• Home
  • Articles
  • [Dec 15, 2021] Dumps Collection AZ-304 Test Engine Dumps Training With 273 Questions [Q71-Q90]

[Dec 15, 2021] Dumps Collection AZ-304 Test Engine Dumps Training With 273 Questions [Q71-Q90]

Share

[Dec 15, 2021] Dumps Collection AZ-304 Test Engine Dumps Training With 273 Questions

Microsoft AZ-304 Dumps - 100% Cover Real Exam Questions


AZ-304: Microsoft Azure Architect Design Certification Path

AZ-304: Microsoft Azure Architect Design Exam is expert level Certification. Aspirants must have expert-level skills in Azure administration and have experience with Azure development processes and DevOps processes .


Who should take the AZ-304: Microsoft Azure Architect Design Exam

The AZ-304 Exam certification is an internationally-recognized certification which help to have validation for Azure Solution Architects who participate in all phases of advising stakeholders and translate business requirements into secure, scalable, and reliable solutions. Candidates should be proficient in IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platform, budgeting, and governance.

 

NEW QUESTION 71
You need to recommend a solution for protecting the content of the back-end tier of the payment processing system.
What should you include in the recommendations?

  • A. Always Encrypted with randomized encryption
  • B. Transparent Date Encryption (TDE)
  • C. Always Encrypted with deterministic encryption
  • D. Azure Storage Service Encryption

Answer: C

Explanation:
Topic 1, Contoso, Ltd Case Study B
Overview
Contoso,Ltd is a US-base finance service company that has a main office New York and an office in San Francisco.
Payment Processing Query System
Contoso hosts a business critical payment processing system in its New York data center. The system has three tiers a front-end web app a middle -tier API and a back end data store implemented as a Microsoft SQL Server
2014 database All servers run Windows Server 2012 R2.
The front -end and middle net components are hosted by using Microsoft Internet Inform-non Services (IK) The application rode is written in C# and middle- tier API uses the Entity framework to communicate the SQL Server database. Maintenance of the database e performed by using SQL Server Ago- The database is currently J IB and is not expected to grow beyond 3 TB.
The payment processing system has the following compliance related requirement
* Encrypt data in transit and at test. Only the front-end and middle-tier components must be able to access the encryption keys that protect the date store.
* Keep backups of the two separate physical locations that are at last 200 miles apart and can be restored for op to seven years.
* Support blocking inbound and outbound traffic based on the source IP address, the description IP address, and the port number
* Collect Windows security logs from all the middle-tier servers and retain the log for a period of seven years,
* Inspect inbound and outbound traffic from the from-end tier by using highly available network appliances.
* Only allow all access to all the tiers from the internal network of Contoso.
Tape backups ate configured by using an on-premises deployment or Microsoft System Center Data protection Manager (DPMX and then shaped ofsite for long term storage Historical Transaction Query System Contoso recently migrate a business-Critical workload to Azure. The workload contains a NET web server for querying the historical transaction data residing in azure Table Storage. The NET service is accessible from a client app that was developed in-house and on the client computer in the New Your office. The data in the storage is 50 GB and is not except to increase.
Information Security Requirement
The IT security team wants to ensure that identity management n performed by using Active Directory.
Password hashes must be stored on premises only.
Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger multi-factor authentication prompt automatically Legitimate users must be able to authenticate successfully by using multi-factor authentication.
Planned Changes
Contoso plans to implement the following changes:
* Migrate the payment processing system to Azure.
* Migrate the historical transaction data to Azure Cosmos DB to address the performance issues.
Migration Requirements
Contoso identifies the following general migration requirements:
Infrastructure services must remain available if a region or a data center fails. Failover must occur without any administrative intervention
* Whenever possible. Azure managed serves must be used to management overhead
* Whenever possible, costs must be minimized.
Contoso identifies the following requirements for the payment processing system:
* If a data center fails, ensure that the payment processing system remains available without any administrative intervention. The middle-tier and the web front end must continue to operate without any additional configurations-
* If that the number of compute nodes of the from -end and the middle tiers of the payment processing system can increase or decrease automatically based on CPU utilization.
* Ensure that each tier of the payment processing system is subject to a Service level Agreement (SLA) of
9959 percent availability
* Minimize the effort required to modify the middle tier API and the back-end tier of the payment processing system.
* Generate alerts when unauthorized login attempts occur on the middle-tier virtual machines.
* Insure that the payment processing system preserves its current compliance status.
* Host the middle tier of the payment processing system on a virtual machine.
Contoso identifies the following requirements for the historical transaction query system:
* Minimize the use of on-premises infrastructure service.
* Minimize the effort required to modify the .NET web service querying Azure Cosmos DB.
* If a region fails, ensure that the historical transaction query system remains available without any administrative intervention.
Current Issue
The Contoso IT team discovers poor performance of the historical transaction query as the queries frequently cause table scans.
Information Security Requirements
The IT security team wants to ensure that identity management is performed by using Active Directory.
Password hashes must be stored on-premises only.
Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger a multi-factor authentication prompt automatically. legitimate users must be able to authenticate successfully by using multi-factor authentication.

 

NEW QUESTION 72
You have an Azure subscription that contains the SQL servers shown in the following table.

The subscription contains the storage accounts shown in the following table.

You create the Azure SQL databases shown in the following table.

Answer:

Explanation:

Explanation

Box 1: Yes
Be sure that the destination is in the same region as your database and server.
Box 2: No
Box 3: No
Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing

 

NEW QUESTION 73
You deploy an Azure virtual machine that runs an ASP.NET application. The application will be accessed from the internet by the users at your company.
You need to recommend a solution to ensure that the users are pre-authenticated by using their Azure Active Directory (Azure AD) account before they can connect to the ASP.NET application What should you include in the recommendation?

  • A. a public Azure Load Balancer
  • B. Azure Application Gateway
  • C. an Azure AD enterprise application
  • D. Azure Traffic Manager

Answer: C

Explanation:
Explanation
You can manage service principals in the Azure portal through the Enterprise Applications experience. Service principals are what govern an application connecting to Azure AD and can be considered the instance of the application in your directory.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are-added

 

NEW QUESTION 74
You have an Azure Active Directory (Azure AD) tenant.
You plan to deploy Azure Cosmos DB databases that will use the SQL API.
You need to recommend a solution to provide specific Azure AD user accounts with read access to the Cosmos DB databases.
What should you include in the recommendation?

  • A. certificates and Azure Key Vault
  • B. shared access signatures (SAS) and conditional access policies
  • C. a resource token and an Access control (IAM) role assignment
  • D. master keys and Azure Information Protection policies

Answer: C

Explanation:
Explanation
The Access control (IAM) pane in the Azure portal is used to configure role-based access control on Azure Cosmos resources. The roles are applied to users, groups, service principals, and managed identities in Active Directory. You can use built-in roles or custom roles for individuals and groups. The following screenshot shows Active Directory integration (RBAC) using access control (IAM) in the Azure portal:

Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/role-based-access-control

 

NEW QUESTION 75
You are designing a microservices architecture that will be hosted in an Azure Kubernetes Service (AKS) cluster. Apps that will consume the microservices will be hosted on Azure virtual machines. The virtual machines and the AKS cluster will reside on the same virtual network.
You need to design a solution to expose the microservices to the consumer apps. The solution must meet the following requirements:
* Ingress access to the microservices must be restricted to a single private IP address and protected by using mutual TLS authentication.
* The number of incoming microservice calls must be rate-limited.
* Costs must be minimized.
What should you include in the solution?

  • A. Azure API Management Standard tier with a service endpoint
  • B. Azure App Gateway with Azure Web Application Firewall (WAF)
  • C. Azure Front Door with Azure Web Application Firewall (WAF)
  • D. Azure API Management Premium tier with virtual network connection

Answer: D

Explanation:
Explanation
One option is to deploy APIM (API Management) inside the cluster VNet.
The AKS cluster and the applications that consume the microservices might reside within the same VNet, hence there is no reason to expose the cluster publicly as all API traffic will remain within the VNet. For these scenarios, you can deploy API Management into the cluster VNet. API Management Premium tier supports VNet deployment.
Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-kubernetes

 

NEW QUESTION 76
You have an Azure Active Directory (Azure AD) tenant.
You plan to provide users with access to shared files by using Azure Storage. The users will be provided with different levels of access to various Azure file shares based on their user account or their group membership.
You need to recommend which additional Azure services must be used to support the planned deployment.
What should you include in the recommendation?

  • A. an Azure AD enterprise application
  • B. an Azure Front Door instance
  • C. an Azure AD Domain Services (Azure AD DS) instance
  • D. Azure Information Protection

Answer: C

Explanation:
"Azure Files supports identity-based authentication over Server Message Block (SMB) through two types of Domain Services: on-premises Active Directory Domain Services (AD DS) and Azure Active Directory Domain Services (Azure AD DS)" - https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable?tabs=azure-portal Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable

 

NEW QUESTION 77
You are designing a container solution in Azure that will include two containers. One container will host a web API that will be available to the public. The other container will perform health monitoring of the web API and will remain private. The two containers will be deployed together as a group.
You need to recommend a compute service for the containers. The solution must minimize costs and maintenance overhead.
What should you include in the recommendation?

  • A. Azure Service Fabric
  • B. Azure Container Instances
  • C. Azure Kubernetes Service (AKS)
  • D. Azure Container registries

Answer: B

Explanation:
Azure Container Instances supports the deployment of multiple containers onto a single host using a container group. A container group is useful when building an application sidecar for logging, monitoring, or any other configuration where a service needs a second attached process.
Reference:
https://docs.microsoft.com/en-us/azure/container-instances/container-instances-multi-container-group

 

NEW QUESTION 78
You are evaluating the components of the migration to Azure that require you to provision an Azure Storage account.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

 

NEW QUESTION 79
You plan to deploy an Azure web app named Appl that will use Azure Active Directory (Azure AD) authentication.
App1 will be accessed from the internet by the users at your company. All the users have computers that run Windows 10 and are joined to Azure AD.
You need to recommend a solution to ensure that the users can connect to App1 without being prompted for authentication and can access App1 only from company-owned computers.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: An Azure AD app registration
Azure active directory (AD) provides cloud based directory and identity management services.You can use azure AD to manage users of your application and authenticate access to your applications using azure active directory.
You register your application with Azure active directory tenant.
Box 2: A conditional access policy
Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action.
By using Conditional Access policies, you can apply the right access controls when needed to keep your organization secure and stay out of your user's way when not needed.

Reference:
https://codingcanvas.com/using-azure-active-directory-authentication-in-your-web-application/
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

 

NEW QUESTION 80
You need to recommend a solution for protecting the content of the payment processing system.
What should you include in the recommendation?

  • A. Always Encrypted with randomized encryption
  • B. Always Encrypted with deterministic encryption
  • C. Azure Storage Service Encryption
  • D. Transparent Data Encryption (TDE)

Answer: B

Explanation:
Topic 1, Contoso, Ltd
Planned Changes
Contoso plans to implement the following changes:
* Migrate the payment processing system to Azure.
* Migrate the historical transaction data to Azure Cosmos DB to address the performance issues.
Migration Requirements
Contoso identifies the following general migration requirements:
Infrastructure services must remain available if a region or a data center fails. Failover must occur without any administrative intervention
* Whenever possible. Azure managed serves must be used to management overhead
* Whenever possible, costs must be minimized.
Contoso identifies the following requirements for the payment processing system:
* If a data center fails, ensure that the payment processing system remains available without any administrative intervention. The middle-tier and the web front end must continue to operate without any additional configurations-
* If that the number of compute nodes of the from -end and the middle tiers of the payment processing system can increase or decrease automatically based on CPU utilization.
* Ensure that each tier of the payment processing system is subject to a Service level Agreement (SLA) of 9959 percent availability
* Minimize the effort required to modify the middle tier API and the back-end tier of the payment processing system.
* Generate alerts when unauthorized login attempts occur on the middle-tier virtual machines.
* Insure that the payment processing system preserves its current compliance status.
* Host the middle tier of the payment processing system on a virtual machine.
Contoso identifies the following requirements for the historical transaction query system:
* Minimize the use of on-premises infrastructure service.
* Minimize the effort required to modify the .NET web service querying Azure Cosmos DB.
* If a region fails, ensure that the historical transaction query system remains available without any administrative intervention.
Current Issue
The Contoso IT team discovers poor performance of the historical transaction query as the queries frequently cause table scans.
Information Security Requirements
The IT security team wants to ensure that identity management is performed by using Active Directory. Password hashes must be stored on-premises only.
Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger a multi-factor authentication prompt automatically. legitimate users must be able to authenticate successfully by using multi-factor authentication.

 

NEW QUESTION 81
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.
Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network.
You need to enable single sign-on (SSO) for company users.
Solution: Configure an AD DS server in an Azure virtual machine (VM). Configure bidirectional replication.
Does the solution meet the goal?

  • A. No
  • B. Yes

Answer: A

 

NEW QUESTION 82
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.
Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network.
You need to enable single sign-on (SSO) for company users.
Solution: Install and configure an Azure AD Connect server to use pass-through authentication and select the Enable single sign-on option.
Does the solution meet the goal?

  • A. No
  • B. Yes

Answer: B

Explanation:
Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) automatically signs users in when they are on their corporate devices connected to your corporate network. When enabled, users don't need to type in their passwords to sign in to Azure AD, and usually, even type in their usernames. This feature provides your users easy access to your cloud-based applications without needing any additional on-premises components.
Seamless SSO can be combined with either the Password Hash Synchronization or Pass-through Authentication sign-in methods.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso

 

NEW QUESTION 83
You plan to develop a new app that will store business critical data. The app must meet the following requirements:
* Prevent new data from being modified for one year.
* Minimize read latency.
* Maximize data resiliency.
You need to recommend a storage solution for the app.
What should you recommend? To answer, select the appropriate options in the answer area.

Answer:

Explanation:
Explanation
Graphical user interface, text, application Description automatically generated

Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy?toc=/azure/storage/blobs/toc.json

 

NEW QUESTION 84
You are planning an Azure solution that will host production databases for a high-performance application.
The solution will include the following components:
* Two virtual machines that will run Microsoft SQL Server 2016, will be deployed to different data centers in the same Azure region, and will be part of an Always On availability group.
* SQL Server data that will be backed up by using the Automated Backup feature of the SQL Server IaaS Agent Extension (SQLIaaSExtension) You identify the storage priorities for various data types as shown in the following table.

Which storage type should you recommend for each data type? To answer, drag the appropriate storage types to the correct data types. Each storage type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

 

NEW QUESTION 85
A company has a hybrid ASP.NET Web API application that is based on a software as a service (SaaS) offering.
Users report general issues with the data. You advise the company to implement live monitoring and use ad hoc queries on stored JSON data. You also advise the company to set up smart alerting to detect anomalies in the data.
You need to recommend a solution to set up smart alerting.
What should you recommend?

  • A. Azure Security Center and Azure Data Lake Store
  • B. Azure Application Insights and Azure Monitor Logs
  • C. Azure Site Recovery and Azure Monitor Logs
  • D. Azure Data Lake Analytics and Azure Monitor Logs

Answer: D

Explanation:
Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview

 

NEW QUESTION 86
Your company has users who work remotely from laptops.
You plan to move some of the applications accessed by the remote users to Azure virtual machines. The users will access the applications in Azure by using a point-to-site VPN connection. You will use certificates generated from an on-premises-based certification authority (CA).
You need to recommend which certificates are required for the deployment.
What should you include in the recommendation? To answer, drag the appropriate certificates to the correct targets. Each certificate may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

 

NEW QUESTION 87
You design a solution for the web tier of WebApp1 as shown in the exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation:

Explanation

Box 1: Yes
Any new deployments to Azure must be redundant in case an Azure region fails.
Traffic Manager uses DNS to direct client requests to the most appropriate service endpoint based on a traffic-routing method and the health of the endpoints. An endpoint is any Internet-facing service hosted inside or outside of Azure. Traffic Manager provides a range of traffic-routing methods and endpoint monitoring options to suit different application needs and automatic failover models. Traffic Manager is resilient to failure, including the failure of an entire Azure region.
Box 2: Yes
Recent changes in Azure brought some significant changes in autoscaling options for Azure Web Apps (i.e.
Azure App Service to be precise as scaling happens on App Service plan level and has effect on all Web Apps running in that App Service plan).
Box 3: No
Traffic Manager provides a range of traffic-routing methods and endpoint monitoring options to suit different application needs and automatic failover models. Traffic Manager is resilient to failure, including the failure of an entire Azure region.
Reference:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
https://blogs.msdn.microsoft.com/hsirtl/2017/07/03/autoscaling-azure-web-apps/

 

NEW QUESTION 88
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You plan to deploy multiple instances of an Azure web app across several Azure regions.
You need to design an access solution for the app. The solution must meet the following replication requirements:
Support rate limiting.
Balance requests between all instances.
Ensure that users can access the app in the event of a regional outage.
Solution: You use Azure Front Door to provide access to the app.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: B

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-overview
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-waf
https://www.cloudmatter.io/post/azure-front-door-and-web-application-firewall-cheatsheet

 

NEW QUESTION 89
You are designing a message application that will run on an on-premises Ubuntu virtual machine. The application will use Azure Storage queues.
You need to recommend a processing solution for the application to interact with the storage queues. The solution must meet the following requirements:
* Create and delete queues daily.
* Be scheduled by using a CRON job.
* Upload messages every five minutes.
What should developers use to interact with the queues?

  • A. Azure CLI
  • B. AzCopy
  • C. .NET Core
  • D. Azure Data Factory

Answer: C

Explanation:
Incorrect Answers:
A: It is not possible to have Linux running in Windows Azure
B: AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.
Reference:
https://docs.microsoft.com/en-us/azure/storage/queues/storage-tutorial-queues

 

NEW QUESTION 90
......

Realistic DumpExam AZ-304 Dumps PDF - 100% Passing Guarantee: https://www.dumpexam.com/AZ-304-valid-torrent.html

Real AZ-304 dumps - Real Microsoft dumps PDF: https://drive.google.com/open?id=1jE0JQ6njK8ug1WRHOxuIW0rxywnk75gR 

Related Articles

more
Microsoft AZ-304 Certification Practice Exam

DumpExam exam dump materials and dumps PDF will assist you pass certificate exams certainly. We guarantee your money safety and provide you worry-free shopping. Best exam dump, valid dumps PDF, accurate exam materials is here waiting for you.

Latest Exam Dump

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 DumpExam NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy