(2021-January-Version)Braindump2go AZ-304 Exam Dumps and AZ-304 Exam Questions Free Share(Q345-Q365)
QUESTION 345 Case Study 2 - Contoso,Ltd Overview Contoso,Ltd is a US-base finance service company that has a main office New York and an office in San Francisco. Payment Processing Query System Contoso hosts a business critical payment processing system in its New York data center. The system has three tiers a front-end web app a middle -tier API and a back end data store implemented as a Microsoft SQL Server 2014 database All servers run Windows Server 2012 R2. The front -end and middle net components are hosted by using Microsoft Internet Inform-non Services (IK) The application rode is written in C# and middle- tier API uses the Entity framework to communicate the SQL Server database. Maintenance of the database e performed by using SQL Server Ago- The database is currently J IB and is not expected to grow beyond 3 TB. The payment processing system has the following compliance related requirement • Encrypt data in transit and at test. Only the front-end and middle-tier components must be able to access the encryption keys that protect the date store. • Keep backups of the two separate physical locations that are at last 200 miles apart and can be restored for op to seven years. • Support blocking inbound and outbound traffic based on the source IP address, the description IP address, and the port number • Collect Windows security logs from all the middle-tier servers and retain the log for a period of seven years, • Inspect inbound and outbound traffic from the from-end tier by using highly available network appliances. • Only allow all access to all the tiers from the internal network of Contoso. Tape backups ate configured by using an on-premises deployment or Microsoft System Center Data protection Manager (DPMX and then shaped ofsite for long term storage Historical Transaction Query System Contoso recently migrate a business-Critical workload to Azure. The workload contains a NET web server for querying the historical transaction data residing in azure Table Storage. The NET service is accessible from a client app that was developed in-house and on the client computer in the New Your office. The data in the storage is 50 GB and is not except to increase. Information Security Requirement The IT security team wants to ensure that identity management n performed by using Active Directory. Password hashes must be stored on premises only. Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger multi-factor authentication prompt automatically Legitimate users must be able to authenticate successfully by using multi-factor authentication. Planned Changes Contoso plans to implement the following changes: - Migrate the payment processing system to Azure. - Migrate the historical transaction data to Azure Cosmos DB to address the performance issues. Migration Requirements Contoso identifies the following general migration requirements: Infrastructure services must remain available if a region or a data center fails. Failover must occur without any administrative intervention - Whenever possible. Azure managed serves must be used to management overhead - Whenever possible, costs must be minimized. Contoso identifies the following requirements for the payment processing system: - If a data center fails, ensure that the payment processing system remains available without any administrative intervention. The middle-tier and the web front end must continue to operate without any additional configurations- - If that the number of compute nodes of the from -end and the middle tiers of the payment processing system can increase or decrease automatically based on CPU utilization. - Ensure that each tier of the payment processing system is subject to a Service level Agreement (SLA) of 9959 percent availability - Minimize the effort required to modify the middle tier API and the back-end tier of the payment processing system. - Generate alerts when unauthorized login attempts occur on the middle-tier virtual machines. - Insure that the payment processing system preserves its current compliance status. - Host the middle tier of the payment processing system on a virtual machine. Contoso identifies the following requirements for the historical transaction query system: - Minimize the use of on-premises infrastructure service. - Minimize the effort required to modify the .NET web service querying Azure Cosmos DB. - If a region fails, ensure that the historical transaction query system remains available without any administrative intervention. Current Issue The Contoso IT team discovers poor performance of the historical transaction query as the queries frequently cause table scans. Information Security Requirements The IT security team wants to ensure that identity management is performed by using Active Directory. Password hashes must be stored on-premises only. Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger a multi-factor authentication prompt automatically. legitimate users must be able to authenticate successfully by using multi-factor authentication. You need to recommend a solution for protecting the content of the payment processing system. What should you include in the recommendation? A.Transparent Data Encryption (TDE) B.Azure Storage Service Encryption C.Always Encrypted with randomized encryption D.Always Encrypted with deterministic encryption Answer: D QUESTION 346 You deploy an Azure virtual machine that runs an ASP.NET application. The application will be accessed from the internet by the users at your company. You need to recommend a solution to ensure that the users are pre-authenticated by using their Azure Active Directory (Azure AD) account before they can connect to the ASP.NET application What should you include in the recommendation? A.an Azure AD enterprise application B.Azure Traffic Manager C.a public Azure Load Balancer D.Azure Application Gateway Answer: B QUESTION 347 You are designing a microservices architecture that will use Azure Kubernetes Service (AKS) to host pods that run containers. Each pod deployment will host a separate API Each API will be implemented as a separate service- You need to recommend a solution to make the APIs available to external users from Azure API Management. The solution must meet the following requirements: - Control access to the APIs by using mutual US authentication between API Management and the AKS-based APIs. - Provide access to the APIs by using a single IP address. What should you recommend to provide access to the APIs? A.custom network security groups (NSGs) B.the LoadBelancer service in AKS C.the Ingress Controller in AKS Answer: C QUESTION 348 Your company plans to use a separate Azure subscription for each of its business units. You identify the following governance requirements: - Each business unit will analyze costs for different workloads such as production, development, and testing. - The company will analyze costs by business unit and workload. What should you use to meet the governance requirements? A.Azure Advisor alerts and Azure Logic Apps B.Microsoft Intune and compliance policies C.Azure management groups and RBAC D.tags and Azure Policy Answer: D QUESTION 349 You have an Azure SQL Database elastic pool. You need to monitor the resource usage of the elastic pool for anomalous database activity based on historic usage patterns. The solution must minimize administrative effort. What should you include in the solution? A.a metric alert that uses a dynamic threshold B.a metric alert that uses a static threshold C.a log alert that uses a dynamic threshold D.a log alert that uses a static threshold Answer: A QUESTION 350 You have 200 resource groups across 20 Azure subscriptions. Your company's security policy states that the security administrator must verify all assignments of the Owner role for the subscriptions and resource groups once a month. All assignments that are not approved by the security administrator must be removed automatically. The security administrator must be prompted every month to perform the verification. What should you use to implement the security policy? A.Access reviews in Identity Governance B.role assignments in Azure Active Directory (Azure AD) Privileged identity Management (PIM) C.Identity Secure Score in Azure Security Center D.the user risk policy W?Azure Active Directory (Azure AD) Identity Protection Answer: A QUESTION 351 You are designing an Azure web app that will use Azure Active Directory (Azure AD) for authentication. You need to recommend a solution to provide users from multiple Azure AD tenants with access to App1. The solution must ensure that the users use Azure Multi-Factor Authentication (MFA) when they connect to App1. Which two types of objects should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is world one point. A.Azure AD managed identities B.an identity Experience Framework policy C.Azure AD conditional access policies D.a Microsoft intune app protection policy E.an Azure application security group F.Azure AD guest accounts Answer: DE QUESTION 352 You have an Azure subscription that contains two applications named App1 and App2. App1 is a sales processing application. When a transaction in App1 requires shipping, a message is added to an Azure Storage account queue, and then App2 listens to the queue (or relevant transactions. In the future, additional applications will be added that will process some of the shipping requests based on the specific details of the transactions. You need to recommend a replacement for the storage account queue to ensure that each additional application will be able to read the relevant transactions. What should you recommend? A.one Azure Service Bus queue B.one Azure Service Bus topic C.one Azure Data Factory pipeline D.multiple storage account queues Answer: D QUESTION 353 You manage an on-premises network and Azure virtual networks. You need to create a secure connection over a private network between the on-premises network and the Azure virtual networks. The connection must offer a redundant pair of cross connections to provide high availability. What should you recommend? A.Azure Load Balancer B.virtual network peering C.VPN Gateway D.ExpressRoute Answer: D QUESTION 354 You need to create an Azure Storage account that uses a custom encryption key. What do you need to implement the encryption? A.an Azure key vault in the tame Azure region as the storage account B.a managed identity that is configured to access the storage account C.a certificate issued by an integrated certification authority (CA) and stored in Azure Key Vault D.Azure Active Directory Premium subscription Answer: C QUESTION 355 Your company purchases an app named App1. You need to recommend a solution 10 ensure that App 1 can read and modify access reviews. What should you recommend? A.From the Azure Active Directory admin center, register App1. and then delegate permissions to the Microsoft Graph API. B.From the Azure Active Directory admin center, register App1. from the Access control (1AM) blade, delegate permissions. C.From API Management services, publish the API of App1. and then delegate permissions to the Microsoft Graph API. D.From API Management services, publish the API of App1 From the Access control (1AM) blade, delegate permissions. Answer: B QUESTION 356 Your company provides customer support for multiple Azure subscriptions and third-party hosting providers. You are designing a centralized monitoring solution. The solution must provide the following services: - Collect log and diagnostic data from all the third-party hosting providers into a centralized repository. - Collect log and diagnostic data from all the subscriptions into a centralized repository. - Automatically analyze log data and detect threats. - Provide automatic responses to known events. Which Azure service should you include in the solution? A.Azure Sentinel B.Azure Log Analytics C.Azure Monitor D.Azure Application Insights Answer: D QUESTION 357 You have an Azure web app that uses an Azure key vault named KeyVault1 in the West US Azure region. You are designing a disaster recovery plan for KeyVault1. You plan to back up the keys in KeyVault1. You need to identify to where you can restore the backup. What should you identify? A.KeyVault1 only B.the same region only C.the same geography only D.any region worldwide Answer: B QUESTION 358 You nave 200 resource groups across 20 Azure subscriptions. Your company's security policy states that the security administrator most verify all assignments of the Owner role for the subscriptions and resource groups once a month. All assignments that are not approved try the security administrator must be removed automatically. The security administrator must be prompted every month to perform the verification. What should you use to implement the security policy? A.Access reviews in identity Governance B.role assignments in Azure Active Directory (Azure AD) Privileged Identity Management (PIM) C.Identity Secure Score in Azure Security Center D.the user risk policy Azure Active Directory (Azure AD) Identity Protection Answer: B QUESTION 359 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity. Several VMs are exhibiting network connectivity issues. You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs. Solution: Use the Azure Advisor to analyze the network traffic. Does the solution meet the goal? A.Yes B.No Answer: B QUESTION 360 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it As a result, these questions will not appear In the review screen. You have an on-premises Hyper-V cluster that hosts 20 virtual machines. Some virtual machines run Windows Server 2016 and some run Linux. You plan to migrate the virtual machines to an Azure subscription. You need to recommend a solution to replicate the disks of the virtual machines to Azure. The solution must ensure that the virtual machines remain available during the migration of the disks. Solution: You recommend implementing an Azure Storage account and then running AzCopy. Does this meet the goal? A.Yes B.NO Answer: B Explanation: AzCopy only copy files, not the disks. Instead use Azure Site Recovery. References: https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview QUESTION 361 Your company wants to use an Azure Active Directory (Azure AD) hybrid identity solution. You need to ensure that users can authenticate if the internet connection is unavailable. The solution must minimize authentication prompts for the users. What should you include in the solution? A.an Active Directory Federation Services (AD FS) server B.pass-through authentication and Azure AD Seamless Single Sign-On (Azure AD Seamless SSO) C.password hash synchronization and Azure AD Seamless Single Sign-On (Azure AD Seamless SSO) Answer: C QUESTION 362 You need to design a highly available Azure SQL database that meets the following requirements: - Failover between replicas of the database must occur without any data loss. - The database must remain available in the event of a zone outage. - Costs must be minimized. Which deployment option should you use? A.Azure SQL Database Hyperscale B.Azure SQL Database Premium C.Azure SQL Database Serverless D.Azure SQL Database Managed Instance General Purpose Answer: D QUESTION 363 Drag and Drop Question Your on-premises network contains a server named Server1 that runs an ASP.NET application named App1. You have a hybrid deployment of Azure Active Directory (Azure AD). You need to recommend a solution to ensure that users sign in by using their Azure AD account and Azure Multi-Factor Authentication (MFA) when they connect to App1 from the internet. Which three Azure services should you recommend be deployed and configured in sequence? To answer, move the appropriate services from the list of services to the answer area and arrange them in the correct order. Answer: QUESTION 364 Hotspot Question You need to design an Azure policy that will implement the following functionality: - For new resources, assign tags and values that match the tags and values of the resource group to which the resources are deployed. - For existing resources, identify whether the tags and values match the tags and values of the resource group that contains the resources. - For any non-compliant resources, trigger auto-generated remediation tasks to create missing tags and values. The solution must use the principle of least privilege. What should you include in the design? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer: QUESTION 365 Hotspot Question You are designing a cost-optimized solution that uses Azure Batch to run two types of jobs on Linux nodes. The first job type will consist of short-running tasks for a development environment. The second job type will consist of long-running Message Passing Interface (MP1) applications for a production environment that requires timely Job completion. You need to recommend the pool type and node type for each job type. The solution must minimize compute charges and leverage Azure Hybrid Benefit whenever possible. What should you recommend? To answr, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer: 2021 Latest Braindump2go AZ-304 PDF and AZ-304 VCE Dumps Free Share: https://drive.google.com/drive/folders/1uaSIPxmcHkdYozBoAS9DD53SRhiqALx5?usp=sharing
