Microsoft AZ-204 Online Practice Questions and Exam Preparation

Microsoft AZ-204 Online Questions & Answers

• Question 1:

  HOTSPOT

  You are developing an application that monitors data added to an Azure Blob storage account.

  You need to process each change made to the storage account.

  How should you complete the code segment? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

• Question 2:

  You are developing an ASP.NET Core app hosted in Azure App Service.

  The app requires custom claims to be returned from Microsoft Entra ID for user authorization. The claims must be removed when the app registration is removed.

  You need to include the custom claims in the user access token.

  What should you do?

  A. Require the https://graph.microsoft.com/.default scope during authentication.
  B. Configure the app to use the OAuth 2.0 authorization code flow.
  C. Implement custom middleware to retrieve role information from Azure AD.
  D. Add the groups to the groupMembershipClaims attribute in the app manifest.
  E. Add the roles to the appRoles attribute in the app manifest.
  B. Configure the app to use the OAuth 2.0 authorization code flow.

  ---

  Explanation

  Enable your App for a claims mapping policy

  A claims mapping policy is used to select which attributes returned from the custom authentication extension are mapped into the token. To allow tokens to be augmented, you must explicitly enable the application registration to accept mapped claims:

  In your My Test application registration, under Manage, select Manifest.

  In the manifest, locate the acceptMappedClaims attribute, and set the value to true.

  Set the accessTokenAcceptedVersion to 2.

  Select Save to save the changes.

  The following JSON snippet demonstrates how to configure these properties.

  {

  "acceptMappedClaims": true, "accessTokenAcceptedVersion": 2, "appId": "22222222-0000-0000-0000-000000000000",

  } Note:

  To test your custom claim provider, follow these steps:

  1. Open a new private browser and navigate and sign-in through the following URL.

  https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize?client_id={App_to_enrich_ID}&response_type=id_token&redirect_uri=

  https://jwt.ms&scope=openid&state=12345&nonce=12345

  2. Replace {tenant-id} with your tenant ID, tenant name, or one of your verified domain names. For example, contoso.onmicrosoft.com.

  3. Replace {App_to_enrich_ID} with the My Test application registration ID.

  3. After logging in, you'll be presented with your decoded token at

  https://jwt.ms.

  Validate that the claims from the Azure Function are presented in the decoded token, for example, dateOfBirth.

  https://learn.microsoft.com/en-us/entra/identity-platform/custom-extension-get-started

• Question 3:

  DRAG DROP

  You are developing a .NET Core model-view controller (MVC) application hosted on Azure for a health care system that allows providers access to their information.

  You develop the following code:

  

  You define a role named SysAdmin.

  You need to ensure that the application meets the following authorization requirements: Allow the ProviderAdmin and SysAdmin roles access to the Partner controller regardless of whether the user holds an editor claim of partner.

  Limit access to the Manage action of the controller to users with an editor claim of partner who are also members of the SysAdmin role.

  How should you complete the code? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  

  ---

  Box 1:

  Allow the ProviderAdmin and SysAdmin roles access to the Partner controller regardless of whether the user holds an editor claim of partner.

  Box 2:

  Limit access to the Manage action of the controller to users with an editor claim of partner who are also members of the SysAdmin role.

• Question 4:

  You develop an Azure App Service web app and deploy to a production environment. You enable Application Insights for the web app.

  The web app is throwing multiple exceptions in the environment.

  You need to examine the state of the source code and variables when the exceptions are thrown.

  Which Application Insights feature should you configure?

  A. Smart detection
  B. Profiler
  C. Snapshot Debugger
  D. Standard test
  C. Snapshot Debugger

  ---

  Explanation

  Exceptions in web applications can be reported with Application Insights. You can correlate failed requests with exceptions and other events on both the client and server so that you can quickly diagnose the causes.

  When an exception occurs, you can automatically collect a debug snapshot from your live web application. The debug snapshot shows the state of source code and variables at the moment the exception was thrown.

  The Snapshot Debugger in Azure Application Insights:

  Monitors system-generated logs from your web app.

  Collects snapshots on your top-throwing exceptions.

  Provides information you need to diagnose issues in production.

  https://learn.microsoft.com/en-us/azure/azure-monitor/snapshot-debugger/snapshot-debugger

• Question 5:

  HOTSPOT

  You are developing an application that monitors data added to an Azure Blob storage account.

  You need to process each change made to the storage account.

  How should you complete the code segment? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  1. box:

  - GetChanges() - wrong - var c in the foreach would be BlobChangeFeedEvent which doesn't contain Values property used in ProcessChanges(c.Values) line below

  - GetChangesAsync - wrong - code won't compile because it would require await foreach loop instead

  - GetChanges(x).AsPages() - correct - it's the only option to make this code even compile

  - GetChanges(x).GetEnumerator() - wrong - you cannot use IEnumerator type as foreach source

  2. box:

  - x = c.ContinuationToken - right - variable x was used as continuationToken parameter in changeFeedClient.GetChanges(x).AsPages() above

  - c.GetRawResponse().ReasonPhrase - wrong - that does not make sense to use this value as continuation token

  - x = c.Values.Min - wrong - continuation token is a number not date

  - x = c.Values.Max - wrong - as above

  So to sum up

  1. changeFeedClient.GetChanges(x).AsPages()

  2. x = c.ContinuationToken;

  https://jessehouwing.net/azure-devops-accessing-apis-with-large-volumes-of-data/

• Question 6:

  Your company has an Azure subscription.

  You need to deploy a number of Azure virtual machines to the subscription by using Azure Resource Manager (ARM) templates. The virtual machines will be included in a single availability set. You need to ensure that the ARM template allows for as many virtual machines as possible to remain accessible in the event of fabric failure or maintenance.

  Which of the following is the value that you should configure for the platformFaultDomainCount property?

  A. 10
  B. 30
  C. Min Value
  D. Max Value
  D. Max Value

  ---

  Explanation

  The number of fault domains for managed availability sets varies by region - either two or three per region.

  https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability

• Question 7:

  HOTSPOT

  You need to configure the integration for Azure Service Bus and Azure Event Grid.

  How should you complete the CLI statement? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  

  

  ---

  Box 1: eventgrid

  To create event subscription use: az eventgrid event-subscription create

  Box 2: event-subscription

  Box 3: servicebusqueue

  Scenario: Azure Service Bus and Azure Event Grid

  Azure Event Grid must use Azure Service Bus for queue-based load leveling.

  Events in Azure Event Grid must be routed directly to Service Bus queues for use in buffering.

  Events from Azure Service Bus and other Azure services must continue to be routed to Azure Event Grid for processing.

  https://docs.microsoft.com/en-us/cli/azure/eventgrid/event-subscription?view=azure-cli-latest#az_eventgrid_event_subscription_create

• Question 8:

  A company is developing a solution that allows smart refrigerators to send temperature information to a central location. You have an existing Service Bus.

  The solution must receive and store messages until they can be processed. You create an Azure Service Bus instance by providing a name, pricing tier, subscription, resource group, and location.

  You need to complete the configuration.

  Which Azure CLI or PowerShell command should you run?

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  D. Option D

  ---

  Explanation

  A service bus instance has already been created (Step 2 below). Next is step 3, Create a Service Bus queue.

  Note:

  Steps:

  Step 1: # Create a resource group resourceGroupName="myResourceGroup" az group create --name $resourceGroupName --location eastus

  Step 2: # Create a Service Bus messaging namespace with a unique name namespaceName=myNameSpace$RANDOM az servicebus namespace create --resource-group $resourceGroupName --name $namespaceName --location eastus

  Step 3: # Create a Service Bus queue az servicebus queue create --resource-group $resourceGroupName --namespace-name $namespaceName --name BasicQueue

  Step 4: # Get the connection string for the namespace connectionString=$(az servicebus namespace authorization-rule keys list --resource-group $resourceGroupName --namespace-name $namespaceName --name RootManageSharedAccessKey --query primaryConnectionString --output tsv)

  References:

  https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-quickstart-cli

• Question 9:

  DRAG DROP

  You are preparing to deploy an application to an Azure Kubernetes Service (AKS) cluster.

  The application must only be available from within the VNet that includes the cluster.

  You need to deploy the application.

  How should you complete the deployment YAML? To answer, drag the appropriate YAML segments to the correct locations. Each YAML segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  

  ---

  To create an internal load balancer, create a service manifest named internal-lb.yaml with the service type LoadBalancer and the azure-load-balancer-internal annotation as shown in the following example:

  YAML:

  apiVersion: v1

  kind: Service

  metadata:

  name: internal-app

  annotations:

  service.beta.kubernetes.io/azure-load-balancer-internal: "true" spec:

  type: LoadBalancer

  ports:

  - port: 80

  selector:

  app: internal-app

  References:

  https://docs.microsoft.com/en-us/azure/aks/internal-lb

• Question 10:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You are developing a mobile app that uses an Azure SQL Database named Weyland.

  The database contains a table names Customers that has a field named email_address.

  You want to implement dynamic data masking to hide the data in the email_address field.

  Solution: You run the Set-AzSqlDatabaseDataMaskingRule

  -DatabaseName "Weyland" -SchemaName "dbo"

  -TableName "Customers" -ColumnName "email_address"

  -MaskingFunction "email" Powershell cmdlet Does the solution meet the goal?

  A. Yes
  B. No
  A. Yes

  ---

  Explanation

  https://docs.microsoft.com/en-us/powershell/module/az.sql/Set-AzSqlDatabaseDataMaskingRule?view=azps-4.2.0