September/2021 Latest Braindump2go AZ-204 Exam Dumps with PDF and VCE Free Updated Today! Following are some new AZ-204 Real Exam Questions!
QUESTION 245
You are developing an Azure App Service REST API.
The API must be called by an Azure App Service web app. The API must retrieve and update user profile information stored in Azure Active Directory (Azure AD).
You need to configure the API to make the updates.
Which two tools should you use? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Microsoft Graph API
B. Microsoft Authentication Library (MSAL)
C. Azure API Management
D. Microsoft Azure Security Center
E. Microsoft Azure Key Vault SDK
Answer: AC
Explanation:
A: You can use the Azure AD REST APIs in Microsoft Graph to create unique workflows between Azure AD resources and third-party services.
Enterprise developers use Microsoft Graph to integrate Azure AD identity management and other services to automate administrative workflows, such as employee onboarding (and termination), profile maintenance, license deployment, and more.
C: API Management (APIM) is a way to create consistent and modern API gateways for existing back-end services.
API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services.
Reference:
https://docs.microsoft.com/en-us/graph/azuread-identity-access-management-concept-overview
QUESTION 246
You develop a REST API. You implement a user delegation SAS token to communicate with Azure Blob storage.
The token is compromised.
You need to revoke the token.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Revoke the delegation key.
B. Delete the stored access policy.
C. Regenerate the account key.
D. Remove the role assignment for the security principle.
Answer: AB
Explanation:
A: Revoke a user delegation SAS
To revoke a user delegation SAS from the Azure CLI, call the az storage account revoke-delegation-keys command. This command revokes all of the user delegation keys associated with the specified storage account. Any shared access signatures associated with those keys are invalidated.
B: To revoke a stored access policy, you can either delete it, or rename it by changing the signed identifier.
Changing the signed identifier breaks the associations between any existing signatures and the stored access policy. Deleting or renaming the stored access policy immediately effects all of the shared access signatures associated with it.
Reference:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/storage/blobs/storage-blob-user-delegation-sas-create-cli.md
https://docs.microsoft.com/en-us/rest/api/storageservices/define-stored-access-policy#modifying-or-revoking-a-stored-access-policy
QUESTION 247
You develop and deploy an Azure Logic app that calls an Azure Function app. The Azure Function app includes an OpenAPI (Swagger) definition and uses an Azure Blob storage account. All resources are secured by using Azure Active Directory (Azure AD).
The Azure Logic app must securely access the Azure Blob storage account. Azure AD resources must remain if the Azure Logic app is deleted.
You need to secure the Azure Logic app.
What should you do?
A. Create a user-assigned managed identity and assign role-based access controls.
B. Create an Azure AD custom role and assign the role to the Azure Blob storage account.
C. Create an Azure Key Vault and issue a client certificate.
D. Create a system-assigned managed identity and issue a client certificate.
E. Create an Azure AD custom role and assign role-based access controls.
Answer: A
Explanation:
To give a managed identity access to an Azure resource, you need to add a role to the target resource for that identity.
Note: To easily authenticate access to other resources that are protected by Azure Active Directory (Azure AD) without having to sign in and provide credentials or secrets, your logic app can use a managed identity (formerly known as Managed Service Identity or MSI). Azure manages this identity for you and helps secure your credentials because you don’t have to provide or rotate secrets.
If you set up your logic app to use the system-assigned identity or a manually created, user-assigned identity, the function in your logic app can also use that same identity for authentication.
Reference:
https://docs.microsoft.com/en-us/azure/logic-apps/create-managed-service-identity
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates-for-clients
QUESTION 248
You are developing a solution that will use a multi-partitioned Azure Cosmos DB database. You plan to use the latest Azure Cosmos DB SDK for development.
The solution must meet the following requirements:
– Send insert and update operations to an Azure Blob storage account.
– Process changes to all partitions immediately.
– Allow parallelization of change processing.
You need to process the Azure Cosmos DB operations.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Create an Azure App Service API and implement the change feed estimator of the SDK. Scale the API by using multiple Azure App Service instances.
B. Create a background job in an Azure Kubernetes Service and implement the change feed feature of the SDK.
C. Create an Azure Function to use a trigger for Azure Cosmos DB. Configure the trigger to connect to the container.
D. Create an Azure Function that uses a FeedIterator object that processes the change feed by using the pull model on the container. Use a FeedRange objext to parallelize the processing of the change feed across multiple functions.
Answer: C
Explanation:
Azure Functions is the simplest option if you are just getting started using the change feed. Due to its simplicity, it is also the recommended option for most change feed use cases. When you create an Azure Functions trigger for Azure Cosmos DB, you select the container to connect, and the Azure Function gets triggered whenever there is a change in the container. Because Azure Functions uses the change feed processor behind the scenes, it automatically parallelizes change processing across your container’s partitions.
Note: You can work with change feed using the following options:
Using change feed with Azure Functions
Using change feed with change feed processor
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/read-change-feed
QUESTION 249
You are developing applications for a company. You plan to host the applications on Azure App Services.
The company has the following requirements:
– Every five minutes verify that the websites are responsive.
– Verify that the websites respond within a specified time threshold.
– Dependent requests such as images and JavaScript files must load properly.
– Generate alerts if a website is experiencing issues.
– If a website fails to load, the system must attempt to reload the site three more times.
You need to implement this process with the least amount of effort.
What should you do?
A. Create a Selenium web test and configure it to run from your workstation as a scheduled task.
B. Set up a URL ping test to query the home page.
C. Create an Azure function to query the home page.
D. Create a multi-step web test to query the home page.
E. Create a Custom Track Availability Test to query the home page.
Answer: D
Explanation:
You can monitor a recorded sequence of URLs and interactions with a website via multi-step web tests.
Incorrect Answers:
A: Selenium is an umbrella project for a range of tools and libraries that enable and support the automation of web browsers.
It provides extensions to emulate user interaction with browsers, a distribution server for scaling browser allocation, and the infrastructure for implementations of the W3C WebDriver specification that lets you write interchangeable code for all major web browsers.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/app/availability-multistep
QUESTION 250
You develop and add several functions to an Azure Function app that uses the latest runtime host. The functions contain several REST API endpoints secured by using SSL. The Azure Function app runs in a Consumption plan.
You must send an alert when any of the function endpoints are unavailable or responding too slowly.
You need to monitor the availability and responsiveness of the functions.
What should you do?
A. Create a URL ping test.
B. Create a timer triggered function that calls TrackAvailability() and send the results to Application Insights.
C. Create a timer triggered function that calls GetMetric(“Request Size”) and send the results to Application Insights.
D. Add a new diagnostic setting to the Azure Function app. Enable the FunctionAppLogs and Send to Log Analytics options.
Answer: B
Explanation:
You can create an Azure Function with TrackAvailability() that will run periodically according to the configuration given in TimerTrigger function with your own business logic. The results of this test will be sent to your Application Insights resource, where you will be able to query for and alert on the availability results data. This allows you to create customized tests similar to what you can do via Availability Monitoring in the portal. Customized tests will allow you to write more complex availability tests than is possible using the portal UI, monitor an app inside of your Azure VNET, change the endpoint address, or create an availability test even if this feature is not available in your region.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/app/availability-azure-functions
QUESTION 251
You are creating an app that will use CosmosDB for data storage. The app will process batches of relational data.
You need to select an API for the app.
Which API should you use?
A. MongoDB API
B. Table API
C. SQL API
D. Cassandra API
Answer: C
Explanation:
For relational data you will need the SQL API
Incorrect Answer:
A: The MongoDB API is not used for relational data.
B: The Table API only supports data in the key/value format
D: The Cassandra API only supports OLTP (Online Transactional Processing) and not batch processing.
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/choose-api
QUESTION 252
Hotspot Question
You create the following PowerShell script:
For each of the following statements, select Yes if the statement is true. Otherwise, select No,
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: No
The AzScheduledQueryRuleSource is Heartbeat, not CPU.
Box 2: Yes
The AzScheduledQueryRuleSource is Heartbeat!
Note: New-AzScheduledQueryRuleTriggerCondition creates an object of type Trigger Condition. This object is to be passed to the command that creates Alerting Action object.
Box 3: No
The schedule is 60 minutes, not two hours.
-FrequencyInMinutes: The alert frequency.
-TimeWindowInMinutes: The alert time window
The New-AzAscheduledQueryRuleSchedule command creates an object of type Schedule. This object is to be passed to the command that creates Log Alert Rule.
Reference:
https://docs.microsoft.com/en-us/powershell/module/az.monitor/new-azscheduledqueryrule
https://docs.microsoft.com/en-us/powershell/module/az.monitor/new-azscheduledqueryruletriggercondition
Resources From:
1.2021 Latest Braindump2go AZ-204 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/az-204.html
2.2021 Latest Braindump2go AZ-204 PDF and AZ-204 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1qSt-4_6x_lmYQoqET8lOEQmDK4tWxrUP?usp=sharing
3.2021 Free Braindump2go AZ-204 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/AZ-204-VCE-Dumps(245-252).pdf
Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!