Download Microsoft Azure Architect Design.ExamCollection.AZ-304.2021-05-05.5e.122q.vcex

Download Exam

File Info

Exam Microsoft Azure Architect Design
Number AZ-304
File Name Microsoft Azure Architect Design.ExamCollection.AZ-304.2021-05-05.5e.122q.vcex
Size 7.39 Mb
Posted May 05, 2021
Downloads 62

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Purchase
Coupon: EXAM_HUB

Discount: 20%

 
 



Demo Questions

Question 1
You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager resource deployments in your subscription. 
What should you include in the recommendation?

  • A: the Change Tracking management solution
  • B: Application Insights
  • C: Azure Monitor action groups
  • D: Azure Activity Log



Question 2
You have an on-premises Hyper-V cluster. The cluster contains Hyper-V hosts that run Windows Server 2016 Datacenter. The hosts are licensed under a Microsoft Enterprise Agreement that has Software Assurance. 
The Hyper-V cluster contains 30 virtual machines that run Windows Server 2012 R2. Each virtual machine runs a different workload. The workloads have predictable consumption patterns. 
You plan to replace the virtual machines with Azure virtual machines that run Windows Server 2016. The virtual machines will be sized according to the consumption pattern of each workload. 
You need to recommend a solution to minimize the compute costs of the Azure virtual machines. 
Which two recommendations should you include in the solution? Each correct answer presents part of the solution. 
NOTE: Each correct selection is worth one point.

  • A: Configure a spending limit in the Azure account center.
  • B: Create a virtual machine scale set that uses autoscaling.
  • C: Activate Azure Hybrid Benefit for the Azure virtual machines.
  • D: Purchase Azure Reserved Virtual Machine Instances for the Azure virtual machines.
  • E: Create a lab in Azure DevTest Labs and place the Azure virtual machines in the lab.



Question 3
You have an Azure subscription that contains the SQL servers on Azure shown in the following table. 

         

The subscription contains the storage accounts shown in the following table. 

         

You create the Azure SQL databases shown in the following table. 

         

For each of the following statements, select Yes if the statement is true. Otherwise, select No. 
NOTE: Each correct selection is worth one point.




Question 4
You deploy several Azure SQL Database instances. 
You plan to configure the Diagnostics settings on the databases as shown in the following exhibit. 

         

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. 
NOTE: Each correct selection is worth one point.




Question 5
You have an Azure Active Directory (Azure AD) tenant and Windows 10 devices. 
You configure a conditional access policy as shown in the exhibit. (Click the Exhibit tab.) 

    
 
What is the result of the policy?

  • A: All users will always be prompted for multi-factor authentication (MFA).
  • B: Users will be prompted for multi-factor authentication (MFA) only when they sign in from devices that are NOT joined to Azure AD.
  • C: All users will be able to sign in without using multi-factor authentication (MFA).
  • D: Users will be prompted for multi-factor authentication (MFA) only when they sign in from devices that are joined to Azure AD.



Question 6
You are designing an Azure resource deployment that will use Azure Resource Manager templates. The deployment will use Azure Key Vault to store secrets. 
You need to recommend a solution to meet the following requirements:
Prevent the IT staff that will perform the deployment from retrieving the secrets directly from Key Vault. 
Use the principle of least privilege. 
Which two actions should you recommend? Each correct answer presents part of the solution. 
NOTE: Each correct selection is worth one point.

  • A: Create a Key Vault access policy that allows all get key permissions, get secret permissions, and get certificate permissions.
  • B: From Access policies in Key Vault, enable access to the Azure Resource Manager for template deployment.
  • C: Create a Key Vault access policy that allows all list key permissions, list secret permissions, and list certificate permissions.
  • D: Assign the IT staff a custom role that includes the Microsoft.KeyVault/Vaults/Deploy/Action permission.
  • E: Assign the Key Vault Contributor role to the IT staff.



Question 7
You have an Azure subscription that contains a custom application named Application1. Application1 was developed by an external company named Fabrikam, Ltd. Developers at Fabrikam were assigned role-based access control (RBAC) permissions to the Application1 components. All users are licensed for the Microsoft 365 E5 plan. 
You need to recommend a solution to verify whether the Fabrikam developers still require permissions to Application1. The solution must meet the following requirements:
the manager of the developers, send a monthly email message that lists the access permissions to Application1. 
If the manager does not verify an access permission, automatically revoke that permission. 
Minimize development effort. 
What should you recommend?

  • A: Create an Azure Automation runbook that runs the Get-AzureADUserAppRoleAssignment cmdlet.
  • B: Create an Azure Automation runbook that runs the Get-AzRoleAssignment cmdlet.
  • C: In Azure Active Directory (Azure AD), create an access review of Application1.
  • D: In Azure Active Directory (AD) Privileged Identity Management, create a custom role assignment for the Application1 resources.



Question 8
You plan to deploy an application named App1 that will run on five Azure virtual machines. Additional virtual machines will be deployed later to run App1. 
You need to recommend a solution to meet the following requirements for the virtual machines that will run App1:
Ensure that the virtual machines can authenticate to Azure Active Directory (Azure AD) to gain access to an Azure key vault, Azure Logic Apps instances, and an Azure SQL database. 
Avoid assigning new roles and permissions for Azure services when you deploy additional virtual machines. 
Avoid storing secrets and certificates on the virtual machines. 
Minimize administrative effort for managing identities. 
Which type of identity should you include in the recommendation? 

  • A: a service principal that is configured to use a certificate
  • B: a system-assigned managed identity
  • C: a service principal that is configured to use a client secret
  • D: a user-assigned managed identity



Question 9
You are designing a large Azure environment that will contain many subscriptions. 
You plan to use Azure Policy as part of a governance solution. 
To which three scopes can you assign Azure Policy definitions? Each correct answer presents a complete solution. 
NOTE: Each correct selection is worth one point.

  • A: management groups
  • B: subscriptions
  • C: Azure Active Directory (Azure AD) tenants
  • D: resource groups
  • E: Azure Active Directory (Azure AD) administrative units
  • F: compute resources



Question 10
You are designing a microservices architecture that will be hosted in an Azure Kubernetes Service (AKS) cluster. Apps that will consume the microservices will be hosted on Azure virtual machines. The virtual machines and the AKS cluster will reside on the same virtual network. 
You need to design a solution to expose the microservices to the consumer apps. The solution must meet the following requirements:
Ingress access to the microservices must be restricted to a single private IP address and protected by using mutual TLS authentication. 
The number of incoming microservice calls must be rate-limited. 
Costs must be minimized. 
What should you include in the solution?

  • A: Azure App Gateway with Azure Web Application Firewall (WAF)
  • B: Azure API Management Premium tier with virtual network connection
  • C: Azure API Management Standard tier with a service endpoint
  • D: Azure Front Door with Azure Web Application Firewall (WAF)






CONNECT US


ProfExam
PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount..

Get Now!


HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen



HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset