If you’re looking to advance your abilities and gain certification as an Azure Solutions Architect, the AZ-304 is a great option. There are two main instances in which this qualification would be very beneficial to you.
Question 1
You need to create an Azure Storage account that uses a custom encryption key.
What do you need to implement the encryption?
A. a certificate issued by an integrated certification authority (CA) and stored in Azure Key Vault
B. a managed identity that is configured to access the storage account
C. an Azure Active Directory Premium subscription
D. an Azure key vault in the same Azure region as the storage account
Answer : A
Question 2
HOTSPOT –
You plan to create an Azure environment that will have a root management group and five child management groups. Each child management group will contain five Azure subscriptions. You plan to have between 10 and 30 resource groups in each subscription.
You need to design a solution for the planned environment. The solution must meet the following requirements:
Prevent users who are assigned the Owner role for the subscriptions from deleting the resource groups from their respective subscription.
✑ Ensure that you can update RBAC role assignments across all the subscriptions and resource groups.
✑ Minimize administrative effort.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
Question 3
Your company has the divisions shown in the following table.
Sub1 contains an Azure web app that runs an ASP.NET application named App1. App1 uses the Microsoft identity platform (v2.0) to handle user authentication.
Users from east.contoso.com can authenticate to App1.
You need to recommend a solution to allow users from west.contoso.com to authenticate to App1.
What should you recommend for the west.contoso.com Azure AD tenant?
A. a conditional access policy
B. pass-through authentication
C. guest accounts
D. an app registration
Answer : D
Question 4
You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group1. Group1 is configured for assigned membership. Group1 has 50 members, including 20 guest users.
You need to recommend a solution for evaluating the membership of Group1. The solution must meet the following requirements:
✑ The evaluation must be repeated automatically every three months.
✑ Every member must be able to report whether they need to be in Group1.
✑ Users who report that they do not need to be in Group1 must be removed from Group1 automatically.
✑ Users who do not report whether they need to be in Group1 must be removed from Group1 automatically.
What should you include in the recommendation?
A. Change the Membership type of Group1 to Dynamic User.
B. Implement Azure AD Privileged Identity Management.
C. Implement Azure AD Identity Protection.
D. Create an access review.
Answer : A
Question 5
Your company purchases an app named App1.
You need to recommend a solution to ensure that App1 can read and modify access reviews.
What should you recommend?
A. From API Management services, publish the API of App1, and then delegate permissions to the Microsoft Graph API.
B. From the Azure Active Directory admin center, register App1. From the Access control (IAM) blade, delegate permissions.
C. From the Azure Active Directory admin center, register App1, and then delegate permissions to the Microsoft Graph API.
D. From API Management services, publish the API of App1. From the Access control (IAM) blade, delegate permissions.
Answer : B
Question 6
You have 200 resource groups across 20 Azure subscriptions.
Your companyג€™s security policy states that the security administrator must verify all assignments of the Owner role for the subscriptions and resource groups once a month. All assignments that are not approved by the security administrator must be removed automatically. The security administrator must be prompted every month to perform the verification.
What should you use to implement the security policy?
A. Identity Secure Score in Azure Security Center
B. Access reviews in Identity Governance
C. the user risk policy in Azure Active Directory (Azure AD) Identity Protection
D. role assignments in Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
Answer : B
Question 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use Azure Network Watcher to run IP flow verify to analyze the network traffic.
Does the solution meet the goal?
A. Yes
B. No
Answer : A
Question 8
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs.
Solution: Use the Azure Advisor to analyze the network traffic.
Does the solution meet the goal?
A. Yes
B. No
Answer : B
Question 9
You have 500 Azure web apps in the same Azure region. The apps use a premium Azure key vault for authentication.
A developer reports that some authentication requests are being throttled.
You need to recommend a solution to increase the available throughput of the key vault. The solution must minimize costs.
What should you recommend?
A. Change the pricing tier.
B. Configure geo-replication.
C. Configure load balancing for the apps.
D. Increase the number of key vaults in the subscription.
Answer : D
Question 10
HOTSPOT –
You have an Azure Active Directory (Azure AD) tenant.
You plan to use Azure Monitor to monitor user sign-ins and generate alerts based on specific user sign-in events.
You need to recommend a solution to trigger the alerts based on the events.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
Conclusion
SPOTO dumps will be the most beneficial option for people who need aid with their preparation. When you take the SPOTO Dumps Exam using our Verified Exam Questions, you’ll notice that every question on the test matches to the SPOTO Dumps.
Comments