AZ-204 Free Practice Test

- (Exam Topic 8)
You develop an Azure web app. You monitor performance of the web app by using Application Insights. You need to ensure the cost for Application Insights does not exceed a preset budget. What should you do?

1. A. Implement ingestion sampling using the Azure portal.
2. B. Set a daily cap for the Application Insights instance.
3. C. Implement adaptive sampling using the Azure portal.
4. D. Implement adaptive sampling using the Application Insights SDK.
5. E. Implement ingestion sampling using the Application Insights SDK.

Correct Answer: D
Sampling is an effective way to reduce charges and stay within your monthly quota.
You can set sampling manually, either in the portal on the Usage and estimated costs page; or in the ASP.NET SDK in the .config file; or in the Java SDK in the ApplicationInsights.xml file, to also reduce the network traffic.
Adaptive sampling is the default for the ASP.NET SDK. Adaptive sampling automatically adjusts to the volume of telemetry that your app sends. It operates automatically in the SDK in your web app so that telemetry traffic on the network is reduced.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/app/sampling

- (Exam Topic 2)
You need to ensure that network security policies are met.
How should you configure network security? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Solution:
Box 1: Valid root certificate
Scenario: All websites and services must use SSL from a valid root certificate authority. Box 2: Azure Application Gateway
Scenario:
Any web service accessible over the Internet must be protected from cross site scripting attacks.
All Internal services must only be accessible from Internal Virtual Networks (VNets)
All parts of the system must support inbound and outbound traffic restrictions.
Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities. SQL injection and cross-site scripting are among the most common attacks.
Application Gateway supports autoscaling, SSL offloading, and end-to-end SSL, a web application firewall (WAF), cookie-based session affinity, URL path-based routing, multisite hosting, redirection, rewrite HTTP headers and other features.
Note: Both Nginx and Azure Application Gateway act as a reverse proxy with Layer 7 loadbalancing features plus a WAF to ensure strong protection against common web vulnerabilities and exploits.
You can modify Nginx web server configuration/SSL for X-XSS protection. This helps to prevent cross-site scripting exploits by forcing the injection of HTTP headers with X-XSS protection.
Reference:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview
https://www.upguard.com/articles/10-tips-for-securing-your-nginx-deployment

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 8)
You are developing applications for a company. You plan to host the applications on Azure App Services. The company has the following requirements:
Every five minutes verify that the websites are responsive.
Verify that the websites respond within a specified time threshold. Dependent requests such as images and JavaScript files must load properly.
Generate alerts if a website is experiencing issues.
If a website fails to load, the system must attempt to reload the site three more times. You need to implement this process with the least amount of effort.
What should you do?
D18912E1457D5D1DDCBD40AB3BF70D5D

1. A. Create a Selenium web test and configure it to run from your workstation as a scheduled task.
2. B. Set up a URL ping test to query the home page.
3. C. Create an Azure function to query the home page.
4. D. Create a multi-step web test to query the home page.
5. E. Create a Custom Track Availability Test to query the home page.

Correct Answer: D
You can monitor a recorded sequence of URLs and interactions with a website via multi-step web tests. Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/app/availability-multistep

- (Exam Topic 8)
You develop a solution that uses Azure Virtual Machines (VMs).
The VMs contain code that must access resources in an Azure resource group. You grant the VM access to the resource group in Resource Manager.
You need to obtain an access token that uses the VMs system-assigned managed identity. Which two actions should you perform? Each correct answer presents part of the solution.

1. A. Use PowerShell on a remote machine to make a request to the local managed identity for Azure resources endpoint.
2. B. Use PowerShell on the VM to make a request to the local managed identity for Azure resources endpoint.
3. C. From the code on the V
4. D. call Azure Resource Manager using an access token.
5. E. From the code on the V
6. F. call Azure Resource Manager using a SAS token.
7. G. From the code on the V
8. H. generate a user delegation SAS token.

Correct Answer: BC

- (Exam Topic 8)
You are building an application that stores sensitive customer data in Azure Blob storage. The data must be encrypted with a key that is unique for each customer.
If the encryption key has been corrupted it must not be used for encryption. You need to ensure that the blob is encrypted.
How should you complete the code segment? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Solution:
Graphical user interface, application Description automatically generated

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A