Certification Provider: Microsoft
Exam Name: Microsoft Azure Architect Design
Exam Code: AZ-304
Official Exam Time: 150 mins
Number of questions in the Official Exam: 40-60 Q&As
Latest update time in our database: September 26,2023
AZ-304 Official Exam Topics:
  • Topic1 : recommend a logging solution for compliance requirements
  • Topic2 : Design Identity and Security (25-30%) / recommend a solution for single-sign on
  • Topic3 : recommend a solution for user self-service / recommend and implement a solution for B2B integration
  • Topic4 : Design governance / recommend a strategy for tagging
  • Topic5 : Design security for applications / recommend a solution that includes Key Vault
  • Topic6 : recommend a solution for integrating applications into Azure AD / Select an appropriate storage account
  • Topic7 : choose between storage tiers / recommend storage management tools
  • Topic8 : Design a solution for backup and recovery / recommend a solution for recovery in different regions
  • Topic9 : recommend a solution for application and workload redundancy, including compute, database, and storage / identify resources that require high availability
  • Topic10 : recommend a solution for compute provisioning / Design a network solution
  • Topic11 : recommend a network architecture (hub and spoke, Virtual WAN) / recommend a solution for network provisioning
  • Topic12 : recommend a solution for network security including private Link, firewalls, gateways, network segmentation (perimeter networks/DMZs/NVAs) / recommend a solution for automating network management
  • Topic13 : recommend an orchestration solution for deployment and maintenance of applications including ARM templates, Azure Automation, Azure Pipelines, Logic Apps, or Azure Functions /

What should you include in the recommendation?

You have a hybrid deployment of Azure Active Directory (Azure AD).

You need to recommend a solution to ensure that the Azure AD tenant can be managed only from the computers on your on-premises network.

What should you include in the recommendation?
A . Azure AD roles and administrators
B . Azure AD Privileged identity Management
C . A conditional access policy
D . Azure AD Application Proxy

Answer: C

Which two recommendations should you include in the solution?

You have an on-premises Hyper-V cluster. The cluster contains Hyper-V hosts that run Windows Server 2016 Datacenter. The hosts are licensed under a Microsoft Enterprise Agreement that has Software Assurance.

The Hyper-V cluster hosts 3 virtual machines that run Windows Server 2012 R2. Each virtual machine runs a different workload. The workloads have predictable consumption patterns.

You plan to replace the virtual machines with Azure virtual machines that run Windows

Server 2016. The virtual machines will be sized according to the consumption pattern of each workload.

You need to recommend a solution to minimize the compute costs of the Azure virtual machines.

Which two recommendations should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A . Purchase Azure Reserved Virtual Machine Instances for the Azure virtual machines
B . Create a virtual machine scale set that uses autoscaling
C . Configure a spending limit in the Azure account center
D . Create a lab in Azure DevTest Labs and place the Azure virtual machines in the lab
E . Activate Azure Hybrid Benefit for the Azure virtual machines

Answer: A,E

Explanation:

Reference:

https://azure.microsoft.com/en-us/pricing/reserved-vm-instances/

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/hybrid-use-benefit-licensing

You have the application architecture shown in the following exhibit

HOTSPOT

You have the application architecture shown in the following exhibit.

Use the drop-down menus to select choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

References:

https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods

https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring

What should you include in the recommendation?

HOTSPOT

Your company has 20 web APIs that were developed in-house.

The company is developing 10 web apps that will use the web APIs. The web apps and the APIs are registered in the company’s Azure Active Directory (Azure AD) tenant. The web APIs are published by using Azure API Management.

You need to recommend a solution to block unauthorized requests originating from the web apps from reaching the web APIs.

The solution must meet the following requirements:

✑ Use Azure AD-generated claims.

✑ Minimize configuration and management effort.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

What should you include in the solution?

HOTSPOT

You plan to create an Azure environment that will contain a root management group and 10 child management groups. Each child management group will contain five Azure subscriptions. You plan to have between 10 and 30 resource groups in each subscription.

You need to design an Azure governance solution.

The solution must meet the following requirements:

• Use Azure Blueprints to control governance across all the subscriptions and resource groups.

• Ensure that Blueprints-based configurations are consistent across all the subscriptions and resource groups.

• Minimize the number of blueprint definitions and assignments.

What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

What should you recommend?

DRAG DROP

A company has an existing web application that runs on virtual machines (VMs) in Azure.

You need to ensure that the application is protected from SQL injection attempts and uses a layer-7 load balancer. The solution must minimize disruption to the code for the existing web application.

What should you recommend? To answer, drag the appropriate values to the correct items. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Box 1: Azure Application Gateway

Azure Application Gateway provides an application delivery controller (ADC) as a service. It offers various layer 7 load-balancing capabilities for your applications.

Box 2: Web Application Firwewall (WAF)

Application Gateway web application firewall (WAF) protects web applications from common vulnerabilities and exploits.

This is done through rules that are defined based on the OWASP core rule sets 3.0 or 2.2.9.

There are rules that detects SQL injection attacks.

References:

https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-faq

https://docs.microsoft.com/en-us/azure/application-gateway/waf-overview

What should you include in the recommendation?

You need to recommend a backup solution for the data store of the payment processing.

What should you include in the recommendation?
A . Microsoft System Center Data Protection Manager (DPM)
B . long-term retention
C . a Recovery Services vault
D . Azure Backup Server

Answer: B

Explanation:

References: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-long-term-backup-retention-configure

What should you include in the recommendation?

HOTSPOT

Your company has 20 web APIs that were developed in-house.

The company is developing 10 web apps that will use the web APIs. The web apps and the APIs are registered in the company’s Azure Active Directory (Azure AD) tenant. The web APIs are published by using Azure API Management.

You need to recommend a solution to block unauthorized requests originating from the web apps from reaching the web APIs.

The solution must meet the following requirements:

✑ Use Azure AD-generated claims.

✑ Minimize configuration and management effort.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation: