AZ-204 quiz - Topic 1 (37 Questions)

Q1 (Topic 1):
There's 2 Hyper-V VMs: Host1 and Host2.
Host 1 has Azure VM named VM1, which is deployed via custom Azure resource manager template.
To migrate VM1 to Host 2, what should you do?

1. From Update management blade, click enable.
2. From overview blade, move VM1 to another subscription.
3. From redeploy blade, click redeploy.
4. From profile blade, modify usage location.

The "Redeploy" blade in the Azure portal can be used to redeploy a virtual machine to a different host. When you redeploy a virtual machine, it moves to a new host within the same Azure datacenter

The "Redeploy" blade in the Azure portal can be used to redeploy a virtual machine to a different host. When you redeploy a virtual machine, it moves to a new host within the same Azure datacenter

Q2 (Topic 1):
You downloaded an Azure Resource Manager template to deploy multiple VMS.
The template is based on a current deployed VM, which must be adapted so it can reference an admin password.
What do you need to create to make sure that the admin password is not stored in the template as plain text? Pick 2 or 3 options.

1. Azure Key Vault
2. Azure Storage Account
3. Azure AD (Active Directory) Identify Protection
4. Access policy
5. Azure policy

Key Vault + Access Policy. Using Key Vault we create a secret containing our Password: https://docs.microsoft.com/en-us/azure/key-vault/secrets/quick-create-portal.

Key Vault + Access Policy. Using Key Vault we create a secret containing our Password: https://docs.microsoft.com/en-us/azure/key-vault/secrets/quick-create-portal.

Q3 (Topic 1):
You have an AKS (Azure k8s Service) Cluster that is managed by an AD joined device.
The cluster is located in a resource group.
Devs made a MyApp and it's packaged into a container image.
We need to deploy the yml (manifest) file to the AKS cluster.
Is `kubectl apply -f myapp.yml` good enough to deploy?

1. Yeah
2. Nah

The solution provided involves using kubectl, which is the Kubernetes command-line tool, to apply the YAML manifest file (myapp.yaml) for deploying the application. Since you're managing the AKS cluster from an Azure AD-joined device and have the Azure CLI installed, running kubectl apply -f myapp.yaml command will deploy the application to the AKS cluster. This is a common and valid method for deploying applications to Kubernetes clusters, including AKS. Therefore, option A is correct

The solution provided involves using kubectl, which is the Kubernetes command-line tool, to apply the YAML manifest file (myapp.yaml) for deploying the application. Since you're managing the AKS cluster from an Azure AD-joined device and have the Azure CLI installed, running kubectl apply -f myapp.yaml command will deploy the application to the AKS cluster. This is a common and valid method for deploying applications to Kubernetes clusters, including AKS. Therefore, option A is correct

Q4 (Topic 1):
You have an AKS (Azure k8s Service) Cluster that is managed by an AD joined device.
The cluster is located in a resource group.
Devs made a MyApp and it's packaged into a container image.
We need to deploy the yml (manifest) file to the AKS cluster.
Is installing a docker client on the device + running `docker run -it microsoft/azure-cli:0.10.17` good enough to deploy?

1. Yeah
2. Nah

docker run -it microsoft/azure-cli:0.10.17 is no k8s command

docker run -it microsoft/azure-cli:0.10.17 is no k8s command

Q5 (Topic 1):
Your company has web app called WebApp1, through using WebJobs SDK, you triggered the App Service background task that auto invokes a funtion (within the code).
The function triggered only when new data is received in queue.
You are preparing to configure the service processes a queue data item.
What service should you use?

1. Logic Apps
2. WebJobs
3. Flow
4. Functions

Q6 (Topic 1):
Your company has Azure Subscriptions
You need to deploy multiple Azure VMs to subscption using ARM (Aszure Resource Manager) templates
All VMs will be included in a single avaliablitiy set
Need to ensure that the ARM template allows as many VMs as possible to stay up/ remain accessible during down time (e.g. maintences/ fabric failure)
What value should platformFaultDomainCount be configured into?

1. 10
2. 30
3. Min
4. Max

Q7 (Topic 1):
Your company has Azure Subscriptions
You need to deploy multiple Azure VMs to subscption using ARM (Aszure Resource Manager) templates
All VMs will be included in a single avaliablitiy set
Need to ensure that the ARM template allows as many VMs as possible to stay up/ remain accessible during down time (e.g. maintences/ fabric failure)
What value should platformUpdateDomainCount be configured into?

1. 10
2. 20
3. 30
4. 40

Maximum number of update domains you can configure is 20. This is a limit set by Azure. Default is 5.

Maximum number of update domains you can configure is 20. This is a limit set by Azure. Default is 5.

Q8 (Topic 1):
You are creating an Azure Cosmos DB account that uses SQL API
Data is injected to this account daily from a web app
You need to keep the compute cost down and ensure email noti is sent when data is sent from those IoT devices
Your approach? Deploy a function app.
Which of the following services should you use to configure that function app ?

1. Azure Cosmos DB
2. SendGrid action
3. Consumption plan
4. Azure Event Hubs bindings
5. SendGrid binding

None

None

Q9 (Topic 1):
Determine the following statement:
Your company has on-premise deployment of MongoDB
A migration from MongoDB to Azure Cosmos DB account is required.
You decide to inlcude Data Management Gateway tool in your migration plan,
If you think it's good enough, choose No change required, otherwise, choose the correct option.

1. No change required
2. mongorestore
3. Azure Storage Explorer
4. Azcopy

mongorestore is a tool provided by MongoDB that can be used to restore data from a MongoDB database dump. It is suitable for migrating data

AzCopy is a command-line utility designed for copying data to and from Azure Storage

Azure Storage Explorer is a tool for managing Azure Storage resources, such as blobs, queues, and tables

mongorestore is a tool provided by MongoDB that can be used to restore data from a MongoDB database dump. It is suitable for migrating data

AzCopy is a command-line utility designed for copying data to and from Azure Storage

Azure Storage Explorer is a tool for managing Azure Storage resources, such as blobs, queues, and tables

Q10 (Topic 1):
You're making an e-commence web app
You wish to use Azure Key Vault to ensure that the sign-ins to the e-commerce web app are secured with
Azure App Service Auth and AAD (Azure Active Directory)
What should you do on the e-commerence web app?

1. Run az keyvault secret set command
2. Enable Azure AD Connect
3. Enable Managed Service Identity (MSI)
4. Create Azure AD service principal

MSI tb explained

MSI tb explained

Q11 (Topic 1):
Evaluate the following statement
Your Azure AD (Azure Active Directory Azure) tenant has an Azure subscrption linked to it
Your in-team dev has created a mobiule app that gets Azure AD access tokens using OAuth2 implicit grant type
The mobile app MUST be registered under Azure AD
You require a redirect URI from the dev for registeration process
What do you need next? If none, choose No change required.

1. No change required
2. a secret
3. a login hint
4. a client ID

None

None

Q12 (Topic 1):
You're creating an Azure key vault using PowerShell.
Objects that are deleted from the key vault must be kept for 90 days
Pick 2 parameters that is required to meet the 90 days requirement.

1. EnabledForDeployment
2. EnabledPurgeProtection
3. EnabledForTemplateDeployment
4. EnabledSoftDelete

Purge protection adds an additional layer of security by preventing the permanent deletion (purging) of soft deleted objects until the purge protection period has expired + enable soft delete on a key vault, any deleted objects (keys, secrets, certificates) are retained in a soft deleted state for a specified retention period.This retention period is typically 90 days by default, During this period, the objects can be recovered if needed. This feature is crucial for preventing accidental deletions and ensuring that deleted objects are not immediately lost

Purge protection adds an additional layer of security by preventing the permanent deletion (purging) of soft deleted objects until the purge protection period has expired + enable soft delete on a key vault, any deleted objects (keys, secrets, certificates) are retained in a soft deleted state for a specified retention period.This retention period is typically 90 days by default, During this period, the objects can be recovered if needed. This feature is crucial for preventing accidental deletions and ensuring that deleted objects are not immediately lost

Q13 (Topic 1):
You have an Azure AD tenant
You wish to implement multi-factor auth through using a conditional access policy
THe conditional access policy must be applied to all users when they login to the Azure portal
Which 3 settings should you configure

1. Assignments - Users and groups
2. Assignments - Cloud apps
3. Assignments - Conditions
4. Access controls - Grant
5. Access controls - Session

Conditional access policy must be applied to all users and groups. When users access the azure portal (a cloud app) = Microsoft Azure ManagementAccess controls - Grant: Require multi-factor authentication

Conditional access policy must be applied to all users and groups. When users access the azure portal (a cloud app) = Microsoft Azure ManagementAccess controls - Grant: Require multi-factor authentication

---

Table of contents