[Jan-2022] AZ-304 Pre-Exam Practice Tests | Exam Questions and Answers for Azure Solutions Architect Expert Study Guide

Microsoft Azure Architect Design Certification Sample Questions

AZ-304 Exam Topics

The students will need to study the following topics to master their AZ-304:

• Develop Infrastructure;
• Create Data Storage.
• Design Monitoring;
• Develop Identity and Security;
• Define Business Continuity;

These domains for AZ-304 cover varied aspects of Azure. Within that of developing business continuity, there is the creation of solutions meant for backup and recovery alongside creating solutions geared towards high availability. For backup and recovery, you will have to recommend recovery solutions targeting on-premises and Azure hybrid, design solutions for Azure Site Recovery, and suggest solutions targeting recovery in varied regions and for managing Azure Backup. Also, involved is creating solutions for archiving and retaining data. With regards to creating solutions meant for high availability, candidates ought to suggest solutions for apps and workload redundancy and for autoscaling, identify resources needing high availability, identify high availability storage, and suggest solutions for workload geo-redundancy.

Regarding the topic for developing identity along with security, the abilities revolve around creating authentication, authorization, governance, and app security. For the creation of authentication, candidates should show abilities in recommending single-sign-on solutions, an authentication solution including the conditional access one, and network access verification. Recommending a hybrid identity solution, user self-service solution, and executing a B2B integration solution are also issues to look at. When it comes to the part of creating governance still under the second domain, familiarity with tagging strategies, Azure Policy, and Azure Blueprint are also included. For creating authorization, featured areas include authorization approach, hierarchical structure, and solution for access management. Lastly, for this section, candidates ought to be familiar with creating app security for apps. In this aspect, you will find issues like suggesting solutions including KeyVault, managed identities for Azure, and integration of applications into Azure AD.

When it comes to the third portion regarding design monitoring, one has to know how to develop solutions targeting cost optimization, logging, and keeping track. For cost optimization, besides cost management, one ought to know more about cost reporting. Also, for logging as well as monitoring, the issue is to be good at storage levels and locations directed at logs, monitoring tools, event routing as well as escalation, and logging solutions targeting compliance expectations.

For the sphere of developing infrastructure, things to find include creating solutions for compute, developing a solution for the network, creating architecture for apps, and designing migrations. For the area of compute solutions, compute provisioning, technologies, solutions meant for containers, and automation of compute management are covered. Under the development of a solution for the network, network addressing, name resolution, provisioning, security, and connectivity will be studied. Others include network management automation and load balancing in addition to traffic routing. To cover in application architecture design are aspects like microservices architecture, an orchestration solution designed to be used for deployment, and API integration. In the final part of creating migrations, candidates will come across on-premises servers, apps, and data for migration.

The final domain encompasses creating data storage. It revolves around creating solutions for databases as well as data integration and choosing the right account for storage. The aspect of creating solutions for databases includes data platform, sizing of a database service tier, database scalability, and data encryption. Under data integration, the issues covered are data flow and data integration. Finally, when it comes to choosing the right account for storage, one has to consider storage tiers, access solutions for storage, and tools for managing storage.

 

NEW QUESTION 128
You need to design a resource governance solution for an Azure subscription. The solution must meet the following requirements:
Ensure that all ExpressRoute resources are created in a resource group named RG1.
Delegate the creation of the ExpressRoute resources to an Azure Active Directory (Azure AD) group named Networking.
Use the principle of least privilege.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage

 

NEW QUESTION 129
You have 200 resource groups across 20 Azure subscriptions.
Your company's security policy states that the security administrator must verify all assignments of the Owner role for the subscriptions and resource groups once a month. All assignments that are not approved by the security administrator must be removed automatically. The security administrator must be prompted every month to perform the verification.
What should you use to implement the security policy?

• A. role assignments in Azure Active Directory (Azure AD) Privileged identity Management (PIM)
• B. the user risk policy Azure Active Directory (Azure AD) Identity Protection
• C. Access reviews in Identity Governance
• D. Identity Secure Score in Azure Security Center

Answer: C

 

NEW QUESTION 130
Your company purchases an app named App1.
You need to recommend a solution 10 ensure that App 1 can read and modify access reviews.
What should you recommend?

• A. From the Azure Active Directory admin center, register App1. and then delegate permissions to the Microsoft Graph API.
• B. From API Management services, publish the API of App1 From the Access control (IAM) blade, delegate permissions.
• C. From the Azure Active Directory admin center, register App1. from the Access control (IAM) blade, delegate permissions.
• D. From API Management services, publish the API of App1. and then delegate permissions to the Microsoft Graph API.

Answer: C

Explanation:
The app must be registered. You can register the application in the Azure Active Directory admin center.
The Azure AD access reviews feature has an API in the Microsoft Graph endpoint.
You can register an Azure AD application and set it up for permissions to call the access reviews API in Graph.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

 

NEW QUESTION 131
You plan to deploy a network-intensive application to several Azure virtual machines.
You need to recommend a solution that meets the following requirements:
* Minimizes the use of the virtual machine processors to transfer data
* Minimizes network latency
Which virtual machine size and feature should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-hpc#h-series

 

NEW QUESTION 132
A company named Contoso, Ltd- has an Azure Active Directory {Azure AD) tenant that uses the Basic license.
You plan to deploy two applications to Azure. The applications have the requirements shown in the following table.

Which authentication strategy should you recommend for each application? To answer, drag the appropriate authentication strategies to the correct applications. Each authentication strategy may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: Azure AD V2.0 endpoint
Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) developer platform. It allows developers to build applications that sign in all Microsoft identities and get tokens to call Microsoft APIs, such as Microsoft Graph, or APIs that developers have built. The Microsoft identity platform consists of:
OAuth 2.0 and OpenID Connect standard-compliant authentication service that enables developers to authenticate any Microsoft identity, including:
Work or school accounts (provisioned through Azure AD)
Personal Microsoft accounts (such as Skype, Xbox, and Outlook.com)
Social or local accounts (via Azure AD B2C)
Box 2: Azure AD B2C tenant
Azure Active Directory B2C provides business-to-customer identity as a service. Your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs.
Azure Active Directory B2C (Azure AD B2C) integrates directly with Azure Multi-Factor Authentication so that you can add a second layer of security to sign-up and sign-in experiences in your applications.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-mfa
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview

 

NEW QUESTION 133
You plan to deploy a network-intensive application to several Azure virtual machines.
You need to recommend a solution that meets the following requirements:
* Minimizes the use of the virtual machine processors to transfer data
* Minimizes network latency
Which virtual machine size and feature should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-hpc#h-series

 

NEW QUESTION 134
You are reviewing the budget for Azure Storage as shown in the exhibit (Click the Exhibit tab.) All the virtual machines in the Azure subscription use Premium storage.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: correct selection is worth one point.

Answer:

Explanation:

Explanation

 

NEW QUESTION 135
You plan to deploy an application that will run at a Linux-based Docker container You need to recommend a solution to host the application in Azure. The solution must meet the following requirements:
* Support a custom domain name and an associated SSL certificate.
* Scale-out automatically based on demand
* Minimize administrative effort and costs.
What should you Include in the recommendation?

• A. an Azure virtual machine
• B. Azure App Service
• C. Azure Kubemetes Service (AKS)
• D. Azure Container instances

Answer: C

Explanation:
Explanation
App Service not only adds the power of Microsoft Azure to your application, such as security, load balancing, autoscaling, and automated management. You can also take advantage of its DevOps capabilities, such as continuous deployment from Azure DevOps, GitHub, Docker Hub, and other sources, package management, staging environments, custom domain, and TLS/SSL certificates.
Key features of App Service include:
* Containerization and Docker - Dockerize your app and host a custom Windows or Linux container in App Service.
* Scale up or out manually or automatically. Host your apps anywhere in Microsoft's global datacenter infrastructure, and the App Service SLA promises high availability.
App Service can also host web apps natively on Linux for supported application stacks. It can also run custom Linux containers (also known as Web App for Containers).
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview

 

NEW QUESTION 136
You are designing a virtual machine that will run Microsoft SQL Server and will contain two data disks. The first data disk will store log files, and the second data disk will store dat a. Both disks are P40 managed disks.
You need to recommend a caching policy for each disk. The policy must provide the best overall performance for the virtual machine.
Which caching policy should you recommend for each disk? To answer, drag the appropriate policies to the correct disks. Each policy may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sql/virtual-machines-windows-sql-performance

 

NEW QUESTION 137
You have an on-premises application named App1 that uses an Oracle database.
You plan to use Azure Databricks to transform and load data from App1 to an Azure Synapse Analytics instance.
You need to ensure that the App1 data is available to Databricks.
Which two Azure services should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. Azure Data Lake Storage
• B. Azure Import/Export service
• C. Azure Data Box Gateway
• D. Azure Data Box Edge
• E. Azure Data Factory

Answer: A,E

Explanation:
Automate data movement using Azure Data Factory, then load data into Azure Data Lake Storage, transform and clean it using Azure Databricks, and make it available for analytics using Azure Synapse Analytics.
Modernize your data warehouse in the cloud for unmatched levels of
Note: Integrate data silos with Azure Data Factory, a service built for all data integration needs and skill levels.
Easily construct ETL and ELT processes code-free within the intuitive visual environment, or write your own code. Visually integrate data sources using more than 90+ natively built and maintenance-free connectors at no added cost. Focus on your data-the serverless integration service does the rest.
Reference:
https://azure.microsoft.com/en-us/services/databricks/#capabilities
https://azure.microsoft.com/en-us/services/data-factory/

 

NEW QUESTION 138
To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

1
1
0

 

NEW QUESTION 139
A company named Contoso Ltd., has a single-domain Active Directory forest named contoso.com.
Contoso is preparing to migrate all workloads to Azure. Contoso wants users to use single sign-on (SSO) when they access cloud-based services that integrate with Azure Active Directory (Azure AD).
You need to identify any objects in Active Directory that will fail to synchronize to Azure AD due to formatting issues. The solution must minimize costs.
What should you include in the solution?

• A. Password Export Server version 3.1 (PES v3.1) in Active Directory Migration Tool (ADMT)
• B. Azure Advisor
• C. Azure AD Connect Health
• D. Microsoft Office 365 IdFix

Answer: D

Explanation:
https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/objects-dont-sync-ad-sync-tool

 

NEW QUESTION 140
You have an existing implementation of Microsoft SQL Server Integration Services (SSIS) packages stored in an SSISDB catalog on your on-premises network. The on-premises network does not have hybrid connectivity to Azure by using Site-to-Site VPN or ExpressRoute.
You want to migrate the packages to Azure Data Factory.
You need to recommend a solution that facilitates the migration while minimizing changes to the existing packages. The solution must minimize costs.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/data-factory/create-azure-integration-runtime
https://docs.microsoft.com/en-us/sql/integration-services/lift-shift/ssis-azure-connect-to-catalog-database

 

NEW QUESTION 141
You are designing an access policy for the sales department at your company.
Occasionally, the developers at the company must stop, start, and restart Azure virtual machines. The development team changes often.
You need to recommend a solution to provide the developers with the required access to the virtual machines.
The solution must meet the following requirements:
Provide permissions only when needed.
Use the principle of least privilege.
Minimize costs.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

 

NEW QUESTION 142
You have an Azure Storage account that contains the data shown in the following exhibit.

• A. File1. bin only
• B. File1.bin and File2.bin only
• C. File3.bin only
• D. File1.bin File2.bin File3.bin
• E. File2.bin only

Answer: C

 

NEW QUESTION 143
You need to design an architecture to capture the creation of users and the assignment of roles. The captured data must be stored in Azure Cosmos DB.
Which Azure services should you include in the design? To answer, drag the appropriate services to the correct targets. Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

 

NEW QUESTION 144
......

Further Certification Prospects

Although the certification related to AZ-304 is expert-level, IT professionals can expand their skillset by earning other accreditations as well. For instance, it can be Microsoft Certified: Azure DevOps Engineer Expert. In case you are ready to master some other Microsoft products, the Microsoft Certified: Dynamics 365 Finance and Operations Apps Solution Architect Expert and Microsoft Certified: Dynamics 365 + Power Platform Solution Architect Expert certifications are some of the options to choose from too.

 

Microsoft Exam Practice Test To Gain Brilliante Result: https://www.testsimulate.com/AZ-304-study-materials.html