This page was exported from Exam for engine [ http://blog.test4engine.com ] Export date:Mon Nov 18 5:44:23 2024 / +0000 GMT ___________________________________________________ Title: Guaranteed Accomplishment with Newest May-2022 FREE Microsoft AZ-304 [Q152-Q170] --------------------------------------------------- Guaranteed Accomplishment with Newest May-2022 FREE Microsoft AZ-304 Use Valid New Free AZ-304 Exam Dumps & Answers For more info read reference: microsoft learning site AZ-304 Skills measured   NO.152 You need to design a resource governance solution for an Azure subscription. The solution must meet the following requirements:Ensure that all ExpressRoute resources are created in a resource group named RG1.Delegate the creation of the ExpressRoute resources to an Azure Active Directory (Azure AD) group named Networking.Use the principle of least privilege.What should you include in the solution? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manageNO.153 You configure the Diagnostics settings for an Azure SQL database as shown in the following exhibit.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point. ExplanationNO.154 You have the application architecture shown in the following exhibit.Use the drop-down menus to select choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point. ExplanationReferences:https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methodshttps://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoringNO.155 You are designing a SQL database solution. The solution will include 20 databases that will be 20 GB each and have varying usage patterns.You need to recommend a database platform to host the databases. The solution must meet the following requirements:* The compute resources allocated to the databases must scale dynamically.* The solution must meet an SLA of 99.99% uptime.* The solution must have reserved capacity.* Compute charges must be minimized.What should you include in the recommendation?  20 databases on a Microsoft SQL server that runs on an Azure virtual machine in an availability set  20 instances of Azure SQL Database serverless  20 databases on a Microsoft SQL server that runs on an Azure virtual machine  an elastic pool that contains 20 Azure SQL databases Azure SQL Database elastic pools are a simple, cost-effective solution for managing and scaling multiple databases that have varying and unpredictable usage demands. The databases in an elastic pool are on a single server and share a set number of resources at a set price. Elastic pools in Azure SQL Database enable SaaS developers to optimize the price performance for a group of databases within a prescribed budget while delivering performance elasticity for each database.Guaranteed 99.995 percent uptime for SQL DatabaseReference:https://docs.microsoft.com/en-us/azure/azure-sql/database/elastic-pool-overviewhttps://azure.microsoft.com/en-us/pricing/details/sql-database/elastic/NO.156 You are designing a storage solution that will use Azure Blob storage. The data will be stored in a cool access tier or an archive access tier based on the access patterns of the data.You identify the following types of infrequently accessed data:* Telemetry data: Deleted after two years* Promotional material: Deleted after 14 days* Virtual machine audit data: Deleted after 200 daysA colleague recommends using the archive access tier to store the data.Which statement accurately describes the recommendation?  Storage costs will be based on a minimum of 30 days.  Access to the data is guaranteed within five minutes.  Access to the data is guaranteed within 30 minutes.  Storage costs will be based on a minimum of 180 days. The following table shows a comparison of premium performance block blob storage, and the hot, cool, and archive access tiers.Reference:https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers Design Business Continuity Testlet 2 Case Study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case studyTo display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.OverviewContoso, Ltd, is a US-based financial services company that has a main office in New York and a branch office in San Francisco.Existing Environment. Payment Processing SystemContoso hosts a business-critical payment processing system in its New York data center. The system has three tiers: a front-end web app, a middle-tier web API, and a back-end data store implemented as a Microsoft SQL Server 2014 database. All servers run Windows Server 2012 R2.The front-end and middle-tier components are hosted by using Microsoft Internet Information Services (IIS).The application code is written in C# and ASP.NET. The middle-tier API uses the Entity Framework to communicate to the SQL Server database. Maintenance of the database is performed by using SQL Server Agent jobs.The database is currently 2 TB and is not expected to grow beyond 3 TB.The payment processing system has the following compliance-related requirements:* Encrypt data in transit and at rest. Only the front-end and middle-tier components must be able to access the encryption keys that protect the data store.* Keep backups of the data in two separate physical locations that are at least 200 miles apart and can be restored for up to seven years.* Support blocking inbound and outbound traffic based on the source IP address, the destination IP address, and the port number.* Collect Windows security logs from all the middle-tier servers and retain the logs for a period of seven years.* Inspect inbound and outbound traffic from the front-end tier by using highly available network appliances.* Only allow all access to all the tiers from the internal network of Contoso.Tape backups are configured by using an on-premises deployment of Microsoft System Center Data Protection Manager (DPM), and then shipped offsite for long term storage.Existing Environment. Historical Transaction Query SystemContoso recently migrated a business-critical workload to Azure. The workload contains a .NET web service for querying the historical transaction data residing in Azure Table Storage. The .NET web service is accessible from a client app that was developed in-house and runs on the client computers in the New York office. The data in the table storage is 50 GB and is not expected to increase.Existing Environment. Current IssuesThe Contoso IT team discovers poor performance of the historical transaction query system, as the queries frequently cause table scans.Requirements. Planned ChangesContoso plans to implement the following changes:* Migrate the payment processing system to Azure.* Migrate the historical transaction data to Azure Cosmos DB to address the performance issues.Requirements. Migration RequirementsContoso identifies the following general migration requirements:* Infrastructure services must remain available if a region or a data center fails. Failover must occur without any administrative intervention.* Whenever possible, Azure managed services must be used to minimize management overhead.* Whenever possible, costs must be minimized.Contoso identifies the following requirements for the payment processing system:* If a data center fails, ensure that the payment processing system remains available without any administrative intervention. The middle-tier and the web front end must continue to operate without any additional configurations.* Ensure that the number of compute nodes of the front-end and the middle tiers of the payment processing system can increase or decrease automatically based on CPU utilization.* Ensure that each tier of the payment processing system is subject to a Service Level Agreement (SLA) of99.99 percent availability.* Minimize the effort required to modify the middle-tier API and the back-end tier of the payment processing system.* Payment processing system must be able to use grouping and joining tables on encrypted columns.* Generate alerts when unauthorized login attempts occur on the middle-tier virtual machines.* Ensure that the payment processing system preserves its current compliance status.* Host the middle tier of the payment processing system on a virtual machine Contoso identifies the following requirements for the historical transaction query system:* Minimize the use of on-premises infrastructure services.* Minimize the effort required to modify the .NET web service querying Azure Cosmos DB.* Minimize the frequency of table scans.* If a region fails, ensure that the historical transaction query system remains available without any administrative intervention.Requirements. Information Security RequirementsThe IT security team wants to ensure that identity management is performed by using Active Directory.Password hashes must be stored on-premises only.Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger a multi-factor authentication prompt automatically.NO.157 You need to design an architecture to capture the creation of users and the assignment of roles. The captured data must be stored in Azure Cosmos DB.Which Azure services should you include in the design? To answer, drag the appropriate services to the correct targets. Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point. ExplanationNO.158 You need to design an Azure policy that will implement the following functionality:* For new resources, assign tags and values that match the tags and values of the resource group to which the resources are deployed.* For existing resources, identify whether the tags and values match the tags and values of the resource group that contains the resources.* For any non-compliant resources, trigger auto-generated remediation tasks to create missing tags and values.The solution must use the principle of least privilege.What should you include in the design? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. NO.159 You have an on-premises network that uses on IP address space of 172.16.0.0/16 You plan to deploy 25 virtual machines to a new azure subscription.You identity the following technical requirements.All Azure virtual machines must be placed on the same subnet subnet1.All the Azure virtual machines must be able to communicate with all on premises severs.The servers must be able to communicate between the on-premises network and Azure by using a site to site VPN.You need to recommend a subnet design that meets the technical requirements.What should you include in the recommendation? To answer, drag the appropriate network addresses to the correct subnet. Each network address may be used once, more than once or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point. NO.160 Your company has 20 web APIs that were developed in-house.The company is developing 10 web apps that will use the web APIs. The web apps and the APIs are registered in the company’s Azure Active Directory (Azure AD) tenant. The web APIs are published by using Azure API Management.You need to recommend a solution to block unauthorized requests originating from the web apps from reaching the web APIs. The solution must meet the following requirements:* Use Azure AD-generated claims.* Minimize configuration and management effort.What should you include in the recommendation? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Explanation1. Azure AD2. Azure API Management1. Azure ADhttps://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#gran2. API Managementhttps://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#confNO.161 You have an Azure subscription that contains resources in three Azure regions.You need to implement Azure Key Vault to meet the following requirements:D18912E1457D5D1DDCBD40AB3BF70D5D* In the event of a regional outage, all keys must be readable.* All the resources in the subscription must be able to access Key Vault.* The number of Key Vault resources to be deployed and managed must be minimized.How many instances of Key Vault should you implement?  1  2  3  6 ExplanationThe contents of your key vault are replicated within the region and to a secondary region at least 150 miles away but within the same geography. This maintains high durability of your keys and secrets. See the Azure paired regions document for details on specific region pairs.Example: Secrets that must be shared by your application in both Europe West and Europe North. Minimize these as much as you can. Put these in a key vault in either of the two regions. Use the same URI from both regions. Microsoft will fail over the Key Vault service internally.Reference:https://docs.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidanceNO.162 You have the application architecture shown in the following exhibit.Use the drop-down menus to select choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point. References:https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methodshttps://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoringNO.163 You have an Azure subscription that contains a storage account.An application sometimes writes duplicate files to the storage account.You have a PowerShell script that identifies and deletes duplicate files in the storage account. Currently, the script is run manually after approval from the operations manager.You need to recommend a serverless solution that performs the following actions:* Runs the script once an hour to identify whether duplicate files exist* Sends an email notification to the operations manager requesting approval to delete the duplicate files* Processes an email response from the operations manager specifying whether the deletion was approved* Runs the script if the deletion was approvedWhat should you include in the recommendation?  Azure Logic Apps and Azure Functions  Azure Pipelines and Azure Service Fabric  Azure Logic Apps and Azure Event Grid  Azure Functions and Azure Batch You can schedule a powershell script with Azure Logic Apps.When you want to run code that performs a specific job in your logic apps, you can create your own function by using Azure Functions. This service helps you create Node.js, C#, and F# functions so you don’t have to build a complete app or infrastructure to run code. You can also call logic apps from inside Azure functions. Azure Functions provides serverless computing in the cloud and is useful for performing tasks such as these examples:Reference:https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-azure-functionsNO.164 You need to recommend a solution for the users at Contoso to authenticate to the cloud-based services and the Azure AD-integrated applications.What should you include in the recommendation? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationNO.165 Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network.You need to enable single sign-on (SSO) for company users.Solution: Install and configure an on-premises Active Directory Federation Services (AD FS) server with a trust established between the AD FS server and Azure AD.Does the solution meet the goal?  Yes  No Seamless SSO is not applicable to Active Directory Federation Services (ADFS).Instead install and configure an Azure AD Connect server.Reference:https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-ssoNO.166 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You are designing an Azure solution for a company that has four departments. Each department will deploy several Azure app services and Azure SQL databases.You need to recommend a solution to report the costs for each department to deploy the app services and the databases. The solution must provide a consolidated view for cost reporting that displays cost broken down by department.Solution: Create a new subscription for each department.Does the solution meet the goal?  Yes  No Instead, create a resources group for each resource type. Assign tags to each resource Note: Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to organize resources for billing or management.Reference:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tagsNO.167 You need to recommend a backup solution for the data store of the payment processing system.What should you include in the recommendation?  Microsoft System Center Data Protection Manager (DPM)  Azure Backup Server  Azure SQL long-term backup retention  Azure Managed Disks Explanation/Reference:https://docs.microsoft.com/en-us/azure/sql-database/sql-database-long-term-backup-retention-configure Design Business Continuity Testlet 3 Case Study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case studyTo display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.Existing Environment. Active Directory EnvironmentThe network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication.Rd.fabrikam.com is used by the research and development (R&D) department only.Existing Environment. Network InfrastructureEach office contains at least one domain controller from the corp.fabrikam.com domain. The main office contains all the domain controllers for the rd.fabrikam.com forest.All the offices have a high-speed connection to the Internet.An existing application named WebApp1 is hosted in the data center of the London office. WebApp1 is used by customers to place and track orders. WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.The IT department currently uses a separate Hyper-V environment to test updates to WebApp1.Fabrikam purchases all Microsoft licenses through a Microsoft Enterprise Agreement that includes Software Assurance.Existing Environment. Problem StatementsThe use of WebApp1 is unpredictable. At peak times, users often report delays. At other times, many resources for WebApp1 are underutilized.Requirements. Planned ChangesFabrikam plans to move most of its production workloads to Azure during the next few years.As one of its first projects, the company plans to establish a hybrid identity model, facilitating an upcoming Microsoft Office 365 deployment.All R&D operations will remain on-premises.Fabrikam plans to migrate the production and test instances of WebApp1 to Azure and to use the S1 plan.Requirements. Technical RequirementsFabrikam identifies the following technical requirements:* Web site content must be easily updated from a single point.* User input must be minimized when provisioning new web app instances.* Whenever possible, existing on-premises licenses must be used to reduce cost.* Users must always authenticate by using their corp.fabrikam.com UPN identity.* Any new deployments to Azure must be redundant in case an Azure region fails.* Whenever possible, solutions must be deployed to Azure by using the Standard pricing tier of Azure App Service.* An email distribution group named IT Support must be notified of any issues relating to the directory synchronization services.* Directory synchronization between Azure Active Directory (Azure AD) and corp.fabrikam.com must not be affected by a link failure between Azure and the on-premises network.Requirements. Database RequirementsFabrikam identifies the following database requirements:* Database metrics for the production instance of WebApp1 must be available for analysis so that database administrators can optimize the performance settings.* To avoid disrupting customer access, database downtime must be minimized when databases are migrated.* Database backups must be retained for a minimum of seven years to meet compliance requirements.Requirements. Security RequirementsFabrikam identifies the following security requirements:* Company information including policies, templates, and data must be inaccessible to anyone outside the company.* Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.* Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials.* All administrative access to the Azure portal must be secured by using multi-factor authentication.* The testing of WebApp1 updates must not be visible to anyone outside the company.NO.168 You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager resource deployment in your subscription. What should you include in the recommendation?  Azure Activity Log  Azure Monitor action groups  Azure Advisor  Azure Monitor metrics ExplanationActivity logs are kept for 90 days. You can query for any range of dates, as long as the starting date isn’t more than 90 days in the past.Through activity logs, you can determine:* what operations were taken on the resources in your subscription* who started the operation* when the operation occurred* the status of the operation* the values of other properties that might help you research the operation Reference:https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logsNO.169 You need to recommend a solution for the data store of the historical transaction query system.What should you include in the recommendation? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationNO.170 You plan to deploy an application named App1 that will run on five Azure virtual machines. Additional virtual machines will be deployed later to run App1.You need to recommend a solution to meet the following requirements for the virtual machines that will run App1:* Ensure that the virtual machines can authenticate to Azure Active Directory (Azure AD) to gain access to* an Azure key vault, Azure Logic Apps instances, and an Azure SQL database.* Avoid assigning new roles and permissions for Azure services when you deploy additional virtual machines.* Avoid storing secrets and certificates on the virtual machines.Which type of identity should you include in the recommendation?  a service principal that is configured to use a certificate  a system-assigned managed identity  a service principal that is configured to use a client secret  a user-assigned managed identity ExplanationManaged identities for Azure resources is a feature of Azure Active Directory.User-assigned managed identity can be shared. The same user-assigned managed identity can be associated with more than one Azure resource.Reference:https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview Loading … AZ-304 Braindumps PDF, Microsoft AZ-304 Exam Cram: https://www.test4engine.com/AZ-304_exam-latest-braindumps.html --------------------------------------------------- Images: https://blog.test4engine.com/wp-content/plugins/watu/loading.gif https://blog.test4engine.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-05-16 10:55:29 Post date GMT: 2022-05-16 10:55:29 Post modified date: 2022-05-16 10:55:29 Post modified date GMT: 2022-05-16 10:55:29