Some tips | about the confusing Microsoft AZ-304 exam

AZ-304 exam

Is the Microsoft AZ-304 exam confusing? It’s time to share my experience! Let’s start with exam-related tips and tricks: Practice the AZ-304 exam questions as much as possible. The second difficulty with the AZ-304 exam is that it seems difficult to find quality content. Don’t worry, you can easily find the best AZ-304 dumps learning content in Pass4itSure!

New sharing of study materials for Microsoft AZ-304 exam! Get the latest AZ-304 exam practice questions and exam dumps pdf for free! 100% pass the exam selection Complete Microsoft AZ-304 dumps: https://www.pass4itsure.com/az-304.html Get the link to VCE or PDF.

New, Microsoft AZ-304 exam dumps pdf

Microsoft AZ-304 exam dumps pdf free https://drive.google.com/file/d/1FR8nyNedMy_xEyoqH86fC6DVZ9fgD4lL/view?usp=sharing

Pass4itSure offers the latest Microsoft AZ-304 PDF Google Drive. (Of course only part)

Latest Microsoft Role-based AZ-304 exam questions and answers

[AZ-304 practice test Q1-Q15] Free sharing of AZ-304 exam questions and answers from Pass4itSure.

QUESTION 1 #

Note: This question is a part of series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.

A company has custom ASP.NET and Java applications that run old versions of Windows and Linux. The company
plans to place applications in containers.

You need to design a solution that includes networking, service discovery, and load balancing for the applications. The
solution must support storage orchestration. Solution: You deploy each application to an Azure Container instance.
Does the solution meet the goal?

A. Yes
B. No
Correct Answer: A


Docker Containers are the global standard and are natively supported in Azure, offering enterprises an interesting and
the flexible way to migrate legacy apps for both future-proofing and cost benefits.

Containers are modular and portable. Docker containers are supported on any server operating system (Linux and
Windows), in any major public cloud (Microsoft Azure, Amazon AWS, Google, IBM), and in on-premises and private or
hybrid cloud environments.

Reference: https://docs.microsoft.com/en-us/dotnet/standard/modernize-with-azure-and-containers/modernize-existingapps-to-cloud-optimized/deploy-existing-net-apps-as-windows-containers

QUESTION 2 #

You are designing a storage solution that will use Azure Blob storage. The data will be stored in a cool access tier or an
archive access tier based on the access patterns of the data.

You identify the following types of infrequently accessed data:
1. Telemetry data: Deleted after two years
2. Promotional material: Deleted after 14 days
3. Virtual machine audit data: Deleted after 200 days

A colleague recommends using the archive access tier to store the data.
Which statement accurately describes the recommendation?

A. Storage costs will be based on a minimum of 30 days.
B. Access to the data is guaranteed within five minutes.
C. Access to the data is guaranteed within 30 minutes.
D. Storage costs will be based on a minimum of 180 days.
Correct Answer: D

The following table shows a comparison of premium performance block blob storage, and the hot, cool, and archive
access tiers.

Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers

QUESTION 3 #

You have an Azure subscription that contains an Azure Cosmos DB account.
You need to recommend a solution to generate an alert from Azure Log Analytics when a request charge for a query
exceeds 50 request units more than 20 times within a 15-minute window.

What should you recommend?

A. Create a search query to identify when requestCharge_s exceeds 50. Configure an alert threshold of 20 and a period
of 15.
B. Create a search query to identify when duration_s exceeds 20 and requestCharge_s exceeds 50. Configure a period
of 15.
C. Create a search query to identify when requestCharge_s exceeds 20. Configure a period of 15 and a frequency of
20.
D. Create a search query to identify when duration_s exceeds 20. Configure a period of 15.
Correct Answer: A

QUESTION 4 #

HOTSPOT
Your company deploys several Linux and Windows virtual machines (VMs) to Azure. The VMs are deployed with the
Microsoft Dependency Agent and the Log Analytics Agent were installed by using Azure VM extensions. On-premises
connectivity has been enabled by using Azure ExpressRoute.

You need to design a solution to monitor the VMs.
Which Azure monitoring services should you use?

To answer, select the appropriate Azure monitoring services in the answer area. NOTE: Each correct selection is worth one point.

Hot Area:

Box 1: Azure Traffic Analytics Traffic Analytics is a cloud-based solution that provides visibility into user and application
activity in cloud networks. Traffic analytics analyzes Network Watcher network security group (NSG) flow logs to provide insights into traffic flow in your Azure cloud. With traffic analytics, you can:

1. Identify security threats to, and secure your network, with information such as open-ports, applications attempting
internet access, and virtual machines (VM) connecting to rogue networks.

2. Visualize network activity across your Azure subscriptions and identify hot spots.

3. Understand traffic flow patterns across Azure regions and the internet to optimize your network deployment for
performance and capacity.

4. Pinpoint network misconfigurations leading to failed connections in your network.

Box 2: Azure Service Map Service Map automatically discovers application components on Windows and Linux systems
and maps the communication between services.

With Service Map, you can view your servers in the way that you think
of them: as interconnected systems that deliver critical services.

Service Map shows connections between servers, processes, inbound and outbound connection latency, and ports across any TCP-connected architecture, with no configuration, required other than the installation of an agent.

References: https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics https://docs.microsoft.com/enus/azure/azure-monitor/insights/service-map

QUESTION 5 #

You need to ensure that connections to Web01 and Web02 are available if a single zone fails. What should you
modify? NOTE: To answer this question, sign in to the Azure portal and explore the Azure resource groups.

A. the availability set
B. the size of the virtual machines
C. the SKU of the load balancer
D. the Azure Traffic Manager configurations
Correct Answer: C

Azure Standard Load Balancer supports availability zones scenarios. You can use Standard Load Balancer to optimize
availability in your end-to-end scenario by aligning resources with zones and distributing them across zones

References: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-availability-zones

QUESTION 6 #

HOTSPOT
You are designing an Azure web app.
You plan to deploy the web app to the North Europe Azure region and the West Europe Azure region.
You need to recommend a solution for the web app. The solution must meet the following requirements:

1. Users must always access the web app from the North Europe region unless the region fails.
2. The web app must be available to users if an Azure region is unavailable.
3. Deployment costs must be minimized.

What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Hot Area:

Correct Answer:

QUESTION 7 #

You are designing an Azure web app that will use Azure Active Directory (Azure AD) for authentication.
You need to recommend a solution to provide users from multiple Azure AD tenants with access to App1.

The solution must ensure that the users use Azure Multi-Factor Authentication (MFA) when they connect to App1.
Which two types of objects should you include in the recommendation?

Each correct answer presents part of the solution.
NOTE: Each correct selection is world one point

A. Azure AD conditional access policies
B. Azure AD managed identities
C. an Identity Experience Framework policy
D. an Azure application security group
E. a Microsoft Intune app protection policy
F. Azure AD guest accounts
Correct Answer: AC

A: The Conditional Access feature in Azure Active Directory (Azure AD) offers one of several ways that you can use to
secure your app and protect service. Conditional Access enables developers and enterprise customers to protect
services in a multitude of ways including:

1. Multi-factor authentication
2. Allowing only Intune enrolled devices to access specific services
3. Restricting user locations and IP ranges

B: Conditional Access policies are powerful tools, we recommend excluding the following accounts from your policy:
Service accounts and service principals. If your organization has these accounts in use in scripts or code, consider
replacing them with managed identities.

Incorrect Answers:
E: Application security groups enable you to configure network security as a natural extension of an application\’s
structure, allowing you to group virtual machines and define network security policies based on those groups

Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-conditional-access-dev-guide
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-azuremanagement

QUESTION 8 #

HOTSPOT
Your company has the divisions shown in the following table.

You plan to deploy a custom application to each subscription. The application will contain the following:

1. A resource group
2. An Azure web app
3. Custom role assignments
4. An Azure Cosmos DB account

You need to use Azure Blueprints to deploy the application to each subscription.
What is the minimum number of objects required to deploy the application? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Hot Area:

Correct Answer:

Box 1: 2
One management group for East, and one for West.
When creating a blueprint definition, you\’ll define where the blueprint is saved. Blueprints can be saved to a
management group or subscription that you have Contributor access to. If the location is a management group, the
blueprint is available to assign to any child subscription of that management group.

Box 2: 1
One definition is you plan to deploy a custom application to each subscription.
With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint
assignment (what was deployed) is preserved.

Box 3: 4
One assignment for each subscription.

Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/overview

QUESTION 9 #

Note: This question is a part of series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.

You are designing an Azure solution for a company that has four departments. Each department will deploy several
Azure app services and Azure SQL databases.

You need to recommend a solution to report the costs for each department to deploy the app services and the
databases. The solution must provide a consolidated view for cost reporting.


Solution: Create a resources group for each resource type. Assign tags to each resource group.
Does this meet the goal?

A. Yes
B. No
Correct Answer: A

Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to
organize resources for billing or management.
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags

QUESTION 10 #

You have an on-premises network and an Azure subscription. The on-premises network has several branch offices.
A branch office in Toronto contains a virtual machine named VM1 that is configured as a file server. Users access the
shared files on VM1 from all the offices.

You need to recommend a solution to ensure that the users can access the shares files as quickly as possible if the
Toronto branch office is inaccessible.
What should you include in the recommendation?

A. a Recovery Services vault and Azure Backup
B. an Azure file share and Azure File Sync
C. Azure blob containers and Azure File Sync
D. a Recovery Services vault and Windows Server Backup
Correct Answer: B

Use Azure File Sync to centralize your organization\’s file shares in Azure Files, while keeping the flexibility,
performance, and compatibility of an on-premises file server. Azure File Sync transforms Windows Server into a quick
cache of your Azure file share.

You need an Azure file share in the same region that you want to deploy Azure File Sync. Incorrect Answers:
A: Backups would be a slower solution.

Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide

QUESTION 11 #

You have an Azure Active Directory (Azure AD) tenant.
You plan to provide users with access to shared files by using Azure Storage. The users will be provided with different
levels of access to various Azure file shares based on their user account or their group membership.
You need to recommend which additional Azure services must be used to support the planned deployment.

What should you include in the recommendation?

A. an Azure AD enterprise application
B. Azure Information Protection
C. an Azure AD Domain Services (Azure AD DS) instance
D. an Azure Front Door instance
Correct Answer: C

Azure Files supports identity-based authentication over Server Message Block (SMB) through two types of Domain
Services: on-premises Active Directory Domain Services (AD DS) and Azure Active Directory Domain Services (Azure
AD DS).

Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory- domain-service-enable

QUESTION 12 #

Note: This question is a part of series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear on the review screen. A company has custom ASP.NET and Java applications that run old versions of Windows and Linux. The company plans to place applications in containers.

You need to design a solution that includes networking, service discovery, and load balancing for the applications. The
the solution must support storage orchestration.

Solution: You create an Azure virtual network, public IP address, and load balancer. Then add virtual machines (VMs) to
the solution and deploy individual containers on them.
Does the solution meet the goal?

A. Yes
B. No
Correct Answer: B

Instead, you should deploy each application to an Azure Container instance.
Note: Docker Containers are the global standard and are natively supported in Azure, offering enterprises an interesting and flexible way to migrate legacy apps for both future-proofing and cost benefits.

Reference:
https://docs.microsoft.com/en-us/dotnet/standard/modernize-with-azure-and-containers/modernize-existing-apps-tocloud-optimized/deploy-existing-net-apps-as-windows-containers

QUESTION 13 #

You are designing a microservices architecture that will use Azure Kubernetes Service (AKS) to host pods that run
containers. Each pod deployment will host a separate API. Each API will be implemented as a sep You need to recommend a solution to make the APIs available to external users from Azure API Management. The
solution must meet the following requirements:

1. Control access to the APIs by using mutual TLS authentication between API Management and the AKS-based APIs.
2. Provide access to the APIs by using a single IP address.
What should you recommend to provide access to the APIs?

A. custom network security groups (NSGs)
B. the LoadBelancer service in AKS
C. the Ingress Controller in AKS
Correct Answer: C

An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and TLS termination
for Kubernetes services. Kubernetes ingress resources are used to configure the ingress rules and routes for individual
Kubernetes services. Using an ingress controller and ingress rules, a single IP address can be used to route traffic to
multiple services in a Kubernetes cluster.

Reference: https://docs.microsoft.com/en-us/azure/aks/ingress-basic

QUESTION 14 #

You have.NeT a web service named service1 that has the following requirements.
1. Must read and write to the local file system.
2. Must write to the Windows Application event log.

You need to recommend a solution to host Service1 in Azure. The solution must meet the following requirements:
1. Minimize maintenance overhead.
2. Minimize costs.
What should you include in the recommendation?

A. an Azure web app
B. Azure function
C. an App Service Environment
D. an Azure virtual machine scale set
Correct Answer: D

QUESTION 15 #

HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.

You create an Azure SQL database named DB1 that is hosted in the East US region.
To DB1, you add a diagnostic setting named Settings1. Settings1 archives SQLInsights to storage1 and sends
SQLInsights to Workspace1.
For each of the following statements, select Yes if the statement is true, Otherwise, select No.

Hot Area:

Correct Answer:

Box 1: No
You archive logs only to Azure Storage accounts.
Box 2: Yes
Box 3: Yes
Sending logs to Event Hubs allows you to stream data to external systems such as third-party SIEMs and another log
analytics solutions.
Note: A single diagnostic setting can define no more than one of each of the destinations. If you want to send data to
more than one of a particular destination type (for example, two different Log Analytics workspaces), then create
multiple
settings. Each resource can have up to 5 diagnostic settings.

References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/diagnostic-settings

Summarize

Get the latest Microsoft Role-based AZ-304 exam dumps to help you pass the exam easily! Pass4itSure has the most complete exam policy! Let your Microsoft Role-based AZ-304 exam no longer be confused. To pass the AZ-304 exam 100%, please click https://www.pass4itsure.com/az-304.html (Total Questions: 416 Q&A).

If it helps you prepare for certification, please let me know!