Review Mode Set 1 – AZ-204 Developing Solutions for Microsoft Azure

You are a cloud engineer for a company implementing Azure Key Vault to store and manage cryptographic keys, secrets, and certificates securely.

You have been assigned to configure Azure Key Vault using PowerShell to meet security and compliance requirements.

You need to ensure that once a key or secret is deleted, it cannot be permanently removed immediately, and it must be retained for a mandatory period of 90 days before permanent deletion is allowed.

Which configurations must be enabled to meet this requirement? (Select TWO).

You are building an Azure App Service web application that connects to an Azure SQL Database.

To improve performance and scalability, you will use Azure Cache for Redis to store session data, cache frequently used information, and enable real-time messaging between application components.

Your organization also considers Azure Cosmos DB with multi-region writes to improve database availability. However, your task is to optimize caching and messaging with Azure Cache for Redis Enterprise instance.

Which features best meet the requirement?

Instructions: To answer, drag the appropriate item from the column on the left to its description on the right. Each correct match is worth one point.

You are a database administrator managing an Azure SQL Database for your organization.

You need to ensure that users can connect to the database using Microsoft Entra authentication through Microsoft SQL Server Management Studio (SSMS).

You also need to allow authentication using on-premises Active Directory credentials while ensuring minimal authentication prompts.

You want to implement a method that allows users to log in without manually entering credentials each time they connect.

Which authentication method should be used to meet this requirement?

Your company is developing an ASP.NET Core Web API web service to power an e-commerce platform. The service integrates with Azure Application Insights to collect telemetry and track dependencies.

The web service processes customer orders, stores data in the Microsoft SQL Server, and communicates with a third-party payment gateway API to handle transactions. To ensure complete monitoring, you must configure dependency telemetry tracking for interactions with the external payment gateway.

Which telemetry properties should you use to track payment gateway interactions to correlate them with the overall transaction operation and ensure end-to-end tracing? (Choose TWO.)
NOTE: Each correct selection is worth one point.

You manage several web applications running in Azure and rely on Azure Monitor to track telemetry and configuration changes.

Recently, unexpected configuration modifications were applied to applications hosted in an App Service Environment (ASE). You need to identify which configuration changes were made to the App Service Environment to ensure compliance and troubleshoot potential issues related to these changes.

Which Azure Monitor log should you review to track these configuration changes?

You are building a Java-based solution that leverages Cassandra for key-value data storage. The application is designed to utilize a new Azure Cosmos DB resource with the Cassandra API.

To facilitate the provisioning of Azure Cosmos DB accounts, databases, and containers, you have established a Microsoft Entra Group named Cosmos DB Creators. Additionally, you are considering implementing a caching mechanism to enhance read performance.​

This group must not have access to the keys required for data access.

Which role-based access control should be assigned to the Microsoft Entra Group to meet these requirements?

You transfer sensitive files from on-premises file servers to Azure Blob Storage and secure encryption keys with Azure Key Vault.

You also use Azure Storage Account for managing secure access and need to ensure that deleted keys can be recovered for up to 90 days to prevent accidental loss.

You plan to integrate Azure Key Vault APIs into automation scripts for key management.

Which solution ensures that deleted keys can be recovered for up to 90 days?

You need to modify an existing Azure Logic App by updating its workflow definitions without creating a new instance.

You must edit the underlying structure directly while preserving the current deployment.

Which method should be used to modify the workflow definitions of the existing Azure Logic App?

Note: This item is part of a series of questions with the same scenario but a different proposed answer. Each in the series has a unique solution that may or may not comply with the requirements specified in the scenario.

You manage an e-commerce website that serves customers across multiple geographic locations.

You need to ensure that your website remains highly available and provides a low-latency experience for users, even during peak traffic periods.

You are looking for a solution that can efficiently distribute static assets such as images, CSS, and JavaScript files to reduce server load and improve response times.

Solution: You implement Azure Cache for Redis to store frequently accessed static assets and serve them directly from memory.

Does the solution meet the goal?

Note: This item is part of a series of questions with the same scenario but a different proposed answer. Each in the series has a unique solution that may or may not comply with the requirements specified in the scenario.

You manage an e-commerce website that serves customers across multiple geographic locations.

You need to ensure that your website remains highly available and provides a low-latency experience for users, even during peak traffic periods.

You are looking for a solution that can efficiently distribute static assets such as images, CSS, and JavaScript files to reduce server load and improve response times.

Solution: You integrate the Azure Front Door into your architecture.

Does the solution meet the goal?

Note: This item is part of a series of questions with the same scenario but a different proposed answer. Each in the series has a unique solution that may or may not comply with the requirements specified in the scenario.

You manage an e-commerce website that serves customers across multiple geographic locations.

You need to ensure that your website remains highly available and provides a low-latency experience for users, even during peak traffic periods.

You are looking for a solution that can efficiently distribute static assets such as images, CSS, and JavaScript files to reduce server load and improve response times.

Solution: You configure an Azure Traffic Manager to route user requests to multiple Azure regions based on geographic proximity.

Does the solution meet the goal?

Your team is developing an Azure App Service REST API that will be used by an Azure App Service web app to manage employee profiles. The API must authenticate users and retrieve their profile information from Microsoft Entra ID. Additionally, the API should allow authorized users to update their profile details securely.

Which tool will effectively achieve and implement the functionality? (Select TWO.)
NOTE: Each correct selection earns one point.

You are developing a web application for an enterprise client that integrates with the Microsoft identity platform for user authentication. The application must securely implement user identification to track users across multiple services within the same Microsoft Entra ID tenant.

To ensure consistency, the application must use a unique and immutable identifier for each user.

Which claim type is required for this scenario?

You are an IT administrator for an e-commerce company that is migrating its order processing system to an Azure virtual machine (VM).

You have to consider the following requirements:

– Ensure fast disk performance with low latency to handle thousands of customer transactions per second.

– Select a disk type that provides high IOPS and throughput to keep up with the high volume of database read/write operations.

You also need a redundancy option that ensures data availability even if an entire Azure data center in the region fails, preventing downtime during peak sales events.

Which Azure Managed Disk type and redundancy option should be used to meet these requirements?

Select the correct answer from the drop-down list of options. Each correct selection is worth one point.

You are developing a customer-facing web application hosted on Azure App Service. The application enables users to authenticate through social identity providers via Azure B2C, where all user profile information is stored securely.

A new compliance requirement mandates that users’ profile details be displayed within the web app, including:

– Full Name
– Email Address
– Phone Number
– Address

Your security team raises concerns that direct API calls to Azure B2C might expose sensitive user data to third-party services.

To meet the new requirement, you must retrieve and display the user properties from Azure B2C using the most appropriate code library and API.

Which code library and API should be used to retrieve user properties and integrate them into the web app?

Select the correct answer from the drop-down list of options. Each correct selection is worth one point.

You are responsible for developing and deploying an Azure App Service web application named Td-Portal. To securely manage sensitive information, you set up an Azure Key Vault named Td-secrets. You store multiple API keys, passwords, certificates, and cryptographic keys inside Td-Secrets.

Your organization follows strict security policies that require automated credential rotation and prohibit storing credentials within application code. Additionally, there is a future plan to integrate Azure API Management for handling external API authentication.

You need to configure Td-Portal to access Td-Secrets while securely ensuring security policy compliance.

Which solution would satisfy the requirement?

You are updating one of your APIs hosted in Azure API Management (APIM).

The API has been running smoothly in production, but you need to apply minor, non-breaking changes to the API definitions and policies.

You need to consider the following requirements:

– Make modifications to your API definitions and policies without disrupting the production environment.

– Verify the changes thoroughly before deploying them.

– Keep a record of the updates to help developers understand the new features or adjustments.

– Revert to the previous version if any issues occur during implementation.

Which solution will meet this requirement?

You are designing an internal knowledge-sharing platform for a company. The platform must generate reports that identify employees who are subject matter experts on various topics.

To comply with organizational policies, administrators must have full control and consent over data access and processing. Additionally, the solution should support scalable data extraction for analytics and reporting.

The company is also considering integrating Microsoft Purview for data governance, but it must ensure compliance with internal security policies.

Which technology should you implement?

Your organization is implementing Azure Storage services and needs to provide secure, time-limited access to storage resources. To meet this requirement, you plan to configure a Shared Access Signature (SAS).

Additionally, the security team suggests considering Azure Key Vault for managing access credentials across cloud services. However, you need to determine the correct SAS types for different access scenarios.

Which type of Shared Access Signature (SAS) should be used for each scenario?

Instructions: To answer, drag the appropriate item from the column on the left to its description on the right. Each correct match is worth one point.

You have deployed an Azure App Service web application and configured an app registration in Microsoft Entra ID and GitHub. The application must authenticate users while enforcing SSL for secure communication. Additionally, GitHub is set as the identity provider for user authentication.

To ensure secure authentication, the application needs to validate the Microsoft Entra ID request within the application code.

Which component of the ID token should be validated to confirm its authenticity?

You manage a financial services company that stores sensitive customer documents in Azure Blob Storage.

You need to audit all changes made to blobs and their metadata, including create, update, and delete operations.

You must ensure that these events are recorded sequentially and retained for long-term compliance tracking.

You require an asynchronous processing mechanism for transaction logs to avoid performance bottlenecks due to high transaction volume.

Which solution meets this requirement?

You manage a Linux container-based solution that is responsible for processing file uploads from global customer locations. The solution communicates with a back-end system hosted on Azure virtual machines, which manages the uploaded images through the Azure Blobs API.

To improve performance, Azure Content Delivery Network (CDN) is deployed. However, the application requires a way to access image files directly from blob storage.

Specific customer sites rely on phone-based internet connections, which may impact data transfer performance.

The console application must be configured to access image files from Azure Blob Storage efficiently.

Which solution should be implemented?

You are a cloud security engineer at a SaaS company providing document encryption services to businesses. The company relies on Azure Key Vault to store the cryptographic keys for encrypting customer documents.

To meet ISO 27001 security compliance, your organization must:

– Enforce specific cryptographic algorithms for keys stored in Key Vault.
– Ensure that keys are rotated regularly.
– Prevent the use of legacy encryption algorithms.

Which solution should you implement?

You are a cloud administrator managing 50 Azure virtual machines (VMs) running in a production environment. These VMs have system-assigned managed identities that enable them to securely authenticate and interact with Azure services such as Azure Key Vault and Azure Storage.

Your team is implementing a role-based access control (RBAC) strategy, and the security team requires the object ID attribute of each system-assigned managed identity to configure access policies in Azure Key Vault.

Which command should you use to retrieve this information?

You are an API developer for a financial technology company that provides real-time transaction processing via an Azure API Management (APIM) Standard tier instance named Agila. This APIM instance is configured with a managed gateway to securely expose APIs to external clients.

One of the APIs, TransactionAPI, interacts with a backend database that can only handle a limited volume of requests per minute due to licensing constraints. To prevent performance degradation, you need to enforce a policy that limits the number of API calls from an individual IP address to ensure fair usage while protecting the backend system from overload.

Which APIM policy should you apply to TransactionAPI to meet this requirement?

You’re developing a .NET Core MVC web application that helps users find vacation rentals across various locations. It utilizes Azure Search for searching properties by criteria like price and amenities. You want to enhance this functionality by allowing users to search for specific keywords or phrases in property descriptions, such as “pet-friendly” or “ocean view,” using regular expressions to refine results. Additionally, you want to incorporate Azure Cognitive Services to perform sentiment analysis on the property descriptions and improve search relevance based on user sentiment.

Which configuration change should you implement to allow the application to search the index using regular expressions?

You manage a fleet of 250 Azure Virtual Machines (VMs), each VM enabled system-assigned managed identity. The security team has requested the object ID attribute for each identity to configure role-based access control (RBAC).

During a discussion, a colleague mentions that since managed identities function similarly to service principals in Microsoft Entra ID, the object ID should be retrievable using Microsoft Entra ID commands.

Which command should you execute to obtain this information?

You are building an application that integrates with Microsoft Entra ID and interacts with Microsoft Graph.

Additionally, you plan to store Microsoft Graph authentication credentials using Azure Key Vault securely.

The application performs GET operations and must accommodate unknown members that may be introduced in the future within the Microsoft Graph API.

Which HTTP request header should be used to enable support for evolvable enumerations in Microsoft Graph?

You work for a software-as-a-service (SaaS) company with an Azure function that is responsible for processing documents from an Azure storage queue.

Currently, you are migrating this Azure Function to Kubernetes, using Kubernetes-based Event Driven Autoscaling (KEDA) to scale based on the queue size. You plan to implement Azure Managed Identity to securely authenticate the Azure Function with the Azure Storage queue without relying on connection strings or API keys.

To achieve this, you must configure Kubernetes Custom Resource Definitions (CRDs) for the Azure Function and ensure secure authentication.

What Kubernetes CRDs should you configure?

Instructions: To answer, drag the appropriate item from the column on the left to its description on the right. Each correct match is worth one point.

You are developing a cloud-based .NET application that processes real-time customer orders. The application needs to receive notifications every time an Azure virtual machine finishes processing an order. The messages, which include the order status, must be handled and processed by the application but should not persist once processed. Additionally, you want to integrate Azure Logic Apps to automate workflows triggered by these messages, such as sending an email notification after an order is processed.

Which .NET object should you use to receive these messages?

You are part of a development team working in an Azure-based environment.

You need to set up customized virtual machines (VMs) with specific software development kits (SDKs) and third-party components installed.

You need to ensure that these VMs are provisioned quickly with a consistent setup, including tools like Visual Studio and the required SDKs for development.

Once you have customized the VM with the necessary software, your goal is to save the VM for future use, allowing new team members to provision a VM with the same configuration quickly.

Which should be used for each of the following tasks?

Select the correct answer from the drop-down list of options. Each correct selection is worth one point.

You must develop an Azure Function App that automatically processes files uploaded to an Azure Blob Storage container.

You require the function to react to the event of a file being uploaded with minimal latency.

You want to ensure that the file is processed as soon as it is available.

You need the solution to be designed for efficient event handling and fast execution, minimizing the delay between file upload and processing.

Which solution will meet this requirement?

You are building a new web-based solution.

To enable secure access for your solution, it must be registered within an active Microsoft Entra ID tenant. Additionally, your solution will store files in Azure Blob Storage.

What are the three steps required to complete the registration process?

Instructions: To answer, drag the appropriate item from the column on the left to its description on the right. Each correct match is worth one point.

You are building a website using ASP.NET Core, an open-source web framework for .NET Core that leverages Azure FrontDoor and Azure CDN for enhanced content delivery.

The application generates and delivers custom environmental datasets in CSV format for climate scientists to download. These datasets are updated every 12 hours to maintain data accuracy and relevance.

Individual files require purging from the Azure Front Door cache based on matching values in the response header values.

Which cache purge method should be used to purge individual files from the FrontDoor cache?

You are building an application that generates real-time events for various processes within your system.

You are using Azure Event Grid to manage the event flow. However, as business requirements evolve, you need to dynamically filter events based on changing conditions, ensuring that only relevant events are processed in real-time and routed to the correct destinations in real-time. To meet your dynamic filtering needs, the events must be accurately filtered based on attributes like event type, source, or custom conditions.

Which solution will meet this requirement?

You are managing a B2B web application that is using Microsoft Entra ID for user authentication.

You initially invited external users via Azure B2B collaboration, allowing them to authenticate using one-time passcodes sent to their email addresses. Now, you are transitioning to federation-based authentication, where users will authenticate through an external identity provider, such as another Microsoft Entra ID instance or a third-party service.

You must ensure that users initially authenticated using one-time passcodes can now authenticate using federation. During this transition, you must retain the data associated with their trial accounts.

Which Graph API parameter should you use to manage the transition from one-time passcodes to federation for the affected users?

You are working in a company with an Azure-based application that uses Azure Cosmos DB. The Cosmos DB container needs replication to improve query performance, and the appropriate partition key should be selected to facilitate effective query handling.

To process the changes to the data, you are tasked with setting up a change feed processor. Additionally, you plan to use Azure Functions to trigger the processing of the change feed whenever updates occur.

What are the components of the Azure Cosmos DB change feed processor?

Instructions: To answer, drag the appropriate item from the column on the left to its description on the right. Each correct match is worth one point.

You deploy Azure Cosmos DB and Azure Monitor for enhanced monitoring and diagnostics.

The index must be updated whenever items are created, modified, or removed. Additionally, you want to track any potential indexing issues or delays for timely resolution.

What should you do to meet the requirement of updating the index with every change?

You are designing a microservice architecture for a logistics platform with services like inventory management, order fulfillment, and shipment tracking.

You must implement a communication backplane that ensures messages between services are processed in the exact order they are sent, following a first-in-first-out (FIFO) model.

Additionally, your team is considering integrating Azure Event Grid to enable event-driven communication for real-time updates across microservices.

Which of the following would be best for FIFO message processing in your microservice architecture?

You are implementing an event-driven architecture for a financial services company to track branch transactions.

You are tasked with ensuring that each branch can securely send transaction events to Azure Event Hubs.

You must ensure that each branch, identified by a unique identifier, can only record its transactions and not access data from other branches. You also need to ensure that new branches can be quickly onboarded into the system and that their events are securely sent.

Which solution should you implement to ensure each branch can securely record its transactions?

You have deployed a Virtual Machine (VM) in Azure that is configured with a system-assigned managed identity.

The VM must access an Azure Key Vault resource containing sensitive information, such as connection strings and API keys. You have already granted the system-assigned managed identity of the VM the necessary access permissions to the Key Vault.

You need to ensure that the application can securely authenticate and obtain an access token to access the Key Vault.

Which of the following should be performed to achieve this? (Select TWO.)

You are building a real-time analytics application that processes log data from various servers and systems.

You send log events to Azure Event Hubs using the premium tier.

You need to ensure that each system (e.g., web servers, database servers, and application servers) has its own throttling policy to manage the volume of log data each system can send.

Which of the following options will meet the given requirement?

You are designing a multi-region Cosmos DB architecture and Azure Redis Cache solution that will be implemented in several different Azure regions.

Your architecture needs to accomplish the following objectives:

– Ensure that read operations never display out-of-order write operations.

– Optimize for high concurrency during read operations across regions.

You must select the appropriate consistency level for this architecture.

Which consistency level is the most appropriate for this solution?

You are tasked with migrating large amounts of data stored across several containers in an Azure storage account to a new storage account in a different region. The migration process needs to be:

– Fully automated with minimal user intervention.

– Capable of transferring data quickly and efficiently, even when dealing with vast volumes of data.

– It is easily integrated into a scripted or batch process for continuous or scheduled migrations.

Additionally, you want to leverage Azure Monitor to monitor and set up alerts for the data migration process, ensuring any issues are detected immediately.

What solution should you use?

You are developing a serverless solution using Azure Durable Functions to streamline a financial approval system.

The workflow involves several steps, including document verification, internal review, and customer credit validation, which may take several days to complete. Since this process includes multiple actions that must run in a defined sequence, the solution must maintain state between function calls and be resilient to delays or timeouts.

You must choose the correct Azure Durable Functions type to coordinate the workflow.

What type of Azure Durable Function should be implemented to fulfill the given workflow requirements?

You are part of a DevOps team for a financial services company building a real-time fraud detection platform.

The system runs microservices on Azure Container Apps, where each microservice listens to an Azure Event Hubs stream to process transaction data and identify anomalies.

To ensure efficiency and responsiveness, the architecture must automatically scale the microservices based on the Event Hub’s incoming message load.

The team is using Kubernetes Event-driven Autoscaling (KEDA) with a custom scale rule.

Which of the following must be configured to support this scaling behavior? (Select TWO.)

You have created a custom Azure Event Grid topic within your Azure subscription.

You have also set up an Azure Event Grid event subscription that uses the Topic as the event source and a Web Hook as the endpoint to receive events.

You are concerned about event delivery failures and want to ensure that any failed events can be captured and stored for later inspection or reprocessing.

You plan to enable dead-lettering for the event subscription.

Which of the following steps should you take first in order to enable dead-lettering for the Event Grid event subscription?

Note: This item is part of a series of questions with the same scenario but a different proposed answer. Each in the series has a unique solution that may or may not comply with the requirements specified in the scenario.

You are building a distributed event-driven system using Azure Event Grid to enable near-real-time communication between core services and various business organizations across the enterprise.

The system must meet the following requirements:

– Events must be routed to thousands of endpoints across different business organizations.

– Each organization should receive only the custom events relevant to its operations.

– The system must publish all events through a single endpoint to simplify event ingestion and management.

– Authentication and authorization must be enforced using Microsoft Entra ID to ensure that each organization accesses only its designated event stream.

The proposed solution is to configure a single Azure Event Grid custom topic and have each business organization filter the events it needs after subscription.

Does the solution meet the given requirements?

Note: This item is part of a series of questions with the same scenario but a different proposed answer. Each in the series has a unique solution that may or may not comply with the requirements specified in the scenario.

You are building a distributed event-driven system using Azure Event Grid to enable near-real-time communication between core services and various business organizations across the enterprise.

The system must meet the following requirements:

– Events must be routed to thousands of endpoints across different business organizations.

– Each organization should receive only the custom events relevant to its operations.

– The system must publish all events through a single endpoint to simplify event ingestion and management.

– Authentication and authorization must be enforced using Microsoft Entra ID to ensure that each organization accesses only its designated event stream.

The proposed solution is to configure an Azure Event Grid event domain, with each business organization represented by a custom topic.

Does the solution meet the given requirements?

Note: This item is part of a series of questions with the same scenario but a different proposed answer. Each in the series has a unique solution that may or may not comply with the requirements specified in the scenario.

You are building a distributed event-driven system using Azure Event Grid to enable near-real-time communication between core services and various business organizations across the enterprise.

The system must meet the following requirements:

– Events must be routed to thousands of endpoints across different business organizations.

– Each organization should receive only the custom events relevant to its operations.

– The system must publish all events through a single endpoint to simplify event ingestion and management.

– Authentication and authorization must be enforced using Microsoft Entra ID to ensure that each organization accesses only its designated event stream.

The proposed solution is to create multiple individual Azure Event Grid custom topics, one for each organization, and configure access through Microsoft Entra ID.

Does the solution meet the given requirements?

Note: This item is part of a series of questions with the same scenario but a different proposed answer. Each in the series has a unique solution that may or may not comply with the requirements specified in the scenario.

You are building a distributed event-driven system using Azure Event Grid to enable near-real-time communication between core services and various business organizations across the enterprise.

The system must meet the following requirements:

– Events must be routed to thousands of endpoints across different business organizations.

– Each organization should receive only the custom events relevant to its operations.

– The system must publish all events through a single endpoint to simplify event ingestion and management.

– Authentication and authorization must be enforced using Microsoft Entra ID to ensure that each organization accesses only its designated event stream.

The proposed solution is to deploy an Azure Container App with ingress enabled and configure a TCP scale rule to automatically scale the container app based on incoming traffic. Each business organization will connect directly to this container to receive their events.

Does the solution meet the given requirements?

You are building a scalable image storage solution within Azure Blob Storage for an application that will manage and process a vast collection of images. Each image comes with Exif (Exchangeable Image File Format) metadata, which holds important information about the image such as camera settings, GPS location, and more.

The system must meet the following requirements:

– Exif data must be saved as blob metadata when images are uploaded into Azure Blob Storage.

– The Exif metadata must be accessible for future processing, but without downloading the entire image content, to optimize the use of bandwidth and reduce processing time.

– The application is expected to leverage the REST API to interact with the Azure Blob Storage service for these operations.

– Azure Functions will extract Exif data from images and update the metadata accordingly.

Which of the following HTTP verbs should be used to fulfill these requirements?

Select the correct answer from the drop-down list of options. Each correct selection is worth one point.

A financial technology company is rolling out a containerized microservices-based application on a multinode Azure Kubernetes Service (AKS) cluster.

To ensure secure and scalable access to the services, the following requirements must be met:

– Secure TLS termination using a custom SSL certificate.

– Provides reverse proxy mechanism for directing traffic to the appropriate microservice.

– Dynamic routing capabilities based on hostnames or URL paths for canary releases and version rollouts.

What components should be used to achieve these requirements?

Instructions: To answer, drag the appropriate item from the column on the left to its description on the right. Each correct match is worth one point.

You are designing a messaging solution for an e-commerce platform that handles large-scale order processing. The solution needs to meet the following requirements:

– Provide transactional support for processing orders.

– Prevent duplicate orders from being processed.

– Store the messages for a long period for historical tracking and compliance.

– Allow the system to scale and automatically manage the processing of orders across multiple consumers.

– Integrate with Azure Functions to trigger order processing based on incoming messages.

Which Azure technologies would best meet the requirements? (Select TWO.)