Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-204

Free Microsoft AZ-204 Exam Questions (page: 11)

Page 11 of 59
PDF with 476 Questions

You develop and deploy an Azure App Service web app named App1. You create a new Azure Key Vault named Vault1. You import several API keys, passwords, certificates, and cryptographic keys into Vault1.
You need to grant App1 access to Vault1 and automatically rotate credentials. Credentials must not be stored in code.
What should you do?

  1. Enable App Service authentication for Appl. Assign a custom RBAC role to Vault1.
  2. Add a TLS/SSL binding to App1.
  3. Upload a self-signed client certificate to Vault1. Update App1 to use the client certificate.
  4. Assign a managed identity to App1.

Answer(s): D



HOTSPOT (Drag and Drop is not supported)
You develop and deploy the following staticwebapp.config.json file to the app_location value specified in the workflow file of an Azure Static Web app:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



HOTSPOT (Drag and Drop is not supported)
You develop and deploy a web app to Azure App service. The web app allows users to authenticate by using social identity providers through the Azure B2C service. All user profile information is stored in Azure B2C.
You must update the web app to display common user properties from Azure B2C to include the following information:
• Email address
• Job title
• First name
• Last name
• Office location
You need to implement the user properties in the web app.
Which code library and API should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



You are developing a web application that uses the Microsoft identity platform for user and resource authentication. The web application calls several REST APIs.
A REST API call must read the user’s calendar. The web application requires permission to send an email as the user.
You need to authorize the web application and the API.
Which parameter should you use?

  1. tenant
  2. code_challenge
  3. state
  4. client_id
  5. scope

Answer(s): E



HOTSPOT (Drag and Drop is not supported)
You are developing a content management application for technical manuals. The application is deployed as an Azure Static Web app.
Authenticated users can view pages under/manuals but only contributors can access the page /manuals/new.html.
You need to configure the routing for the web app.
How should you complete the configuration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



HOTSPOT (Drag and Drop is not supported)
You are developing a web application that uses the Microsoft Identity platform for user and resource authentication. The web application called several REST APIs.
You are implementing various authentication and authorization flows for the web application.
You need to validate the claims in the authentication token.
Which token type should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:



HOTSPOT (Drag and Drop is not supported)
You are building an application that stores sensitive customer data in Azure Blob storage. The data must be encrypted with a key that is unique for each customer.
If the encryption key has been corrupted it must not be used for encryption.
You need to ensure that the blob is encrypted.
How should you complete the code segment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Box 1: CustomerProvidedKey(key)
The data must be encrypted with a key that is unique for each customer.
Sample code:
async static Task UploadBlobWithClientKey(Uri blobUri,
Stream data,
byte[] key,
string keySha256)
{
// Create a new customer-provided key.
// Key must be AES-256.
var cpk = new CustomerProvidedKey(key);
Box 2: Encryption
CustomerProvidedKey.EncryptionKey Property
Sample code continued:
// Check the key's encryption hash.
if (cpk.EncryptionKeyHash != keySha256)
{
throw new InvalidOperationException("The encryption key is corrupted.");
}
Box 3: CustomerProvidedKey
Sample code continued;
// Specify the customer-provided key on the options for the client.
BlobClientOptions options = new BlobClientOptions()
{
CustomerProvidedKey = cpk
};
// Create the client object with options specified.
BlobClient blobClient = new BlobClient(
blobUri,
new DefaultAzureCredential(),
options);
Incorrect:
* Version - Gets the BlobClientOptions.ServiceVersion of the service API used when making requests.
Transport - The HttpPipelineTransport to be used for this client.


Reference:

https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-customer-provided-key



HOTSPOT (Drag and Drop is not supported)
You are a developer building a web site using a web app. The web site stores configuration data in Azure App Configuration.
Access to Azure App Configuration has been configured to use the identity of the web app for authentication. Security requirements specify that no other authentication systems must be used.
You need to load configuration data from Azure App Configuration.
How should you complete the code? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:


Box 1: AddAzureAppConfiguration
Load data from App Configuration, code example:
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
webBuilder.ConfigureAppConfiguration((hostingContext, config) =>
{
var settings = config.Build();
config.AddAzureAppConfiguration(options =>
{
Etc.
Box 2: ManagedIdentityCredential
Use managed identities to access App Configuration
If you want to use a user-assigned managed identity, be sure to specify the clientId when creating the ManagedIdentityCredential. config.AddAzureAppConfiguration(options =>
{
options.Connect(new Uri(settings["AppConfig:Endpoint"]), new ManagedIdentityCredential("<your_clientId>"))
});
Full code sample:
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
webBuilder.ConfigureAppConfiguration((hostingContext, config) =>
{
var settings = config.Build();
config.AddAzureAppConfiguration(options =>
options.Connect(new Uri(settings["AppConfig:Endpoint"]), new ManagedIdentityCredential()));
})
.UseStartup<Startup>());


Reference:

https://docs.microsoft.com/en-us/azure/azure-app-configuration/howto-integrate-azure-managed-service-identity?tabs=core5x&pivots=framework- dotnet



Viewing page 11 of 59



Post your Comments and Discuss Microsoft AZ-204 exam prep with other Community members:

AZ-204 Exam Discussions & Posts