[May-2021]Real Exam Questions-Braindump2go AZ-204 Exam VCE and AZ-204 PDF AZ-204 349 Download[Q226-Q237]

May/2021 Latest Braindump2go AZ-204 Exam Dumps with PDF and VCE Free Updated Today! Following are some new AZ-204 Real Exam Questions!

QUESTION 226
You are developing a web application that runs as an Azure Web App. The web application stores data in Azure SQL Database and stores files in an Azure Storage account. The web application makes HTTP requests to external services as part of normal operations.
The web application is instrumented with Application Insights. The external services are OpenTelemetry compliant.
You need to ensure that the customer ID of the signed in user is associated with all operations throughout the overall system.
What should you do?

A. Create a new SpanContext with the TraceRags value set to the customer ID for the signed in user.
B. On the current SpanContext, set the Traceld to the customer ID for the signed in user.
C. Add the customer ID for the signed in user to the CorrelationContext in the web application.
D. Set the header Ocp-Apim-Trace to the customer ID for the signed in user.

Answer: D

QUESTION 227
You develop and deploy an Azure Logic app thai calls an Azure Function app. The Azure Function app includes an OpenAPl (Swagger) definition and uses an Azure Blob storage account. All resources are secured by using Azure Active Directory (Azure AD).
The Azure Logic app must securely access the Azure Blob storage account. Azure AD resources must remain if the Azure Logic app is deleted.
You need to secure the Azure Logic app.
What should you do?

A. Create an Azure AD custom role and assign role-based access controls.
B. Create an Azure AD custom role and assign the role to the Azure Blob storage account.
C. Create an Azure Key Vault and issue a client certificate.
D. Create a user-assigned managed identity and assign role-based access controls.
E. Create a system-assigned managed identity and issue a client certificate.

Answer: C

QUESTION 228
You develop a solution that uses Azure Virtual Machines (VMs).
The VMs contain code that must access resources in an Azure resource group.
You grant the VM access to the resource group in Resource Manager.
You need to obtain an access token that uses the VMs system-assigned managed identity.
Which two actions should you perform? Each correct answer presents part of the solution.

A. Use PowerShell on a remote machine to make a request to the local managed identity for Azure resources endpoint.
B. Use PowerShell on the VM to make a request to the local managed identity for Azure resources endpoint.
C. From the code on the VM. call Azure Resource Manager using an access token.
D. From the code on the VM. call Azure Resource Manager using a SAS token.
E. From the code on the VM. generate a user delegation SAS token.

Answer: BC

QUESTION 229
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You develop and deploy an Azure App Service API app to a Windows-hosted deployment slot named Development. You create additional deployment slots named Testing and Production. You enable auto swap on the Production deployment slot.
You need to ensure that scripts run and resources are available before a swap operation occurs.
Solution: Update the app with a method named statuscheck to run the scripts. Update the app settings for the app. Set the WEBSITE_SWAP_WARMUP_PING_PATH and WEBSITE_SWAP_WARMUP_PING_STATUSES with a path to the new method and appropriate response codes.
Does the solution meet the goal?

A. Yes
B. No

Answer: B
Explanation:
Instead update the web.config file to include the applicationInitialization configuration element. Specify custom initialization actions to run the scripts.
Note: Some apps might require custom warm-up actions before the swap.
The applicationInitialization configuration element in web.config lets you specify custom initialization actions. The swap operation waits for this custom warm-up to finish before swapping with the target slot. Here’s a sample web.config fragment.
< system.webServer>
< applicationInitialization>
< add initializationPage=”/” hostName=”[app hostname]” />
< add initializationPage=”/Home/About” hostName=”[app hostname]” />
< /applicationInitialization>
< /system.webServer>
Reference:
https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots#troubleshoot-swaps

QUESTION 230
You have an existing Azure storage account that stores large volumes of data across multiple containers.
You need to copy all data from the existing storage account to a new storage account. The copy process must meet the following requirements:
– Automate data movement.
– Minimize user input required to perform the operation.
– Ensure that the data movement process is recoverable.
What should you use?

A. AzCopy
B. Azure Storage Explorer
C. Azure portal
D. .NET Storage Client Library

Answer: A
Explanation:
You can copy blobs, directories, and containers between storage accounts by using the AzCopy v10 command-line utility.
The copy operation is synchronous so when the command returns, that indicates that all files have been copied.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-blobs-copy

QUESTION 231
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are developing a website that will run as an Azure Web App. Users will authenticate by using their Azure Active Directory (Azure AD) credentials.
You plan to assign users one of the following permission levels for the website: admin, normal, and reader. A user’s Azure AD group membership must be used to determine the permission level.
You need to configure authorization.
Solution: Configure and use Integrated Windows Authentication in the website.
In the website, query Microsoft Graph API to load the group to which the user is a member.
Does the solution meet the goal?

A. Yes
B. No

Answer: B
Explanation:
Microsoft Graph is a RESTful web API that enables you to access Microsoft Cloud service resources.
Instead in the Azure AD application’s manifest, set value of the groupMembershipClaims option to All. In the website, use the value of the groups claim from the JWT for the user to determine permissions.
Reference:
https://blogs.msdn.microsoft.com/waws/2017/03/13/azure-app-service-authentication-aad-groups/

QUESTION 232
Hotspot Question
You have a single page application (SPA) web application that manages information based on data returned by Microsoft Graph from another company’s Azure Active Directory (Azure AD) instance.
Users must be able to authenticate and access Microsoft Graph by using their own company’s Azure AD instance.
You need to configure the application manifest for the app registration.
How should you complete the manifest? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

QUESTION 233
Hotspot Question
You are developing an application that uses a premium block blob storage account. You are optimizing costs by automating Azure Blob Storage access tiers.
You apply the following policy rules to the storage account. You must determine the implications of applying the rules to the data. (Line numbers are included for reference only.)

What you should do? To answer, select the appropriate options in the answer area.

Answer:

QUESTION 234
Hotspot Question
You are building a website that is used to review restaurants. The website will use an Azure CDN to improve performance and add functionality to requests.
You build and deploy a mobile app for Apple iPhones. Whenever a user accesses the website from an iPhone, the user must be redirected to the app store.
You need to implement an Azure CDN rule that ensures that iPhone users are redirected to the app store.
How should you complete the Azure Resource Manager template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: iOS
Azure AD Conditional Access supports the following device platforms:
Android
iOS
Windows Phone
Windows
macOS
Box 2: DeliveryRuleIsDeviceConditionParameters
The DeliveryRuleIsDeviceCondition defines the IsDevice condition for the delivery rule. parameters defines the parameters for the condition.
Box 3: HTTP_USER_AGENT
Box 4: DeliveryRuleRequestHeaderConditionParameters
DeliveryRuleRequestHeaderCondition defines the RequestHeader condition for the delivery rule. parameters defines the parameters for the condition.
Box 5: iOS
The Require approved client app requirement only supports the iOS and Android for device platform condition.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-conditions
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant

QUESTION 235
Hotspot Question
You are developing a .NET application that communicates with Azure Storage.
A message must be stored when the application initializes.
You need to implement the message.
How should you complete the code segment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

QUESTION 236
Drag and Drop Question
You are developing a web service that will run on Azure virtual machines that use Azure Storage. You configure all virtual machines to use managed identities.
You have the following requirements:
– Secret-based authentication mechanisms are not permitted for accessing an Azure Storage account.
– Must use only Azure Instance Metadata Service endpoints.
You need to write code to retrieve an access token to access Azure Storage. To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Azure Instance Metadata Service endpoints “/oauth2/token”
Box 1: http://169.254.169.254/metadata/identity/oauth2/token
Sample request using the Azure Instance Metadata Service (IMDS) endpoint (recommended):
GET ‘http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/’HTTP/1.1 Metadata: true
Box 2: JsonConvert.DeserializeObject<Dictionary<string,string>>(payload);
Deserialized token response; returning access code.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token
https://docs.microsoft.com/en-us/azure/service-fabric/how-to-managed-identity-service-fabric-app-code

QUESTION 237
Drag and Drop Question
You are developing a REST web service. Customers will access the service by using an Azure API Management instance.
The web service does not correctly handle conflicts. Instead of returning an HTTP status code of 409, the service returns a status code of 500. The body of the status message contains only the word conflict.
You need to ensure that conflicts produce the correct response.
How should you complete the policy? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Box 1: on-error
Policies in Azure API Management are divided into inbound, backend, outbound, and on-error.
If there is no on-error section, callers will receive 400 or 500 HTTP response messages if an error condition occurs.
Box 2: context
Box 3: context
Box 4: set-status
The return-response policy aborts pipeline execution and returns either a default or custom response to the caller. Default response is 200 OK with no body.
Custom response can be specified via a context variable or policy statements.
Syntax:
< return-response response-variable-name=”existing context variable”>
< set-header/>
< set-body/>
< set-status/>
< /return-response>
Box 5: on-error
Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-error-handling-policies
https://docs.microsoft.com/en-us/azure/api-management/api-management-transformation-policies


Resources From:

1.2021 Latest Braindump2go AZ-204 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/az-204.html

2.2021 Latest Braindump2go AZ-204 PDF and AZ-204 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1qSt-4_6x_lmYQoqET8lOEQmDK4tWxrUP?usp=sharing

3.2021 Free Braindump2go AZ-204 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/AZ-204-PDF-Dumps(226-237).pdf

Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!