100% Guaranteed Results AZ-304 Unlimited 288 Questions [2022]
AZ-304 Dumps PDF - Want To Pass AZ-304 Fast
Exam Details
The Microsoft AZ-304 test evaluates the candidates’ skills in designing monitoring, business continuity, infrastructure, data storage, as well as identity and security. The potential candidates can choose their preferred language when scheduling the exam. The available options are English, Korean, Japanese, and Simplified Chinese.
To schedule the test, you must first register and pay the fee, which is $165 for the applicants from the USA. The registration process is done through the Pearson VUE website. You can expect 40-60 questions in the delivery of the exam, and the questions are administered in different formats. These include multiple choice, drag and drop, active screen, case studies, and build list. It is required to gain at least 700 points to ace this Microsoft test and obtain the certification.
NEW QUESTION 16
You have 100 Standard_F2s_v2 Azure virtual machines. Each virtual machine has two network adapters.
You need to increase the network performance of the workloads running on the virtual machines. The solution must meet the following requirements:
* The CPU-to-memory ratio must remain the same.
* The solution must minimize costs.
What should you do?
- A. Enable Accelerated Networking.
- B. Install an additional network adapter.
- C. Enable RDMA over InfiniBand.
- D. Configure NIC teaming.
Answer: A
NEW QUESTION 17
You have an Azure subscription named Subscription1 that is linked to a hybrid Azure Active Directory (Azure AD) tenant.
You have an on-premises datacenter that does NOT have a VPN connection to Subscription1. The datacenter contains a computer named Server1 that has Microsoft SQL Server 2016 installed. Server1 is prevented from accessing the internet.
An Azure logic app named LogicApp1 requires write access to a database on Server1.
You need to recommend a solution to provide LogicApp1 with the ability to access Server1.
What should you recommend deploying on-premises and in Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/connectors/connectors-create-api-sqlazure
NEW QUESTION 18
You have five .NET Core applications that run on 10 Azure virtual machines in the same subscription.
You need to recommend a solution to ensure that the applications can authenticate by using the same Azure Active Directory (Azure AD) identity. The solution must meet the following requirements:
* Ensure that the applications can authenticate only when running on the 10 virtual machines.
* Minimize administrative effort.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 19
You have an Azure subscription that contains the resources shown in the following table.
You create an Azure SQL database named DB1 that is hosted in the East US region.
To DB1, you add a diagnostic setting named Settings1. Settings1 archives SQLInsights to storage1 and sends SQLInsights to Workspace1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selections is worth one point.
Answer:
Explanation:
NEW QUESTION 20
You have an Azure subscription named Subscription1 that is linked to a hybrid Azure Active Directory (Azure AD) tenant.
You have an on-premises datacenter that does NOT have a VPN connection to Subscription1. The datacenter contains a computer named Server1 that has Microsoft SQL Server 2016 installed. Server1 is prevented from accessing the internet An Azure logic app named LogicApp1 requires write access to a database on Server1.
You need to recommend a solution to provide LogicApp1 with the ability to access Server1.
What should you recommend deploying on-premises and in Azure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
see the answer solution below.
Explanation
Answer solution
NEW QUESTION 21
You need to recommend a solution for the users at Contoso to authenticate to the cloud-based services and the Azure AD-integrated applications.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 22
Your company has two on-premises sites in New York and Los Angeles and Azure virtual networks in the East US Azure region and the West US Azure region. Each on-premises site has Azure ExpressRoute circuits to both regions.
You need to recommend a solution that meets the following requirements:
* Outbound traffic to the Internet from workloads hosted on the virtual networks must be routed through the closest available on-premises site.
* If an on-premises site fails, traffic from the workloads on the virtual networks to the Internet must reroute automatically to the other site.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 23
To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
1
1
0
Topic 2, Contoso, Ltd Case Study B
Overview
Contoso,Ltd is a US-base finance service company that has a main office New York and an office in San Francisco.
Payment Processing Query System
Contoso hosts a business critical payment processing system in its New York data center. The system has three tiers a front-end web app a middle -tier API and a back end data store implemented as a Microsoft SQL Server
2014 database All servers run Windows Server 2012 R2.
The front -end and middle net components are hosted by using Microsoft Internet Inform-non Services (IK) The application rode is written in C# and middle- tier API uses the Entity framework to communicate the SQL Server database. Maintenance of the database e performed by using SQL Server Ago- The database is currently J IB and is not expected to grow beyond 3 TB.
The payment processing system has the following compliance related requirement
* Encrypt data in transit and at test. Only the front-end and middle-tier components must be able to access the encryption keys that protect the date store.
* Keep backups of the two separate physical locations that are at last 200 miles apart and can be restored for op to seven years.
* Support blocking inbound and outbound traffic based on the source IP address, the description IP address, and the port number
* Collect Windows security logs from all the middle-tier servers and retain the log for a period of seven years,
* Inspect inbound and outbound traffic from the from-end tier by using highly available network appliances.
* Only allow all access to all the tiers from the internal network of Contoso.
Tape backups ate configured by using an on-premises deployment or Microsoft System Center Data protection Manager (DPMX and then shaped ofsite for long term storage Historical Transaction Query System Contoso recently migrate a business-Critical workload to Azure. The workload contains a NET web server for querying the historical transaction data residing in azure Table Storage. The NET service is accessible from a client app that was developed in-house and on the client computer in the New Your office. The data in the storage is 50 GB and is not except to increase.
Information Security Requirement
The IT security team wants to ensure that identity management n performed by using Active Directory.
Password hashes must be stored on premises only.
Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger multi-factor authentication prompt automatically Legitimate users must be able to authenticate successfully by using multi-factor authentication.
Planned Changes
Contoso plans to implement the following changes:
* Migrate the payment processing system to Azure.
* Migrate the historical transaction data to Azure Cosmos DB to address the performance issues.
Migration Requirements
Contoso identifies the following general migration requirements:
Infrastructure services must remain available if a region or a data center fails. Failover must occur without any administrative intervention
* Whenever possible. Azure managed serves must be used to management overhead
* Whenever possible, costs must be minimized.
Contoso identifies the following requirements for the payment processing system:
* If a data center fails, ensure that the payment processing system remains available without any administrative intervention. The middle-tier and the web front end must continue to operate without any additional configurations-
* If that the number of compute nodes of the from -end and the middle tiers of the payment processing system can increase or decrease automatically based on CPU utilization.
* Ensure that each tier of the payment processing system is subject to a Service level Agreement (SLA) of
9959 percent availability
* Minimize the effort required to modify the middle tier API and the back-end tier of the payment processing system.
* Generate alerts when unauthorized login attempts occur on the middle-tier virtual machines.
* Insure that the payment processing system preserves its current compliance status.
* Host the middle tier of the payment processing system on a virtual machine.
Contoso identifies the following requirements for the historical transaction query system:
* Minimize the use of on-premises infrastructure service.
* Minimize the effort required to modify the .NET web service querying Azure Cosmos DB.
* If a region fails, ensure that the historical transaction query system remains available without any administrative intervention.
Current Issue
The Contoso IT team discovers poor performance of the historical transaction query as the queries frequently cause table scans.
Information Security Requirements
The IT security team wants to ensure that identity management is performed by using Active Directory.
Password hashes must be stored on-premises only.
Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger a multi-factor authentication prompt automatically. legitimate users must be able to authenticate successfully by using multi-factor authentication.
NEW QUESTION 24
To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 25
You have an Azure SQL database named DB1.
You need to recommend a data security solution for DB1. the solution must meet the following requirements:
* When helpdesk supervisors query DS1. they must see the full number of each credit card.
* When helpdesk operators Query DB1. they must see only the last four digits of each credit card number
* A column named Credit Rating must never appear in plain text within the database system, and only client applications must be able to decrypt the Credit Rating column.
What should you include in the recommendation To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://azure.microsoft.com/en-us/blog/transparent-data-encryption-or-always-encrypted/
NEW QUESTION 26
You have an app named App1 that uses two on-premises Microsoft SQL Server databases named DB1 and DB2.
You plan to migrate DB1 and DB2 to Azure.
You need to recommend an Azure solution to host DB1 and DB2. The solution must meet the following requirements:
* Support server-side transactions across DB1 and DB2.
* Minimize administrative effort to update the solution.
What should you recommend?
- A. two Azure SQL databases on different Azure SQL Database servers
- B. two Azure SQL databases in an elastic pool
- C. two SQL Server databases on an Azure virtual machine
- D. two Azure SQL databases on the same Azure SQL Database managed instance
Answer: C
Explanation:
When both the database management system and client are under the same ownership (e.g. when SQL Server is deployed to a virtual machine), transactions are available and the lock duration can be controlled.
NEW QUESTION 27
Your on-premises network contains a server named Server1 that runs an ASP.NET application named App1.
You have a hybrid deployment of Azure Active Directory (Azure AD).
You need to recommend a solution to ensure that users sign in by using their Azure AD account and Azure Multi-Factor Authentication (MFA) when they connect to App1 from the internet.
Which three Azure services should you recommend be deployed and configured in sequence? To answer, move the appropriate services from the list of services to the answer area and arrange them in the correct order.
Answer:
Explanation:
NEW QUESTION 28
Your company has the divisions shown in the following table.
Sub1 contains an Azure web app that runs an ASP.NET application named App1. App1 uses the Microsoft identity platform (v2.0) to handle user authentication. Users from east.contoso.com can authenticate to App1.
You need to recommend a solution to allow users from west.contoso.com to authenticate to App1.
What should you recommend for the west.contoso.com Azure AD tenant?
- A. pass-through authentication
- B. an app registration
- C. a conditional access policy
- D. guest accounts
Answer: B
Explanation:
There are several components that make up the Microsoft identity platform:
* OAuth 2.0 and OpenID Connect standard-compliant authentication service
* Application management portal: A registration and configuration experience in the Azure portal, along with the other Azure management capabilities.
You register an application using the App registrations experience in the Azure portal so that your app can be integrated with the Microsoft identity platform and call Microsoft Graph.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview
https://docs.microsoft.com/en-us/graph/auth-register-app-v2
NEW QUESTION 29
You are designing a virtual machine that will run Microsoft SQL Server and will contain two data disks. The first data disk will store log files, and the second data disk will store data. Both disks are P40 managed disks.
You need to recommend a caching policy for each disk. The policy must provide the best overall performance for the virtual machine.
Which caching policy should you recommend for each disk? To answer, drag the appropriate policies to the correct disks. Each policy may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sql/virtual-machines-windows-sql-performanc
NEW QUESTION 30
You are designing a solution for a stateless front-end application named Application1. Application1 will be hosted on two Azure virtual machines named VM1 and VM2.
You plan to load balance connections to VM1 and VM2 from the Internet by using one Azure load balancer.
You need to recommend the minimum number of required public IP addresses.
How many public IP addresses should you recommend using for each resource? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 31
Your company has the divisions shown in the following table.
You plan to deploy a custom application to each subscription. The application will contain the following:
* A resource group
* An Azure web app
* Custom role assignments
* An Azure Cosmos DB account
You need to use Azure Blueprints to deploy the application to each subscription.
What is the minimum number of objects required to deploy the application? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: 2
One management group for East, and one for West.
When creating a blueprint definition, you'll define where the blueprint is saved. Blueprints can be saved to a management group or subscription that you have Contributor access to. If the location is a management group, the blueprint is available to assign to any child subscription of that management group.
Box 2: 1
One definition as the you plan to deploy a custom application to each subscription.
With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved.
Box 3: 4
One assignment for each subscription.
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/overview
NEW QUESTION 32
You have an Azure web app that uses an Azure key vault named KeyVault1 in the West US Azure region.
You are designing a disaster recovery plan for KeyVault1.
You plan to back up the keys in KeyVault1.
You need to identify to where you can restore the backup.
What should you identify?
- A. the same region only
- B. KeyVault1 only
- C. the same geography only
- D. any region worldwide
Answer: C
Explanation:
When you back up a key vault object, such as a secret, key, or certificate, the backup operation will download the object as an encrypted blob. This blob can't be decrypted outside of Azure. To get usable data from this blob, you must restore the blob into a key vault within the same Azure subscription and Azure geography.
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/backup
NEW QUESTION 33
Your company deploys an Azure App Service Web App.
During testing the application fails under load. The application cannot handle more than 100 concurrent user sessions. You enable the Always On feature. You also configure auto-scaling to increase counts from two to
10 based on HTTP queue length.
You need to improve the performance of the application.
Which solution should you use for each application scenario? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Content Delivery Network
A content delivery network (CDN) is a distributed network of servers that can efficiently deliver web content to users. CDNs store cached content on edge servers in point-of-presence (POP) locations that are close to end users, to minimize latency.
Azure Content Delivery Network (CDN) offers developers a global solution for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world. Azure CDN can also accelerate dynamic content, which cannot be cached, by leveraging various network optimizations using CDN POPs. For example, route optimization to bypass Border Gateway Protocol (BGP).
Box 2: Azure Redis Cache
Azure Cache for Redis is based on the popular software Redis. It is typically used as a cache to improve the performance and scalability of systems that rely heavily on backend data-stores. Performance is improved by temporarily copying frequently accessed data to fast storage located close to the application. With Azure Cache for Redis, this fast storage is located in-memory with Azure Cache for Redis instead of being loaded from disk by a database.
References:
https://docs.microsoft.com/en-us/azure/azure-cache-for-redis/cache-overview
NEW QUESTION 34
You have an Azure Active Directory (Azure AD) tenant.
You plan to deploy Azure Cosmos DB databases that will use the SQL API.
You need to recommend a solution to provide specific Azure AD user accounts with read access to the Cosmos DB databases.
What should you include in the recommendation?
- A. master keys and Azure Information Protection policies
- B. certificates and Azure Key Vault
- C. a resource token and an Access control (IAM) role assignment
- D. shared access signatures (SAS) and conditional access policies
Answer: C
Explanation:
Explanation
The Access control (IAM) pane in the Azure portal is used to configure role-based access control on Azure Cosmos resources. The roles are applied to users, groups, service principals, and managed identities in Active Directory. You can use built-in roles or custom roles for individuals and groups. The following screenshot shows Active Directory integration (RBAC) using access control (IAM) in the Azure portal:
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/role-based-access-control
NEW QUESTION 35
A company named Contoso, Ltd- has an Azure Active Directory {Azure AD) tenant that uses the Basic license.
You plan to deploy two applications to Azure. The applications have the requirements shown in the following table.
Which authentication strategy should you recommend for each application? To answer, drag the appropriate authentication strategies to the correct applications. Each authentication strategy may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: Azure AD V2.0 endpoint
Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) developer platform. It allows developers to build applications that sign in all Microsoft identities and get tokens to call Microsoft APIs, such as Microsoft Graph, or APIs that developers have built. The Microsoft identity platform consists of:
OAuth 2.0 and OpenID Connect standard-compliant authentication service that enables developers to authenticate any Microsoft identity, including:
Work or school accounts (provisioned through Azure AD)
Personal Microsoft accounts (such as Skype, Xbox, and Outlook.com)
Social or local accounts (via Azure AD B2C)
Box 2: Azure AD B2C tenant
Azure Active Directory B2C provides business-to-customer identity as a service. Your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs.
Azure Active Directory B2C (Azure AD B2C) integrates directly with Azure Multi-Factor Authentication so that you can add a second layer of security to sign-up and sign-in experiences in your applications.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-mfa
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview
NEW QUESTION 36
......
Updated Verified AZ-304 Q&As - Pass Guarantee: https://testking.guidetorrent.com/AZ-304-dumps-questions.html