Free Access Microsoft.AZ-304.v2021-11-15.q84 Practice Test (Page 7)

Question 26

You are designing an Azure resource deployment that will use Azure Resource Manager templates. The deployment will use Azure Key Vault to store secrets.
You need to recommend a solution to meet the following requirements:
Prevent the IT staff that will perform the deployment from retrieving the secrets directly from Key Vault.
Use the principle of least privilege.
Which two actions should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A.Create a Key Vault access policy that allows all get key permissions, get secret permissions, and get certificate permissions.

B.From Access policies in Key Vault, enable access to the Azure Resource Manager for template deployment.

C.Create a Key Vault access policy that allows all list key permissions, list secret permissions, and list certificate permissions.

D.Assign the IT staff a custom role that includes the Microsoft.KeyVault/Vaults/Deploy/Action permission.

E.Assign the Key Vault Contributor role to the IT staff.

Question 27

You have an Azure Active Directory (Azure AD) tenant.
You plan to use Azure Monitor to monitor user sign-ins and generate alerts based on specific user sign-in events.
You need to recommend a solution to trigger the alerts based on the events.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Question 28

You need to recommend a solution to meet the database retention requirement. What should you recommend?

A.Configure a long-term retention policy for the database.

B.Configure Azure Site Recovery.

C.Configure geo replication of the database.

D.Use automatic Azure SQL Database backups.

Correct Answer: A

Topic 1, Fabrikam, Inc
Overview
Existing Environment
Fabrikam, Inc. is an engineering company that has offices throughout Europe. The company has a main office in London and three branch offices in Amsterdam Berlin, and Rome.
Active Directory Environment
The network contains two Active Directory forests named corp.fabnkam.com and rd.fabrikam.com. There are no trust relationships between the forests. Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication. Rd.fabrikam.com is used by the research and development (R&D) department only.
Network Infrastructure
Each office contains at least one domain controller from the corp.fabrikam.com domain. The main office contains all the domain controllers for the rd.fabrikam.com forest.
All the offices have a high-speed connection to the Internet.
An existing application named WebApp1 is hosted in the data center of the London office. WebApp1 is used by customers to place and track orders. WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.
The IT department currently uses a separate Hyper-V environment to test updates to WebApp1.
Fabrikam purchases all Microsoft licenses through a Microsoft Enterprise Agreement that includes Software Assurance.
Problem Statement
The use of Web App1 is unpredictable. At peak times, users often report delays. Al other times, many resources for WebApp1 are underutilized.
Requirements
Planned Changes
Fabrikam plans to move most of its production workloads to Azure during the next few years.
As one of its first projects, the company plans to establish a hybrid identity model, facilitating an upcoming Microsoft Office 365 deployment All R&D operations will remain on-premises.
Fabrikam plans to migrate the production and test instances of WebApp1 to Azure.
Technical Requirements
Fabrikam identifies the following technical requirements:
* Web site content must be easily updated from a single point.
* User input must be minimized when provisioning new app instances.
* Whenever possible, existing on premises licenses must be used to reduce cost.
* Users must always authenticate by using their corp.fabrikam.com UPN identity.
* Any new deployments to Azure must be redundant in case an Azure region fails.
* Whenever possible, solutions must be deployed to Azure by using platform as a service (PaaS).
* An email distribution group named IT Support must be notified of any issues relating to the directory synchronization services.
* Directory synchronization between Azure Active Directory (Azure AD) and corp.fabhkam.com must not be affected by a link failure between Azure and the on premises network.
Database Requirements
Fabrikam identifies the following database requirements:
* Database metrics for the production instance of WebApp1 must be available for analysis so that database administrators can optimize the performance settings.
* To avoid disrupting customer access, database downtime must be minimized when databases are migrated.
* Database backups must be retained for a minimum of seven years to meet compliance requirement Security Requirements Fabrikam identifies the following security requirements:
*Company information including policies, templates, and data must be inaccessible to anyone outside the company
*Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails. *Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials.
*All administrative access to the Azure portal must be secured by using multi-factor authentication.
*The testing of WebApp1 updates must not be visible to anyone outside the company.

Question 29

You are designing a storage solution that will use Azure Blob storage. The data will be stored in a cool access tier or an archive access tier based on the access patterns of the data.
You identify the following types of infrequently accessed data:
Telemetry data: Deleted after two years
D18912E1457D5D1DDCBD40AB3BF70D5D
Promotional material: Deleted after 14 days
Virtual machine audit data: Deleted after 200 days
A colleague recommends using the archive access tier to store the data.
Which statement accurately describes the recommendation?

A.Storage costs will be based on a minimum of 30 days.

B.Access to the data is guaranteed within five minutes.

C.Access to the data is guaranteed within 30 minutes.

D.Storage costs will be based on a minimum of 180 days.

Question 30

What should you include in the identity management strategy to support the planned changes?

A.Move all the domain controllers from corp.fabrikam.com to virtual networks in Azure.

B.Deploy domain controllers for corp.fabrikam.com to virtual networks in Azure.

C.Deploy a new Azure AD tenant for the authentication of new R&D projects.

D.Deploy domain controllers for the rd.fabrikam.com forest to virtual networks in Azure.

Other Version: 700Microsoft.AZ-304.v2024-12-17.q314; 1879Microsoft.AZ-304.v2022-11-04.q111; 4474Microsoft.AZ-304.v2022-08-23.q261; 5170Microsoft.AZ-304.v2022-01-21.q271; 57Microsoft.Ipassleader.AZ-304.v2021-09-20.by.upton.196q.pdf

Latest Upload: 106Oracle.1Z0-1057-23.v2025-09-10.q47; 146Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 130SAP.C-S4EWM-2023.v2025-09-08.q83; 148TheSecOpsGroup.CNSP.v2025-09-08.q20; 198CFAInstitute.ESG-Investing.v2025-09-08.q173; 148PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 139Salesforce.Data-Architect.v2025-09-05.q216; 133Adobe.AD0-E605.v2025-09-05.q50; 173Nutanix.NCP-MCI-6.10.v2025-09-05.q55; 113Oracle.1z0-591.v2025-09-05.q104

Question 26

Question 27

Question 28

Question 29

Question 30

Download PDF File