Valid Microsoft AZ-304 questions shared by Pass4itsure for helping to pass the Microsoft AZ-304 exam! Get the newest Pass4itsure Microsoft AZ-304 exam dumps with VCE and PDF here: https://www.pass4itsure.com/az-304.html (365 Q&As Dumps).
[Free PDF] Microsoft AZ-304 pdf Q&As https://drive.google.com/file/d/1JWaYE_GJo7LfNnKbPJqRyQELIdX1R4Fu/view?usp=sharing
Suitable for AZ-304 complete Microsoft learning pathway
The content is rich and diverse, and learning will not become boring. You can learn in multiple ways through the Microsoft AZ-304 exam.
- Download
- Answer practice questions, the actual Microsoft AZ-304 test
Microsoft AZ-304 Microsoft Azure Architect Design Exam
Free Microsoft AZ-304 dumps download
[PDF] Free Microsoft AZ-304 dumps pdf download https://drive.google.com/file/d/1JWaYE_GJo7LfNnKbPJqRyQELIdX1R4Fu/view?usp=sharing
Pass4itsure offers the latest Microsoft AZ-304 practice test free of charge 1-13
QUESTION 1
You have an on-premises Active Directory forest and an Azure Active Directory Azure AD) tenant. All Azure AD users
are assigned a Premium P1 license.
You deploy Azure AD Conned
Which two features ate available m this environment that can reduce operational overhead tot your company\\’s help
desk? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point
A. sell- service password reset
B. access review
C. password writeback
D. Azure AD Privileged Identity Management policies
E. Microsoft Cloud App Security Conditional at Access App Control
Correct Answer: AD
QUESTION 2
HOTSPOT
You have an Azure SQL database named DB1.
You need to recommend a data security solution for DB1. The solution must meet the following requirements:
1.
When helpdesk supervisors query DB1, they must see the full number of each credit card.
2.
When helpdesk operators query DB1, they must see only the last four digits of each credit card number.
3.
A column named Credit Rating must never appear in plain text within the database system, and only client applications
must be able to decrypt the Credit Rating column.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Dynamic data masking Dynamic data masking helps prevent unauthorized access to sensitive data by enabling
customers to designate how much of the sensitive data to reveal with minimal impact on the application layer. It\\’s a
policy-based security feature that hides the sensitive data in the result set of a query over designated database fields,
while the data in the database is not changed.
Box 2: Always encrypted Data stored in the database is protected even if the entire machine is compromised, for
example by malware. Always Encrypted leverages client-side encryption: a database driver inside an application
transparently encrypts data, before sending the data to the database. Similarly, the driver decrypts encrypted data
retrieved in query results.
Reference: https://azure.microsoft.com/en-us/blog/transparent-data-encryption-or-always-encrypted/
QUESTION 3
Note: This question is a part of series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure subscription named Project1. Only a group named Project1admins is assigned roles in the Project1
subscription. The Project1 subscription contains all the resources for an application named Application1.
Your company is developing a new application named Application2. The members of the Application2 development
team belongs to an Azure Active Directory (Azure AD) group named App2Dev.
You identify the following requirements for Application2:
1.
The members of App2Dev must be prevented from changing the role assignments in Azure.
2.
The members of App2Dev must be able to create new Azure resources required by Application2.
3.
All the required role assignments for Application2 will be performed by the members of Project1admins.
You need to recommend a solution for the role assignments of Application2.
Solution: In Project1, create a network security group (NSG) named NSG1. Assign Project1admins the Owner role for
NSG1. Assign the App2Dev the Contributor role for NSG1.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
You should use a separate subscription for Project2.
QUESTION 4
You ate designing a SQL database solution. The solution will include 20 databases that will be 20 GB each and have
varying usage patterns. You need to recommend a database platform to host the databases. The solution must meet
the following requirements:
1.
The compute resources allocated to the databases must scale dynamically.
2.
The solution must meet an SLA of 99.99% uptime.
3.
The solution must have reserved capacity.
4.
Compute charges must be minimized. What should you include in the recommendation?
A. 20 databases on a Microsoft SQL server that runs on an Azure virtual machine
B. 20 instances of Azure SQL Database serverless
C. 20 databases on a Microsoft SQL server that runs on an Azure virtual machine in an availability set
D. an elastic pool that contains 20 Azure SQL databases
Correct Answer: D
Azure SQL Database elastic pools are a simple, cost-effective solution for managing and scaling multiple databases that
have varying and unpredictable usage demands. The databases in an elastic pool are on a single server and share a
set number of resources at a set price. Elastic pools in Azure SQL Database enable SaaS developers to optimize the
price performance for a group of databases within a prescribed budget while delivering performance elasticity for each
database.
Guaranteed 99.995 percent uptime for SQL Database
Reference: https://docs.microsoft.com/en-us/azure/azure-sql/database/elastic-pool-overview
https://azure.microsoft.com/en-us/pricing/details/sql-database/elastic/
QUESTION 5
Note: This question is a part of series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure Active Directory (Azure AZD) tenant named contoso.com. The tenant contains a group named
Group1. Group1 contains all the administrative user accounts.
You discover several login attempts to the Azure portal from countries where administrative users do NOT work.
You need to ensure that all login attempts to the Azure portal from those countries require Azure Multi-Factor
Authentication (MFA).
Solution: Create an Access Review for Group1.
Does this solution meet the goal?
A. Yes
B. No
Correct Answer: B
Instead, implement Azure AD Privileged Identity Management. Note: Azure Active Directory (Azure AD) Privileged Identity Management (PIM) is a service that enables you to manage,
control, and monitor access to important resources in your organization.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
QUESTION 6
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen. You have an on-premises Hyper-V cluster that hosts 20 virtual machines. Some virtual
machines run Windows Server 2016 and some run Linux. You plan to migrate the virtual machines to an Azure
subscription.
You need to recommend a solution to replicate the disks of the virtual machines to Azure. The solution must ensure that
the virtual machines remain available during the migration of the disks.
Solution: You recommend implementing an Azure Storage account, and then using Azure Migrate.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
To ensure that the virtual machines remain available during the migration, use Azure Site Recovery.
Reference: https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview
QUESTION 7
Your network contains an on-premises Active Directory domain. The domain contains the Hyper-V clusters shown in the
following table.
You plan to implement Azure Site Recovery to protect six virtual machines running on Cluster1 and three virtual
machines running on Cluster2. Virtual machines are running on all Cluster1 and Cluster2 nodes.
You need to identify the minimum number of Azure Site Recovery Providers that must be installed on premises.
How many Providers should you identify?
A. 1
B. 7
C. 9
D. 16
Correct Answer: B
Install it on all seven nodes.
Note: Install the Azure Site Recovery Provider
Run the Provider setup file on each VMM server. If VMM is deployed in a cluster, install for the first time as follows:
1.
Install the Provider on an active node, and finish the installation to register the VMM server in the vault.
2.
Then, install the Provider on the other nodes. Cluster nodes should all run the same version of the Provider.
Reference: https://docs.microsoft.com/en-us/azure/site-recovery/hyper-v-vmm-disaster-recovery
https://developer.microsoft.com/en-us/graph/blogs/retrieving-azure-ad-access-reviews/
QUESTION 8
HOTSPOT
Your company has the divisions shown in the following table.
You plan to deploy a custom application to each subscription. The application will contain the following:
1.
A resource group
2.
An Azure web app
3.
Custom role assignments
4.
An Azure Cosmos DB account
You need to use Azure Blueprints to deploy the application to each subscription. What is the minimum number of
objects required to deploy the application? To answer, select the appropriate options in the answer area. NOTE: Each
correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: 2
One management group for East, and one for West.
When creating a blueprint definition, you\\’ll define where the blueprint is saved. Blueprints can be saved to a
management group or subscription that you have Contributor access to. If the location is a management group, the
blueprint is
available to assign to any child subscription of that management group.
Box 2: 1
One definition is you plan to deploy a custom application to each subscription. With Azure Blueprints, the
relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was
deployed) is
preserved.
Box 3: 4
One assignment for each subscription.
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/overview
QUESTION 9
HOTSPOT Your company is designing a multi-tenant application that will use elastic pools and Azure SQL databases.
The application will be used by 30 customers. You need to design a storage solution for the application. The solution
must meet the following requirements:
1.
Operational costs must be minimized.
2.
All customers must have their own database.
3.
The customer databases will be in one of the following three Azure regions: East US, North Europe, or South Africa
North.
What is the minimum number of elastic pools and Azure SQL Database servers required?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: 3
The server, its pools, and databases must be in the same Azure region under the same subscription.
Box 2: 3
A server can have up to 5000 databases associated with it.
Reference:
https://vincentlauzon.com/2016/12/18/azure-sql-elastic-pool-overview/
QUESTION 10
DRAG DROP
A company named Contoso, Ltd. has an Azure Active Directory (Azure AD) tenant that uses the Basic license.
You plan to deploy two applications to Azure. The applications have the requirements shown in the following table.
Which authentication strategy should you recommend for each application? To answer, drag the appropriate
authentication strategies to the correct applications. Each authentication strategy may be used once, more than once, or
not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Box 1: Azure AD V2.0 endpoint
Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) developer platform. It allows
developers to build applications that sign in all Microsoft identities and get tokens to call Microsoft APIs, such as
Microsoft Graph,
or APIs that developers have built. The Microsoft identity platform consists of:
OAuth 2.0 and OpenID Connect standard-compliant authentication service that enables developers to authenticate any
Microsoft identity, including:
Work or school accounts (provisioned through Azure AD)
Personal Microsoft accounts (such as Skype, Xbox, and Outlook.com)
Social or local accounts (via Azure AD B2C)
Box 2: Azure AD B2C tenant
Azure Active Directory B2C provides business-to-customer identity as a service. Your customers use their preferred
social, enterprise, or local account identities to get single sign-on access to your applications and APIs.
Azure Active Directory B2C (Azure AD B2C) integrates directly with Azure Multi-Factor Authentication so that you can
add a second layer of security to sign-up and sign-in experiences in your applications.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-mfa
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview
QUESTION 11
You manage a single-domain, on-premises Active Directory forest named contoso.com. The forest functional level is
Windows Server 2016.
You have several on-premises applications that depend on Active Directory.
You plan to migrate the applications to Azure.
You need to recommend an identity solution for the applications. The solution must meet the following requirements:
1.
Eliminate the need for hybrid network connectivity.
2.
Minimize management overhead for Active Directory. What should you recommend?
A. In Azure, deploy an additional child domain to the contoso.com forest.
B. In Azure, deploy additional domain controllers for the contoso.com domain.
C. Implement a new Active Directory forest in Azure.
D. Implement Azure Active Directory Domain Services (Azure AD DS).
Correct Answer: B
QUESTION 12
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App
Service instances will be deployed at the same time as the Azure SQL databases.
The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The
resources for the App Service instances must reside in the same region.
You need to recommend a solution to meet the regulatory requirement.
Solution: You recommend using an Azure policy to enforce the resource group location.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Azure Resource Policy Definitions can be used which can be applied to a specific Resource Group with the App Service
instances.
Reference: https://docs.microsoft.com/en-us/azure/governance/policy/overview
QUESTION 13
WebDev01 is used only for testing purposes. You need to reduce the costs to host WebDev01. What should you
modify?
NOTE: To answer this question, sign in to the Azure portal and explore the Azure resource groups.
A. the disk type of WebDev01
B. the networking properties of WebDev01
C. the storage type of the storage account
D. the properties of the storage account
Correct Answer: C
The storage type can be changed to Block blobs to save money.
References: https://azure.microsoft.com/en-us/pricing/details/storage/
Pass4itsure Microsoft exam dumps discount code share
Summarize:
[Q1-Q13] Free Microsoft AZ-304 pdf download https://drive.google.com/file/d/1JWaYE_GJo7LfNnKbPJqRyQELIdX1R4Fu/view?usp=sharing
Share all the resources: Latest Microsoft AZ-304 practice questions, latest Microsoft AZ-304 pdf dumps. The latest updated Microsoft AZ-304 dumps https://www.pass4itsure.com/az-304.html Study hard and practices a lot. This will help you prepare for the Microsoft AZ-304 exam. Good luck!
