Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsAZ-204DomainsConnect to and consume Azure services and third-party services
AZ-204Free — No Signup

Connect to and consume Azure services and third-party services

Practice AZ-204 Connect to and consume Azure services and third-party services questions with full explanations on every answer.

266questions

Start practicing

Connect to and consume Azure services and third-party services — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

AZ-204 Domains

Develop Azure compute solutionsDevelop for Azure storageImplement Azure securityConnect to and consume Azure services and third-party servicesMonitor, troubleshoot, and optimize Azure solutions

Practice Connect to and consume Azure services and third-party services questions

10Q20Q30Q50Q

All AZ-204 Connect to and consume Azure services and third-party services questions (266)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A retail system uses Azure Service Bus to process orders. Each order has multiple messages (e.g., payment, shipping, confirmation) that must be processed in sequence. You need to guarantee that all messages belonging to the same order are handled by the same consumer in order. Which Service Bus feature should you use?

2

You manage an API in Azure API Management. You need to cache API responses such that different responses are returned based on the product subscription key used by the caller. Which set of policies should you implement?

3

A company uses Azure Logic Apps to integrate with a third-party REST API. The API has a rate limit of 100 requests per minute. You need to ensure that the Logic App respects this limit. Which connector feature should you configure?

4

You are building an API that needs to send notifications to multiple subscribers. Each subscriber has a different callback URL, and you need to ensure each notification is sent exactly once and retried on failure. Which Azure service should you use?

5

You manage an API in Azure API Management. The API response varies depending on the caller's subscription key. You need to cache responses per subscription key to reduce backend load. Which policy configuration should you use?

6

You have an order processing system using Azure Service Bus. Each order generates multiple messages that must be processed in order and by the same consumer. Which Service Bus feature ensures this?

7

A company uses Azure Service Bus to receive order messages. Each order message must be processed exactly once, and duplicate messages are not tolerated due to financial transactions. However, the order processing system sometimes fails and retries, leading to potential duplicates. What Service Bus feature should be enabled on the message to support idempotent processing?

8

A company exposes an internal REST API to external partners using Azure API Management. They need to enforce a rate limit of 100 requests per minute per subscription. Which policy should they add?

9

You manage an API in Azure API Management. You need to enforce a rate limit of 200 requests per minute for each subscription key. Which policy should you include in the inbound policy section?

10

You are building a serverless workflow using Azure Logic Apps. The workflow must start when a new blob is uploaded to a specific container in Azure Blob Storage. Which trigger should you configure?

11

You are building an Azure Logic App that must send a confirmation email to users after a purchase. Your company uses Office 365 for email and you want to use the corporate email address. Which connector should you use?

12

A company uses Azure Logic Apps to automate business processes. They need to call an external REST API that requires OAuth 2.0 client credentials grant. Which connector should they use with minimal configuration?

13

A company uses Azure Service Bus to decouple microservices. They need to ensure that messages are processed in the order they are received, and that each message is handled by exactly one consumer instance even when the system scales out. Which feature should they enable?

14

You are building an Azure Logic App that must send an email notification when a new file is added to a SharePoint Online document library. Which connector and trigger should you use?

15

You are building a mobile app backend using Azure Functions. The function must send push notifications to devices using the Notification Hubs service. You need to authenticate the function to Notification Hubs using the principle of least privilege. What should you use?

16

You are building an Azure Logic App that must connect to a third-party CRM system using a custom API. The API requires an API key in the header of every request. You need to securely store the API key and reference it in the Logic App. Which approach should you use?

17

You are building an integration solution that connects an on-premises SQL Server database to Azure Data Factory. The on-premises network does not allow direct inbound connections from Azure. You need to securely transfer data from the database to Azure Blob Storage. Which data factory component should you use?

18

Your company uses Azure Logic Apps to automate a business process. The process needs to call an external REST API that requires an API key passed in the Authorization header. You need to store the API key securely and reference it in the Logic App. Which approach should you use?

19

You are building an Azure Logic App that must consume messages from an Azure Service Bus queue. The queue messages are JSON payloads containing order information. The Logic App must process each message exactly once and in the order they are received. You need to configure the trigger in the Logic App. Which trigger type and property should you choose?

20

You are building an Azure Logic App that must send email notifications via Office 365 when a new order is placed. You need to securely store the Office 365 credentials and reference them in the Logic App. Which approach should you use?

21

You are building an Azure Logic App that must call a third-party REST API. The API requires an API key passed as a query parameter. You need to store the API key securely and automatically add it to each request. Which approach should you use?

22

You are building an Azure Logic App that must call an external API secured with OAuth 2.0 Client Credentials flow. The external API is registered in a different Microsoft Entra ID tenant. You need to obtain an access token and add it to the request headers. Which action and authentication configuration should you use?

23

Your company uses Azure Logic Apps to automate workflows. A workflow must call an external REST API that requires an API key in the header. You need to securely store the API key and reference it in the Logic App without exposing it in the workflow definition. What should you do?

24

You are building an Azure Logic App that must call a third-party REST API secured with OAuth 2.0 Client Credentials flow. The client ID and client secret are stored in Azure Key Vault. You need to securely obtain an access token and include it in requests to the API. Which approach should you use in the Logic App?

25

You are building an Azure Logic App that must call an external REST API. The API requires an API key passed in the Authorization header. You need to store the API key securely and reference it in the Logic App without exposing it in the workflow definition. What should you do?

26

Your company uses Azure API Management (APIM) to expose several APIs. One of the backend APIs requires an API key that is stored in Azure Key Vault. You need to configure APIM to retrieve the API key from Key Vault and pass it to the backend in a header without exposing the key in policy definitions. Which APIM feature should you use?

27

You are building an Azure Logic App that must call an external API that uses the OAuth 2.0 authorization code grant. The API requires the user to sign in interactively to grant consent. You want to minimize development effort and securely manage the token lifecycle. Which built-in action and authentication method should you use?

28

Your company has an on-premises Windows service that exposes a custom TCP endpoint. You are building an Azure Logic App that needs to send data to this endpoint. Due to network security policies, you cannot open inbound ports in the firewall. You need to establish a secure bidirectional connection without configuring a VPN. Which Azure service should you use?

29

You are developing an ASP.NET Core application that needs to access Azure Key Vault to retrieve secrets. You have enabled a managed identity for the App Service. Which Azure SDK class should you use to authenticate to Key Vault?

30

You are building an Azure Logic App that needs to call an external HTTP API secured with OAuth 2.0 Client Credentials flow. The client ID and client secret are stored in Azure Key Vault. You need to obtain an access token and include it in the Authorization header of each request. Which combination of actions should you use within the Logic App?

31

You are building an Azure Logic App that needs to call a third-party REST API. The API requires an API key to be passed in the 'X-API-Key' header. You have stored the API key as a secret in Azure Key Vault. The Logic App uses a managed identity that has read access to the Key Vault secret. You want to retrieve the API key securely at runtime and include it in the HTTP request. Which approach should you use?

32

You are building an Azure Logic App that needs to call an external REST API. The API requires an API key to be passed in the 'X-API-Key' header. You have stored the API key as a secret in Azure Key Vault. The Logic App uses a managed identity that has read access to the Key Vault secret. You want to retrieve the API key securely at runtime and include it in the HTTP request. Which approach should you use?

33

You are building an application that subscribes to an Azure Event Grid topic using a custom webhook endpoint. The endpoint is a web API hosted on Azure App Service. You need to ensure that only Event Grid can invoke your webhook endpoint, preventing unauthorized requests. What should you implement in your webhook endpoint?

34

Your company has a set of REST APIs that are exposed through Azure API Management (APIM). One of the backend APIs is secured and requires an OAuth 2.0 access token from Microsoft Entra ID. The APIM instance has a system-assigned managed identity with permissions to request tokens for the backend API's scope. You need to configure APIM to automatically obtain a token and pass it to the backend API when requests come in. What should you do?

35

You are developing a worker role that processes events from an Azure Event Hub. The worker runs on multiple virtual machines to ensure high availability. Each partition of the Event Hub should be processed by only one instance at a time, and events from the same partition must be processed in order. You need to manage partition leasing and checkpointing efficiently. Which Azure SDK class should you use?

36

You are building an event-driven application that needs to publish messages to multiple independent subscribers. Each subscriber must be able to filter messages based on custom properties, and each subscriber must receive all messages that match its filter, even if other subscribers have different filters. The solution must guarantee message delivery. Which Azure messaging service should you use?

37

You are developing a web application that relies on a third-party weather API. The API has a rate limit of 10 requests per second per API key. You need to ensure your application never exceeds this limit and also caches responses for 10 minutes to reduce call frequency. Which combination of Azure services should you implement?

38

You are using Azure Event Grid to respond to blob storage events (blob created). You need to ensure that only JPEG image files trigger a function for processing, while other files are ignored. The number of files is high, and you want to minimize cost and latency. How should you filter events?

39

You manage a set of APIs using Azure API Management (APIM). One backend API requires an API key passed in the 'X-API-Key' header. The API key is stored securely in a named value in APIM. You need to configure APIM to add this header to all requests to that backend without exposing the key to API consumers. Which policy should you add to the inbound processing for that API?

40

You are building an Azure Logic App that needs to call an external API secured with OAuth 2.0 client credentials flow. You have registered an application in Microsoft Entra ID with client ID 'myClientId' and client secret stored in Key Vault. Which action should you use to authenticate?

41

You have an Azure Event Grid topic that receives storage blob created events. You only want to process events for files with a '.jpg' extension. You need to minimize cost and latency. How should you filter the events?

42

You are building an Azure Logic App that calls an external REST API secured with the OAuth 2.0 client credentials flow. You have registered an app in Microsoft Entra ID with client ID and client secret stored in Azure Key Vault. The Logic App uses a system-assigned managed identity with Get permission on the secret. Which action should you use in the Logic App designer to authenticate to the API?

43

You are building an Azure Logic App that processes orders. When an order is placed, the Logic App must send a message to an Azure Service Bus queue. The queue is secured using managed identity. Which connector action should you use?

44

You are building a solution that processes events from multiple Azure Event Hubs. Events must be dispatched to different downstream services based on the event type. You need a serverless solution that can handle high throughput and uses managed identity to authenticate to Event Hubs. Which Azure service should you use?

45

An application publishes order events that multiple independent subscribers must process. Subscribers may be added later without changing the publisher. Which Azure messaging service should be used?

46

A system receives high-volume event notifications from Azure resources and routes them to serverless handlers. Events are lightweight and should use native event routing. Which service should be used?

47

A developer exposes several backend APIs through Azure API Management. Clients must be throttled by subscription to protect the backend. What should be configured?

48

A function consumes messages from Azure Service Bus. Which two settings help handle transient failures safely?

49

An application calls a third-party shipping API through HTTP. The developer must implement retries without overwhelming the remote system during partial outages. Which retry pattern is best?

50

An application publishes order events that multiple independent subscribers must process. Subscribers may be added later without changing the publisher. Which Azure messaging service should be used? The design must avoid adding custom operational scripts.

51

A system receives high-volume event notifications from Azure resources and routes them to serverless handlers. Events are lightweight and should use native event routing. Which service should be used? The design must avoid adding custom operational scripts.

52

A developer exposes several backend APIs through Azure API Management. Clients must be throttled by subscription to protect the backend. What should be configured? The design must avoid adding custom operational scripts.

53

A function consumes messages from Azure Service Bus. Which two settings help handle transient failures safely? The design must avoid adding custom operational scripts.

54

An application calls a Event Grid event stream through HTTP. The developer must implement retries without overwhelming the remote system during partial outages. Which retry pattern is best?

55

An application publishes order events that multiple independent subscribers must process. Subscribers may be added later without changing the publisher. Which Azure messaging service should be used? The architecture review board prefers a managed AWS-native control.

56

A system receives high-volume event notifications from Azure resources and routes them to serverless handlers. Events are lightweight and should use native event routing. Which service should be used? The architecture review board prefers a managed AWS-native control.

57

A developer exposes several backend APIs through Azure API Management. Clients must be throttled by subscription to protect the backend. What should be configured? The architecture review board prefers a managed AWS-native control.

58

A function consumes messages from Azure Service Bus. Which two settings help handle transient failures safely? The architecture review board prefers a managed AWS-native control.

59

An application calls a Service Bus topic through HTTP. The developer must implement retries without overwhelming the remote system during partial outages. Which retry pattern is best?

60

An application publishes order events that multiple independent subscribers must process. Subscribers may be added later without changing the publisher. Which Azure messaging service should be used? The team wants the control to be enforceable during normal operations.

61

Three analytics pipelines each need to read every event from the same Azure Event Hub: one pipeline archives events to cold storage, one computes real-time aggregations, and one feeds a machine learning model. How should the developer configure Event Hubs to allow all three to consume independently without interfering with each other?

62

Messages failing to process are redelivered by Azure Service Bus. After a message has been delivered and abandoned the maximum number of times (MaxDeliveryCount), where does Service Bus move the message?

63

Backend APIs exposed through Azure API Management are consumed by multiple subscribers. The product owner wants to prevent any single subscriber from sending more than 100 requests per minute, while allowing subscribers with heavier plans to have higher limits configured separately. Which APIM policy implements per-subscriber rate limiting?

64

The mobile app team needs to send push notifications to 10 million devices running both iOS and Android. On iOS, notifications go through Apple Push Notification service (APNs); on Android, through Firebase Cloud Messaging (FCM). The team wants a single Azure service that abstracts platform differences and scales without managing separate APNs and FCM integrations per platform. Which service should they use?

65

A business process requires sending an approval email, waiting up to 48 hours for a manager's response, and then updating a SharePoint list based on the decision. The process owner has no programming experience and wants to build this without writing code. Which Azure service is the most appropriate?

66

Arrange the steps to deploy a containerized application to Azure Container Instances (ACI) from Azure Container Registry (ACR) in the correct order.

67

Arrange the steps to implement Azure Blob Storage lifecycle management to archive blobs after 30 days in the correct order.

68

Match each Azure caching service to its description.

69

Match each Azure DevOps component to its function.

70

A company uses Azure Functions with an HTTP trigger and Azure Cosmos DB. They need to securely store connection strings for Cosmos DB and rotate them automatically every 90 days. Which service should they use?

71

A developer is building a solution that sends emails via SendGrid from Azure. Which Azure service should they use to integrate with SendGrid?

72

An application uses Azure Event Hubs to ingest telemetry data. The team wants to process the data in near real-time and store aggregated results in Azure SQL Database. Which Azure service should they use?

73

A company uses Azure DevOps to deploy microservices to Azure Kubernetes Service (AKS). They need to securely pull container images from Azure Container Registry (ACR) during deployment without storing credentials. Which authentication method should they use?

74

A developer needs to call a third-party REST API from an Azure Function app. The API requires OAuth2 client credentials flow. Which approach should they use to securely store and retrieve the client secret?

75

A company uses Azure Service Bus for messaging between microservices. They need to ensure that messages are processed in order within a partition. Which feature should they enable?

76

An application uses Azure Redis Cache to improve performance. The team notices that cache misses are high and the cache is not effectively reducing database load. What should they do to improve cache hit ratio?

77

A developer needs to deploy a web app that uses Azure SQL Database. They want to connect to the database using a connection string without storing it in code. Which feature of Azure App Service should they use?

78

A company has an Azure Function app that processes messages from an Azure Storage queue. The function fails intermittently with timeout exceptions when the queue has many messages. What is the best approach to handle this?

79

Which TWO services can be used to implement a publish-subscribe messaging pattern in Azure?

80

A developer needs to authenticate an Azure Function app to call Microsoft Graph API. Which THREE components are required?

81

Which TWO approaches can be used to securely connect an Azure web app to an on-premises database without exposing it to the internet?

82

You are developing a .NET Core web application that needs to send an email notification when a user registers. You decide to use Azure Communication Services Email. Which authentication method should you use to securely connect from your application to Azure Communication Services?

83

Your Azure Function app needs to call a third-party REST API that requires OAuth 2.0 client credentials flow. The API expects a JWT token signed with a client certificate. You want to store the certificate securely and rotate it automatically. Which Azure service and feature should you use?

84

You are building a solution that processes orders and needs to send order confirmation emails reliably. You choose Azure Logic Apps with a Gmail connector. However, you are concerned about hitting Gmail's sending limits. What should you do to handle this?

85

You are implementing Azure API Management (APIM) to expose a legacy SOAP service as a modern REST API. The SOAP service requires WS-Security UsernameToken authentication. How should you configure APIM to handle this?

86

You develop an IoT solution using Azure IoT Hub. Devices send telemetry data that must be processed by a custom Azure Function. You need to ensure that the Function processes messages in order per device and exactly once. Which IoT Hub feature should you use?

87

Your web app hosted on Azure App Service needs to consume an external SaaS API that requires an API key. The key must be stored securely and rotated without redeploying the app. What is the best approach?

88

You are designing a microservices architecture where each service needs to publish events to multiple subscribers. You choose Azure Event Grid. However, one of the subscribers is a third-party service that requires HTTPS endpoint and custom headers in the event delivery. How should you configure Event Grid?

89

Your team is migrating a legacy application to Azure. The application uses a proprietary database that is not supported by Azure SQL or Cosmos DB. You need to provide a managed database service with minimal rearchitecture. Which Azure service should you use?

90

You need to consume an Azure Cognitive Services Text Analytics API from a Python application. The API requires a subscription key. Where should you store the key to ensure security?

91

Which TWO are valid ways to authenticate to Azure Service Bus from an application? (Choose two.)

92

Which THREE are benefits of using Azure API Management for consuming third-party APIs? (Choose three.)

93

Which TWO are correct ways to securely store and access secrets for Azure Functions? (Choose two.)

94

You are reviewing an ARM template that deploys an Azure App Service. The template sets an app setting 'MyApiKey' that references a Key Vault secret. However, the deployment fails with an error that the app service cannot access the secret. What is the most likely cause?

95

You are querying Azure Monitor metrics using Kusto Query Language (KQL). The query is supposed to return average metric values per hour per resource provider, but it returns no results. What is the most likely issue?

96

You run the above PowerShell script to upload a blob to Azure Storage. The script fails with an error. Which part of the script is causing the failure?

97

Your company is building a microservices application on Azure Kubernetes Service (AKS). The application must securely access Azure Key Vault to retrieve secrets. Which identity type should you use for the pods?

98

A web app running on Azure App Service must integrate with Microsoft Graph API to read user profiles. The app is registered in Microsoft Entra ID and uses the OAuth 2.0 authorization code flow. However, after deployment, the app fails to acquire tokens. What is the most likely cause?

99

You are developing a solution that processes events from Azure Event Hubs and stores them in Azure Blob Storage. The processing must be idempotent and exactly-once. Which approach should you use?

100

Your company wants to send email notifications to users via a third-party email service (SendGrid) from an Azure Logic App. What is the recommended way to securely store the SendGrid API key?

101

You are developing a mobile app that uses Azure Cognitive Services to analyze images. The app must authenticate to the Computer Vision API using a key that is rotated monthly. What is the best practice for handling the key?

102

You are designing a solution that reads messages from an Azure Service Bus queue and processes them using an Azure Function. The function must process messages in order and ensure no duplicate processing. Which configuration should you use?

103

Your company uses Azure API Management to expose APIs to external partners. You need to enforce throttling limits per subscription key. Which policy should you add?

104

You are developing a serverless application using Azure Functions that processes orders. Each order must be validated by calling a third-party API. If the third-party API is unavailable, the function should retry with exponential backoff. How should you implement this?

105

Your Azure App Service app uses SignalR Service to push real-time updates to clients. You notice that some clients are disconnected after 30 minutes of inactivity. What is the most likely cause and solution?

106

Which TWO authentication mechanisms can be used to authenticate an Azure Function to Azure Storage?

107

Which THREE services can be used to implement a pub/sub messaging pattern in Azure?

108

Which TWO are best practices for securing an Azure API Management instance?

109

You are reviewing an Azure Policy definition that applies to storage accounts. The policy has an effect of 'deny' and specifies network ACLs. What is the intended behavior of this policy?

110

You are deploying this ARM template. After deployment, you want to ensure that all traffic to the storage account uses HTTPS. However, you notice that HTTP requests are still accepted. What is the most likely reason?

111

You are using Azure CLI to upload a blob using your Azure AD credentials (--auth-mode login). The command fails with an authorization error. What is the most likely cause?

112

A company is developing an application that processes orders. The application uses Azure Service Bus queues to decouple order submission from processing. During peak hours, some messages are not processed within the required time, causing order delays. The team needs to increase throughput without changing the existing message processing logic. What should they do?

113

A web app needs to access Azure Key Vault secrets for database credentials. The app runs as a managed identity in Azure App Service. Which authentication method should be used to retrieve secrets without storing credentials in the app code?

114

A company uses Azure Cosmos DB for a global e-commerce platform. They need to query product inventory across multiple regions with low latency. The data is partitioned by product category. Some queries filter on category and price range. What indexing policy should be configured to optimize these queries?

115

A company runs a microservices application on Azure Kubernetes Service (AKS). One service needs to securely access an Azure SQL Database. The solution should avoid storing connection strings in code or configuration. What should they use?

116

A developer is building a function app that processes messages from an Azure Storage queue. The function must scale automatically based on queue length. Which hosting plan supports this automatic scaling?

117

A company uses Azure API Management to expose APIs. They need to enforce rate limiting per subscription key and also allow a burst of requests for a short period. Which policy should they apply?

118

A company integrates an Azure Logic App with Microsoft Teams to send notifications when a new file is added to an Azure Blob storage container. The Logic App currently polls the blob container every minute. They want to reduce latency and avoid polling. What should they do?

119

A developer needs to store session state for a web app that runs on multiple instances behind a load balancer. The state must be persisted across restarts. Which Azure service should they use?

120

A company has an Azure Service Bus namespace with a topic that receives high-throughput messages. They need to ensure that if a subscriber fails, messages are not lost and can be replayed. The subscriber is a client application that uses the PeekLock receive mode. What should they configure?

121

Which TWO Azure services can be used to implement a pub/sub messaging pattern for decoupling microservices? (Choose two.)

122

Which THREE actions should be taken to secure an Azure App Service web app that accesses an Azure SQL Database? (Choose three.)

123

Which TWO Azure services can be used to trigger an Azure Function in response to a new blob being added to an Azure Storage account? (Choose two.)

124

Refer to the exhibit. An Azure App Service deployment is configured using this ARM template snippet. The web app is built from a GitHub repository. However, when a pull request is merged to main, the app does not automatically deploy. What is the most likely cause?

125

Refer to the exhibit. You are deploying an API in Azure API Management using an ARM template. The API is configured to use OAuth 2.0 authentication. The deployment fails with a validation error. What is the most likely cause?

126

Refer to the exhibit. An Azure OpenAI Service account is deployed with this ARM template. After deployment, a developer tries to call the OpenAI endpoint from an Azure App Service that has no public IP. The request is blocked. What change should be made to allow access?

127

You are developing a solution that needs to retrieve secrets from Azure Key Vault. The solution will run as an Azure App Service managed identity. Which authentication method should you use?

128

You are configuring an Azure Event Grid subscription to trigger an Azure Function when a blob is created in a storage account. However, the function is not being triggered. You have verified that the function endpoint is reachable and the storage account is in the same region. What is the most likely cause?

129

You are designing a solution that requires asynchronous processing of messages from an Azure Service Bus queue. The solution must guarantee at-least-once delivery and handle poison messages automatically. Which combination of Service Bus features should you use?

130

You are developing an application that needs to store and retrieve large binary objects (up to 5 TB) in Azure Blob Storage. The application requires the ability to access data from any URL via HTTP/HTTPS. Which Blob Storage access tier should you use?

131

You are implementing a custom API that calls a downstream API secured with OAuth 2.0. The downstream API requires a client credentials grant flow. You need to securely store the client secret and obtain an access token. What should you use?

132

You are using Azure API Management to expose a legacy SOAP API as a RESTful API. The SOAP API has complex XML schemas. You need to transform the SOAP response to JSON. Which policy should you use?

133

You need to process large volumes of streaming data from IoT devices in near real-time. The processed data must be stored in Azure Cosmos DB for further analysis. Which Azure service should you use for stream processing?

134

You are developing a microservice that needs to publish events to multiple subscribers. Each subscriber should receive the event independently and at its own pace. The event must be retained for up to 7 days. Which Azure messaging service should you use?

135

You are using Azure Cognitive Search to index documents stored in Azure Blob Storage. The indexer is failing with the error 'Data source credentials are invalid.' You have verified that the connection string for the storage account is correct. What is the most likely cause?

136

Refer to the exhibit. You are deploying an ARM template that includes the above network security group rule. The rule is intended to block all outbound internet traffic from a virtual network. However, after deployment, virtual machines in the subnet still have outbound internet access. What is the most likely reason?

137

Refer to the exhibit. You run the above Azure CLI command to upload a blob to Azure Blob Storage. The command fails with the error 'This request is not authorized to perform this operation.' You have verified that the storage account name and container name are correct, and the file exists. What should you do to resolve the error?

138

Refer to the exhibit. You are configuring Azure Monitor autoscale for a virtual machine scale set using the above JSON metric configuration. The autoscale rule is supposed to scale out when average memory usage exceeds 80%. However, autoscale is not triggering even when memory usage is consistently above 90%. What is the most likely cause?

139

Which TWO services can be used to implement a pub/sub messaging pattern in Azure? (Choose two.)

140

Which THREE actions should you take to securely access Azure Key Vault from an Azure App Service? (Choose three.)

141

Which THREE are best practices for implementing an API using Azure API Management? (Choose three.)

142

You are developing an application that needs to retrieve secrets from Azure Key Vault. The application will run as an Azure Functions app. Which authentication method should you use to access Key Vault?

143

Your company has an Azure Logic App that processes orders by calling a third-party REST API using an HTTP trigger. Recently, the API provider changed their authentication to require OAuth 2.0 with client credentials. The Logic App currently uses a basic authentication header. What should you do to update the Logic App?

144

You are designing a solution to send email notifications from an Azure App Service web app. The app must use a third-party email service that requires an API key. You need to minimize management overhead and ensure the key is rotated automatically. What should you do?

145

A company uses Azure Functions to process messages from Azure Service Bus. The function needs to scale out during high load. Which consumption plan should you choose to enable automatic scaling?

146

You are developing a microservice that processes images. After processing, it needs to store the result in Azure Blob Storage and send a message to Azure Service Bus for further processing. Which Azure SDK client should you use to minimize overhead?

147

Your organization uses Azure API Management (APIM) to expose internal APIs to external partners. You need to ensure that only partners with a valid subscription key can access the APIs. Additionally, you want to log all requests for auditing. Which APIM policy should you implement?

148

You are building a solution that needs to send millions of events per second to Azure for processing. Which Azure service should you use to ingest the events?

149

A developer writes an Azure Function that uses the Azure.Storage.Blobs SDK to upload a file to Blob Storage. The function runs locally but fails when deployed to Azure with a '403 Forbidden' error. What is the most likely cause?

150

You have an Azure Function that processes messages from an Event Hubs event stream. The function is failing with 'Message lock lost' errors. The processing time per event is about 10 minutes. What should you do to resolve the errors?

151

Which TWO authentication methods can be used to connect an Azure App Service to an Azure SQL Database without storing connection strings in code or configuration files?

152

Which THREE Azure services can be used to trigger an Azure Function when a new blob is uploaded to a storage account?

153

Which TWO Azure services can be used to implement a publish-subscribe messaging pattern?

154

Refer to the exhibit. The exhibit shows an Azure Event Grid subscription configuration. You notice that the webhook endpoint is not receiving events when a .png file is uploaded to the 'images' container. What is the most likely reason?

155

Refer to the exhibit. You executed the Azure CLI command to create a storage account. Later, you attempt to connect from an application that uses TLS 1.1. The connection fails. What is the most likely reason?

156

Refer to the exhibit. You deploy the ARM template to create an Azure Key Vault. After deployment, you attempt to add an access policy to grant a user 'Get' secret permissions using the Azure portal, but the option is grayed out. What is the most likely reason?

157

A company develops a web app that processes images uploaded by users. The app uses Azure Cognitive Services to analyze images for moderation. The solution must minimize latency when calling the Cognitive Services endpoint. Which service should the developer use to call the endpoint?

158

A company uses Azure Logic Apps to integrate with a third-party CRM system. The CRM API requires OAuth 2.0 authentication. The developer needs to securely store the client secret and refresh token. Which Azure service should the developer use?

159

A developer is building a microservices application on Azure Kubernetes Service (AKS). One service needs to consume messages from an Azure Service Bus queue. The solution must minimize cost and automatically scale based on the number of messages. Which approach should the developer choose?

160

A company wants to send email notifications from an Azure Function app. The function app runs on a Consumption plan. Which service should be used to send emails?

161

A developer is configuring a web app to authenticate users with Microsoft Entra ID. The web app needs to call a downstream API that also uses Microsoft Entra ID for authentication. The developer must ensure that the web app can securely obtain access tokens for the downstream API. Which authentication flow should the developer implement?

162

A company uses Azure API Management (APIM) to expose a set of REST APIs. A new requirement mandates that all API calls must be throttled per user based on usage tiers (Free, Basic, Premium). User identity is provided via a JWT token. Which policy should the developer configure in APIM to enforce this throttling?

163

A developer is building an application that needs to store and retrieve large binary files (e.g., images, videos). The application runs on Azure Virtual Machines. Which Azure service provides the most cost-effective storage for these files?

164

An application uses Azure Functions with a Durable Functions extension to orchestrate a workflow. The workflow calls multiple external APIs. The developer needs to handle transient failures when calling these APIs. Which pattern should the developer implement?

165

A company uses Azure Event Hubs to ingest telemetry data from IoT devices. The data is processed by a stream analytics job that outputs to Azure Data Lake Storage Gen2. The developer needs to ensure that the stream analytics job can authenticate to Event Hubs without storing connection strings in code. Which authentication method should the developer use?

166

Which TWO services can be used to implement serverless event-driven architectures in Azure? (Choose 2)

167

Which THREE factors should be considered when choosing between Azure Service Bus and Azure Event Hubs for a messaging solution? (Choose 3)

168

Which TWO Azure services can be used to store and manage secrets, such as API keys and connection strings? (Choose 2)

169

Refer to the exhibit. A developer is creating an Azure Data Factory pipeline to copy data from Azure Blob Storage to Azure SQL Database. The pipeline fails with a timeout error when copying large files. Which action should the developer take to resolve the issue?

170

Refer to the exhibit. A developer deploys this ARM template to create a web app with a connection string to Azure Cosmos DB. The deployment succeeds but the web app cannot connect to Cosmos DB. What is the most likely cause?

171

Refer to the exhibit. An Azure Function is configured with an Event Hub trigger to process telemetry data. The function uses the EventProcessorHost to read events. The developer notices that the function is not processing all events; some events are skipped. What is the most likely cause?

172

A company uses Azure Functions to process orders. The function needs to read messages from an Azure Service Bus queue. Which binding should the developer configure in the function.json?

173

A web app uses Azure Key Vault to store secrets. The app runs in a production environment and needs to authenticate to Key Vault without storing connection strings in configuration files. Which authentication method should be used?

174

A microservices application deployed on Azure Kubernetes Service (AKS) needs to securely store and retrieve configuration settings. The configuration should be updated without redeploying containers. Which Azure service should be used?

175

A company uses Azure Logic Apps to integrate with a third-party SaaS application. The Logic App must send an HTTP request to the SaaS API and handle pagination. Which connector should be used?

176

A developer is building an app that uses Azure Cognitive Services Text Analytics. The app needs to detect the language of text input. Which Azure SDK method should be called?

177

A company uses Azure API Management (APIM) to expose APIs to external partners. They need to enforce rate limiting per subscription key. Which APIM policy should be configured?

178

An app uses Azure Event Grid to publish events. The events must be delivered to an Azure Function that processes them. Which Event Grid event delivery model should be used?

179

A company has an Azure App Service web app that reads from Azure Blob Storage. The app uses a connection string stored in app settings. Recently, the storage account key was rotated, and the app started throwing authentication errors. What should the developer do to resolve this issue without redeploying the app?

180

A developer needs to store a large number of binary files (images) that are accessed frequently from a web app. Which Azure storage solution is most cost-effective?

181

Which TWO Azure services can be used to implement a pub/sub messaging pattern?

182

Which THREE considerations are important when designing a solution using Azure API Management (APIM) to secure backend APIs?

183

Which TWO Azure services can be used to store application configuration settings?

184

Refer to the exhibit. The APIM policy is applied to an API. What is the effect of this policy?

185

Refer to the exhibit. A developer deploys this ARM template to create a blob container. Later, they attempt to upload a file to the container using a SAS token. What is the result?

186

Refer to the exhibit. A developer runs this Azure CLI command to set an app setting for a web app. What is the impact on the web app?

187

You are developing a microservices application that needs to send messages between services asynchronously. Which Azure service should you use to decouple the components and ensure reliable message delivery?

188

Your app uses Azure Key Vault to store secrets. You need to grant the app access to read secrets using managed identity. Which RBAC role should you assign to the app's managed identity?

189

You are building a solution that processes orders from multiple regions. Orders must be processed in the order they are received, but processing can take up to 5 minutes. You need to ensure exactly-once processing and minimize latency. Which Azure service and configuration should you use?

190

Your web app needs to authenticate users with Microsoft Entra ID (formerly Azure AD). Which OAuth 2.0 flow should you use for a single-page application (SPA) that uses MSAL.js?

191

You are using Azure Logic Apps to integrate with a third-party CRM. The CRM API requires OAuth 2.0 authentication with a client secret. The secret must be stored securely and rotated automatically. What should you do?

192

You have an Azure Function app that processes messages from a Service Bus queue. The function uses the Service Bus trigger. You notice that under high load, some messages are processed multiple times. What is the most likely cause?

193

You need to call a third-party REST API from your Azure Function app. The API requires an API key in the header. Where should you store the API key to keep it secure?

194

You are designing a solution that needs to relay events from an on-premises system to Azure Event Grid. The on-premises system cannot make outbound HTTPS calls. Which Azure service should you use as a bridge?

195

Your application uses Azure Cosmos DB for NoSQL. You need to implement server-side computed properties that depend on multiple document fields. The computation must be performed atomically. Which approach should you use?

196

Which TWO Azure services can be used to implement serverless event-driven architectures?

197

Which THREE are valid ways to authenticate an Azure app to an Azure resource using managed identities?

198

Which TWO are best practices when using Azure Service Bus for high-throughput messaging?

199

You are developing a web app that uses Azure Key Vault to retrieve secrets. The app must authenticate using a system-assigned managed identity. Which endpoint should you use to get an access token for Key Vault?

200

You are building an event-driven solution that processes orders from an Azure Storage Queue. Each order triggers an Azure Function. To improve reliability, you need to automatically retry processing if an exception occurs, but only up to 3 times. You must also preserve the original order message in a poison queue after max retries. Which configuration should you use in the function's host.json?

201

You have an Azure API Management instance that exposes a REST API. You need to secure the API using OAuth 2.0 with Microsoft Entra ID. The API should accept tokens from multiple client applications. Which policy should you add to the inbound processing section?

202

You are building a solution that uses Azure Cosmos DB for NoSQL. You need to implement a change feed processor to handle real-time updates. The application runs on multiple instances to ensure high availability. Which lease container configuration ensures that each instance processes a distinct set of partitions?

203

You are using Azure Blob Storage to store large media files. Clients upload files directly to the storage account using SAS tokens. You need to ensure that the SAS token expires 1 hour after creation. Which parameter should you set when generating the SAS token?

204

You are developing a .NET Core application that uses Azure Service Bus queues. You need to implement a dead-lettering mechanism for messages that cannot be processed after 5 delivery attempts. Which property should you set on the queue to automate this?

205

You are designing a solution that uses Azure Event Grid to handle events from multiple Azure services. The events must be filtered and routed to different endpoints based on event type. Which component should you use to filter events before they are sent to subscribers?

206

You are using Azure Cache for Redis to cache frequently accessed database query results. You need to ensure that the cache is updated automatically when the underlying data changes. Which pattern should you implement?

207

You need to authenticate an Azure Function to an Azure SQL Database using a managed identity. The function has a system-assigned managed identity enabled. Which connection string setting should you use in the function's application settings?

208

Which TWO actions should you take to securely store and retrieve secrets for an Azure App Service application? (Choose two.)

209

Which THREE features of Azure API Management help enforce security policies for APIs? (Choose three.)

210

Which TWO scenarios require the use of Azure Event Hubs over Azure Service Bus? (Choose two.)

211

Refer to the exhibit. You are reviewing an ARM template for a storage account. A security audit requires that all storage accounts enforce TLS 1.2 or higher. Does this configuration meet the requirement?

212

Refer to the exhibit. You are creating an Azure Service Bus queue using an ARM template. The requirement is that messages should be automatically dead-lettered after 3 failed delivery attempts. Does this configuration meet the requirement?

213

Your company deploys a microservices architecture on Azure Kubernetes Service (AKS). The application consists of a frontend service, an order service, and a payment service. The order service writes messages to an Azure Service Bus queue, and the payment service processes them. You need to ensure that the payment service can scale independently based on the queue length, and that the processing is fault-tolerant: if the payment service crashes during message processing, the message should not be lost and should be retried. You also need to minimize cost by reducing the number of idle instances. You configure the payment service as an Azure Function triggered by the Service Bus queue. Which configuration options should you set?

214

You are developing a .NET Core application that needs to authenticate users via Microsoft Entra ID and call Microsoft Graph API. You register an app in the Microsoft Entra admin center and configure the necessary permissions. However, when the app tries to acquire a token, it receives an 'interaction_required' error. What is the most likely cause?

215

You are designing a solution to securely store connection strings for an Azure Function app that connects to Azure Service Bus. The connection string contains a Shared Access Key. The company policy requires that secrets be rotated every 90 days and that no secret is stored in source code or configuration files. The solution should minimize operational overhead. What should you use?

216

You are developing a web application that uses Azure Cosmos DB for NoSQL. You need to perform a point read by document ID and partition key. Which API method should you use to achieve the best performance and lowest cost?

217

Your company uses Azure API Management to expose APIs to external partners. You need to implement rate limiting per subscription key to prevent abuse, but you also want to allow burst traffic up to a certain limit. Which policy should you configure?

218

You are developing a solution that processes large files uploaded by users to Azure Blob Storage. Each file must be validated for malware using Microsoft Defender for Cloud Apps before being moved to a different container for further processing. The validation can take several minutes. What is the most cost-effective and scalable approach?

219

You need to send email notifications from an Azure Function app when a new user registers in your application hosted on Azure App Service. Which Azure service should you use to send the emails?

220

You are deploying a microservices application to Azure Kubernetes Service (AKS). One service needs to retrieve configuration values from Azure App Configuration. The configuration includes sensitive values that must be stored in Azure Key Vault. The solution should not require application code changes to reference Key Vault. What should you use?

221

Your application uses Azure Cache for Redis to cache session state. You notice that after a scaling operation, some users are prompted to log in again. What is the most likely cause?

222

You need to deploy a web app that uses Azure SQL Database. The connection string must be securely stored and automatically rotated without application downtime. What should you use?

223

You are designing a solution that processes orders from an e-commerce website. The solution must guarantee that each order is processed exactly once. Which TWO Azure services can you use to achieve this requirement?

224

Your company uses Azure API Management to manage APIs. You need to implement policies that ensure only authenticated requests from partners are allowed, and that responses are cached to improve performance. Which THREE policies should you configure?

225

You are developing a solution that uses Azure Functions to process messages from Azure Service Bus. Which TWO configurations are required to ensure the function scales out to handle high throughput?

226

You are a developer at Contoso Ltd. The company has an existing .NET Core web application hosted on Azure App Service that allows users to upload images. The application currently stores images directly to Azure Blob Storage using connection strings stored in the Web.config file. The security team has mandated that all secrets must be stored in Azure Key Vault and rotated automatically. Additionally, the application must be able to access the Key Vault without storing any credentials in the application code or configuration files. The application uses Microsoft Entra ID for user authentication. You need to modify the application to meet these requirements with minimal changes to the application code. You have the following resources: an Azure Key Vault instance with the secrets (storage account connection string) already stored; a managed identity enabled for the App Service. You want to use the Key Vault references feature of Azure App Configuration or direct Key Vault access. Which approach should you take?

227

Your company is building a real-time dashboard that displays sales data from multiple stores. The data is generated as events from point-of-sale systems and must be ingested with low latency. The dashboard needs to display aggregated data (e.g., total sales per store per minute) with a maximum delay of 5 seconds from event generation. You have decided to use Azure Event Hubs for ingestion and Azure Stream Analytics for real-time processing. The processed data will be stored in Azure Cosmos DB for the dashboard to query. However, the dashboard requires that the data in Cosmos DB be updated as soon as new aggregations are available. You need to design the output from Azure Stream Analytics to Cosmos DB. Which output configuration should you use?

228

You are developing a mobile app backend using Azure Functions. The app allows users to upload profile pictures. The pictures are stored in Azure Blob Storage and the metadata (user ID, blob URL, upload timestamp) is stored in Azure SQL Database. You need to implement a process that automatically generates a thumbnail for each uploaded picture and updates the metadata with the thumbnail URL. The thumbnail generation is CPU-intensive and may take up to 30 seconds per image. The solution should be serverless and cost-effective. Which combination of Azure services should you use?

229

You are developing an app that processes orders. When an order is placed, you need to send a confirmation email and update an inventory database. The email service may be slow but must not delay the order processing. Which approach should you use?

230

You are deploying a microservice that needs to read secrets (e.g., connection strings) from Azure Key Vault. The service runs on Azure Kubernetes Service (AKS). You want to minimize code changes and automatically rotate secrets. Which approach should you use?

231

Your Azure Function app processes messages from an Azure Service Bus queue. The function is triggered by Service Bus messages. Occasionally, the function throws an unhandled exception after the message is processed but before the function completes. What happens to the message?

232

You need to expose an on-premises API securely to external partners without opening firewall ports. Which Azure service should you use?

233

Your application uses Azure Cosmos DB for NoSQL. You need to query items by a property that is not the partition key. The container has 10,000 RU/s. How can you optimize this query to minimize cost and latency?

234

You are using Azure Logic Apps to orchestrate a workflow that calls a third-party API. The API occasionally returns HTTP 429 (Too Many Requests). How should you handle this to ensure the workflow completes successfully without manual intervention?

235

You need to authenticate an Azure Function app to call Microsoft Graph API on behalf of the signed-in user. Which authentication flow should you use?

236

Your company uses Azure Blob Storage to store sensitive documents. You need to ensure that all access to the storage account is encrypted in transit and that clients must use TLS 1.2 or higher. Which configuration should you enforce?

237

You have an Azure App Service web app that uses Azure SQL Database. The connection string is stored in Azure Key Vault. You need to automatically rotate the database password every 30 days without app downtime. Which solution should you implement?

238

Which TWO Azure services can be used to securely store and retrieve secrets, such as API keys and connection strings, for use in cloud applications?

239

Which TWO approaches can you use to call an external REST API from an Azure Function while ensuring the API key is not exposed in the function code?

240

Which THREE Azure services or features can be used to implement retry logic for transient failures when calling an external API from a .NET Core application?

241

You need to send notifications to mobile devices when a new file is uploaded to Azure Blob Storage. Which Azure service should you use to route the event to a notification hub?

242

You are developing a solution that needs to consume an external SOAP web service. Which approach should you use to integrate it into a modern .NET Core application?

243

Your application uses Azure Service Bus topics. You need to ensure that messages are processed in the order they were sent within a session. What must you configure?

244

Which TWO authentication mechanisms can be used to securely connect an Azure Function app to an Azure SQL Database using managed identities?

245

Which THREE Azure services can be used to securely store and retrieve secrets, connection strings, and API keys for a cloud-native application?

246

Which TWO authentication methods can be used to call a Microsoft Entra ID-protected web API from a client application?

247

Which THREE Azure services can be used to send email notifications from an application?

248

Contoso Ltd. is migrating a legacy on-premises application to Azure. The application processes customer orders and sends confirmation emails. The new solution must use Azure Functions with an HTTP trigger to receive orders, store order data in Azure Cosmos DB, and send emails via SendGrid. Security requirements: All connections must use managed identities where possible. No secrets should be stored in code or configuration files. Cosmos DB and SendGrid API keys must be retrieved at runtime from Azure Key Vault. The Azure Function app must be able to access Key Vault without storing any connection strings or secrets in application settings. The development team plans to use the Azure.Identity and Azure.Security.KeyVault.Secrets libraries. Which approach should the team use to authenticate to Key Vault?

249

Northwind Traders is building a microservices architecture on Azure Kubernetes Service (AKS). One service needs to read messages from an Azure Service Bus queue and write them to an Azure SQL database. The solution must use managed identities for authentication. The AKS cluster is integrated with Microsoft Entra ID. The development team wants to avoid managing service principals and secrets. The team has chosen to use the Azure Identity SDK for authentication. The service will run as a pod in AKS. Which approach should the team use to authenticate to Service Bus and Azure SQL Database?

250

Fabrikam Inc. has an Azure Function app that processes image uploads. Each time a blob is added to a container in Azure Blob Storage, the function is triggered. The function resizes the image and stores the result in another container. Currently, the function uses an Azure Storage account connection string stored in application settings. The security team requires that no connection strings or access keys be stored in application settings. The function must use managed identity to access the storage account. The storage account is in the same subscription. Which action should the team take?

251

Adventure Works is developing a payment processing system on Azure. The system uses an Azure Service Bus queue to decouple the frontend from the backend. The frontend sends a message to the queue. A backend service, running as an Azure WebJob, processes the message and calls a third-party payment gateway via HTTPS. The backend must authenticate to the payment gateway using a client certificate stored in Azure Key Vault. The WebJob must be able to access the certificate without storing any secrets in configuration. The WebJob runs in an App Service plan with system-assigned managed identity enabled. Which approach should the team use to retrieve the certificate and authenticate to the payment gateway?

252

Tailwind Traders uses Azure Logic Apps to orchestrate a multi-step business process. The workflow must call an external REST API that requires OAuth 2.0 authentication. The API is registered in Microsoft Entra ID. The Logic App must authenticate using a system-assigned managed identity. The API's app registration has been configured to accept tokens from the managed identity. Which connector should the team use in the Logic App to call the API, and how should they configure authentication?

253

Contoso is building a serverless application using Azure Functions. One function needs to read messages from an Azure Event Hub and store them in Azure Blob Storage. The function uses the Event Hubs trigger. The team wants to authenticate to both Event Hubs and Blob Storage using managed identities. The Function app has system-assigned managed identity enabled. Which role assignments are required on the Event Hubs namespace and the storage account?

254

Litware Inc. has an Azure App Service web app that needs to authenticate users via Microsoft Entra ID. The app uses the Microsoft Authentication Library (MSAL) for .NET. The app must also call Microsoft Graph to read user profiles. The app is registered in Entra ID with delegated permissions for 'User.Read'. The team wants to use the OAuth 2.0 authorization code flow with PKCE. The redirect URI is set to the App Service's URL. The app uses the App Service Authentication feature (EasyAuth) and also custom code. The team notices that after signing in, the app receives an ID token but not an access token for Microsoft Graph. What is the most likely cause?

255

Wide World Importers has an Azure API Management (APIM) instance that exposes several APIs. One API is a custom REST API hosted on an Azure App Service. The API requires authentication via a subscription key. APIM is configured to require subscription keys for all APIs. The team wants to offload authentication to APIM so that backend services do not need to validate keys. However, the backend API also needs to know the identity of the calling application for logging. The team decides to use APIM's OAuth 2.0 authorization with Microsoft Entra ID. The backend API should receive the JWT token from APIM. How should the team configure APIM to pass the token to the backend?

256

Avanade is developing a .NET Core console application that runs on an Azure VM. The application needs to read a secret from Azure Key Vault. The VM has a system-assigned managed identity enabled. The managed identity has been granted 'Get' and 'List' permissions on the Key Vault secrets. The code uses the Azure.Identity and Azure.Security.KeyVault.Secrets NuGet packages. Which code snippet should the developer use to authenticate to Key Vault?

257

Trey Research uses Azure Service Bus for messaging between microservices. One microservice written in Node.js needs to send messages to a queue. The team wants to use managed identity to authenticate to Service Bus. The microservice runs in an Azure Container Instance (ACI) with a user-assigned managed identity. The identity has been granted 'Sender' role on the Service Bus namespace. The team uses the @azure/service-bus SDK. Which code snippet should the developer use to create a ServiceBusClient?

258

Coho Vineyard has an Azure Logic App that processes orders. The workflow must call a third-party API that uses Basic authentication. The credentials (username and password) must be stored securely in Azure Key Vault. The Logic App uses a system-assigned managed identity. The managed identity has been granted 'Get' permission on the Key Vault secrets. Which approach should the team use to pass the credentials to the third-party API?

259

You are developing a microservices-based application deployed to Azure Kubernetes Service (AKS). One of the microservices needs to securely retrieve secrets (e.g., database connection strings) from Azure Key Vault. The application uses managed identity for authentication. You need to implement a solution that meets the following requirements: 1) The microservice should retrieve secrets from Key Vault without storing any credentials in the application code or configuration files. 2) The solution must support automatic rotation of secrets without application restart. 3) The solution should minimize latency and avoid direct calls to Key Vault on every request. 4) The application is written in .NET 8 and uses the Azure SDK. What should you do?

260

You develop an app that uses Azure Cosmos DB for NoSQL. The app requires reading a specific item by ID with low latency. You need to ensure the query is as fast as possible. What should you use?

261

Your company uses Azure Service Bus topics and subscriptions to send order notifications. You notice that some messages are not being delivered to a subscription. The subscription has a SQL filter that matches messages with a 'region' property equal to 'EU'. You verify that the messages have 'region' set to 'eu' (lowercase). What is the most likely cause?

262

You are building a solution that processes images uploaded to Azure Blob Storage. Each image must be analyzed by Azure AI Vision (Computer Vision). You need to trigger the analysis automatically when a new blob is created. Which Azure service should you use?

263

Which TWO actions can you take to improve the performance of an Azure App Service web app that makes calls to an external API? (Choose two.)

264

Which THREE components are required to implement a secure authentication flow for a single-page application (SPA) using Microsoft Entra ID to call Microsoft Graph? (Choose three.)

265

You deploy the above policy to an Azure API Management API. What is the effect?

266

Your company has a microservices application deployed on Azure Kubernetes Service (AKS). One service, OrderProcessor, needs to read messages from an Azure Service Bus queue and write results to Azure Cosmos DB. The processing must be reliable: if the service crashes mid-processing, the message should not be lost and should be retried. You also need to ensure that messages are processed in order within a partition. The solution should minimize code changes and leverage platform features. Which approach should you use?

Practice all 266 Connect to and consume Azure services and third-party services questions

Other AZ-204 exam domains

Develop Azure compute solutionsDevelop for Azure storageImplement Azure securityMonitor, troubleshoot, and optimize Azure solutions

Frequently asked questions

What does the Connect to and consume Azure services and third-party services domain cover on the AZ-204 exam?

The Connect to and consume Azure services and third-party services domain covers the key concepts tested in this area of the AZ-204 exam blueprint published by Microsoft. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all AZ-204 domains — no account required.

How many Connect to and consume Azure services and third-party services questions are in the AZ-204 question bank?

The Courseiva AZ-204 question bank contains 266 questions in the Connect to and consume Azure services and third-party services domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Connect to and consume Azure services and third-party services for AZ-204?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Connect to and consume Azure services and third-party services questions for AZ-204?

Yes — the session launcher on this page draws questions exclusively from the Connect to and consume Azure services and third-party services domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your AZ-204 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

AZ-104AZ-400AZ-900