AZ-204

HOTSPOT - You are developing an application to collect the following telemetry data for delivery drivers: first name, last name, package count, item id, and current location coordinates. The app will store the data in Azure Cosmos DB. You need to configure Azure Cosmos DB to query the data. Which values should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Azure Cosmos DB API. Azure Cosmos DB partition key.

You are implementing an Azure solution that uses Azure Cosmos DB and the latest Azure Cosmos DB SDK. You add a change feed processor to a new container instance. You attempt to read a batch of 100 documents. The process fails when reading one of the documents. The solution must monitor the progress of the change feed processor instance on the new container as the change feed is read. You must prevent the change feed processor from retrying the entire batch when one document cannot be read. You need to implement the change feed processor to read the documents. Which features should you use? To answer, drag the appropriate features to the cored requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each cored selection is worth one point. Select and Place: Monitor the progress of the change feed processor. Prevent the change feed processor from retrying the entire batch when one document cannot be read.

HOTSPOT - You are developing an application that uses a premium block blob storage account. The application will process a large volume of transactions daily. You enable Blob storage versioning. You are optimizing costs by automating Azure Blob Storage access tiers. You apply the following policy rules to the storage account. (Line numbers are included for reference only.) For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Block blobs prefixed with transactions will transition blobs that have not been modified in over 60 days to cool storage, and delete blobs not modified in 365 days. Blobs are moved to cool storage if they have not been accessed for 60 days. The policy rule tiers previous versions within a container named transactions that are 60 days or older to the cool tier and deletes previous versions that are 365 days or older. Blobs will automatically be tiered from cool back to hot if accessed again after being tiered to cool.

An organization deploys Azure Cosmos DB. You need to ensure that the index is updated as items are created, updated, or deleted. What should you do?. Set the indexing mode to Lazy. Set the value of the automatic property of the indexing policy to False. Set the value of the EnableScanInQuery option to True. Set the indexing mode to Consistent.

You are developing a .Net web application that stores data in Azure Cosmos DB. The application must use the Core API and allow millions of reads and writes. The Azure Cosmos DB account has been created with multiple write regions enabled. The application has been deployed to the East US2 and Central US regions. You need to update the application to support multi-region writes. What are two possible ways to achieve this goal? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. Update the ConnectionPolicy class for the Cosmos client and populate the PreferredLocations property based on the geo-proximity of the application. Update Azure Cosmos DB to use the Strong consistency level. Add indexed properties to the container to indicate region. Update the ConnectionPolicy class for the Cosmos client and set the UseMultipleWriteLocations property to true. Create and deploy a custom conflict resolution policy. Update Azure Cosmos DB to use the Session consistency level. Send the SessionToken property value from the FeedResponse object of the write action to the end-user by using a cookie.

You are developing a solution to store documents in Azure Blob storage. Customers upload documents to multiple containers. Documents consist of PDF, CSV, Microsoft Office format and plain text files. The solution must process millions of documents across hundreds of containers. The solution must meet the following requirements: ✑ Documents must be categorized by a customer identifier as they are uploaded to the storage account. ✑ Allow filtering by the customer identifier. ✑ Allow searching of information contained within a document ✑ Minimize costs. You create and configure a standard general-purpose v2 storage account to support the solution. You need to implement the solution. What should you implement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Search and filter by customer identifier. Search information inside documents.

HOTSPOT - You are developing a web application by using the Azure SDK. The web application accesses data in a zone-redundant BlockBlobStorage storage account. The application must determine whether the data has changed since the application last read the data. Update operations must use the latest data changes when writing data to the storage account. You need to implement the update operations. Which values should you use? To answer, select the appropriate option in the answer area. NOTE: Each correct selection is worth one point. Hot Area: HTTP Header value. Conditional header.

HOTSPOT - An organization deploys a blob storage account. Users take multiple snapshots of the blob storage account over time. You need to delete all snapshots of the blob storage account. You must not delete the blob storage account itself. How should you complete the code segment? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: DeleteIfExists. DeleteSnapshotsOption. WithSnapshot. WithSnapshotCore. IncludeSnapshots. None. OnlySnapshots.

HOTSPOT - An organization deploys a blob storage account. Users take multiple snapshots of the blob storage account over time. You need to delete all snapshots of the blob storage account. You must not delete the blob storage account itself. How should you complete the code segment? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: delete_conteiner. delete_snapshots. snapshot_blob. snapshots_present. False. Include. Only.

You are developing a Java application that uses Cassandra to store key and value data. You plan to use a new Azure Cosmos DB resource and the Cassandra API in the application. You create an Azure Active Directory (Azure AD) group named Cosmos DB Creators to enable provisioning of Azure Cosmos accounts, databases, and containers. The Azure AD group must not be able to access the keys that are required to access the data. You need to restrict access to the Azure AD group. Which role-based access control should you use?. DocumentDB Accounts Contributor. Cosmos Backup Operator. Cosmos DB Operator. Cosmos DB Account Reader.

You are developing a website that will run as an Azure Web App. Users will authenticate by using their Azure Active Directory (Azure AD) credentials. You plan to assign users one of the following permission levels for the website: admin, normal, and reader. A user's Azure AD group membership must be used to determine the permission level. You need to configure authorization. Solution: Configure the Azure Web App for the website to allow only authenticated requests and require Azure AD log on. Does the solution meet the goal?. Yes. No.

You are developing a website that will run as an Azure Web App. Users will authenticate by using their Azure Active Directory (Azure AD) credentials. You plan to assign users one of the following permission levels for the website: admin, normal, and reader. A user's Azure AD group membership must be used to determine the permission level. You need to configure authorization. Solution: ✑ Create a new Azure AD application. In the application's manifest, set value of the groupMembershipClaims option to All. ✑ In the website, use the value of the groups claim from the JWT for the user to determine permissions. Does the solution meet the goal?. Yes. No.

You are developing a website that will run as an Azure Web App. Users will authenticate by using their Azure Active Directory (Azure AD) credentials. You plan to assign users one of the following permission levels for the website: admin, normal, and reader. A user's Azure AD group membership must be used to determine the permission level. You need to configure authorization. Solution: ✑ Create a new Azure AD application. In the application's manifest, define application roles that match the required permission levels for the application. ✑ Assign the appropriate Azure AD group to each role. In the website, use the value of the roles claim from the JWT for the user to determine permissions. Does the solution meet the goal?. Yes. No.

You are developing an application to securely transfer data between on-premises file systems and Azure Blob storage. The application stores keys, secrets, and certificates in Azure Key Vault. The application uses the Azure Key Vault APIs. The application must allow recovery of an accidental deletion of the key vault or key vault objects. Key vault objects must be retained for 90 days after deletion. You need to protect the key vault and key vault objects. Which Azure Key Vault feature should you use? To answer, drag the appropriate features to the correct actions. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place: Enable retention period and accidental deletion. Enforce retention period and accidental deletion.

You provide an Azure API Management managed web service to clients. The back-end web service implements HTTP Strict Transport Security (HSTS). Every request to the backend service must include a valid HTTP authorization header. You need to configure the Azure API Management instance with an authentication policy. Which two policies can you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. Basic Authentication. Digest Authentication. Certificate Authentication. OAuth Client Credential Grant.

You are developing an ASP.NET Core website that can be used to manage photographs which are stored in Azure Blob Storage containers. Users of the website authenticate by using their Azure Active Directory (Azure AD) credentials. You implement role-based access control (RBAC) role permissions on the containers that store photographs. You assign users to RBAC roles. You need to configure the website's Azure AD Application so that user's permissions can be used with the Azure Blob containers. How should you configure the application? To answer, drag the appropriate setting to the correct location. Each setting can be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place: Azure Storage. Microsoft Graph.

You are developing an ASP.NET Core app that includes feature flags which are managed by Azure App Configuration. You create an Azure App Configuration store named AppFeatureFlagStore that contains a feature flag named Export. You need to update the app to meet the following requirements: ✑ Use the Export feature in the app without requiring a restart of the app. ✑ Validate users before users are allowed access to secure resources. ✑ Permit users to access secure resources. How should you complete the code segment? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: imagen: https://www.examtopics.com/assets/media/exam-media/04273/0033800001.png. UseAuthentication. UseStaticFiles. UseSession. UseCookiePolicy. UseAuthorization. UseHttpsRedirection. UseAzureAppConfiguration. UseRequestLocalization. UseCors. UseStaticFiles.

You have an application that includes an Azure Web app and several Azure Function apps. Application secrets including connection strings and certificates are stored in Azure Key Vault. Secrets must not be stored in the application or application runtime environment. Changes to Azure Active Directory (Azure AD) must be minimized. You need to design the approach to loading application secrets. What should you do?. Create a single user-assigned Managed Identity with permission to access Key Vault and configure each App Service to use that Managed Identity. Create a single Azure AD Service Principal with permission to access Key Vault and use a client secret from within the App Services to access Key Vault. Create a system assigned Managed Identity in each App Service with permission to access Key Vault. Create an Azure AD Service Principal with Permissions to access Key Vault for each App Service and use a certificate from within the App Services to access Key Vault.

You are developing a medical records document management website. The website is used to store scanned copies of patient intake forms. If the stored intake forms are downloaded from storage by a third party, the contents of the forms must not be compromised. You need to store the intake forms according to the requirements. Solution: 1. Create an Azure Key Vault key named skey. 2. Encrypt the intake forms using the public key portion of skey. 3. Store the encrypted data in Azure Blob storage. Does the solution meet the goal?. Yes. No.

You are developing a medical records document management website. The website is used to store scanned copies of patient intake forms. If the stored intake forms are downloaded from storage by a third party, the contents of the forms must not be compromised. You need to store the intake forms according to the requirements. Solution: 1. Create an Azure Cosmos DB database with Storage Service Encryption enabled. 2. Store the intake forms in the Azure Cosmos DB database. Does the solution meet the goal?. Yes. No.

You are developing a medical records document management website. The website is used to store scanned copies of patient intake forms. If the stored intake forms are downloaded from storage by a third party, the contents of the forms must not be compromised. You need to store the intake forms according to the requirements. Solution: Store the intake forms as Azure Key Vault secrets. Does the solution meet the goal?. Yes. No.

You plan to deploy a new application to a Linux virtual machine (VM) that is hosted in Azure. The entire VM must be secured at rest by using industry-standard encryption technology to address organizational security and compliance requirements. You need to configure Azure Disk Encryption for the VM. How should you complete the Azure CLI commands? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: image: https://www.examtopics.com/assets/media/exam-media/04273/0034400001.jpg. vm. keyvault. keyvault key. vm encryption. all. data. os.

Your company is developing an Azure API hosted in Azure. You need to implement authentication for the Azure API to access other Azure resources. You have the following requirements: ✑ All API calls must be authenticated. ✑ Callers to the API must not send credentials to the API. Which authentication mechanism should you use?. Basic. Anonymous. Managed identity. Client certificate.

You are developing an application. You have an Azure user account that has access to two subscriptions. You need to retrieve a storage account key secret from Azure Key Vault. In which order should you arrange the PowerShell commands to develop the solution? To answer, move all commands from the list of commands to the answer area and arrange them in the correct order. Select and Place: $secretvalue = ConvertTo-SecureString $storAcctkey -AsPlainText -Force Set-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -SecretValue $secretvalue. Get-AzStorageAccountKey - ResourceGroupName $resGroup -Name $storAcct. Set-AzContext --$subscriptionId SsubscriptionID. Get-AzKeyVaultSecret --VaultName $vaultName. Get-AzSubscription.

You develop Azure solutions. You must grant a virtual machine (VM) access to specific resource groups in Azure Resource Manager. You need to obtain an Azure Resource Manager access token. Solution: Use an X.509 certificate to authenticate the VM with Azure Resource Manager. Does the solution meet the goal?. Yes. No.

You develop Azure solutions. You must grant a virtual machine (VM) access to specific resource groups in Azure Resource Manager. You need to obtain an Azure Resource Manager access token. Solution: Use the Reader role-based access control (RBAC) role to authenticate the VM with Azure Resource Manager. Does the solution meet the goal?. Yes. No.

HOTSPOT - You are building a website that is used to review restaurants. The website will use an Azure CDN to improve performance and add functionality to requests. You build and deploy a mobile app for Apple iPhones. Whenever a user accesses the website from an iPhone, the user must be redirected to the app store. You need to implement an Azure CDN rule that ensures that iPhone users are redirected to the app store. How should you complete the Azure Resource Manager template? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: First -> "#Microsoft.Azure.Cdn.Models.___________". First -> "matchValues"["_________"]. Second -> "#Microsoft.Azure.Cdn.Models.___________". "selector": "__________",. Second -> "matchValues"["_________"].

You are developing a website that will run as an Azure Web App. Users will authenticate by using their Azure Active Directory (Azure AD) credentials. You plan to assign users one of the following permission levels for the website: admin, normal, and reader. A user's Azure AD group membership must be used to determine the permission level. You need to configure authorization. Solution: ✑ Configure and use Integrated Windows Authentication in the website. ✑ In the website, query Microsoft Graph API to load the groups to which the user is a member. Does the solution meet the goal?. Yes. No.

You develop Azure solutions. You must grant a virtual machine (VM) access to specific resource groups in Azure Resource Manager. You need to obtain an Azure Resource Manager access token. Solution: Run the Invoke-RestMethod cmdlet to make a request to the local managed identity for Azure resources endpoint. Does the solution meet the goal?. Yes. No.

You are building a website to access project data related to teams within your organization. The website does not allow anonymous access. Authentication is performed using an Azure Active Directory (Azure AD) app named internal. The website has the following authentication requirements: ✑ Azure AD users must be able to login to the website. ✑ Personalization of the website must be based on membership in Active Directory groups. You need to configure the application's manifest to meet the authentication requirements. How should you configure the manifest? To answer, select the appropriate configuration in the answer area. NOTE: Each correct selection is worth one point. Hot Area: "optionalClaims". "groupMembershipClaims". "allowPublicClient". "oauth2Permissions”. "requiredResourceAccess”. oauth2AllowlmplicitFlow.

You develop an app that allows users to upload photos and videos to Azure storage. The app uses a storage REST API call to upload the media to a blob storage account named Account1. You have blob storage containers named Container1 and Container2. Uploading of videos occurs on an irregular basis. You need to copy specific blobs from Container1 to Container2 when a new video is uploaded. What should you do?. Copy blobs to Container2 by using the Put Blob operation of the Blob Service REST API. Create an Event Grid topic that uses the Start-AzureStorageBlobCopy cmdlet. Use AzCopy with the Snapshot switch to copy blobs to Container2. Download the blob to a virtual machine and then upload the blob to Container2.

You are developing an ASP.NET Core website that uses Azure FrontDoor. The website is used to build custom weather data sets for researchers. Data sets are downloaded by users as Comma Separated Value (CSV) files. The data is refreshed every 10 hours. Specific files must be purged from the FrontDoor cache based upon Response Header values. You need to purge individual assets from the Front Door cache. Which type of cache purge should you use?. single path. wildcard. root domain.

Your company is developing an Azure API. You need to implement authentication for the Azure API. You have the following requirements: All API calls must be secure. ✑ Callers to the API must not send credentials to the API. Which authentication mechanism should you use?. Basic. Anonymous. Managed identity. Client certificate.

You are a developer for a SaaS company that offers many web services. All web services for the company must meet the following requirements: ✑ Use API Management to access the services ✑ Use OpenID Connect for authentication ✑ Prevent anonymous usage A recent security audit found that several web services can be called without any authentication. Which API Management policy should you implement?. jsonp. authentication-certificate. check-header. validate-jwt.

DRAG DROP - Contoso, Ltd. provides an API to customers by using Azure API Management (APIM). The API authorizes users with a JWT token. You must implement response caching for the APIM gateway. The caching mechanism must detect the user ID of the client that accesses data for a given location and cache the response for that user ID. You need to add the following policies to the policies file: ✑ a set-variable policy to store the detected user identity ✑ a cache-lookup-value policy ✑ a cache-store-value policy ✑ a find-and-replace policy to update the response body with the user profile information To which policy section should you add the policies? To answer, drag the appropriate sections to the correct policies. Each section may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place: Set-variable. Cache-lookup-value. Cache-store-value. Find-and-replace.

DRAG DROP - You are developing an Azure solution. You need to develop code to access a secret stored in Azure Key Vault. How should you complete the code segment? To answer, drag the appropriate code segments to the correct location. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place: DefaultAzureCredential. ClientSecretCredential. CloudClients. SecretClient.

You are developing an Azure App Service REST API. The API must be called by an Azure App Service web app. The API must retrieve and update user profile information stored in Azure Active Directory (Azure AD). You need to configure the API to make the updates. Which two tools should you use? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. Microsoft Graph API. Microsoft Authentication Library (MSAL). Azure API Management. Microsoft Azure Security Center. Microsoft Azure Key Vault SDK.

You develop a REST API. You implement a user delegation SAS token to communicate with Azure Blob storage. The token is compromised. You need to revoke the token. What are two possible ways to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. Revoke the delegation key. Delete the stored access policy. Regenerate the account key. Remove the role assignment for the security principle.

DRAG DROP - You are developing an Azure-hosted application that must use an on-premises hardware security module (HSM) key. The key must be transferred to your existing Azure Key Vault by using the Bring Your Own Key (BYOK) process. You need to securely transfer the key to Azure Key Vault. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place: Generate a key transfer blob file by using the HSM rendor-provided tool. Generate a Key Exchange Key (KEK). Create a custom policy definition in Azure Policy. Run the az keyvault key import command. Run the az keyvault key restore command. Retrieve the Key Exchange Key (KEK) public key.

You develop and deploy an Azure Logic app that calls an Azure Function app. The Azure Function app includes an OpenAPI (Swagger) definition and uses an Azure Blob storage account. All resources are secured by using Azure Active Directory (Azure AD). The Azure Logic app must securely access the Azure Blob storage account. Azure AD resources must remain if the Azure Logic app is deleted. You need to secure the Azure Logic app. What should you do?. Create a user-assigned managed identity and assign role-based access controls. Create an Azure AD custom role and assign the role to the Azure Blob storage account. Create an Azure Key Vault and issue a client certificate. Create a system-assigned managed identity and issue a client certificate. Create an Azure AD custom role and assign role-based access controls.

HOTSPOT - You are developing an application that uses a premium block blob storage account. You are optimizing costs by automating Azure Blob Storage access tiers. You apply the following policy rules to the storage account. You must determine the implications of applying the rules to the data. (Line numbers are included for reference only.). Block blobs prefixed with container1/salesorders or container2/inventory which have not been modified in over 60 days are moved to cool storage. Blobs that have not been modified in 120 days are moved to the archive tier. Blobs are moved to cool storage if they have not been accessed for 30 days. Blobs will automatically be tiered from cool back to hot if accessed again after being tiered to cool. All block blobs older than 730 days will be deleted.

You are developing a solution that will use a multi-partitioned Azure Cosmos DB database. You plan to use the latest Azure Cosmos DB SDK for development. The solution must meet the following requirements: ✑ Send insert and update operations to an Azure Blob storage account. ✑ Process changes to all partitions immediately. ✑ Allow parallelization of change processing. You need to process the Azure Cosmos DB operations. What are two possible ways to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. Create an Azure App Service API and implement the change feed estimator of the SDK. Scale the API by using multiple Azure App Service instances. Create a background job in an Azure Kubernetes Service and implement the change feed feature of the SDK. Create an Azure Function to use a trigger for Azure Cosmos DB. Configure the trigger to connect to the container. Create an Azure Function that uses a FeedIterator object that processes the change feed by using the pull model on the container. Use a FeedRange object to parallelize the processing of the change feed across multiple functions.

You have an Azure Web app that uses Cosmos DB as a data store. You create a CosmosDB container by running the following PowerShell script: $resourceGroupName = "testResourceGroup" $accountName = "testCosmosAccount" $databaseName = "testDatabase" $containerName = "testContainer" $partitionKeyPath = "/EmployeeId" $autoscaleMaxThroughput = 5000 New-AzCosmosDBSqlContainer - -ResourceGroupName $resourceGroupName -AccountName $accountName -DatabaseName $databaseName -Name $containerName -PartitionKeyKind Hash -PartitionKeyPath $partitionKeyPath -AutoscaleMaxThroughput $autoscaleMaxThroughput You create the following queries that target the container: SELECT * FROM c WHERE c.EmployeeId > '12345' SELECT * FROM c WHERE c.UserID = '12345' For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: The minimum throughput for the container is 400 R/Us. The first query statement is an in-partition query. The second query statement is a cross-partition query.

You are developing a web application that makes calls to the Microsoft Graph API. You register the application in the Azure portal and upload a valid X509 certificate. You create an appsettings.json file containing the certificate name, client identifier for the application, and the tenant identifier of the Azure Active Directory (Azure AD). You create a method named ReadCertificate to return the X509 certificate by name. You need to implement code that acquires a token by using the certificate. How should you complete the code segment? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: ConfidentialClientApplicationBuilder. GetAccountAsync(). GetAccountsAsync(). ConfidentialClientApplication. scopes. app. config.

HOTSPOT - You develop a containerized application. You plan to deploy the application to a new Azure Container instance by using a third-party continuous integration and continuous delivery (CI/CD) utility. The deployment must be unattended and include all application assets. The third-party utility must only be able to push and pull images from the registry. The authentication must be managed by Azure Active Directory (Azure AD). The solution must use the principle of least privilege. You need to ensure that the third-party utility can access the registry. Which authentication options should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Registry authentication method. RBAC role.

You deploy an Azure App Service web app. You create an app registration for the app in Azure Active Directory (Azure AD) and Twitter. The app must authenticate users and must use SSL for all communications. The app must use Twitter as the identity provider. You need to validate the Azure AD request in the app code. What should you validate?. ID token header. ID token signature. HTTP response code. Tenant ID.

A development team is creating a new REST API. The API will store data in Azure Blob storage. You plan to deploy the API to Azure App Service. Developers must access the Azure Blob storage account to develop the API for the next two months. The Azure Blob storage account must not be accessible by the developers after the two-month time period. You need to grant developers access to the Azure Blob storage account. What should you do?. Generate a shared access signature (SAS) for the Azure Blob storage account and provide the SAS to all developers. Create and apply a new lifecycle management policy to include a last accessed date value. Apply the policy to the Azure Blob storage account. Provide all developers with the access key for the Azure Blob storage account. Update the API to include the Coordinated Universal Time (UTC) timestamp for the request header. Grant all developers access to the Azure Blob storage account by assigning role-based access control (RBAC) roles.

DRAG DROP - You develop a web application. You need to register the application with an active Azure Active Directory (Azure AD) tenant. Which three actions should you perform in sequence? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order. Select and Place: Select Manifest from the middle-tier service registration. In Enterprise Applications, select New application. Add a Cryptographic key. Create a new application and provide the name, account type, and redirect URI. Select the Azure AD instance. Use an access token to access the secure resource. In App Registrations, select New registration.

You have a new Azure subscription. You are developing an internal website for employees to view sensitive data. The website uses Azure Active Directory (Azure AD) for authentication. You need to implement multifactor authentication for the website. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. Configure the website to use Azure AD B2C. In Azure AD, create a new conditional access policy. Upgrade to Azure AD Premium. In Azure AD, enable application proxy. In Azure AD conditional access, enable the baseline policy.

DRAG DROP - An organization plans to deploy Azure storage services. You need to configure shared access signature (SAS) for granting access to Azure Storage. Which SAS types should you use? To answer, drag the appropriate SAS types to the correct requirements. Each SAS type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place: Delegate access to resources in one or more of the storage services. Delegate access to a resource in a single storage service. Secure a resource by using Azure AD credentials.