[Dec-2021] Microsoft AZ-304 Exam: Basic Questions With Answers
New 2021 Realistic Free Microsoft AZ-304 Exam Dump Questions & Answer
How to book the AZ-304: Microsoft Azure Architect Design Exam
These are following steps for registering the AZ-304: Microsoft Azure Architect Design exam.
- Step 1: Visit to Microsoft Learning and search for AZ-304: Developing Solutions for Microsoft Azure.
- Step 2: Sign up/Login to Pearson VUE account
- Step 3: Select local centre based on your country, date, time and confirm with a payment method.
Topics of AZ-304: Microsoft Azure Architect Design Exam
Candidates should apprehend the examination topics before they begin of preparation. because it’ll extremely facilitate them in touch the core. Our AZ-304 dumps will include the following topics:
1. Design Monitoring (10-15%)
Design for cost optimization
- Recommend solutions to minimize costs
- Recommend a solution for cost management and cost reporting
Design a solution for logging and monitoring
- Choose a mechanism for event routing and escalation
- Determine levels and storage locations for logs
- Recommend appropriate monitoring tool(s) for a solution
- Plan for integration with monitoring tools including Azure Monitor and Azure Sentinel
- Recommend a logging solution for compliance requirements
2. Design Identity and Security (25-30%)
Design authentication
- Recommend a solution for single-sign on
- Recommend a solution for network access authentication
- Recommend a solution for authentication
- Recommend a solution for Conditional Access, including multi-factor authentication
- Recommend a solution for a hybrid identity including Azure AD Connect and Azure AD
Connect Health
- Recommend a solution for user self-service
- Recommend and implement a solution for B2B integration
Design authorization
- Recommend an access management solution including RBAC policies, access reviews, role assignments, physical access, Privileged Identity Management (PIM), Azure AD Identity Protection, Just In Time (JIT) access
- Choose an authorization approach
- Recommend a hierarchical structure that includes management groups, subscriptions and resource groups
Design governance
- Recommend a strategy for tagging
- Recommend a solution for using Azure Blueprint
- Recommend a solution for using Azure Policy
Design security for applications
- Recommend a solution for integrating applications into Azure AD
- Recommend a solution that includes KeyVault
- Recommend a solution that includes Azure AD Managed Identities
3. Design Data Storage (15-20%)
Design a solution for databases
- Recommend a solution for database scalability
- Recommend database service tier sizing
- Select an appropriate data platform based on requirements
- Recommend a solution for encrypting data at rest, data in transmission, and data in use
Design data integration
- Recommend a solution for data integration, including Azure Data Factory, Azure Data Bricks, Azure Data Lake, Azure Synapse Analytics
- Recommend a data flow to meet business requirements
Select an appropriate storage account
- Recommend a storage access solution
- Recommend storage management tools
- Choose between storage tiers
4. Design Business Continuity (10-15%)
Design a solution for backup and recovery
- Recommend a solution for recovery in different regions
- Design a solution for data archiving and retention
- Recommend a recovery solution for Azure hybrid and on-premises workloads that meets recovery objectives (RTO, RLO, RPO)
- Recommend a solution for Azure Backup management
- Design and Azure Site Recovery solution
Design for high availability
- Recommend a solution for autoscaling
- Identify resources that require high availability
- Identify storage types for high availability
- Recommend a solution for application and workload redundancy, including compute, database, and storage
- Recommend a solution for geo-redundancy of workloads
5. Design Infrastructure (25-30%)
Design a compute solution
- Recommend a solution for containers (AKS versus ACI and the configuration of each one)
- Determine appropriate compute technologies, including virtual machines, App Services, Service Fabric, Azure Functions, Windows Virtual Desktop, and containers
- Recommend a solution for automating compute management
- Recommend a solution for compute provisioning
Design a network solution
- Recommend a solution for network provisioning
- Recommend a solution for automating network management
- Recommend a solution for network security- Private endpoints, firewalls, gateways.
- Recommend a solution for network addressing and name resolution
- Recommend a solution for network connectivity to the Internet, on-premises networks, and other Azure virtual networks
- Recommend a solution for load balancing and traffic routing
Design an application architecture
- Recommend a solution for API integration
- Recommend a microservices architecture including Event Grid, Event Hubs, Service Bus, Storage Queues, Logic Apps, Azure Functions, and webhooks
- Recommend an orchestration solution for deployment of applications including ARM templates, Logic Apps, or Azure Functions
Design migrations
- Assess and interpret on-premises servers, data, and applications for migration
- Recommend a solution for migration of databases
- Recommend a solution for migrating applications and VMs
NEW QUESTION 17
You are designing a microservices architecture that will use Azure Kubernetes Service (AKS) to host pods that run containers. Each pod deployment will host a separate API. Each API will be implemented as a separate service.
You need to recommend a solution to make the APIs available to external users from Azure API Management.
The solution must meet the following requirements:
* Control access to the APIs by using mutual TLS authentication between API Management and the AKS- based APIs.
* Provide access to the APIs by using a single IP address.
What should you recommend to provide access to the APIs?
- A. the LoadBalancer service in AKS
- B. custom network security groups (NSGs)
- C. the Ingress Controller in AKS
Answer: C
Explanation:
An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and TLS termination for Kubernetes services. Kubernetes ingress resources are used to configure the ingress rules and routes for individual Kubernetes services. Using an ingress controller and ingress rules, a single IP address can be used to route traffic to multiple services in a Kubernetes cluster.
Reference:
https://docs.microsoft.com/en-us/azure/aks/ingress-basic
NEW QUESTION 18
You have an Azure subscription that contains two applications named App1 and App2. App1 is a sales processing application. When a transaction in App1 requires shipping, a message is added to an Azure Storage account queue, and then App2 listens to the queue for relevant transactions.
In the future, additional applications will be added that will process some of the shipping requests based on the specific details of the transactions.
You need to recommend a replacement for the storage account queue to ensure that each additional application will be able to read the relevant transactions.
What should you recommend?
- A. one Azure Service Bus topic
- B. multiple storage account queues
- C. one Azure Service Bus queue
- D. one Azure Data Factory pipeline
Answer: A
Explanation:
A queue allows processing of a message by a single consumer. In contrast to queues, topics and subscriptions provide a one-to-many form of communication in a publish and subscribe pattern. It's useful for scaling to large numbers of recipients. Each published message is made available to each subscription registered with the topic. Publisher sends a message to a topic and one or more subscribers receive a copy of the message, depending on filter rules set on these subscriptions.
Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-queues-topics-subscriptions
NEW QUESTION 19
You design a solution for the web tier of WebApp1 as shown in the exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Explanation:
Explanation:
Box 1: Yes
Any new deployments to Azure must be redundant in case an Azure region fails.
Traffic Manager uses DNS to direct client requests to the most appropriate service endpoint based on a traffic-routing method and the health of the endpoints. An endpoint is any Internet-facing service hosted inside or outside of Azure. Traffic Manager provides a range of traffic-routing methods and endpoint monitoring options to suit different application needs and automatic failover models. Traffic Manager is resilient to failure, including the failure of an entire Azure region.
Box 2: Yes
Recent changes in Azure brought some significant changes in autoscaling options for Azure Web Apps (i.e. Azure App Service to be precise as scaling happens on App Service plan level and has effect on all Web Apps running in that App Service plan).
Box 3: No
Traffic Manager provides a range of traffic-routing methods and endpoint monitoring options to suit different application needs and automatic failover models. Traffic Manager is resilient to failure, including the failure of an entire Azure region.
Reference:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
https://blogs.msdn.microsoft.com/hsirtl/2017/07/03/autoscaling-azure-web-apps/
NEW QUESTION 20
You need to recommend a solution for configuring the Azure Multi-Factor Authentication (MFA) settings.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-mfa-policy
NEW QUESTION 21
You plan to import data from your on-premises environment into Azure. The data is shown in the following table.
What should you recommend using to migrate the data? To answer, drag the appropriate tools to the correct data sources. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/dms/tutorial-sql-server-to-azure-sql
https://docs.microsoft.com/en-us/azure/cosmos-db/import-data
NEW QUESTION 22
You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server 2016 and Linux.
You need to use Azure Log Analytics design an alerting strategy for security-related events.
Which Log Analytics tables should you query? To answer, drag the appropriate tables to the correct log types. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent
Windows Event logs --> Information sent to the Windows event logging system. Syslog --> Information sent to the Linux event logging system.
NEW QUESTION 23
You need to recommend a solution for the user at Contoso to authenticate to the cloud-based sconces and the Azure AD-integrated application. What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 24
You have an Azure Storage account that contains the data shown in the following exhibit.
You need to identify which files can be accessed immediately from the storage account.
Which files should you identify?
- A. File1.bin only
- B. File1.bin, File2.bin, and File3.bin
- C. File3.bin only
- D. File2.bin only
- E. File1.bin and File2.bin only
Answer: E
Explanation:
Hot - Optimized for storing data that is accessed frequently.
Cool - Optimized for storing data that is infrequently accessed and stored for at least 30 days.
Archive - Optimized for storing data that is rarely accessed and stored for at least 180 days with flexible latency requirements (on the order of hours).
Note: Lease state of the blob. Possible values: available|leased|expired|breaking|broken Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers
NEW QUESTION 25
You plan to deploy a network-intensive application to several Azure virtual machines.
You need to recommend a solution that meets the following requirements:
Minimizes the use of the virtual machine processors to transfer data
Minimizes network latency
Which virtual machine size and feature should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-hpc#h-series
NEW QUESTION 26
You have an Azure subscription that contains 300 Azure virtual machines that run Windows Server 2016.
You need to centrally monitor all warning events in the System logs of the virtual machines.
What should you include in the solutions? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows
NEW QUESTION 27
Your company has 20 web APIs that were developed in-house.
The company is developing 10 web apps that will use the web APIs. The web apps and the APIs are registered in the company's Azure Active Directory (Azure AD) tenant. The web APIs are published by using Azure API Management.
You need to recommend a solution to block unauthorized requests originating from the web apps from reaching the web APIs. The solution must meet the following requirements:
Use Azure AD-generated claims.
Minimize configuration and management effort.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
1. Azure AD https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#grant-permissions-in-azure-ad
2. API Management https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#configure-a-jwt-validation-policy-to-pre-authorize-requests
Answer:
Explanation:
NEW QUESTION 28
You are designing a microservices architecture that will support a web application.
The solution must meet the following requirements:
Allow independent upgrades to each microservice
Deploy the solution on-premises and to Azure
Set policies for performing automatic repairs to the microservices
Support low-latency and hyper-scale operations
You need to recommend a technology.
What should you recommend?
- A. Azure Service Fabric
- B. Azure Container Instance
- C. Azure Container Service
- D. Azure Virtual Machine Scale Set
Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-overview
NEW QUESTION 29
You have an Azure subscription that contains 300 Azure virtual machines that run Windows Server 2016.
You need to centrally monitor all warning events in the System logs of the virtual machines.
What should you include in the solutions? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows
NEW QUESTION 30
Your organization has developed and deployed several Azure App Service Web and API applications. The applications use Azure Key Vault to store several authentication, storage account, and data encryption keys. Several departments have the following requests to support the applications:
You need to recommend the appropriate Azure service for each department request.
What should you recommend? To answer, configure the appropriate options in the dialog box in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
NEW QUESTION 31
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.
Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network.
You need to enable single sign-on (SSO) for company users.
Solution: Install and configure an Azure AD Connect server to use password hash synchronization and select the Enable single sign-on option.
Does the solution meet the goal?
- A. No
- B. Yes
Answer: B
Explanation:
Explanation
Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) automatically signs users in when they are on their corporate devices connected to your corporate network. When enabled, users don't need to type in their passwords to sign in to Azure AD, and usually, even type in their usernames. This feature provides your users easy access to your cloud-based applications without needing any additional on-premises components.
Seamless SSO can be combined with either the Password Hash Synchronization or Pass-through Authentication sign-in methods.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso
NEW QUESTION 32
You have five .NET Core applications that run on 10 Azure virtual machines in the same subscription.
You need to recommend a solution to ensure that the applications can authenticate by using the same Azure Active Directory (Azure AD) identity. The solution must meet the following requirements:
* Ensure that the applications can authenticate only when running on the 10 virtual machines.
* Minimize administrative effort.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 33
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an on-premises Hyper-V cluster that hosts 20 virtual machines. Some virtual machines run Windows Server 2016 and some run Linux.
You plan to migrate the virtual machines to an Azure subscription.
You need to recommend a solution to replicate the disks of the virtual machines to Azure. The solution must ensure that the virtual machines remain available during the migration of the disks.
Solution: You recommend implementing an Azure Storage account that has a file service and a blob service, and then using the Data Migration Assistant.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
Explanation:
Data Migration Assistant is used to migrate SQL databases.
Instead use Azure Site Recovery.
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview
NEW QUESTION 34
You need to design an architecture to capture the creation of users and the assignment of roles. The captured data must be stored in Azure Cosmos DB.
Which Azure services should you include in the design? To answer, drag the appropriate services to the correct targets. Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 35
You have an Azure Active Directory (Azure AD) tenant.
You plan to deploy Azure Cosmos DB databases that will use the SQL API.
You need to recommend a solution to provide specific Azure AD user accounts with read access to the Cosmos DB databases.
What should you include in the recommendation?
- A. a resource token and an Access control (IAM) role assignment
- B. shared access signatures (SAS) and conditional access policies
- C. certificates and Azure Key Vault
- D. master keys and Azure Information Protection policies
Answer: A
Explanation:
The Access control (IAM) pane in the Azure portal is used to configure role-based access control on Azure Cosmos resources. The roles are applied to users, groups, service principals, and managed identities in Active Directory. You can use built-in roles or custom roles for individuals and groups. The following screenshot shows Active Directory integration (RBAC) using access control (IAM) in the Azure portal:
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/role-based-access-control
NEW QUESTION 36
You need to recommend a backup solution for the data store of the payment processing system.
What should you include in the recommendation?
- A. Azure Backup Server
- B. Azure SQL long-term backup retention
- C. Azure Managed Disks
- D. Microsoft System Center Data Protection Manager (DPM)
Answer: B
Explanation:
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-long-term-backup-retention-configure
NEW QUESTION 37
......
Who should take the AZ-304: Microsoft Azure Architect Design Exam
The AZ-304 Exam certification is an internationally-recognized certification which help to have validation for Azure Solution Architects who participate in all phases of advising stakeholders and translate business requirements into secure, scalable, and reliable solutions. Candidates should be proficient in IT operations, including networking, virtualization, identity, security, business continuity, disaster recovery, data platform, budgeting, and governance.
Guaranteed Success in Azure Solutions Architect Expert AZ-304 Exam Dumps: https://www.exam-killer.com/AZ-304-valid-questions.html
AZ-304 Practice Test Engine: Try These 273 Exam Questions: https://drive.google.com/open?id=1AVMyH8tXaP8Oa7jQxr0Lecfz2RaUD_5X
