NotJustExam Interactive Question Bank | [Microsoft] AZ-204

Question 1

You have two Hyper-V hosts named Host1 and Host2. Host1 has an Azure virtual machine named VM1 that was deployed by using a custom Azure Resource
Manager template.
You need to move VM1 to Host2.
What should you do?

A. From the Update management blade, click Enable.
B. From the Overview blade, move VM1 to a different subscription.
C. From the Redeploy blade, click Redeploy.
D. From the Profile blade, modify the usage location.

Correct Answer: C

Explanation:

The suggested answer is C (From the Redeploy blade, click Redeploy).

Reasoning for choosing C:
The primary goal is to move VM1 from Host1 to Host2. The 'Redeploy' option in Azure effectively moves a VM to a new host within the Azure infrastructure. This is the appropriate method to achieve the desired outcome without significant configuration changes or downtime, as it migrates the VM to a healthy new host. Redeploying a VM in Azure moves it to a new node within the Azure infrastructure. This action is useful when encountering issues with the current host or underlying infrastructure.

Reasons for not choosing other options:

A: "From the Update management blade, click Enable." - This option is related to managing updates on the VM and does not address the requirement of moving the VM to a different host.
B: "From the Overview blade, move VM1 to a different subscription." - Moving the VM to a different subscription is a more involved process than simply moving it to a different host. It also implies a change in billing and resource management, which is not indicated in the requirements.
D: "From the Profile blade, modify the usage location." - Modifying the usage location changes the region associated with the VM, which is not the objective. The goal is to change the physical host within the same Azure region.

The consensus from discussions also supports using the "Redeploy" option to change the host the VM is running on.

Redeploy Azure VM, https://learn.microsoft.com/en-us/azure/virtual-machines/redeploy-vm

Question 2

DRAG DROP -
You have downloaded an Azure Resource Manager template to deploy numerous virtual machines. The template is based on a current virtual machine, but must be adapted to reference an administrative password.
You need to make sure that the password is not stored in plain text.
You are preparing to create the necessary components to achieve your goal.
Which of the following should you create to achieve your goal? Answer by dragging the correct option from the list to the answer area.
Select and Place:

Correct Answer: See interactive view.

Explanation:

The correct answer is to create a Key Vault and configure its Access Policy.
Reasoning:
Storing the administrative password directly within the Azure Resource Manager template in plain text is a significant security risk. To mitigate this, Azure Key Vault should be used. Key Vault provides a secure, centralized store for secrets, keys, and certificates. The password can be stored in Key Vault, encrypted and protected by access policies. These policies define which users, groups, or applications have permissions to access the secrets stored within. By referencing the Key Vault within the ARM template, you ensure that the password is not exposed in plain text.
Here's a breakdown of why this approach is correct:

Key Vault: Provides a secure repository for storing sensitive information like passwords, API keys, and connection strings. It encrypts the data at rest and provides auditing capabilities.
Access Policy: Controls who or what can access the secrets stored in the Key Vault. This ensures that only authorized entities can retrieve the administrative password during the virtual machine deployment.

Reasons for not choosing other options:

Azure Active Directory + Managed Identity: While Managed Identities are great for authentication, they don't inherently store secrets. They would be used in conjunction with Key Vault, but are not a complete solution on their own for secure password storage.
Azure Storage Account + SAS Token: Azure Storage Accounts are designed for storing blobs, files, queues, and tables, not for securely storing secrets like passwords. SAS tokens grant access to specific resources within the storage account but don't address the fundamental requirement of secure secret storage and access control.
Azure Functions + System-Assigned Identity: Azure Functions could potentially retrieve a password from a Key Vault, but they don't, on their own, provide the secure storage. A system-assigned identity would similarly be used to *access* a Key Vault, not replace it.

Using Key Vault with appropriate access policies ensures that the administrative password is securely stored and accessed only by authorized processes during the deployment of the virtual machines.

Citation:

Azure Key Vault Documentation, https://learn.microsoft.com/en-us/azure/key-vault/
Securely accessing secrets, https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/key-vault-parameter

Question 3

Your company has an Azure Kubernetes Service (AKS) cluster that you manage from an Azure AD-joined device. The cluster is located in a resource group.
Developers have created an application named MyApp. MyApp was packaged into a container image.
You need to deploy the YAML manifest file for the application.
Solution: You install the Azure CLI on the device and run the kubectl apply `"f myapp.yaml command.
Does this meet the goal?

A. Yes
B. No

Correct Answer: A

Explanation:

The suggested answer is A (Yes).

Reasoning: The provided solution involves installing the Azure CLI and using the `kubectl apply -f myapp.yaml` command. This is a standard and correct approach for deploying applications to an Azure Kubernetes Service (AKS) cluster using a YAML manifest file. The Azure CLI facilitates interaction with Azure services, including AKS, and `kubectl` is the command-line tool for managing Kubernetes clusters. The `kubectl apply -f myapp.yaml` command specifically tells Kubernetes to apply the configuration defined in the `myapp.yaml` file, which is the standard way to deploy applications defined in YAML manifests.

Why other answers are incorrect:

B (No): This is incorrect because the described method is the correct approach to deploy applications to AKS using a YAML manifest. There are no apparent errors or missing steps in the described solution.

Citations:

Deploy an application to Azure Kubernetes Service (AKS), https://learn.microsoft.com/en-us/azure/aks/kubernetes-walkthrough
Kubectl apply, https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply

Question 4

Your company has an Azure Kubernetes Service (AKS) cluster that you manage from an Azure AD-joined device. The cluster is located in a resource group.
Developers have created an application named MyApp. MyApp was packaged into a container image.
You need to deploy the YAML manifest file for the application.
Solution: You install the docker client on the device and run the docker run -it microsoft/azure-cli:0.10.17 command.
Does this meet the goal?

A. Yes
B. No

Correct Answer: B

Explanation:

Suggested Answer: B. No.
Reasoning: The provided solution uses a Docker command to run the Azure CLI within a container. While this allows you to access the Azure CLI, it does not directly deploy the YAML manifest to the AKS cluster. Deploying a YAML manifest to Kubernetes requires using the `kubectl` command-line tool, which interacts with the Kubernetes API. The command `docker run -it microsoft/azure-cli:0.10.17` simply launches an Azure CLI container and doesn't interact with the Kubernetes cluster to deploy the application.
To correctly deploy the application, you would typically use the `kubectl apply -f myapp.yaml` command after configuring `kubectl` to connect to your AKS cluster. This involves setting up the Kubernetes configuration file (`kubeconfig`) to point to your AKS cluster.
Reason for not choosing A: The provided solution does not use the correct tool (kubectl) to deploy the application to the AKS cluster. Therefore, it does not meet the stated goal. The Docker command launches an Azure CLI container but doesn't manage Kubernetes deployments.

kubectl apply, https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply
Connect to AKS cluster, https://learn.microsoft.com/en-us/azure/aks/learn/quick-deploy-cli

Question 5

Your company has a web app named WebApp1.
You use the WebJobs SDK to design a triggered App Service background task that automatically invokes a function in the code every time new data is received in a queue.
You are preparing to configure the service processes a queue data item.
Which of the following is the service you should use?

A. Logic Apps
B. WebJobs
C. Flow
D. Functions

Correct Answer: B

Explanation:

The suggested answer is B (WebJobs).
The reason for choosing WebJobs is that the question explicitly states the use of the WebJobs SDK to design a triggered App Service background task. WebJobs are specifically designed for running background tasks within Azure App Service, and the WebJobs SDK facilitates the creation of such tasks, especially those triggered by queues.
The reason for not choosing the other options:

A. Logic Apps: While Logic Apps can be triggered by queues and perform tasks, the question specifies the use of the WebJobs SDK, making WebJobs the more appropriate choice. Logic Apps are more suited for complex workflow orchestration.
C. Flow: Microsoft Flow (now Power Automate) is also a workflow automation tool, but it's generally used for simpler integrations and user-initiated tasks rather than background processing within an App Service using the WebJobs SDK.
D. Functions: Azure Functions can be triggered by queues and are a suitable alternative for background processing. However, the explicit mention of the WebJobs SDK in the question makes WebJobs a more direct and fitting answer in this context.

WebJobs directly integrates with Azure App Service and the WebJobs SDK to handle background processing triggered by events like queue messages.

Citations:

Azure WebJobs documentation, https://learn.microsoft.com/en-us/azure/app-service/webjobs-create
Azure App Service overview, https://learn.microsoft.com/en-us/azure/app-service/overview

Question 6

Your company has an Azure subscription.
You need to deploy a number of Azure virtual machines to the subscription by using Azure Resource Manager (ARM) templates. The virtual machines will be included in a single availability set.
You need to ensure that the ARM template allows for as many virtual machines as possible to remain accessible in the event of fabric failure or maintenance.
Which of the following is the value that you should configure for the platformFaultDomainCount property?

A. 10
B. 30
C. Min Value
D. Max Value

Correct Answer: D

Explanation:

The correct answer is D. Max Value.

The question requires configuring the `platformFaultDomainCount` property in an Azure Resource Manager (ARM) template to maximize the availability of virtual machines within an availability set during fabric failures or maintenance events.

Reasoning for choosing D:
The `platformFaultDomainCount` property specifies the number of fault domains to use for the availability set. Fault domains represent distinct physical infrastructures within an Azure region. By maximizing the number of fault domains, the virtual machines are distributed across different physical infrastructures. Therefore, in the event of a failure in one fault domain, the virtual machines in the other fault domains remain accessible, ensuring higher availability.

According to Microsoft's documentation, availability sets distribute your VMs across multiple fault domains. The maximum number of fault domains is typically 3 in most Azure regions. Configuring `platformFaultDomainCount` to its maximum value ensures that the VMs are spread across the greatest possible number of isolated hardware infrastructures, thus maximizing resilience.

Reasons for not choosing other answers:

A. 10: The value 10 is not a valid `platformFaultDomainCount`. The maximum value for fault domains is typically 3. Using an invalid number might cause deployment failures or unpredictable behavior.
B. 30: Similar to option A, 30 is not a valid value for `platformFaultDomainCount`. The maximum value is 3.
C. Min Value: Choosing the minimum value would concentrate the virtual machines within a smaller set of fault domains. This increases the risk that a single hardware failure or maintenance event could impact a larger proportion of the VMs, reducing overall availability.

Therefore, the correct configuration to maximize availability is to set `platformFaultDomainCount` to its maximum value.

Citation links:

Azure availability sets overview, https://learn.microsoft.com/en-us/azure/virtual-machines/availability-set-overview

Question 7

Your company has an Azure subscription.
You need to deploy a number of Azure virtual machines to the subscription by using Azure Resource Manager (ARM) templates. The virtual machines will be included in a single availability set.
You need to ensure that the ARM template allows for as many virtual machines as possible to remain accessible in the event of fabric failure or maintenance.
Which of the following is the value that you should configure for the platformUpdateDomainCount property?

A. 10
B. 20
C. 30
D. 40

Correct Answer: B

Explanation:

The correct answer is B. 20.

Reasoning: The question asks to configure the `platformUpdateDomainCount` property in an ARM template to ensure maximum accessibility of virtual machines within an availability set during fabric failures or maintenance. The `platformUpdateDomainCount` property determines how Azure distributes updates across the virtual machines in the availability set. A higher number of update domains means that fewer virtual machines are updated simultaneously, thus minimizing the impact of planned maintenance or unexpected outages. The maximum value allowed for `platformUpdateDomainCount` is 20. Therefore, setting it to 20 will provide the highest possible availability by spreading the VMs across the maximum number of update domains.

Why other options are incorrect:

Options A (10), C (30), and D (40) are incorrect because the maximum allowed value for `platformUpdateDomainCount` is 20. Values greater than 20 are invalid. Using a value less than 20 would not provide the maximum possible distribution across update domains, thereby reducing availability during maintenance or failures.

Citations:

Availability Sets - Azure Virtual Machines, https://learn.microsoft.com/en-us/azure/virtual-machines/availability-set-overview
Properties of Availability Sets, https://learn.microsoft.com/en-us/azure/virtual-machines/windows/availability-sets?toc=%2Fazure%2Fvirtual-machines%2Fwindows%2Ftoc.json

Question 8

DRAG DROP -
You are creating an Azure Cosmos DB account that makes use of the SQL API. Data will be added to the account every day by a web application.
You need to ensure that an email notification is sent when information is received from IoT devices, and that compute cost is reduced.
You decide to deploy a function app.
Which of the following should you configure the function app to use? Answer by dragging the correct options from the list to the answer area.
Select and Place:

Correct Answer: See interactive view.

Explanation:

The correct configuration for the function app to meet the requirements of sending email notifications upon receiving information from IoT devices and reducing compute cost is: Consumption plan and SendGrid binding.

Reasoning:

Consumption Plan: This plan is a serverless compute option that automatically allocates compute power when your code is run. You are only charged for the resources used, making it cost-effective, especially when the workload is variable. This directly addresses the requirement to reduce compute costs.
- Citation: Azure Functions Consumption Plan
SendGrid binding: SendGrid is a cloud-based email delivery service that provides reliable transactional email delivery, scalability, and real-time analytics. The SendGrid binding for Azure Functions allows you to easily send emails without having to manage the underlying SMTP connection or write custom code for sending emails. This efficiently satisfies the requirement to send email notifications.
- Citation: Azure SendGrid bindings for Azure Functions

Reasons for not choosing other options:

Azure Event Hubs trigger: While Azure Event Hubs is a powerful event ingestion service, it's not directly relevant for sending email notifications. It's more suitable for handling high-throughput data streams. An Event Hubs trigger would be used to *receive* data from Event Hubs, not to initiate sending emails.
Azure Cosmos DB trigger: The Azure Cosmos DB trigger is used to respond to changes in Azure Cosmos DB collections. While the data is being added to Cosmos DB daily, this trigger won't automatically send emails upon receiving information from IoT devices. Additionally, using SendGrid directly from the function triggered by an Event Hub or timer is generally more efficient for sending notifications.
IoT Hub trigger: While IoT Hub is designed for IoT device communication, using a direct trigger from IoT Hub to send emails might not be the most efficient architecture. A common pattern is to route IoT Hub data to other services for processing and actions, which could include an Event Hub and then a function with SendGrid binding.

Question 9

This question requires that you evaluate the underlined text to determine if it is correct.
You company has an on-premises deployment of MongoDB, and an Azure Cosmos DB account that makes use of the MongoDB API.
You need to devise a strategy to migrate MongoDB to the Azure Cosmos DB account.
You include the Data Management Gateway tool in your migration strategy.
Instructions: Review the underlined text. If it makes the statement correct, select `No change required.` If the statement is incorrect, select the answer choice that makes the statement correct.

A. No change required
B. mongorestore
C. Azure Storage Explorer
D. AzCopy

Correct Answer: B

Explanation:

The recommended answer is B. mongorestore.

Reasoning:
The underlined text suggests using the Data Management Gateway tool for migrating MongoDB to Azure Cosmos DB. This is incorrect. The correct tool for this purpose is `mongorestore`. `mongorestore` is a command-line utility that restores MongoDB data from a binary database dump created by `mongodump`. Since Azure Cosmos DB provides a MongoDB API, `mongorestore` can be used to migrate data from an on-premises MongoDB instance to Azure Cosmos DB.

Why other options are incorrect:

A. No change required: The original statement is incorrect because Data Management Gateway is not the appropriate tool.
C. Azure Storage Explorer: Azure Storage Explorer is a GUI tool for managing Azure Storage resources, such as blobs and queues. It's not designed for MongoDB data migration.
D. AzCopy: AzCopy is a command-line utility for copying data to and from Azure Storage. It's not designed for MongoDB data migration.

Citations:

Migrate MongoDB to Azure Cosmos DB's API for MongoDB, https://learn.microsoft.com/en-us/azure/cosmos-db/mongodb/migrate-mongo-db
mongorestore, https://www.mongodb.com/docs/database-tools/mongorestore/

Question 10

You are developing an e-Commerce Web App.
You want to use Azure Key Vault to ensure that sign-ins to the e-Commerce Web App are secured by using Azure App Service authentication and Azure Active
Directory (AAD).
What should you do on the e-Commerce Web App?

A. Run the az keyvault secret command.
B. Enable Azure AD Connect.
C. Enable Managed Service Identity (MSI).
D. Create an Azure AD service principal.

Correct Answer: C

Explanation:

The correct answer is C. Enable Managed Service Identity (MSI).

Reasoning:
To securely access Azure Key Vault from an e-commerce web app using Azure App Service authentication and Azure Active Directory (AAD), you should enable Managed Service Identity (MSI) on the web app. MSI provides an automatically managed identity in Azure AD that the application can use to authenticate to services that support Azure AD authentication, including Key Vault. This eliminates the need to manage credentials manually in the code or configuration.

Here's a detailed breakdown:

MSI allows the e-Commerce Web App to securely authenticate to Azure Key Vault without managing credentials.
It provides an automatically managed identity in Azure AD that can be used to authenticate to services that support Azure AD authentication.

Why other options are incorrect:

A. Run the az keyvault secret command: This command is used to manage secrets within Key Vault but does not address the authentication of the web app to Key Vault.
B. Enable Azure AD Connect: Azure AD Connect is used to synchronize on-premises Active Directory with Azure AD. It's not directly related to securing sign-ins for the e-commerce web app using Key Vault.
D. Create an Azure AD service principal: While service principals can be used for authentication, MSI is the preferred approach for Azure App Service as it simplifies credential management. Creating a service principal would introduce the complexity of managing its credentials.

Title: What is managed identities for Azure resources?, https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

[Microsoft] AZ-204 - Azure Developer Associate Exam Dumps & Study Guide

Free [Microsoft] AZ-204 - Azure Developer Associate Practice Questions Preview

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10