Win IT Exam with Last Dumps 2025

Microsoft AZ-204 Exam

Page 32/36
Viewing Questions 311 320 out of 355 Questions
88.89%

Question 311
DRAG DROP -
You need to add YAML markup at line CS17 to ensure that the ContentUploadService can access Azure Storage access keys.
How should you complete the YAML markup? To answer, drag the appropriate YAML segments to the correct locations. Each YAML segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
AZ-204_311Q.jpg related to the Microsoft AZ-204 Exam
Image AZ-204_311R.jpg related to the Microsoft AZ-204 Exam
Box 1: volumeMounts -
Example:
volumeMounts:
- mountPath: /mnt/secrets
name: secretvolume1
volumes:
- name: secretvolume1
secret:
mysecret1: TXkgZmlyc3Qgc2VjcmV0IEZPTwo=
Box 2: volumes -
Box 3: secret -
Reference:
https://docs.microsoft.com/en-us/azure/container-instances/container-instances-volume-secret

Question 312
HOTSPOT -
You need to add code at line AM10 of the application manifest to ensure that the requirement for manually reviewing content can be met.
How should you complete the code? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-204_312Q.jpg related to the Microsoft AZ-204 Exam
Image AZ-204_312R.jpg related to the Microsoft AZ-204 Exam
Box 1: sid -
Sid: Session ID, used for per-session user sign-out. Personal and Azure AD accounts.
Scenario: Manual review -
To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using
React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role.
Box 2: email -
Scenario: All completed reviews must include the reviewer's email address for auditing purposes.

Question 313
HOTSPOT -
You need to secure the Shipping Function app.
How should you configure the app? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-204_313Q.jpg related to the Microsoft AZ-204 Exam
Image AZ-204_313R.jpg related to the Microsoft AZ-204 Exam
Scenario: Shipping Function app: Implement secure function endpoints by using app-level security and include Azure Active Directory (Azure AD).
Box 1: Function -
Box 2: JSON based Token (JWT)
Azure AD uses JSON based tokens (JWTs) that contain claims
Box 3: HTTP -
How a web app delegates sign-in to Azure AD and obtains a token
User authentication happens via the browser. The OpenID protocol uses standard HTTP protocol messages.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-scenarios

Question 314
You need to secure the Shipping Logic App.
What should you use?
A. Azure App Service Environment (ASE)
B. Integration Service Environment (ISE)
C. VNet service endpoint
D. Azure AD B2B integration
Scenario: The Shipping Logic App requires secure resources to the corporate VNet and use dedicated storage resources with a fixed costing model.
You can access to Azure Virtual Network resources from Azure Logic Apps by using integration service environments (ISEs).
Sometimes, your logic apps and integration accounts need access to secured resources, such as virtual machines (VMs) and other systems or services, that are inside an Azure virtual network. To set up this access, you can create an integration service environment (ISE) where you can run your logic apps and create your integration accounts.
Reference:
https://docs.microsoft.com/en-us/azure/logic-apps/connect-virtual-network-vnet-isolated-environment-overview

Question 315
HOTSPOT -
You need to retrieve the database connection string.
Which values should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-204_315Q.png related to the Microsoft AZ-204 Exam
Image AZ-204_315R.png related to the Microsoft AZ-204 Exam
Azure database connection string retrieve REST API vault.azure.net/secrets/
Box 1: cpandlkeyvault -
We specify the key vault, cpandlkeyvault.
Scenario: The database connection string is stored in Azure Key Vault with the following attributes:
Azure Key Vault name: cpandlkeyvault
Secret name: PostgreSQLConn -
Id: 80df3e46ffcd4f1cb187f79905e9a1e8
Box 2: PostgreSQLConn -
We specify the secret, PostgreSQLConn
Example, sample request:
https://myvault.vault.azure.net//secrets/mysecretname/4387e9f3d6e14c459867679a90fd0f79?api-version=7.1
Box 3: Querystring -
Reference:
https://docs.microsoft.com/en-us/rest/api/keyvault/getsecret/getsecret


Question 316
DRAG DROP -
You need to correct the corporate website error.
Which four actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
AZ-204_316Q.jpg related to the Microsoft AZ-204 Exam
Image AZ-204_316R.jpg related to the Microsoft AZ-204 Exam
Scenario: Corporate website -
While testing the site, the following error message displays:
CryptographicException: The system cannot find the file specified.
Step 1: Generate a certificate -
Step 2: Upload the certificate to Azure Key Vault
Scenario: All SSL certificates and credentials must be stored in Azure Key Vault.
Step 3: Import the certificate to Azure App Service
Step 4: Update line SCO5 of Security.cs to include error handling and then redeploy the code
Reference:
https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate

Question 317
HOTSPOT -
You need to configure API Management for authentication.
Which policy values should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-204_317Q.png related to the Microsoft AZ-204 Exam
Image AZ-204_317R.png related to the Microsoft AZ-204 Exam
Box 1: Validate JWT -
The validate-jwt policy enforces existence and validity of a JWT extracted from either a specified HTTP Header or a specified query parameter.
Scenario: User authentication (see step 5 below)
The following steps detail the user authentication process:
1. The user selects Sign in in the website.
2. The browser redirects the user to the Azure Active Directory (Azure AD) sign in page.
3. The user signs in.
4. Azure AD redirects the user's session back to the web application. The URL includes an access token.
5. The web application calls an API and includes the access token in the authentication header. The application ID is sent as the audience ('aud') claim in the access token.
6. The back-end API validates the access token.
Incorrect Answers:
- Limit call rate by key - Prevents API usage spikes by limiting call rate, on a per key basis.
- Restrict caller IPs - Filters (allows/denies) calls from specific IP addresses and/or address ranges.
- Check HTTP header - Enforces existence and/or value of a HTTP Header.
Box 2: Outbound -
Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies

Question 318
You need to authenticate the user to the corporate website as indicated by the architectural diagram.
Which two values should you use? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. ID token signature
B. ID token claims
C. HTTP response code
D. Azure AD endpoint URI
E. Azure AD tenant ID
A: Claims in access tokens -
JWTs (JSON Web Tokens) are split into three pieces:
- Header - Provides information about how to validate the token including information about the type of token and how it was signed.
- Payload - Contains all of the important data about the user or app that is attempting to call your service.
- Signature - Is the raw material used to validate the token.
E: Your client can get an access token from either the v1.0 endpoint or the v2.0 endpoint using a variety of protocols.
Scenario: User authentication (see step 5 below)
The following steps detail the user authentication process:
1. The user selects Sign in in the website.
2. The browser redirects the user to the Azure Active Directory (Azure AD) sign in page.
3. The user signs in.
4. Azure AD redirects the user's session back to the web application. The URL includes an access token.
5. The web application calls an API and includes the access token in the authentication header. The application ID is sent as the audience ('aud') claim in the access token.
6. The back-end API validates the access token.
Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies

Question 319
HOTSPOT -
You need to correct the Azure Logic app error message.
Which configuration values should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-204_319Q.png related to the Microsoft AZ-204 Exam
Image AZ-204_319R.png related to the Microsoft AZ-204 Exam
Scenario: You test the Logic app in a development environment. The following error message displays:
'400 Bad Request'
Troubleshooting of the error shows an HttpTrigger action to call the RequestUserApproval function.
Note: If the inbound call's request body doesn't match your schema, the trigger returns an HTTP 400 Bad Request error.
Box 1: function -
If you have an Azure function where you want to use the system-assigned identity, first enable authentication for Azure functions.
Box 2: system-assigned -
Your logic app or individual connections can use either the system-assigned identity or a single user-assigned identity, which you can share across a group of logic apps, but not both.
Reference:
https://docs.microsoft.com/en-us/azure/logic-apps/create-managed-service-identity

Question 320
HOTSPOT -
You need to configure Azure Service Bus to Event Grid integration.
Which Azure Service Bus settings should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-204_320Q.png related to the Microsoft AZ-204 Exam
Image AZ-204_320R.png related to the Microsoft AZ-204 Exam
Box 1: Premium -
Service Bus can now emit events to Event Grid when there are messages in a queue or a subscription when no receivers are present. You can create Event Grid subscriptions to your Service Bus namespaces, listen to these events, and then react to the events by starting a receiver. With this feature, you can use Service
Bus in reactive programming models.
To enable the feature, you need the following items:
A Service Bus Premium namespace with at least one Service Bus queue or a Service Bus topic with at least one subscription.
Contributor access to the Service Bus namespace.
Box 2: Contributor -
Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-to-event-grid-integration-concept