[9-Nov-2020 Update] Exam AZ-304 VCE Dumps and AZ-304 PDF Dumps from PassLeader

Valid AZ-304 Dumps shared by PassLeader for Helping Passing AZ-304 Exam! PassLeader now offer the newest AZ-304 VCE dumps and AZ-304 PDF dumps, the PassLeader AZ-304 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader AZ-304 dumps with VCE and PDF here: https://www.passleader.com/az-304.html (345 Q&As Dumps)

BTW, DOWNLOAD part of PassLeader AZ-304 dumps from Cloud Storage: https://drive.google.com/drive/folders/1R6gKXyDGLSdnm0n5rTRLOkJFkIR9zJ0R

You have an Azure subscription that contains 10 virtual machines on a virtual network. You need to create a graph visualization to display the traffic flow between the virtual machines. What should you do from Azure Monitor?

A.    From Activity log, use quick insights.
B.    From Metrics, create a chart.
C.    From Logs, create a new query.
D.    From Workbooks, create a workbook.

Answer: C
Navigate to Azure Monitor and select Logs to begin querying the data.

You have an Azure subscription that contains 100 virtual machines. You have a set of Pester tests in PowerShell that validate the virtual machine environment. You need to run the tests whenever there is an operating system update on the virtual machines. The solution must minimize implementation time and recurring costs. Which three resources should you use to implement the tests? (Each correct answer presents part of the solution. Choose three.)

A.    Azure Automation runbook
B.    an alert rule
C.    an Azure Monitor query
D.    a virtual machine that has network access to the 100 virtual machines
E.    an alert action group

Answer: ABE
AE: You can call Azure Automation runbooks by using action groups or by using classic alerts to automate tasks based on alerts.
B: Alerts are one of the key features of Azure Monitor. They allow us to alert on actions within an Azure subscription.

You have an Azure subscription. You have 100 Azure virtual machines. You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering. Which blade should you use?

A.    Metrics
B.    Customer sights
C.    Monitor
D.    Advisor

Answer: D
Advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources. You can get cost recommendations from the Cost tab on the Advisor dashboard.

You have an Azure App Service app. You need to implement tracing for the app. The tracing information must include the following:
– Usage trends
– AJAX call responses
– Page load speed by browser
– Server and browser exceptions
What should you do?

A.    Configure IIS logging in Azure Log Analytics.
B.    Configure a connection monitor in Azure Network Watcher.
C.    Configure custom logs in Azure Log Analytics.
D.    Enable the Azure Application Insights site extension.

Answer: D
For web pages, Application Insights JavaScript SDK automatically collects AJAX calls as dependencies.

You have an Azure virtual machine named VM1 and an Azure Active Directory (Azure AD) tenant named adatum.com. VM1 has the following settings:
– IP address:
– System-assigned managed identity: On
You need to create a script that will run from within VM1 to retrieve the authentication token of VM1. Which address should you use in the script?

A.    vm1.adatum.com.onmicrosoft.com
D.    vm1.adatum.com

Answer: B

You are designing an Azure solution. The solution must meet the following requirements:
– Distribute traffic to different pools of dedicated virtual machines (VMs) based on rules.
– Provide SSL offloading capabilities.
You need to recommend a solution to distribute network traffic. Which technology should you recommend?

A.    Azure Application Gateway
B.    Azure Load Balancer
C.    Azure Traffic Manager
D.    server-level firewall rules

Answer: A
If you require “SSL offloading”, application layer treatment, or wish to delegate certificate management to Azure, you should use Azure’s layer 7 load balancer Application Gateway instead of the Load Balanacer.
Not D: because Load Balancer is agnostic to the TCP payload and TLS offload (“SSL”) is not provided.

You are implementing authentication for applications in your company. You plan to implement self-service password reset (SSPR) and multifactor authentication (MFA) in Azure Active Directory (Azure AD). You need to select authentication mechanisms that can be used for both MFA and SSPR. Which two authentication methods should you use? (Each correct answer presents a complete solution. Choose two.)

A.    Authenticator app
B.    Email addresses
C.    App passwords
D.    Short Message Service (SMS) messages
E.    Security questions

Answer: AD
The following authentication mechanisms can be used for both MFA and SSPR:
– Short Message Service (SMS) messages
– Azure AD passwords
– Microsoft Authenticator app
– Voice call
Not B, E: The following authentication mechanisms are used for SSPR only:
– Email addresses
– Security questions
Not C: App passwords authentication mechanisms can be used for MFA only, but only in certain cases.

Your company has an Azure subscription. You enable multi-factor authentication (MFA) for all users. The company’s help desk reports an increase in calls from users who receive MFA requests while they work from the company’s main office. You need to prevent the users from receiving MFA requests when they sign in from the main office. What should you do?

A.    From Conditional access in Azure Active Directory (Azure AD), create a named location.
B.    From the MFA service settings, create a trusted IP range.
C.    From Conditional access in Azure Active Directory (Azure AD), create a custom control.
D.    From Azure Active Directory (Azure AD), configure organizational relationships.

Answer: B
The first thing you may want to do, before enabling Multi-Factor Authentication for any users, is to consider configuring some of the available settings. One of the most important features is a trusted IPs list. This will allow you to whitelist a range of IPs for your network. This way, when users are in the office, they will not get prompted with MFA, and when they take their devices elsewhere, they will.

You have an application named App1 that does not support Azure Active Directory (Azure AD) authentication. You need to ensure that App1 can send messages to an Azure Service Bus queue. The solution must prevent App1 from listening to the queue. What should you do?

A.    Configure Access control (IAM) for the Service Bus.
B.    Add a shared access policy to the queue.
C.    Modify the locks of the queue.
D.    Configure Access control (IAM) for the queue.

Answer: B
There are two ways to authenticate and authorize access to Azure Service Bus resources: Azure Activity Directory (Azure AD) and Shared Access Signatures (SAS). Each Service Bus namespace and each Service Bus entity has a Shared Access Authorization policy made up of rules.

An administrator plans to create a function app in Azure that will have the following settings:
– Runtime stack: .NET Core
– Operating System: Linux
– Plan type: Consumption
– Enable Application Insights: Yes
You need to ensure that you can back up the function app. Which settings should you recommend changing before creating the function app?

A.    Runtime stack
B.    Enable Application Insights
C.    Operating System
D.    Plan type

Answer: D
The Backup and Restore feature requires the App Service plan to be in the Standard, Premium or Isolated tier.

You have 10 Azure virtual machines on a subnet named Subnet1. Subnet1 is on a virtual network named VNet1. You plan to deploy a public Azure Standard Load Balancer named LB1 to the same Azure region as the 10 virtual machines. You need to ensure that traffic from all the virtual machines to the internet flows through LB1. The solution must prevent the virtual machines from being accessible on the internet. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

A.    Add health probes to LB1.
B.    Add the network interfaces of the virtual machines to the backend pool of LB1.
C.    Add an inbound rule to LB1.
D.    Add an outbound rule to LB1.
E.    Associate a network security group (NSG) to Subnet1.
F.    Associate a user-defined route to Subnet1.

Answer: ABD
A: To allow the Load Balancer to monitor the status of your app, you use a health probe. The health probe dynamically adds or removes VMs from the Load Balancer rotation based on their response to health checks.
B: To distribute traffic to the VMs, a backend address pool contains the IP addresses of the virtual (NICs) connected to the Load Balancer.
D: A Load Balancer rule is used to define how traffic is distributed to the VMs. Only outbound traffic is allowed.

You have SQL Server on an Azure virtual machine named SQL1. You need to automate the backup of the databases on SQL1 by using Automated Backup v2 for the virtual machines. The backups must meet the following requirements:
– Meet a recovery point objective (RPO) of 15 minutes.
– Retain the backups for 30 days.
– Encrypt the backups at rest.
What should you provision as part of the backup solution?

A.    Elastic Database jobs
B.    Azure Key Vault
C.    an Azure Storage account
D.    a Recovery Services vault

Answer: C
An Azure storage account is used for storing Automated Backup files in blob storage. A container is created at this location to store all backup files. The backup file naming convention includes the date, time, and database GUID.

You have resources in three Azure regions. Each region contains two virtual machines. Each virtual machine has a public IP address assigned to its network interface and a locally installed application named App1. You plan to implement Azure Front Door-based load balancing across all the virtual machines. You need to ensure that App1 on the virtual machines will only accept traffic routed from Azure Front Door. What should you implement?

A.    Azure Private Link
B.    service endpoints
C.    network security groups (NSGs) with service tags
D.    network security groups (NSGs) with application security groups

Answer: C
Configure IP ACLing for your backends to accept traffic from Azure Front Door’s backend IP address space and Azure’s infrastructure services only.

You have an Azure key vault named KV1. You need to ensure that applications can use KV1 to provision certificates automatically from an external certification authority (CA). Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A.    From KV1, create a certificate issuer resource.
B.    Obtain the CA account credentials.
C.    Obtain the root CA certificate.
D.    From KV1, create a certificate signing request (CSR).
E.    From KV1, create a private key,

Answer: CD

You have a server named Server1 that runs Windows Server 2019. Server1 is a container host. You are creating a Dockerfile to build a container image. You need to add a file named File1.txt from Server1 to a folder named C:\Folder1 in the container image.
Solution: You add the following line to the Dockerfile:
COPY File1.txt /Folder1/
You then build the container image.
Does this meet the goal?

A.    Yes
B.    No

Answer: A
Copy is the correct command to copy a file to the container image.

You have an Azure Active Directory (Azure AD) tenant named contoso.com. A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other identity Governance settings are available. Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles. You need to ensure that Admin1 can create access reviews in contoso.com.
Solution: You create an access package.
Does this meet the goal?

A.    Yes
B.    No

Answer: B
You do not use access packages for Identity Governance. Instead use Azure AD Privileged Identity Management.

You have two Azure SQL Database managed instances in different Azure regions. You plan to configure the managed instances in an instance failover group. What should you configure before you can add the managed instances to the instance failover group?

A.    an internal Azure Load Balancer instance that has managed instance endpoints in a backend pool
B.    Azure Private Link that has endpoints on two virtual networks
C.    an Azure Application Gateway that has managed instance endpoints in a backend pool
D.    a Site-to-Site VPN between the virtual networks that contain the instances

Answer: D
For two managed instances to participate in a failover group, there must be either ExpressRoute or a gateway configured between the virtual networks of the two managed instances to allow network communication. You create the two VPN gateways and connect them.
1. Create the gateway for the virtual network of your primary managed instance using the Azure portal.
2. Create the gateway for the virtual network of your secondary managed instance using the Azure portal.
3. Create a bidirectional connection between the two gateways of the two virtual networks.

You are designing a microservices architecture that will be hosted in an Azure Kubernetes Service (AKS) cluster. Apps that will consume the microservices will be hosted on Azure virtual machines. The virtual machines and the AKS cluster will reside on the same virtual network. You need to design a solution to expose the microservices to the consumer apps. The solution must meet the following requirements:
– Ingress access to the microservices must be restricted to a single private IP address and protected by using mutual TLS authentication.
– The number of incoming microservice calls must be rate-limited.
– Costs must be minimized.
What should you include in the solution?

A.    Azure App Gateway with Azure Web Application Firewall (WAF)
B.    Azure API Management Premium tier with virtual network connection
C.    Azure API Management Standard tier with a service endpoint
D.    Azure Front Door with Azure Web Application Firewall (WAF)

Answer: B
One option is to deploy APIM (API Management) inside the cluster VNet. The AKS cluster and the applications that consume the microservices might reside within the same VNet, hence there is no reason to expose the cluster publicly as all API traffic will remain within the VNet. For these scenarios, you can deploy API Management into the cluster VNet. API Management Premium tier supports VNet deployment.

You have an Azure subscription. The subscription has a blob container that contains multiple blobs. Ten users in the finance department of your company plan to access the blobs during the month of April. You need to recommend a solution to enable access to the blobs during the month of April only. Which security solution should you include in the recommendation?

A.    access keys
B.    conditional access policies
C.    certificates
D.    shared access signatures (SAS)

Answer: D

You are designing a SQL database solution. The solution will include 20 databases that will be 20 GB each and have varying usage patterns. You need to recommend a database platform to host the databases. The solution must meet the following requirements:
– The compute resources allocated to the databases must scale dynamically.
– The solution must meet an SLA of 99.99% uptime.
– The solution must have reserved capacity.
– Compute charges must be minimized.
What should you include in the recommendation?

A.    20 databases on a Microsoft SQL server that runs on an Azure virtual machine in an availability set
B.    20 instances of Azure SQL Database serverless
C.    20 databases on a Microsoft SQL server that runs on an Azure virtual machine
D.    an elastic pool that contains 20 Azure SQL databases

Answer: D
Azure SQL Database elastic pools are a simple, cost-effective solution for managing and scaling multiple databases that have varying and unpredictable usage demands. The databases in an elastic pool are on a single server and share a set number of resources at a set price. Elastic pools in Azure SQL Database enable SaaS developers to optimize the price performance for a group of databases within a prescribed budget while delivering performance elasticity for each database.

You have an app named App1 that uses two on-premises Microsoft SQL Server databases named DB1 and DB2. You plan to migrate DB1 and DB2 to Azure. You need to recommend an Azure solution to host DB1 and DB2. The solution must meet the following requirements:
– Support server-side transactions across DB1 and DB2.
– Minimize administrative effort to update the solution.
What should you recommend?

A.    two Azure SQL databases in an elastic pool
B.    two Azure SQL databases on different Azure SQL Database servers
C.    two Azure SQL databases on the same Azure SQL Database managed instance
D.    two SQL Server databases on an Azure virtual machine

Answer: C
SQL Managed Instance enables system administrators to spend less time on administrative tasks because the service either performs them for you or greatly simplifies those tasks.

You need to design a highly available Azure SQL database that meets the following requirements:
– Failover between replicas of the database must occur without any data loss.
– The database must remain available in the event of a zone outage.
– Costs must be minimized.
Which deployment option should you use?

A.    Azure SQL Database Standard
B.    Azure SQL Database Business Critical
C.    Azure SQL Database Managed Instance Business Critical
D.    Azure SQL Database Basic

Answer: A
Standard geo-replication is available with Standard and Premium databases in the current Azure Management Portal and standard APIs.
Not B: Business Critical service tier is designed for applications that require low-latency responses from the underlying SSD storage (1-2 ms in average), fast recovery if the underlying infrastructure fails, or need to off-load reports, analytics, and read-only queries to the free of charge readable secondary replica of the primary database.

You plan to deploy an Azure web app named App1 that will use Azure Active Directory (Azure AD) authentication. App1 will be accessed from the internet by the users at your company. All the users have computers that run Windows 10 and are joined to Azure AD. You need to recommend a solution to ensure that the users can connect to App1 without being prompted for authentication and can access App1 only from company-owned computers. What should you recommend for each requirement? (To answer, select the appropriate options in the answer area.)

Box 1: An Azure AD app registration. Azure active directory (AD) provides cloud based directory and identity management services.You can use azure AD to manage users of your application and authenticate access to your applications using azure active directory. You register your application with Azure active directory tenant.
Box 2: A conditional access policy. Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action. By using Conditional Access policies, you can apply the right access controls when needed to keep your organization secure and stay out of your user’s way when not needed.

Drag and Drop
The developers at your company are building a static web app to support users sending text messages. The app must meet the following requirements:
– Website latency must be consistent for users in different geographical regions.
– Users must be able to authenticate by using Twitter and Facebook.
– Code must include only HTML, native JavaScript, and jQuery.
– Costs must be minimized.
Which Azure service should you use to complete the architecture? (To answer, drag the appropriate services to the correct locations. Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)

Box 1: Azure App Service plan (Basic). With App Service you can authenticate your customers with Azure Active Directory, and integrate with Facebook, Twitter, Google.
Box 2: Azure Functions. You can send SMS messages with Azure Functions with Javascript.


Get the newest PassLeader AZ-304 VCE dumps here: https://www.passleader.com/az-304.html (345 Q&As Dumps)

And, DOWNLOAD the newest PassLeader AZ-304 PDF dumps from Cloud Storage for free: https://drive.google.com/drive/folders/1R6gKXyDGLSdnm0n5rTRLOkJFkIR9zJ0R