AZ-204 Developing Azure Solutions - Practice Test 4

In an ACI YAML file, each container definition has a resources section with requests for CPU and memoryInGB. This is specified per container, not at the top level (A), not under image (B), and not under volumes (D). See more: Containers

Cross-partition queries fan out to multiple physical partitions, each consuming RUs independently. The total RU charge is the sum across all partitions queried. Single-partition queries (A) are cheaper. Aggregations (C) consume RUs. Cross-partition queries are supported (D). See more: CosmosDB

Azure Functions uses a 6-field CRON format: {second} {minute} {hour} {day} {month} {day-of-week}. "0 0 3 * * *" means second 0, minute 0, hour 3, every day. Option B fires at minute 3 every hour. Option C fires at second 3. Option D fires every second at 3 AM. See more: Function App

For SPAs, set the error document path (404 page) to index.html. When Azure Storage cannot find /about, it serves index.html, and the SPA router handles the route client-side. Physical files (A) do not scale. Storage does not support rewrites (B). CORS (C) is for cross-origin requests. See more: Azure Storage Accounts

Calendars.Read with delegated permission allows the app to read the signed-in user's calendar events. Calendars.ReadWrite.All (A) is an application permission that grants access to all users' calendars. User.Read (B) provides basic profile info. Mail.Read (D) is for email. See more: Azure Authentication

Azure App Configuration with Key Vault references and a sentinel key enables dynamic refresh. When the sentinel key changes, the configuration provider reloads all values including Key Vault references. Frequent polling (A) is expensive and may hit rate limits. Scheduled restarts (C) causes downtime. Event Grid (D) works but requires more infrastructure. See more: Data Encryption

User Flows in Application Insights visualizes how users navigate between pages and events in your web application. It shows paths users take and where they drop off. Metrics Explorer (B) shows metric charts. Transaction Search (C) finds individual telemetry items. Failures (D) shows error information. See more: Application Insights

Auto-forwarding automatically forwards messages from one queue or subscription to another queue or topic. Dead-letter forwarding (A) handles failed messages. Message sessions (B) provide ordered processing. Duplicate detection (C) prevents duplicate messages. See more: Application Messaging

The connection property in Azure Functions bindings takes the name of an application setting (not the value itself). The runtime resolves the setting name to its value. Pasting the string directly (A) is insecure. Key Vault reference (B) is for app settings, not bindings. %% syntax (D) is used for some properties but not connection. See more: Function App

Cosmos DB SQL API JOIN is limited to intra-document joins - joining a document root with its nested arrays or sub-documents. There are no cross-collection or cross-document joins. You must denormalize data or perform joins in application code. See more: CosmosDB

Slot settings (also called deployment slot settings or sticky settings) are application settings or connection strings that stay with the slot during a swap. Mark a setting as a "deployment slot setting" in the Azure portal to make it sticky. See more: Containers

The Azure Storage SDK supports client-side encryption where data is encrypted before upload and decrypted after download. Keys can be stored in Key Vault. TDE (A) is for databases. Server-side CMK (B) encrypts at rest on the server. Infrastructure encryption (C) is server-side double encryption. See more: Azure Storage Accounts

Microsoft Graph mail change notification subscriptions have a maximum lifetime of 4230 minutes (about 2.94 days). You must renew the subscription before it expires. 30 minutes (A) and 1 hour (B) are too short. Subscriptions are not unlimited (D). See more: Consuming Azure Services

Checkpointing saves the offset or sequence number of the last successfully processed event. If the consumer restarts, it resumes from the checkpointed position instead of reprocessing all events. Events are not deleted by checkpointing (A). It does not compress data (C) or notify producers (D). See more: Event-Based Solutions

App Service Authentication (Easy Auth) provides built-in Microsoft Entra ID authentication for Azure Functions without code changes. It intercepts requests at the platform level. Function keys (B) are not identity-based. IP restrictions (C) limit by network. VNet integration (D) is for network connectivity. See more: Azure Authentication

Enabling "Allow trusted Microsoft services to bypass this firewall" allows Azure services like Azure DevOps to access Key Vault without being in the VNet. Adding IP ranges (A) is difficult as they change. Disabling the firewall (B) is insecure. A self-hosted agent (D) works but adds complexity. See more: Data Encryption

The Custom conflict resolution policy uses a registered stored procedure (UDF) to resolve conflicts programmatically. Last Writer Wins (A) uses a timestamp. Manual resolution (C) is not a built-in mode. Automatic merge (D) is not a Cosmos DB feature. See more: CosmosDB

Azure Container Apps supports traffic splitting between revisions by configuring traffic weights. You can assign weight percentages to active revisions for canary or blue/green deployments. Scaling (B) controls instance count. Docker builds (C) are for image creation. ACR webhooks (D) trigger on image push. See more: Containers

To set a response header, use set-header in the outbound section, which processes the response before returning it to the client. Inbound (A) processes incoming requests. Backend (B) processes before forwarding to the backend. On-error (C) handles error scenarios. See more: Consuming Azure Services

Dead-lettering in Event Grid is configured on the event subscription by specifying a storage account and container as the dead-letter destination. It is not on the topic (A). Service Bus dead-letter (B) is a different service. An Azure Function (D) adds unnecessary complexity. See more: Event-Based Solutions

Azure App Service provides CORS configuration in the portal (or via CLI/ARM) where you specify allowed origins. This is handled at the platform level before reaching application code. Code-only (A) works but platform CORS is preferred. DNS (C) and storage (D) are unrelated. See more: Consuming Azure Services

Azure Storage automatically encrypts all data at rest using 256-bit AES encryption with Microsoft-managed keys. This is enabled by default and cannot be disabled. You can optionally switch to customer-managed keys. 128-bit (B) is incorrect. No encryption (C) is wrong. RSA (D) is not used for data encryption. See more: Azure Storage Accounts

Eternal orchestrations use ContinueAsNew to reset the orchestration history periodically, preventing history table growth for long-running processes. Increasing timeout (A) does not address history growth. Consumption plan (B) has a 5-minute timeout. Splitting (C) loses orchestration benefits. See more: Function App

A service principal is the local representation (instance) of an application in a specific tenant. The app registration is the global definition, while the service principal enables the application in a particular tenant. Managed identity (B) is for Azure resources. Conditional access (D) controls access policies. See more: Azure Authentication

Application Insights uses the W3C Trace Context standard with the traceparent header for distributed tracing. This enables correlation across languages and platforms. X-Correlation-Id (A) is custom. X-Request-Id (C) is not the standard. Request-Id (D) was the legacy AI format, now replaced by W3C. See more: Application Insights

SqlRuleAction (SQL filter action) can modify message properties as messages pass through a topic subscription. You can set, remove, or modify application properties. Correlation filter (B) only matches messages. Dead-letter (C) handles failed messages. Auto-forwarding (D) routes messages. See more: Application Messaging

The change feed processor requires a separate Cosmos DB lease container to track processing state (leases) across multiple instances. It stores the continuation token and partition ownership. Not in the same container (A). Not Table Storage (B) or Blob Storage (C). See more: CosmosDB

The isolated worker model runs in a separate process, allowing you to use .NET versions independently of the Functions host runtime. It supports bindings (A is wrong), multiple languages (B is wrong), and both Windows and Linux (D is wrong). See more: Function App

Azure App Configuration provides centralized configuration management and feature flag management for cloud-native applications. Key Vault (A) is for secrets, not configuration. Cosmos DB (C) and Table Storage (D) could store config but are not purpose-built for it. See more: Data Encryption

Geo-replication creates replicas of your container registry in multiple Azure regions, enabling faster image pulls from the nearest location. This reduces deployment latency and provides resilience. It does not scan images (B), provide free storage (C), or auto-deploy containers (D). See more: Containers

customerId provides high cardinality and even data distribution. Order queries typically filter by customer. orderDate (A) creates hot partitions for recent dates. orderStatus (B) has low cardinality (only 3 values). country (D) creates uneven partitions based on geographic distribution. See more: CosmosDB

RA-GRS provides geo-redundancy (secondary region) WITH read access to the secondary endpoint. LRS (A) is local only. ZRS (C) is zone-redundant but single region. GRS (D) replicates to secondary but does not provide read access to it. See more: Azure Storage Accounts

The AuthenticationResult in MSAL.js contains an account property with the user's name (account.name). token.displayName (B) is not a standard property. user.profile.name (C) is not MSAL structure. claims.preferred_username (D) is a token claim but not the primary way to get the display name. See more: Azure Authentication

Application Insights auto-collects HTTP dependency calls when using standard HttpClient. If calls are not tracked, ensure the SDK is properly installed or manually use TrackDependency for custom dependencies. TrackRequest (A) is for incoming requests. Logging on the API (B) does not help the calling side. Sampling (C) may help but is not the root cause. See more: Application Insights

The Premium tier provides dedicated resources (no noisy neighbors), message sizes up to 100MB, and VNet integration. Dead-letter queues (A), topic subscriptions (B), and message sessions (D) are available in Standard tier as well. See more: Application Messaging

In Cosmos DB, an item-level TTL of -1 means the item never expires, regardless of the container-level TTL. Item-level TTL overrides container TTL. Null at item level means inherit container TTL. A positive number at item level sets a custom TTL. See more: CosmosDB

Custom Docker container images for Azure Functions are supported on the Premium plan and Dedicated (App Service) plan. The Consumption plan (B) does not support custom containers. Not all plans support it (C). Flex Consumption (D) has limited container support. See more: Function App

A private DNS zone (e.g., privatelink.blob.core.windows.net) resolves the storage account FQDN to the private endpoint IP address. Without it, the FQDN resolves to the public IP. DNS changes are required (A). You don't change the public FQDN (B). Public IP records (C) bypass the private endpoint. See more: Azure Storage Accounts

App roles assigned to users are included in the roles claim of the JWT access token. Your API validates the token and checks the roles claim for authorization. Graph API (A) adds latency. Email domain (B) is not role-based. Local database (D) bypasses the identity provider. See more: Azure Authentication

The set-body policy with a Liquid template in the outbound section provides flexible response transformation to JSON regardless of the source format. Setting the Accept header (A) only requests JSON but does not transform non-JSON responses. find-and-replace (C) is for simple text substitution. redirect-content-urls (D) modifies URLs. See more: Consuming Azure Services

System topics are created automatically when you create an event subscription against an Azure resource (e.g., Storage account, Resource Group). You do not need to create them manually (B). They differ from custom topics (C). They support all Event Grid endpoint types (D). See more: Event-Based Solutions

An ITelemetryInitializer can set context.Component.Version on every telemetry item. This enriches all telemetry with the application version without modifying individual tracking calls. web.config (A) is not the right approach. Custom headers (B) are for HTTP. TelemetryProcessor (C) is for filtering, not enrichment. See more: Application Insights

The Key Vault reference syntax for App Service is @Microsoft.KeyVault(SecretUri=https://vault-name.vault.azure.net/secrets/secret-name/). You can also use @Microsoft.KeyVault(VaultName=vault-name;SecretName=secret-name). Other syntaxes (A, B, D) are not valid. See more: Data Encryption

Deferred messages can only be retrieved by their sequence number using ReceiveDeferredMessageAsync. They do not return to the queue (A, D) and are not dead-lettered (C). You must track the sequence number to retrieve them later. See more: Application Messaging

GetBlobs or GetBlobsByHierarchy with a prefix parameter efficiently lists blobs matching a prefix. ListContainers (B) lists containers, not blobs. Individual GetBlobProperties (C) requires knowing blob names. Azure Search (D) is overkill for listing. See more: Azure Storage Accounts

The Cosmos DB input binding supports Id and PartitionKey properties. You can use binding expressions like {id} from route parameters or trigger data to dynamically specify which document to read. SQL query (A) is for multiple documents. Direct SDK (B) bypasses bindings. LINQ (D) is not in binding config. See more: Function App

The Send claim allows the application to send (publish) events only, without being able to receive them. Manage (A) provides full access. Listen (C) allows receiving. Owner (D) is not a standard Event Hub claim. See more: Event-Based Solutions

Azure Cache for Redis is a fully managed in-memory data store for caching frequently accessed data. CDN (B) caches static content at edge locations. Cosmos DB integrated cache (C) is built into the gateway but is more limited. Front Door (D) is a global load balancer with CDN capabilities. See more: Consuming Azure Services

Azure Key Vault with HSM (Hardware Security Module)-backed keys provides hardware-protected key management. Keys are generated and processed within the HSM and never leave it. Storage encryption (A) uses platform keys without direct management. AAD (B) manages identities. AIP (C) is for document protection. See more: Data Encryption

For .NET isolated worker model, you reference extension NuGet packages directly in your project file rather than using extension bundles. This gives you control over specific extension versions. Extension bundles (B, D) are used for non-.NET languages. Manual installation without the Worker.Extensions packages (A) uses the wrong package naming. See more: Function App