• Home
  • Articles
  • [2024] Pass AZ-304 Exam - Real Questions & Answers [Q169-Q193]

[2024] Pass AZ-304 Exam - Real Questions & Answers [Q169-Q193]

Share

[2024] Pass AZ-304 Exam - Real Questions and Answers

AZ-304 Exam Questions Get Updated [2024] with Correct Answers

NEW QUESTION # 169
You need to recommend a solution for data of the historical transaction query system.
What should you include in the recommendation? To answer, Select the appropriate or options in the answer area.
NOTE: Each correct selection is worth one point

Answer:

Explanation:


NEW QUESTION # 170
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.
Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network.
You need to enable single sign-on (SSO) for company users.
Solution: Install and configure an Azure AD Connect server to use password hash synchronization and select the "Enable single sign-on" option.
Does the solution meet the goal?

  • A. No
  • B. Yes

Answer: B

Explanation:
Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) automatically signs users in when they are on their corporate devices connected to your corporate network. When enabled, users don't need to type in their passwords to sign in to Azure AD, and usually, even type in their usernames. This feature provides your users easy access to your cloud-based applications without needing any additional on-premises components.
Seamless SSO can be combined with either the Password Hash Synchronization or Pass-through Authentication sign-in methods.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso


NEW QUESTION # 171
Your company identifies the following business continuity and disaster recovery objectives for virtual machines that host sales, finance, and reporting application in the company's on-premises data center.
* The finance application requires that data be retained for seven years. In the event of a disaster, the application must be able to run from Azure. The recovery in objective (RTO) is 10 minutes,
* The reporting application must be able to recover point in-time data al a daily granularity. The RTO is eight hours.
* The sales application must be able to fail over to second on-premises data center.
You need to recommend which Azure services meet the business community and disaster recovery objectives. The solution must minimize costs.
What should you recommend for each application? To answer, drag the appropriate services to the correct application. Each service may be used owe. More than once not at an You may need to drag the spin bar between panes or scroll 10 view content.

Answer:

Explanation:


NEW QUESTION # 172
You plan to deploy 10 applications to Azure. The applications will be deployed to two Azure Kubermetes Service (AKS) clusters. Each cluster win be deployed to a separate Azure region. The application deployment must meet the following requirements:
* Ensure that the applications remain available it a single AKS cluster fails.
* Ensure That the connection traffic over the internet is encrypted by using SSL without having to configure SSL on each container.
Which Azure service should you include in the recommendation?

  • A. Azure Front Door
  • B. Azure Traffic Manager
  • C. Azure Load Balancer
  • D. AKS ingress controller

Answer: B


NEW QUESTION # 173
You are reviewing the budget for Azure Storage as shown in the exhibit (Click the Exhibit tab.) All the virtual machines in the Azure subscription use Premium storage.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: correct selection is worth one point.

Answer:

Explanation:

Explanation


NEW QUESTION # 174
You have the resources shown in the following table.

CDB1 hosts a container that stores continuously updated operational data You are designing a solution that will use AS1 to analyze the operational data dairy.
You need to recommend a solution to analyze the data without affecting the performance of the operational data store.
What should you include in the recommendation?

  • A. Azure Data Factory with Azure Cosmos DB and Azure Synapse Analytics connectors
  • B. Azure Cosmos DB change feed
  • C. Azure Synapse Analytics with PolyBase data loading

Answer: C


NEW QUESTION # 175
You have a .NET web service named Service1 that has the following requirements:
* Must read and write temporary files to the local file system.
* Must write to the Application event log.
You need to recommend a solution to host Service1 in Azure. The solution must meet the following requirements:
* Minimize maintenance overhead.
* Minimize costs.
What should you include in the recommendation?

  • A. an Azure virtual machine scale set
  • B. an Azure function
  • C. an App Service Environment
  • D. an Azure web app

Answer: A


NEW QUESTION # 176
You need to design an architecture to capture the creation of users and the assignment of roles. The captured data must be stored in Azure Cosmos DB.
Which Azure services should you include in the design? To answer, drag the appropriate services to the correct targets. Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation


NEW QUESTION # 177
You are designing a software as a service (SaaS) application that will enable Azure Active Directory (Azure AD) users to create and publish surveys. The SaaS application will have a front-end web app and a back-end web API. The web app will rely on the web API to handle updates to customer surveys.
You need to design an authorization flow for the SaaS application. The solution must meet the following requirements:
To access the back-end web API, the web app must authenticate by using OAuth 2 bearer tokens.
The web app must authenticate by using the identities of individual users.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

References:
https://docs.microsoft.com/lb-lu/azure/architecture/multitenant-identity/web-api
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-dotnet-webapi


NEW QUESTION # 178
Your company has the infrastructure shown in the following table.

The on-premises Active Directory domain syncs to Azure Active Directory (Azure AD).
Server1 runs an application named Appl that uses LDAP queries to verify user identities in the on-premises Active Directory domain.
You plan to migrate Server1 to a virtual machine in Subscription1.
A company security policy states that the virtual machines and services deployed to Subscription1 must be prevented from accessing the on-premises network.
You need to recommend a solution to ensure that Appl continues to function after the migration. The solution must meet the security policy.
What should you include in the recommendation?

  • A. Azure AD Domain Services (Azure AD DS)
  • B. the Active Directory Domain Services role on a virtual machine
  • C. Azure AD Application Proxy
  • D. an Azure VPN gateway

Answer: C

Explanation:
You can join a Windows Server virtual machine to an Azure Active Directory Domain Services managed domain.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/join-windows-vm


NEW QUESTION # 179
You need to design a resource governance solution for an Azure subscription. The solution must meet the following requirements:
Ensure that all ExpressRoute resources are created in a resource group named RG1.
Delegate the creation of the ExpressRoute resources to an Azure Active Directory (Azure AD) group named Networking.
Use the principle of least privilege.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: An Azure policy assignment at the subscription level that has an exclusion Box 2: A custom RBAC role assignment at the level of RG1 Azure role-based access control (Azure RBAC) is the authorization system you use to manage access to Azure resources. To grant access, you assign roles to users, groups, service principals, or managed identities at a particular scope.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage


NEW QUESTION # 180
Your company has the offices shown in the following table.

The network contains an Active Directory domain named contoso.com that is synced to Azure Active Directory (Azure AD).
All users connect to an application hosted in Microsoft 365.
You need to recommend a solution to ensure that all the users use Azure Multi-Factor Authentication (MFA) to connect to the application from one of the offices.
What should you include in the recommendation?

  • A. a virtual network and two Microsoft Cloud App Security policies
  • B. a named location and two Microsoft Cloud App Security policies
  • C. a conditional access policy and two virtual networks
  • D. a conditional access policy and two named locations

Answer: D

Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa#named-locations


NEW QUESTION # 181
You have the Free edition of a hybrid Azure Active Directory (Azure AD) tenant. The tenant uses password hash synchronization.
You need to recommend a solution to meet the following requirements:
* Prevent Active Directory domain user accounts from being locked out as the result of brute force attacks targeting Azure AD user accounts.
* Block legacy authentication attempts to Azure AD integrated apps.
* Minimize costs.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation
Graphical user interface, text, application Description automatically generated

Box 1: Smart lockout
Smart lockout helps lock out bad actors that try to guess your users' passwords or use brute-force methods to get in. Smart lockout can recognize sign-ins that come from valid users and treat them differently than ones of attackers and other unknown sources. Attackers get locked out, while your users continue to access their accounts and be productive.
Box 2: Conditional access policies
If your environment is ready to block legacy authentication to improve your tenant's protection, you can accomplish this goal with Conditional Access.
How can you prevent apps using legacy authentication from accessing your tenant's resources? The recommendation is to just block them with a Conditional Access policy. If necessary, you allow only certain users and specific network locations to use apps that are based on legacy authentication.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smart-lockout
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication


NEW QUESTION # 182
You are designing a microservices architecture that will be hosted in an Azure Kubernetes Service (AKS) cluster. Apps that will consume the microservices will be hosted on Azure virtual machines. The virtual machines and the AKS cluster will reside on the same virtual network.
You need to design a solution to expose the microservices to the consumer apps. The solution must meet the following requirements:
* Ingress access to the microservices must be restricted to a single private IP address and protected by using mutual TLS authentication.
* The number of incoming microservice calls must be rate-limited.
* Costs must be minimized.
What should you include in the solution?

  • A. Azure Front Door with Azure Web Application Firewall (WAF)
  • B. Azure API Management Premium tier with virtual network connection
  • C. Azure App Gateway with Azure Web Application Firewall (WAF)
  • D. Azure API Management Standard tier with a service endpoint

Answer: B

Explanation:
One option is to deploy APIM (API Management) inside the cluster VNet.
The AKS cluster and the applications that consume the microservices might reside within the same VNet, hence there is no reason to expose the cluster publicly as all API traffic will remain within the VNet. For these scenarios, you can deploy API Management into the cluster VNet. API Management Premium tier supports VNet deployment.
Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-kubernetes


NEW QUESTION # 183
You have an Azure Storage account that contains the data shown in the following exhibit.

You need to identify which files can be accessed immediately from the storage account.
Which files should you identify?

  • A. File1.bin only
  • B. File1.bin and File2.bin only
  • C. File2.bin only
  • D. File3.bin only
  • E. File1.bin, File2.bin, and File3.bin

Answer: B

Explanation:
Hot - Optimized for storing data that is accessed frequently.
Cool - Optimized for storing data that is infrequently accessed and stored for at least 30 days.
Archive - Optimized for storing data that is rarely accessed and stored for at least 180 days with flexible latency requirements (on the order of hours).
Note: Lease state of the blob. Possible values: available|leased|expired|breaking|broken Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers


NEW QUESTION # 184
Your company wants to use an Azure Active Directory (Azure AD) hybrid identity solution.
You need to ensure that users can authenticate if the internet connection to the on-premises Active Directory is unavailable. The solution must minimize authentication prompts for the users.
What should you include in the solution?

  • A. password hash synchronization and Azure AD Seamless Single Sign-On (Azure AD Seamless SSO)
  • B. pass-through authentication and Azure AD Seamless Single Sign-On (Azure AD Seamless SSO)
  • C. an Active Directory Federation Services (AD FS) server

Answer: A

Explanation:
With Password hash synchronization + Seamless SSO the authentication is in the cloud.
Incorrect Answers:
Pass-through Authentication and federation rely on on-premises infrastructure.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn


NEW QUESTION # 185
Your organization has developed and deployed several Azure App Service Web and API applications. The applications use Azure Key Vault to store several authentication, storage account, and data encryption keys. Several departments have the following requests to support the applications:

You need to recommend the appropriate Azure service for each department request.
What should you recommend? To answer, configure the appropriate options in the dialog box in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview


NEW QUESTION # 186
You have the application architecture shown in the following exhibit.

Use the drop-down menus to select choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring


NEW QUESTION # 187
You need to recommend a strategy for migrating the database content of WebApp1 to Azure. What should you include in the recommendation?

  • A. Copy the VHD that contains the Azure SQL database files to Azure Blob storage
  • B. Use Azure Site Recovery to replicate the SQL servers to Azure.
  • C. Copy the BACPAC file that contains the Azure SQL database file to Azure Blob storage.
  • D. Use SQL Server transactional replication.

Answer: A

Explanation:
Before you upload a Windows virtual machine (VM) from on-premises to Azure, you must prepare the virtual hard disk (VHD or VHDX).
Scenario: WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhd-image
Topic 2, Contoso, Ltd Case Study B
Overview
Contoso,Ltd is a US-base finance service company that has a main office New York and an office in San Francisco.
Payment Processing Query System
Contoso hosts a business critical payment processing system in its New York data center. The system has three tiers a front-end web app a middle -tier API and a back end data store implemented as a Microsoft SQL Server 2014 database All servers run Windows Server 2012 R2.
The front -end and middle net components are hosted by using Microsoft Internet Inform-non Services (IK) The application rode is written in C# and middle- tier API uses the Entity framework to communicate the SQL Server database. Maintenance of the database e performed by using SQL Server Ago- The database is currently J IB and is not expected to grow beyond 3 TB.
The payment processing system has the following compliance related requirement
* Encrypt data in transit and at test. Only the front-end and middle-tier components must be able to access the encryption keys that protect the date store.
* Keep backups of the two separate physical locations that are at last 200 miles apart and can be restored for op to seven years.
* Support blocking inbound and outbound traffic based on the source IP address, the description IP address, and the port number
* Collect Windows security logs from all the middle-tier servers and retain the log for a period of seven years,
* Inspect inbound and outbound traffic from the from-end tier by using highly available network appliances.
* Only allow all access to all the tiers from the internal network of Contoso.
Tape backups ate configured by using an on-premises deployment or Microsoft System Center Data protection Manager (DPMX and then shaped ofsite for long term storage Historical Transaction Query System Contoso recently migrate a business-Critical workload to Azure. The workload contains a NET web server for querying the historical transaction data residing in azure Table Storage. The NET service is accessible from a client app that was developed in-house and on the client computer in the New Your office. The data in the storage is 50 GB and is not except to increase.
Information Security Requirement
The IT security team wants to ensure that identity management n performed by using Active Directory. Password hashes must be stored on premises only.
Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger multi-factor authentication prompt automatically Legitimate users must be able to authenticate successfully by using multi-factor authentication.
Planned Changes
Contoso plans to implement the following changes:
* Migrate the payment processing system to Azure.
* Migrate the historical transaction data to Azure Cosmos DB to address the performance issues.
Migration Requirements
Contoso identifies the following general migration requirements:
Infrastructure services must remain available if a region or a data center fails. Failover must occur without any administrative intervention
* Whenever possible. Azure managed serves must be used to management overhead
* Whenever possible, costs must be minimized.
Contoso identifies the following requirements for the payment processing system:
* If a data center fails, ensure that the payment processing system remains available without any administrative intervention. The middle-tier and the web front end must continue to operate without any additional configurations-
* If that the number of compute nodes of the from -end and the middle tiers of the payment processing system can increase or decrease automatically based on CPU utilization.
* Ensure that each tier of the payment processing system is subject to a Service level Agreement (SLA) of 9959 percent availability
* Minimize the effort required to modify the middle tier API and the back-end tier of the payment processing system.
* Generate alerts when unauthorized login attempts occur on the middle-tier virtual machines.
* Insure that the payment processing system preserves its current compliance status.
* Host the middle tier of the payment processing system on a virtual machine.
Contoso identifies the following requirements for the historical transaction query system:
* Minimize the use of on-premises infrastructure service.
* Minimize the effort required to modify the .NET web service querying Azure Cosmos DB.
* If a region fails, ensure that the historical transaction query system remains available without any administrative intervention.
Current Issue
The Contoso IT team discovers poor performance of the historical transaction query as the queries frequently cause table scans.
Information Security Requirements
The IT security team wants to ensure that identity management is performed by using Active Directory. Password hashes must be stored on-premises only.
Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger a multi-factor authentication prompt automatically. legitimate users must be able to authenticate successfully by using multi-factor authentication.


NEW QUESTION # 188
You have an Azure Active Directory (Azure AD) tenant.
You plan to provide users with access to shared files by using Azure Storage. The users will be provided with different levels of access to various Azure file shares based on their user account or their group membership.
You need to recommend which additional Azure services must be used to support the planned deployment.
What should you include in the recommendation?

  • A. an Azure Front Door instance
  • B. Azure Information Protection
  • C. an Azure AD Domain Services (Azure AD DS) instance
  • D. an Azure AD enterprise application

Answer: C

Explanation:
Azure File supports identity-based authentication over Server Message Block (SMB) throug two types of Domain Services: on-premises Active Directory Domain Services (AD DS) and Azure Active Directory Domain Services (Azure AD DS).
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable


NEW QUESTION # 189
You are designing a microservices architecture that will use Azure Kubernetes Service (AKS) to host pods that run containers. Each pod deployment will host a separate API Each API will be implemented as a separate service- You need to recommend a solution to make the APIs available to external users from Azure API Management.
The solution must meet the following requirements:
* Control access to the APIs by using mutual US authentication between API Management and the AKS-based APIs.
* Provide access to the APIs by using a single IP address.
What should you recommend to provide access to the APIs?

  • A. the Ingress Controller in AKS
  • B. the LoadBelancer service in AKS
  • C. custom network security groups (NSGs)

Answer: C


NEW QUESTION # 190
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing an Azure solution for a company that has four departments. Each department will deploy several Azure app services and Azure SQL databases.
You need to recommend a solution to report the costs for each department to deploy the app services and the databases. The solution must provide a consolidated view for cost reporting that displays cost broken down by department.
Solution: Create a new subscription for each department.
Does the solution meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
Instead, create a resources group for each resource type. Assign tags to each resource Note: Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to organize resources for billing or management.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags


NEW QUESTION # 191
You need to recommend an Azure Storage Account configuration for two applications named Application1 and Applications. The configuration must meet the following requirements:
* Storage for Application1 must provide the highest possible transaction rates and the lowest possible latency.
* Storage for Application2 must provide the lowest possible storage costs per GB.
* Storage for both applications must be optimized for uploads and downloads.
* Storage for both applications must be available in an event of datacenter failure.
What should you recommend ? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point

Answer:

Explanation:

Explanation

Box 1: BloblBlobStorage with Premium performance and Zone-redundant storage (ZRS) replication.
BlockBlobStorage accounts: Storage accounts with premium performance characteristics for block blobs and append blobs. Recommended for scenarios with high transactions rates, or scenarios that use smaller objects or require consistently low storage latency.
Premium: optimized for high transaction rates and single-digit consistent storage latency.
Box 2: General purpose v2 with Standard performance..
General-purpose v2 accounts: Basic storage account type for blobs, files, queues, and tables. Recommended for most scenarios using Azure Storage.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy


NEW QUESTION # 192
You have an Azure Active Directory (Azure AD) tenant named Contoso.com. The tenant contains a group named Group1. Group1 contains all the administrator user accounts.
You discover several login attempts to the Azure portal from countries administrator users do NOT work.
You need to ensure that all login attempts to the portal from those countries require Azure Multi-Factor Authentication (MFA).
Solution: Implement Azure AD identity Protection for Group1.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: B

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-conditions#sign-in-risk


NEW QUESTION # 193
......

Practice AZ-304 Questions With Certification guide Q&A from Training Expert ActualCollection: https://www.actualcollection.com/AZ-304-exam-questions.html

Related Articles

more
Microsoft AZ-304 Certification Practice Exam

Copyright © 2026 ActualCollection NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy