Download Microsoft.AZ-304.VCEplus.2020-08-09.54q.vcex

Download Exam

File Info

Exam Microsoft Azure Architect Design
Number AZ-304
File Name Microsoft.AZ-304.VCEplus.2020-08-09.54q.vcex
Size 1 MB
Posted Aug 09, 2020
Download Microsoft.AZ-304.VCEplus.2020-08-09.54q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

A company has a hybrid ASP.NET Web API application that is based on a software as a service (SaaS) offering.
Users report general issues with the data. You advise the company to implement live monitoring and use ad hoc queries on stored JSON data. You also advise the company to set up smart alerting to detect anomalies in the data.
You need to recommend a solution to set up smart alerting.
What should you recommend?


  1. Azure Site Recovery and Azure Monitor Logs
  2. Azure Data Lake Analytics and Azure Monitor Logs 
  3. Azure Application Insights and Azure Monitor Logs
  4. Azure Security Center and Azure Data Lake Store
Correct answer: B
Explanation:
Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app.Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview
Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app.
Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview



Question 2

You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager resource deployments in your subscription.
What should you include in the recommendation?


  1. the Change Tracking management solution
  2. Application Insights
  3. Azure Monitor action groups
  4. Azure Activity Log
Correct answer: D
Explanation:
Activity logs are kept for 90 days. You can query for any range of dates, as long as the starting date isn't more than 90 days in the past.Through activity logs, you can determine:what operations were taken on the resources in your subscription who started the operation when the operation occurred the status of the operation the values of other properties that might help you research the operationReference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs
Activity logs are kept for 90 days. You can query for any range of dates, as long as the starting date isn't more than 90 days in the past.
Through activity logs, you can determine:
  • what operations were taken on the resources in your subscription 
  • who started the operation 
  • when the operation occurred 
  • the status of the operation 
  • the values of other properties that might help you research the operation
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs



Question 3

You have an Azure subscription that contains an Azure SQL database named DB1.
Several queries that query the data in DB1 take a long time to execute.
You need to recommend a solution to identify the queries that take the longest to execute.
What should you include in the recommendation?


  1. SQL Database Advisor
  2. Azure Monitor
  3. Performance Recommendations
  4. Query Performance Insight
Correct answer: D
Explanation:
Query Performance Insight provides intelligent query analysis for single and pooled databases. It helps identify the top resource consuming and long-running queries in your workload. This helps you find the queries to optimize to improve overall workload performance and efficiently use the resource that you are paying for.Reference: https://docs.microsoft.com/en-us/azure/azure-sql/database/query-performance-insight-use
Query Performance Insight provides intelligent query analysis for single and pooled databases. It helps identify the top resource consuming and long-running queries in your workload. This helps you find the queries to optimize to improve overall workload performance and efficiently use the resource that you are paying for.
Reference: https://docs.microsoft.com/en-us/azure/azure-sql/database/query-performance-insight-use



Question 4

You have an on-premises Hyper-V cluster. The cluster contains Hyper-V hosts that run Windows Server 2016 Datacenter. The hosts are licensed under a Microsoft Enterprise Agreement that has Software Assurance.
The Hyper-V cluster contains 30 virtual machines that run Windows Server 2012 R2. Each virtual machine runs a different workload. The workloads have predictable consumption patterns.
You plan to replace the virtual machines with Azure virtual machines that run Windows Server 2016. The virtual machines will be sized according to the consumption pattern of each workload.
You need to recommend a solution to minimize the compute costs of the Azure virtual machines.
Which two recommendations should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.


  1. Configure a spending limit in the Azure account center.
  2. Create a virtual machine scale set that uses autoscaling.
  3. Activate Azure Hybrid Benefit for the Azure virtual machines.
  4. Purchase Azure Reserved Virtual Machine Instances for the Azure virtual machines.
  5. Create a lab in Azure DevTest Labs and place the Azure virtual machines in the lab.
Correct answer: CD
Explanation:
C: For customers with Software Assurance, Azure Hybrid Benefit for Windows Server allows you to use your on-premises Windows Server licenses and run Windows virtual machines on Azure at a reduced cost. You can use Azure Hybrid Benefit for Windows Server to deploy new virtual machines with Windows OS.D: With Azure Reserved VM Instances (RIs) you reserve virtual machines in advance and save up to 80 percent.Reference: https://azure.microsoft.com/en-us/pricing/reserved-vm-instances/ https://docs.microsoft.com/en-us/azure/virtual-machines/windows/hybrid-use-benefit-licensing
C: For customers with Software Assurance, Azure Hybrid Benefit for Windows Server allows you to use your on-premises Windows Server licenses and run Windows virtual machines on Azure at a reduced cost. You can use Azure Hybrid Benefit for Windows Server to deploy new virtual machines with Windows OS.
D: With Azure Reserved VM Instances (RIs) you reserve virtual machines in advance and save up to 80 percent.
Reference: https://azure.microsoft.com/en-us/pricing/reserved-vm-instances/ https://docs.microsoft.com/en-us/azure/virtual-machines/windows/hybrid-use-benefit-licensing



Question 5

You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant. The subscription contains 10 resource groups, one for each department at your company.
Each department has a specific spending limit for its Azure resources.
You need to ensure that when a department reaches its spending limit, the compute resources of the department shut down automatically.
Which two features should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.


  1. Azure Logic Apps
  2. Azure Monitor alerts
  3. the spending limit of an Azure account
  4. Cost Management budgets
  5. Azure Log Analytics alerts
Correct answer: CD
Explanation:
C: The spending limit in Azure prevents spending over your credit amount. All new customers who sign up for an Azure free account or subscription types that include credits over multiple months have the spending limit turned on by default. The spending limit is equal to the amount of credit and it can't be changed.D: Turn on the spending limit after removingThis feature is available only when the spending limit has been removed indefinitely for subscription types that include credits over multiple months. You can use this feature to turn on your spending limit automatically at the start of the next billing period.Sign in to the Azure portal as the Account Administrator.Search for Cost Management + Billing.Etc.Reference: https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/spending-limit Testlet 1
C: The spending limit in Azure prevents spending over your credit amount. All new customers who sign up for an Azure free account or subscription types that include credits over multiple months have the spending limit turned on by default. The spending limit is equal to the amount of credit and it can't be changed.
D: Turn on the spending limit after removing
This feature is available only when the spending limit has been removed indefinitely for subscription types that include credits over multiple months. You can use this feature to turn on your spending limit automatically at the start of the next billing period.
  1. Sign in to the Azure portal as the Account Administrator.
  2. Search for Cost Management + Billing.
  3. Etc.
Reference: https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/spending-limit Testlet 1



Question 6

What should you include in the identity management strategy to support the planned changes?


  1. Move all the domain controllers from corp.fabrikam.com to virtual networks in Azure.
  2. Deploy domain controllers for the rd.fabrikam.com forest to virtual networks in Azure.
  3. Deploy domain controllers for corp.fabrikam.com to virtual networks in Azure.
  4. Deploy a new Azure AD tenant for the authentication of new R&D projects.
Correct answer: C
Explanation:
Directory synchronization between Azure Active Directory (Azure AD) and corp.fabrikam.com must not be affected by a link failure between Azure and the on-premises network. (This requires domain controllers in Azure)Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails. (This requires domain controllers on-premises)
Directory synchronization between Azure Active Directory (Azure AD) and corp.fabrikam.com must not be affected by a link failure between Azure and the on-premises network. (This requires domain controllers in Azure)
Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails. (This requires domain controllers on-premises)



Question 7

To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area. 
NOTE: Each correct selection is worth one point. 


Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
Box 1: 2The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.Box 2: 1Box 3: 1Scenario:Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials. All administrative access to the Azure portal must be secured by using multi-factor authentication.Note:Users must always authenticate by using their corp.fabrikam.com UPN identity.The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication.Rd.fabrikam.com is used by the research and development (R&D) department only.
Box 1: 2
The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.
Box 2: 1
Box 3: 1
Scenario:
  • Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.
  • Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials. All administrative access to the Azure portal must be secured by using multi-factor authentication.
Note:
Users must always authenticate by using their corp.fabrikam.com UPN identity.
The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.
Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication.
Rd.fabrikam.com is used by the research and development (R&D) department only.



Question 8

You plan to deploy an application named App1 that will run on five Azure virtual machines. Additional virtual machines will be deployed later to run App1.
You need to recommend a solution to meet the following requirements for the virtual machines that will run App1:
  • Ensure that the virtual machines can authenticate to Azure Active Directory (Azure AD) to gain access to an Azure key vault, Azure Logic Apps instances, and an Azure SQL database. 
  • Avoid assigning new roles and permissions for Azure services when you deploy additional virtual machines. 
  • Avoid storing secrets and certificates on the virtual machines.
Which type of identity should you include in the recommendation?


  1. a service principal that is configured to use a certificate
  2. a system-assigned managed identity
  3. a service principal that is configured to use a client secret
  4. a user-assigned managed identity
Correct answer: D
Explanation:
Managed identities for Azure resources is a feature of Azure Active Directory.User-assigned managed identity can be shared. The same user-assigned managed identity can be associated with more than one Azure resource.Incorrect Answers:B: System-assigned managed identity cannot be shared. It can only be associated with a single Azure resource.Reference: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
Managed identities for Azure resources is a feature of Azure Active Directory.
User-assigned managed identity can be shared. The same user-assigned managed identity can be associated with more than one Azure resource.
Incorrect Answers:
B: System-assigned managed identity cannot be shared. It can only be associated with a single Azure resource.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview



Question 9

You are designing a large Azure environment that will contain many subscriptions.
You plan to use Azure Policy as part of a governance solution.
To which three scopes can you assign Azure Policy definitions? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.


  1. management groups
  2. subscriptions
  3. Azure Active Directory (Azure AD) tenants
  4. resource groups
  5. Azure Active Directory (Azure AD) administrative units
  6. compute resources
Correct answer: ABD
Explanation:
Azure Policy evaluates resources in Azure by comparing the properties of those resources to business rules. Once your business rules have been formed, the policy definition or initiative is assigned to any scope of resources that Azure supports, such as management groups, subscriptions, resource groups, or individual resources.Reference:https://docs.microsoft.com/en-us/azure/governance/policy/overview
Azure Policy evaluates resources in Azure by comparing the properties of those resources to business rules. Once your business rules have been formed, the policy definition or initiative is assigned to any scope of resources that Azure supports, such as management groups, subscriptions, resource groups, or individual resources.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview



Question 10

You have an Azure Active Directory (Azure AD) tenant.
You plan to deploy Azure Cosmos DB databases that will use the SQL API.
You need to recommend a solution to provide specific Azure AD user accounts with read access to the Cosmos DB databases.
What should you include in the recommendation?


  1. shared access signatures (SAS) and conditional access policies
  2. certificates and Azure Key Vault
  3. a resource token and an Access control (IAM) role assignment
  4. master keys and Azure Information Protection policies 
Correct answer: C
Explanation:
The Access control (IAM) pane in the Azure portal is used to configure role-based access control on Azure Cosmos resources. The roles are applied to users, groups, service principals, and managed identities in Active Directory. You can use built-in roles or custom roles for individuals and groups. The following screenshot shows Active Directory integration (RBAC) using access control (IAM) in the Azure portal:   Reference: https://docs.microsoft.com/en-us/azure/cosmos-db/role-based-access-control
The Access control (IAM) pane in the Azure portal is used to configure role-based access control on Azure Cosmos resources. The roles are applied to users, groups, service principals, and managed identities in Active Directory. You can use built-in roles or custom roles for individuals and groups. The following screenshot shows Active Directory integration (RBAC) using access control (IAM) in the Azure portal:
 
Reference: https://docs.microsoft.com/en-us/azure/cosmos-db/role-based-access-control









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files