Az-204 Developing Solutions for Microsoft Azure sample
QUESTION 1
You need to secure the Shipping Logic App.
What should you use?
A. Azure App Service Environment (ASE)
B. Integration Service Environment (ISE)
C. VNet service endpoint
D. Azure AD B2B integration
Correct Answer: B
Explanation
Explanation/Reference:
Explanation:
Scenario: The Shipping Logic App requires secure resources to the corporate VNet and use dedicated storage
resources with a fixed costing model.
You can access to Azure Virtual Network resources from Azure Logic Apps by using integration service
environments (ISEs).
Sometimes, your logic apps and integration accounts need access to secured resources, such as virtual
machines (VMs) and other systems or services, that are inside an Azure virtual network. To set up this access,
you can create an integration service environment (ISE) where you can run your logic apps and create your
integration accounts
QUESTION 2
You develop an app that allows users to upload photos and videos to Azure storage. The app uses a storage
REST API call to upload the media to a blob storage account named Account1. You have blob storage
containers named Container1 and Container2.
Uploading of videos occurs on an irregular basis.
You need to copy specific blobs from Container1 to Container2 when a new video is uploaded.
What should you do?
A. Copy blobs to Container2 by using the Put Blob operation of the Blob Service REST API
B. Create an Event Grid topic that uses the Start-AzureStorageBlobCopy cmdlet
C. Use AzCopy with the Snapshot switch to copy blobs to Container2
D. Download the blob to a virtual machine and then upload the blob to Container2
Correct Answer: B
Explanation
Explanation/Reference:
Explanation:
The Start-AzureStorageBlobCopy cmdlet starts to copy a blob.
Example 1: Copy a named blob
C:\PS>Start-AzureStorageBlobCopy -SrcBlob "ContosoPlanning2015" -DestContainer "ContosoArchives" -
SrcContainer "ContosoUploads"
This command starts the copy operation of the blob named ContosoPlanning2015 from the container named
ContosoUploads to the container named ContosoArchives.
QUESTION 3
You are developing an ASP.NET Core website that uses Azure FrontDoor. The website is used to build custom
weather data sets for researchers. Data sets are downloaded by users as Comma Separated Value (CSV) files.
The data is refreshed every 10 hours.
Specific files must be purged from the FrontDoor cache based upon Response Header values.
You need to purge individual assets from the Front Door cache.
Which type of cache purge should you use?
A. single path
B. wildcard
C. root domain
Correct Answer: A
Explanation
Explanation/Reference:
Explanation:
These formats are supported in the lists of paths to purge:
Single path purge: Purge individual assets by specifying the full path of the asset (without the protocol and
domain), with the file extension, for example, /pictures/strasbourg.png;
Wildcard purge: Asterisk (*) may be used as a wildcard. Purge all folders, subfolders, and files under an
endpoint with /* in the path or purge all subfolders and files under a specific folder by specifying the folder
followed by /*, for example, /pictures/*.
96CE4376707A97CE80D4B1916F054522
Root domain purge: Purge the root of the endpoint with "/" in the path.
QUESTION 4
Your company is developing an Azure API.
You need to implement authentication for the Azure API. You have the following requirements:
All API calls must be secure.
Callers to the API must not send credentials to the API.
Which authentication mechanism should you use?
A. Basic
B. Anonymous
C. Managed identity
D. Client certificate
Correct Answer: C
Explanation
Explanation/Reference:
Explanation:
Use the authentication-managed-identity policy to authenticate with a backend service using the managed
identity of the API Management service. This policy essentially uses the managed identity to obtain an access
token from Azure Active Directory for accessing the specified resource. After successfully obtaining the token,
the policy will set the value of the token in the Authorization header using the Bearer scheme.
QUESTION 5
You are a developer for a SaaS company that offers many web services.
All web services for the company must meet the following requirements:
Use API Management to access the services
Use OpenID Connect for authentication
Prevent anonymous usage
A recent security audit found that several web services can be called without any authentication.
Which API Management policy should you implement?
A. jsonp
B. authentication-certificate
C. check-header
D. validate-jwt
Correct Answer: D
Explanation
Explanation/Reference:
Explanation:
Add the validate-jwt policy to validate the OAuth token for every incoming request.
Incorrect Answers:
A: The jsonp policy adds JSON with padding (JSONP) support to an operation or an API to allow cross-domain
calls from JavaScript browser-based clients. JSONP is a method used in JavaScript programs to request data
from a server in a different domain. JSONP bypasses the limitation enforced by most web browsers where
access to web pages must be in the same domain.
JSONP - Adds JSON with padding (JSONP) support to an operation or an API to allow cross-domain calls from
JavaScript browser-based clients.
You need to secure the Shipping Logic App.
What should you use?
A. Azure App Service Environment (ASE)
B. Integration Service Environment (ISE)
C. VNet service endpoint
D. Azure AD B2B integration
Correct Answer: B
Explanation
Explanation/Reference:
Explanation:
Scenario: The Shipping Logic App requires secure resources to the corporate VNet and use dedicated storage
resources with a fixed costing model.
You can access to Azure Virtual Network resources from Azure Logic Apps by using integration service
environments (ISEs).
Sometimes, your logic apps and integration accounts need access to secured resources, such as virtual
machines (VMs) and other systems or services, that are inside an Azure virtual network. To set up this access,
you can create an integration service environment (ISE) where you can run your logic apps and create your
integration accounts
QUESTION 2
You develop an app that allows users to upload photos and videos to Azure storage. The app uses a storage
REST API call to upload the media to a blob storage account named Account1. You have blob storage
containers named Container1 and Container2.
Uploading of videos occurs on an irregular basis.
You need to copy specific blobs from Container1 to Container2 when a new video is uploaded.
What should you do?
A. Copy blobs to Container2 by using the Put Blob operation of the Blob Service REST API
B. Create an Event Grid topic that uses the Start-AzureStorageBlobCopy cmdlet
C. Use AzCopy with the Snapshot switch to copy blobs to Container2
D. Download the blob to a virtual machine and then upload the blob to Container2
Correct Answer: B
Explanation
Explanation/Reference:
Explanation:
The Start-AzureStorageBlobCopy cmdlet starts to copy a blob.
Example 1: Copy a named blob
C:\PS>Start-AzureStorageBlobCopy -SrcBlob "ContosoPlanning2015" -DestContainer "ContosoArchives" -
SrcContainer "ContosoUploads"
This command starts the copy operation of the blob named ContosoPlanning2015 from the container named
ContosoUploads to the container named ContosoArchives.
QUESTION 3
You are developing an ASP.NET Core website that uses Azure FrontDoor. The website is used to build custom
weather data sets for researchers. Data sets are downloaded by users as Comma Separated Value (CSV) files.
The data is refreshed every 10 hours.
Specific files must be purged from the FrontDoor cache based upon Response Header values.
You need to purge individual assets from the Front Door cache.
Which type of cache purge should you use?
A. single path
B. wildcard
C. root domain
Correct Answer: A
Explanation
Explanation/Reference:
Explanation:
These formats are supported in the lists of paths to purge:
Single path purge: Purge individual assets by specifying the full path of the asset (without the protocol and
domain), with the file extension, for example, /pictures/strasbourg.png;
Wildcard purge: Asterisk (*) may be used as a wildcard. Purge all folders, subfolders, and files under an
endpoint with /* in the path or purge all subfolders and files under a specific folder by specifying the folder
followed by /*, for example, /pictures/*.
96CE4376707A97CE80D4B1916F054522
Root domain purge: Purge the root of the endpoint with "/" in the path.
QUESTION 4
Your company is developing an Azure API.
You need to implement authentication for the Azure API. You have the following requirements:
All API calls must be secure.
Callers to the API must not send credentials to the API.
Which authentication mechanism should you use?
A. Basic
B. Anonymous
C. Managed identity
D. Client certificate
Correct Answer: C
Explanation
Explanation/Reference:
Explanation:
Use the authentication-managed-identity policy to authenticate with a backend service using the managed
identity of the API Management service. This policy essentially uses the managed identity to obtain an access
token from Azure Active Directory for accessing the specified resource. After successfully obtaining the token,
the policy will set the value of the token in the Authorization header using the Bearer scheme.
QUESTION 5
You are a developer for a SaaS company that offers many web services.
All web services for the company must meet the following requirements:
Use API Management to access the services
Use OpenID Connect for authentication
Prevent anonymous usage
A recent security audit found that several web services can be called without any authentication.
Which API Management policy should you implement?
A. jsonp
B. authentication-certificate
C. check-header
D. validate-jwt
Correct Answer: D
Explanation
Explanation/Reference:
Explanation:
Add the validate-jwt policy to validate the OAuth token for every incoming request.
Incorrect Answers:
A: The jsonp policy adds JSON with padding (JSONP) support to an operation or an API to allow cross-domain
calls from JavaScript browser-based clients. JSONP is a method used in JavaScript programs to request data
from a server in a different domain. JSONP bypasses the limitation enforced by most web browsers where
access to web pages must be in the same domain.
JSONP - Adds JSON with padding (JSONP) support to an operation or an API to allow cross-domain calls from
JavaScript browser-based clients.
Leave a comment