Win IT Exam with Last Dumps 2025

Microsoft AZ-204 Exam

Page 33/36
Viewing Questions 321 330 out of 355 Questions
91.67%

Question 321
HOTSPOT -
You need to add code at line PC26 of Processing.cs to ensure that security policies are met.
How should you complete the code that you will add at line PC26? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-204_321Q.jpg related to the Microsoft AZ-204 Exam
Image AZ-204_321R.jpg related to the Microsoft AZ-204 Exam
Box 1: var key = await Resolver.ResolveKeyAsyn(keyBundle,KeyIdentifier.CancellationToken.None);
Box 2: var x = new BlobEncryptionPolicy(key,resolver);
Example:
// We begin with cloudKey1, and a resolver capable of resolving and caching Key Vault secrets.
BlobEncryptionPolicy encryptionPolicy = new BlobEncryptionPolicy(cloudKey1, cachingResolver); client.DefaultRequestOptions.EncryptionPolicy = encryptionPolicy;
Box 3: cloudblobClient. DefaultRequestOptions.EncryptionPolicy = x;
Reference:
https://github.com/Azure/azure-storage-net/blob/master/Samples/GettingStarted/EncryptionSamples/KeyRotation/Program.cs

Question 322
You need to ensure the security policies are met.
What code do you add at line CS07 of ConfigureSSE.ps1?
A. -PermissionsToKeys create, encrypt, decrypt
B. -PermissionsToCertificates create, encrypt, decrypt
C. -PermissionsToCertificates wrapkey, unwrapkey, get
D. -PermissionsToKeys wrapkey, unwrapkey, get
Scenario: All certificates and secrets used to secure data must be stored in Azure Key Vault.
You must adhere to the principle of least privilege and provide privileges which are essential to perform the intended function.
The Set-AzureRmKeyValutAccessPolicy parameter -PermissionsToKeys specifies an array of key operation permissions to grant to a user or service principal.
The acceptable values for this parameter: decrypt, encrypt, unwrapKey, wrapKey, verify, sign, get, list, update, create, import, delete, backup, restore, recover, purge
Incorrect Answers:
A, C: The Set-AzureRmKeyValutAccessPolicy parameter -PermissionsToCertificates specifies an array of certificate permissions to grant to a user or service principal. The acceptable values for this parameter: get, list, delete, create, import, update, managecontacts, getissuers, listissuers, setissuers, deleteissuers, manageissuers, recover, purge, backup, restore
Reference:
https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/set-azurermkeyvaultaccesspolicy

Question 323
You need to reduce read latency for the retail store solution.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Create a new composite index for the store location data queries in Azure Cosmos DB. Modify the queries to support parameterized SQL and update the Azure Function app to call the new queries.
B. Provision an Azure Cosmos DB dedicated gateway. Update the Azure Function app connection string to use the new dedicated gateway endpoint.
C. Configure Azure Cosmos DB consistency to session consistency. Cache session tokens in a new Azure Redis cache instance after every write. Update reads to use the session token stored in Azure Redis.
D. Provision an Azure Cosmos DB dedicated gateway. Update blob storage to use the new dedicated gateway endpoint.
E. Configure Azure Cosmos DB consistency to strong consistency. Increase the RUs for the container supporting store location data.
Azure Cosmos DB queries from the Azure Function exhibit high Request Unit (RU) usage and contain multiple, complex queries that exhibit high point read latency for large items as the function app is scaling.
B: A dedicated gateway is server-side compute that is a front-end to your Azure Cosmos DB account. When you connect to the dedicated gateway, it both routes requests and caches data.
You can provision a dedicated gateway to improve performance at scale.
You must connect to Azure Cosmos DB using the dedicated gateway in order to use the integrated cache. The dedicated gateway has a different endpoint from the standard one provided with your Azure Cosmos DB account. When you connect to your dedicated gateway endpoint, your application sends a request to the dedicated gateway, which then routes the request to different backend nodes. If possible, the integrated cache will serve the result.
C: Azure Cache for Redis perfectly complements Azure database services such as Cosmos DB. It provides a cost-effective solution to scale read and write throughput of your data tier. Store and share database query results, session states, static contents, and more using a common cache-aside pattern.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/solution-ideas/articles/data-cache-with-redis-cache
https://docs.microsoft.com/en-us/azure/cosmos-db/dedicated-gateway

Question 324
You need to audit the retail store sales transactions.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Update the retail store location data upload process to include blob index tags. Create an Azure Function to process the blob index tags and filter by store location.
B. Process the change feed logs of the Azure Blob storage account by using an Azure Function. Specify a time range for the change feed data.
C. Enable blob versioning for the storage account. Use an Azure Function to process a list of the blob versions per day.
D. Process an Azure Storage blob inventory report by using an Azure Function. Create rule filters on the blob inventory report.
E. Subscribe to blob storage events by using an Azure Function and Azure Event Grid. Filter the events by store location.
Scenario: Audit store sale transaction information nightly to validate data, process sales financials, and reconcile inventory.
"Process the change feed logs of the Azure Blob storage account by using an Azure Function. Specify a time range for the change feed data": Change feed support is well-suited for scenarios that process data based on objects that have changed. For example, applications can:
Store, audit, and analyze changes to your objects, over any period of time, for security, compliance or intelligence for enterprise data management.
"Subscribe to blob storage events by using an Azure Function and Azure Event Grid. Filter the events by store location": Azure Storage events allow applications to react to events, such as the creation and deletion of blobs. It does so without the need for complicated code or expensive and inefficient polling services. The best part is you only pay for what you use.
Blob storage events are pushed using Azure Event Grid to subscribers such as Azure Functions, Azure Logic Apps, or even to your own http listener. Event Grid provides reliable event delivery to your applications through rich retry policies and dead-lettering.
Incorrect Answers:
"Enable blob versioning for the storage account. Use an Azure Function to process a list of the blob versions per day": You can enable Blob storage versioning to automatically maintain previous versions of an object. When blob versioning is enabled, you can access earlier versions of a blob to recover your data if it is modified or deleted.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-change-feed
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-event-overview

Question 325
You need to monitor ContentUploadService according to the requirements.
Which command should you use?
A. az monitor metrics alert create -n alert -g ... - -scopes ... - -condition "avg Percentage CPU > 8"
B. az monitor metrics alert create -n alert -g ... - -scopes ... - -condition "avg Percentage CPU > 800"
C. az monitor metrics alert create -n alert -g ... - -scopes ... - -condition "CPU Usage > 800"
D. az monitor metrics alert create -n alert -g ... - -scopes ... - -condition "CPU Usage > 8"
Scenario: An alert must be raised if the ContentUploadService uses more than 80 percent of available CPU cores.
Reference:
https://docs.microsoft.com/sv-se/cli/azure/monitor/metrics/alert


Question 326
You need to investigate the http server log output to resolve the issue with the ContentUploadService.
Which command should you use first?
A. az webapp log
B. az ams live-output
C. az monitor activity-log
D. az container attach
Scenario: Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.
"502 bad gateway" and "503 service unavailable" are common errors in your app hosted in Azure App Service.
Microsoft Azure publicizes each time there is a service interruption or performance degradation.
The az monitor activity-log command manages activity logs.
Note: Troubleshooting can be divided into three distinct tasks, in sequential order:
1. Observe and monitor application behavior
2. Collect data
3. Mitigate the issue
Reference:
https://docs.microsoft.com/en-us/cli/azure/monitor/activity-log

Question 327
You need to investigate the Azure Function app error message in the development environment.
What should you do?
A. Connect Live Metrics Stream from Application Insights to the Azure Function app and filter the metrics.
B. Create a new Azure Log Analytics workspace and instrument the Azure Function app with Application Insights.
C. Update the Azure Function app with extension methods from Microsoft.Extensions.Logging to log events by using the log instance.
D. Add a new diagnostic setting to the Azure Function app to send logs to Log Analytics.
Azure Functions offers built-in integration with Azure Application Insights to monitor functions.
The following areas of Application Insights can be helpful when evaluating the behavior, performance, and errors in your functions:
Live Metrics: View metrics data as it's created in near real-time.
Failures -
Performance -
Metrics -
Reference:
https://docs.microsoft.com/en-us/azure/azure-functions/functions-monitoring

Question 328
HOTSPOT -
You need to configure security and compliance for the corporate website files.
Which Azure Blob storage settings should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
AZ-204_328Q.png related to the Microsoft AZ-204 Exam
Image AZ-204_328R.png related to the Microsoft AZ-204 Exam
Box 1: role-based access control (RBAC)
Azure Storage supports authentication and authorization with Azure AD for the Blob and Queue services via Azure role-based access control (Azure RBAC).
Scenario: File access must restrict access by IP, protocol, and Azure AD rights.
Box 2: storage account type -
Scenario: The website uses files stored in Azure Storage
Auditing of the file updates and transfers must be enabled to comply with General Data Protection Regulation (GDPR).
Creating a diagnostic setting:
1. Sign in to the Azure portal.
2. Navigate to your storage account.
3. In the Monitoring section, click Diagnostic settings (preview).
AZ-204_328E.jpg related to the Microsoft AZ-204 Exam
4. Choose file as the type of storage that you want to enable logs for.
5. Click Add diagnostic setting.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-introduction
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-monitoring

Question 329
You need to correct the RequestUserApproval Function app error.
What should you do?
A. Update line RA13 to use the async keyword and return an HttpRequest object value.
B. Configure the Function app to use an App Service hosting plan. Enable the Always On setting of the hosting plan.
C. Update the function to be stateful by using Durable Functions to process the request payload.
D. Update the functionTimeout property of the host.json project file to 15 minutes.
Async operation tracking -
The HTTP response mentioned previously is designed to help implement long-running HTTP async APIs with Durable Functions. This pattern is sometimes referred to as the polling consumer pattern.
Both the client and server implementations of this pattern are built into the Durable Functions HTTP APIs.
Function app -
You perform local testing for the RequestUserApproval function. The following error message displays:
'Timeout value of 00:10:00 exceeded by function: RequestUserApproval'
The same error message displays when you test the function in an Azure development environment when you run the following Kusto query:
FunctionAppLogs -
| where FunctionName = = "RequestUserApproval"
Reference:
https://docs.microsoft.com/en-us/azure/azure-functions/durable/durable-functions-http-features

Question 330
DRAG DROP -
You need to implement the Log policy.
How should you complete the Azure Event Grid subscription? To answer, drag the appropriate JSON segments to the correct locations. Each JSON segment may be used once, more than once, or not at all. You may need to drag the split bar between panes to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
AZ-204_330Q.png related to the Microsoft AZ-204 Exam
Image AZ-204_330R.png related to the Microsoft AZ-204 Exam
Box 1:WebHook -
Scenario: If an anomaly is detected, an Azure Function that emails administrators is called by using an HTTP WebHook. endpointType: The type of endpoint for the subscription (webhook/HTTP, Event Hub, or queue).
Box 2: SubjectBeginsWith -
Box 3: Microsoft.Storage.BlobCreated
Scenario: Log Policy -
All Azure App Service Web Apps must write logs to Azure Blob storage. All log files should be saved to a container named logdrop. Logs must remain in the container for 15 days.
Example subscription schema -
{
"properties": {
"destination": {
"endpointType": "webhook",
"properties": {
"endpointUrl": "https://example.azurewebsites.net/api/HttpTriggerCSharp1?code=VXbGWce53l48Mt8wuotr0GPmyJ/nDT4hgdFj9DpBiRt38qqnnm5OFg=="
}
},
"filter": {
"includedEventTypes": [ "Microsoft.Storage.BlobCreated", "Microsoft.Storage.BlobDeleted" ],
"subjectBeginsWith": "blobServices/default/containers/mycontainer/log",
[1]
"isSubjectCaseSensitive ": "true"
}
}
}
Reference:
https://docs.microsoft.com/en-us/azure/event-grid/subscription-creation-schema