AZ-304 Microsoft Azure Architect Design exam is a hot Microsoft certification exam, Exam4Training offers you the latest free online AZ-304 dumps to practice. You can get online training in the following questions, all these questions are verified by Microsoft experts. If this exam changed, we will share new update questions.
You have a hybrid deployment of Azure Active Directory (Azure AD).
You need to recommend a solution to ensure that the Azure AD tenant can be managed only from the computers on your on-premises network.
What should you include in the recommendation?
A . Azure AD roles and administrators
B . Azure AD Privileged identity Management
C . A conditional access policy
D . Azure AD Application Proxy
Answer: C
You have an on-premises Hyper-V cluster. The cluster contains Hyper-V hosts that run Windows Server 2016 Datacenter. The hosts are licensed under a Microsoft Enterprise Agreement that has Software Assurance.
The Hyper-V cluster hosts 3 virtual machines that run Windows Server 2012 R2. Each virtual machine runs a different workload. The workloads have predictable consumption patterns.
You plan to replace the virtual machines with Azure virtual machines that run Windows
Server 2016. The virtual machines will be sized according to the consumption pattern of each workload.
You need to recommend a solution to minimize the compute costs of the Azure virtual machines.
Which two recommendations should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A . Purchase Azure Reserved Virtual Machine Instances for the Azure virtual machines
B . Create a virtual machine scale set that uses autoscaling
C . Configure a spending limit in the Azure account center
D . Create a lab in Azure DevTest Labs and place the Azure virtual machines in the lab
E . Activate Azure Hybrid Benefit for the Azure virtual machines
Answer: A,E
Explanation:
Reference:
https://azure.microsoft.com/en-us/pricing/reserved-vm-instances/
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/hybrid-use-benefit-licensing
HOTSPOT
You have the application architecture shown in the following exhibit.
Use the drop-down menus to select choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Answer: 
Explanation:
References:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring
HOTSPOT
Your company has 20 web APIs that were developed in-house.
The company is developing 10 web apps that will use the web APIs. The web apps and the APIs are registered in the company’s Azure Active Directory (Azure AD) tenant. The web APIs are published by using Azure API Management.
You need to recommend a solution to block unauthorized requests originating from the web apps from reaching the web APIs.
The solution must meet the following requirements:
✑ Use Azure AD-generated claims.
✑ Minimize configuration and management effort.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer: 
Explanation:
HOTSPOT
You plan to create an Azure environment that will contain a root management group and 10 child management groups. Each child management group will contain five Azure subscriptions. You plan to have between 10 and 30 resource groups in each subscription.
You need to design an Azure governance solution.
The solution must meet the following requirements:
• Use Azure Blueprints to control governance across all the subscriptions and resource groups.
• Ensure that Blueprints-based configurations are consistent across all the subscriptions and resource groups.
• Minimize the number of blueprint definitions and assignments.
What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer: 
Explanation:
You need to recommend a solution for implementing the back-end tier of the payment processing system in Azure.
What should you include in the recommendation?
A . an Azure SQL Database managed instance
B . a SQL Server database on an Azure virtual machine
C . an Azure SQL Database single database
D . an Azure SQL Database elastic pool
Answer: C
DRAG DROP
A company has an existing web application that runs on virtual machines (VMs) in Azure.
You need to ensure that the application is protected from SQL injection attempts and uses a layer-7 load balancer. The solution must minimize disruption to the code for the existing web application.
What should you recommend? To answer, drag the appropriate values to the correct items. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Answer: 
Explanation:
Box 1: Azure Application Gateway
Azure Application Gateway provides an application delivery controller (ADC) as a service. It offers various layer 7 load-balancing capabilities for your applications.
Box 2: Web Application Firwewall (WAF)
Application Gateway web application firewall (WAF) protects web applications from common vulnerabilities and exploits.
This is done through rules that are defined based on the OWASP core rule sets 3.0 or 2.2.9.
There are rules that detects SQL injection attacks.
References:
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-faq
https://docs.microsoft.com/en-us/azure/application-gateway/waf-overview
You need to recommend a backup solution for the data store of the payment processing.
What should you include in the recommendation?
A . Microsoft System Center Data Protection Manager (DPM)
B . long-term retention
C . a Recovery Services vault
D . Azure Backup Server
Answer: B
Explanation:
References: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-long-term-backup-retention-configure
HOTSPOT
Your company has 20 web APIs that were developed in-house.
The company is developing 10 web apps that will use the web APIs. The web apps and the APIs are registered in the company’s Azure Active Directory (Azure AD) tenant. The web APIs are published by using Azure API Management.
You need to recommend a solution to block unauthorized requests originating from the web apps from reaching the web APIs.
The solution must meet the following requirements:
✑ Use Azure AD-generated claims.
✑ Minimize configuration and management effort.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
You need to recommend a high-availability solution for the middle tier of the payment processing system.
What should you include in the recommendation?
A . availability zones
B . an availability set
C . the Premium App Service plan
D . the Isolated App Server plan
Answer: A