Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Exam Code: AZ-304 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Microsoft Azure Architect Design (beta)
Certification Provider: Microsoft
Free Today! Guaranteed Training- Pass AZ-304 Exam.
Microsoft AZ-304 Free Dumps Questions Online, Read and Test Now.
NEW QUESTION 1
Your company is designing a multi-tenant application that will use elastic pools and Azure SQL databases. The application will be used by 30 customers.
You need to design a storage solution for the application. The solution must meet the following requirements: 
Operational costs must be minimized. All customers must have their own database. The customer databases will be in one of the following three Azure regions: East US, North Europe, or South Africa North.
What is the minimum number of elastic pools and Azure SQL Database servers required? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer: A
Explanation:
Box 1: 3
The server, its pools & databases must be in the same Azure region under the same subscription. Box 2: 3
A server can have up to 5000 databases associated to it.
Reference:
https://vincentlauzon.com/2016/12/18/azure-sql-elastic-pool-overview/
NEW QUESTION 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named storage1. You plan to archive data to storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create an Azure Blob storage container, and you configure a legal hold access policy. Does this meet the goal?
Answer: B
Explanation:
Use an Azure Blob storage container, but use a time-based retention policy instead of a legal hold. Note:
Immutable storage for Azure Blob storage enables users to store business-critical data objects in a WORM (Write Once, Read Many) state. This state makes the data non-erasable and non-modifiable for a
user-specified interval. For the duration of the retention interval, blobs can be created and read, but cannot be modified or deleted. Immutable storage is available for general-purpose v2 and Blob storage accounts in all Azure regions.
Note: Set retention policies and legal holds
* 1. Create a new container or select an existing container to store the blobs that need to be kept in the immutable state. The container must be in a general-purpose v2 or Blob storage account.
* 2. Select Access policy in the container settings. Then select Add policy under Immutable blob storage. Either
* 3a. To enable legal holds, select Add Policy. Select Legal hold from the drop-down menu. Or
* 3b. To enable time-based retention, select Time-based retention from the drop-down menu.
* 4. Enter the retention interval in days (acceptable values are 1 to 146000 days). Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutability-policies-manage
NEW QUESTION 3
You need to recommend a data storage strategy for WebApp1. What should you include in in the recommendation?
Answer: B
NEW QUESTION 4
Your company has the divisions shown in the following table.
You plan to deploy a custom application to each subscription. The application will contain the following: 
A resource group An Azure web app Custom role assignments An Azure Cosmos DB account
You need to use Azure Blueprints to deploy the application to each subscription.
What is the minimum number of objects required to deploy the application? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer: A
Explanation:
Box 1: 2
One management group for East, and one for West.
When creating a blueprint definition, you'll define where the blueprint is saved. Blueprints can be saved to a management group or subscription that you have Contributor access to. If the location is a management group, the blueprint is available to assign to any child subscription of that management group.
Box 2: 1
One definition as the you plan to deploy a custom application to each subscription.
With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved.
Box 3: 4
One assignment for each subscription. Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/overview
NEW QUESTION 5
You have an Azure Active Directory (Azure AD) tenant.
You plan to deploy Azure Cosmos DB databases that will use the SQL API.
You need to recommend a solution to provide specific Azure AD user accounts with read access to the Cosmos DB databases.
What should you include in the recommendation?
Answer: A
Explanation:
The Access control (IAM) pane in the Azure portal is used to configure role-based access control on Azure Cosmos resources. The roles are applied to users, groups, service principals, and managed identities in Active Directory. You can use built-in roles or custom roles for individuals and groups. The following screenshot shows Active Directory integration (RBAC) using access control (IAM) in the Azure portal:
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/role-based-access-control
NEW QUESTION 6
You are developing a sales application that will contain several Azure cloud services and will handle different components of a transaction. Different cloud services will process customer orders, billing, payment, inventory, and shipping.
You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using REST messages.
What should you include in the recommendation?
Answer: A
Explanation:
Service Bus is a transactional message broker and ensures transactional integrity for all internal operations against its message stores. All transfers of messages inside of Service Bus, such as moving messages to a dead-letter queue or automatic forwarding of messages between entities, are transactional.
Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-transactions
NEW QUESTION 7
What should you include in the identity management strategy to support the planned changes?
Answer: B
Explanation:
Directory synchronization between Azure Active Directory (Azure AD) and corp.fabrikam.com must not be affected by a link failure between Azure and the on-premises network. (This requires domain controllers in Azure)
Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails. (This requires domain controllers on-premises)
NEW QUESTION 8
You have an on-premises network that uses on IP address space of 172.16.0.0/16 You plan to deploy 25 virtual machines to a new azure subscription.
You identity the following technical requirements.
All Azure virtual machines must be placed on the same subnet subnet1. All the Azure virtual machines must be able to communicate with all on premises severs. The servers must be able to communicate between the on-premises network and Azure by using a site to site VPN.
You need to recommend a subnet design that meets the technical requirements.
What should you include in the recommendation? To answer, drag the appropriate network addresses to the correct subnet. Each network address may be used once, more than once or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer: A
Explanation: 
NEW QUESTION 9
You are designing an Azure resource deployment that will use Azure Resource Manager templates. The deployment will use Azure Key Vault to store secrets.
You need to recommend a solution to meet the following requirements:
Prevent the IT staff that will perform the deployment from retrieving the secrets directly from Key Vault. Use the principle of least privilege.
Which two actions should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer: BD
Explanation:
B: To access a key vault during template deployment, set enabledForTemplateDeployment on the key vault to true.
D: The user who deploys the template must have the Microsoft.KeyVault/vaults/deploy/action permission for the scope of the resource group and key vault.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/key-vault-parameter https://docs.microsoft.com/en-us/azure/key-vault/general/overview-security
NEW QUESTION 10
You are designing a message application that will run on an on-premises Ubuntu virtual machine. The application will use Azure Storage queues.
You need to recommend a processing solution for the application to interact with the storage queues. The solution must meet the following requirements: Create and delete queues daily. Be scheduled by using a CRON job. Upload messages every five minutes.
What should developers use to interact with the queues?
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/storage/queues/storage-tutorial-queues
NEW QUESTION 11
Your company purchases an app named App1.
You plan to tun App1 on seven Azure virtual machines In an Availability Set. The number of fault domains is set to 3. The number of update domains is set to 20.
You need to identity how many App1 instances will remain available during a period of planned maintenance. How many Appl instances should you identify?
Answer: C
Explanation:
Only one update domain is rebooted at a time. Here there are 7 update domain with one VM each (and 13 update domain with no VM).
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability
NEW QUESTION 12
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named Storage1. You plan to archive data to Storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create a file share and snapshots. Does this meet the goal?
Answer: B
Explanation:
Instead you could create an Azure Blob storage container, and you configure a legal hold access policy. References:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage
NEW QUESTION 13
You need to recommend a solution for protecting the content of the payment processing system. What should you include in the recommendation?
Answer: D
NEW QUESTION 14
Your company has users who work remotely from laptops.
You plan to move some of the applications accessed by the remote users to Azure virtual machines. The users will access the applications in Azure by using a point-to-site VPN connection. You will use certificates generated from an on-premises-based certification authority (CA).
You need to recommend which certificates are required for the deployment.
What should you include in the recommendation? To answer, drag the appropriate certificates to the correct targets. Each certificate may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer: A
Explanation: 
NEW QUESTION 15
You plan to deploy a network-intensive application to several Azure virtual machines. You need to recommend a solution that meets the following requirements: Minimizes the use of the virtual machine processors to transfer data Minimizes network latency
Which virtual machine size and feature should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer: A
Explanation:
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-hpc#h-series
NEW QUESTION 16
You need to recommend a solution to meet the database retention requirement. What should you recommend?
Answer: A
NEW QUESTION 17
You need to recommend a solution for protecting the content of the back-end tier of the payment processing system.
What should you include in the recommendations?
Answer: A
NEW QUESTION 18
Your company plans to publish APIs for its services by using Azure API Management. You discover that service responses include the AspNet-Version header.
You need to recommend a solution to remove AspNet-Version from the response of the published APIs. What should you include in the recommendation?
Answer: C
Explanation:
References:
https://docs.microsoft.com/en-us/azure/api-management/transform-api
NEW QUESTION 19
You need to recommend a solution for configuring the Azure Multi-Factor Authentication (MFA) settings. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer: A
Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-mfa-policy
NEW QUESTION 20
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named Storage1. You plan to archive data to Storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create a file share, and you configure an access policy. Does this meet the goal?
Answer: B
Explanation:
Instead of a file share, an immutable Blob storage is required.
Time-based retention policy support: Users can set policies to store data for a specified interval. When a time-based retention policy is set, blobs can be created and read, but not modified or deleted. After the retention period has expired, blobs can be deleted but not overwritten.
Note: Set retention policies and legal holds
* 1. Create a new container or select an existing container to store the blobs that need to be kept in the immutable state. The container must be in a general-purpose v2 or Blob storage account.
* 2. Select Access policy in the container settings. Then select Add policy under Immutable blob storage.
* 3. To enable time-based retention, select Time-based retention from the drop-down menu.
* 4. Enter the retention interval in days (acceptable values are 1 to 146000 days). References:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutability-policies-manage
NEW QUESTION 21
You need to recommend a solution to deploy containers that run an application. The application has two tiers.
Each tier is implemented as a separate Docker Linux-based image. The solution must meet the following requirements: The front-end tier must be accessible by using a public IP address on port 80. The backend tier must be accessible by using port 8080 from the front-end tier only. Both containers must be able to access the same Azure file share. If a container fails, the application must restart automatically. Costs must be minimized.
What should you recommend using to host the application?
Answer: C
Explanation:
Azure Container Instances enables a layered approach to orchestration, providing all of the scheduling and management capabilities required to run a single container, while allowing orchestrator platforms to manage multi-container tasks on top of it.
Because the underlying infrastructure for container instances is managed by Azure, an orchestrator platform does not need to concern itself with finding an appropriate host machine on which to run a single container.
Azure Container Instances can schedule both Windows and Linux containers with the same API. Orchestration of container instances exclusively
Because they start quickly and bill by the second, an environment based exclusively on Azure Container Instances offers the fastest way to get started and to deal with highly variable workloads.
Reference:
https://docs.microsoft.com/en-us/azure/container-instances/container-instances-overview https://docs.microsoft.com/en-us/azure/container-instances/container-instances-orchestrator-relationship
NEW QUESTION 22
You need to design a solution for securing access to the historical transaction data.
What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer: A
Explanation: 
NEW QUESTION 23
You need to recommend a strategy for migrating the database content of WebApp1 to Azure. What should you include in the recommendation?
Answer: D
Explanation:
Before you upload a Windows virtual machine (VM) from on-premises to Azure, you must prepare the virtual hard disk (VHD or VHDX).
Scenario: WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V. Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhd-image
NEW QUESTION 24
You have an existing implementation of Microsoft SQL Server Integration Services (SSIS) packages stored in an SSISDB catalog on your on-premises network. The on-premises network does not have hybrid connectivity to Azure by using Site-to-Site VPN or ExpressRoute.
You want to migrate the packages to Azure Data Factory.
You need to recommend a solution that facilitates the migration while minimizing changes to the existing packages. The solution must minimize costs.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer: A
Explanation:
Box 1: Azure SQL database
You can't create the SSISDB Catalog database on Azure SQL Database at this time independently of creating the Azure-SSIS Integration Runtime in Azure Data Factory. The Azure-SSIS IR is the runtime environment that runs SSIS packages on Azure.
Box 2: Azure-SQL Server Integration Service Integration Runtime and self-hosted integration runtime The Integration Runtime (IR) is the compute infrastructure used by Azure Data Factory to provide data
integration capabilities across different network environments. Azure-SSIS Integration Runtime (IR) in Azure Data Factory (ADF) supports running SSIS packages.
Self-hosted integration runtime can be used for data movement in this scenario. Reference:
https://docs.microsoft.com/en-us/azure/data-factory/create-azure-integration-runtime https://docs.microsoft.com/en-us/sql/integration-services/lift-shift/ssis-azure-connect-to-catalog-database
NEW QUESTION 25
......
100% Valid and Newest Version AZ-304 Questions & Answers shared by DumpSolutions.com, Get Full Dumps HERE: https://www.dumpsolutions.com/AZ-304-dumps/ (New 0 Q&As)