CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-204

Free AZ-204 Exam Braindumps (page: 30)

Page 30 of 79
PDF with 400 Questions

You develop a REST API. You implement a user delegation SAS token to communicate with Azure Blob storage.

The token is compromised.
You need to revoke the token.

What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  1. Revoke the delegation key.
  2. Delete the stored access policy.
  3. Regenerate the account key.
  4. Remove the role assignment for the security principle.

Answer(s): A,B

Explanation:

A: Revoke a user delegation SAS
To revoke a user delegation SAS from the Azure CLI, call the az storage account revoke-delegation-keys command. This command revokes all of the user delegation keys associated with the specified storage account. Any shared access signatures associated with those keys are invalidated.

B: To revoke a stored access policy, you can either delete it, or rename it by changing the signed identifier. Changing the signed identifier breaks the associations between any existing signatures and the stored access policy. Deleting or renaming the stored access policy immediately effects all of the shared access signatures associated with it.


Reference:

https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/storage/blobs/storage-blob-user-delegation-sas-create-cli.md
https://docs.microsoft.com/en-us/rest/api/storageservices/define-stored-access-policy#modifying-or-revoking-a-stored-access-policy



DRAG DROP (Drag & Drop is not supported)
You are developing an Azure-hosted application that must use an on-premises hardware security module (HSM) key.

The key must be transferred to your existing Azure Key Vault by using the Bring Your Own Key (BYOK) process.

You need to securely transfer the key to Azure Key Vault.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

  1. See Explanation section for answer.

Answer(s): A

Explanation:




To perform a key transfer, a user performs following steps:
-Generate KEK.
-Retrieve the public key of the KEK.
-Using HSM vendor provided BYOK tool - Import the KEK into the target HSM and exports the Target Key protected by the KEK.
-Import the protected Target Key to Azure Key Vault.

Step 1: Generate a Key Exchange Key (KEK).

Step 2: Retrieve the Key Exchange Key (KEK) public key.

Step 3: Generate a key transfer blob file by using the HSM vendor-provided tool.
Generate key transfer blob using HSM vendor provided BYOK tool

Step 4: Run the az keyvault key import command
Upload key transfer blob to import HSM-key.
Customer will transfer the Key Transfer Blob (".byok" file) to an online workstation and then run a az keyvault key import command to import this blob as a new HSM-backed key into Key Vault.

To import an RSA key use this command:
az keyvault key import


Reference:

https://docs.microsoft.com/en-us/azure/key-vault/keys/byok-specification



You develop and deploy an Azure Logic app that calls an Azure Function app. The Azure Function app includes an OpenAPI (Swagger) definition and uses an Azure Blob storage account. All resources are secured by using Azure Active Directory (Azure AD).

The Azure Logic app must securely access the Azure Blob storage account. Azure AD resources must remain if the Azure Logic app is deleted.

You need to secure the Azure Logic app.
What should you do?

  1. Create a user-assigned managed identity and assign role-based access controls.
  2. Create an Azure AD custom role and assign the role to the Azure Blob storage account.
  3. Create an Azure Key Vault and issue a client certificate.
  4. Create a system-assigned managed identity and issue a client certificate.
  5. Create an Azure AD custom role and assign role-based access controls.

Answer(s): A

Explanation:

To give a managed identity access to an Azure resource, you need to add a role to the target resource for that identity.

Note: To easily authenticate access to other resources that are protected by Azure Active Directory (Azure AD) without having to sign in and provide credentials or secrets, your logic app can use a managed identity (formerly known as Managed Service Identity or MSI). Azure manages this identity for you and helps secure your credentials because you don't have to provide or rotate secrets.

If you set up your logic app to use the system-assigned identity or a manually created, user-assigned identity, the function in your logic app can also use that same identity for authentication.


Reference:

https://docs.microsoft.com/en-us/azure/logic-apps/create-managed-service-identity
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates-for-clients



HOTSPOT (Drag & Drop is not supported)
You are developing an application that uses a premium block blob storage account. You are optimizing costs by automating Azure Blob Storage access tiers.

You apply the following policy rules to the storage account. You must determine the implications of applying the rules to the data. (Line numbers are included for reference only.)


For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Yes


Box 2: Yes


Box 3: Yes

Box 4: Yes



Page 30 of 79



Post your Comments and Discuss Microsoft AZ-204 exam with other Community members:

Vinod commented on December 28, 2024
very good questions
INDIA
upvote

n commented on December 25, 2024
Question are
Anonymous
upvote

Ni commented on December 25, 2024
useful questions
Anonymous
upvote

Robin commented on December 24, 2024
nice course
Anonymous
upvote

blaze commented on December 12, 2024
is the PDF worth it? Are these questions the same on the exam?
Anonymous
upvote

Gobenathan commented on October 16, 2024
This is a good exam done but the free version is not complete the PDF version has all the question. that is what I used to pass my exam.
INDIA
upvote

Girish commented on October 16, 2024
Question are nice
Anonymous
upvote

doctor kekana commented on September 18, 2024
hope to pass
Anonymous
upvote

Nuru commented on September 13, 2024
The document is help full .thanks
Anonymous
upvote

Skamza commented on September 05, 2024
challenging
Anonymous
upvote

Sugballs commented on August 06, 2024
The questions are still valid in this exam dumps. Got a 899 mark.
UNITED STATES
upvote

TigerLord commented on July 21, 2024
Great questions
Anonymous
upvote

Raj commented on July 14, 2024
Question are nice
Anonymous
upvote

Vesna commented on June 23, 2024
Nice questions
MACEDONIA THE FORMER YUGOSLAV REPUBLIC OF
upvote

Dr. Nug commented on June 23, 2024
Got 91% in my exam. This site ROCKS. I wish all questions were free... but still worth the $32 for the PDF full version.
UNITED KINGDOM
upvote

falmant commented on June 17, 2024
awesome content
Anonymous
upvote

YNR commented on June 10, 2024
Excellent material for Exam AZ-204
UNITED STATES
upvote

anunymous commented on April 11, 2024
useful .thanks
INDIA
upvote

Shashank commented on February 22, 2024
I passed exams using this dump
UNITED STATES
upvote

Abhishek Narayan commented on January 28, 2024
I am planning to give AZ 204 and need some questions to prepare
Anonymous
upvote

s_123 commented on August 12, 2023
do we need c# coding to be az204 certified
Anonymous
upvote

sachin commented on June 27, 2023
can you share the pdf
Anonymous
upvote

johnson commented on October 24, 2023
i studied for the microsoft azure az-204 exam through it has 100% real questions available for practice along with various mock tests. i scored 900/1000.
GERMANY
upvote

bot commented on July 26, 2023
more comments here
UNITED STATES
upvote

User123 commented on October 08, 2023
good question
UNITED STATES
upvote

VINNY commented on June 02, 2023
very good use full
Anonymous
upvote

Jose commented on August 30, 2023
nice questions
PORTUGAL
upvote

keylly commented on November 28, 2023
im study azure
Anonymous
upvote

Raj commented on May 25, 2023
nice questions
UNITED STATES
upvote

Meghali commented on January 17, 2024
Useful questions listed here, thanks
UNITED STATES
upvote

King J commented on January 09, 2024
These resources proved to be good
UNITED ARAB EMIRATES
upvote

Carlos commented on January 04, 2024
Good questions
Anonymous
upvote

keylly commented on November 28, 2023
i'm study azure
Anonymous
upvote

johnson commented on October 24, 2023
I studied for the Microsoft Azure AZ-204 exam through it has 100% real questions available for practice along with various mock tests. I scored 900/1000.
GERMANY
upvote