2024 Realistic AZ-204 Dumps Questions To Gain Brilliant Result
Start your AZ-204 Exam Questions Preparation with Updated 385 Questions
To be eligible for the AZ-204 certification exam, candidates should have a strong understanding of Azure services and experience in developing cloud-based solutions. AZ-204 exam covers a range of topics such as Azure compute services, Azure storage services, Azure security services, and Azure integration services. Candidates should be familiar with programming languages such as C#, JavaScript, and Azure SDKs.
NEW QUESTION # 26
You are configuring a development environment for your team. You deploy the latest Visual Studio image from the Azure Marketplace to your Azure subscription.
The development environment requires several software development kits (SDKs) and third-party components to support application development across the organization. You install and customize the deployed virtual machine (VM) for your development team. The customized VM must be saved to allow provisioning of a new team member development environment.
You need to save the customized VM for future provisioning.
Which tools or services should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Azure Powershell
Creating an image directly from the VM ensures that the image includes all of the disks associated with the VM, including the OS disk and any data disks.
Before you begin, make sure that you have the latest version of the Azure PowerShell module.
You use Sysprep to generalize the virtual machine, then use Azure PowerShell to create the image.
Box 2: Azure Blob Storage
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/capture-image-resource#create-an-image-of-a
NEW QUESTION # 27
You are debugging an application that is running on Azure Kubernetes cluster named cluster1. The cluster uses Azure Monitor for containers to monitor the cluster.
The application has sticky sessions enabled on the ingress controller.
Some customers report a large number of errors in the application over the last 24 hours.
You need to determine on which virtual machines (VMs) the errors are occurring.
How should you complete the Azure Monitor query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: ago(1d)
Box 2: distinct containerID
Box 3: where ContainerID in (ContainerIDs)
Box 4: summarize Count by Computer
Summarize: aggregate groups of rows
Use summarize to identify groups of records, according to one or more columns, and apply aggregations to them. The most common use of summarize is count, which returns the number of results in each group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-queries
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/query-optimization
NEW QUESTION # 28
A company uses Azure SQL Database to store data for an app. The data includes sensitive information.
You need to implement measures that allow only members of the managers group to see sensitive information.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Option E
- B. Option C
- C. Option B
- D. Option D
- E. Option A
Answer: A,C
Explanation:
Explanation
Dynamic data masking helps prevent unauthorized access to sensitive data by enabling customers to designate how much of the sensitive data to reveal with minimal impact on the application layer.
SQL users excluded from masking - A set of SQL users or AAD identities that get unmasked data in the SQL query results.
Note: The New-AzureRmSqlDatabaseDataMaskingRule cmdlet creates a data masking rule for an Azure SQL database.
References:
https://docs.microsoft.com/en-us/powershell/module/azurerm.sql/new-azurermsqldatabasedatamaskingrule?view
NEW QUESTION # 29
You are developing an application to use Azure Blob storage. You have configured Azure Blob storage to include change feeds.
A copy of your storage account must be created in another region. Data must be copied from the current storage account to the new storage account directly between the storage servers.
You need to create a copy of the storage account in another region and copy the data.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-move?tabs=azure-portal#modify-the-te
NEW QUESTION # 30
You develop a containerized application. You plan to deploy the application to a new Azure Container instance by using a third-party continuous integration and continuous delivery (CI/CD) utility.
The deployment must be unattended and include all application assets. The third-party utility must only be able to push and pull images from the registry. The authentication must be managed by Azure Active Directory (Azure AD). The solution must use the principle of least privilege.
You need to ensure that the third-party utility can access the registry.
Which authentication options should you use? To answer, select the appropriate options in the answer area.
NOTE:Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Graphical user interface, text, application, table Description automatically generated
Box 1: Service principal
Applications and container orchestrators can perform unattended, or "headless," authentication by using an Azure Active Directory (Azure AD) service principal.
Box 2: AcrPush
AcrPush provides pull/push permissions only and meets the principle of least privilege.
Reference:
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-roles?tabs=azure-cli
NEW QUESTION # 31
You develop an application. You plan to host the application on a set of virtual machines (VMs) in Azure.
You need to configure Azure Monitor to collect logs from the application.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
Graphical user interface, text, application Description automatically generated
Step 1: Create a Log Analytics workspace.
First create the workspace.
Step 2: Add a VMInsights solution.
Before a Log Analytics workspace can be used with VM insights, it must have the VMInsights solution installed.
Step 3: Install agents on the VM and VM scale set to be monitored.
Prior to onboarding agents, you must create and configure a workspace. Install or update the Application Insights Agent as an extension for Azure virtual machines and VM scalet sets.
Step 4: Create an Application Insights resource
Sign in to the Azure portal, and create an Application Insights resource.
Graphical user interface, application, Word Description automatically generated
Once a workspace-based Application Insights resource has been created, configuring monitoring is relatively straightforward.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/vm/vminsights-configure-workspace
https://docs.microsoft.com/en-us/azure/azure-monitor/app/create-workspace-resource
NEW QUESTION # 32
The solution must receive and store messages until they can be processed. You create an Azure Service Bus instance by providing a name, pricing tier, subscription, resource group, and location.
You need to complete the configuration.
Which Azure CLI or PowerShell command should you run?
- A.
- B.
- C.
- D.
Answer: C
NEW QUESTION # 33
You are developing an application. You have an Azure user account that has access to two subscriptions.
You need to retrieve a storage account key secret from Azure Key Vault.
In which order should you arrange the PowerShell commands to develop the solution? To answer, move all commands from the list of commands to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
Step 1: Get-AzSubscription
If you have multiple subscriptions, you might have to specify the one that was used to create your key vault.
Enter the following to see the subscriptions for your account:
Get-AzSubscription
Step 2: Set-AzContext -SubscriptionId
To specify the subscription that's associated with the key vault you'll be logging, enter:
Set-AzContext -SubscriptionId <subscriptionID>
Step 3: Get-AzStorageAccountKey
You must get that storage account key.
Step 4: $secretvalue = ConvertTo-SecureString <storageAccountKey> -AsPlainText -Force Set-AzKeyVaultSecret -VaultName <vaultName> -Name <secretName> -SecretValue $secretvalue After retrieving your secret (in this case, your storage account key), you must convert that key to a secure string, and then create a secret with that value in your key vault.
Step 5: Get-AzKeyVaultSecret
Next, get the URI for the secret you created. You'll need this URI in a later step to call the key vault and retrieve your secret. Run the following PowerShell command and make note of the ID value, which is the secret's URI:
Get-AzKeyVaultSecret -VaultName <vaultName>
Reference:
https://docs.microsoft.com/bs-latn-ba/Azure/key-vault/key-vault-key-rotation-log-monitoring
NEW QUESTION # 34
You are creating a script that will run a large workload on an Azure Batch pool. Resources will be reused and do not need to be cleaned up after use.
You have the following parameters:
You need to write an Azure CLI script that will create the jobs, tasks, and the pool.
In which order should you arrange the commands to develop the solution? To answer, move the appropriate commands from the list of command segments to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
Step 1: az batch pool create
# Create a new Linux pool with a virtual machine configuration.
az batch pool create \
--id mypool \
--vm-size Standard_A1 \
--target-dedicated 2 \
--image canonical:ubuntuserver:16.04-LTS \
--node-agent-sku-id "batch.node.ubuntu 16.04"
Step 2: az batch job create
# Create a new job to encapsulate the tasks that are added.
az batch job create \
--id myjob \
--pool-id mypool
Step 3: az batch task create
# Add tasks to the job. Here the task is a basic shell command.
az batch task create \
--job-id myjob \
--task-id task1 \
--command-line "/bin/bash -c 'printenv AZ_BATCH_TASK_WORKING_DIR'"
Step 4: for i in {1..$numberOfJobs} do
References:
https://docs.microsoft.com/bs-latn-ba/azure/batch/scripts/batch-cli-sample-run-job
NEW QUESTION # 35
You need to authenticate the user to the corporate website as indicated by the architectural diagram.
Which two values should you use? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Azure AD tenant ID
- B. ID token signature
- C. ID token claims
- D. Azure AD endpoint URI
- E. HTTP response code
Answer: B,D
Explanation:
A: Claims in access tokens
JWTs (JSON Web Tokens) are split into three pieces:
* Header - Provides information about how to validate the token including information about the type of token and how it was signed.
* Payload - Contains all of the important data about the user or app that is attempting to call your service.
* Signature - Is the raw material used to validate the token.
E: Your client can get an access token from either the v1.0 endpoint or the v2.0 endpoint using a variety of protocols.
Scenario: User authentication (see step 5 below)
The following steps detail the user authentication process:
1. The user selects Sign in in the website.
2. The browser redirects the user to the Azure Active Directory (Azure AD) sign in page.
3. The user signs in.
4. Azure AD redirects the user's session back to the web application. The URL includes an access token.
5. The web application calls an API and includes the access token in the authentication header. The application ID is sent as the audience ('aud') claim in the access token.
6. The back-end API validates the access token.
Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies Implement Azure security Testlet 3 Case study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam.
You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Background
You are a developer for Litware Inc., a SaaS company that provides a solution for managing employee expenses. The solution consists of an ASP.NET Core Web API project that is deployed as an Azure Web App.
Overall architecture
Employees upload receipts for the system to process. When processing is complete, the employee receives a summary report email that details the processing results. Employees then use a web application to manage their receipts and perform any additional tasks needed for reimbursement.
Receipt processing
Employees may upload receipts in two ways:
* Uploading using an Azure Files mounted folder
* Uploading using the web application
Data Storage
Receipt and employee information is stored in an Azure SQL database.
Documentation
Employees are provided with a getting started document when they first use the solution. The documentation includes details on supported operating systems for Azure File upload, and instructions on how to configure the mounted folder.
Solution details
Users table
Web Application
You enable MSI for the Web App and configure the Web App to use the security principal name WebAppIdentity.
Processing
Processing is performed by an Azure Function that uses version 2 of the Azure Function runtime. Once processing is completed, results are stored in Azure Blob Storage and an Azure SQL database. Then, an email summary is sent to the user with a link to the processing report. The link to the report must remain valid if the email is forwarded to another user.
Logging
Azure Application Insights is used for telemetry and logging in both the processor and the web application. The processor also has TraceWriter logging enabled. Application Insights must always contain all log messages.
Requirements
Receipt processing
Concurrent processing of a receipt must be prevented.
Disaster recovery
Regional outage must not impact application availability. All DR operations must not be dependent on application running and must ensure that data in the DR region is up to date.
Security
* User's SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins.
* All certificates and secrets used to secure data must be stored in Azure Key Vault.
* You must adhere to the principle of least privilege and provide privileges which are essential to perform the intended function.
* All access to Azure Storage and Azure SQL database must use the application's Managed Service Identity (MSI).
* Receipt data must always be encrypted at rest.
* All data must be protected in transit.
* User's expense account number must be visible only to logged in users. All other views of the expense account number should include only the last segment, with the remaining parts obscured.
* In the case of a security breach, access to all summary reports must be revoked without impacting other parts of the system.
Issues
Upload format issue
Employees occasionally report an issue with uploading a receipt using the web application. They report that when they upload a receipt using the Azure File Share, the receipt does not appear in their profile. When this occurs, they delete the file in the file share and use the web application, which returns a 500 Internal Server error page.
Capacity issue
During busy periods, employees report long delays between the time they upload the receipt and when it appears in the web application.
Log capacity issue
Developers report that the number of log messages in the trace output for the processor is too high, resulting in lost log messages.
Application code
Processing.cs
Database.cs
ReceiptUploader.cs
ConfigureSSE.ps1
NEW QUESTION # 36
You develop an application. You plan to host the application on a set of virtual machines (VMs) in Azure.
You need to configure Azure Monitor to collect logs from the application.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/vm/vminsights-configure-workspace
https://docs.microsoft.com/en-us/azure/azure-monitor/app/create-workspace-resource
NEW QUESTION # 37
You are developing a web application that makes calls to the Microsoft Graph API. You register the application in the Azure portal and upload a valid X509 certificate.
You create an appsettings.json file containing the certificate name, client identifier for the application, and the tenant identifier of the Azure active Directory (Azure AD). You create a method named ReadCertificate to return the X509 certificate by name.
You need to implement code that acquires a token by using the certificate.
How should you complete the code segment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-app-configuration?tabs=dotnet#instantiate-the-confidential-client-application-with-a-client-certificate
https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-acquire-token?tabs=dotnet#acquiretokenforclient-api
NEW QUESTION # 38
You are developing an application that uses Azure Storage to store customer data. The data must only be decrypted by the customer and the customer must be provided a script to rotate keys.
You need to provide a script to rotate keys to the customer.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 39
You develop an Azure solution that uses Cosmos DB.
The current Cosmos DB container must be replicated and must use a partition key that is optimized for queries.
You need to implement a change feed processor solution.
Which change feed processor components should you use? To answer, drag the appropriate components to the correct requirements. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view the content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/change-feed-processor
NEW QUESTION # 40
A company is implementing a publish-subscribe (Pub/Sub) messaging component by using Azure Service Bus.
You are developing the first subscription application.
In the Azure portal you see that messages are being sent to the subscription for each topic. You create and initialize a subscription client object by supplying the correct details, but the subscription application is still not consuming the messages.
You need to ensure that the subscription client processes all messages.
Which code segment should you use?
await subscriptionClient.AddRuleAsync(new RuleDescription
- A. TopicName, SubscriptionName);
await subscriptionClient.CloseAsync(); - B. messageHandlerOptions);
- C. (RuleDescription.DefaultRuleName, new TrueFilter()));
subscriptionClient = new SubscriptionClient(ServiceBusConnectionString, - D. subscriptionClient.RegisterMessageHandler(ProcessMessagesAsync,
Answer: B
Explanation:
Using topic client, call RegisterMessageHandler which is used to receive messages continuously from the entity. It registers a message handler and begins a new thread to receive messages. This handler is waited on every time a new message is received by the receiver.
subscriptionClient.RegisterMessageHandler(ReceiveMessagesAsync, messageHandlerOptions); Reference:
https://www.c-sharpcorner.com/article/azure-service-bus-topic-and-subscription-pub-sub/
NEW QUESTION # 41
You are authoring a set of nested Azure Resource Manager templates to deploy Azure resources. You author an Azure Resource Manager template named mainTempIate.json that contains the following linked templates:
linkedTemplatel.json, linkedTemplate2json.
You add parameters to a parameters template file named mainTemplate.parameters.json. You save all templates on a local device in the C:\templates\ folder.
You have the following requirements:
* Store the templates in Azure for later deployment.
* Enable versioning of the templates.
* Manage access to the templates by using Azure RBAC
You need to store the templates in Azure.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION # 42
You are creating an app that uses Event Grid to connect with other services. Your app's event data will be sent to a serverless function that checks compliance. This function is maintained by your company.
You write a new event subscription at the scope of your resource. The event must be invalidated after 3 specific period of time. You need to configure Event Grid to ensure security.
What should you implement? To answer, select the appropriate options in [he answer area.
NOTE: Each correct selection is worth one point
Answer:
Explanation:
Explanation
Box 1: SAS tokens
Custom topics use either Shared Access Signature (SAS) or key authentication. Microsoft recommends SAS, but key authentication provides simple programming, and is compatible with many existing webhook publishers.
In this case we need the expiration time provided by SAS tokens.
Box 2: ValidationCode handshake
Event Grid supports two ways of validating the subscription: ValidationCode handshake (programmatic) and ValidationURL handshake (manual).
If you control the source code for your endpoint, this method is recommended.
NEW QUESTION # 43
You need to add code at line EG15 in EventGridController.cs to ensure that the Log policy applies to all services.
How should you complete the code? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations
NEW QUESTION # 44
You need to implement telemetry for non-user actions.
How should you complete the Filter class? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE:Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Scenario: Exclude non-user actions from Application Insights telemetry.
Box 1: ITelemetryProcessor
To create a filter, implement ITelemetryProcessor. This technique gives you more direct control over what is included or excluded from the telemetry stream.
Box 2: ITelemetryProcessor
Box 3: ITelemetryProcessor
Box 4: RequestTelemetry
Box 5: /health
To filter out an item, just terminate the chain.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/app/api-filtering-sampling
NEW QUESTION # 45
......
Most Suitable Candidates
The ideal candidate for AZ-204 test should have some experience with Microsoft Azure as well as 1 to 2 years of development experience. It will also be helpful if you are knowledgeable in APIs, Azure SDKs, PowerShell, Azure CLI, debugging, and app authentication as well as authorization.
Besides, this Azure Developer Associate certification is also appropriate for applicants who take part in all stages of cloud development: defining and designing requirements, maintenance, deployment, as well as monitoring, and performance tuning.
Easy Success Microsoft AZ-204 Exam in First Try: https://www.lead1pass.com/Microsoft/AZ-204-practice-exam-dumps.html
A Fully Updated AZ-204 Exam Dumps - PDF Questions and Testing Engine: https://drive.google.com/open?id=1T_w4VKQZDBNWoqd1Yn-C-2pgT4a4ZhU_