New 2021 Azure az-304 exam questions from Lead4Pass az-304 dumps!
Welcome to download the newest Lead4Pass az-304 dumps VCE and PDF: https://www.leads4pass.com/az-304.html (423 Q&As)
P.S. Free 2021 Azure az-304 Dumps are available on Google Drive shared by Lead4Pass: https://drive.google.com/file/d/1NDhyKd_nnWT0FpU3jl69_AbwpSWA5m6P/
Free Azure az-304 exam questions and answers
QUESTION 1
You plan to move a web application named App1 from an on-premises data center to Azure.
App1 depends on a custom COM component that is installed on the host server.
You need to recommend a solution to host App1 in Azure. The solution must meet the following requirements:
1.
App1 must be available to users if an Azure data center becomes unavailable.
2.
Costs must be minimized.
What should you include in the recommendation?
A. In two Azure regions, deploy a Traffic Manager profile and a web app.
B. In two Azure regions, deploy a load balancer and a virtual machine scale set.
C. Deploy a load balancer and a virtual machine scale set across two availability zones.
D. In two Azure regions, deploy a load balancer and a web app.
Correct Answer: A
QUESTION 2
You have 70 TB of files on your on-premises file server.
You need to recommend solution for importing data to Azure. The solution must minimize cost.
What Azure service should you recommend?
A. Azure StorSimple
B. Azure Batch
C. Azure Data Box
D. Azure Stack
Correct Answer: C
Microsoft has engineered an extremely powerful solution that helps customers get their data to the Azure public cloud in a cost-effective, secure, and efficient manner with powerful Azure and machine learning at play. The solution is called Data Box.
Data Box and is in general availability status. It is a rugged device that allows organizations to have 100 TB of capacity
on which to copy their data and then send it to be transferred to Azure.
Incorrect Answers:
A: StoreSimple would not be able to handle 70 TB of data.
References: https://www.vembu.com/blog/what-is-microsoft-azure-data-box-disk-edge-heavy-gateway-overview/
QUESTION 3
Note: This question is a part of series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You are migrating an on-premises application to Azure. One component of the application is a legacy Windows native
executable that performs image processing.
The image processing application must run every hour. During times that the image processing application is not
running, it should not be consuming any Azure compute resources.
You need to ensure that the image processing application runs correctly every hour.
Solution: Create an Azure WebJob that runs the image processing application every hour.
Does the solution meet the goal?
A. Yes
B. No
Correct Answer: B
Instead use an Azure Logic Apps, which helps you automate workflows that run on a schedule.
Reference: https://docs.microsoft.com/en-us/azure/logic-apps/tutorial-build-schedule-recurring-logic-app-workflow
QUESTION 4
Your company has several Azure subscriptions that are part of a Microsoft Enterprise Agreement. The company\\’s
compliance team creates automatic alerts by using Azure Monitor.
You need to recommend a solution to automatically recreate the alerts in the new Azure subscriptions that are added to the Enterprise Agreement
What should you include in the recommendation?
A. Azure Automation runbooks
B. Azure Log Analytics alerts
C. Azure Monitor action groups
D. Azure Resource Manager templates
E. Azure Policy
Correct Answer: E
QUESTION 5
You need to recommend a solution for protecting the content of the back-end tier of the payment processing system.
What should you include in the recommendations?
A. Always Encrypted with deterministic encryption
B. Transparent Date Encryption (TDE)
C. Azure Storage Service Encryption
D. Always Encrypted with randomized encryption
Correct Answer: A
QUESTION 6
You use Azure virtual machines to run a custom application that uses an Azure SQL Database instance on the back
end.
The IT department at your company recently enabled forced tunneling.
Since the configuration change, developers have noticed degraded performance when they access the database.
You need to recommend a solution to minimize latency when accessing the database. The solution must minimize
costs.
What should you include in the recommendation?
A. Azure SQL Database Managed instance
B. Azure virtual machines that run Microsoft SQL Server servers
C. Always On availability groups
D. virtual network (VNET) service endpoint
Correct Answer: D
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview
QUESTION 7
A partner manages on-premises and Azure environments. The partner deploys an on-premises solution that needs to
use Azure services. The partner deploys a virtual appliance.
All network traffic that is directed to a specific subnet must flow through the virtual appliance.
You need to recommend solutions to manage network traffic.
Which two options should you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Configure Azure Traffic Manager
B. Implement an Azure virtual network
C. Configure a routing table with forced tunneling
D. Implement Azure ExpressRoute
Correct Answer: CD
C: Forced tunneling lets you redirect or “force” all Internet-bound traffic back to your on-premises location via a Site-toSite VPN tunnel for inspection and auditing. This is a critical security requirement for most enterprise IT policies. Without forced tunneling, Internet-bound traffic from your VMs in Azure always traverses from Azure network infrastructure directly out to the Internet, without the option to allow you to inspect or audit the traffic.
Forced tunneling in Azure is configured via virtual network user-defined routes.
D: ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection
facilitated by a connectivity provider. With ExpressRoute, you can establish connections to Microsoft cloud services,
such as Microsoft Azure, Office 365, and Dynamics 365.
Connectivity can be from an any-to-any (IP VPN) network, a point-to-point Ethernet network, or a virtual crossconnection through a connectivity provider at a co-location facility. ExpressRoute connections do not go over the public Internet. This allows ExpressRoute connections to offer more reliability, faster speeds, lower latencies, and higher
security than typical connections over the Internet.
Reference: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction
QUESTION 8
Note: This question is a part of series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You have an Azure Active Directory (Azure AZD) tenant named contoso.com. The tenant contains a group named
Group1. Group1 contains all the administrative user accounts.
You discover several login attempts to the Azure portal from countries where administrative users do NOT work.
You need to ensure that all login attempts to the Azure portal from those countries require Azure Multi-Factor
Authentication (MFA).
Solution: You implement an access package.
Does this solution meet the goal?
A. Yes
B. No
Correct Answer: B
Instead implement Azure AD Privileged Identity Management.
Note: Azure Active Directory (Azure AD) Privileged Identity Management (PIM) is a service that enables you to manage,
control, and monitor access to important resources in your organization.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
QUESTION 9
HOTSPOT
You are designing an Azure web app.
You plan to deploy the web app to the North Europe Azure region and the West Europe Azure region.
You need to recommend a solution for the web app. The solution must meet the following requirements:
1.
Users must always access the web app from the North Europe region, unless the region fails.
2.
The web app must be available to users if an Azure region is unavailable.
3.
Deployment costs must be minimized.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
QUESTION 10
You have an on-premises network to which you deploy a virtual appliance.
You plan to deploy several Azure virtual machines and connect the on-premises network to Azure by using a Site-toSite connection.
All network traffic that will be directed from the Azure virtual machines to a specific subnet must flow through the virtual appliance.
You need to recommend solutions to manage network traffic.
Which two options should you recommend? Each correct answer presents a complete solution.
A. Configure Azure Traffic Manager.
B. Implement Azure ExpressRoute.
C. Configure a routing table.
D. Implement an Azure virtual network.
Correct Answer: BC
B: Forced tunneling lets you redirect or “force” all Internet-bound traffic back to your on-premises location via a Site-toSite VPN tunnel for inspection and auditing. This is a critical security requirement for most enterprise IT policies. Without forced tunneling, Internet-bound traffic from your VMs in Azure always traverses from Azure network infrastructure directly out to the Internet, without the option to allow you to inspect or audit the traffic.
Forced tunneling in Azure is configured via virtual network user-defined routes.
C: ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection
facilitated by a connectivity provider. With ExpressRoute, you can establish connections to Microsoft cloud services,
such as Microsoft Azure, Office 365, and Dynamics 365.
Connectivity can be from an any-to-any (IP VPN) network, a point-to-point Ethernet network, or a virtual crossconnection through a connectivity provider at a co-location facility. ExpressRoute connections do not go over the public Internet. This allows ExpressRoute connections to offer more reliability, faster speeds, lower latencies, and higher
security than typical connections over the Internet.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-forced-tunneling-rm https://docs.microsoft.com/enus/azure/expressroute/expressroute-introduction
QUESTION 11
Note: This question is a part of series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You are designing an Azure solution for a company that has four departments. Each department will deploy several
Azure app services and Azure SQL databases.
You need to recommend a solution to report the costs for each department to deploy the app services and the
databases. The solution must provide a consolidated view for cost reporting.
Solution: Create a resources group for each resource type. Assign tags to each resource group.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to organize resources for billing or management.
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags
QUESTION 12
You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager resource
deployment in your subscription. What should you include in the recommendation?
A. Azure Activity Log
B. Azure Monitor action groups
C. Azure Advisor
D. Azure Monitor metrics
Correct Answer: A
Activity logs are kept for 90 days. You can query for any range of dates, as long as the starting date isn\\’t more than 90 days in the past. Through activity logs, you can determine:
1.
what operations were taken on the resources in your subscription who started the operation
2.
when the operation occurred
3.
the status of the operation
4.
the values of other properties that might help you research the operation
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs
QUESTION 13
You need to ensure that connections to Web01 and Web02 are available if a single zone fails. What should you
modify?
NOTE: To answer this question, sign in to the Azure portal and explore the Azure resource groups.
A. the availability set
B. the size of the virtual machines
C. the SKU of the load balancer
D. the Azure Traffic Manager configurations
Correct Answer: C
Azure Standard Load Balancer supports availability zones scenarios. You can use Standard Load Balancer to optimize
availability in your end-to-end scenario by aligning resources with zones and distributing them across zones
References: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-availability-zones
QUESTION 14
You develop a new Azure Web App that uses multiple Azure blobs and static content. The Web App uses a large
number of JavaScript files and cascading style sheets. Some of these files contain references to other files. Users are
geographically dispersed.
You need to minimize the time to load individual pages.
What should you do?
A. Migrate the Web App to Azure Service Fabric
B. Use an Azure Content Delivery Network (CDN)
C. Implement an Azure Redis Cache
D. Create a services layer by using an Azure-hosted ASP.NET web API
E. Enable the Always On feature of the Web App
Correct Answer: B
QUESTION 15
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant.
You plan to use Azure Monitor to monitor user sign-ins and generate alerts based on specific user sign-in events.
You need to recommend a solution to trigger the alerts based on the events.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: An Azure Log Analytics workspace
To be able to create an alert we send the Azure AD logs to An Azure Log Analytics workspace.
Note: You can forward your AAD logs and events to either an Azure Storage Account, an Azure Event Hub, Log
Analytics, or a combination of all of these.
Box 2: Log
Ensure Resource Type is an analytics source like Log Analytics or Application Insights and signal type as Log.
Reference:
https://4sysops.com/archives/how-to-create-an-azure-ad-admin-login-alert/
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-log
Continue to follow to get more free updates…
New 2021 Azure az-304 exam questions from Lead4Pass az-304 Dumps! Welcome to download the newest Lead4Pass az-304 VCE and PDF dumps: https://www.leads4pass.com/az-304.html (423 Q&As)
P.S. Free 2021 Azure az-304 Dumps are available on Google Drive shared by Lead4Pass: https://drive.google.com/file/d/1NDhyKd_nnWT0FpU3jl69_AbwpSWA5m6P/