[9-Aug-2020 Update] Exam AZ-304 VCE Dumps and AZ-304 PDF Dumps from PassLeader

Valid AZ-304 Dumps shared by PassLeader for Helping Passing AZ-304 Exam! PassLeader now offer the newest AZ-304 VCE dumps and AZ-304 PDF dumps, the PassLeader AZ-304 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader AZ-304 dumps with VCE and PDF here: https://www.passleader.com/az-304.html (299 Q&As Dumps –> 345 Q&As Dumps –> 380 Q&As Dumps –> 411 Q&As Dumps –> 432 Q&As Dumps)

BTW, DOWNLOAD part of PassLeader AZ-304 dumps from Cloud Storage: https://drive.google.com/drive/folders/1R6gKXyDGLSdnm0n5rTRLOkJFkIR9zJ0R

You have an Azure Active Directory (Azure AD) tenant. You plan to deploy Azure Cosmos DB databases that will use the SQL API. You need to recommend a solution to provide specific Azure AD user accounts with read access to the Cosmos DB databases. What should you include in the recommendation?

A.    shared access signatures (SAS) and conditional access policies
B.    certificates and Azure Key Vault
C.    a resource token and an Access control (IAM) role assignment
D.    master keys and Azure Information Protection policies

Answer: C
The Access control (IAM) pane in the Azure portal is used to configure role-based access control on Azure Cosmos resources. The roles are applied to users, groups, service principals, and managed identities in Active Directory. You can use built-in roles or custom roles for individuals and groups.

You are designing an Azure resource deployment that will use Azure Resource Manager templates. The deployment will use Azure Key Vault to store secrets. You need to recommend a solution to meet the following requirements:
– Prevent the IT staff that will perform the deployment from retrieving the secrets directly from Key Vault.
– Use the principle of least privilege.
Which two actions should you recommend? (Each correct answer presents part of the solution. Choose two.)

A.    Create a Key Vault access policy that allows all get key permissions, get secret permissions, and get certificate permissions.
B.    From Access policies in Key Vault, enable access to the Azure Resource Manager for template deployment.
C.    Create a Key Vault access policy that allows all list key permissions, list secret permissions, and list certificate permissions.
D.    Assign the IT staff a custom role that includes the Microsoft.KeyVault/Vaults/Deploy/Action permission.
E.    Assign the Key Vault Contributor role to the IT staff.

Answer: BD
B: To access a key vault during template deployment, set enabledForTemplateDeployment on the key vault to true.
D: The user who deploys the template must have the Microsoft.KeyVault/vaults/deploy/action permission for the scope of the resource group and key vault.
Not E: To grant access to a user to manage key vaults, you assign a predefined key vault Contributor role to the user at a specific scope. If a user has Contributor permissions to a key vault management plane, the user can grant themselves access to the data plane by setting a Key Vault access policy. You should tightly control who has Contributor role access to your key vaults. Ensure that only authorized persons can access and manage your key vaults, keys, secrets, and certificates.

You have an Azure Active Directory (Azure AD) tenant. You plan to provide users with access to shared files by using Azure Storage. The users will be provided with different levels of access to various Azure file shares based on their user account or their group membership. You need to recommend which additional Azure services must be used to support the planned deployment. What should you include in the recommendation?

A.    an Azure AD enterprise application
B.    Azure Information Protection
C.    an Azure AD Domain Services (Azure AD DS) instance
D.    an Azure Front Door instance

Answer: C
Azure Files supports identity-based authentication over Server Message Block (SMB) through two types of Domain Services: on-premises Active Directory Domain Services (AD DS) and Azure Active Directory Domain Services (Azure AD DS).

You have 100 servers that run Windows Server 2012 R2 and host Microsoft SQL Server 2014 instances. The instances host databases that have the following characteristics:
– The largest database is currently 3 TB. None of the databases will ever exceed 4 TB.
– Stored procedures are implemented by using CLR.
You plan to move all the data from SQL Server to Azure. You need to recommend an Azure service to host the databases. The solution must meet the following requirements:
– Whenever possible, minimize management overhead for the migrated databases.
– Minimize the number of database changes required to facilitate the migration.
– Ensure that users can authenticate by using their Active Directory credentials.
What should you include in the recommendation?

A.    Azure SQL Database elastic pools
B.    Azure SQL Database Managed Instance
C.    Azure SQL Database single databases
D.    SQL Server 2016 on Azure virtual machines

Answer: B

You have an Azure subscription that contains 100 virtual machines. You plan to design a data protection strategy to encrypt the virtual disks. You need to recommend a solution to encrypt the disks by using Azure Disk Encryption. The solution must provide the ability to encrypt operating system disks and data disks. What should you include in the recommendation?

A.    a certificate
B.    a key
C.    a passphrase
D.    a secret

Answer: B
For enhanced virtual machine (VM) security and compliance, virtual disks in Azure can be encrypted. Disks are encrypted by using cryptographic keys that are secured in an Azure Key Vault. You control these cryptographic keys and can audit their use.

You have data files in Azure Blob storage. You plan to transform the files and move them to Azure Data Lake Storage. You need to transform the data by using mapping data flow. Which Azure service should you use?

A.    Azure Data Box Gateway
B.    Azure Storage Sync
C.    Azure Data Factory
D.    Azure Databricks

Answer: C
You can use Copy Activity in Azure Data Factory to copy data from and to Azure Data Lake Storage Gen2, and use Data Flow to transform data in Azure Data Lake Storage Gen2.

Your company purchases an app named App1. You plan to run App1 on seven Azure virtual machines in an Availability Set. The number of fault domains is set to 3. The number of update domains is set to 20. You need to identify how many App1 instances will remain available during a period of planned maintenance. How many App1 instances should you identify?

A.    1
B.    2
C.    6
D.    7

Answer: C
Only one update domain is rebooted at a time. Here there are 7 update domain with one VM each (and 13 update domain with no VM).

You have an Azure Storage v2 account named storage1. You plan to archive data to storage1. You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create a file share and snapshots.
Does this meet the goal?

A.    Yes
B.    No

Answer: B
Instead you could create an Azure Blob storage container, and you configure a legal hold access policy.

You have an on-premises Hyper-V cluster that hosts 20 virtual machines. Some virtual machines run Windows Server 2016 and some run Linux. You plan to migrate the virtual machines to an Azure subscription. You need to recommend a solution to replicate the disks of the virtual machines to Azure. The solution must ensure that the virtual machines remain available during the migration of the disks.
Solution: You recommend implementing a Recovery Services vault, and then using Azure Site Recovery.
Does this meet the goal?

A.    Yes
B.    No

Answer: A
Site Recovery can replicate on-premises VMware VMs, Hyper-V VMs, physical servers (Windows and Linux), Azure Stack VMs to Azure.

You have an on-premises network and an Azure subscription. The on-premises network has several branch offices. A branch office in Toronto contains a virtual machine named VM1 that is configured as a file server. Users access the shared files on VM1 from all the offices. You need to recommend a solution to ensure that the users can access the shared files as quickly as possible if the Toronto branch office is inaccessible. What should you include in the recommendation?

A.    an Azure file share and Azure File Sync
B.    a Recovery Services vault and Windows Server Backup
C.    a Recovery Services vault and Azure Backup
D.    Azure blob containers and Azure File Sync

Answer: A
Use Azure File Sync to centralize your organization’s file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms Windows Server into a quick cache of your Azure file share. You need an Azure file share in the same region that you want to deploy Azure File Sync.
Not C: Backups would be a slower solution.

You are designing an Azure solution. The network traffic for the solution must be securely distributed by providing the following features:
– HTTPS protocol
– Round robin routing
– SSL offloading
You need to recommend a load balancing option. What should you recommend?

A.    Azure Load Balancer
B.    Azure Internal Load Balancer (ILB)
C.    Azure Traffic Manager
D.    Azure Application Gateway

Answer: D
If you are looking for Transport Layer Security (TLS) protocol termination (“SSL offload”) or per-HTTP/HTTPS request, application-layer processing, review Application Gateway. Application Gateway is a layer 7 load balancer, which means it works only with web traffic (HTTP, HTTPS, WebSocket, and HTTP/2). It supports capabilities such as SSL termination, cookie-based session affinity, and round robin for load-balancing traffic. Load Balancer load-balances traffic at layer 4 (TCP or UDP).

You are developing a sales application that will contain several Azure cloud services and will handle different components of a transaction. Different cloud services will process customer orders, billing, payment, inventory, and shipping. You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using REST messages. What should you include in the recommendation?

A.    Azure Service Bus
B.    Azure Blob Storage
C.    Azure Notification Hubs
D.    Azure Application Gateway

Answer: A
Service Bus is a transactional message broker and ensures transactional integrity for all internal operations against its message stores. All transfers of messages inside of Service Bus, such as moving messages to a dead-letter queue or automatic forwarding of messages between entities, are transactional.
Not C: Azure Notification Hubs is a massively scalable mobile push notification engine for quickly sending millions of notifications to iOS, Android, Windows, or Kindle devices.


You are building an application that will run in a virtual machine (VM). The application will use Azure Managed Identity. The application uses Azure Key Vault, Azure SQL Database, and Azure Cosmos DB. You need to ensure the application can use secure credentials to access these services. Which authentication method should you recommend? (To answer, select the appropriate options in the answer area.)

Managed identities for Azure resources is the new name for the service formerly known as Managed Service Identity (MSI).

You have an existing implementation of Microsoft SQL Server Integration Services (SSIS) packages stored in an SSISDB catalog on your on-premises network. The on-premises network does not have hybrid connectivity to Azure by using Site-to-Site VPN or ExpressRoute. You want to migrate the packages to Azure Data Factory. You need to recommend a solution that facilitates the migration while minimizing changes to the existing packages. The solution must minimize costs. What should you recommend? (To answer, select the appropriate options in the answer area.)

Box 1: Azure SQL database. You can’t create the SSISDB Catalog database on Azure SQL Database at this time independently of creating the Azure-SSIS Integration Runtime in Azure Data Factory. The Azure-SSIS IR is the runtime environment that runs SSIS packages on Azure.
Box 2: Azure-SQL Server Integration Service Integration Runtime and self-hosted integration runtime. The Integration Runtime (IR) is the compute infrastructure used by Azure Data Factory to provide data integration capabilities across different network environments. Azure-SSIS Integration Runtime (IR) in Azure Data Factory (ADF) supports running SSIS packages.

Drag and Drop
You have an on-premises network that uses an IP address space of You plan to deploy 25 virtual machines to a new Azure subscription. You identify the following technical requirements:
– All Azure virtual machines must be placed on the same subnet named Subnet1.
– All the Azure virtual machines must be able to communicate with all on-premises servers.
– The servers must be able to communicate between the on-premises network and Azure by using a site-to-site VPN.
You need to recommend a subnet design that meets the technical requirements. What should you include in the recommendation? (To answer, drag the appropriate network addresses to the correct subnets. Each network address may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)


Drag and Drop
Your company has users who work remotely from laptops. You plan to move some of the applications accessed by the remote users to Azure virtual machines. The users will access the applications in Azure by using a point-to-site VPN connection. You will use certificates generated from an on-premises-based Certification authority (CA). You need to recommend which certificates are required for the deployment. What should you include in the recommendation? (To answer, drag the appropriate certificates to the correct targets. Each certificate may be used once, more than once, of not at all. You may need to drag the split bar between panes or scroll to view content.)



Case Study 1 – Fabrikam
Each office contains at least one domain controller from the corp.fabrikam.com domain. The main office contains all the domain controllers for the rd.fabrikam.com forest. All the offices have a high-speed connection to the Internet. An existing application named WebApp1 is hosted in the data center of the London office. WebApp1 is used by customers to place and track orders. WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016.

What should you include in the identity management strategy to support the planned changes?

A.    Move all the domain controllers from corp.fabrikam.com to virtual networks in Azure.
B.    Deploy domain controllers for the rd.fabrikam.com forest to virtual networks in Azure.
C.    Deploy domain controllers for corp.fabrikam.com to virtual networks in Azure.
D.    Deploy a new Azure AD tenant for the authentication of new R&D projects.

Answer: C

You need to recommend a notification solution for the IT Support distribution group. What should you include in the recommendation?

A.    a SendGrid account with advanced reporting
B.    Azure AD Connect Health
C.    Azure Network Watcher
D.    an action group

Answer: B


Case Study 2 – Contoso, Ltd.
Contoso, Ltd, is a US-based financial services company that has a main office in New York and a branch office in San Francisco. Contoso hosts a business-critical payment processing system in its New York data center. The system has three tiers: a front-end web app, a middle-tier web API, and a back-end data store implemented as a Microsoft SQL Server 2014 database. All servers run Windows Server 2012 R2.

You need to recommend a solution for protecting the content of the payment processing system. What should you include in the recommendation?

A.    Always Encrypted with deterministic encryption.
B.    Always Encrypted with randomized encryption.
C.    Transparent Data Encryption (TDE).
D.    Azure Storage Service Encryption.

Answer: A

You need to recommend a backup solution for the data store of the payment processing system. What should you include in the recommendation?

A.    Microsoft System Center Data Protection Manager (DPM)
B.    Azure Backup Server
C.    Azure SQL Long-term Backup Retention
D.    Azure Managed Disks

Answer: C


Get the newest PassLeader AZ-304 VCE dumps here: https://www.passleader.com/az-304.html (299 Q&As Dumps –> 345 Q&As Dumps –> 380 Q&As Dumps –> 411 Q&As Dumps –> 432 Q&As Dumps)

And, DOWNLOAD the newest PassLeader AZ-304 PDF dumps from Cloud Storage for free: https://drive.google.com/drive/folders/1R6gKXyDGLSdnm0n5rTRLOkJFkIR9zJ0R