• support@dumpspool.com
SPECIAL LIMITED TIME DISCOUNT OFFER. USE DISCOUNT CODE TO GET 20% OFF DP2021

PDF Only

$35.00 Free Updates Upto 90 Days

  • AZ-204 Dumps PDF
  • 383 Questions
  • Updated On May 21, 2024

PDF + Test Engine

$55.00 Free Updates Upto 90 Days

  • AZ-204 Question Answers
  • 383 Questions
  • Updated On May 21, 2024

Test Engine

$45.00 Free Updates Upto 90 Days

  • AZ-204 Practice Questions
  • 383 Questions
  • Updated On May 21, 2024
Check Our Free Microsoft AZ-204 Online Test Engine Demo.

How to pass Microsoft AZ-204 exam with the help of dumps?

DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest Microsoft AZ-204 Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.

How Do I Know Microsoft AZ-204 Dumps are Worth it?

Did we mention our latest AZ-204 Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.

You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just Microsoft Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!

IT Students Are Using our Developing Solutions for Microsoft Azure Dumps Worldwide!

It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using Developing Solutions for Microsoft Azure Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.

How to Get AZ-204 Real Exam Dumps?

Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the AZ-204 exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!

Microsoft AZ-204 Sample Question Answers

Question # 1

You are developing a Java application that uses Cassandra to store key and value data. You plan to use a new Azure Cosmos DB resource and the Cassandra API in the application. You create an Azure Active Directory (Azure AD) group named Cosmos DB Creators to enable provisioning of Azure Cosmos accounts, databases, and containers. The Azure AD group must not be able to access the keys that are required to access the data. You need to restrict access to the Azure AD group. Which role-based access control should you use?

A. DocumentDB Accounts Contributor
B. Cosmos Backup Operator 
C. Cosmos DB Operator
D. Cosmos DB Account Reader 

Question # 2

STION NO: 184 DRAG-DROPYou are developing an ASP.NET Core website that can be used to manage photographswhich are stored in Azure Blob Storage containers.Users of the website authenticate by using their Azure Active Directory (Azure AD)credentials.You implement role-based access control (RBAC) role permissions on the containers thatstore photographs. You assign users to RBAC roles.You need to configure the website’s Azure AD Application so that user permissions canbe used with the Azure Blob containers.How should you configure the application? To answer, drag the appropriate setting to thecorrect location. Each setting can be used once, more than once, or not at all. You mayneed to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point.

Question # 3

You are developing a web service that will run on Azure virtual machines that use AzureStorage. You configure all virtual machines to use managed identities.You have the following requirements:Secret-based authentication mechanisms are not permitted for accessing an AzureStorage account.Must use only Azure Instance Metadata Service endpoints.You need to write code to retrieve an access token to access Azure Storage. To answer,drag the appropriate code segments to the correct locations. Each code segment may beused once or not at all. You may need to drag the split bar between panes or scroll to viewcontent.NOTE: Each correct selection is worth one point.

Question # 4

You are building a website that is used to review restaurants. The website will use an Azure CDN to improve performance and add functionality to requests. You build and deploy a mobile app for Apple iPhones. Whenever a user accesses the website from an iPhone, the user must be redirected to the app store. You need to implement an Azure CDN rule that ensures that iPhone users are redirected to the app store. How should you complete the Azure Resource Manager template? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Question # 5

You develop a solution that uses Azure Virtual Machines (VMs). The VMs contain code that must access resources in an Azure resource group. You grant the VM access to the resource group in Resource Manager. You need to obtain an access token that uses the VMs system-assigned managed identity. Which two actions should you perform? Each correct answer presents part of the solution. 

A. Use PowerShell on a remote machine to make a request to the local managed identity for Azure resources endpoint. 
B. Use PowerShell on the VM to make a request to the local managed identity for Azureresources endpoint. 
C. From the code on the VM. call Azure Resource Manager using an access token. 
D. From the code on the VM. call Azure Resource Manager using a SAS token. 
E. From the code on the VM. generate a user delegation SAS token.

Question # 6

You develop and add several functions to an Azure Function app that uses the latestruntime host. The functions contain several REST API endpoints secured by using SSL.The Azure Function app runs in a Consumption plan.You must send an alert when any of the function endpoints are unavailable or respondingtoo slowly.You need to monitor the availability and responsiveness of the functions.What should you do?

A. Create a URL ping test. 
B. Create a timer triggered function that calls TrackAvailability() and send the results to Application Insights.
C. Create a timer triggered function that calls GetMetric("Request Size") and send the results to
C. Create a timer triggered function that calls GetMetric("Request Size") and send the results to Application Insights. 
D. Add a new diagnostic setting to the Azure Function app. Enable the FunctionAppLogs and Send to Log Analytics options. 

Question # 7

You are developing a web application by using the Azure SDK. The web applicationaccesses data m a zone-redundant BlockBlobStorage storage accountThe application must determine whether the data has changed since the application lastreao the data. Update operations must use the latest data changes when writing data to thestorages..................You need to implement the update operations.Which values should you use? To answer, select the appropriate option m the answerarea.NOTE Each correct selection is worth one point.

Question # 8

You are maintaining an existing application that uses an Azure Blob GPv1 Premiumstorage account. Data older than three months is rarely used.Data newer than three months must be available immediately. Data older than a year mustbe saved but does not need to be available immediately.You need to configure the account to support a lifecycle management rule that moves the blobdata to archive storage for data not modified in the last year.Which three actions should you perform in sequence? To answer, move the appropriateactions from the list of actions to the answer area and arrange them in the correct order.

Question # 9

You develop and deploy an Azure Logic App that calls an Azure Function app. The Azure Function App includes an OpenAPI (Swagger) definition and uses an Azure Blob storage account. All resources are secured by using Azure Active Directory (Azure AD). The Logic App must use Azure Monitor logs to record and store information about runtime data and events. The logs must be stored in the Azure Blob storage account. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. 

Question # 10

You develop and deploy an Azure App Service web app named App1. You create a new Azure Key Vault named Vault 1. You import several API keys, passwords, certificates, and cryptographic keys into Vault1.You need to grant App1 access to Vault1 and automatically rotate credentials Credentials must not be stored in code. What should you do?  

A. Enable App Service authentication for Appt. Assign a custom RBAC role to Vault1. 
B. Add a TLS/SSL binding to App1. 
C. Assign a managed identity to App1. 
D. Upload a self-signed client certificate to Vault1. Update App1 to use the client certificate. 

Question # 11

You are developing an Azure Function app. The app must meet the following requirements: Enable developers to write the functions by using the Rust language. Declaratively connect to an Azure Blob Storage account. You need to implement the app.Which Azure Function app features should you use? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

Question # 12

You develop an application. You plan to host the application on a set of virtual machines (VMs) in Azure. You need to configure Azure Monitor to collect logs from the application. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Question # 13

You are developing a web application that runs as an Azure Web App. The web application stores data in Azure SQL Database and stores files in an Azure Storage account. The web application makes HTTP requests to external services as part of normal operations. The web application is instrumented with Application Insights. The external services are OpenTelemetry compliant. You need to ensure that the customer ID of the signed in user is associated with all operations throughout the overall system. What should you do?

A. Create a new SpanContext with the TraceRags value set to the customer ID for the signed in user. 
B. On the current SpanContext, set the Traceld to the customer ID for the signed in user. 
C. Add the customer ID for the signed in user to the CorrelationContext in the web application. 
D. Set the header Ocp-Apim-Trace to the customer ID for the signed in user. 

Question # 14

An organization hosts web apps in Azure. The organization uses Azure Monitor You discover that configuration changes were made to some of the web apps. You need to identify the configuration changes. Which Azure Monitor log should you review?

A. AppServiceEnvironmentPlatformLogs
B. AppServiceApplogs 
C. AppServiceAuditLogs 
D. AppServiceConsoteLogs 

Question # 15

You plan to create a Docker image that runs an ASP.NET Core application namedContosoApp. You have a setup script named setupScript.ps1 and a series of applicationfiles including ContosoApp.dll.You need to create a Dockerfile document that meets the following requirements:Call setupScripts.ps1 when the container is built.Run ContosoApp.dll when the container starts.The Dockerfile document must be created in the same folder where ContosoApp.dll andsetupScript.ps1 are stored.Which five commands should you use to develop the solution? To answer, move theappropriate commands from the list of commands to the answer area and arrange them inthe correct order.

Question # 16

You develop Azure solutions.You must connect to a No-SQL globally-distributed database by using the .NET API.You need to create an object to configure and execute requests in the database.Which code segment should you use?

A. new Container(EndpointUri, PrimaryKey);
B. new Database(Endpoint, PrimaryKey); 
C. new CosmosClient(EndpointUri, PrimaryKey); 

Question # 17

You have an existing Azure storage account that stores large volumes of data acrossmultiple containers.You need to copy all data from the existing storage account to a new storage account. Thecopy process must meet the following requirements:Automate data movement.Minimize user input required to perform the operation.Ensure that the data movement process is recoverable.What should you use?

A. AzCopy 
B. Azure Storage Explorer 
C. Azure portal 
D. .NET Storage Client Library

Question # 18

You develop and deploy a web app to Azure App Service. The Azure App Service uses aBasic plan in a single region.You need to capture the telemetry.Which three actions should you perform? Each correct answer presents part of the solutionNOTE; Each correct selection is worth one pewit

A. Upgrade the Azure App Service plan to Premium. 
B. Enable remote debugging. 
C. Enable Profiler 
D. Restart an apps in the App Service plan 
E. Enable Snapshot debugger 
F. Enable Application Insights site extensions. 
G. Enable the Always On setting for the app service. 

Question # 19

You are developing an Azure-hosted application that must use an on-premises hardware security module (HSM) key.The key must be transferred to your existing Azure Key Vault by using the Bring Your Own Key (BYOK) process.You need to securely transfer the key to Azure Key Vault. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. 

Question # 20

An organization plans to deploy Azure storage services.You need to configure a shared access signature (SAS) for granting access to AzureStorage.Which SAS types should you use? To answer, drag the appropriate SAS types to thecorrect requirements. Each SAS type may be used once, more than once, or not at all. Youmay need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point.

Question # 21

You are developing an application to securely transfer data between on-premises file systems and Azure Blob storage. The application stores keys, secrets, and certificates in Azure Key Vault. The application uses the Azure Key Vault APIs.The application must allow recovery of an accidental deletion of the key vault or key vault objects. Key vault objects must be retained for 90 days after deletion.You need to protect the key vault and key vault objects. Which Azure Key Vault feature should you use? To answer, drag the appropriate features to the correct actions. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. 

Question # 22

A development team is creating a new REST API. The API will store data in Azure Blobstorage. You plan to deploy the API to Azure App Service.Developers must access the Azure Blob storage account to develop the API for the nexttwo months. The Azure Blob storage account must not be accessible by the developersafter the two-month time period.You need to grant developers access to the Azure Blob storage account.What should you do?

A. Generate a shared access signature (SAS) for the Azure Blob storage account and provide the SAS to all developers. 
B. Create and apply a new lifecycle management policy to include a last accessed date value. Apply the policy to the Azure Blob storage account.
C. Provide all developers with the access key for the Azure Blob storage account. Update the API to include the Coordinated Universal Time (UTC) timestamp for the request header. 
D. Grant all developers access to the Azure Blob storage account by assigning role-based access control (RBAC) roles. 

Question # 23

You are developing a REST web service. Customers will access the service by using anAzure API Management instance.The web service does not correctly handle conflicts. Instead of returning an HTTP statuscode of 409, the service returns a status code of 500. The body of the status messagecontains only the word conflict.You need to ensure that conflicts produce the correct response.How should you complete the policy? To answer, drag the appropriate code segments tothe correct locations. Each code segment may be used once, more than once, or not at all.You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point.

Question # 24

You are developing an Azure App Service REST API.The API must be called by an Azure App Service web app. The API must retrieve andupdate user profile information stored in Azure Active Directory (Azure AD).You need to configure the API to make the updates.Which two tools should you use? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

A. Microsoft Graph API 
B. Microsoft Authentication Library (MSAL) 
C. Azure API Management 
D. Microsoft Azure Security Center 
E. Microsoft Azure Key Vault SDK 

Question # 25

You are implementing software as a service (SaaS) ASP.NET Core web service that willrun as an Azure Web App. The web service will use an on-premises SQL Server databasefor storage. The web service also includes a WebJob that processes data updates. Yourcustomers will use the web service.•Each instance of the WebJob processes data for a single customer and must run as asingleton instance.•Each deployment must be tested by using deployment slots prior to serving productiondata.•Azure costs must be minimized.•Azure resources must be located in an isolated network.You need to configure the App Service plan for the Web App.How should you configure the App Service plan? To answer, select the appropriate settingsin the answer area.NOTE: Each correct selection is worth one point.

Question # 26

You are developing an application that uses a premium block blob storage account. You are optimizing costs by automating Azure Blob Storage access tiers.You apply the following policy rules to the storage account. You must determine the implications of applying the rules to the data. (Line numbers are included for reference only.) 

Question # 27

You are developing an Azure-hosted e-commerce web application. The application will use Azure Cosmos DB to store sales orders. You are using the latest SDK to manage the sales orders in the database.You create a new Azure Cosmos DB instance. You include a valid endpoint and valid authorization key to an appSettings.json file in the code project.You are evaluating the following application code: (Line number are included for reference only.)   For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. 

Question # 28

You are developing an Azure Function App. You develop code by using a language that isnot supported by the Azure Function App host. The code language supports HTTPprimitives.You must deploy the code to a production Azure Function App environment.You need to configure the app for deployment.Which configuration values should you use? To answer, select the appropriate options inthe answer area.NOTE: Each correct selection is worth one point.

Question # 29

You develop and deploy an Azure App Service ---- app. The web app accesses data in anAzure SQL databaseYou must update the web app to store frequently used data m a new Azure Cache forRedis Premium instance.You need to implement the Azure Cache for Redis features.Which feature should you implement? To answer, drag the appropriate feature to thecorrect requirements Each feature may be used once, more than once, or not at all Youmay need to ------------ between panes or scroll to view content.NOTE Each correct selection is worth one point

Question # 30

You are developing an Azure function that connects to an Azure SQL Database instance. The function is triggered by an Azure Storage queue.You receive reports of numerous System.InvalidOperationExceptions with the following message: “Timeout expired. The timeout period elapsed prior to obtaining a connection from the pool. This may have occurred because all pooled connections were in use and max pool size was reached.” You need to prevent the exception. What should you do?  

A. In the host.json file, decrease the value of the batchSize option 
B. Convert the trigger to Azure Event Hub 
C. Convert the Azure Function to the Premium plan 
D. In the function.json file, change the value of the type option to queueScaling 

Question # 31

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2.When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute.You need to design the process that starts the photo processing.Does the solution meet the goal? Solution: Use the Azure Blob Storage change feed to trigger photo processing.  

A. Yes
B. No

Question # 32

You develop and deploy an Azure App Service web app. The app is deployed to multipleregions and uses Azure Traffic Manager. Application Insights is enabled for the app.You need to analyze app uptime for each month.Which two solutions win achieve the goal? Each correct answer presents a completesolutionNOTE: Each correct selection is worth one point

A. Application Insights alerts 
B. Application Insights web tests 
C. Azure Monitor logs 
D. Azure Monitor metrics 

Question # 33

You manage a data processing application that receives requests from an Azure Storagequeue.You need to manage access to the queue. You have the following requirements:Provide other applications access to the Azure queue.Ensure that you can revoke access to the queue without having to regenerate thestorage account keys. Specify access at the queue level and not at the storage account level.Which type of shared access signature (SAS) should you use?

A. Service SAS with a stored access policy
B. Account SAS
C. User Delegation SAS
D. Service SAS with ad hoc SAS

Question # 34

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You are developing a website that will run as an Azure Web App. Users will authenticate by using their Azure Active Directory (Azure AD) credentials.You plan to assign users one of the following permission levels for the website: admin, normal, and reader. A user’s Azure AD group membership must be used to determine the permission level.You need to configure authorization.Solution: Configure and use Integrated Windows Authentication in the website. In the website, query Microsoft Graph API to load the group to which the user is a member.Does the solution meet the goal?  

A. Yes
B. No

Question # 35

You are developing a web application that uses Azure Cache for Redis. You anticipate thatthe cache will frequently fill and you will need to evict keys.You must configure Azure Cache for Redis based on the following predicted usage pattern:A small subset of elements will be accessed much more often than the rest.You need to configure the Azure Cache for Redis to optimize performance for the predictedusage pattern.Which two eviction policies will achieve the goal?NOTE: Each correct selection is worth one point. 

A. noeviction 
B. allkeys-lru 
C. volatile-lru 
D. allkeys-random 
E. volatile-ttl 
F. volatile-random

Question # 36

You are developing an application to store and retrieve data in Azure Blob storage. Theapplication will be hosted in an on-premises virtual machine (VM). The VM is connected toAzure by using a Site-to-Site VPN gateway connection. The application is secured by usingAzure Active Directory (Azure AD) credentials.The application must be granted access to the Azure Blob storage account with a starttime, expiry time, and read permissions. The Azure Blob storage account access must usethe Azure AD credentials of the application to secure data access. Data access must beable to be revoked if the client application security is breached.You need to secure the application access to Azure Blob storage.Which security features should you use? To answer select the appropriate options in theanswer area. NOTE: Each correct selection is worth one point.

Question # 37

You are developing a web application that makes calls to the Microsoft Graph API. Youregister the application in the Azure portal and upload a valid X509 certificate.You create an appsettings.json file containing the certificate name, client identifier for theapplication, and the tenant identifier of the Azure active Directory (Azure AD). You create amethod named ReadCertificate to return the X509 certificate by name.You need to implement code that acquires a token by using the certificate.How should you complete the code segment? To answer, select the appropriate options inthe answer area.NOTE: Each correct selection is worth one point.

Question # 38

You have a single page application (SPA) web application that manages information basedon data returned by Microsoft Graph from another company's Azure Active Directory(Azure AD) instance.Users must be able to authenticate and access Microsoft Graph by using their owncompany's Azure AD instance.You need to configure the application manifest for the app registration.How should you complete the manifest? To answer, select the appropriate options in theanswer area.NOTE: Each correct selection is worth one point.

Question # 39

You are a developer for a Software as a Service (SaaS) company. You develop solutionsthat provides the ability to send notifications by using Azure Notification Hubs.You need to create a sample code that customers can use as a reference for how to sendraw notifications to Windows Push Notification Services (WNS) devices. The sample codemust not use external packages.How should you complete the code segment? To answer, drag the appropriate codesegments to the correct locations. Each code segment may be used once, more than once,or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point.

Question # 40

You are creating an app that will use CosmosDB for data storage. The app will process batches of relational data. You need to select an API for the app. Which API should you use?

A. MongoDBAPI
B. Table API
C. SQL API 
D. Cassandra API 

Question # 41

You are developing a solution that will use a multi-partitioned Azure Cosmos DB database. You plan to use the latest Azure Cosmos DB SDK for development. The solution must meet the following requirements: Send insert and update operations to an Azure Blob storage account. Process changes to all partitions immediately. Allow parallelization of change processing. You need to process the Azure Cosmos DB operations.What are two possible ways to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.  

A. Create an Azure App Service API and implement the change feed estimator of the SDK. Scale the API by using multiple Azure App Service instances. 
B. Create a background job in an Azure Kubernetes Service and implement the change feed feature of the SDK.
C. Create an Azure Function to use a trigger for Azure Cosmos DB. Configure the trigger to connect to the container. 
D. Create an Azure Function that uses a Feedlterator object that processes the change feed by using the pull model on the container. Use a FeedRange objext to parallelize the processing of the change feed across multiple functions. 

Question # 42

You develop and deploy a web application to Azure App Service. The application accesses data stored in an Azure Storage account. The account contains several containers with several blobs with large amounts of data. You deploy all Azure resources to a single region. You need to move the Azure Storage account to the new region. You must copy all data to the new region. What should you do first?

A. Export the Azure Storage account Azure Resource Manager template
B. Initiate a storage account failover 
C. Configure object replication for all blobs
D. Use the AzCopy command line tool
E. Create a new Azure Storage account in the current region
F. Create a new subscription in the current region

Question # 43

You are debugging an application that is running on an Azure Kubernetes cluster namedcluster1. The cluster uses Azure Monitor for containers to monitor the cluster.The application has sticky sessions enabled on the ingress controller.Some customers report a large number of errors in the application over the last 24 hours.You need to determine on which virtual machines (VMs) the errors are occurring.How should you complete the Azure Monitor query? To answer, select the appropriateoptions in the answer area.NOTE: Each correct selection is worth one point.

Question # 44

You deploy an Azure App Service web app. You create an app registration for the app in Azure Active Directory (Azure AD) and Twitter. the app must authenticate users and must use SSL for all communications. The app must use Twitter as the identity provider. You need to validate the Azure AD request in the app code. What should you validate?

A. HTTP response code 
B. ID token header 
C. ID token signature 
D. Tenant ID 

Question # 45

You are developing a .NET application that communicates with Azure Storage.A message must be stored when the application initializes.You need to implement the message.How should you complete the code segment? To answer, select the appropriate options inthe answer area.NOTE: Each correct selection is worth one point.

Question # 46

You develop and deploy an Azure Logic app that calls an Azure Function app. The AzureFunction app includes an OpenAPl (Swagger) definition and uses an Azure Blob storageaccount. All resources are secured by using Azure Active Directory (Azure AD).The Azure Logic app must securely access the Azure Blob storage account. Azure ADresources must remain if the Azure Logic app is deleted.You need to secure the Azure Logic app. What should you do?

A. Create an Azure AD custom role and assign role-based access controls. 
B. Create an Azure AD custom role and assign the role to the Azure Blob storage account.
C. Create an Azure Key Vault and issue a client certificate. 
D. Create a user-assigned managed identity and assign role-based access controls. 
E. Create a system-assigned managed identity and issue a client certificate. 

Question # 47

You are developing an Azure solution. You need to develop code to access a secret stored in Azure Key Vault. How should you complete the code segment? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point. 

Question # 48

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop and deploy an Azure App Service API app to a Windows-hosted deployment slot named Development. You create additional deployment slots named Testing and Production. You enable auto swap on the Production deployment slot. You need to ensure that scripts run and resources are available before a swap operation occurs. Solution: Update the app with a method named status check to run the scripts. Update the app settings for the app. Set the WEBSITE_SWAP_WARMUP_PING_PATH and WEBSITE_SWAP_WARMUP_PING_STATUSES with a path to the new method and appropriate response codes. Does the solution meet the goal?

A. Yes
B. No 

Question # 49

You develop an Azure solution that uses Cosmos DB. The current Cosmos DB container must be replicated and must use a partition key that is optimized for queries. You need to implement a change feed processor solution. Which change feed processor components should you use? To answer, drag the appropriate components to the correct requirements. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view the content. NOTE: Each correct selection is worth one point.

Question # 50

You create the following PowerShell script:  For each of the following statements, select Yes if the statement is true. Otherwise, select No,NOTE: Each correct selection is worth one point. 

Question # 51

You are preparing to deploy an application to an Azure Kubernetes Service (AKS) cluster. The application must only be available from within the VNet which includes the cluster. You need to deploy the application. How should you complete the deployment of YAML? To answer, drag the appropriate YAML segments to the correct locations. Each YAML segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. 

Question # 52

You develop Azure solutions.A .NET application needs to receive a message each time an Azure virtual machine finishes processing data. The messages must NOT persist after being processed by the receiving application.You need to implement the .NET object that will receive the messages.Which object should you use?  

A. QueueClient 
B. SubscriptionClient 
C. TopicClient 
D. CloudQueueClient 

Question # 53

You develop a containerized application. You plan to deploy the application to a new AzureContainer instance by using a third-party continuous integration and continuous delivery(CI/CD) utility.The deployment must be unattended and include all application assets. The third-partythe utility must only be able to push and pull images from the registry. The authentication mustbe managed by Azure Active Directory (Azure AD). The solution must use the principle ofleast privilege.You need to ensure that the third-party utility can access the registry.Which authentication options should you use? To answer, select the appropriate options inthe answer area.NOTE: Each correct selection is worth one point.

Question # 54

You develop a REST API. You implement a user delegation SAS token to communicatewith Azure Blobstorage.The token is compromised.You need to revoke the token.What are two possible ways to achieve this goal? Each correct answer presents acomplete solution.NOTE: Each correct selection is worth one point.

A. Revoke the delegation keys 
B. Delete the stored access policy. 
C. Regenerate the account key. 
D. Remove the role assignment for the security principle. 

Question # 55

You are preparing to deploy a medical records application to an Azure virtual machine (VM). The application will be deployed by using a VHD produced by an on-premises build server. You need to ensure that both the application and related data are encrypted during and after deployment to Azure. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Question # 56

You are developing an Azure messaging solution. You need to ensure that the solution that meets the following requirements:• Provide transactional support • Provide duplicate detection. • Store the messages for an unlimited period of timeWhich two technologies will meet the requirements? Each correct answer presents a complete solution NOTE Each correct selection is worth one point. 

A. Azure Service Bus Queue 
B. Azure Storage Queue 
C. Azure Service Bus Topic 
D Azure Event Hub 

Question # 57

You ate developing a web application that uses the Microsoft identity platform to authenticate users and resources. The web application calls several REST APIs.The APIs require an access token from the Microsoft identity platform. You need to request a token.Which three properties should you use? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.  

A. Application secret 
B. Redirect URI/URL 
C. Application name 
D. Supported account type 
E. Application ID 

Question # 58

You are developing an ASP.NET Core time sheet application that runs as an Azure Web App. Users of the application enter their time sheet information on the first day of every month.The application uses a third-party web service to validate data.The application encounters periodic server errors due to errors that result from calling a third-party web server. Each request to the third-party server has the same chance of failure.You need to configure an Azure Monitor alert to detect server errors unrelated to the thirdparty service. You must minimize false-positive alerts.How should you complete the Azure Resource Manager template? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.  

Question # 59

Note: This question is part of a series of questions that present the same scenario. Eachquestion in the series contains a unique solution that might meet the stated goals. Somequestion sets might have more than one correct solution, while others might not have acorrect solution.After you answer a question in this question, you will NOT be able to return to it. As aresult, these questions will not appear in the review screen.You are developing a website that will run as an Azure Web App. Users will authenticate byusing their Azure Active Directory (Azure AD) credentials.You plan to assign users one of the following permission levels for the website: admin,normal, and reader. A user’s Azure AD group membership must be used to determine thepermission level. You need to configure authorization.Solution:•Create a new Azure AD application’s manifest, set value of the groupMembershipClaimsoption to All.•In the website, use the value of the groups claim from the JWI for the user to determinepermissions.Does the solution meet the goal?

A. Yes
B. No

Question # 60

You need to audit the retail store sales transactions.What are two possible ways to achieve the goal? Each correct answer presents a completesolution.NOTE: Each correct selection is worth one point.

A. Update the retail store location data upload process to include blob index tags. Createan Azure Function to process the blob index tags and filter by store location
B. Enable blob versioning for the storage account. Use an Azure Function to process a listof the blob versions per day.
C. Process an Azure Storage blob inventory report by using an Azure Function. Create rulefilters on the blob inventory report,
D. Subscribe to blob storage events by using an Azure Function and Azure Event Grid.Filter the events by store location.
E. Process the change feed logs of the Azure Blob storage account by using an AzureFunction. Specify a time range for the change feed data.

Question # 61

You need to implement a solution to resolve the retail store location data issue.Which three Azure Blob features should you enable? Each correct answer presents pan olthe solution.NOTE Each correct selection is worth one point

A. Immutability
B. Snapshots
C. Versioning
D. Soft delete
E. Object replication
F. Change feed

Question # 62

You need to secure the Azure Functions to meet the security requirements.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

A. Store the RSA-HSM key in Azure Cosmos DB. Apery the built-in policies for customermanaged keys and allowed locations.
B. Create a free tier Azure App Configuration instance with a new Azure AD serviceprincipal.
C. Store the RSA-HSM key in Azure Key Vault with soft-delete and purge-protectionfeatures enabled.
D. Store the RSA-HSM key in Azure Blob storage with an Immutability policy applied to thecontainer.
E. Create a standard tier Azure App Configuration instance with an assigned Azure AD managed identity.

Question # 63

You need to access data from the user claim object in the e-commerce web app.What should you do first?

A. Write custom code to make a Microsoft Graph API call from the e-commerce web app.
B. Assign the Contributor RBAC role to the e-commerce web app by using the ResourceManager create role assignment API.
C. Update the e-commerce web app to read the HTTP request header values.
D. Using the Azure CLI, enable Cross-origin resource sharing (CORS) from the ecommerce checkout API to the e-commerce web app.

Question # 64

You need to ensure the security policies are met.What code do you add at line CS07 of ConfigureSSE.ps1?

A. –PermissionsToKeys create, encrypt, decrypt
B. –PermissionsToCertificates create, encrypt, decrypt
C. –PermissionsToCertificates wrapkey, unwrapkey, get
D. –PermissionsToKeys wrapkey, unwrapkey, get

Question # 65

You need to resolve the log capacity issue. What should you do?

A. Create an Application Insights Telemetry Filter
B. Change the minimum log level in the host.json file for the function
C. Implement Application Insights Sampling
D. Set a LogCategoryFilter during startup

Question # 66

You need to resolve the capacity issue. What should you do?

A. Convert the trigger on the Azure Function to an Azure Blob storage trigger
B. Ensure that the consumption plan is configured correctly to allow scaling
C. Move the Azure Function to a dedicated App Service Plan
D. Update the loop starting on line PC09 to process items in parallel

Question # 67

You need to ensure receipt processing occurs correctly.What should you do?

A. Use blob properties to prevent concurrency problems
B. Use blob SnapshotTime to prevent concurrency problems
C. Use blob metadata to prevent concurrency problems
D. Use blob leases to prevent concurrency problems

Question # 68

You need to deploy the CheckUserContent Azure function. The solution must meet thesecurity and cost requirements.Which hosting model should you use?

A. Consumption plan
B. Premium plan
C. App Service plan

Question # 69

You need to investigate the http server log output to resolve the issue with the ContentUploadService. Which command should you use first?

A. az webapp log
B. az ams live-output
C. az monitor activity-log
D. az container attach

Question # 70

You need to resolve a notification latency issue. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. 

A. Set Always On to true.
B. Ensure that the Azure Function is using an App Service plan.
C. Set Always On to false.
D. Ensure that the Azure Function is set to use a consumption plan.

Question # 71

You need to ensure that the solution can meet the scaling requirements for Policy Service. Which Azure Application Insights data model should you use?

A. an Application Insights dependency
B. an Application Insights event
C. an Application Insights trace
D. an Application Insights metric

Question # 72

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are developing an Azure solution to collect point-of-sale (POS) device data from 2,000 stores located throughout the world. A single device can produce 2 megabytes (MB) of data every 24 hours. Each store location has one to five devices that send data. You must store the device data in Azure Blob storage. Device data must be correlated based on a device identifier. Additional stores are expected to open in the future. You need to implement a solution to receive the device data. Solution: Provision an Azure Event Grid. Configure the machine identifier as the partition key and enable capture. Does the solution meet the goal?

A. Yes
B. No

Question # 73

Note: This question is part of a series of questions that present the same scenario. Each question in theseries contains a unique solution that might meet the stated goals. Some question sets might have morethan one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, thesequestions will not appear in the review screen.You are developing an Azure Service application that processes queue data when it receives a message from amobile application. Messages may not be sent to the service consistently.You have the following requirements:Queue size must not grow larger than 80 gigabytes (GB).Use first-in-first-out (FIFO) ordering of messages.Minimize Azure costs.You need to implement the messaging solution.Solution: Use the .Net API to add a message to an Azure Storage Queue from the mobile application. Createan Azure Function App that uses an Azure Storage Queue trigger.Does the solution meet the goal?

A. Yes
B. No

Question # 74

You have an application that includes an Azure Web app and several Azure Function apps. Application secrets including connection strings and certificates are stored in Azure Key Vault. Secrets must not be stored in the application or application runtime environment. Changes to Azure Active Directory (Azure AD) must be minimized. You need to design the approach to loading application secrets. What should you do?

A. Create a single user-assigned Managed Identity with permission to access Key Vault and configure each App Service to use that Managed Identity.
B. Create a single Azure AD Service Principal with permission to access Key Vault and use a client secret from within the App Services to access Key Vault
C. Create a system assigned Managed Identity in each App Service with permission to access Key Vault.
D. Create an Azure AD Service Principal with Permissions to access Key Vault for each App Service and use a certificate from within the App Services to access Key Vault.

Question # 75

Note: This question is part of a series of questions that present the same scenario. Each question in theseries contains a unique solution that might meet the stated goals. Some question sets might have morethan one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, thesequestions will not appear in the review screen.You are developing a website that will run as an Azure Web App. Users will authenticate by using their AzureActive Directory (Azure AD) credentials.You plan to assign users one of the following permission levels for the website: admin, normal, and reader. Auser’s Azure AD group membership must be used to determine the permission level.You need to configure authorization.Solution:Create a new Azure AD application. In the application’s manifest, define application roles that matchthe required permission levels for the application.Assign the appropriate Azure AD group to each role. In the website, use the value of the roles claimfrom the JWT for the user to determine permissions.Does the solution meet the goal?

A. Yes
B. NO

Question # 76

You are developing an Azure Function App that processes images that are uploaded to an Azure Blob container. Images must be processed as quickly as possible after they are uploaded, and the solution must minimize latency. You create code to process images when the Function App is triggered. You need to configure the Function App. What should you do?

A. Use an App Service plan. Configure the Function App to use an Azure Blob Storage input trigger.
B. Use a Consumption plan. Configure the Function App to use an Azure Blob Storage trigger.
C. Use a Consumption plan. Configure the Function App to use a Timer trigger.
D. Use an App Service plan. Configure the Function App to use an Azure Blob Storage trigger.
E. Use a Consumption plan. Configure the Function App to use an Azure Blob Storage input trigger.

Question # 77

You are developing a medical records document management website. The website is used to store scanned copies of patient intake forms. If the stored intake forms are downloaded from storage by a third party, the content of the forms must not be compromised. You need to store the intake forms according to the requirements.Solution: Create an Azure Cosmos DB database with Storage Service Encryption enabled. Store the intake forms in the Azure Cosmos DB database.Does the solution meet the goal?  

A. Yes
B. No