AZ-204: Developing Solutions for Microsoft Azure Part 4
Question #: 262
Topic #: 5
You develop an Azure App Service web app and deploy to a production environment. You enable Application Insights for the web app.
The web app is throwing multiple exceptions in the environment.
You need to examine the state of the source code and variables when the exceptions are thrown.
Which Application Insights feature should you configure?
A. Smart detection
B. Profiler
C. Snapshot Debugger
D. Standard test
Selected Answer: C
Question #: 263
Topic #: 6
You develop and deploy an ASP.NET Core application that connects to an Azure Database for MySQL instance.
Connections to the database appear to drop intermittently and the application code does not handle the connection failure.
You need to handle the transient connection errors in code by implementing retries.
What are three possible ways to achieve this goal? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Close the database connection and immediately report an error.
B. Disable connection pooling and configure a second Azure Database for MySQL instance.
C. Wait five seconds before repeating the connection attempt to the database.
D. Set a maximum number of connection attempts to 10 and report an error on subsequent connections.
E. Increase connection repeat attempts exponentially up to 120 seconds.
Selected Answer: CDE
Question #: 278
Topic #: 3
You are updating an application that stores data on Azure and uses Azure Cosmos DB for storage. The application stores data in multiple documents associated with a single username.
The application requires the ability to update multiple documents for a username in a single ACID operation.
You need to configure Azure Cosmos DB.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Create a collection sharded on username to store documents.
B. Configure Azure Cosmos DB to use the Gremlin API.
C. Create an unsharded collection to store documents.
D. Configure Azure Cosmos DB to use the MongoDB API.
Selected Answer: CD
Question #: 279
Topic #: 5
You develop an ASP.NET Core app that uses Azure App Configuration. You also create an App Configuration containing 100 settings.
The app must meet the following requirements:
• Ensure the consistency of all configuration data when changes to individual settings occur.
• Handle configuration data changes dynamically without causing the application to restart.
• Reduce the overall number of requests made to App Configuration APIs.
You must implement dynamic configuration updates in the app.
What are two ways to achieve this goal? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Create and register a sentinel key in the App Configuration store. Set the refreshAll parameter of the Register method to true.
B. Increase the App Configuration cache expiration from the default value.
C. Decrease the App Configuration cache expiration from the default value.
D. Create and configure Azure Key Vault. Implement the Azure Key Vault configuration provider.
E. Register all keys in the App Configuration store. Set the refreshAll parameter of the Register method to false.
F. Create and implement environment variables for each App Configuration store setting.
Selected Answer: AB
Question #: 280
Topic #: 2
You are developing a web app that is protected by Azure Web Application Firewall (WAF). All traffic to the web app is routed through an Azure Application
Gateway instance that is used by multiple web apps. The web app address is contoso.azurewebsites.net.
All traffic must be secured with SSL. The Azure Application Gateway instance is used by multiple web apps.
You need to configure the Azure Application Gateway for the web app.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. In the Azure Application Gateway’s HTTP setting, enable the Use for App service setting.
B. Convert the web app to run in an Azure App service environment (ASE).
C. Add an authentication certificate for contoso.azurewebsites.net to the Azure Application Gateway.
D. In the Azure Application Gateway’s HTTP setting, set the value of the Override backend path option to contoso22.azurewebsites.net.
Selected Answer: AD
Question #: 281
Topic #: 4
You deploy an Azure App Service web app. You create an app registration for the app in Azure Active Directory (Azure AD) and Twitter.
The app must authenticate users and must use SSL for all communications. The app must use Twitter as the identity provider.
You need to validate the Azure AD request in the app code.
What should you validate?
A. ID token header
B. ID token signature
C. HTTP response code
D. Tenant ID
Selected Answer: B
Question #: 284
Topic #: 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure
Storage Blob storage. The storage account type is General-purpose V2.
When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute.
You need to design the process that starts the photo processing.
Solution: Use the Azure Blob Storage change feed to trigger photo processing.
Does the solution meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 285
Topic #: 3
You develop Azure solutions.
You must connect to a No-SQL globally-distributed database by using the .NET API.
You need to create an object to configure and execute requests in the database.
Which code segment should you use?
A. database_name = ‘MyDatabase’
database = client.create_database_if_not_exists(id=database_name)
B. client = CosmosClient(endpoint, key)
C. container_name = ‘MyContainer’
container = database.create_container_if_not_exists(
id=container_name, partition_key=PartitionKey(path=”/lastName”), offer_throughput=400 )
Selected Answer: B
Question #: 286
Topic #: 4
A development team is creating a new REST API. The API will store data in Azure Blob storage. You plan to deploy the API to Azure App Service.
Developers must access the Azure Blob storage account to develop the API for the next two months. The Azure Blob storage account must not be accessible by the developers after the two-month time period.
You need to grant developers access to the Azure Blob storage account.
What should you do?
A. Generate a shared access signature (SAS) for the Azure Blob storage account and provide the SAS to all developers.
B. Create and apply a new lifecycle management policy to include a last accessed date value. Apply the policy to the Azure Blob storage account.
C. Provide all developers with the access key for the Azure Blob storage account. Update the API to include the Coordinated Universal Time (UTC) timestamp for the request header.
D. Grant all developers access to the Azure Blob storage account by assigning role-based access control (RBAC) roles.
Selected Answer: A
Question #: 287
Topic #: 6
A company is developing a solution that allows smart refrigerators to send temperature information to a central location.
The solution must receive and store messages until they can be processed. You create an Azure Service Bus instance by providing a name, pricing tier, subscription, resource group, and location.
You need to complete the configuration.
Which Azure CLI or PowerShell command should you run?
A.
B.
C.
D.
Selected Answer: B
Question #: 290
Topic #: 2
You are developing a web application that runs as an Azure Web App. The web application stores data in Azure SQL Database and stores files in an Azure
Storage account. The web application makes HTTP requests to external services as part of normal operations.
The web application is instrumented with Application Insights. The external services are OpenTelemetry compliant.
You need to ensure that the customer ID of the signed in user is associated with all operations throughout the overall system.
What should you do?
A. Add the customer ID for the signed in user to the CorrelationContext in the web application
B. On the current SpanContext, set the TraceId to the customer ID for the signed in user
C. Set the header Ocp-Apim-Trace to the customer ID for the signed in user
D. Create a new SpanContext with the TraceFlags value set to the customer ID for the signed in user
Selected Answer: A
Question #: 291
Topic #: 5
You develop and deploy a web app to Azure App Service. The Azure App Service uses a Basic plan in a single region.
Users report that the web app is responding slow. You must capture the complete call stack to help identify performance issues in the code. Call stack data must be correlated across app instances. You must minimize cost and impact to users on the web app.
You need to capture the telemetry.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Restart all apps in the App Service plan.
B. Enable Application Insights site extensions.
C. Upgrade the Azure App Service plan to Premium.
D. Enable Profiler.
E. Enable the Always On setting for the app service.
F. Enable Snapshot debugger.
G. Enable remote debugging.
Selected Answer: BDE
Question #: 292
Topic #: 3
You develop a web application that provides access to legal documents that are stored on Azure Blob Storage with version-level immutability policies. Documents are protected with both time-based policies and legal hold policies. All time-based retention policies have the AllowProtectedAppendWrites property enabled.
You have a requirement to prevent the user from attempting to perform operations that would fail only when a legal hold is in effect and when all other policies are expired.
You need to meet the requirement.
Which two operations should you prevent? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. adding data to documents
B. deleting documents
C. creating documents
D. overwriting existing documents
Selected Answer: BD
Question #: 295
Topic #: 5
You are building an application to track cell towers that are available to phones in near real time. A phone will send information to the application by using the Azure Web PubSub service. The data will be processed by using an Azure Functions app. Traffic will be transmitted by using a content delivery network (CDN).
The Azure function must be protected against misconfigured or unauthorized invocations.
You need to ensure that the CDN allows for the Azure function protection.
Which HTTP header should be on the allowed list?
A. Authorization
B. WebHook-Request-Callback
C. Resource
D. WebHook-Request-Origin
Selected Answer: D
Question #: 296
Topic #: 4
You have a new Azure subscription. You are developing an internal website for employees to view sensitive data. The website uses Azure Active Directory (Azure
AD) for authentication.
You need to implement multifactor authentication for the website.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Configure the website to use Azure AD B2C.
B. In Azure AD, create a new conditional access policy.
C. Upgrade to Azure AD Premium.
D. In Azure AD, enable application proxy.
E. In Azure AD conditional access, enable the baseline policy.
Selected Answer: BC
Question #: 297
Topic #: 6
A large retail company operates online and physical stores. The company tracks inventory levels in real time to manage stock efficiently across all locations. You develop an Azure Event Grid solution to handle events generated by the inventory management system deployed to Azure.
You need to implement a subscription filter that dynamically adjusts to seasonal changes in product demand.
Which event filter should you use?
A. An advanced filter using a Boolean condition that evaluates multiple data fields, including a season field within the event data
B. A prefix filter on the event type field that matches the current season’s name
C. A subscription filter that uses label filter to include events tagged with seasonal promotional codes
D. A static subject filter that targets events with a subject ending in “/seasonal/inventory”
Selected Answer: A
Question #: 302
Topic #: 5
You are developing an Azure App Service web app.
The web app must securely store session information in Azure Redis Cache.
You need to connect the web app to Azure Redis Cache.
Which three Azure Redis Cache properties should you use? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Access key
B. SSL port
C. Subscription name
D. Location
E. Host name
F. Subscription id
Selected Answer: ABE
Question #: 307
Topic #: 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You develop an HTTP triggered Azure Function app to process Azure Storage blob data. The app is triggered using an output binding on the blob.
The app continues to time out after four minutes. The app must process the blob data.
You need to ensure the app does not time out and processes the blob data.
Solution: Update the functionTimeout property of the host.json project file to 10 minutes.
Does the solution meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 314
Topic #: 2
You are developing an Azure Durable Function to manage an online ordering process.
The process must call an external API to gather product discount information.
You need to implement the Azure Durable Function.
Which Azure Durable Function types should you use? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Orchestrator
B. Entity
C. Client
D. Activity
Selected Answer: AD
Question #: 315
Topic #: 3
You are developing an inventory tracking solution. The solution includes an Azure Function app containing multiple functions triggered by Azure Cosmos DB. You plan to deploy the solution to multiple Azure regions.
The solution must meet the following requirements:
• Item results from Azure Cosmos DS must return the most recent committed version of an item.
• Items written to Azure Cosmos DB must provide ordering guarantees.
You need to configure the consistency level for the Azure Cosmos DB deployments.
Which consistency level should you use?
A. consistent prefix
B. eventual
C. bounded staleness
D. strong
E. session
Selected Answer: D
Question #: 316
Topic #: 5
You have an Azure API Management (APIM) Standard tier instance named APIM1 that uses a managed gateway.
You plan to use APIM1 to publish an API named API1 that uses a backend database that supports only a limited volume of requests per minute. You also need a policy for API1 that will minimize the possibility that the number of requests to the backend database from an individual IP address you specify exceeds the supported limit.
You need to identify a policy for API1 that will meet the requirements.
Which policy should you use?
A. ip-filter
B. quota-by-key
C. rate-limit-by-key
D. rate-limit
Selected Answer: C
Question #: 317
Topic #: 4
You manage a data processing application that receives requests from an Azure Storage queue.
You need to manage access to the queue. You have the following requirements:
✑ Provide other applications access to the Azure queue.
✑ Ensure that you can revoke access to the queue without having to regenerate the storage account keys.
✑ Specify access at the queue level and not at the storage account level.
Which type of shared access signature (SAS) should you use?
A. Service SAS with a stored access policy
B. Account SAS
C. User Delegation SAS
D. Service SAS with ad hoc SAS
Selected Answer: A
Question #: 322
Topic #: 5
You develop a web application that sells access to last-minute openings for child camps that run on the weekends. The application uses Azure Application Insights for all alerting and monitoring.
The application must alert operators when a technical issue is preventing sales to camps.
You need to build an alert to detect technical issues.
Which alert type should you use?
A. Metric alert using multiple time series
B. Metric alert using dynamic thresholds
C. Log alert using multiple time series
D. Log alert using dynamic thresholds
Selected Answer: B
Question #: 341
Topic #: 3
You have a Linux container-based console application that uploads image files from customer sites all over the world. A back-end system that runs on Azure virtual machines processes the images by using the Azure Blobs API.
You are not permitted to make changes to the application.
Some customer sites only have phone-based internet connections.
You need to configure the console application to access the images.
What should you use?
A. Azure BlobFuse
B. Azure Disks
C. Azure Storage Network File System (NFS) 3.0 support
D. Azure Files
Selected Answer: A
Question #: 342
Topic #: 4
You develop a Python application for image rendering that uses GPU resources to optimize rendering processes. You deploy the application to an Azure
Container Instances (ACI) Linux container.
The application requires a secret value to be passed when the container is started. The value must only be accessed from within the container.
You need to pass the secret value.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Create an environment variable Set the secureValue property to the secret value.
B. Add the secret value to the container image. Use a managed identity.
C. Add the secret value to the application code Set the container startup command.
D. Add the secret value to an Azure Blob storage account. Generate a SAS token.
E. Mount a secret volume containing the secret value in a secrets file.
Selected Answer: AE
Question #: 345
Topic #: 5
You manage an Azure subscription that contains 100 Azure App Service web apps. Each web app is associated with an individual Application Insights instance.
You plan to remove Classic availability tests from all Application Insights instances that have this functionality configured.
You have the following PowerShell statement:
Get-AzApplicationInsightsWebTest | Where-Object { $condition }
You need to set the value of the $condition variable.
Which value should you use?
A. $_.Type -eq “ping”
B. $_.WebTestKind -eq “ping”
C. $_.WebTestKind -eq “standard”
D. $_.Type -eq “standard”
Selected Answer: B
Question #: 346
Topic #: 4
You are developing a user portal for a company.
You need to create a report for the portal that lists information about employees who are subject matter experts for a specific topic. You must ensure that administrators have full control and consent over the data.
Which technology should you use?
A. Microsoft Graph data connect
B. Microsoft Graph API
C. Microsoft Graph connectors
Selected Answer: A
Question #: 347
Topic #: 6
You are developing several Azure API Management (APIM) hosted APIs.
You must make several minor and non-breaking changes to one of the APIs. The API changes include the following requirements:
• Must not disrupt callers of the API.
• Enable roll back if you find issues.
• Documented to enable developers to understand what is new.
• Tested before publishing.
You need to update the API.
What should you do?
A. Configure and apply header-based versioning.
B. Create and publish a product.
C. Configure and apply a custom policy.
D. Add a new revision to the API.
E. Configure and apply query string-based versioning.
Selected Answer: D
Question #: 355
Topic #: 2
You are developing several microservices to run on Azure Container Apps. External HTTP ingress traffic has been enabled for the microservices.
The microservices must be deployed to the same virtual network and write logs to the same Log Analytics workspace.
You need to deploy the microservices.
What should you do?
A. Enable single revision mode.
B. Use a separate environment for each container.
C. Use a private container registry image and single image for all containers.
D. Use a single environment for all containers.
E. Enable multiple revision mode.
Selected Answer: D
Question #: 356
Topic #: 6
You are developing several microservices to run on Azure Container Apps for a company. External TCP ingress traffic from the internet has been enabled for the microservices.
The company requires that the microservices must scale based on an Azure Event Hub trigger.
You need to scale the microservices by using a custom scaling rule.
Which two Kubernetes Event-driven Autoscaling (KEDA) trigger fields should you use? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. metadata
B. type
C. authenticationRef
D. name
E. metricType
Selected Answer: AB
Question #: 357
Topic #: 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure App Service web app named WebApp1 and an Azure Functions app named Function1. WebApp1 is associated with an Application Insights instance named appinsights1.
You configure a web test and a corresponding alert for WebApp1 in appinsights1. Each alert triggers a delivery of email to your mailbox.
You need to ensure that each alert also triggers execution of Function1.
Solution: Configure an Application Insights smart detection.
Does the solution meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 369
Topic #: 3
A company uses an Azure Blob Storage for archiving.
The company requires that data in the Blob Storage is only in the archive tier.
You need to ensure data copied to the Blob Storage is moved to the archive tier.
What should you do?
A. Use a Put Block List operation with a request header of x-ms-immutability-policy-mode.
B. Create a lifecycle policy with an action of tierToArchive and configure daysAfterModificationGreaterThan for 0.
C. Use a Put Blob operation with a request header of x-ms-immutability-policy-until-date.
D. Create a lifecycle policy with an action of tierToArchive and configure a filter for blobIndexMatch.
Selected Answer: B
Question #: 370
Topic #: 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure App Service web app named WebApp1 and an Azure Functions app named Function1. WebApp1 is associated with an Application Insights instance named appinsights1.
You configure a web test and a corresponding alert for WebApp1 in appinsights1. Each alert triggers a delivery of email to your mailbox.
You need to ensure that each alert also triggers execution of Function1.
Solution: Configure an Application Insights funnel.
Does the solution meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 371
Topic #: 4
You are developing a web application that uses the Microsoft identity platform for user and resource authentication. The web application calls several REST APIs.
A REST API call must read the user’s calendar. The web application requires permission to send an email as the user.
You need to authorize the web application and the API.
Which parameter should you use?
A. tenant
B. code_challenge
C. state
D. client_id
E. scope
Selected Answer: E
Question #: 372
Topic #: 6
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are implementing an application by using Azure Event Grid to push near-real-time information to customers.
You have the following requirements:
• You must send events to thousands of customers that include hundreds of various event types.
• The events must be filtered by event type before processing.
• Authentication and authorization must be handled by using Microsoft Entra ID.
• The events must be published to a single endpoint.
You need to implement Azure Event Grid.
Solution: Publish events to a system topic. Create an event subscription for each customer.
Does the solution meet the goal?
A. Yes
B. No
Selected Answer: B