Practice Free AZ-204 Exam Online Questions
HOTSPOT
You need to configure the integration for Azure Service Bus and Azure Event Grid.
How should you complete the CLI statement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: eventgrid
To create event subscription use: az eventgrid event-subscription create
Box 2: event-subscription
Box 3: servicebusqueue
Scenario: Azure Service Bus and Azure Event Grid
Azure Event Grid must use Azure Service Bus for queue-based load leveling.
Events in Azure Event Grid must be routed directly to Service Bus queues for use in buffering.
Events from Azure Service Bus and other Azure services must continue to be routed to Azure Event Grid for processing.
Reference: https://docs.microsoft.com/en-us/cli/azure/eventgrid/event-subscription?view=azure-cli-latest#az_eventgrid_event_subscription_create
DRAG DROP
You are developing an Azure solution.
You need to develop code to access a secret stored in Azure Key Vault.
How should you complete the code segment? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: SecretClient
Box 2: DefaultAzureCredential
In below example, the name of your key vault is expanded to the key vault URI, in the format "https://<your-key-vault-name>.vault.azure.net". This example is using ‘DefaultAzureCredential()’ class from Azure Identity Library, which allows to use the same code across different environments with different options to provide identity.
string keyVaultName = Environment.GetEnvironmentVariable("KEY_VAULT_NAME"); var kvUri = "https://" + keyVaultName + ".vault.azure.net";
var client = new SecretClient(new Uri(kvUri), new DefaultAzureCredential());
Reference: https://docs.microsoft.com/en-us/azure/key-vault/secrets/quick-create-net
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are developing an Azure solution to collect point-of-sale (POS) device data from 2,000 stores located throughout the world. A single device can produce 2 megabytes (MB) of data every 24 hours. Each store location has one to five devices that send data.
You must store the device data in Azure Blob storage. Device data must be correlated based on a device identifier. Additional stores are expected to open in the future.
You need to implement a solution to receive the device data.
Solution: Provision an Azure Event Grid. Configure the machine identifier as the partition key and enable capture.
Does the solution meet the goal?
- A . Yes
- B . No
A
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/event-grid/compare-messaging-services
You develop a REST API. You implement a user delegation SAS token to communicate with Azure Blob storage.
The token is compromised.
You need to revoke the token.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . Revoke the delegation keys
- B . Delete the stored access policy.
- C . Regenerate the account key.
- D . Remove the role assignment for the security principle.
A,B
Explanation:
A: Revoke a user delegation SAS
To revoke a user delegation SAS from the Azure CLI, call the az storage account revoke-delegation-keys command. This command revokes all of the user delegation keys associated with the specified storage account. Any shared access signatures associated with those keys are invalidated.
B: To revoke a stored access policy, you can either delete it, or rename it by changing the signed identifier.
Changing the signed identifier breaks the associations between any existing signatures and the stored access policy. Deleting or renaming the stored access policy immediately effects all of the shared access signatures associated with it.
Reference: https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/storage/blobs/storage-blob-user-delegationsas-create-cli.md
https://docs.microsoft.com/en-us/rest/api/storageservices/define-stored-access-policy#modifying-or-revoking-astored-access-policy
You are creating an Azure key vault using PowerShell. Objects deleted from the key vault must be kept for a set period of 90 days.
Which two of the following parameters must be used in conjunction to meet the requirement? (Choose two.)
- A . EnabledForDeployment
- B . EnablePurgeProtection
- C . EnabledForTemplateDeployment
- D . EnableSoftDelete
You are developing a web application that uses the Microsoft identity platform for user and resource authentication. The web application calls several REST APIs.
A REST API call must read the user’s calendar. The web application requires permission to send an email as the user.
You need to authorize the web application and the API.
Which parameter should you use?
- A . code_challenge
- B . tenant
- C . scope
- D . clientjd
- E . state
You are developing a web application that uses the Microsoft identity platform for user and resource authentication. The web application calls several REST APIs.
A REST API call must read the user’s calendar. The web application requires permission to send an email as the user.
You need to authorize the web application and the API.
Which parameter should you use?
- A . code_challenge
- B . tenant
- C . scope
- D . clientjd
- E . state
You are developing a web application that uses the Microsoft identity platform for user and resource authentication. The web application calls several REST APIs.
A REST API call must read the user’s calendar. The web application requires permission to send an email as the user.
You need to authorize the web application and the API.
Which parameter should you use?
- A . code_challenge
- B . tenant
- C . scope
- D . clientjd
- E . state
You are developing applications for a company. You plan to host the applications on Azure App Services.
The company has the following requirements:
✑ Every five minutes verify that the websites are responsive.
✑ Verify that the websites respond within a specified time threshold.
Dependent requests such as images and JavaScript files must load properly.
✑ Generate alerts if a website is experiencing issues.
✑ If a website fails to load, the system must attempt to reload the site three more times.
You need to implement this process with the least amount of effort.
What should you do?
- A . Create a Selenium web test and configure it to run from your workstation as a scheduled task.
- B . Set up a URL ping test to query the home page.
- C . Create an Azure function to query the home page.
- D . Create a multi-step web test to query the home page.
- E . Create a Custom Track Availability Test to query the home page.
D
Explanation:
You can monitor a recorded sequence of URLs and interactions with a website via multi-step web tests.
Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/app/availability-multistep
DRAG DROP
You need to correct the corporate website error.
Which four actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
Scenario: Corporate website
While testing the site, the following error message displays:
CryptographicException: The system cannot find the file specified.
Step 1: Generate a certificate
Step 2: Upload the certificate to Azure Key Vault
Scenario: All SSL certificates and credentials must be stored in Azure Key Vault.
Step 3: Import the certificate to Azure App Service
Step 4: Update line SCO5 of Security.cs to include error handling and then redeploy the code
Reference: https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate