Valid Microsoft AZ-304 questions shared by Pass4itsure for helping to pass the Microsoft AZ-304 exam! Get the newest Pass4itsure Microsoft AZ-304 exam dumps with VCE and PDF here: https://www.pass4itsure.com/az-304.html (356 Q&As Dumps).
[Free PDF] Microsoft AZ-304 pdf https://drive.google.com/file/d/1pnOmZLTu3mabJL0V3ziAE-86bpg6gL4S/view?usp=sharing
Suitable for AZ-304 complete Microsoft learning pathway
The content is rich and diverse, and learning will not become boring. You can learn in multiple ways through the Microsoft AZ-304 exam.
- DownloadÂ
- Answer practice questions, the actual Microsoft AZ-304 test
Microsoft AZ-304 Microsoft Azure Architect Design Exam
Free Microsoft AZ-304 dumps download
[PDF] Free Microsoft AZ-304 dumps pdf download https://drive.google.com/file/d/1pnOmZLTu3mabJL0V3ziAE-86bpg6gL4S/view?usp=sharing
Pass4itsure offers the latest Microsoft AZ-304 practice test free of charge 1-13
QUESTION 1
You are developing a sales application that will contain several Azure cloud services and will handle different
components of a transaction. Different cloud services will process customer orders, billing, payment, inventory, and
shipping.
You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information
by using REST messages.
What would you include in the recommendation?
A. Azure Traffic Manager
B. Azure Notification Hubs
C. Azure Blob storage
D. Azure Queue storage
Correct Answer: D
Asynchronous messaging can be implemented in a variety of different ways. With queues, topics, and subscriptions.
The queue service REST API: The Queue service stores messages that may be read by any client who has access to
the storage account.
Incorrect Answers:
B: Azure Notification Hubs provide an easy-to-use and scaled-out push engine that allows you to send notifications to
any platform. This communication is not asynchronous, however.
Reference: https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-async-messaging
https://docs.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api
QUESTION 2
HOTSPOT
To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the
appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
QUESTION 3
You need to recommend a notification solution for the IT Support distribution group. What should you include in the
recommendation?
A. a SendGrid account with advanced reporting
B. Azure AD Connect Health
C. Azure Network Watcher
D. an action group
Correct Answer: B
Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-operations
QUESTION 4
A partner manages on-premises and Azure environments. The partner deploys an on-premises solution that needs to
use Azure services. The partner deploys a virtual appliance.
All network traffic that is directed to a specific subnet must flow through the virtual appliance.
You need to recommend solutions to manage network traffic.
Which two options should you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Configure Azure Traffic Manager
B. Implement an Azure virtual network
C. Configure a routing table with forced tunneling
D. Implement Azure ExpressRoute
Correct Answer: CD
C: Forced tunneling lets you redirect or “force” all Internet-bound traffic back to your on-premises location via a Site-toSite VPN tunnel for inspection and auditing. This is a critical security requirement for most enterprise IT policies. Without
forced tunneling, Internet-bound traffic from your VMs in Azure always traverses from Azure network infrastructure
directly out to the Internet, without the option to allow you to inspect or audit the traffic.
Forced tunneling in Azure is configured via virtual network user-defined routes.
D: ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection
facilitated by a connectivity provider. With ExpressRoute, you can establish connections to Microsoft cloud services,
such as Microsoft Azure, Office 365, and Dynamics 365.
Connectivity can be from an any-to-any (IP VPN) network, a point-to-point Ethernet network, or a virtual crossconnection through a connectivity provider at a co-location facility. ExpressRoute connections do not go over the public
Internet. This allows ExpressRoute connections to offer more reliability, faster speeds, lower latencies, and higher
security than typical connections over the Internet.
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction
QUESTION 5
HOTSPOT
You have an Azure subscription that contains the SQL servers shown in the following table.
The subscription contains the storage accounts shown in the following table.
Box 1: Yes Be sure that the destination is in the same region as your database and server. Box 2: No Box 3: No
Reference: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing
QUESTION 6
HOTSPOT You have an existing implementation of Microsoft SQL Server Integration Services (SSIS) packages stored
in an SSISDB catalog on your on-premises network. The on-premises network does not have hybrid connectivity to
Azure by using Site-to-Site VPN or ExpressRoute. You want to migrate the packages to Azure Data Factory. You need
to recommend a solution that facilitates the migration while minimizing changes to the existing packages. The solution
must minimize costs.
What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct
selection is worth one point.
Box 1: Azure SQL database
You can\\’t create the SSISDB Catalog database on Azure SQL Database at this time independently of creating the
Azure-SSIS Integration Runtime in Azure Data Factory. The Azure-SSIS IR is the runtime environment that runs SSIS
packages on Azure.
Box 2: Azure-SQL Server Integration Service Integration Runtime and self-hosted integration runtime The Integration
Runtime (IR) is the compute infrastructure used by Azure Data Factory to provide data integration capabilities across
different network environments. Azure-SSIS Integration Runtime (IR) in Azure Data Factory (ADF) supports running
SSIS packages. Self-hosted integration runtime can be used for data movement in this scenario.
Reference:
https://docs.microsoft.com/en-us/azure/data-factory/create-azure-integration-runtime https://docs.microsoft.com/enus/sql/integration-services/lift-shift/ssis-azure-connect-to-catalog-database
QUESTION 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
Your company has an on-premises data center and an Azure subscription. The on-premises data center contains a
Hardware Security Module (HSM).
Your network contains an Active Directory domain that is synchronized to an Azure Active Directory (Azure AD) tenant.
The company is developing an application named Application1. Application1 will be hosted in Azure by using 10 virtual
machines that run Windows Server 2016. Five virtual machines will be in the West Europe Azure region and five virtual
machines will be in the East US Azure region. The virtual machines will store sensitive company information. All the
virtual machines will use managed disks.
You need to recommend a solution to encrypt the virtual machine disks by using BitLocker Drive Encryption (BitLocker).
Solution:
1.
Deploy one Azure Key Vault to each region
2.
Export two security keys from the on-premises HSM
3.
Import the security keys from the HSM into each Azure Key Vault
4.
Configure the virtual machines to use Azure Disk Encryption
5.
Use a different Key Vault for encrypting virtual machine disks in each region Does this meet the goal?
A. Yes
B. No
Correct Answer: A
We use the Azure Premium Key Vault with Hardware Security Modules (HSM) backed keys. The Key Vault has to be in
the same region as the VM that will be encrypted.
Note: If you want to use a key encryption key (KEK) for an additional layer of security for encryption keys, add a KEK to
your key vault. Use the Add-AzKeyVaultKey cmdlet to create a key encryption key in the key vault. You can also import a KEK from your on-premises key management HSM.
Reference: https://www.ciraltos.com/azure-disk-encryption-v2/
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-prerequisites-aad
QUESTION 8
A user named [email protected] cannot modify the properties of the web app.
You need to ensure that [email protected] can modify the web app properties.
What should you do?
NOTE: To answer this question, sign in to the Azure portal and explore the Azure resource groups.
A. Remove the resource lock from the resource group
B. Remove the resource lock from the web app
C. Modify the permissions on the web app
D. Modify the permissions on the resource group
Correct Answer: B
As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your
organization from accidentally deleting or modifying critical resources. Note: resource – A manageable item that is
available through Azure. Virtual machines, storage accounts, web apps, databases, and virtual networks are examples
of resources. References:
https://docs.microsoft.com/sv-se/azure/azure-resource-manager/management/lock-resources
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview
QUESTION 9
Note: This question is a part of series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You are designing a storage solution to support on-premises resources and Azure-hosted resources.
You need to provide on-premises storage that has built-in replication to Azure.
Solution: You include Azure StorSimple in the design.
Does the solution meet the goal?
A. Yes
B. No
Correct Answer: A
QUESTION 10
You plan to deploy 200 Microsoft SQL Server databases to Azure by using Azure SQL Database and Azure SQL
Database Managed Instance.
You need to recommend a monitoring solution that provides a consistent monitoring approach for all deployments. The
solution must meet the following requirements:
1.
Support current-state analysis based on metrics collected near real-time, multiple times per minute, and maintained for
up to one hour
2.
Support longer term analysis based on metrics collected multiple times per hour and maintained for up to two weeks.
3.
Support monitoring of the number of concurrent logins and concurrent sessions. What should you include in the
recommendation?
A. dynamic management views
B. trace flags
C. Azure Monitor
D. SQL Server Profiler
Correct Answer: C
QUESTION 11
WebDev01 is used only for testing purposes. You need to reduce the costs to host WebDev01. What should you
modify?
NOTE: To answer this question, sign in to the Azure portal and explore the Azure resource groups.
A. the disk type of WebDev01
B. the networking properties of WebDev01
C. the storage type of the storage account
D. the properties of the storage account
Correct Answer: C
The storage type can be changed to Block blobs to save money.
References: https://azure.microsoft.com/en-us/pricing/details/storage/
QUESTION 12
Your company plans to migrate its on-premises data to Azure.
You need to recommend which Azure services can be used to store the data. The solution must meet the following
requirements:
1.
Encrypt all data while at rest.
2.
Encrypt data only by using a key generated by the company.
Which two possible services can you recommend? Each correct answer presents a complete solution. NOTE: Each
correct selection is worth one point.
A. Azure Table storage
B. Azure Backup
C. Azure Blob storage
D. Azure Queue storage
E. Azure Files
Correct Answer: CE
Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption-customer-managedkeys
QUESTION 13
Note: This question is a part of series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
1.
Provide access to the full .NET framework.
2.
Provide redundancy if an Azure region fails.
3.
Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy an Azure virtual machine to two Azure regions, and you deploy an Azure Application Gateway.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
You need to deploy two Azure virtual machines to two Azure regions, but also create a Traffic Manager profile.
Summarize:
[Q1-Q13] Free Microsoft AZ-304 pdf download https://drive.google.com/file/d/1pnOmZLTu3mabJL0V3ziAE-86bpg6gL4S/view?usp=sharing
Share all the resources: Latest Microsoft AZ-304 practice questions, latest Microsoft AZ-304 pdf dumps. The latest updated Microsoft AZ-304 dumps https://www.pass4itsure.com/az-304.html Study hard and practices a lot. This will help you prepare for the Microsoft AZ-304 exam. Good luck!
