Recommend!!

Get the Full AZ-304 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AZ-304-exam-dumps.html (0 New Questions)

Microsoft
Exam Questions AZ-304
Microsoft Azure Architect Design (beta)

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full AZ-304 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AZ-304-exam-dumps.html (0 New Questions)

NEW QUESTION 1
- (Exam Topic 1)
You design a solution for the web tier of WebApp1 as shown in the exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Box 1: Yes
Any new deployments to Azure must be redundant in case an Azure region fails.
Traffic Manager uses DNS to direct client requests to the most appropriate service endpoint based on a
traffic-routing method and the health of the endpoints. An endpoint is any Internet-facing service hosted inside or outside of Azure. Traffic Manager provides a
range of traffic-routing methods and endpoint monitoring options to suit different application needs and automatic failover models. Traffic Manager is resilient to
failure, including the failure of an entire Azure region.
Box 2: Yes
Recent changes in Azure brought some significant changes in autoscaling options for Azure Web Apps (i.e. Azure App Service to be precise as scaling happens
on App Service plan level and has effect on all Web Apps running in that App Service plan).
Box 3: No
Traffic Manager provides a range of traffic-routing methods and endpoint monitoring options to suit different application needs and automatic failover models.
Traffic Manager is resilient to failure, including the failure of an entire Azure region.
Reference:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview https://blogs.msdn.microsoft.com/hsirtl/2017/07/03/autoscaling-azure-web-apps/

NEW QUESTION 2
- (Exam Topic 1)
You need to recommend a strategy for the web tier of WebApp1. The solution must minimize What should you recommend?

A. Create a runbook that resizes virtual machines automatically to a smaller size outside of business hours.
B. Configure the Scale Up settings for a web app.
C. Deploy a virtual machine scale set that scales out on a 75 percent CPU threshold.
D. Configure the Scale Out settings for a web app.

Answer: D

NEW QUESTION 3
- (Exam Topic 1)
You need to recommend a data storage strategy for WebApp1. What should you include in in the recommendation?

A. an Azure SQL Database elastic pool

B. a vCore-baswl Azure SQL database
C. an Azure virtual machine that runs SQL Server
D. a fixed-size DTU AzureSQL database.

Answer: B

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full AZ-304 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AZ-304-exam-dumps.html (0 New Questions)

NEW QUESTION 4
- (Exam Topic 1)
To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Box 1: 2
The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.
Box 2: 1
Box 3: 1
Scenario:
Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.
Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials. All administrative access to the Azure portal must be
secured by using multi-factor authentication.
Note:
Users must always authenticate by using their corp.fabrikam.com UPN identity.
The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.
Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication.
Rd.fabrikam.com is used by the research and development (R&D) department only.

NEW QUESTION 5
- (Exam Topic 2)
You need to recommend a backup solution for the data store of the payment processing. What should you include in the recommendation?

A. Microsoft System Center Data Protection Manager (DPM)

B. long-term retention
C. a Recovery Services vault
D. Azure Backup Server

Answer: B

Explanation:

References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-long-term-backup-retention-configure

NEW QUESTION 6
- (Exam Topic 2)
You need to recommend a solution for configuring the Azure Multi-Factor Authentication (MFA) settings. What should you include in the recommendation? To
answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full AZ-304 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AZ-304-exam-dumps.html (0 New Questions)

A. Mastered
B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy https://docs.microsoft.com/en-us/azure/active-directory/identity-
protection/howto-mfa-policy

NEW QUESTION 7
- (Exam Topic 3)
You have 70 TB of files on your on-premises file server.
You need to recommend solution for importing data to Azure. The solution must minimize cost. What Azure service should you recommend?

A. Azure StorSimple
B. Azure Batch
C. Azure Data Box
D. Azure Stack

Answer: C

Explanation:
Microsoft has engineered an extremely powerful solution that helps customers get their data to the Azure public cloud in a cost-effective, secure, and efficient
manner with powerful Azure and machine learning at play. The solution is called Data Box.
Data Box and is in general availability status. It is a rugged device that allows organizations to have 100 TB of capacity on which to copy their data and then send it
to be transferred to Azure.
Reference:
https://www.vembu.com/blog/what-is-microsoft-azure-data-box-disk-edge-heavy-gateway-overview/

NEW QUESTION 8
- (Exam Topic 3)
You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
• Provide access to the full .NET framework.
• Provide redundancy if an Azure region fails.
• Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy an Azure virtual machine to two Azure regions, and you deploy an Azure Application Gateway.
Does this meet the goal?

A. Yes
B. No

Answer: B

Explanation:
You need to deploy two Azure virtual machines to two Azure regions, but also create a Traffic Manager profile.

NEW QUESTION 9
- (Exam Topic 3)
You are designing a storage solution that will use Azure Blob storage. The data will be stored in a cool access tier or an archive access tier based on the access

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full AZ-304 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AZ-304-exam-dumps.html (0 New Questions)

patterns of the data.

You identify the following types of infrequently accessed data: Telemetry data: Deleted after two years D18912E1457D5D1DDCBD40AB3BF70D5D
Promotional material: Deleted after 14 days
Virtual machine audit data: Deleted after 200 days
A colleague recommends using the archive access tier to store the data. Which statement accurately describes the recommendation?

A. Storage costs will be based on a minimum of 30 days.

B. Access to the data is guaranteed within five minutes.
C. Access to the data is guaranteed within 30 minutes.
D. Storage costs will be based on a minimum of 180 days.

Answer: D

Explanation:
The following table shows a comparison of premium performance block blob storage, and the hot, cool, and archive access tiers.

Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers

NEW QUESTION 10
- (Exam Topic 3)
You are designing a large Azure environment that will contain many subscriptions. You plan to use Azure Policy as part of a governance solution.
To which three scopes can you assign Azure Policy definitions? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. management groups
B. subscriptions
C. Azure Active Directory (Azure AD) tenants
D. resource groups
E. Azure Active Directory (Azure AD) administrative units
F. compute resources

Answer: ABD

Explanation:
Azure Policy evaluates resources in Azure by comparing the properties of those resources to business rules. Once your business rules have been formed, the
policy definition or initiative is assigned to any scope of resources that Azure supports, such as management groups, subscriptions, resource groups, or individual
resources.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview

NEW QUESTION 10
- (Exam Topic 3)

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full AZ-304 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AZ-304-exam-dumps.html (0 New Questions)

You are designing an Azure resource deployment that will use Azure Resource Manager templates. The deployment will use Azure Key Vault to store secrets.
You need to recommend a solution to meet the following requirements:
Prevent the IT staff that will perform the deployment from retrieving the secrets directly from Key Vault. Use the principle of least privilege.
Which two actions should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Create a Key Vault access policy that allows all get key permissions, get secret permissions, and get certificate permissions.
B. From Access policies in Key Vault, enable access to the Azure Resource Manager for template deployment.
C. Create a Key Vault access policy that allows all list key permissions, list secret permissions, and list certificate permissions.
D. Assign the IT staff a custom role that includes the Microsoft.KeyVault/Vaults/Deploy/Action permission.
E. Assign the Key Vault Contributor role to the IT staff.

Answer: BD

Explanation:
B: To access a key vault during template deployment, set enabledForTemplateDeployment on the key vault to true.
D: The user who deploys the template must have the Microsoft.KeyVault/vaults/deploy/action permission for the scope of the resource group and key vault.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/key-vault-parameter https://docs.microsoft.com/en-us/azure/key-vault/general/overview-
security

NEW QUESTION 15
- (Exam Topic 3)
You have an Azure Active Directory (Azure AD) tenant.
You plan to provide users with access to shared files by using Azure Storage. The users will be provided with different levels of access to various Azure file shares
based on their user account or their group membership.
You need to recommend which additional Azure services must be used to support the planned deployment. What should you include in the recommendation?

A. an Azure AD enterprise application

B. Azure Information Protection
C. an Azure AD Domain Services (Azure AD DS) instance
D. an Azure Front Door instance

Answer: C

Explanation:
Azure Filessupports identity-based authentication over Server Message Block (SMB) throughtwo types of Domain Services: on-premises Active Directory Domain
Services (AD DS) and Azure Active Directory Domain Services (Azure AD DS).
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service

NEW QUESTION 16
- (Exam Topic 3)
You have an Azure subscription that contains resources in three Azure regions. You need to implement Azure Key Vault to meet the following requirements:
D18912E1457D5D1DDCBD40AB3BF70D5D
In the event of a regional outage, all keys must be readable.
All the resources in the subscription must be able to access Key Vault.
The number of Key Vault resources to be deployed and managed must be minimized. How many instances of Key Vault should you implement?

A. 1
B. 2
C. 3
D. 6

Answer: A

Explanation:
The contents of your key vault are replicated within the region and to a secondary region at least 150 miles away but within the same geography. This maintains
high durability of your keys and secrets. See the Azure paired regions document for details on specific region pairs.
Example: Secrets that must be shared by your application in both Europe West and Europe North. Minimize these as much as you can. Put these in a key vault in
either of the two regions. Use the same URI from both regions. Microsoft will fail over the Key Vault service internally.
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidance

NEW QUESTION 21
- (Exam Topic 3)
You need to design a solution that will execute custom C# code in response to an event routed to Azure Event Grid. The solution must meet the following
requirements:
The executed code must be able to access the private IP address of a Microsoft SQL Server instance that runs on an Azure virtual machine.
Costs must be minimized.
What should you include in the solution?

A. Azure Logic Apps in the integrated service environment

B. Azure Functions in the Dedicated plan and the Basic Azure App Service plan
C. Azure Logic Apps in the Consumption plan
D. Azure Functions in the Consumption plan

Answer: D

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full AZ-304 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AZ-304-exam-dumps.html (0 New Questions)

Explanation:
When you create a function app in Azure, you must choose a hosting plan for your app. There are three basic hosting plans available for Azure Functions:
Consumption plan, Premium plan, and Dedicated (App Service) plan.
For the Consumption plan, you don't have to pay for idle VMs or reserve capacity in advance. Connect to private endpoints with Azure Functions
As enterprises continue to adopt serverless (and Platform-as-a-Service, or PaaS) solutions, they often need a way to integrate with existing resources on a virtual
network. These existing resources could be databases, file storage, message queues or event streams, or REST APIs.
Reference:
https://docs.microsoft.com/en-us/azure/azure-functions/functions-scale https://techcommunity.microsoft.com/t5/azure-functions/connect-to-private-endpoints-with-
azure-functions/ba-p

NEW QUESTION 25
- (Exam Topic 3)
Your company purchases an app named App1.
You plan to tun App1 on seven Azure virtual machines In an Availability Set. The number of fault domains is set to 3. The number of update domains is set to 20.
You need to identity how many App1 instances will remain available during a period of planned maintenance. How many Appl instances should you identify?

A. 1
B. 2
C. 6
D. 7

Answer: C

Explanation:
Only one update domain is rebooted at a time. Here there are 7 update domain with one VM each (and 13 update domain with no VM).
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability

NEW QUESTION 29
- (Exam Topic 3)
Your company has users who work remotely from laptops.
You plan to move some of the applications accessed by the remote users to Azure virtual machines. The users will access the applications in Azure by using a
point-to-site VPN connection. You will use certificates generated from an on-premises-based certification authority (CA).
You need to recommend which certificates are required for the deployment.
What should you include in the recommendation? To answer, drag the appropriate certificates to the correct targets. Each certificate may be used once, more than
once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 32
- (Exam Topic 3)
You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full AZ-304 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AZ-304-exam-dumps.html (0 New Questions)

• Provide access to the full .NET framework.

• Provide redundancy if an Azure region fails.
• Grant administrators access to the operating system to install custom application dependencies. Solution: You deploy a web app in an Isolated App Service plan.
Does this meet the goal?

A. Yes
B. No

Answer: B

Explanation:
Instead, you should deploy an Azure virtual machine to two Azure regions, and you create a Traffic Manager profile.

NEW QUESTION 36
- (Exam Topic 3)
Your company is designing a multi-tenant application that will use elastic pools and Azure SQL databases. The application will be used by 30 customers.
You need to design a storage solution for the application. The solution must meet the following requirements:
Operational costs must be minimized.
All customers must have their own database.
The customer databases will be in one of the following three Azure regions: East US, North Europe, or South Africa North.
What is the minimum number of elastic pools and Azure SQL Database servers required? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

A. Mastered
B. Not Mastered

Answer: A

Explanation:
Box 1: 3
The server, its pools & databases must be in the same Azure region under the same subscription. Box 2: 3
A server can have up to 5000 databases associated to it.
Reference:
https://vincentlauzon.com/2016/12/18/azure-sql-elastic-pool-overview/

NEW QUESTION 37
- (Exam Topic 3)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the
stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named storage1. You plan to archive data to storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create an Azure Blob storage container, and you configure a legal hold access policy. Does this meet the goal?

A. Yes
B. No

Answer: B

Explanation:
Use an Azure Blob storage container, but use a time-based retention policy instead of a legal hold. Note:
Immutable storage for Azure Blob storage enables users to store business-critical data objects in a WORM (Write Once, Read Many) state. This state makes the
data non-erasable and non-modifiable for a
user-specified interval. For the duration of the retention interval, blobs can be created and read, but cannot be modified or deleted. Immutable storage is available
for general-purpose v2 and Blob storage accounts in all Azure regions.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full AZ-304 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AZ-304-exam-dumps.html (0 New Questions)

Note: Set retention policies and legal holds

* 1. Create a new container or select an existing container to store the blobs that need to be kept in the immutable state. The container must be in a general-
purpose v2 or Blob storage account.
* 2. Select Access policy in the container settings. Then select Add policy under Immutable blob storage. Either
* 3a. To enable legal holds, select Add Policy. Select Legal hold from the drop-down menu. Or
* 3b. To enable time-based retention, select Time-based retention from the drop-down menu.
* 4. Enter the retention interval in days (acceptable values are 1 to 146000 days). Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-
immutability-policies-manage

NEW QUESTION 38
......

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full AZ-304 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AZ-304-exam-dumps.html (0 New Questions)

Thank You for Trying Our Product

We offer two products:

1st - We have Practice Tests Software with Actual Exam Questions

2nd - Questons and Answers in PDF Format

AZ-304 Practice Exam Features:

* AZ-304 Questions and Answers Updated Frequently

* AZ-304 Practice Questions Verified by Expert Senior Certified Staff

* AZ-304 Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* AZ-304 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

100% Actual & Verified — Instant Download, Please Click

Order The AZ-304 Practice Test Here

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Powered by TCPDF (www.tcpdf.org)