AZ-204 Developing Azure Solutions - Practice Test 2

Custom autoscale allows you to define rules based on metrics like CPU percentage. When CPU exceeds 70%, autoscale adds instances automatically. Scale up (A) changes the VM size, not instance count. Manual scaling (B) does not respond to load changes. Azure Front Door (D) is for global load balancing across regions. See more: Containers

Stored procedures in Cosmos DB execute within a transaction scope on a single partition, providing ACID guarantees for batch operations. UDFs (A) are used in queries and do not provide transactions. Triggers (C) run before or after operations but are not atomic by themselves. Change feed (D) is for processing changes, not transactional operations. See more: CosmosDB

A Blob trigger fires when a new or updated blob is detected in the specified container. Timer trigger (A) runs on a schedule. HTTP trigger (B) responds to HTTP requests. Queue trigger (C) processes queue messages. See more: Function App

Object replication requires blob versioning to be enabled on both the source and destination storage accounts. It also requires change feed on the source account. Cross-region replication is supported (B is wrong). Premium tier (C) is not required. Private Link (D) is not a prerequisite. See more: Azure Storage Accounts

The xml-to-json policy in the outbound section converts the backend XML response to JSON before returning it to the client. set-body (A) replaces the entire body. rewrite-uri (B) modifies the request URL. json-to-xml (D) converts in the wrong direction. See more: Consuming Azure Services

Azure Event Hubs supports up to 32 partitions in the Standard tier. The number of partitions determines the maximum number of concurrent consumers per consumer group. For the Dedicated tier, up to 2048 partitions are supported. See more: Event-Based Solutions

The /common endpoint supports both personal Microsoft accounts and organizational (work/school) accounts. /organizations (B) supports only work/school accounts. /consumers (C) supports only personal accounts. A specific tenant-id (D) limits to a single organization. See more: Azure Authentication

Always Encrypted ensures that sensitive data is never revealed in plaintext inside the database system. The encryption keys are managed by the client application, so even DBAs cannot read the data. TDE (A) encrypts data at rest but does not prevent admin access. Dynamic Data Masking (B) masks data in query results but can be bypassed by admins. Row-Level Security (C) controls row access, not column encryption. See more: Data Encryption

To push a Docker image to ACR: tag the image with the ACR login server name, authenticate with az acr login, then use docker push. Option A skips tagging and authentication. Option B uses import instead of push. Option D uses a non-existent "az acr push" command. See more: Containers

Since queries always use partition key and id (point reads), there is no need for additional indexes. Excluding all paths except the partition key minimizes indexing overhead and maximizes write throughput. Including all paths (A, C) wastes RUs on unnecessary indexes. Lazy indexing (C) is deprecated. Composite indexes (D) add overhead. See more: CosmosDB

The Premium plan (Elastic Premium) supports VNet integration, allowing the function to access resources in a virtual network. The Consumption plan (B, C) has limited VNet support. Azure Relay (D) is for hybrid connections, not full VNet integration. See more: Function App

A multi-tenant app registration allows users from any Entra ID tenant to sign in. You validate the tid (tenant ID) claim in the token to ensure tenant isolation. Single-tenant (A) only allows one organization. Separate registrations (B) are unmanageable at scale. Client credentials (C) is for daemon apps, not user-facing. See more: Azure Authentication

Standard tests (URL ping tests) in Application Insights send HTTP requests from multiple global test locations at specified intervals to check application availability and response. Custom TrackAvailability (A) is for programmatic tests. Performance tests (B) and load tests (D) measure performance under load, not availability. See more: Application Insights

Setting the default action to Deny blocks all traffic, then you add exceptions for the specific VNet subnet (virtual network rule) and on-premises IP range (IP address rule). Allow with deny rules (A) is not how storage firewall works. Private endpoints (C) alone is incomplete. Azure Policy (D) does not configure network rules. See more: Azure Storage Accounts

The Function authorization level requires a function-specific key to call the function. Anonymous (B) allows unrestricted access. Admin (C) requires the master host key. System (D) is not a valid authorization level for HTTP triggers. See more: Function App

ServiceBusRetryOptions with the Exponential mode configures exponential backoff retry behavior for the Service Bus client. PrefetchCount (A) controls message prefetching. MaxConcurrentCalls (B) limits parallel message processing. LockDuration (C) controls how long a message is locked for processing. See more: Application Messaging

ChangeFeedStartFrom.Time() allows you to specify an exact DateTime to start reading the change feed from. Null (A) reads from the latest. Querying _ts (C) bypasses the change feed. A saved token (D) resumes from where you left off, not from a specific time. See more: CosmosDB

ACI supports managed identities (both system-assigned and user-assigned) for the container group, providing credential-free access to Azure resources. Environment variables with credentials (B) stores secrets in the container. Key Vault volume (C) still requires access configuration. Docker secrets (D) are a Docker Swarm feature not available in ACI. See more: Containers

The Key Vault Secrets User role grants read access to secret contents. Key Vault Administrator (A) has full access. Key Vault Contributor (B) manages the vault resource but not its contents. Key Vault Secrets Officer (C) can manage secrets (read, write, delete), which is more than needed. See more: Data Encryption

The Event Grid schema requires id, eventType, subject, eventTime, and data as mandatory fields. dataVersion (A) is optional. Not all fields are individually sufficient (B, D). See more: Event-Based Solutions

Block blobs support uploading large files by breaking them into blocks that can be uploaded in parallel and then committed. Page blobs (A) are optimized for random read/write operations (VHDs). Append blobs (C) support only append operations. File share (D) is Azure Files, not Blob Storage. See more: Azure Storage Accounts

ITelemetryInitializer allows you to add or modify properties on all telemetry items before they are sent. ITelemetryProcessor (B) filters or modifies telemetry but is typically used for sampling or filtering. TrackEvent (C) sends a single custom event. TelemetryConfiguration (D) configures the SDK but does not add properties. See more: Application Insights

WaitForExternalEvent pauses the orchestration until an external event is raised. When combined with CreateTimer using Task.WhenAny, you can implement a timeout. CallActivityAsync (A) calls activity functions, not wait for events. Polling (B) wastes resources. ContinueAsNew (C) restarts the orchestration. See more: Function App

The validate-jwt policy validates JWT tokens, checking the issuer, audience, expiration, and other claims. check-header (A) merely checks for header presence. authentication-basic (B) configures basic auth. set-backend-service (D) configures backend routing. See more: Consuming Azure Services

Each Service Bus queue and topic subscription has a built-in dead-letter sub-queue accessible at the /$deadletterqueue path. Dead-lettered messages remain there until explicitly consumed. There is no separate topic (A). Messages are not deleted automatically (D). Log analytics (C) is for monitoring, not message retrieval. See more: Application Messaging

With multi-write regions and Session consistency, Cosmos DB prioritizes availability and partition tolerance (AP). During a network partition, each region continues to accept writes independently, and consistency is reconciled when the partition heals. Option B describes CP behavior (Strong consistency). Option C is impossible per CAP theorem. Option D is incorrect as guarantees still apply within regions. See more: CosmosDB

A user delegation SAS is signed using Microsoft Entra ID (formerly Azure AD) credentials. This is the most secure type of SAS as it does not rely on storage account keys. Storage account access key (A) is used for service SAS and account SAS. Stored access policy (B) is used with service SAS. Connection string (C) contains the access key. See more: Azure Storage Accounts

Named locations in conditional access policies define trusted IP ranges (corporate network). You configure MFA as required when the location condition excludes trusted locations. Device platforms (A) filter by OS. Client apps (B) filter by application type. User risk (D) is based on identity protection signals. See more: Azure Authentication

Azure Functions supports multiple output bindings for a single function. You can configure them in function.json or using binding attributes in code. Durable Functions (A) adds unnecessary complexity. Two functions on the same queue (C) would cause message contention. It is definitely possible (D). See more: Function App

Event Grid retries delivery for up to 24 hours with exponential backoff. Events that cannot be delivered within 24 hours are either dropped or dead-lettered (if configured). The endpoint must respond quickly (within 30 seconds) to acknowledge receipt, but Event Grid will keep retrying failed deliveries for 24 hours. See more: Event-Based Solutions

Anonymous access does not work with ADLS Gen2 (hierarchical namespace) as it requires authentication. AzCopy supports Microsoft Entra ID (A), SAS tokens (B), and storage account keys (D) for ADLS Gen2. See more: Azure Storage Accounts

Application Insights is an APM (Application Performance Monitoring) feature of Azure Monitor that provides live monitoring, request tracking, dependency tracking, and diagnostics for web applications. Azure Monitor Logs (A) provides log analytics but is not specifically APM. Azure Advisor (C) provides recommendations. Service Health (D) monitors Azure platform health. See more: Application Insights

With both soft delete and purge protection enabled, deleted secrets enter a soft-deleted state where they can be recovered but cannot be permanently purged until the retention period (7-90 days) expires. This provides protection against accidental and malicious deletion. The deletion is not blocked (C) but rather moves to a recoverable state. See more: Data Encryption

A container group in ACI is a collection of containers that share the same lifecycle, network, and storage resources (similar to a Kubernetes pod). This is ideal for sidecar patterns. Separate instances (B) do not share networks. Multiple images (C) is not a supported concept. Docker Compose (D) is not directly supported in ACI. See more: Containers

The client credentials flow is designed for server-to-server authentication without a signed-in user. The daemon app authenticates with its own identity using a client secret or certificate. Authorization code (A) requires a user. Implicit (B) is deprecated for most scenarios. Device code (D) requires user interaction. See more: Azure Authentication

Autoscale throughput automatically scales between 10% of the max (1,000 RU/s) and the max (10,000 RU/s) based on demand, minimizing cost during low-traffic periods. Fixed 10,000 RU/s (A) over-provisions during off-hours. Serverless (C) has per-request pricing that may be expensive at 10,000 RU/s. Manual adjustment (D) is error-prone and delayed. See more: CosmosDB

The mock-response policy returns a mocked response based on the API schema definition without forwarding the request to the backend. return-response (B) can also return custom responses but requires manual response construction. set-body (C) modifies an existing response body. forward-request (D) sends the request to the backend. See more: Consuming Azure Services

Event Hub Capture stores events in Apache Avro format, which is a compact binary format that supports schema evolution. JSON, CSV (A), and Parquet (B) are not capture output formats in Event Hub. See more: Event-Based Solutions

Application Settings are the recommended location for storing connection strings and secrets for Azure Functions. They are encrypted at rest and accessible as environment variables. Hard-coding (A) is a security risk. README (B) exposes secrets. function.json (D) should reference setting names, not actual connection strings. See more: Function App

ScheduleMessageAsync sends a message to the queue with a scheduled enqueue time specified as DateTimeOffset. The message becomes visible only at the specified time. TimeToLive (A) controls message expiration. A Timer trigger (C) adds unnecessary complexity. DeliveryCount (D) tracks delivery attempts. See more: Application Messaging

Point-in-time restore requires blob versioning, change feed, and blob soft delete to all be enabled. These features together allow the system to track and restore blob states. Geo-redundant storage (D) is not a prerequisite for point-in-time restore. See more: Azure Storage Accounts

In Application Insights KQL, requests duration is measured in milliseconds. The correct query filters by timestamp for the last 24 hours and duration greater than 5000ms. SQL syntax (A) is not KQL. Option B uses invalid filter syntax. Option C uses 5 instead of 5000 (seconds vs milliseconds). See more: Application Insights

Azure Key Vault supports automatic certificate renewal when integrated with a supported Certificate Authority (DigiCert or GlobalSign). You configure the lifetime action to auto-renew before expiry. Soft delete (A) is for recovery. Access policies (B) manage permissions. Key rotation (D) is for cryptographic keys, not certificates. See more: Data Encryption

Cosmos DB transactions (stored procedures, batches) are scoped to a single logical partition. For cross-partition consistency, you implement application-level patterns like the Saga pattern with compensating transactions. Stored procedures (A) cannot span partitions. Cross-partition queries (C) do not provide transactional guarantees. Multi-region writes (D) address geographic distribution. See more: CosmosDB

The "Always" restart policy restarts the container whenever it exits, regardless of the exit code. "OnFailure" (B) restarts only on non-zero exit codes. "Never" (C) does not restart. "Unless-stopped" (D) is a Docker concept not used in ACI. See more: Containers

URL path versioning places the version in the URL (e.g., /api/v1/products). Header versioning (A) uses a custom header. Query string versioning (B) uses a query parameter. Content-Type versioning (D) is not supported in APIM. See more: Consuming Azure Services

During a slot swap, Azure swaps the virtual IP addresses (routing rules) between slots, making the swap nearly instantaneous with no code copy. The staging slot becomes production and vice versa. Code is not copied (A). Slots are not restarted (C) or deleted (D). See more: Function App

Event Grid supports Azure subscriptions as event sources, which emit events for resource management operations (create, update, delete). Custom topics (B) are for application events. Monitor action groups (C) are for alerts. API polling (D) is not event-driven. See more: Event-Based Solutions

Enabling "Secure transfer required" ensures only HTTPS connections are accepted, and setting the minimum TLS version to 1.2 ensures modern encryption. TLS 1.0 (A) is outdated. Private endpoints (B) address network isolation, not protocol requirements. CORS (C) is for cross-origin browser requests. See more: Azure Storage Accounts

Cloud_RoleName identifies each service component in Application Insights. It appears in the Application Map and allows you to filter and group telemetry by service. InstrumentationKey (A) identifies the AI resource, not the service. Operation_Id (B) correlates operations across services. Session_Id (D) tracks user sessions. See more: Application Insights