AZ-204 Developing Azure Solutions - Practice Test 3

Azure Container Apps supports HTTP scaling rules that scale based on the number of concurrent HTTP requests. Set minReplicas to 0 for scale-to-zero and maxReplicas to 10. KEDA cron (A) is time-based. Azure Monitor autoscale (C) is for App Service. Manual scaling (D) does not auto-scale. See more: Containers

The If-Match header with the document's ETag value implements optimistic concurrency. If the document has been modified since the ETag was retrieved, the update fails with a 412 Precondition Failed. x-ms-consistency-level (A) sets consistency. x-ms-documentdb-partitionkey (B) specifies the partition. x-ms-session-token (C) is for session consistency. See more: CosmosDB

The QueueTrigger attribute connects an Azure Function to an Azure Storage Queue. It requires the queue name and a reference to the connection setting in app settings. BlobTrigger (B) is for blob storage. EventHubTrigger (C) is for Event Hub. ServiceBusTrigger (D) is for Service Bus queues, not Storage queues. See more: Function App

Lifecycle management rules are defined in JSON format at the storage account level. They define conditions (days since creation/modification) and actions (move to cool/archive/delete). Container access policies (A) manage SAS. Azure Policy (B) enforces compliance, not storage tiering. Automation runbooks (D) require custom scripting. See more: Azure Storage Accounts

The recommended MSAL pattern is to first call acquireTokenSilent(), which attempts to get a token from the cache or refresh it. If this fails (InteractionRequiredAuthError), fall back to an interactive method like acquireTokenPopup() or acquireTokenRedirect(). loginPopup (A) initiates a new login. acquireTokenRedirect (C) redirects the user. getTokenByCode (D) is server-side. See more: Azure Authentication

The correct Key Vault secret URI format includes the vault name, followed by /secrets/{secret-name}/{version}. The version is part of the path, not a query parameter (B). The path structure in C is incorrect. The domain is vault.azure.net, not keyvault.azure.net (D). See more: Data Encryption

Adaptive sampling automatically adjusts the sampling rate based on telemetry volume while preserving related items together and maintaining statistical accuracy. Fixed-rate (A) uses a constant percentage. Ingestion sampling (B) discards data at the server side. No sampling (C) does not reduce volume. See more: Application Insights

A SQL filter allows you to define conditions based on custom message properties using SQL-like syntax. "region = 'us-east'" routes only messages with that property value. Boolean filter (A) accepts all or no messages. Correlation filter on MessageId (B) matches system properties. Without filters (D), all messages go to all subscriptions by default (true filter). See more: Application Messaging

Azure Container Apps provides a serverless container hosting platform with automatic scaling, built-in HTTP ingress, and no infrastructure management. VMs (A) require management. AKS (C) requires cluster management. Azure Batch (D) is for large-scale parallel computing jobs. See more: Containers

Session consistency guarantees read-your-own-writes within a single client session. It is the most commonly used and default consistency level. Strong (B) provides linearizability across all regions but is more costly. Bounded Staleness (C) and Consistent Prefix (D) do not guarantee immediate read-your-writes. See more: CosmosDB

Custom domains with SSL require at least the Basic (B1) tier. Free managed certificates are available starting from B1. Free (A) and Shared (B) tiers do not support custom SSL bindings. Standard (D) works but is not the minimum. See more: Containers

The Retry pattern with exponential backoff and jitter (randomization) is the recommended approach for transient failures. Exponential backoff increases wait time between retries, and jitter prevents thundering herd. Circuit Breaker (A) prevents repeated calls to a failing service but does not retry. Bulkhead (C) isolates failures. Compensating Transaction (D) handles rollbacks. See more: Consuming Azure Services

When Event Grid sends a SubscriptionValidationEvent, the webhook must return HTTP 200 with the validationCode echoed in the response body as validationResponse. An empty body (A) does not complete validation. HTTP 401 (B) rejects the request. A separate POST (C) is the manual validation method for endpoints you do not control. See more: Event-Based Solutions

Setting "Require authentication" in Easy Auth blocks all unauthenticated requests and redirects users to the configured identity provider. "Allow unauthenticated" (B) lets requests through without authentication. Options C and D do not enforce authentication on all pages. See more: Azure Authentication

Azure Cosmos DB is a globally distributed, multi-model NoSQL database with guaranteed single-digit millisecond latency and automatic multi-region replication. Azure SQL (A) and PostgreSQL (D) are relational. Table Storage (B) does not provide global distribution or SLA-backed latency. See more: CosmosDB

A time-based retention policy ensures blobs cannot be modified or deleted for a specified retention period. Legal hold (A) prevents changes until explicitly cleared (no time bound). Soft delete (C) allows recovery after deletion but does not prevent deletion. Lifecycle management (D) moves or deletes blobs automatically. See more: Azure Storage Accounts

The fan-out/fan-in pattern creates multiple Task objects by calling CallActivityAsync without awaiting each one, collects them in a list, and then uses Task.WhenAll to wait for all tasks to complete. Sequential awaiting (B) is not parallel. Sub-orchestrators (C) add overhead. ContinueAsNew (D) restarts the orchestration. See more: Function App

The "Expose an API" blade on the API's app registration is where you define scopes (permissions) that client applications can request. API permissions (A) is where clients request permissions. Authentication (B) configures redirect URIs. Token configuration (C) configures optional claims. See more: Azure Authentication

Application Map with distributed tracing shows the topology of your application and correlates requests across components using operation correlation (W3C trace context). Metrics Explorer (A) shows metric charts. Live Metrics (B) shows real-time telemetry. Workbooks (D) create interactive reports. See more: Application Insights

ServiceBusMessageBatch with SendMessagesAsync sends a batch of messages atomically - they all succeed or all fail. Message sessions (A) provide ordered processing by session. Duplicate detection (C) prevents duplicate message processing. Auto-forwarding (D) chains queues. See more: Application Messaging

ACR Tasks supports automatic builds triggered by source code commits (Git commit triggers). Quick tasks run on-demand builds from Git context. Scheduled tasks (B) run on a schedule, not on code changes. az acr build (C) is manual. Timer triggers (D) are time-based. See more: Containers

Strong consistency provides linearizability - reads are guaranteed to return the most recent committed version. The hierarchy from strongest to weakest is: Strong > Bounded Staleness > Session > Consistent Prefix > Eventual. See more: CosmosDB

With RA-GRS, the secondary endpoint (with -secondary suffix) is always available for reads. During a primary outage, your application must be designed to redirect reads to the secondary endpoint. There is no automatic redirect (B). Azure does not auto-failover (D) - you must initiate it. Read operations to the primary will fail but secondary reads succeed (A is partially wrong). See more: Azure Storage Accounts

maxEventBatchSize controls the maximum number of events per batch delivered to the function. prefetchCount (C) controls how many events are prefetched from the Event Hub. The correct property name is maxEventBatchSize (not maxBatchSize in D). See more: Event-Based Solutions

Storing Key Vault access keys in app settings is NOT required and defeats the purpose of managed identity. The whole point of managed identity is to avoid managing credentials. You enable the identity (B), grant it access (C), and use DefaultAzureCredential in code (D). See more: Data Encryption

rate-limit-by-key restricts call rate by a specified key (subscription, IP, etc.) within a time window. quota-by-key (A) limits total volume over a longer period. ip-filter (B) restricts access by IP. cors (D) handles cross-origin requests. See more: Consuming Azure Services

Azure Container Instances with OnFailure restart policy runs the container once and stops (only restarting if it fails). You pay only for the resources consumed during execution. AKS (A) requires cluster management. App Service (C) runs continuously. Container Apps (D) adds overhead for a one-time job. See more: Containers

The Cosmos DB trigger uses the change feed processor and provides guaranteed ordering of changes within a partition key. HTTP trigger (A) is request-based. Timer trigger (B) adds complexity. Queue trigger (C) is for message processing. See more: Function App

For web servers (especially with multiple instances), a distributed token cache (Redis or SQL) is recommended to share tokens across server instances and survive restarts. In-memory cache (B) is lost on restart and not shared. Browser storage (C) is client-side and insecure for tokens. File-based cache (D) is not shared across instances. See more: Azure Authentication

A metric alert with static threshold evaluates a metric (response time) against a fixed value (2 seconds) over a time window (5 minutes). Activity log alerts (A) monitor management operations. Smart detection (B) uses ML to detect anomalies. Log search alerts (D) run log queries. See more: Application Insights

RequiresSession must be set to true when creating the queue to enable session support. This ensures messages with the same SessionId are processed in FIFO order by a single consumer. Partitioning (A) splits the queue across brokers. Dead lettering (C) handles failed messages. MaxDeliveryCount (D) limits retries. See more: Application Messaging

The Azure Blob Storage change feed captures create (BlobCreated), update, and soft-delete (BlobDeleted) events. It provides an ordered, guaranteed, and durable log of changes. It does not capture read events (C) or metadata-only changes (D). See more: Azure Storage Accounts

The Cosmos DB Built-in Data Reader role provides read-only access to data (documents, collections) within Cosmos DB. Account Reader (A) provides read access to account metadata, not data. Contributor (B) provides full management access. Operator (C) manages the account but cannot access data. See more: CosmosDB

The Premium plan provides pre-warmed instances that eliminate cold start by keeping instances ready. The Consumption plan deallocates instances after idle periods. Timeout (A) does not affect startup time. Output bindings (B) are unrelated. Synchronous I/O (D) does not help with cold starts. See more: Function App

A stored access policy allows you to revoke a SAS token by modifying or deleting the policy. Without a stored access policy, an ad hoc SAS cannot be revoked (you would need to regenerate the storage key). It does not shorten the token (A), enable multi-region (C), or auto-renew (D). See more: Azure Storage Accounts

A single system-assigned managed identity can be granted RBAC roles on multiple Azure resources. You grant the identity appropriate roles on both Key Vault and Cosmos DB. Separate identities (B) are not required. There is no single-service limit (C) or subscription limit (D). See more: Azure Authentication

APIM caching requires cache-lookup in the inbound section (to check the cache before forwarding) and cache-store in the outbound section (to cache the response). Duration is in seconds (1800 = 30 minutes). Placing them in wrong sections (A, B) does not work correctly. Cache-Control header (C) controls client caching, not APIM caching. See more: Consuming Azure Services

Azure Event Grid has built-in integration with Azure Storage and publishes events for blob creation, deletion, and other operations. Service Bus (A) is for messaging. Queue Storage (B) requires manual integration. Notification Hubs (D) is for push notifications. See more: Event-Based Solutions

Configure a service endpoint for Microsoft.KeyVault on the subnet, set the Key Vault firewall default action to Deny, and add the subnet as an allowed virtual network. Public access (A) allows all traffic. Private DNS (C) alone does not restrict access. Managed identity (D) handles authentication, not network access. See more: Data Encryption

TrackEvent sends a custom event with optional custom properties and metrics. It is designed for tracking specific business events. TrackMetric (B) sends a single metric value. TrackTrace (C) sends diagnostic log messages. TrackRequest (D) tracks incoming requests. See more: Application Insights

Hierarchical partition keys (sub-partitioning) allows up to 3 levels of partition key paths. You define them as an array like ["/tenantId", "/date"]. Concatenation (A) creates large partitions. Separate containers (B) complicate queries. Composite indexes (D) optimize queries but do not partition data. See more: CosmosDB

When a Service Bus triggered function throws an exception, the message is abandoned (not completed). It returns to the queue and is available for retry. After exceeding MaxDeliveryCount, it moves to the dead-letter queue. The message is not deleted (A), not immediately retried (C), and not sent to a separate error queue (D). See more: Application Messaging

Archive tier blobs are offline and must be rehydrated to Hot or Cool tier before reading. Rehydration can take hours (standard priority) or minutes (high priority). They cannot be read directly (B). Archive tier is for block blobs only (C is wrong). There are early deletion fees (D). See more: Azure Storage Accounts

The authentication-certificate policy sends a client certificate to the backend service for mutual TLS authentication. validate-jwt (A) validates incoming JWT tokens. authentication-basic (B) sends basic auth credentials. set-header (C) adds a header but does not handle certificate negotiation. See more: Consuming Azure Services

Each consumer group provides an independent view of the event stream. Three processing pipelines that each need all events require three consumer groups. One group with 3 consumers (A) would split partitions among consumers. Consumer groups are per hub, not per partition (B). Consumer groups are a fundamental concept (D). See more: Event-Based Solutions

Key Vault supports versioning. Creating a new version of the secret maintains the same secret name while storing the updated value. Applications referencing the secret without a version automatically get the latest. Deleting (A) causes downtime. In-place modification (C) is not how Key Vault works. New names (D) require configuration changes. See more: Data Encryption

The Dapr service invocation building block enables service-to-service communication with service discovery, mTLS, and retries. State management (B) manages key-value state. Pub/sub (C) is for event-driven messaging. Bindings (D) integrate with external systems. See more: Containers

DefaultAzureCredential from the Azure Identity library automatically discovers the best available authentication method (managed identity, environment variables, Visual Studio, CLI) for Microsoft Entra ID authentication. StorageSharedKeyCredential (A) uses account keys. AzureSasCredential (B) uses SAS tokens. ConnectionString (C) typically uses keys. See more: Azure Authentication

EnableDeadLetteringOnFilterEvaluationExceptions on a subscription dead-letters messages that cause filter evaluation failures. For messages matching no subscription, Azure Service Bus discards them by default. To capture unmatched messages, you need a catch-all subscription. However, this property specifically handles filter evaluation exceptions. Note: messages with no matching subscription are dropped unless you have a $Default subscription. See more: Application Messaging

True exactly-once processing requires PeekLock mode (at-least-once delivery) combined with idempotent processing (so reprocessed messages produce the same result) and deduplication logic. PeekLock alone (A) guarantees at-least-once, not exactly-once. ReceiveAndDelete (C) can lose messages. Duplicate detection (D) prevents duplicate sends but not duplicate processing. See more: Application Messaging