Preparing for the AZ-304 Microsoft Azure Architect Design exam? Check out the latest AZ-304 exam dumps questions and practice tests SPOTO offered, which are the top choice to gain success in the AZ-304 exam. Start with the ten questions below!
QUESTION 1
You have an Azure subscription that contains an Azure SQL database named DB1. Several queries that query the data in DB1 take a long time to execute.
You need to recommend a solution to identify the queries that take the longest to execute. What should you include in the recommendation?
A. SQL Database Advisor
B. Azure Monitor
C. Performance Recommendations
D. Query Performance Insight
Correct Answer: D
QUESTION 2
You have an on-premises Hyper-V cluster. The cluster contains Hyper-V hosts that run Windows Server 2016 Datacenter. The hosts are licensed under a Microsoft Enterprise Agreement that has Software Assurance. The Hyper-V cluster contains 30 virtual machines that run Windows Server 2012 R2. Each virtual machine runs a different workload. The workloads have predictable consumption patterns.
You plan to replace the virtual machines with Azure virtual machines that run Windows Server 2016. The virtual machines will be sized according to the consumption pattern of each workload. It would help if you recommended a solution to minimize the compute costs of the Azure virtual machines.
Which two recommendations should you include in the solution? Each correct answer presents part of the solution. NOTE: Each right selection is worth one point.
A. Configure a spending limit in the Azure account center.
B. Create a virtual machine scale set that uses autoscaling.
C. Activate Azure Hybrid Benefit for the Azure virtual machines.
D. Purchase Azure Reserved Virtual Machine Instances for the Azure virtual machines.
E. Create a lab in Azure DevTest Labs and place the Azure virtual machines in the lab.
Correct Answer: CD
QUESTION 3
A company has a hybrid ASP.NET Web API application based on a software (SaaS) offering.
Users report general issues with the data. You advise the company to implement live monitoring and use ad hoc queries on stored JSON data. You also advise the company to set up smart alerting to detect anomalies in the data. You need to recommend a solution to set up smart alerting.
What should you recommend?
A. Azure Site Recovery and Azure Monitor Logs
B. Azure Data Lake Analytics and Azure Monitor Logs
C. Azure Application Insights and Azure Monitor Logs
D. Azure Security Center and Azure Data Lake Store
Correct Answer: C
QUESTION 4
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant. The subscription contains ten resource groups, one for each department at your company. Each department has a specific spending limit for its Azure resources.
You need to ensure that when a department reaches its spending limit, the compute resources of the department shut down automatically. Which two features should you include in the solution? Each correct answer presents part of the solution.
Note: Each correct selection is worth one point.
A. Azure Logic Apps
B. Azure Monitor alerts
C. the spending limit of an Azure account
D. Cost Management budgets
E. Azure Log Analytics alerts
Correct Answer: AD
QUESTION 5
You have an Azure Active Directory (Azure AD) tenant.
You plan to deploy Azure Cosmos DB databases that will use the SQL API.
You need to recommend a solution to provide specific Azure AD user accounts with reading access to the Cosmos DB databases. What should you include in the recommendation?
A. shared access signatures (SAS) and conditional access policies
B. certificates and Azure Key Vault
C. a resource token and Access control (IAM) role assignment
D. master keys and Azure Information Protection policies
QUESTION 6
You are designing an Azure resource deployment that will use Azure Resource Manager templates. The deployment will use Azure Key Vault to store secrets. It would help if you recommended a solution to meet the following requirements:
Prevent the IT staff that will perform the deployment from retrieving the secrets directly from Key Vault. Use the principle of least privilege.
Which two actions should you recommend? Each correct answer presents part of the solution. NOTE: Each right selection is worth one point.
A. Create a Key Vault access policy that allows all to get key permissions, get secret permissions, and get certificate permissions.
B. From Access policies in Key Vault, enable access to the Azure Resource Manager for template deployment.
C. Create a Key Vault access policy that allows all list key permissions, secret list permissions, and list certificate permissions.
D. Assign the IT staff a custom role that includes Microsoft.KeyVault/Vaults/Deploy/Action permission.
E. Assign the Key Vault Contributor role to the IT staff.
Correct Answer: BD
QUESTION 7
You have an Azure subscription that contains resources in three Azure regions. You need to implement Azure Key Vault to meet the following requirements:
In the event of a regional outage, all keys must be readable.
All the resources in the subscription must be able to access Key Vault.
The number of Key Vault resources to be deployed and managed must be minimized. How many instances of Key Vault should you implement?
A. 1
B. 2
C. 3
D. 6
Correct Answer: C
QUESTION 8
You have an Azure Active Directory (Azure AD) tenant.
You plan to provide users with access to shared files by using Azure Storage. The users will be provided with different levels of access to various Azure file shares based on their user account or their group membership. You need to recommend which additional Azure services must be used to support the planned deployment.
What should you include in the recommendation?
A. an Azure AD enterprise application
B. Azure Information Protection
C. an Azure AD Domain Services (Azure AD DS) instance
D. an Azure Front Door instance
Correct Answer: C
QUESTION 9
You have an Azure subscription that contains a custom application named Application1. Application1 was developed by an external company named Fabrikam, Ltd. Developers at Fabrikam were assigned role-based access control (RBAC) permissions to the Application1 components. All users are licensed for the Microsoft 365 E5 plan.
You need to recommend a solution to verify whether the Fabrikam developers still require permissions to Application1. The solution must meet the following requirements:
- To the manager of the developers, send a monthly email message that lists the access permissions to Application1.
- If the manager does not verify access permission, automatically revoke that permission.
- Minimize development effort.
What should you recommend?
A. Create an Azure Automation runbook that runs the GetAzureADUserAppRoleAssignment cmdlet.
B. Create an Azure Automation runbook that runs the GetAzureRoleAssignment cmdlet.
C. In Azure Active Directory (Azure AD), create an access review of Application1.
D. In Azure Active Directory (AD) Privileged Identity Management, create a custom role assignment for the Application1 resources.
Correct Answer: C
QUESTION 10
You are designing a large Azure environment that will contain many subscriptions. You plan to use Azure Policy as part of a governance solution.
To which three scopes can you assign Azure Policy definitions? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. management groups
B. subscriptions
C. Azure Active Directory (Azure AD) tenants
D. resource groups
E. Azure Active Directory (Azure AD) administrative units
F. compute resources
Correct Answer: ABD
In Conclusion
The Microsoft AZ-304 exam is the ultimate source to keep your credentials updated. You can clear the Microsoft Azure Architect Design Exam quickly with Actual AZ-304 exam dumps and questions offered at SPOTO.
Comments