AZ-204 Practice Questions — Page 12

You manage an Azure Cosmos DB for a NoSQL API account named account1. The account contains a database named db1, which contains a container named container1. You configure account1 with a session consistency level.

You plan to develop an application named App1 that will access container1. Individual instances of App1 must perform reads and writes. App1 must allow multiple nodes to participate in the same session.

You need to configure an object to share the session token between the nodes.

Which object should you use?

You have a static website hosted in an Azure Storage account named storage1. You access the website by using a URL that ends with the web.core.windows.net suffix.

You plan to configure the website to be accessible through the URL www.contoso.com. The website must be accessible during configuration.

The contoso.com zone is hosted in Azure DNS.

You need to complete the website configuration.

Which four actions should you perform in sequence? To answer, move the appropriate domain name configuration steps from the list of domain name configuration steps to the answer area and arrange them in the correct order.

You manage an Azure Cosmos DB for a NoSQL API account named account1. You configure account1 with the default consistency level.

An application named app1 must access containers in account1 to perform read and write operations. The connections from app1 to account1 must be established by using the direct mode.

You plan to configure app1 to override the default consistency level by using the Azure Cosmos DB SDK client.

You need to set the maximum consistency level for app1 to use for read and write operations.

Which consistency level should you set? To answer, move the appropriate maximum consistency levels to the correct operation types. You may use each maximum consistency level once, more than once, or not at all. You may need to move the split bar between panes or scroll to view content.

You manage an Azure subscription associated with a Microsoft Entra tenant named contoso.com. The subscription contains an Azure Blob Storage account named storage1. Your user account has the Contributor Azure role-based access control (RBAC) role within the scope of the subscription.

You plan to implement secure access to containers and blobs in storage1. Your solution must satisfy the following requirements:

• Authorization requests to access storage1 content must be authenticated by using Microsoft Entra credentials.

• Authorized access to storage1 content must be time-limited based on arbitrary values specified when requests are raised.

• The principle of least privilege must be satisfied.

You need to implement the plan.

Which three actions should you perform in sequence? To answer, move the appropriate secure access implementation options from the list of secure access implementations to the answer area and arrange them in the correct order.

Case study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Background

Fourth Coffee is a global coffeehouse chain and coffee company recognized as one of the world’s most influential coffee brands. The company is renowned for its specialty coffee beverages, including a wide range of espresso-based drinks, teas, and other beverages. Fourth Coffee operates thousands of stores worldwide.

Current environment

The company is developing cloud-native applications hosted in Azure.

Corporate website

The company hosts a public website located at http://www.fourthcoffee.com/. The website is used to place orders as well as view and update inventory items.

Inventory items

In addition to its core coffee offerings, Fourth Coffee recently expanded its menu to include inventory items such as lunch items, snacks, and merchandise. Corporate team members constantly update inventory. Users can customize items. Corporate team members configure inventory items and associated images on the website.

Orders

Associates in the store serve customized beverages and items to customers. Orders are placed on the website for pickup.

The application components process data as follows:

1. Azure Traffic Manager routes a user order request to the corporate website hosted in Azure App Service.

2. Azure Content Delivery Network serves static images and content to the user.

3. The user signs in to the application through a Microsoft Entra ID for customers tenant.

4. Users search for items and place an order on the website as item images are pulled from Azure Blob Storage.

5. Item customizations are placed in an Azure Service Bus queue message.

6. Azure Functions processes item customizations and saves the customized items to Azure Cosmos DB.

7. The website saves order details to Azure SQL Database.

8. SQL Database query results are cached in Azure Cache for Redis to improve performance.

The application consists of the following Azure services:

Requirements

The application components must meet the following requirements:

• Azure Cosmos DB development must use a native API that receives the latest updates and stores data in a document format.

• Costs must be minimized for all Azure services.

• Developers must test Azure Blob Storage integrations locally before deployment to Azure. Testing must support the latest versions of the Azure Storage APIs.

Corporate website

• User authentication and authorization must allow one-time passcode sign-in methods and social identity providers (Google or Facebook).

• Static web content must be stored closest to end users to reduce network latency.

Inventory items

• Customized items read from Azure Cosmos DB must maximize throughput while ensuring data is accurate for the current user on the website.

• Processing of inventory item updates must automatically scale and enable updates across an entire Azure Cosmos DB container.

• Inventory items must be processed in the order they were placed in the queue.

• Inventory item images must be stored as JPEG files in their native format to include exchangeable image file format (data) stored with the blob data upon upload of the image file.

• The Inventory Items API must securely access the Azure Cosmos DB data.

Orders

• Orders must receive inventory item changes automatically after inventory items are updated or saved.

Issues

• Developers are storing the Azure Cosmos DB credentials in an insecure clear text manner within the Inventory Items API code.

• Production Azure Cache for Redis maintenance has negatively affected application performance.

You need to support local development testing for developers.

Which tool should you use?

You have an Azure storage account named account1.

The account1 account contains 100 containers named container1 through container100.

You plan to implement data lifecycle management for container1 to perform the following actions:

• Move blobs to cool tier unless they have been read or modified within the last 30 days.

• Move blobs to hot tier when they are read or modified in cool tier.

You need to define the data lifecycle management policy rule to implement the container1 actions.

How should you complete the rule definition? To answer, select the appropriate options in the answer area

NOTE: Each correct selection is worth one point.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are developing a website that will run as an Azure Web App. Users will authenticate by using their Azure Active Directory (Azure AD) credentials.

You plan to assign users one of the following permission levels for the website: admin, normal, and reader. A user's Azure AD group membership must be used to determine the permission level.

You need to configure authorization.

Solution: Configure the Azure Web App for the website to allow only authenticated requests and require Azure AD log on.

Does the solution meet the goal?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are developing a website that will run as an Azure Web App. Users will authenticate by using their Azure Active Directory (Azure AD) credentials.

You plan to assign users one of the following permission levels for the website: admin, normal, and reader. A user's Azure AD group membership must be used to determine the permission level.

You need to configure authorization.

Solution:

✑ Create a new Azure AD application. In the application's manifest, define application roles that match the required permission levels for the application.

✑ Assign the appropriate Azure AD group to each role. In the website, use the value of the roles claim from the JWT for the user to determine permissions.

Does the solution meet the goal?

You provide an Azure API Management managed web service to clients. The back-end web service implements HTTP Strict Transport Security (HSTS).

Every request to the backend service must include a valid HTTP authorization header.

You need to configure the Azure API Management instance with an authentication policy.

Which two policies can you use? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

You are developing an ASP.NET Core website that can be used to manage photographs which are stored in Azure Blob Storage containers.

Users of the website authenticate by using their Azure Active Directory (Azure AD) credentials.

You implement role-based access control (RBAC) role permissions on the containers that store photographs. You assign users to RBAC roles.

You need to configure the website's Azure AD Application so that user's permissions can be used with the Azure Blob containers.

How should you configure the application? To answer, drag the appropriate setting to the correct location. Each setting can be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Select and Place: