• Home
  • Articles
  • 2024 Updated Microsoft AZ-304 Certification Study Guide Pass AZ-304 Fast [Q25-Q42]

2024 Updated Microsoft AZ-304 Certification Study Guide Pass AZ-304 Fast [Q25-Q42]

Share

2024 Updated Microsoft AZ-304 Certification Study Guide Pass AZ-304 Fast

AZ-304 Dumps PDF 2024 Program Your Preparation EXAM SUCCESS


Microsoft AZ-304 certification exam is aimed at professionals who have a strong background in Azure and are able to demonstrate their expertise in designing Azure solutions. It is intended for architects, engineers, and consultants who are responsible for designing solutions that are based on Microsoft Azure. Microsoft Azure Architect Design certification is also suitable for individuals who are looking to advance their careers in the field of Cloud Computing and Azure Architecture.

 

NEW QUESTION # 25
You need to recommend a solution for configuring the Azure Multi-Factor Authentication (MFA) settings.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-mfa-policy


NEW QUESTION # 26
You deploy several Azure SQL Database instances.
You plan to configure the Diagnostics settings on the databases as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

In the exhibit, the SQLInsights data is configured to be stored in Azure Log Analytics for 90 days. However, the question is asking for the "maximum" amount of time that the data can be stored which is 730 days.


NEW QUESTION # 27
You plan to create an Azure Cosmos DB account that uses the SQL API. The account will contain data added by a web application. The web application will send data daily.
You need to recommend a notification solution that meets the following requirements:
* Sends email notifications when data is received from the web application
* Minimizes compute cost
What should you include in the recommendation?

  • A. Deploy an Azure logic app that has a webhook configured to use a SendGrid action.
  • B. Deploy a function app that is configured to use the Consumption plan and a SendGrid binding.
  • C. Deploy an Azure logic app that has a SendGrid connector configured to use an Azure Cosmos DB action.
  • D. Deploy a function app that is configured to use the Consumption plan and an Azure Event Hubs binding.

Answer: B

Explanation:
Explanation
You can send email by using SendGrid bindings in Azure Functions. Azure Functions supports an output binding for SendGrid.
Note: When you're using the Consumption plan, instances of the Azure Functions host are dynamically added and removed based on the number of incoming events.
Reference:
https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-sendgrid
https://docs.microsoft.com/en-us/azure/azure-functions/functions-scale#consumption-plan


NEW QUESTION # 28
Your company purchases an app named App1.
You plan to run App1 on seven Azure virtual machines in an Availability Set. The number of fault domains is set to 3. The number of update domains is set to 20.
You need to identify how many App1 instances will remain available during a period of planned maintenance.
How many App1 instances should you identify?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: B

Explanation:
Only one update domain is rebooted at a time. Here there are 7 update domain with one VM each (and 13 update domain with no VM).
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability


NEW QUESTION # 29
You use Azure virtual machines to run a custom application that uses an Azure SQL database on the back end.
The IT apartment at your company recently enabled forced tunneling,
Since the configuration change, developers have noticed degraded performance when they access the database You need to recommend a solution to minimize latency when accessing the database. The solution must minimize costs What should you include in the recommendation?

  • A. Azure virtual machines that run Microsoft SQL Server servers
  • B. virtual network (VNET) service endpoint
  • C. Always On availability groups
  • D. Azure SQL Database Managed instance

Answer: B


NEW QUESTION # 30
You have an Azure Storage v2 account named storage1.
You plan to archive data to storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
What should you do?

  • A. You create a file share, and you configure an access policy.
  • B. You create an Azure Blob storage container, and you configure a legal hold access policy.
  • C. You create an Azure Blob storage container, and you configure a time-based retention policy and lock the policy.
  • D. You create a file share and snapshots.

Answer: C


NEW QUESTION # 31
You need to configure an Azure policy to ensure that the Azure SQL databases have TDE enabled. The solution must meet the security and compliance requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer:

Explanation:

Explanation
A picture containing text Description automatically generated

Scenario: All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.
Step 1: Create an Azure policy definition that uses the deployIfNotExists identity.
The first step is to define the roles that deployIfNotExists and modify needs in the policy definition to successfully deploy the content of your included template.
Step 2: Create an Azure policy assignment
When creating an assignment using the portal, Azure Policy both generates the managed identity and grants it the roles defined in roleDefinitionIds.
Step 3: Invoke a remediation task
Resources that are non-compliant to a deployIfNotExists or modify policy can be put into a compliant state through Remediation. Remediation is accomplished by instructing Azure Policy to run the deployIfNotExists effect or the modify operations of the assigned policy on your existing resources and subscriptions, whether that assignment is to a management group, a subscription, a resource group, or an individual resource.
During evaluation, the policy assignment with deployIfNotExists or modify effects determines if there are non-compliant resources or subscriptions. When non-compliant resources or subscriptions are found, the details are provided on the Remediation page.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources


NEW QUESTION # 32
You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
* Provide access to the full .NET framework.
* Provide redundancy if an Azure region fails.
* Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy a virtual machine scale set that uses autoscaling.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A


NEW QUESTION # 33
What should you include in the identity management strategy to support the planned changes?

  • A. Deploy a new Azure AD tenant for the authentication of new R&D projects.
  • B. Deploy domain controllers for the rd.fabrikam.com forest to virtual networks in Azure.
  • C. Deploy domain controllers for corp.fabrikam.com to virtual networks in Azure.
  • D. Move all the domain controllers from corp.fabrikam.com to virtual networks in Azure.

Answer: C

Explanation:
Directory synchronization between Azure Active Directory (Azure AD) and corp.fabrikam.com must not be affected by a link failure between Azure and the on-premises network. (This requires domain controllers in Azure) Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails. (This requires domain controllers on-premises)
Topic 3, Litware, Inc
Existing Environment.
Identity Environment
The network contains an Active Directory forest named Litware.com that is linked to an Azure Active Directory (Azure AD) tenant named Litware.com. All users have Azure Active Directory Premium P2 licenses.
Litware has a second Azure AD tenant named dev.Litware.com that is used as a development environment.
The Litware.com tenant has a conditional access policy named capolicy1. Capolicy1 requires that when users manage the Azure subscription for a production environment by using the Azure portal, they must connect from a hybrid Azure AD-joined device.
Existing Environment. Azure Environment
Litware has 10 Azure subscriptions that are linked to the Litware.com tenant and five Azure subscriptions that are linked to the dev.Litware.com tenant. All the subscriptions are in an Enterprise Agreement (EA).
The Litware.com tenant contains a custom Azure role-based access control (Azure RBAC) role named Role1 that grants the DataActions read permission to the blobs and files in Azure Storage.
Existing Environment. On-premises Environment
The on-premises network of Litware contains the resources shown in the following table.

Existing Environment. Network Environment
Litware has ExpressRoute connectivity to Azure.
Planned Changes and Requirements. Planned Changes
Litware plans to implement the following changes:
Migrate DB1 and DB2 to Azure.
Migrate App1 to Azure virtual machines.
Deploy the Azure virtual machines that will host App1 to Azure dedicated hosts.
Planned Changes and Requirements. Authentication and Authorization Requirements Litware identifies the following authentication and authorization requirements:
Users that manage the production environment by using the Azure portal must connect from a hybrid Azure AD-joined device and authenticate by using Azure Multi-Factor Authentication (MFA).
The Network Contributor built-in RBAC role must be used to grant permission to all the virtual networks in all the Azure subscriptions.
To access the resources in Azure, App1 must use the managed identity of the virtual machines that will host the app.
Role1 must be used to assign permissions to the storage accounts of all the Azure subscriptions.
RBAC roles must be applied at the highest level possible.
Planned Changes and Requirements. Resiliency Requirements
Litware identifies the following resiliency requirements:
Once migrated to Azure, DB1 and DB2 must meet the following requirements:
- Maintain availability if two availability zones in the local Azure region fail.
- Fail over automatically.
- Minimize I/O latency.
App1 must meet the following requirements:
- Be hosted in an Azure region that supports availability zones.
- Be hosted on Azure virtual machines that support automatic scaling.
- Maintain availability if two availability zones in the local Azure region fail.
Planned Changes and Requirements. Security and Compliance Requirements
Litware identifies the following security and compliance requirements:
Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years.
On-premises users and services must be able to access the Azure Storage account that will host the data in App1.
Access to the public endpoint of the Azure Storage account that will host the App1 data must be prevented.
All Azure SQL databases in the production environment must have Transparent Data Encryption (TDE) enabled.
App1 must not share physical hardware with other workloads.
Planned Changes and Requirements. Business Requirements
Litware identifies the following business requirements:
Minimize administrative effort.
Minimize costs.


NEW QUESTION # 34
You need to recommend a solution for the data store of the historical transaction query system.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 35
You need to recommend a solution for data of the historical transaction query system.
What should you include in the recommendation? To answer, Select the appropriate or options in the answer area.
NOTE: Each correct selection is worth one point

Answer:

Explanation:


NEW QUESTION # 36
You need to recommend a solution for the user at Contoso to authenticate to the cloud-based sconces and the Azure AD-integrated application. What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 37
You have an Azure Storage account that contains the data shown in the following exhibit.

  • A. File1.bin and File2.bin only
  • B. File1. bin only
  • C. File2.bin only
  • D. File1.bin File2.bin File3.bin
  • E. File3.bin only

Answer: E


NEW QUESTION # 38
You ate designing a SQL database solution. The solution will include 20 databases that will be 20 GB each and have varying usage patterns. You need to recommend a database platform to host the databases. The solution must meet the following requirements:
* The compute resources allocated to the databases must scale dynamically.
* The solution must meet an SLA of 99.99% uptime.
* The solution must have reserved capacity.
* Compute charges must be minimized.
What should you include in the recommendation?

  • A. 20 databases on a Microsoft SQL server that runs on an Azure virtual machine
  • B. 20 instances of Azure SQL Database serverless
  • C. an elastic pool that contains 20 Azure SQL databases
  • D. 20 databases on a Microsoft SQL server that runs on an Azure virtual machine in an availability set

Answer: A


NEW QUESTION # 39
You plan to deploy logical Azure SQL Database servers to the East US Azure region and the West US Azure region. Each server will contain 20 databases. Each database will be accessed by a different user who resides in a different on-premises location. The databases will be configured to use active geo-replication.
You need to recommend a solution that meets the following requirements:
Restricts user access to each database
Restricts network access to each database based on each user's respective location Ensures that the databases remain accessible from client applications if the local Azure region fails What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 40
You have an Azure subscription that contains the resources shown in the following table.

You create an Azure SQL database named DB1 that is hosted in the East US region.
To DB1, you add a diagnostic setting named Settings1. Settings1 archives SQLInsights to storage1 and sends SQLInsights to Workspace1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selections is worth one point.

Answer:

Explanation:

For more information on Azure SQL diagnostics , you can visit the below link https://docs.microsoft.com/en-us/azure/azure-sql/database/metrics-diagnostic-telemetry-logging-streaming-export-configure


NEW QUESTION # 41
You are designing an Azure resource deployment that will use Azure Resource Manager templates. The deployment will use Azure Key Vault to store secrets.
You need to recommend a solution to meet the following requirements:
Prevent the IT staff that will perform the deployment from retrieving the secrets directly from Key Vault.
Use the principle of least privilege.
Which two actions should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Create a Key Vault access policy that allows all list key permissions, list secret permissions, and list certificate permissions.
  • B. Assign the IT staff a custom role that includes the Microsoft.KeyVault/Vaults/Deploy/Action permission.
  • C. Create a Key Vault access policy that allows all get key permissions, get secret permissions, and get certificate permissions.
  • D. Assign the Key Vault Contributor role to the IT staff.
  • E. From Access policies in Key Vault, enable access to the Azure Resource Manager for template deployment.

Answer: B,E

Explanation:
Explanation
B: To access a key vault during template deployment, set enabledForTemplateDeployment on the key vault to true.
D: The user who deploys the template must have the Microsoft.KeyVault/vaults/deploy/action permission for the scope of the resource group and key vault.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/key-vault-parameter
https://docs.microsoft.com/en-us/azure/key-vault/general/overview-security


NEW QUESTION # 42
......

Get Perfect Results with Premium AZ-304 Dumps Updated 288 Questions: https://www.dumpsquestion.com/AZ-304-exam-dumps-collection.html

Related Articles

more
Microsoft AZ-304 Certification Practice Exam

Copyright © 2026 DumpsQuestion NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy