Practice Free AZ-204 Exam Online Questions
You are implementing an Azure API app that uses built-in authentication and authorization functionality.
All app actions must be associated with information about the current user.
You need to retrieve the information about the current user.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . HTTP headers
- B . environment variables
- C . /.auth/me HTTP endpoint
- D . /.auth/login endpoint
A,C
Explanation:
A: After App Service Authentication has been configured, users trying to access your API are prompted to sign in with their organizational account that belongs to the same Azure AD as the Azure AD application used to secure the API. After signing in, you are able to access the information about the current user through the HttpContext.Current.User property.
C: While the server code has access to request headers, client code can access GET /.auth/me to get the same access tokens (
Reference:
https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-auth-aad
https://docs.microsoft.com/en-us/sharepoint/dev/spfx/web-parts/guidance/connect-to-api-secured-with-aad
You are implementing an Azure API app that uses built-in authentication and authorization functionality.
All app actions must be associated with information about the current user.
You need to retrieve the information about the current user.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . HTTP headers
- B . environment variables
- C . /.auth/me HTTP endpoint
- D . /.auth/login endpoint
A,C
Explanation:
A: After App Service Authentication has been configured, users trying to access your API are prompted to sign in with their organizational account that belongs to the same Azure AD as the Azure AD application used to secure the API. After signing in, you are able to access the information about the current user through the HttpContext.Current.User property.
C: While the server code has access to request headers, client code can access GET /.auth/me to get the same access tokens (
Reference:
https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-auth-aad
https://docs.microsoft.com/en-us/sharepoint/dev/spfx/web-parts/guidance/connect-to-api-secured-with-aad
You develop a Python application for image rendering that uses GPU resources to optimize rendering processes. You deploy the application to an Azure
Container Instances (ACI) Linux container.
The application requires a secret value to be passed when the container is started. The value must only be accessed from within the container.
You need to pass the secret value.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . Create an environment variable Set the secureValue property to the secret value.
- B . Add the secret value to the container image. Use a managed identity.
- C . Add the secret value to the application code Set the container startup command.
- D . Add the secret value to an Azure Blob storage account. Generate a SAS token.
- E . Mount a secret volume containing the secret value in a secrets file.
A,E
Explanation:
Objects with secure values are intended to hold sensitive information like passwords or keys for your application. Using secure values for environment variables is both safer and more flexible than including it in your container’s image. Another option is to use secret volumes, described in Mount a secret volume in Azure Container Instances….. https://docs.microsoft.com/en-us/azure/container-instances/container-instances-environment-variables
You develop and deploy an Azure App Service web app named App1. You create a new Azure Key Vault named Vault 1. You import several API keys, passwords, certificates, and cryptographic keys into Vault1.
You need to grant App1 access to Vault1 and automatically rotate credentials Credentials must not be stored in code.
What should you do?
- A . Enable App Service authentication for Appt. Assign a custom RBAC role to Vault1.
- B . Add a TLS/SSL binding to App1.
- C . Assign a managed identity to App1.
- D . Upload a self-signed client certificate to Vault1. Update App1 to use the client certificate.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen.
You are implementing an application by using Azure Event Grid to push near-real-time in-formation to customers.
You have the following requirements:
• You must send events to thousands of customers that include hundreds of various event types.
• The events must be filtered by event type before processing.
• Authentication and authorization must be handled by using Microsoft Entra ID.
• The events must be published to a single endpoint.
You need to implement Azure Event Grid.
Solution; Publish events to an event domain. Create a custom topic for each customer.
Does the solution meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this question, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are developing a solution that will be deployed to an Azure Kubernetes Service (AKS) cluster. The solution will include a custom VNet, Azure Container Registry images, and an Azure Storage account.
The solution must allow dynamic creation and management of all Azure resources within the AKS cluster.
You need to configure an AKS cluster for use with the Azure APIs.
Solution: Enable the Azure Policy Add-on for Kubernetes to connect the Azure Policy service to the GateKeeper admission controller for the AKS cluster. Apply a built-in policy to the cluster.
Does the solution meet the goal?
- A . Yes
- B . No
B
Explanation:
Instead create an AKS cluster that supports network policy. Create and apply a network to allow traffic only from within a defined namespace
Reference: https://docs.microsoft.com/en-us/azure/aks/use-network-policies
You have an Azure subscription named Sub1 that contains a resource group named RG1 and a Service Bus queue named SB1.
You plan to implement an Azure Event Grid push event subscription that will deliver an event to SB1 whenever a resource is created, modified, or deleted in RG1. You must minimize the development and configuration efforts.
You need to create an Event Grid topic for your planned implementation.
Which type of event topic should you create?
- A . event domain
- B . custom
- C . system
- D . namespace
You have an Azure subscription named Sub1 that contains a resource group named RG1 and a Service Bus queue named SB1.
You plan to implement an Azure Event Grid push event subscription that will deliver an event to SB1 whenever a resource is created, modified, or deleted in RG1. You must minimize the development and configuration efforts.
You need to create an Event Grid topic for your planned implementation.
Which type of event topic should you create?
- A . event domain
- B . custom
- C . system
- D . namespace
HOTSPOT
You develop a Python application for image rendering. The application uses GPU resources to optimize rendering processes.
You have the following requirements:
• The application must be deployed to a Linux container.
• The container must be stopped when the image rendering is complete.
HOTSPOT
A software as a service (SaaS) company provides document management services. The company has a service that consists of several Azure web apps. All Azure web apps run in an Azure App Service Plan named Primary ASP.
You are developing a new web service by using a web app named ExcelParser. The web app contains
a third-party library for processing Microsoft Excel files. The license for the third-party library stipulates that you can only run a single instance of the library.
You need to configure the service.
How should you complete the script? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/app-service/manage-scale-per-app