Microsoft Role-based AZ-204 Questions & Answers

• Question 1:

  DRAG DROP

  You need to ensure disaster recovery requirements are met.

  What code should you add at line PC16?

  To answer, drag the appropriate code fragments to the correct locations. Each code fragment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  Correct Answer:

  

  Scenario: Disaster recovery. Regional outage must not impact application availability. All DR operations must not be dependent on application running and must ensure that data in the DR region is up to date.

  Box 1: DirectoryTransferContext

  We transfer all files in the directory.

  Note: The TransferContext object comes in two forms: SingleTransferContext and DirectoryTransferContext. The former is for transferring a single file and the latter is for transferring a directory of files.

  Box 2: ShouldTransferCallbackAsync

  The DirectoryTransferContext.ShouldTransferCallbackAsync delegate callback is invoked to tell whether a transfer should be done.

  Box 3: False

  If you want to use the retry policy in Copy, and want the copy can be resume if break in the middle, you can use SyncCopy (isServiceCopy = false).

  Note that if you choose to use service side copy ('isServiceCopy' set to true), Azure (currently) doesn't provide SLA for that. Setting 'isServiceCopy' to false will download the source blob loca

  Reference:

  https://docs.microsoft.com/en-us/azure/storage/common/storage-use-data-movement-library

  https://docs.microsoft.com/en-us/dotnet/api/microsoft.windowsazure.storage.datamovement.directorytransfercontext.shouldtransfercallbackasync?view=azure-dotnet

• Question 2:

  DRAG DROP

  You need to add code at line PC32 in Processing.cs to implement the GetCredentials method in the Processing class.

  How should you complete the code? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to

  view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  Correct Answer:

  

  Box 1: AzureServiceTokenProvider()

  Box 2: tp.GetAccessTokenAsync("..")

  Acquiring an access token is then quite easy. Example code:

  private async Task GetAccessTokenAsync()

  { var tokenProvider = new AzureServiceTokenProvider(); return await tokenProvider.GetAccessTokenAsync("https://storage.azure.com/");

  }

  Reference: https://joonasw.net/view/azure-ad-authentication-with-azure-storage-and-managed-service-identity

• Question 3:

  DRAG DROP

  You need to add code at line EG15 in EventGridController.cs to ensure that the Log policy applies to all services.

  How should you complete the code? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to

  view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  Correct Answer:

  

  Scenario, Log policy: All Azure App Service Web Apps must write logs to Azure Blob storage. Box 1: Status Box 2: Succeeded Box 3: operationName

  Microsoft.Web/sites/write is resource provider operation. It creates a new Web App or updates an existing one.

  Reference:

  https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations

• Question 4:

  DRAG DROP

  You need to ensure that PolicyLib requirements are met.

  How should you complete the code segment? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes

  or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  Correct Answer:

  

  Scenario: You have a shared library named PolicyLib that contains functionality common to all ASP.NET Core web services and applications. The PolicyLib library must:

  1.

  Exclude non-user actions from Application Insights telemetry.

  2.

  Provide methods that allow a web service to scale itself.

  3.

  Ensure that scaling actions do not disrupt application usage.

  Box 1: ITelemetryInitializer

  Use telemetry initializers to define global properties that are sent with all telemetry; and to override selected behavior of the standard telemetry modules.

  Box 2: Initialize

  Box 3: Telemetry.Context

  Box 4: ((EventTelemetry)telemetry).Properties["EventID"]

  Reference:

  https://docs.microsoft.com/en-us/azure/azure-monitor/app/api-filtering-sampling

• Question 5:

  DRAG DROP

  You need to implement telemetry for non-user actions.

  How should you complete the Filter class? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  Correct Answer:

  

  Scenario: Exclude non-user actions from Application Insights telemetry.

  Box 1: ITelemetryProcessor

  To create a filter, implement ITelemetryProcessor. This technique gives you more direct control over what is included or excluded from the telemetry stream.

  Box 2: ITelemetryProcessor

  Box 3: ITelemetryProcessor

  Box 4: RequestTelemetry

  Box 5: /health

  To filter out an item, just terminate the chain.

  Reference:

  https://docs.microsoft.com/en-us/azure/azure-monitor/app/api-filtering-sampling

• Question 6:

  DRAG DROP You need to implement the Log policy. How should you complete the Azure Event Grid subscription? To answer, drag the appropriate JSON segments to the correct locations. Each JSON segment may be used once, more than once, or not at all. You may need to drag the split bar

  between panes to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  Correct Answer:

  

  Box 1:WebHook

  Scenario: If an anomaly is detected, an Azure Function that emails administrators is called by using an HTTP WebHook.

  endpointType: The type of endpoint for the subscription (webhook/HTTP, Event Hub, or queue).

  Box 2: SubjectBeginsWith

  Box 3: Microsoft.Storage.BlobCreated

  Scenario: Log Policy

  All Azure App Service Web Apps must write logs to Azure Blob storage. All log files should be saved to a container named logdrop. Logs must remain in the container for 15 days.

  Example subscription schema { "properties": {

  "destination": {

  "endpointType": "webhook",

  "properties": {

  "endpointUrl": "https://example.azurewebsites.net/api/HttpTriggerCSharp1?code=VXbGWce53l48Mt8wuotr0GPmyJ/nDT4hgdFj9DpBiRt38qqnnm5OFg=="

  }

  },

  "filter": {

  "includedEventTypes": [ "Microsoft.Storage.BlobCreated", "Microsoft.Storage.BlobDeleted" ],

  "subjectBeginsWith": "blobServices/default/containers/mycontainer/log",

  "subjectEndsWith": ".jpg",

  "isSubjectCaseSensitive ": "true"

  } } }

  Reference: https://docs.microsoft.com/en-us/azure/event-grid/subscription-creation-schema

• Question 7:

  DRAG DROP

  You need to correct the corporate website error.

  Which four actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

  Select and Place:

  

  Correct Answer:

  

  Scenario: Corporate website

  While testing the site, the following error message displays:

  CryptographicException: The system cannot find the file specified.

  Step 1: Generate a certificate

  Step 2: Upload the certificate to Azure Key Vault Scenario: All SSL certificates and credentials must be stored in Azure Key Vault. Step 3: Import the certificate to Azure App Service Step 4: Update line SCO5 of Security.cs to include error handling and then redeploy the code Reference:

  https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate

• Question 8:

  DRAG DROP

  You need to add YAML markup at line CS17 to ensure that the ContentUploadService can access Azure Storage access keys.

  How should you complete the YAML markup? To answer, drag the appropriate YAML segments to the correct locations. Each YAML segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  Correct Answer:

  

  Box 1: volumeMounts Example: volumeMounts:

  -mountPath: /mnt/secrets

  name: secretvolume1 volumes:

  -name: secretvolume1

  secret: mysecret1: TXkgZmlyc3Qgc2VjcmV0IEZPTwo=

  Box 2: volumes

  Box 3: secret

  Reference: https://docs.microsoft.com/en-us/azure/container-instances/container-instances-volume-secret

• Question 9:

  DRAG DROP

  You need to add markup at line AM04 to implement the ContentReview role.

  How should you complete the markup? To answer, drag the appropriate json segments to the correct locations. Each json segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll

  to view content.

  NOTE: Each correct selection is worth one point.

  Select and Place:

  

  Correct Answer:

  

  Box 1: allowedMemberTypes

  allowedMemberTypes specifies whether this app role definition can be assigned to users and groups by setting to "User", or to other applications (that are accessing this application in daemon service scenarios) by setting to "Application", or

  to both.

  Note: The following example shows the appRoles that you can assign to users.

  "appId": "8763f1c4-f988-489c-a51e-158e9ef97d6a",

  "appRoles": [

  {

  "allowedMemberTypes": [

  "User"

  ],

  "displayName": "Writer",

  "id": "d1c2ade8-98f8-45fd-aa4a-6d06b947c66f",

  "isEnabled": true,

  "description": "Writers Have the ability to create tasks.",

  "value": "Writer"

  } ], "availableToOtherTenants": false,

  Box 2: User

  Scenario: In order to review content a user must be part of a ContentReviewer role.

  Box 3: value

  value specifies the value which will be included in the roles claim in authentication and access tokens.

  Reference:

  https://docs.microsoft.com/en-us/graph/api/resources/approle

• Question 10:

  DRAG DROP

  You need to support the message processing for the ocean transport workflow.

  Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

  Select and Place:

  

  Correct Answer:

  

  Step 1: Create an integration account in the Azure portal

  You can define custom metadata for artifacts in integration accounts and get that metadata during runtime for your logic app to use. For example, you can provide metadata for artifacts, such as partners, agreements, schemas, and maps - all

  store metadata using key-value pairs.

  Step 2: Link the Logic App to the integration account

  A logic app that's linked to the integration account and artifact metadata you want to use.

  Step 3: Add partners, schemas, certificates, maps, and agreements

  Step 4: Create a custom connector for the Logic App.

  Reference:

  https://docs.microsoft.com/bs-latn-ba/azure/logic-apps/logic-apps-enterprise-integration-metadata