Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-204

Free Microsoft AZ-204 Exam Questions

You are developing several Azure API Management (APIM) hosted APIs.
You must transform the APIs to hide private backend information and obscure the technology stack used to implement the backend processing.
You need to protect all APIs.
What should you do?

  1. Configure and apply a new inbound policy scoped to a product.
  2. Configure and apply a new outbound policy scoped to the operation.
  3. Configure and apply a new outbound policy scoped to global.
  4. Configure and apply a new backend policy scoped to global.

Answer(s): C



HOTSPOT (Drag and Drop is not supported)
You are developing an application that uses Azure Storage to store customer data. The data must only be decrypted by the customer and the customer must be provided a script to rotate keys.
You need to provide a script to rotate keys to the customer.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



You are developing a web application that uses the Microsoft identity platform to authenticate users and resources. The web application calls several REST APIs.
The APIs require an access token from the Microsoft identity platform.
You need to request a token.
Which three properties should you use? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  1. Redirect URI/URL
  2. Application ID
  3. Application name
  4. Application secret
  5. Supported account type

Answer(s): A,B,D



You are developing several microservices to deploy to a new Azure Kubernetes Service cluster. The microservices manage data stored in Azure Cosmos DB and Azure Blob storage. The data is secured by using customer-managed keys stored in Azure Key Vault.
You must automate key rotation for all Azure Key Vault keys and allow for manual key rotation. Keys must rotate every three months. Notifications of expiring keys must be sent before key expiry.
You need to configure key rotation and enable key expiry notifications.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  1. Create and configure a new Azure Event Grid instance.
  2. Configure Azure Key Vault alerts.
  3. Create and assign an Azure Key Vault access policy.
  4. Create and configure a key rotation policy during key creation.

Answer(s): A,D



HOTSPOT (Drag and Drop is not supported)
You are a developer building a web site using a web app. The web site stores configuration data in Azure App Configuration.
Access to Azure App Configuration has been configured to use the identity of the web app for authentication. Security requirements specify that no other authentication systems must be used.
You need to load configuration data from Azure App Configuration.
How should you complete the code? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



You are developing an application that uses keys stored in Azure Key Vault.
You need to enforce a specific cryptographic algorithm and key size for keys stored in the vault.
What should you use?

  1. Secret versioning
  2. Azure Policy
  3. Key Vault Firewall
  4. Access policies

Answer(s): B



DRAG DROP (Drag and Drop is not supported)
You are developing an Azure solution.
You need to develop code to access a secret stored in Azure Key Vault.
How should you complete the code segment? To answer, drag the appropriate code segments to the correct location. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



You are developing a Java application to be deployed in Azure. The application stores sensitive data in Azure Cosmos DB.
You need to configure Always Encrypted to encrypt the sensitive data inside the application.
What should you do first?

  1. Create a new container to include an encryption policy with the JSON properties to be encrypted.
  2. Create a customer-managed key (CMK) and store the key in a new Azure Key Vault instance.
  3. Create a data encryption key (DEK) by using the Azure Cosmos DB SDK and store the key in Azure Cosmos DB.
  4. Create an Azure AD managed identity and assign the identity to a new Azure Key Vault instance.

Answer(s): B



Viewing page 10 of 59



Post your Comments and Discuss Microsoft AZ-204 exam prep with other Community members:

AZ-204 Exam Discussions & Posts