[Mar-2022] Pass AZ-304 Exam in First Attempt UpdatedAZ-304 TestSimulate Exam Question

Azure Solutions Architect Expert Dumps AZ-304 Exam for Full Questions - Exam Study Guide

Microsoft Azure Architect Design Exam Certification Details:

Books / Training	AZ-304T00-A: Microsoft Azure Architect Design
Schedule Exam	Pearson VUE
Passing Score	700 / 1000
Duration	150 mins
Sample Questions	Microsoft Azure Architect Design Sample Questions

AZ-304: Microsoft Azure Architect Design Exam Certified Professional salary

The average salary of a AZ-304: Microsoft Azure Architect Design Exam Certified Expert in

• India - 20,00,327 INR
• United State - 120,000 USD
• England - 90,532 POUND
• Europe - 90,547 EURO

 

NEW QUESTION 44
You have a virtual machine scale set named SS1.
You configure autoscaling as shown in the following exhibit.

You configure the scale out and scale in rules to have a duration of 10 minutes and a cool down time of 10 minutes.
Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: 20 Minutes. 10 minutes cool down time after the last scale-up plus 10 minutes duration equals 20 minutes.
Box 2: 9 virtual machines. 30% does not match the scale in requirement of less than 25% so the number of virtual machines will not change.

 

NEW QUESTION 45
You need to design a solution for securing access to the historical transaction data.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 46
You need to design a resource governance solution for an Azure subscription. The solution must meet the following requirements:
Ensure that all ExpressRoute resources are created in a resource group named RG1.
Delegate the creation of the ExpressRoute resources to an Azure Active Directory (Azure AD) group named Networking.
Use the principle of least privilege.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage

 

NEW QUESTION 47
You are designing a cost-optimized solution that uses Azure Batch to run two types of jobs on Linux nodes.
The first job type will consist of short-running tasks for a development environment. The second jot type will consist of long-running Message Passing Interface (MPI) applications for a production environment that requires timely job completion.
You need to recommend the pool type and node type for each job type. The solution must minimize compute charges and leverage Azure Hybrid Benefit whenever possible.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: User subscription and low-priority virtual machines
Azure Batch offers low-priority virtual machines (VMs) to reduce the cost of Batch workloads. Low-priority VMs make new types of Batch workloads possible by enabling a large amount of compute power to be used for a very low cost.
Some examples of batch processing use cases well suited to use low-priority VMs are:
* Development and testing: In particular, if large-scale solutions are being developed, significant savings can be realized. All types of testing can benefit, but large-scale load testing and regression testing are great uses.
* Supplementing on-demand capacity.
* Flexible job execution time.
Box 2: Batch service and dedicate virtual machines
Reference:
https://docs.microsoft.com/en-us/azure/batch/batch-low-pri-vms

 

NEW QUESTION 48
You have an application that sends events to an Azure event hub by using HTTP requests over the internet.
You plan to increase the number of application instances.
You need to recommend a solution to reduce the overhead associated with sending events to the hub.
What should you recommend?

• A. Configure the application to send events by using the HTTPS protocol.
• B. Reduce the retention period of the event hub.
• C. Configure the application to send events by using the AMQP protocol
• D. Replace the event hub with an Azure Service Bus instance.

Answer: C

Explanation:
Explanation
Compared to HTTP, AMQP is easy to scale.
Note: Facts pro-AMQP
Delivering messages with AMQP gives you reliability and being asynchronous allows you to not worry about the delivery at all.
Reference:
https://dev.to/fedejsoren/amqp-vs-http

 

NEW QUESTION 49
Your company, named Contoso, Ltd, implements several Azure logic apps that have HTTP triggers: The logic apps provide access to an on-premises web service.
Contoso establishes a partnership with another company named Fabrikam, Inc.
Fabrikam does not have an existing Azure Active Directory (Azure AD) tenant and uses third-party OAuth
2.0 identity management to authenticate its users.
Developers at Fabrikam plan to use a subset of the logics apps to build applications that will integrate with the on-premises web service of Contoso.
You need to design a solution to provide the Fabrikam developers with access to the logic apps. The solution must meet the following requirements:
Requests to the logic apps from the developers must be limited to lower rates than the requests from the users at Contoso.
The developers must be able to rely on their existing OAuth 2.0 provider to gain access to the logic apps.
The solution must NOT require changes to the logic apps.
The solution must NOT use Azure AD guest accounts.
What should you include in the solution?

• A. Azure API Management
• B. Azure AD business-to-business (B2B)
• C. Azure Front Door
• D. Azure AD Application Proxy

Answer: A

Explanation:
Explanation
API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services.
You can secure API Management using the OAuth 2.0 client credentials flow.
Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts

 

NEW QUESTION 50
You have an on-premises file server that stores 2 TB of data files.
You plan to move the data files to Azure Blob storage in the Central Europe region.
You need to recommend a storage account type to store the data files and a replication solution for the storage account. The solution must meet the following requirements:
* Be available if a single Azure datacenter fails.
* Support storage tiers.
* Minimize cost.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: Blob storage
Blob storage supports storage tiers
Note: Azure offers three storage tiers to store data in blob storage: Hot Access tier, Cool Access tier, and Archive tier. These tiers target data at different stages of its lifecycle and offer cost-effective storage options for different use cases.
Box 2: Zone-redundant storage (ZRS)
Data in an Azure Storage account is always replicated three times in the primary region. Azure Storage offers two options for how your data is replicated in the primary region:
* Zone-redundant storage (ZRS) copies your data synchronously across three Azure availability zones in the primary region.
* Locally redundant storage (LRS) copies your data synchronously three times within a single physical location in the primary region. LRS is the least expensive replication option, but is not recommended for applications requiring high availability.
References:
https://cloud.netapp.com/blog/storage-tiers-in-azure-blob-storage-find-the-best-for-your-data

 

NEW QUESTION 51
You plan to deploy 10 applications to Azure. The applications will be deployed to two Azure Kubermetes Service (AKS) clusters. Each cluster win be deployed to a separate Azure region. The application deployment must meet the following requirements:
* Ensure that the applications remain available it a single AKS cluster fails.
* Ensure That the connection traffic over the internet is encrypted by using SSL without having to configure SSL on each container.
Which Azure service should you include in the recommendation?

• A. Azure Traffic Manager
• B. Azure Load Balancer
• C. AKS ingress controller
• D. Azure Front Door

Answer: A

 

NEW QUESTION 52
Your company purchases an app named App1.
You need to recommend a solution to ensure that App1 can read and modify access reviews.
What should you recommend?

• A. From the Azure Active Directory admin center, register App1, and then delegate permissions to the Microsoft Graph API.
• B. From API Management services, publish the API of App1, and then delegate permissions to the Microsoft Graph API.
• C. From API Management services, publish the API of App1. From the Access control (IAM) blade, delegate permissions.
• D. From the Azure Active Directory admin center, register App1. From the Access control (IAM) blade, delegate permissions.

Answer: D

Explanation:
Explanation
Explanation:
The app must be registered. You can register the application in the Azure Active Directory admin center.
The Azure AD access reviews feature has an API in the Microsoft Graph endpoint.
You can register an Azure AD application and set it up for permissions to call the access reviews API in Graph.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

 

NEW QUESTION 53
You are designing a cost-optimized solution that uses Azure Batch to run two types of jobs on Linux nodes. The first job type will consist of short-running tasks for a development environment. The second jot type will consist of long-running Message Passing Interface (MPI) applications for a production environment that requires timely job completion.
You need to recommend the pool type and node type for each job type. The solution must minimize compute charges and leverage Azure Hybrid Benefit whenever possible.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/batch/batch-low-pri-vms

 

NEW QUESTION 54
You are evaluating the components of the migration to Azure that require you to provision an Azure Storage account.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 55
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.
Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network.
You need to enable single sign-on (SSO) for company users.
Solution: Install and configure an Azure AD Connect server to use password hash synchronization and select the "Enable single sign-on" option.
Does the solution meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) automatically signs users in when they are on their corporate devices connected to your corporate network. When enabled, users don't need to type in their passwords to sign in to Azure AD, and usually, even type in their usernames. This feature provides your users easy access to your cloud-based applications without needing any additional on-premises components.
Seamless SSO can be combined with either the Password Hash Synchronization or Pass-through Authentication sign-in methods.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso

 

NEW QUESTION 56
You are designing an Azure web app that will use Azure Active Directory (Azure AD) for authentication.
You need to recommend a solution to provide users from multiple Azure AD tenants with access to App1. The solution must ensure that the users use Azure Multi-Factor Authentication (MFA) when they connect to App1.
Which two types of objects should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is world one point

• A. Azure AD guest accounts
• B. a Microsoft intune app protection policy
• C. an identity Experience Framework policy
• D. Azure AD managed identities
• E. an Azure application security group
• F. Azure AD conditional access policies

Answer: B,E

 

NEW QUESTION 57
You manage a network that includes an on-premises Active Directory Domain Services domain and an Azure Active Directory (Azure AD).
Employees are requires to use different accounts when using on-premises or cloud resources. You must recommend a solution that lets employees sign in to all company resources by using a single account. The solution must implement an identity provider.
You need provide guidance on the different identity providers.
How should you describe each identity provider? To answer, select the appropriate description from each list in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box1: User management occurs on-premises. Azure AD authenticates employees by using on-premises passwords.
Azure AD Domain Services for hybrid organizations
Organizations with a hybrid IT infrastructure consume a mix of cloud resources and on-premises resources.
Such organizations synchronize identity information from their on-premises directory to their Azure AD tenant. As hybrid organizations look to migrate more of their on-premises applications to the cloud, especially legacy directory-aware applications, Azure AD Domain Services can be useful to them.
Example: Litware Corporation has deployed Azure AD Connect, to synchronize identity information from their on-premises directory to their Azure AD tenant. The identity information that is synchronized includes user accounts, their credential hashes for authentication (password hash sync) and group memberships.

User accounts, group memberships, and credentials from Litware's on-premises directory are synchronized to Azure AD via Azure AD Connect. These user accounts, group memberships, and credentials are automatically available within the managed domain.
Box 2: User management occurs on-premises. The on-promises domain controller authenticates employee credentials.
You can federate your on-premises environment with Azure AD and use this federation for authentication and authorization. This sign-in method ensures that all user authentication occurs on-premises.

References:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-overview
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed

 

NEW QUESTION 58
You need to recommend a solution for data of the historical transaction query system.
What should you include in the recommendation? To answer, Select the appropriate or options in the answer area.
NOTE: Each correct selection is worth one point

Answer:

Explanation:

Explanation

 

NEW QUESTION 59
Your company wants to use an Azure Active Directory (Azure AD) hybrid identity solution.
You need to ensure that users can authenticate if the internet connection to the on-premises Active Directory is unavailable. The solution must minimize authentication prompts for the users.
What should you include in the solution?

• A. an Active Directory Federation Services (AD FS) server
• B. pass-through authentication and Azure AD Seamless Single Sign-On (Azure AD Seamless SSO)
• C. password hash synchronization and Azure AD Seamless Single Sign-On (Azure AD Seamless SSO)

Answer: C

Explanation:
With Password hash synchronization + Seamless SSO the authentication is in the cloud.
Incorrect Answers:
Pass-through Authentication and federation rely on on-premises infrastructure.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn

 

NEW QUESTION 60
You need to recommend an Azure Storage Account configuration for two applications named Application1 and Applications. The configuration must meet the following requirements:
* Storage for Application1 must provide the highest possible transaction rates and the lowest possible latency.
* Storage for Application2 must provide the lowest possible storage costs per GB.
* Storage for both applications must be optimized for uploads and downloads.
* Storage for both applications must be available in an event of datacenter failure.
What should you recommend ? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point

Answer:

Explanation:

 

NEW QUESTION 61
You need to recommend a solution for the data store of the historical transaction query system.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 62
You need to design a highly available Azure SQL database that meets the following requirements:
* Failover between replicas of the database must occur without any data loss.
* The database must remain available in the event of a zone outage.
* Costs must be minimized.
Which deployment option should you use?

• A. Azure SQL Database Managed Instance Business Critical
• B. Azure SQL Database Business Critical
• C. Azure SQL Database Serverless
• D. Azure SQL Database Hyperscale

Answer: A

 

NEW QUESTION 63
To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation
1
1
0

 

NEW QUESTION 64
You are planning to deploy an application named App1 that will run in containers on Azure Kubernetes Service (AKS) clusters. The AKS clusters will be distributed across four Azure regions.
You need to recommend a storage solution for App1. Updated container images must be replicated automatically to all the AKS clusters.
Which storage solution should you recommend?

• A. geo-redundant storage (GRS) accounts
• B. Azure Cache for Redis
• C. Premium SKU Azure Container Registry
• D. Azure Content Delivery Network (CDN)

Answer: C

Explanation:
Explanation/Reference:
Explanation:
Enable geo-replication for container images.
Best practice: Store your container images in Azure Container Registry and geo-replicate the registry to each AKS region.
To deploy and run your applications in AKS, you need a way to store and pull the container images. Container Registry integrates with AKS, so it can securely store your container images or Helm charts. Container Registry supports multimaster geo-replication to automatically replicate your images to Azure regions around the world.
Geo-replication is a feature of Premium SKU container registries.
Note:
When you use Container Registry geo-replication to pull images from the same region, the results are:
Faster: You pull images from high-speed, low-latency network connections within the same Azure region.
More reliable: If a region is unavailable, your AKS cluster pulls the images from an available container registry.
Cheaper: There's no network egress charge between datacenters.
Reference:
https://docs.microsoft.com/en-us/azure/aks/operator-best-practices-multi-region

 

NEW QUESTION 65
You plan to deploy an Azure App Service web app that will have multiple instances across multiple Azure regions.
You need to recommend a load balancing service for the planned deployment. The solution must meet the following requirements:
Maintain access to the app in the event of a regional outage.
Support Azure Web Application Firewall (WAF).
Support cookie-based affinity.
Support URL routing.
What should you include in the recommendation?

• A. Azure Traffic Manager
• B. Azure Load Balancer
• C. Azure Application Gateway
• D. Azure Front Door

Answer: B

Explanation:
Azure Traffic Manager performs the global load balancing of web traffic across Azure regions, which have a regional load balancer based on Azure Application Gateway. This combination gets you the benefits of Traffic Manager many routing rules and Application Gateway's capabilities such as WAF, TLS termination, path-based routing, cookie-based session affinity among others.
Reference:
https://docs.microsoft.com/en-us/azure/application-gateway/features

 

NEW QUESTION 66
You have a web application that uses a MongoDB database. You plan to migrate the web application to Azure.
You must migrate to Cosmos DB while minimizing code and configuration changes.
You need to design the Cosmos DB configuration.
What should you recommend? To answer, select the appropriate values in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/create-mongodb-dotnet

 

NEW QUESTION 67
Your company deploys several Linux and Windows virtual machines (VMs) to Azure. The VMs are deployed with the Microsoft Dependency Agent and the Log Analytics Agent installed by using Azure VM extensions. On-premises connectivity has been enabled by using Azure ExpressRoute.
You need to design a solution to monitor the VMs.
Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: Azure Traffic Analytics
Traffic Analytics is a cloud-based solution that provides visibility into user and application activity in cloud networks. Traffic analytics analyzes Network Watcher network security group (NSG) flow logs to provide insights into traffic flow in your Azure cloud. With traffic analytics, you can:
* Identify security threats to, and secure your network, with information such as open-ports, applications attempting internet access, and virtual machines (VM) connecting to rogue networks.
* Visualize network activity across your Azure subscriptions and identify hot spots.
* Understand traffic flow patterns across Azure regions and the internet to optimize your network deployment for performance and capacity.
* Pinpoint network misconfigurations leading to failed connections in your network.
Box 2: Azure Service Map
Service Map automatically discovers application components on Windows and Linux systems and maps the communication between services. With Service Map, you can view your servers in the way that you think of them: as interconnected systems that deliver critical services. Service Map shows connections between servers, processes, inbound and outbound connection latency, and ports across any TCP-connected architecture, with no configuration required other than the installation of an agent.
References:
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/service-map

 

NEW QUESTION 68
......

Who is the target audience for the Microsoft AZ-304 exam?

The applicants for this certification exam are the Azure Solution Architects with intermediate-level skills in the domain of Azure administration. These professionals have a good understanding of DevOps processes and Azure development. They are also responsible for translating the business needs into scalable, reliable, and secure Cloud solutions. Additionally, they can advise the stakeholders and collaborate with the Cloud DBAs and Cloud administrators to implement solutions.

 

Authentic Best resources for AZ-304 Online Practice Exam: https://www.testsimulate.com/AZ-304-study-materials.html