AZ-204 Developing Azure Solutions - Practice Test 1

The Start Copy Blob async operation is the most efficient way to copy a blob within the same storage account. It performs a server-side copy without transferring data through the client. Downloading and re-uploading (A) wastes bandwidth and time. AzCopy (C) works but is less efficient for same-account copies. Put Blob (D) has a 5 GB size limit for a single operation. See more: Azure Storage Accounts

The MaxDeliveryCount property on a Service Bus queue controls how many times a message is delivered before it is automatically moved to the dead-letter queue. Setting it to 3 ensures the message is retried 3 times. Function retry policy (A) applies to the function invocation itself, not message redelivery. A try-catch loop (B) would not cause the message to be redelivered. Application Insights (D) is for monitoring, not retry logic. See more: Application Messaging

Azure Container Instances (ACI) supports GPU resources and provides the simplest way to run containers in Azure without managing servers. AKS (B) provides orchestration but has more management overhead. App Service (C) does not support GPU. Virtual Machines (D) require the most management overhead. See more: Containers

The "roles" claim in a JWT token contains the application roles assigned to the caller. The "scp" claim (A) contains delegated permissions (scopes). The "aud" claim (B) identifies the intended audience (resource). The "iss" claim (C) identifies the token issuer. See more: Azure Authentication

Including a partition key filter in the WHERE clause allows the query engine to target specific partitions, minimizing the RU cost even in cross-partition scenarios. ORDER BY without a partition key filter (A) causes a fan-out query across all partitions. Change Feed (C) is for processing incremental changes, not general queries. Stored procedures (D) are scoped to a single partition. See more: CosmosDB

Azure Key Vault is the recommended service for storing secrets, keys, and certificates. Using managed identity eliminates the need for credentials in code, and Key Vault supports automatic secret rotation. App Service settings (A) do not support automatic rotation. Blob Storage (B) is not designed for secrets management. Environment variables (D) are not available in App Service PaaS. See more: Data Encryption

Returning an IActionResult with StatusCode(202) is the correct way to return a custom HTTP status code from an Azure Function. HttpResponseException (B) is for error responses. function.json (C) does not have a status property for output bindings. Returning a string (D) would result in a 200 OK with the string as the body. See more: Function App

Subject filtering with the prefix /blobServices/default/containers/uploads targets only events from the specific container. Event type filtering (B) filters by event type but not by container. Advanced filters on data.api (A) filter by operation type, not container. Creating a separate topic (D) is unnecessary and not supported for storage accounts. See more: Event-Based Solutions

TelemetryClient.TrackMetric() allows you to send custom metrics to Application Insights, such as business-specific KPIs. Availability tests (A) monitor endpoint uptime. Live Metrics Stream (C) shows real-time telemetry but does not create custom metrics. Application Map (D) shows application component dependencies. See more: Application Insights

The rate-limit-by-key policy restricts the call rate per specified key (e.g., subscription key) within a time window. quota-by-key (A) limits the total number of calls over a longer period (e.g., per week) rather than per minute. ip-filter (B) restricts access by IP address. validate-jwt (C) validates JSON Web Tokens. See more: Consuming Azure Services

Session consistency guarantees read-your-own-writes within the same session while allowing eventual consistency across sessions. This provides the best balance for the described scenario. Strong consistency (B) provides linearizability across all sessions but at higher latency and cost. Bounded Staleness (C) guarantees reads lag behind writes by a bounded amount. Eventual consistency (D) provides no read-after-write guarantees. See more: CosmosDB

ACR Tasks with the purge command (acr purge) allows you to automatically delete images based on age and tag count criteria. Webhooks (A) notify external services but do not delete images. Geo-replication (B) replicates images across regions. Content trust (D) provides image signing and verification. See more: Containers

A Service SAS with a stored access policy allows you to revoke the SAS at any time by modifying or deleting the stored access policy. An ad hoc SAS (A) cannot be revoked before its expiry. Account SAS (C) provides access at the account level and also cannot be revoked. User delegation SAS (D) uses Entra ID credentials but does not support stored access policies for revocation. See more: Azure Storage Accounts

The function is triggered by HTTP, reads from Blob (input binding), and writes to Cosmos DB (output binding). This matches option A. Option B is incorrect because the trigger is HTTP, not Blob. Option C reverses the input/output bindings. Option D uses the wrong trigger type. See more: Function App

Azure Blob Storage lifecycle management policies allow you to define rules that automatically transition blobs between access tiers and delete them based on age. This is a built-in feature that does not require custom code. Azure Policy (A) is for governance, not data lifecycle. Automation runbooks (B) and Logic Apps (C) could work but add unnecessary complexity. See more: Azure Storage Accounts

The Event Processor Host with checkpointing ensures ordered processing within a partition, and implementing idempotent processing logic handles duplicate deliveries to achieve effective exactly-once semantics. Multiple consumer groups (A) do not guarantee order. Increasing partitions (C) improves throughput but does not ensure exactly-once processing. Capture (D) archives events but does not process them. See more: Event-Based Solutions

App registrations in Microsoft Entra ID is where you register new applications. Enterprise applications (A) shows applications already registered or provisioned. Groups (B) manages user groups. Conditional access (D) configures access policies. See more: Azure Authentication

A system-assigned managed identity provides an automatically managed identity for the App Service that can be granted access to Key Vault through access policies or RBAC. No credentials need to be stored. Client secret (B) requires storing credentials. Certificate-based auth (C) requires managing certificates. Shared access key (D) is not a Key Vault authentication method. See more: Data Encryption

The fan-out/fan-in pattern executes multiple activity functions in parallel and then aggregates all their results. Function chaining (A) executes functions sequentially. Human interaction (B) waits for user input. Monitor pattern (C) polls for a condition at intervals. See more: Function App

The ETag (entity tag) with the If-Match header provides optimistic concurrency control in Cosmos DB. Each document has an ETag that changes on every update. By including the If-Match header with the current ETag, the update fails if the document has been modified. Partition key (A) is for data distribution. TTL (C) is for automatic expiration. Stored procedures (D) provide pessimistic concurrency with transactions within a single partition. See more: CosmosDB

Azure Files share volumes can be mounted by multiple containers in a container group, enabling shared file system access. Azure Disk (A) can only be mounted to a single container. Secret volume (B) stores sensitive data, not shared files. Git repo volume (D) clones a Git repository but is read-only. See more: Containers

The outbound section processes the response before it is sent to the client, making it the correct place for response transformations. Inbound (B) processes the request before it reaches the backend. Backend (C) modifies the request forwarded to the backend service. On-error (D) handles errors. See more: Consuming Azure Services

The Cosmos DB change feed delivers both creates and updates. There is no built-in filter for creates only. You need to add custom logic in the function to distinguish between new and updated documents, for example by checking a creation timestamp field. StartFromBeginning (A) controls whether to process from the beginning of the change feed. SQL queries (B) are not used with the change feed trigger. Pre-triggers (C) run before operations, not as event processors. See more: CosmosDB

Customer-managed keys (CMK) with Key Vault allow you to use your own encryption key stored in Azure Key Vault for data-at-rest encryption in Blob Storage. Client-side encryption (A) requires managing encryption in your application. Microsoft-managed keys (C) do not let you control the key. Azure Disk Encryption (D) is for VM disks, not Blob Storage. See more: Data Encryption

Operation_Id is the correlation identifier shared across all telemetry belonging to the same distributed operation. InstrumentationKey (A) identifies the Application Insights resource. SessionId (B) tracks a user session. Cloud_RoleName (D) identifies the service component in the application map. See more: Application Insights

Azure Functions uses a 6-field CRON expression: {second} {minute} {hour} {day} {month} {day-of-week}. "0 */5 * * * *" means at second 0 of every 5th minute. Option B uses a 5-field format (not valid in Azure Functions). Option C runs every 5 hours. Option D runs at minute 5 of every hour. See more: Function App

To use lifecycle management rules based on last access time, you must first enable last access time tracking on the storage account. Soft delete (A) is for recovery of deleted blobs. Versioning (B) maintains previous versions of blobs. Change feed (C) provides a log of changes to blobs. See more: Azure Storage Accounts

Service Bus sessions guarantee FIFO (first-in, first-out) message processing by grouping related messages together. Topics with subscriptions (A) are for pub/sub scenarios. Duplicate detection (C) avoids duplicates but does not guarantee order. A regular queue (D) provides at-most ordering but does not guarantee strict FIFO when multiple consumers are involved. See more: Application Messaging

acquireTokenSilent() attempts to get a token from the cache without user interaction. If it fails (e.g., token expired), the application should fall back to an interactive method like loginPopup() or loginRedirect(). loginPopup (A) and loginRedirect (B) require user interaction. acquireTokenByCode (D) is used on the server side for the authorization code flow. See more: Azure Authentication

Event Grid performs endpoint validation by sending a SubscriptionValidationEvent with a validationCode. The endpoint must return the validationCode in the response to confirm the subscription. This is a synchronous handshake validation. Options B, C, and D are not part of the Event Grid validation protocol. See more: Event-Based Solutions

Deployment slots allow you to deploy to a staging slot and then swap it with the production slot, achieving zero-downtime blue-green deployments. Always On (A) keeps the app running but is not related to deployments. WebJobs (C) are for background tasks. ASE (D) provides an isolated environment but is not specifically for blue-green deployments. See more: Containers

Using customerId as the partition key ensures that all orders for a customer are in the same partition, making the most frequent query (retrieve all orders for a customer) a single-partition query, which is efficient. orderId (A) would scatter orders across partitions. orderDate (B) would cause hot partitions. documentType (C) provides poor distribution. See more: CosmosDB

The Dedicated (App Service) plan has no maximum execution time limit, making it suitable for long-running functions. The Consumption plan (A) has a maximum timeout of 10 minutes. The Premium plan (B) allows up to 60 minutes but VNET integration is unrelated to timeouts. Durable Functions (D) can help with long workflows but still run on the Consumption plan with its limitations. See more: Function App

When a consumer reads a message from Azure Storage Queue, the message becomes invisible for the duration of the visibility timeout. If the consumer crashes and does not delete the message, it becomes visible again after the timeout expires, allowing another consumer to process it. Azure Storage Queues do not have a built-in dead-letter queue (C). See more: Application Messaging

PKCE (Proof Key for Code Exchange) uses code_verifier and code_challenge to prevent authorization code interception attacks. The client creates a code_verifier, sends a code_challenge (derived from it) with the authorization request, and then proves possession of the code_verifier when exchanging the code for tokens. It does not encrypt the code (A), identify users (C), or validate redirects (D). See more: Azure Authentication

A metric alert evaluates metric conditions at regular intervals and triggers when conditions are met. Server response time is a standard metric. Activity log alerts (A) monitor resource management operations. Smart detection (B) uses AI to detect anomalies automatically. Log search alerts (D) query log data, which is more complex than needed here. See more: Application Insights

The "az acr build" command offloads the Docker build process to Azure Container Registry, building the image in the cloud without requiring a local Docker installation. "az acr import" (B) imports existing images from other registries. "docker build" (C) requires local Docker. "az acr create" (D) creates a new registry instance. See more: Containers

Azure Key Vault integrates with Event Grid to publish events like SecretNearExpiry and SecretExpired. You can use these events to trigger an Azure Function that rotates the secret and notifies the application. Soft delete (A) protects against accidental deletion. Access policies (B) control who can access secrets. Backup and restore (C) is for disaster recovery. See more: Data Encryption

A Cosmos DB container requires a name and a partition key at creation time. The partition key cannot be changed after creation. Indexing policy (A) has a default and is optional. Consistency level (C) is set at the account level. Time-to-live (D) is optional. See more: CosmosDB

Exponential backoff combined with honoring the Retry-After header is the best strategy for handling 429 responses. It prevents overwhelming the API while respecting the server's rate limiting guidance. Fixed interval (A) may retry too aggressively. Immediate retry (B) will likely trigger more 429 errors. No retry (D) would cause unnecessary failures. See more: Consuming Azure Services

A legal hold policy prevents data from being deleted or modified until the hold is explicitly removed, regardless of time. It is designed for legal and regulatory compliance scenarios. Time-based retention (B) has a fixed expiration. Soft delete (C) allows recovery but does not prevent deletion. A read-only lock (D) prevents all modifications to the account, which is too broad. See more: Azure Storage Accounts

Since the application reads the signed-in user's own profile, it should use delegated permissions (acting on behalf of the user). User.Read is the least-privilege scope for reading the current user's profile. Application permissions (A, B) are for daemon apps without a signed-in user. User.ReadWrite.All (C) grants excessive write access. See more: Azure Authentication

Dead-lettering captures events that fail to be delivered to the endpoint after all retry attempts are exhausted. The undelivered events are stored in a blob storage container for later analysis. Subject filtering (A), batching (C), and data transformation (D) are handled by other Event Grid features. See more: Event-Based Solutions

Azure Storage Queue messages have a maximum size of 64 KB. For larger payloads, the common pattern is to store the data in blob storage and include the blob reference in the queue message. Service Bus queues support messages up to 256 KB (Standard) or 100 MB (Premium). See more: Application Messaging

Last Writer Wins (LWW) using the _ts (timestamp) property ensures the document with the highest timestamp wins in a conflict, which means the most recently written item always prevails. Custom conflict resolution (B) uses custom logic and is not needed for simple last-write-wins. Consistency levels (C, D) do not resolve write conflicts. See more: CosmosDB

The cache-lookup policy in the inbound section checks for a cached response (with vary-by-header to differentiate by Accept-Language), and cache-store in the outbound section saves the backend response to the cache. Option A reverses the placement. Option C uses incorrect policies. Option D is for caching individual values, not full responses. See more: Consuming Azure Services

The Azure Functions Cosmos DB output binding uses the Upsert operation by default. If a document with the same id and partition key exists, it is updated; otherwise, it is created. createIfNotExists (A) applies to collections/databases, not documents. Pre-triggers (B) and stored procedures (C) add unnecessary complexity. See more: Function App

The @Microsoft.KeyVault() reference syntax in App Service application settings automatically resolves Key Vault secrets at runtime without any code changes. The App Service must have a managed identity with access to the Key Vault. Other syntax options (A, B, D) are not valid Key Vault reference formats. See more: Data Encryption

Adaptive sampling automatically adjusts the sampling rate to maintain a target volume while keeping correlated telemetry items (e.g., request + dependencies + exceptions from the same operation) together. Fixed-rate sampling (B) samples at a constant rate. Ingestion sampling (C) occurs at the Application Insights service endpoint and may break correlations. Log sampling (D) is not a standard Application Insights sampling type. See more: Application Insights

A SQL filter allows you to write SQL-like expressions to match messages based on custom application properties. The expression "priority = 'high'" filters messages where the custom property "priority" equals "high". Boolean filter (A) either matches all or no messages. Correlation filter (C) matches on standard message properties, not custom ones. Property-based routing (D) does require explicit filter configuration. See more: Application Messaging