B

NEW QUESTION 16

You are designing a large Azure environment that will contain many subscriptions. You plan to use Azure Policy as part of a governance solution.
To which three scopes can you assign Azure Policy definitions? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

• A. management groups
• B. subscriptions
• C. Azure Active Directory (Azure AD) tenants
• D. resource groups
• E. Azure Active Directory (Azure AD) administrative units
• F. compute resources

Answer: ABD

Explanation:
Azure Policy evaluates resources in Azure by comparing the properties of those resources to business rules. Once your business rules have been formed, the policy definition or initiative is assigned to any scope of resources that Azure supports, such as management groups, subscriptions, resource groups, or individual resources.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview

NEW QUESTION 17

Your company is designing a multi-tenant application that will use elastic pools and Azure SQL databases. The application will be used by 30 customers.
You need to design a storage solution for the application. The solution must meet the following requirements:
Operational costs must be minimized.
All customers must have their own database.
The customer databases will be in one of the following three Azure regions: East US, North Europe, or South Africa North.
What is the minimum number of elastic pools and Azure SQL Database servers required? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: 3
The server, its pools & databases must be in the same Azure region under the same subscription. Box 2: 3
A server can have up to 5000 databases associated to it.
Reference:
https://vincentlauzon.com/2016/12/18/azure-sql-elastic-pool-overview/

NEW QUESTION 18

You have an Azure App Service Web App that includes Azure Blob storage and an Azure SQL Database instance. The application is instrumented by using the Application Insights SDK.
You need to design a monitoring solution for the web app.
Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
* 1. Azure Monitor Log
* 2. Azure Application Insights (application map in App insights)
* 3. Azure Application Insights
* 4. Azure Application insights
https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-map?tabs=net https://docs.microsoft.com/en-us/azure/azure-monitor/insights/service-map

NEW QUESTION 19

You are building an application that will run in a virtual machine (VM). The application will use Azure Managed Identity.
The application uses Azure Key Vault, Azure SQL Database, and Azure Cosmos DB. You need to ensure the application can use secure credentials to access these services.
Which authentication method should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Note: Managed identities for Azure resources is the new name for the service formerly known as Managed
Service Identity (MSI). Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

NEW QUESTION 20

You are planning to deploy an application named App1 that will run in containers on Azure Kubernetes Service (AKS) clusters. The AKS clusters will be distributed across four Azure regions.
You need to recommend a storage solution for App1. Updated container images must be replicated automatically to all the AKS clusters.
Which storage solution should you recommend?

• A. Premium SKU Azure Container Registry
• B. Azure Content Delivery Network (CDN)
• C. geo redundant storage (GRS) accounts
• D. Azure Cache for Redis

Answer: A

Explanation:
Enable geo-replication for container images.
Best practice: Store your container images in Azure Container Registry and geo-replicate the registry to each AKS region.
To deploy and run your applications in AKS, you need a way to store and pull the container images. Container Registry integrates with AKS, so it can securely store your container images or Helm charts. Container Registry supports multimaster geo-replication to automatically replicate your images to Azure regions around the world.
Geo-replication is a feature of Premium SKU container registries. Note:
When you use Container Registry geo-replication to pull images from the same region, the results are: Faster: You pull images from high-speed, low-latency network connections within the same Azure region.
More reliable: If a region is unavailable, your AKS cluster pulls the images from an available container registry.
Cheaper: There's no network egress charge between datacenters. Reference:
https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-multi-region

NEW QUESTION 21

A company named Contoso, Ltd- has an Azure Active Directory {Azure AD) tenant that uses the Basic license.
You plan to deploy two applications to Azure. The applications have the requirements shown in the following table.

Which authentication strategy should you recommend for each application? To answer, drag the appropriate authentication strategies to the correct applications. Each authentication strategy may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Azure AD V2.0 endpoint
Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) developer platform. It allows developers to build applications that sign in all Microsoft identities and get tokens to call Microsoft APIs, such as Microsoft Graph, or APIs that developers have built. The Microsoft identity platform consists of:
OAuth 2.0 and OpenID Connect standard-compliant authentication service that enables developers to authenticate any Microsoft identity, including:
Work or school accounts (provisioned through Azure AD)
Personal Microsoft accounts (such as Skype, Xbox, and Outlook.com) Social or local accounts (via Azure AD B2C)
Box 2: Azure AD B2C tenant
Azure Active Directory B2C provides business-to-customer identity as a service. Your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs.
Azure Active Directory B2C (Azure AD B2C) integrates directly with Azure Multi-Factor Authentication so that you can add a second layer of security to sign-up and sign-in experiences in your applications.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-mfa https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview

NEW QUESTION 22
......