The Microsoft AZ-304 certification was launched in June 2020. Therefore, aspiring candidates may face many difficulties in finding relevant training resources to prepare for the AZ-304 certification. Therefore, Cert4sure updates the study materials for the latest Microsoft Azure Architect Design certification AZ-304 exam. From https://www.pass4itsure.com/az-304.html Updated: Nov 06, 2020.

Now: The new AZ-304 practice test collected by Pass4sure is well-designed and fully focused on the new test objectives.

Next, introduce you to the new Microsoft AZ-304 practice test

To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the
appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Cert4sure AZ-304 exam questions-q1

Correct Answer:

Cert4sure AZ-304 exam questions-q1-2

Box 1: 2
The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust
relationships between the forests.
Box 2: 1
Box 3: 1
Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.
Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials.
All administrative access to the Azure portal must be secured by using multi-factor authentication.
Users must always authenticate by using their corp.fabrikam.com UPN identity.
The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust
relationships between the forests.
Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication.
Rd.fabrikam.com is used by the research and development (RandD) department only.

You need to design a solution that will execute custom C# code in response to an event routed to Azure Event Grid. The
solution must meet the following requirements:
The executed code must be able to access the private IP address of a Microsoft SQL Server instance that runs on an
Azure virtual machine.
Costs must be minimized.
What should you include in the solution?
A. Azure Logic Apps in the integrated service environment
B. Azure Functions in the Dedicated plan and the Basic Azure App Service plan
C. Azure Logic Apps in the Consumption plan
D. Azure Functions in the Consumption plan
Correct Answer: D
When you create a function app in Azure, you must choose a hosting plan for your app. There are three basic hosting
plans available for Azure Functions: Consumption plan, Premium plan, and Dedicated (App Service) plan. For the
Consumption plan, you don\\’t have to pay for idle VMs or reserve capacity in advance.
Connect to private endpoints with Azure Functions As enterprises continue to adopt serverless (and Platform-as-a-service, or PaaS) solutions, they often need a way to integrate with existing resources on a virtual network. These
existing resources could be databases, file storage, message queues or event streams, or REST APIs.
Reference: https://docs.microsoft.com/en-us/azure/azure-functions/functions-scale

You need to recommend a solution for protecting the content of the payment processing system. What should you
include in the recommendation?
A. Always Encrypted with deterministic encryption
B. Always Encrypted with randomized encryption
C. Transparent Data Encryption (TDE)
D. Azure Storage Service Encryption
Correct Answer: A

Your company purchases an app named App1.
You plan to run App1 on seven Azure virtual machines in an Availability Set. The number of fault domains is set to 3.
The number of update domains is set to 20.
You need to identify how many App1 instances will remain available during a period of planned maintenance.
How many App1 instances should you identify?
A. 1
B. 2
C. 6
D. 7
Correct Answer: C
Only one update domain is rebooted at a time. Here there are 7 update domain with one VM each (and 13 update
domain with no VM).
Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability

You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant. The subscription contains
10 resource groups, one for each department at your company.
Each department has a specific spending limit for its Azure resources.
You need to ensure that when a department reaches its spending limit, the compute resources of the department shut
down automatically.
Which two features should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Azure Logic Apps
B. Azure Monitor alerts
C. the spending limit of an Azure account
D. Cost Management budgets
E. Azure Log Analytics alerts
Correct Answer: CD
C: The spending limit in Azure prevents spending over your credit amount. All new customers who sign up for an Azure
free account or subscription types that include credits over multiple months have the spending limit turned on by default.
The spending limit is equal to the amount of credit and it can\\’t be changed.
D: Turn on the spending limit after removing This feature is available only when the spending limit has been removed
indefinitely for subscription types that include credits over multiple months. You can use this feature to turn on your
spending limit automatically at the start of the next billing period.
Sign in to the Azure portal as the Account Administrator.
Search for Cost Management + Billing.
Reference: https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/spending-limit

You are evaluating the components of the migration to Azure that require you to provision an Azure Storage account.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Cert4sure AZ-304 exam questions-q6

Correct Answer:

Cert4sure AZ-304 exam questions-q6-2

You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the
following requirements:
Provide access to the full .NET framework.
Provide redundancy if an Azure region fails.
Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy two Azure virtual machines to two Azure regions, and create a Traffic Manager profile.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A

You have 70 TB of files on your on-premises file server.
You need to recommend a solution for importing data to Azure. The solution must minimize costs.
What Azure service should you recommend?
A. Azure StorSimple
B. Azure Batch
C. Azure Data Box
D. Azure Stack
Correct Answer: C
Microsoft has engineered an extremely powerful solution that helps customers get their data to the Azure public cloud in
a cost-effective, secure, and efficient manner with powerful Azure and machine learning at play. The solution is called
Data Box.
Data Box and is in general availability status. It is a rugged device that allows organizations to have 100 TB of capacity
on which to copy their data and then send it to be transferred to Azure.
Incorrect Answers:
A: StorSimple would not be able to handle 70 TB of data. Reference: https://www.vembu.com/blog/what-is-microsoftazure-data-box-disk-edge-heavy-gateway-overview/

You have an Azure Storage v2 account named storage1.
You plan to archive data to storage1.
You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators
from deleting the data.
Solution: You create an Azure Blob storage container, and you configure a legal hold access policy.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Use an Azure Blob storage container, but use a time-based retention policy instead of a legal hold.
Immutable storage for Azure Blob storage enables users to store business-critical data objects in a WORM (Write Once,
Read Many) state. This state makes the data non-erasable and non-modifiable for a user-specified interval. For the
duration of the retention interval, blobs can be created and read, but cannot be modified or deleted. Immutable storage
is available for general-purpose v2 and Blob storage accounts in all Azure regions.
Note: Set retention policies and legal holds
Create a new container or select an existing container to store the blobs that need to be kept in the immutable state.
The container must be in a general-purpose v2 or Blob storage account.
Select Access policy in the container settings. Then select Add policy under Immutable blob storage.
3a. To enable legal holds, select Add Policy. Select Legal hold from the drop-down menu.
3b. To enable time-based retention, select Time-based retention from the drop-down menu.
4. Enter the retention interval in days (acceptable values are 1 to 146000 days).
Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage

You are designing an order processing system in Azure that will contain the Azure resources shown in the following

Cert4sure AZ-304 exam questions-q10

The order processing system will have the following transaction flow:
A customer will place an order by using App1.
When the order is received, App1 will generate a message to check for product availability at vendor 1 and vendor 2.
An integration component will process the message, and then trigger either Function1 or Function2 depending on the
type of order.
Once a vendor confirms the product availability, a status message for App1 will be generated by Function1 or
All the steps of the transaction will be logged to storage1.
Which type of resource should you recommend for the integration component?
A. an Azure Data Factory pipeline
B. an Azure Service Bus queue
C. an Azure Event Grid domain
D. an Azure Event Hubs capture
Correct Answer: A
A data factory can have one or more pipelines. A pipeline is a logical grouping of activities that together perform a task.
The activities in a pipeline define actions to perform on your data.
Data Factory has three groupings of activities: data movement activities, data transformation activities, and control
Azure Functions is now integrated with Azure Data Factory, allowing you to run an Azure Function as a step in your data
factory pipelines.

You have an on-premises network that uses an IP address space of
You plan to deploy 25 virtual machines to a new Azure subscription.
You identify the following technical requirements:
All Azure virtual machines must be placed on the same subnet named Subnet1.
All the Azure virtual machines must be able to communicate with all on-premises servers.
The servers must be able to communicate between the on-premises network and Azure by using a site-to-site VPN.
You need to recommend a subnet design that meets the technical requirements.
What should you include in the recommendation? To answer, drag the appropriate network addresses to the correct
subnets. Each network address may be used once, more than once, or not at all. You may need to drag the split bar
between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Cert4sure AZ-304 exam questions-q11

You configure the Diagnostics settings for an Azure SQL database as shown in the following exhibit.

Cert4sure AZ-304 exam questions-q12

Use the drop-down menus to select the answer choice that completes each statement based on the information
presented in the graphic. NOTE: Each correct selection is worth one point.
Hot Area:

Cert4sure AZ-304 exam questions-q12-2

You have an Azure virtual machine named VM1 that runs Windows Server 2019 and contains 500 GB of data files.
You are designing a solution that will use Azure Data Factory to transform the data files, and then load the files to Azure
Data Lake Storage.
What should you deploy on VM1 to support the design?
A. the Azure Pipelines agent
B. the Azure File Sync agent
C. the On-premises data gateway
D. the self-hosted integration runtime in Azure
Correct Answer: D
The integration runtime (IR) is the compute infrastructure that Azure Data Factory uses to provide data-integration
capabilities across different network environments. For details about IR, see the Integration runtime overview.
A self-hosted integration runtime can run copy activities between a cloud data store and a data store in a private
network. It also can dispatch transform activities against compute resources in an on-premises network or an Azure
virtual network. The installation of a self-hosted integration runtime needs an on-premises machine or a virtual machine
inside a private network.
Reference: https://docs.microsoft.com/en-us/azure/data-factory/create-self-hosted-integration-runtime

