Latest [Dec 20, 2021] Microsoft AZ-304 Exam Practice Test To Gain Brilliante Result
Take a Leap Forward in Your Career by Earning Microsoft AZ-304
Helpful Training Courses for AZ-304
To help candidates fully prepare for AZ-304, Microsoft provides an official 4-day instructor-led training named ‘Course AZ-304T00-A: Microsoft Azure Architect Design’. This learning program consists of 14 modules, each focusing on a different topic that will be assessed by AZ-304. Aside from the lessons in each module, there are also lab exercises, which gives students the opportunity to better understand how to apply what they learnt to the Azure platform. Upon completion of this training, candidates will be able to:
- Create a site recovery solution for Azure
- Utilize Azure AD Managed Identities properly
- Understand Azure Policies
- Suggest solutions for storage access
- Get aware of the concepts of cost minimization, and much more.
- Use Key Vault
- Incorporate hybrid identity
- Use conditional access technologies
As for the prerequisites to attend this course, candidates have to know various network configurations, virtualization technologies, disaster recovery techniques, active directory terminologies, and the basics of app development. Also, they should be familiar with databases, APIs, decoupling services, decoupling apps, and lastly, security concepts.
Those applicants who prefer to study on their own can opt for free learning modules also offered by Microsoft. All the information needed for AZ-304 is divided into 9 lessons, which ensures step-by-step comprehension. By completing this program, candidates will learn to build network infrastructures, storage infrastructures, data platforms, and others.
How much AZ-304: Microsoft Azure Architect Design Exam Cost
The price of the Microsoft Mobility and Devices Fundamentals exam is $99 USD, for more information related to exam price please visit to Microsoft Training website as prices of Microsoft exams fees get varied country wise.
NEW QUESTION 29
You need to configure an Azure policy to ensure that the Azure SQL databases have TDE enabled. The solution must meet the security and compliance requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
A picture containing text Description automatically generated
Scenario: All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.
Step 1: Create an Azure policy definition that uses the deployIfNotExists identity.
The first step is to define the roles that deployIfNotExists and modify needs in the policy definition to successfully deploy the content of your included template.
Step 2: Create an Azure policy assignment
When creating an assignment using the portal, Azure Policy both generates the managed identity and grants it the roles defined in roleDefinitionIds.
Step 3: Invoke a remediation task
Resources that are non-compliant to a deployIfNotExists or modify policy can be put into a compliant state through Remediation. Remediation is accomplished by instructing Azure Policy to run the deployIfNotExists effect or the modify operations of the assigned policy on your existing resources and subscriptions, whether that assignment is to a management group, a subscription, a resource group, or an individual resource.
During evaluation, the policy assignment with deployIfNotExists or modify effects determines if there are non-compliant resources or subscriptions. When non-compliant resources or subscriptions are found, the details are provided on the Remediation page.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources
NEW QUESTION 30
You design a solution for the web tier of WebApp1 as shown in the exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Explanation:
Explanation:
Box 1: Yes
Any new deployments to Azure must be redundant in case an Azure region fails.
Traffic Manager uses DNS to direct client requests to the most appropriate service endpoint based on a traffic-routing method and the health of the endpoints. An endpoint is any Internet-facing service hosted inside or outside of Azure. Traffic Manager provides a range of traffic-routing methods and endpoint monitoring options to suit different application needs and automatic failover models. Traffic Manager is resilient to failure, including the failure of an entire Azure region.
Box 2: Yes
Recent changes in Azure brought some significant changes in autoscaling options for Azure Web Apps (i.e. Azure App Service to be precise as scaling happens on App Service plan level and has effect on all Web Apps running in that App Service plan).
Box 3: No
Traffic Manager provides a range of traffic-routing methods and endpoint monitoring options to suit different application needs and automatic failover models. Traffic Manager is resilient to failure, including the failure of an entire Azure region.
Reference:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
https://blogs.msdn.microsoft.com/hsirtl/2017/07/03/autoscaling-azure-web-apps/
NEW QUESTION 31
Your company deploys several Linux and Windows virtual machines (VMs) to Azure. The VMs are deployed with the Microsoft Dependency Agent and the Log Analytics Agent installed by using Azure VM extensions.
On-premises connectivity has been enabled by using Azure ExpressRoute.
You need to design a solution to monitor the VMs.
Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Azure Traffic Analytics
Traffic Analytics is a cloud-based solution that provides visibility into user and application activity in cloud networks. Traffic analytics analyzes Network Watcher network security group (NSG) flow logs to provide insights into traffic flow in your Azure cloud. With traffic analytics, you can:
* Identify security threats to, and secure your network, with information such as open-ports, applications attempting internet access, and virtual machines (VM) connecting to rogue networks.
* Visualize network activity across your Azure subscriptions and identify hot spots.
* Understand traffic flow patterns across Azure regions and the internet to optimize your network deployment for performance and capacity.
* Pinpoint network misconfigurations leading to failed connections in your network.
Box 2: Azure Service Map
Service Map automatically discovers application components on Windows and Linux systems and maps the communication between services. With Service Map, you can view your servers in the way that you think of them: as interconnected systems that deliver critical services. Service Map shows connections between servers, processes, inbound and outbound connection latency, and ports across any TCP-connected architecture, with no configuration required other than the installation of an agent.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/service-map
NEW QUESTION 32
To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 33
You need to recommend a solution for configuring the Azure Multi-Factor Authentication (MFA) settings.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-mfa-policy
NEW QUESTION 34
Your company deploys an Azure App Service Web App.
During testing the application fails under load. The application cannot handle more than 100 concurrent user sessions. You enable the Always On feature. You also configure auto-scaling to increase counts from two to
10 based on HTTP queue length.
You need to improve the performance of the application.
Which solution should you use for each application scenario? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Content Delivery Network
A content delivery network (CDN) is a distributed network of servers that can efficiently deliver web content to users. CDNs store cached content on edge servers in point-of-presence (POP) locations that are close to end users, to minimize latency.
Azure Content Delivery Network (CDN) offers developers a global solution for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world. Azure CDN can also accelerate dynamic content, which cannot be cached, by leveraging various network optimizations using CDN POPs. For example, route optimization to bypass Border Gateway Protocol (BGP).
Box 2: Azure Redis Cache
Azure Cache for Redis is based on the popular software Redis. It is typically used as a cache to improve the performance and scalability of systems that rely heavily on backend data-stores. Performance is improved by temporarily copying frequently accessed data to fast storage located close to the application. With Azure Cache for Redis, this fast storage is located in-memory with Azure Cache for Redis instead of being loaded from disk by a database.
References:
https://docs.microsoft.com/en-us/azure/azure-cache-for-redis/cache-overview
NEW QUESTION 35
You have an Azure subscription that contains an Azure SQL database.
You are evaluating whether to use Azure reservations on the Azure SQL database.
Which tool should you use to estimate the potential savings?
- A. The Purchase reservations blade in the Azure portal
- B. The SQL database blade in the Azure portal
- C. The Advisor blade in the Azure portal
Answer: A
Explanation:
Buy reserved capacity
Sign in to the Azure portal.
Select All services > Reservations.
Select Add and then in the Purchase Reservations pane, select SQL Database to purchase a new reservation for SQL Database.
Fill in the required fields. Existing databases in SQL Database and SQL Managed Instance that match the attributes you select qualify to get the reserved capacity discount. The actual number of databases or managed instances that get the discount depends on the scope and quantity selected.
Review the cost of the capacity reservation in the Costs section.
Select Purchase.
Select View this Reservation to see the status of your purchase.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/reserved-capacity-overview
NEW QUESTION 36
Your company identifies the following business continuity and disaster recovery objectives for virtual machines that host sales, finance, and reporting application in the company's on-premises data center.
* The finance application requires that data be retained for seven years. In the event of a disaster, the application must be able to run from Azure. The recovery in objective (RTO) is 10 minutes,
* The reporting application must be able to recover point in-time data al a daily granularity. The RTO is eight hours.
* The sales application must be able to fail over to second on-premises data center.
You need to recommend which Azure services meet the business community and disaster recovery objectives. The solution must minimize costs.
What should you recommend for each application? To answer, drag the appropriate services to the correct application. Each service may be used owe. More than once not at an You may need to drag the spin bar between panes or scroll 10 view content.
Answer:
Explanation:
1 - Azure Site Recovery only
2 - Azure Site Recovery and Azure Backup
3 - Azure Backup only
NEW QUESTION 37
You have an Azure SQL database named DB1.
You need to recommend a data security solution for DB1. the solution must meet the following requirements:
* When helpdesk supervisors query DS1. they must see the full number of each credit card.
* When helpdesk operators Query DB1. they must see only the last four digits of each credit card number
* A column named Credit Rating must never appear in plain text within the database system, and only client applications must be able to decrypt the Credit Rating column.
What should you include in the recommendation To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Dynamic data masking
Dynamic data masking helps prevent unauthorized access to sensitive data by enabling customers to designate how much of the sensitive data to reveal with minimal impact on the application layer. It's a policy-based security feature that hides the sensitive data in the result set of a query over designated database fields, while the data in the database is not changed.
Box 2: Always encrypted
Data stored in the database is protected even if the entire machine is compromised, for example by malware.
Always Encrypted leverages client-side encryption: a database driver inside an application transparently encrypts data, before sending the data to the database. Similarly, the driver decrypts encrypted data retrieved in query results.
Reference:
https://azure.microsoft.com/en-us/blog/transparent-data-encryption-or-always-encrypted/
NEW QUESTION 38
You need to recommend a solution for the user at Contoso to authenticate to the cloud-based sconces and the Azure AD-integrated application. What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 39
You deploy several Azure SQL Database instances.
You plan to configure the Diagnostics settings on the databases as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
In the exhibit, the SQLInsights data is configured to be stored in Azure Log Analytics for 90 days. However, the question is asking for the "maximum" amount of time that the data can be stored which is 730 days.
NEW QUESTION 40
Your company develops a web service that is deployed to at, Azure virtual machine named VM1 the web service allows an API to access real- time data from VM1. The current virtual machine deployment is shown in the Deployment exhibit. (Click the Deployment tab).
The chief technology officer (CTO) sends you the following email message: "Our developers have deployed the web service to a virtual machine named WL Testing has shown that the API is accessible from VM1 and VM? Our partners must be able to connect to the API over the Internet Partners will me this data in applications that they develop:
You deploy an Azure API Management service. The relevant API Management configuration is shown in the API ambit. (Click the API tab).
For each of the following statements, select. Yes, if the statement is true. Otherwise. select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 41
You have 100 devices that write performance data to Azure Blob storage
You plan to store and analyze the performance data in art Azure SQL database.
You need to recommend a solution to move the performance data to the SCX database.
What should you include in the recommendation?
- A. Azure Data Box
- B. Azure Database Migration Service
- C. Data Migration Assistant
- D. Azure Data Factory
Answer: D
Explanation:
Explanation
You can copy data from Azure Blob to Azure SQL Database using Azure Data Factory.
Reference:
https://docs.microsoft.com/en-us/azure/data-factory/tutorial-copy-data-dot-net
NEW QUESTION 42
Your company identifies the following business continuity and disaster recovery objectives for virtual machines that host sales, finance, and reporting application in the company's on-premises data center.
*The finance application requires that data be retained for seven years. In the event of a disaster, the application must be able to run from Azure. The recovery in objective (RTO) is 10 minutes,
* The reporting application must be able to recover point in-time data al a daily granularity. The RTO is eight hours.
*The sales application must be able to fail over to second on-premises data center.
You need to recommend which Azure services meet the business community and disaster recovery objectives.
The solution must minimize costs.
What should you recommend for each application? To answer, drag the appropriate services to the correct application. Each service may be used owe. More than once not at an You may need to drag the spin bar between panes or scroll 10 view content.
Answer:
Explanation:
Explanation
1) Sales: Azure Site Recovery only
2) Finance: Azure Site Recovery and Azure Backup
3) Reporting: Azure Backup only
NEW QUESTION 43
A company named Contoso, Ltd- has an Azure Active Directory {Azure AD) tenant that uses the Basic license.
You plan to deploy two applications to Azure. The applications have the requirements shown in the following table.
Which authentication strategy should you recommend for each application? To answer, drag the appropriate authentication strategies to the correct applications. Each authentication strategy may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: Azure AD V2.0 endpoint
Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) developer platform. It allows developers to build applications that sign in all Microsoft identities and get tokens to call Microsoft APIs, such as Microsoft Graph, or APIs that developers have built. The Microsoft identity platform consists of:
OAuth 2.0 and OpenID Connect standard-compliant authentication service that enables developers to authenticate any Microsoft identity, including:
Work or school accounts (provisioned through Azure AD)
Personal Microsoft accounts (such as Skype, Xbox, and Outlook.com)
Social or local accounts (via Azure AD B2C)
Box 2: Azure AD B2C tenant
Azure Active Directory B2C provides business-to-customer identity as a service. Your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs.
Azure Active Directory B2C (Azure AD B2C) integrates directly with Azure Multi-Factor Authentication so that you can add a second layer of security to sign-up and sign-in experiences in your applications.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-mfa
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview
NEW QUESTION 44
Your network contains an on-premises Active Directory forest.
You discover that when users change jobs within your company, the membership of the user groups are not being updated. As a result, the users can access resources that are no longer relevant to their job.
You plan to integrate Active Directory and Azure Active Directory (Azure AD) by using Azure AD Connect.
You need to recommend a solution to ensure that group owners are emailed monthly about the group memberships they manage.
What should you include in the recommendation?
- A. Tenant Restrictions
- B. conditional access policies
- C. Azure AD access reviews
- D. Azure AD Identity Protection
Answer: C
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview
NEW QUESTION 45
You are planning an Azure solution that will host production databases for a high-performance application. The solution will include the following components:
Two virtual machines that will run Microsoft SQL Server 2016, will be deployed to different data centers in the same Azure region, and will be part of an Always On availability group.
SQL Server data that will be backed up by using the Automated Backup feature of the SQL Server IaaS Agent Extension (SQLIaaSExtension) You identify the storage priorities for various data types as shown in the following table.
Which storage type should you recommend for each data type? To answer, drag the appropriate storage types to the correct data types. Each storage type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 46
You need to recommend a solution for the data store of the historical transaction query system.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 47
You need to recommend a backup solution for the data store of the payment processing system.
What should you include in the recommendation?
- A. Azure Managed Disks
- B. Azure SQL long-term backup retention
- C. Microsoft System Center Data Protection Manager (DPM)
- D. Azure Backup Server
Answer: B
Explanation:
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-long-term-backup-retention-configure
NEW QUESTION 48
......
Authentic Best resources for AZ-304 Online Practice Exam: https://www.fast2test.com/AZ-304-premium-file.html