[Oct 22, 2021] Valid AZ-304 Test Answers & AZ-304 Exam PDF
Valid Azure Solutions Architect Expert AZ-304 Dumps Ensure Your Passing
Passing the AZ-304: Microsoft Azure Architect Design exam fulfills a part of the requirements for obtaining the Microsoft Certified: Azure Solutions Architect Expert certification. This test is aimed at the professionals with the expertise in the design and implementation of solutions that work on Microsoft Azure. These include the areas, such as compute, security, network, and storage. Microsoft AZ-304 is one of two exams that one must complete to get the mentioned certificate.
NEW QUESTION 124
You are reviewing the budget for Azure Storage as shown in the exhibit (Click the Exhibit tab.) All the virtual machines in the Azure subscription use Premium storage.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 125
You store web access logs data in Azure Blob storage.
You plan to generate monthly reports from the access logs.
You need to recommend an automated process to upload the data to Azure SQL Database every month.
What should you include in the recommendation?
- A. Data Migration Assistant
- B. Azure Data Factory
- C. Microsoft SQL Server Migration Assistant (SSMA)
- D. AzCopy
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-overview
NEW QUESTION 126
You plan to create an Azure environment that will contain a root management group and 10 child management groups. Each child management group will contain five Azure subscriptions. You plan to have between 10 and
30 resource groups in each subscription.
You need to design an Azure governance solution. The solution must meet the following requirements:
* Use Azure Blueprints to control governance across all the subscriptions and resource groups.
* Ensure that Blueprints-based configurations are consistent across all the subscriptions and resource groups.
* Minimize the number of blueprint definitions and assignments.
What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE:
Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: The root management group
When creating a blueprint definition, you'll define where the blueprint is saved. Blueprints can be saved to a management group or subscription that you have Contributor access to. If the location is a management group, the blueprint is available to assign to any child subscription of that management group.
Box 2: The root management group
Each directory is given a single top-level management group called the "Root" management group. This root management group is built into the hierarchy to have all management groups and subscriptions fold up to it.
This root management group allows for global policies and Azure role assignments to be applied at the directory level.
Each Published Version of a blueprint can be assigned to an existing management group or subscription.
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/overview
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
NEW QUESTION 127
You have a resource group named RG1 that contains the objects shown in the following table.
You need to configure permissions so that App1 can copy all the secrets from KV1 to KV2. App1 currently has the Get permission for the secrets in KV1.
Which additional permissions should you assign to App1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Graphical user interface, text, application Description automatically generated
Box 1: List
Get: Gets the specified Azure key vault.
List: The List operation gets information about the vaults associated with the subscription.
Box 2: Create
Create Or Update: Create or update a key vault in the specified subscription.
Reference:
https://docs.microsoft.com/en-us/rest/api/keyvault/
NEW QUESTION 128
You have a virtual machine scale set named SS1.
You configure autoscaling as shown in the following exhibit.
You configure the scale out and scale in rules to have a duration of 10 minutes and a cool down time of 10 minutes.
Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: 20 Minutes. 10 minutes cool down time after the last scale-up plus 10 minutes duration equals 20 minutes.
Box 2: 9 virtual machines. 30% does not match the scale in requirement of less than 25% so the number of virtual machines will not change.
NEW QUESTION 129
You have an Azure Storage account that contains the data shown in the following exhibit.
You need to identify which files can be accessed immediately from the storage account.
Which files should you identify?
- A. File1. bin only
- B. File1.bin File2.bin File3.bin
- C. File3.bin only
- D. File2.bin only
- E. File1.bin and File2.bin only
Answer: E
Explanation:
Hot - Optimized for storing data that is accessed frequently.
Cool - Optimized for storing data that is infrequently accessed and stored for at least 30 days.
Archive - Optimized for storing data that is rarely accessed and stored for at least 180 days with flexible latency requirements (on the order of hours).
Note: Lease state of the blob. Possible values: available|leased|expired|breaking|broken Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers
NEW QUESTION 130
You need to recommend a high-availability solution for the middle tier of the payment processing system.
What should you include in the recommendation?
- A. availability zones
- B. an availability set
- C. the Premium App Service plan
- D. the Isolated App Server plan
Answer: A
NEW QUESTION 131
Your company deploys several Linux and Windows virtual machines (VMs) to Azure. The VMs are deployed with the Microsoft Dependency Agent and the Log Analytics Agent installed by using Azure VM extensions.
On-premises connectivity has been enabled by using Azure ExpressRoute.
You need to design a solution to monitor the VMs.
Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Azure Traffic Analytics
Traffic Analytics is a cloud-based solution that provides visibility into user and application activity in cloud networks. Traffic analytics analyzes Network Watcher network security group (NSG) flow logs to provide insights into traffic flow in your Azure cloud. With traffic analytics, you can:
* Identify security threats to, and secure your network, with information such as open-ports, applications attempting internet access, and virtual machines (VM) connecting to rogue networks.
* Visualize network activity across your Azure subscriptions and identify hot spots.
* Understand traffic flow patterns across Azure regions and the internet to optimize your network deployment for performance and capacity.
* Pinpoint network misconfigurations leading to failed connections in your network.
Box 2: Azure Service Map
Service Map automatically discovers application components on Windows and Linux systems and maps the communication between services. With Service Map, you can view your servers in the way that you think of them: as interconnected systems that deliver critical services. Service Map shows connections between servers, processes, inbound and outbound connection latency, and ports across any TCP-connected architecture, with no configuration required other than the installation of an agent.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/service-map
NEW QUESTION 132
You need to recommend a disaster recovery solution for the back-end tier of the payment processing system.
What should you include in the recommendation?
- A. an auto-failover group
- B. Always On Failover Cluster Instances
- C. Azure Site Recovery
- D. active geo-replication
Answer: A
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auto-failover-group Scenario:
* The back-end data store is implemented as a Microsoft SQL Server 2014 database.
* If a data center fails, ensure that the payment processing system remains available without any administrative intervention.
Note: Auto-failover groups is a SQL Database feature that allows you to manage replication and failover of a group of databases on a SQL Database server or all databases in a managed instance to another region. It is a declarative abstraction on top of the existing active geo-replication feature, designed to simplify deployment and management of geo-replicated databases at scale.
Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auto-failover-group
NEW QUESTION 133
You need to recommend a solution for the user at Contoso to authenticate to the cloud-based sconces and the Azure AD-integrated application. What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 134
You plan to create an Azure environment that will contain a root management group and 10 child management groups. Each child management group will contain five Azure subscriptions. You plan to have between 10 and 30 resource groups in each subscription.
You need to design an Azure governance solution. The solution must meet the following requirements:
* Use Azure Blueprints to control governance across all the subscriptions and resource groups.
* Ensure that Blueprints-based configurations are consistent across all the subscriptions and resource groups.
* Minimize the number of blueprint definitions and assignments.
What should you include in the solution? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
Assign a blueprint After a blueprint has been published, it can be assigned to a subscription. Assign the blueprint that you created to one of the subscriptions under your management group hierarchy. If the blueprint is saved to a subscription, it can only be assigned to that subscription.
NEW QUESTION 135
You plan to deploy a network-intensive application to several Azure virtual machines.
You need to recommend a solution that meets the following requirements:
* Minimizes the use of the virtual machine processors to transfer data
* Minimizes network latency
Which virtual machine size and feature should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-hpc#h-series
NEW QUESTION 136
You are designing a software as a service (SaaS) application that will enable Azure Active Directory (Azure AD) users to create and publish surveys. The SaaS application will have a front-end web app and a back-end web API. The web app will rely on the web API to handle updates to customer surveys.
You need to design an authorization flow for the SaaS application. The solution must meet the following requirements:
To access the back-end web API, the web app must authenticate by using OAuth 2 bearer tokens.
The web app must authenticate by using the identities of individual users.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
References:
https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-dotnet-webapi
NEW QUESTION 137
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use Azure Network Watcher to run IP flow verify to analyze the network traffic Does the solution meet the goal?
- A. No
- B. Yes
Answer: B
NEW QUESTION 138
You have an application that sends events to an Azure event hub by using HTTP requests over the internet.
You plan to increase the number of application instances.
You need to recommend a solution to reduce the overhead associated with sending events to the hub.
What should you recommend?
- A. Replace the event hub with an Azure Service Bus instance.
- B. Configure the application to send events by using the AMQP protocol
- C. Reduce the retention period of the event hub.
- D. Configure the application to send events by using the HTTPS protocol.
Answer: B
Explanation:
Explanation
Compared to HTTP, AMQP is easy to scale.
Note: Facts pro-AMQP
Delivering messages with AMQP gives you reliability and being asynchronous allows you to not worry about the delivery at all.
Reference:
https://dev.to/fedejsoren/amqp-vs-http
NEW QUESTION 139
You are designing an order processing system in Azure that will contain the Azure resources shown in the following table.
Which type of resource should you recommend for the integration component?
- A. an Azure Event Hubs capture
- B. an Azure Data Factory pipeline
- C. an Azure Event Grid domain
- D. an Azure Service Bus queue
Answer: B
Explanation:
A data factory can have one or more pipelines. A pipeline is a logical grouping of activities that together perform a task.
The activities in a pipeline define actions to perform on your data.
Data Factory has three groupings of activities: data movement activities, data transformation activities, and control activities.
Azure Functions is now integrated with Azure Data Factory, allowing you to run an Azure function as a step in your data factory pipelines.
Reference:
https://docs.microsoft.com/en-us/azure/data-factory/concepts-pipelines-activities
NEW QUESTION 140
You have an Azure subscription that contains a custom application named Application was developed by an external company named fabric, Ltd. Developers at Fabrikam were assigned role-based access control (RBAV) permissions to the Application components. All users are licensed for the Microsoft 365 E5 plan.
You need to recommends a solution to verify whether the Faricak developers still require permissions to Application1. The solution must the following requirements.
* To the manager of the developers, send a monthly email message that lists the access permissions to Application1.
* If the manager does not verify access permission, automatically revoke that permission.
* Minimize development effort.
What should you recommend?
- A. Create an Azure Automation runbook that runs the Get-AzureRmRoleAssignment cmdlet
- B. In Azure Active Directory (AD) Privileged Identity Management, create a custom role assignment for the Application1 resources
- C. In Azure Active Directory (Azure AD), create an access review of Application1
- D. Create an Azure Automation runbook that runs the Get-AzureADUserAppRoleAssignment cmdlet
Answer: C
NEW QUESTION 141
You are reviewing the budget for Azure Storage as shown in the exhibit (Click the Exhibit tab.) All the virtual machines in the Azure subscription use Premium storage.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 142
You have an Azure subscription that contains the resources shown in the following table.
You need to archive the diagnostic data for VNET1 for 365 days. The solution must minimize costs.
Where should you archive the data?
- A. Workspace1
- B. storage1
- C. storage2
Answer: B
Explanation:
Note: The workspace is the top-level resource for Azure Machine Learning, providing a centralized place to work with all the artifacts you create when you use Azure Machine Learning.
Reference:
https://docs.microsoft.com/en-us/azure/machine-learning/concept-workspace
NEW QUESTION 143
......
Design Business Continuity: 10-15%
- Design solutions for backup and recovery: this requires that the learners know how to recommend recovery solutions for on-premise and Azure hybrid workloads that fulfill recovery objects; design Azure Site Recovery solutions; recommend solutions for recovery in various regions; recommend solutions for the management of Azure Backup; design solutions for data retention and archiving.
- Design for high availability: the candidates should be able to recommend solutions for workload and application redundancy, including storage, database, and compute; recommend solutions for auto-scaling; recommend solutions for geo-redundancy in workloads; identity types of storage for high availability and resources that need high availability.
AZ-304 Dumps Real Exam Questions Test Engine Dumps Training: https://www.lead1pass.com/Microsoft/AZ-304-practice-exam-dumps.html