What Free AZ-304 Samples Is

NEW QUESTION 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named storage1. You plan to archive data to storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create an Azure Blob storage container, and you configure a legal hold access policy. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Use an Azure Blob storage container, but use a time-based retention policy instead of a legal hold. Note:
Immutable storage for Azure Blob storage enables users to store business-critical data objects in a WORM (Write Once, Read Many) state. This state makes the data non-erasable and non-modifiable for a
user-specified interval. For the duration of the retention interval, blobs can be created and read, but cannot be modified or deleted. Immutable storage is available for general-purpose v2 and Blob storage accounts in all Azure regions.
Note: Set retention policies and legal holds
* 1. Create a new container or select an existing container to store the blobs that need to be kept in the immutable state. The container must be in a general-purpose v2 or Blob storage account.
* 2. Select Access policy in the container settings. Then select Add policy under Immutable blob storage. Either
* 3a. To enable legal holds, select Add Policy. Select Legal hold from the drop-down menu. Or
* 3b. To enable time-based retention, select Time-based retention from the drop-down menu.
* 4. Enter the retention interval in days (acceptable values are 1 to 146000 days). Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutability-policies-manage

NEW QUESTION 2

Your company purchases an app named App1.
You plan to tun App1 on seven Azure virtual machines In an Availability Set. The number of fault domains is set to 3. The number of update domains is set to 20.
You need to identity how many App1 instances will remain available during a period of planned maintenance. How many Appl instances should you identify?

• A. 1
• B. 2
• C. 6
• D. 7

Answer: C

Explanation:
Only one update domain is rebooted at a time. Here there are 7 update domain with one VM each (and 13 update domain with no VM).
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability

NEW QUESTION 3

You have 100 servers that run Windows Server 2012 R2 and host Microsoft SQL Server 2012 R2 instances. The instances host databases that have the following characteristics:
The largest database is currently 3 TB. None of the databases will ever exceed 4 TB.
Stored procedures are implemented by using CLR.
You plan to move all the data from SQL Server to Azure.
You need to recommend an Azure service to host the databases. The solution must meet the following requirements:
Whenever possible, minimize management overhead for the migrated databases.
Minimize the number of database changes required to facilitate the migration.
Ensure that users can authenticate by using their Active Directory credentials.
What should you include in the recommendation?

• A. Azure SQL Database single databases
• B. Azure SQL Database Managed Instance
• C. Azure SQL Database elastic pools
• D. SQL Server 2016 on Azure virtual machines

Answer: B

Explanation:
References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance

NEW QUESTION 4

You need to recommend a notification solution for the IT Support distribution group. What should you include in the recommendation?

• A. Azure Network Watcher
• B. an action group
• C. a SendGrid account with advanced reporting
• D. Azure AD Connect Health

Answer: D

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-operations

NEW QUESTION 5

You need to recommend a solution for configuring the Azure Multi-Factor Authentication (MFA) settings. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-mfa-policy

NEW QUESTION 6

You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant. The subscription contains 10 resource groups, one for each department at your company. Each department has a specific spending limit for its Azure resources.
You need to ensure that when a department reaches its spending limit, the compute resources of the department shut down automatically.
Which two features should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. Azure Logic Apps
• B. Azure Monitor alerts
• C. the spending limit of an Azure account
• D. Cost Management budgets
• E. Azure Log Analytics alerts

Answer: CD

Explanation:
C: The spending limit in Azure prevents spending over your credit amount. All new customers who sign up for an Azure free account or subscription types that include credits over multiple months have the spending limit turned on by default. The spending limit is equal to the amount of credit and it can’t be changed.
D: Turn on the spending limit after removing
This feature is available only when the spending limit has been removed indefinitely for subscription types that include credits over multiple months. You can use this feature to turn on your spending limit automatically at the start of the next billing period.
Sign in to the Azure portal as the Account Administrator.
Search for Cost Management + Billing.
Etc.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/spending-limit

NEW QUESTION 7

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution. while others might not have a correct solution.
After you answer a question In this section, you will NOT be able to return to it As a result these questions will not appear In the review screen.
You have an on-premises Hyper-V cluster that hosts 20 virtual machines Some virtual machines run Windows Server 2016 and some run Linux
You plan to morale the virtual machine? to an Azure subscription
You need to recommend 9 solution 10 replicate the disks of the virtual machines to Azure. The solution must ensure that the virtual machines remain available during the migration of the disks.
Solution: You recommend implementing a Recovery Services vault and then using Azure Site Recovery. Dees this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
Site Recovery can replicate on-premises VMware VMs, Hyper-V VMs, physical servers (Windows and Linux), Azure Stack VMs to Azure.
Note: Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. Site Recovery replicates workloads running on physical and virtual machines (VMs) from a primary site to a secondary location. When an outage occurs at your primary site, you fail over to secondary location, and access apps from there. After the primary location is running again, you can fail back to it.
References:
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview

NEW QUESTION 8

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named Storage1. You plan to archive data to Storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create a file share, and you configure an access policy. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Instead of a file share, an immutable Blob storage is required.
Time-based retention policy support: Users can set policies to store data for a specified interval. When a time-based retention policy is set, blobs can be created and read, but not modified or deleted. After the retention period has expired, blobs can be deleted but not overwritten.
Note: Set retention policies and legal holds
* 1. Create a new container or select an existing container to store the blobs that need to be kept in the immutable state. The container must be in a general-purpose v2 or Blob storage account.
* 2. Select Access policy in the container settings. Then select Add policy under Immutable blob storage.
* 3. To enable time-based retention, select Time-based retention from the drop-down menu.
* 4. Enter the retention interval in days (acceptable values are 1 to 146000 days). References:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutability-policies-manage

NEW QUESTION 9

You are designing a message application that will run on an on-premises Ubuntu virtual machine. The application will use Azure Storage queues.
You need to recommend a processing solution for the application to interact with the storage queues. The solution must meet the following requirements:
Create and delete queues daily.
Be scheduled by using a CRON job.
Upload messages every five minutes.
What should developers use to interact with the queues?

• A. Azure CLI
• B. AzCopy
• C. Azure Data Factory
• D. .NET Core

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/storage/queues/storage-tutorial-queues

NEW QUESTION 10

You have an Azure Active Directory (Azure AD) tenant.
You plan to deploy Azure Cosmos DB databases that will use the SQL API.
You need to recommend a solution to provide specific Azure AD user accounts with read access to the Cosmos DB databases.
What should you include in the recommendation?

• A. a resource token and an Access control (IAM) role assignment
• B. shared access signatures (SAS) and conditional access policies
• C. master keys and Azure Information Protection policies
• D. certificates and Azure Key Vault

Answer: A

Explanation:
The Access control (IAM) pane in the Azure portal is used to configure role-based access control on Azure Cosmos resources. The roles are applied to users, groups, service principals, and managed identities in Active Directory. You can use built-in roles or custom roles for individuals and groups. The following screenshot shows Active Directory integration (RBAC) using access control (IAM) in the Azure portal:

Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/role-based-access-control

NEW QUESTION 11

You have an Azure subscription that contains resources in three Azure regions. You need to implement Azure Key Vault to meet the following requirements: D18912E1457D5D1DDCBD40AB3BF70D5D
In the event of a regional outage, all keys must be readable.
All the resources in the subscription must be able to access Key Vault.
The number of Key Vault resources to be deployed and managed must be minimized. How many instances of Key Vault should you implement?

• A. 1
• B. 2
• C. 3
• D. 6

Answer: A

Explanation:
The contents of your key vault are replicated within the region and to a secondary region at least 150 miles away but within the same geography. This maintains high durability of your keys and secrets. See the Azure paired regions document for details on specific region pairs.
Example: Secrets that must be shared by your application in both Europe West and Europe North. Minimize these as much as you can. Put these in a key vault in either of the two regions. Use the same URI from both regions. Microsoft will fail over the Key Vault service internally.
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidance

NEW QUESTION 12

You have an on-premises Hyper-V cluster. The cluster contains Hyper-V hosts that run Windows Server 2016 Datacenter. The hosts are licensed under a Microsoft Enterprise Agreement that has Software Assurance.
The Hyper-V cluster hosts 3 virtual machines that run Windows Server 2012 R2. Each virtual machine runs a different workload. The workloads have predictable consumption patterns.
You plan to replace the virtual machines with Azure virtual machines that run Windows Server 2016. The virtual machines will be sized according to the consumption pattern of each workload.
You need to recommend a solution to minimize the compute costs of the Azure virtual machines.
Which two recommendations should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. Purchase Azure Reserved Virtual Machine Instances for the Azure virtual machines
• B. Create a virtual machine scale set that uses autoscaling
• C. Configure a spending limit in the Azure account center
• D. Create a lab in Azure DevTest Labs and place the Azure virtual machines in the lab
• E. Activate Azure Hybrid Benefit for the Azure virtual machines

Answer: AE

Explanation:
Reference:
https://azure.microsoft.com/en-us/pricing/reserved-vm-instances/ https://docs.microsoft.com/en-us/azure/virtual-machines/windows/hybrid-use-benefit-licensing

NEW QUESTION 13

You need to recommend a data storage strategy for WebApp1. What should you include in in the recommendation?

• A. an Azure SQL Database elastic pool
• B. a vCore-baswl Azure SQL database
• C. an Azure virtual machine that runs SQL Server
• D. a fixed-size DTU AzureSQL database.

Answer: B

NEW QUESTION 14

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it As a result, these questions will not appear In the review screen.
You have an on-premises Hyper-V cluster that hosts 20 virtual machines. Some virtual machines run Windows Server 2016 and some run Linux.
You plan to migrate the virtual machines to an Azure subscription.
You need to recommend a solution to replicate the disks of the virtual machines to Azure. The solution must ensure that the virtual machines remain available during the migration of the disks.
Solution: You recommend implementing an Azure Storage account and then running AzCopy. Does this meet the goal?

• A. Yes
• B. NO

Answer: B

Explanation:
AzCopy only copy files, not the disks. Instead use Azure Site Recovery. References:
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview

NEW QUESTION 15

You are developing a web application that provides streaming video to users. You configure the application to use continuous integration and deployment.
The app must be highly available and provide a continuous streaming experience for users.
You need to recommend a solution that allows the application to store data in a geographical location that is closest to the user.
What should you recommend?

• A. Azure App Service Web Apps
• B. Azure App Service Isolated
• C. Azure Redis Cache
• D. Azure Content Delivery Network (CDN)

Answer: D

Explanation:
Azure Content Delivery Network (CDN) is a global CDN solution for delivering high-bandwidth content. It can be hosted in Azure or any other location. With Azure CDN, you can cache static objects loaded from Azure Blob storage, a web application, or any publicly accessible web server, by using the closest point of presence (POP) server. Azure CDN can also accelerate dynamic content, which cannot be cached, by leveraging various network and routing optimizations.
References:
https://docs.microsoft.com/en-in/azure/cdn/

NEW QUESTION 16

To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: 2
The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.
Box 2: 1
Box 3: 1
Scenario:
Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.
Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials. All administrative access to the Azure portal must be secured by using multi-factor authentication.
Note:
Users must always authenticate by using their corp.fabrikam.com UPN identity.
The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.
Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication.
Rd.fabrikam.com is used by the research and development (R&D) department only.

NEW QUESTION 17

You need to recommend a solution for protecting the content of the payment processing system. What should you include in the recommendation?

• A. Transparent Data Encryption (TDE)
• B. Azure Storage Service Encryption
• C. Always Encrypted with randomized encryption
• D. Always Encrypted with deterministic encryption

Answer: D

NEW QUESTION 18

You have an on-premises network that uses on IP address space of 172.16.0.0/16 You plan to deploy 25 virtual machines to a new azure subscription.
You identity the following technical requirements.
All Azure virtual machines must be placed on the same subnet subnet1.
All the Azure virtual machines must be able to communicate with all on premises severs.
The servers must be able to communicate between the on-premises network and Azure by using a site to site VPN.
You need to recommend a subnet design that meets the technical requirements.
What should you include in the recommendation? To answer, drag the appropriate network addresses to the correct subnet. Each network address may be used once, more than once or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 19

You need to recommend a solution for protecting the content of the back-end tier of the payment processing system.
What should you include in the recommendations?

• A. Always Encrypted with deterministic encryption
• B. Transparent Date Encryption (TDE)
• C. Azure Storage Service Encryption
• D. Always Encrypted with randomized encryption

Answer: A

NEW QUESTION 20

You need to design a resource governance solution for an Azure subscription. The solution must meet the following requirements:
Ensure that all ExpressRoute resources are created in a resource group named RG1.
Delegate the creation of the ExpressRoute resources to an Azure Active Directory (Azure AD) group named Networking.
Use the principle of least privilege.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: An Azure policy assignment at the subscription level that has an exclusion Box 2: A custom RBAC role assignment at the level of RG1
Azure role-based access control (Azure RBAC) is the authorization system you use to manage access to Azure resources. To grant access, you assign roles to users, groups, service principals, or managed identities at a particular scope.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage

NEW QUESTION 21

You are designing an Azure resource deployment that will use Azure Resource Manager templates. The deployment will use Azure Key Vault to store secrets.
You need to recommend a solution to meet the following requirements:
Prevent the IT staff that will perform the deployment from retrieving the secrets directly from Key Vault. Use the principle of least privilege.
Which two actions should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. Create a Key Vault access policy that allows all get key permissions, get secret permissions, and get certificate permissions.
• B. From Access policies in Key Vault, enable access to the Azure Resource Manager for template deployment.
• C. Create a Key Vault access policy that allows all list key permissions, list secret permissions, and list certificate permissions.
• D. Assign the IT staff a custom role that includes the Microsoft.KeyVault/Vaults/Deploy/Action permission.
• E. Assign the Key Vault Contributor role to the IT staff.

Answer: BD

Explanation:
B: To access a key vault during template deployment, set enabledForTemplateDeployment on the key vault to true.
D: The user who deploys the template must have the Microsoft.KeyVault/vaults/deploy/action permission for the scope of the resource group and key vault.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/key-vault-parameter https://docs.microsoft.com/en-us/azure/key-vault/general/overview-security

NEW QUESTION 22

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Storage v2 account named Storage1. You plan to archive data to Storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.
Solution: You create a file share and snapshots. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Instead you could create an Azure Blob storage container, and you configure a legal hold access policy. References:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage

NEW QUESTION 23

You have 70 TB of files on your on-premises file server.
You need to recommend solution for importing data to Azure. The solution must minimize cost. What Azure service should you recommend?

• A. Azure StorSimple
• B. Azure Batch
• C. Azure Data Box
• D. Azure Stack

Answer: C

Explanation:
Microsoft has engineered an extremely powerful solution that helps customers get their data to the Azure public cloud in a cost-effective, secure, and efficient manner with powerful Azure and machine learning at play. The solution is called Data Box.
Data Box and is in general availability status. It is a rugged device that allows organizations to have 100 TB of capacity on which to copy their data and then send it to be transferred to Azure.
Reference:
https://www.vembu.com/blog/what-is-microsoft-azure-data-box-disk-edge-heavy-gateway-overview/

NEW QUESTION 24
......