Top Tips Of Up To The Minute AZ-304 Testing Material

NEW QUESTION 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named Storage1. You plan to archive data to Storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create a file share, and you configure an access policy. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Instead of a file share, an immutable Blob storage is required.
Time-based retention policy support: Users can set policies to store data for a specified interval. When a time-based retention policy is set, blobs can be created and read, but not modified or deleted. After the retention period has expired, blobs can be deleted but not overwritten.
Note: Set retention policies and legal holds
* 1. Create a new container or select an existing container to store the blobs that need to be kept in the immutable state. The container must be in a general-purpose v2 or Blob storage account.
* 2. Select Access policy in the container settings. Then select Add policy under Immutable blob storage.
* 3. To enable time-based retention, select Time-based retention from the drop-down menu.
* 4. Enter the retention interval in days (acceptable values are 1 to 146000 days). References:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutability-policies-manage

NEW QUESTION 2

You are designing an Azure resource deployment that will use Azure Resource Manager templates. The deployment will use Azure Key Vault to store secrets.
You need to recommend a solution to meet the following requirements:
Prevent the IT staff that will perform the deployment from retrieving the secrets directly from Key Vault. Use the principle of least privilege.
Which two actions should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. Create a Key Vault access policy that allows all get key permissions, get secret permissions, and get certificate permissions.
• B. From Access policies in Key Vault, enable access to the Azure Resource Manager for template deployment.
• C. Create a Key Vault access policy that allows all list key permissions, list secret permissions, and list certificate permissions.
• D. Assign the IT staff a custom role that includes the Microsoft.KeyVault/Vaults/Deploy/Action permission.
• E. Assign the Key Vault Contributor role to the IT staff.

Answer: BD

Explanation:
B: To access a key vault during template deployment, set enabledForTemplateDeployment on the key vault to true.
D: The user who deploys the template must have the Microsoft.KeyVault/vaults/deploy/action permission for the scope of the resource group and key vault.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/key-vault-parameter https://docs.microsoft.com/en-us/azure/key-vault/general/overview-security

NEW QUESTION 3

You need to design a solution for securing access to the historical transaction data.
What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 4

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named Storage1. You plan to archive data to Storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create a file share and snapshots. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Instead you could create an Azure Blob storage container, and you configure a legal hold access policy. References:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage

NEW QUESTION 5

To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: 2
The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.
Box 2: 1
Box 3: 1
Scenario:
Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.
Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials. All administrative access to the Azure portal must be secured by using multi-factor authentication.
Note:
Users must always authenticate by using their corp.fabrikam.com UPN identity.
The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.
Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication.
Rd.fabrikam.com is used by the research and development (R&D) department only.

NEW QUESTION 6

You need to recommend a backup solution for the data store of the payment processing. What should you include in the recommendation?

• A. Microsoft System Center Data Protection Manager (DPM)
• B. long-term retention
• C. a Recovery Services vault
• D. Azure Backup Server

Answer: B

Explanation:

References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-long-term-backup-retention-configure

NEW QUESTION 7

You need to recommend a backup solution for the data store of the payment processing system.
What should you include in the recommendation?

• A. Microsoft System Center Data Protection Manager (DPM)
• B. Azure Backup Server
• C. Azure SQL long-term backup retention
• D. Azure Managed Disks

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-long-term-backup-retention-configure

NEW QUESTION 8

You are designing an order processing system in Azure that will contain the Azure resources shown in the following table.

The order processing system will have the following transaction flow:
A customer will place an order by using App1.
When the order is received, App1 will generate a message to check for product availability at vendor 1 and vendor 2.
An integration component will process the message, and then trigger either Function1 or Function2 depending on the type of order.
Once a vendor confirms the product availability, a status message for App1 will be generated by Function1 or Function2.
All the steps of the transaction will be logged to storage1.
Which type of resource should you recommend for the integration component? D18912E1457D5D1DDCBD40AB3BF70D5D
Which type of resource should you recommend for the integration component?

• A. an Azure Data Factory pipeline
• B. an Azure Service Bus queue
• C. an Azure Event Grid domain
• D. an Azure Event Hubs capture

Answer: A

Explanation:
A data factory can have one or more pipelines. A pipeline is a logical grouping of activities that together perform a task.
The activities in a pipeline define actions to perform on your data.
Data Factory has three groupings of activities: data movement activities, data transformation activities, and control activities.
Azure Functions is now integrated with Azure Data Factory, allowing you to run an Azure function as a step in your data factory pipelines.
Reference:
https://docs.microsoft.com/en-us/azure/data-factory/concepts-pipelines-activities

NEW QUESTION 9

You need to recommend a solution for protecting the content of the back-end tier of the payment processing system.
What should you include in the recommendations?

• A. Always Encrypted with deterministic encryption
• B. Transparent Date Encryption (TDE)
• C. Azure Storage Service Encryption
• D. Always Encrypted with randomized encryption

Answer: A

NEW QUESTION 10

What should you include in the identity management strategy to support the planned changes?

• A. Move all the domain controllers from corp.fabrikam.com to virtual networks in Azure.
• B. Deploy domain controllers for corp.fabrikam.com to virtual networks in Azure.
• C. Deploy a new Azure AD tenant for the authentication of new R&D projects.
• D. Deploy domain controllers for the rd.fabrikam.com forest to virtual networks in Azure.

Answer: B

Explanation:
Directory synchronization between Azure Active Directory (Azure AD) and corp.fabrikam.com must not be affected by a link failure between Azure and the on-premises network. (This requires domain controllers in Azure)
Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails. (This requires domain controllers on-premises)

NEW QUESTION 11

You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant. The subscription contains 10 resource groups, one for each department at your company. Each department has a specific spending limit for its Azure resources.
You need to ensure that when a department reaches its spending limit, the compute resources of the department shut down automatically.
Which two features should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. Azure Logic Apps
• B. Azure Monitor alerts
• C. the spending limit of an Azure account
• D. Cost Management budgets
• E. Azure Log Analytics alerts

Answer: CD

Explanation:
C: The spending limit in Azure prevents spending over your credit amount. All new customers who sign up for an Azure free account or subscription types that include credits over multiple months have the spending limit turned on by default. The spending limit is equal to the amount of credit and it can’t be changed.
D: Turn on the spending limit after removing
This feature is available only when the spending limit has been removed indefinitely for subscription types that include credits over multiple months. You can use this feature to turn on your spending limit automatically at the start of the next billing period.
Sign in to the Azure portal as the Account Administrator.
Search for Cost Management + Billing.
Etc.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/spending-limit

NEW QUESTION 12

You need to recommend a strategy for migrating the database content of WebApp1 to Azure. What should you include in the recommendation?

• A. Use Azure Site Recovery to replicate the SQL servers to Azure.
• B. Use SQL Server transactional replication.
• C. Copy the BACPAC file that contains the Azure SQL database file to Azure Blob storage.
• D. Copy the VHD that contains the Azure SQL database files to Azure Blob storage

Answer: D

Explanation:
Before you upload a Windows virtual machine (VM) from on-premises to Azure, you must prepare the virtual hard disk (VHD or VHDX).
Scenario: WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2021. The web tier and the database tier are deployed to virtual machines that run on Hyper-V. Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhd-image

NEW QUESTION 13

You have 100 servers that run Windows Server 2012 R2 and host Microsoft SQL Server 2012 R2 instances. The instances host databases that have the following characteristics:
The largest database is currently 3 TB. None of the databases will ever exceed 4 TB.
Stored procedures are implemented by using CLR.
You plan to move all the data from SQL Server to Azure.
You need to recommend an Azure service to host the databases. The solution must meet the following requirements:
Whenever possible, minimize management overhead for the migrated databases.
Minimize the number of database changes required to facilitate the migration.
Ensure that users can authenticate by using their Active Directory credentials.
What should you include in the recommendation?

• A. Azure SQL Database single databases
• B. Azure SQL Database Managed Instance
• C. Azure SQL Database elastic pools
• D. SQL Server 2021 on Azure virtual machines

Answer: B

Explanation:
References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance

NEW QUESTION 14

You have an Azure Active Directory (Azure AD) tenant.
You plan to deploy Azure Cosmos DB databases that will use the SQL API.
You need to recommend a solution to provide specific Azure AD user accounts with read access to the Cosmos DB databases.
What should you include in the recommendation?

• A. a resource token and an Access control (IAM) role assignment
• B. shared access signatures (SAS) and conditional access policies
• C. master keys and Azure Information Protection policies
• D. certificates and Azure Key Vault

Answer: A

Explanation:
The Access control (IAM) pane in the Azure portal is used to configure role-based access control on Azure Cosmos resources. The roles are applied to users, groups, service principals, and managed identities in Active Directory. You can use built-in roles or custom roles for individuals and groups. The following screenshot shows Active Directory integration (RBAC) using access control (IAM) in the Azure portal:

Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/role-based-access-control

NEW QUESTION 15

You have an existing implementation of Microsoft SQL Server Integration Services (SSIS) packages stored in an SSISDB catalog on your on-premises network. The on-premises network does not have hybrid connectivity to Azure by using Site-to-Site VPN or ExpressRoute.
You want to migrate the packages to Azure Data Factory.
You need to recommend a solution that facilitates the migration while minimizing changes to the existing packages. The solution must minimize costs.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Azure SQL database
You can't create the SSISDB Catalog database on Azure SQL Database at this time independently of creating the Azure-SSIS Integration Runtime in Azure Data Factory. The Azure-SSIS IR is the runtime environment that runs SSIS packages on Azure.
Box 2: Azure-SQL Server Integration Service Integration Runtime and self-hosted integration runtime The Integration Runtime (IR) is the compute infrastructure used by Azure Data Factory to provide data
integration capabilities across different network environments. Azure-SSIS Integration Runtime (IR) in Azure Data Factory (ADF) supports running SSIS packages.
Self-hosted integration runtime can be used for data movement in this scenario. Reference:
https://docs.microsoft.com/en-us/azure/data-factory/create-azure-integration-runtime https://docs.microsoft.com/en-us/sql/integration-services/lift-shift/ssis-azure-connect-to-catalog-database

NEW QUESTION 16

You architect a solution that calculates 3D geometry from height-map data. You have the following requirements:
Perform calculations in Azure.
Each node must communicate data to every other node.
Maximize the number of nodes to calculate multiple scenes as fast as possible. Require the least amount of effort to implement.
You need to recommend a solution.
Which two actions should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Create a render farm that uses Azure Batch.
• B. Enable parallel file systems on Azure.
• C. Enable parallel task execution on compute nodes.
• D. Create a render farm that uses virtual machine (VM) scale sets.
• E. Create a render farm that uses virtual machines (VMs).

Answer: AC

NEW QUESTION 17

You are evaluating the components of the migration to Azure that require you to provision an Azure Storage account.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 18

You have an Azure App Service Web App that includes Azure Blob storage and an Azure SQL Database instance. The application is instrumented by using the Application Insights SDK.
You need to design a monitoring solution for the web app.
Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
* 1. Azure Monitor Log
* 2. Azure Application Insights (application map in App insights)
* 3. Azure Application Insights
* 4. Azure Application insights
https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-map?tabs=net https://docs.microsoft.com/en-us/azure/azure-monitor/insights/service-map

NEW QUESTION 19

You need to recommend a solution to meet the database retention requirement. What should you recommend?

• A. Configure a long-term retention policy for the database.
• B. Configure Azure Site Recovery.
• C. Configure geo replication of the database.
• D. Use automatic Azure SQL Database backups.

Answer: A

NEW QUESTION 20

You have an Azure subscription that contains 100 virtual machines.
You plan to design a data protection strategy to encrypt the virtual disks.
You need to recommend a solution to encrypt the disks by using Azure Disk Encryption. The solution must provide the ability to encrypt operating system disks and data disks.
What should you include in the recommendation?

• A. a passphrase
• B. a certificate
• C. a key
• D. a secret

Answer: C

Explanation:
For enhanced virtual machine (VM) security and compliance, virtual disks in Azure can be encrypted. Disks are encrypted by using cryptographic keys that are secured in an Azure Key Vault. You control these cryptographic keys and can audit their use.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/encrypt-disks

NEW QUESTION 21

You have an on-premises network to which you deploy a virtual appliance.
You plan to deploy several Azure virtual machines and connect the on-premises network to Azure by using a Site-to-Site connection.
All network traffic that will be directed from the Azure virtual machines to a specific subnet must flow through the virtual appliance.
You need to recommend solutions to manage network traffic.
Which two options should you recommend? Each correct answer presents a complete solution.

• A. Configure Azure Traffic Manager.
• B. Implement an Azure virtual network.
• C. Implement Azure ExpressRoute.
• D. Configure a routing table.

Answer: CD

Explanation:
Connectivity can be from an any-to-any (IP VPN) network, a point-to-point Ethernet network, or a virtual cross-connection through a connectivity provider at a co-location facility. ExpressRoute connections do not go over the public Internet. This allows ExpressRoute connections to offer more reliability, faster speeds, lower latencies, and higher security than typical connections over the Internet.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction

NEW QUESTION 22

You need to recommend a solution for data of the historical transaction query system.
What should you include in the recommendation? To answer, Select the appropriate or options in the answer area.
NOTE: Each correct selection is worth one point

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 23
......