Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Connect to and consume Azure services and third-party services practice sets

AZ-204 Connect to and consume Azure services and third-party services • Complete Question Bank

AZ-204 Connect to and consume Azure services and third-party services — All Questions With Answers

Complete AZ-204 Connect to and consume Azure services and third-party services question bank — all 0 questions with answers and detailed explanations.

266
Questions
Free
No signup
Certifications/AZ-204/Practice Test/Connect to and consume Azure services and third-party services/All Questions
Question 1mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

A retail system uses Azure Service Bus to process orders. Each order has multiple messages (e.g., payment, shipping, confirmation) that must be processed in sequence. You need to guarantee that all messages belonging to the same order are handled by the same consumer in order. Which Service Bus feature should you use?

Question 2hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

You manage an API in Azure API Management. You need to cache API responses such that different responses are returned based on the product subscription key used by the caller. Which set of policies should you implement?

Question 3easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company uses Azure Logic Apps to integrate with a third-party REST API. The API has a rate limit of 100 requests per minute. You need to ensure that the Logic App respects this limit. Which connector feature should you configure?

Question 4mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an API that needs to send notifications to multiple subscribers. Each subscriber has a different callback URL, and you need to ensure each notification is sent exactly once and retried on failure. Which Azure service should you use?

Question 5mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You manage an API in Azure API Management. The API response varies depending on the caller's subscription key. You need to cache responses per subscription key to reduce backend load. Which policy configuration should you use?

Question 6mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You have an order processing system using Azure Service Bus. Each order generates multiple messages that must be processed in order and by the same consumer. Which Service Bus feature ensures this?

Question 7hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company uses Azure Service Bus to receive order messages. Each order message must be processed exactly once, and duplicate messages are not tolerated due to financial transactions. However, the order processing system sometimes fails and retries, leading to potential duplicates. What Service Bus feature should be enabled on the message to support idempotent processing?

Question 8easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company exposes an internal REST API to external partners using Azure API Management. They need to enforce a rate limit of 100 requests per minute per subscription. Which policy should they add?

Question 9mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You manage an API in Azure API Management. You need to enforce a rate limit of 200 requests per minute for each subscription key. Which policy should you include in the inbound policy section?

Question 10mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building a serverless workflow using Azure Logic Apps. The workflow must start when a new blob is uploaded to a specific container in Azure Blob Storage. Which trigger should you configure?

Question 11mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an Azure Logic App that must send a confirmation email to users after a purchase. Your company uses Office 365 for email and you want to use the corporate email address. Which connector should you use?

Question 12easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company uses Azure Logic Apps to automate business processes. They need to call an external REST API that requires OAuth 2.0 client credentials grant. Which connector should they use with minimal configuration?

Question 13easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company uses Azure Service Bus to decouple microservices. They need to ensure that messages are processed in the order they are received, and that each message is handled by exactly one consumer instance even when the system scales out. Which feature should they enable?

Question 14easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an Azure Logic App that must send an email notification when a new file is added to a SharePoint Online document library. Which connector and trigger should you use?

Question 15mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building a mobile app backend using Azure Functions. The function must send push notifications to devices using the Notification Hubs service. You need to authenticate the function to Notification Hubs using the principle of least privilege. What should you use?

Question 16mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an Azure Logic App that must connect to a third-party CRM system using a custom API. The API requires an API key in the header of every request. You need to securely store the API key and reference it in the Logic App. Which approach should you use?

Question 17mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an integration solution that connects an on-premises SQL Server database to Azure Data Factory. The on-premises network does not allow direct inbound connections from Azure. You need to securely transfer data from the database to Azure Blob Storage. Which data factory component should you use?

Question 18mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your company uses Azure Logic Apps to automate a business process. The process needs to call an external REST API that requires an API key passed in the Authorization header. You need to store the API key securely and reference it in the Logic App. Which approach should you use?

Question 19mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an Azure Logic App that must consume messages from an Azure Service Bus queue. The queue messages are JSON payloads containing order information. The Logic App must process each message exactly once and in the order they are received. You need to configure the trigger in the Logic App. Which trigger type and property should you choose?

Question 20mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an Azure Logic App that must send email notifications via Office 365 when a new order is placed. You need to securely store the Office 365 credentials and reference them in the Logic App. Which approach should you use?

Question 21easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an Azure Logic App that must call a third-party REST API. The API requires an API key passed as a query parameter. You need to store the API key securely and automatically add it to each request. Which approach should you use?

Question 22mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an Azure Logic App that must call an external API secured with OAuth 2.0 Client Credentials flow. The external API is registered in a different Microsoft Entra ID tenant. You need to obtain an access token and add it to the request headers. Which action and authentication configuration should you use?

Question 23easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your company uses Azure Logic Apps to automate workflows. A workflow must call an external REST API that requires an API key in the header. You need to securely store the API key and reference it in the Logic App without exposing it in the workflow definition. What should you do?

Question 24mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an Azure Logic App that must call a third-party REST API secured with OAuth 2.0 Client Credentials flow. The client ID and client secret are stored in Azure Key Vault. You need to securely obtain an access token and include it in requests to the API. Which approach should you use in the Logic App?

Question 25easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an Azure Logic App that must call an external REST API. The API requires an API key passed in the Authorization header. You need to store the API key securely and reference it in the Logic App without exposing it in the workflow definition. What should you do?

Question 26easymultiple choice
Study the full multicast explanation →

Your company uses Azure API Management (APIM) to expose several APIs. One of the backend APIs requires an API key that is stored in Azure Key Vault. You need to configure APIM to retrieve the API key from Key Vault and pass it to the backend in a header without exposing the key in policy definitions. Which APIM feature should you use?

Question 27mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an Azure Logic App that must call an external API that uses the OAuth 2.0 authorization code grant. The API requires the user to sign in interactively to grant consent. You want to minimize development effort and securely manage the token lifecycle. Which built-in action and authentication method should you use?

Question 28hardmultiple choice
Read the full VPN explanation →

Your company has an on-premises Windows service that exposes a custom TCP endpoint. You are building an Azure Logic App that needs to send data to this endpoint. Due to network security policies, you cannot open inbound ports in the firewall. You need to establish a secure bidirectional connection without configuring a VPN. Which Azure service should you use?

Question 29easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing an ASP.NET Core application that needs to access Azure Key Vault to retrieve secrets. You have enabled a managed identity for the App Service. Which Azure SDK class should you use to authenticate to Key Vault?

Question 30mediummultiple choice
Read the full NAT/PAT explanation →

You are building an Azure Logic App that needs to call an external HTTP API secured with OAuth 2.0 Client Credentials flow. The client ID and client secret are stored in Azure Key Vault. You need to obtain an access token and include it in the Authorization header of each request. Which combination of actions should you use within the Logic App?

Question 31mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an Azure Logic App that needs to call a third-party REST API. The API requires an API key to be passed in the 'X-API-Key' header. You have stored the API key as a secret in Azure Key Vault. The Logic App uses a managed identity that has read access to the Key Vault secret. You want to retrieve the API key securely at runtime and include it in the HTTP request. Which approach should you use?

Question 32easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an Azure Logic App that needs to call an external REST API. The API requires an API key to be passed in the 'X-API-Key' header. You have stored the API key as a secret in Azure Key Vault. The Logic App uses a managed identity that has read access to the Key Vault secret. You want to retrieve the API key securely at runtime and include it in the HTTP request. Which approach should you use?

Question 33mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an application that subscribes to an Azure Event Grid topic using a custom webhook endpoint. The endpoint is a web API hosted on Azure App Service. You need to ensure that only Event Grid can invoke your webhook endpoint, preventing unauthorized requests. What should you implement in your webhook endpoint?

Question 34mediummultiple choice
Study the full multicast explanation →

Your company has a set of REST APIs that are exposed through Azure API Management (APIM). One of the backend APIs is secured and requires an OAuth 2.0 access token from Microsoft Entra ID. The APIM instance has a system-assigned managed identity with permissions to request tokens for the backend API's scope. You need to configure APIM to automatically obtain a token and pass it to the backend API when requests come in. What should you do?

Question 35mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing a worker role that processes events from an Azure Event Hub. The worker runs on multiple virtual machines to ensure high availability. Each partition of the Event Hub should be processed by only one instance at a time, and events from the same partition must be processed in order. You need to manage partition leasing and checkpointing efficiently. Which Azure SDK class should you use?

Question 36mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an event-driven application that needs to publish messages to multiple independent subscribers. Each subscriber must be able to filter messages based on custom properties, and each subscriber must receive all messages that match its filter, even if other subscribers have different filters. The solution must guarantee message delivery. Which Azure messaging service should you use?

Question 37hardmultiple choice
Read the full NAT/PAT explanation →

You are developing a web application that relies on a third-party weather API. The API has a rate limit of 10 requests per second per API key. You need to ensure your application never exceeds this limit and also caches responses for 10 minutes to reduce call frequency. Which combination of Azure services should you implement?

Question 38mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are using Azure Event Grid to respond to blob storage events (blob created). You need to ensure that only JPEG image files trigger a function for processing, while other files are ignored. The number of files is high, and you want to minimize cost and latency. How should you filter events?

Question 39mediummultiple choice
Study the full multicast explanation →

You manage a set of APIs using Azure API Management (APIM). One backend API requires an API key passed in the 'X-API-Key' header. The API key is stored securely in a named value in APIM. You need to configure APIM to add this header to all requests to that backend without exposing the key to API consumers. Which policy should you add to the inbound processing for that API?

Question 40mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an Azure Logic App that needs to call an external API secured with OAuth 2.0 client credentials flow. You have registered an application in Microsoft Entra ID with client ID 'myClientId' and client secret stored in Key Vault. Which action should you use to authenticate?

Question 41mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You have an Azure Event Grid topic that receives storage blob created events. You only want to process events for files with a '.jpg' extension. You need to minimize cost and latency. How should you filter the events?

Question 42mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an Azure Logic App that calls an external REST API secured with the OAuth 2.0 client credentials flow. You have registered an app in Microsoft Entra ID with client ID and client secret stored in Azure Key Vault. The Logic App uses a system-assigned managed identity with Get permission on the secret. Which action should you use in the Logic App designer to authenticate to the API?

Question 43mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an Azure Logic App that processes orders. When an order is placed, the Logic App must send a message to an Azure Service Bus queue. The queue is secured using managed identity. Which connector action should you use?

Question 44hardmultiple choice
Read the full NAT/PAT explanation →

You are building a solution that processes events from multiple Azure Event Hubs. Events must be dispatched to different downstream services based on the event type. You need a serverless solution that can handle high throughput and uses managed identity to authenticate to Event Hubs. Which Azure service should you use?

Question 45mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

An application publishes order events that multiple independent subscribers must process. Subscribers may be added later without changing the publisher. Which Azure messaging service should be used?

Question 46hardmultiple choice
Read the full NAT/PAT explanation →

A system receives high-volume event notifications from Azure resources and routes them to serverless handlers. Events are lightweight and should use native event routing. Which service should be used?

Question 47mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

A developer exposes several backend APIs through Azure API Management. Clients must be throttled by subscription to protect the backend. What should be configured?

Question 48hardmulti select
Read the full Connect to and consume services and third-party services explanation →

A function consumes messages from Azure Service Bus. Which two settings help handle transient failures safely?

Question 49mediummultiple choice
Read the full NAT/PAT explanation →

An application calls a third-party shipping API through HTTP. The developer must implement retries without overwhelming the remote system during partial outages. Which retry pattern is best?

Question 50mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

An application publishes order events that multiple independent subscribers must process. Subscribers may be added later without changing the publisher. Which Azure messaging service should be used? The design must avoid adding custom operational scripts.

Question 51hardmultiple choice
Read the full NAT/PAT explanation →

A system receives high-volume event notifications from Azure resources and routes them to serverless handlers. Events are lightweight and should use native event routing. Which service should be used? The design must avoid adding custom operational scripts.

Question 52mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

A developer exposes several backend APIs through Azure API Management. Clients must be throttled by subscription to protect the backend. What should be configured? The design must avoid adding custom operational scripts.

Question 53hardmulti select
Read the full Connect to and consume services and third-party services explanation →

A function consumes messages from Azure Service Bus. Which two settings help handle transient failures safely? The design must avoid adding custom operational scripts.

Question 54mediummultiple choice
Read the full NAT/PAT explanation →

An application calls a Event Grid event stream through HTTP. The developer must implement retries without overwhelming the remote system during partial outages. Which retry pattern is best?

Question 55mediummultiple choice
Read the full NAT/PAT explanation →

An application publishes order events that multiple independent subscribers must process. Subscribers may be added later without changing the publisher. Which Azure messaging service should be used? The architecture review board prefers a managed AWS-native control.

Question 56hardmultiple choice
Read the full NAT/PAT explanation →

A system receives high-volume event notifications from Azure resources and routes them to serverless handlers. Events are lightweight and should use native event routing. Which service should be used? The architecture review board prefers a managed AWS-native control.

Question 57mediummultiple choice
Read the full NAT/PAT explanation →

A developer exposes several backend APIs through Azure API Management. Clients must be throttled by subscription to protect the backend. What should be configured? The architecture review board prefers a managed AWS-native control.

Question 58hardmulti select
Read the full NAT/PAT explanation →

A function consumes messages from Azure Service Bus. Which two settings help handle transient failures safely? The architecture review board prefers a managed AWS-native control.

Question 59mediummultiple choice
Read the full NAT/PAT explanation →

An application calls a Service Bus topic through HTTP. The developer must implement retries without overwhelming the remote system during partial outages. Which retry pattern is best?

Question 60mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

An application publishes order events that multiple independent subscribers must process. Subscribers may be added later without changing the publisher. Which Azure messaging service should be used? The team wants the control to be enforceable during normal operations.

Question 61mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

Three analytics pipelines each need to read every event from the same Azure Event Hub: one pipeline archives events to cold storage, one computes real-time aggregations, and one feeds a machine learning model. How should the developer configure Event Hubs to allow all three to consume independently without interfering with each other?

Question 62easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

Messages failing to process are redelivered by Azure Service Bus. After a message has been delivered and abandoned the maximum number of times (MaxDeliveryCount), where does Service Bus move the message?

Question 63mediummultiple choice
Study the full multicast explanation →

Backend APIs exposed through Azure API Management are consumed by multiple subscribers. The product owner wants to prevent any single subscriber from sending more than 100 requests per minute, while allowing subscribers with heavier plans to have higher limits configured separately. Which APIM policy implements per-subscriber rate limiting?

Question 64easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

The mobile app team needs to send push notifications to 10 million devices running both iOS and Android. On iOS, notifications go through Apple Push Notification service (APNs); on Android, through Firebase Cloud Messaging (FCM). The team wants a single Azure service that abstracts platform differences and scales without managing separate APNs and FCM integrations per platform. Which service should they use?

Question 65easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

A business process requires sending an approval email, waiting up to 48 hours for a manager's response, and then updating a SharePoint list based on the decision. The process owner has no programming experience and wants to build this without writing code. Which Azure service is the most appropriate?

Question 66mediumdrag order
Read the full Connect to and consume services and third-party services explanation →

Arrange the steps to deploy a containerized application to Azure Container Instances (ACI) from Azure Container Registry (ACR) in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 67mediumdrag order
Read the full Connect to and consume services and third-party services explanation →

Arrange the steps to implement Azure Blob Storage lifecycle management to archive blobs after 30 days in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 68mediummatching
Read the full Connect to and consume services and third-party services explanation →

Match each Azure caching service to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

In-memory data store based on Redis

Content delivery network for static assets

Global HTTP load balancer and web application firewall

Regional HTTP load balancer with SSL termination

Question 69mediummatching
Read the full Connect to and consume services and third-party services explanation →

Match each Azure DevOps component to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Git repositories for source control

CI/CD for building and deploying code

Agile project management with Kanban boards

Package management for Maven, npm, NuGet

Question 70mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company uses Azure Functions with an HTTP trigger and Azure Cosmos DB. They need to securely store connection strings for Cosmos DB and rotate them automatically every 90 days. Which service should they use?

Question 71easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

A developer is building a solution that sends emails via SendGrid from Azure. Which Azure service should they use to integrate with SendGrid?

Question 72hardmultiple choice
Read the full network assurance explanation →

An application uses Azure Event Hubs to ingest telemetry data. The team wants to process the data in near real-time and store aggregated results in Azure SQL Database. Which Azure service should they use?

Question 73mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company uses Azure DevOps to deploy microservices to Azure Kubernetes Service (AKS). They need to securely pull container images from Azure Container Registry (ACR) during deployment without storing credentials. Which authentication method should they use?

Question 74easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

A developer needs to call a third-party REST API from an Azure Function app. The API requires OAuth2 client credentials flow. Which approach should they use to securely store and retrieve the client secret?

Question 75hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company uses Azure Service Bus for messaging between microservices. They need to ensure that messages are processed in order within a partition. Which feature should they enable?

Question 76mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

An application uses Azure Redis Cache to improve performance. The team notices that cache misses are high and the cache is not effectively reducing database load. What should they do to improve cache hit ratio?

Question 77easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

A developer needs to deploy a web app that uses Azure SQL Database. They want to connect to the database using a connection string without storing it in code. Which feature of Azure App Service should they use?

Question 78hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company has an Azure Function app that processes messages from an Azure Storage queue. The function fails intermittently with timeout exceptions when the queue has many messages. What is the best approach to handle this?

Question 79mediummulti select
Read the full NAT/PAT explanation →

Which TWO services can be used to implement a publish-subscribe messaging pattern in Azure?

Question 80mediummulti select
Read the full Connect to and consume services and third-party services explanation →

A developer needs to authenticate an Azure Function app to call Microsoft Graph API. Which THREE components are required?

Question 81mediummulti select
Read the full Connect to and consume services and third-party services explanation →

Which TWO approaches can be used to securely connect an Azure web app to an on-premises database without exposing it to the internet?

Question 82mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing a .NET Core web application that needs to send an email notification when a user registers. You decide to use Azure Communication Services Email. Which authentication method should you use to securely connect from your application to Azure Communication Services?

Question 83hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your Azure Function app needs to call a third-party REST API that requires OAuth 2.0 client credentials flow. The API expects a JWT token signed with a client certificate. You want to store the certificate securely and rotate it automatically. Which Azure service and feature should you use?

Question 84easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building a solution that processes orders and needs to send order confirmation emails reliably. You choose Azure Logic Apps with a Gmail connector. However, you are concerned about hitting Gmail's sending limits. What should you do to handle this?

Question 85mediummultiple choice
Study the full multicast explanation →

You are implementing Azure API Management (APIM) to expose a legacy SOAP service as a modern REST API. The SOAP service requires WS-Security UsernameToken authentication. How should you configure APIM to handle this?

Question 86hardmultiple choice
Read the full network assurance explanation →

You develop an IoT solution using Azure IoT Hub. Devices send telemetry data that must be processed by a custom Azure Function. You need to ensure that the Function processes messages in order per device and exactly once. Which IoT Hub feature should you use?

Question 87easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your web app hosted on Azure App Service needs to consume an external SaaS API that requires an API key. The key must be stored securely and rotated without redeploying the app. What is the best approach?

Question 88mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are designing a microservices architecture where each service needs to publish events to multiple subscribers. You choose Azure Event Grid. However, one of the subscribers is a third-party service that requires HTTPS endpoint and custom headers in the event delivery. How should you configure Event Grid?

Question 89hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your team is migrating a legacy application to Azure. The application uses a proprietary database that is not supported by Azure SQL or Cosmos DB. You need to provide a managed database service with minimal rearchitecture. Which Azure service should you use?

Question 90easymultiple choice
Study the full Python automation breakdown →

You need to consume an Azure Cognitive Services Text Analytics API from a Python application. The API requires a subscription key. Where should you store the key to ensure security?

Question 91mediummulti select
Read the full Connect to and consume services and third-party services explanation →

Which TWO are valid ways to authenticate to Azure Service Bus from an application? (Choose two.)

Question 92hardmulti select
Read the full Connect to and consume services and third-party services explanation →

Which THREE are benefits of using Azure API Management for consuming third-party APIs? (Choose three.)

Question 93mediummulti select
Read the full Connect to and consume services and third-party services explanation →

Which TWO are correct ways to securely store and access secrets for Azure Functions? (Choose two.)

Question 94mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are reviewing an ARM template that deploys an Azure App Service. The template sets an app setting 'MyApiKey' that references a Key Vault secret. However, the deployment fails with an error that the app service cannot access the secret. What is the most likely cause?

Exhibit

Refer to the exhibit.
```json
{
  "type": "Microsoft.Web/sites/config",
  "apiVersion": "2022-03-01",
  "name": "appsettings",
  "properties": {
    "MyApiEndpoint": "https://api.contoso.com",
    "MyApiKey": "@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/MyApiKey/)"
  }
}
```
Question 95hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are querying Azure Monitor metrics using Kusto Query Language (KQL). The query is supposed to return average metric values per hour per resource provider, but it returns no results. What is the most likely issue?

Exhibit

Refer to the exhibit.
```sql
SELECT 
  bin(TimeGenerated, 1h) AS TimeHour,
  ResourceProvider,
  AVG(Value) AS AvgValue
FROM metrics
WHERE TimeGenerated > ago(1d)
GROUP BY bin(TimeGenerated, 1h), ResourceProvider
| order by TimeHour asc
```
Question 96easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You run the above PowerShell script to upload a blob to Azure Storage. The script fails with an error. Which part of the script is causing the failure?

Exhibit

Refer to the exhibit.
```powershell
$connectionString = "DefaultEndpointsProtocol=https;AccountName=mystorageaccount;AccountKey=mykey;EndpointSuffix=core.windows.net"
$container = "mycontainer"
$blobName = "myblob.txt"
$content = "Hello World"
$ctx = New-AzStorageContext -ConnectionString $connectionString
Set-AzStorageBlobContent -Context $ctx -Container $container -File $content -Blob $blobName
```
Question 97easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your company is building a microservices application on Azure Kubernetes Service (AKS). The application must securely access Azure Key Vault to retrieve secrets. Which identity type should you use for the pods?

Question 98mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

A web app running on Azure App Service must integrate with Microsoft Graph API to read user profiles. The app is registered in Microsoft Entra ID and uses the OAuth 2.0 authorization code flow. However, after deployment, the app fails to acquire tokens. What is the most likely cause?

Question 99hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing a solution that processes events from Azure Event Hubs and stores them in Azure Blob Storage. The processing must be idempotent and exactly-once. Which approach should you use?

Question 100easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your company wants to send email notifications to users via a third-party email service (SendGrid) from an Azure Logic App. What is the recommended way to securely store the SendGrid API key?

Question 101mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing a mobile app that uses Azure Cognitive Services to analyze images. The app must authenticate to the Computer Vision API using a key that is rotated monthly. What is the best practice for handling the key?

Question 102hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are designing a solution that reads messages from an Azure Service Bus queue and processes them using an Azure Function. The function must process messages in order and ensure no duplicate processing. Which configuration should you use?

Question 103easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your company uses Azure API Management to expose APIs to external partners. You need to enforce throttling limits per subscription key. Which policy should you add?

Question 104mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing a serverless application using Azure Functions that processes orders. Each order must be validated by calling a third-party API. If the third-party API is unavailable, the function should retry with exponential backoff. How should you implement this?

Question 105hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your Azure App Service app uses SignalR Service to push real-time updates to clients. You notice that some clients are disconnected after 30 minutes of inactivity. What is the most likely cause and solution?

Question 106easymulti select
Read the full Connect to and consume services and third-party services explanation →

Which TWO authentication mechanisms can be used to authenticate an Azure Function to Azure Storage?

Question 107mediummulti select
Read the full NAT/PAT explanation →

Which THREE services can be used to implement a pub/sub messaging pattern in Azure?

Question 108hardmulti select
Read the full Connect to and consume services and third-party services explanation →

Which TWO are best practices for securing an Azure API Management instance?

Question 109mediummultiple choice
Study the full ACL explanation →

You are reviewing an Azure Policy definition that applies to storage accounts. The policy has an effect of 'deny' and specifies network ACLs. What is the intended behavior of this policy?

Exhibit

Refer to the exhibit.
```json
{
  "properties": {
    "description": "Allow access to storage account from specific virtual network",
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.Storage/storageAccounts"
      },
      "then": {
        "effect": "deny",
        "details": {
          "networkAcls": {
            "defaultAction": "Deny",
            "virtualNetworkRules": [
              {
                "id": "/subscriptions/sub-id/resourceGroups/rg/providers/Microsoft.Network/virtualNetworks/vnet1",
                "action": "Allow"
              }
            ]
          }
        }
      }
    }
  }
}
```
Question 110hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are deploying this ARM template. After deployment, you want to ensure that all traffic to the storage account uses HTTPS. However, you notice that HTTP requests are still accepted. What is the most likely reason?

Exhibit

Refer to the exhibit.
```json
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "storageAccountName": {
      "type": "string"
    }
  },
  "resources": [
    {
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2021-09-01",
      "name": "[parameters('storageAccountName')]",
      "location": "[resourceGroup().location]",
      "sku": {
        "name": "Standard_LRS"
      },
      "kind": "StorageV2",
      "properties": {
        "supportsHttpsTrafficOnly": true
      }
    }
  ]
}```
Question 111easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are using Azure CLI to upload a blob using your Azure AD credentials (--auth-mode login). The command fails with an authorization error. What is the most likely cause?

Network Topology
az storage blob uploadaccount-name mystoragecontainer-name mycontainername myblobfile myfile.txtauth-mode loginRefer to the exhibit.```
Question 112mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company is developing an application that processes orders. The application uses Azure Service Bus queues to decouple order submission from processing. During peak hours, some messages are not processed within the required time, causing order delays. The team needs to increase throughput without changing the existing message processing logic. What should they do?

Question 113easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

A web app needs to access Azure Key Vault secrets for database credentials. The app runs as a managed identity in Azure App Service. Which authentication method should be used to retrieve secrets without storing credentials in the app code?

Question 114hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company uses Azure Cosmos DB for a global e-commerce platform. They need to query product inventory across multiple regions with low latency. The data is partitioned by product category. Some queries filter on category and price range. What indexing policy should be configured to optimize these queries?

Question 115mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company runs a microservices application on Azure Kubernetes Service (AKS). One service needs to securely access an Azure SQL Database. The solution should avoid storing connection strings in code or configuration. What should they use?

Question 116easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

A developer is building a function app that processes messages from an Azure Storage queue. The function must scale automatically based on queue length. Which hosting plan supports this automatic scaling?

Question 117hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company uses Azure API Management to expose APIs. They need to enforce rate limiting per subscription key and also allow a burst of requests for a short period. Which policy should they apply?

Question 118mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company integrates an Azure Logic App with Microsoft Teams to send notifications when a new file is added to an Azure Blob storage container. The Logic App currently polls the blob container every minute. They want to reduce latency and avoid polling. What should they do?

Question 119easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

A developer needs to store session state for a web app that runs on multiple instances behind a load balancer. The state must be persisted across restarts. Which Azure service should they use?

Question 120hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company has an Azure Service Bus namespace with a topic that receives high-throughput messages. They need to ensure that if a subscriber fails, messages are not lost and can be replayed. The subscriber is a client application that uses the PeekLock receive mode. What should they configure?

Question 121mediummulti select
Read the full NAT/PAT explanation →

Which TWO Azure services can be used to implement a pub/sub messaging pattern for decoupling microservices? (Choose two.)

Question 122hardmulti select
Read the full Connect to and consume services and third-party services explanation →

Which THREE actions should be taken to secure an Azure App Service web app that accesses an Azure SQL Database? (Choose three.)

Question 123easymulti select
Read the full Connect to and consume services and third-party services explanation →

Which TWO Azure services can be used to trigger an Azure Function in response to a new blob being added to an Azure Storage account? (Choose two.)

Question 124mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

Refer to the exhibit. An Azure App Service deployment is configured using this ARM template snippet. The web app is built from a GitHub repository. However, when a pull request is merged to main, the app does not automatically deploy. What is the most likely cause?

Exhibit

{
  "type": "Microsoft.Web/sites/sourcecontrols",
  "properties": {
    "repoUrl": "https://github.com/contoso/app.git",
    "branch": "main",
    "isManualIntegration": false,
    "gitHubActionConfiguration": {
      "codeConfiguration": {
        "runtimeStack": "dotnetcore|8.0",
        "runtimeVersion": "8.0"
      }
    }
  }
}
Question 125hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Refer to the exhibit. You are deploying an API in Azure API Management using an ARM template. The API is configured to use OAuth 2.0 authentication. The deployment fails with a validation error. What is the most likely cause?

Exhibit

{
  "resources": [
    {
      "type": "Microsoft.ApiManagement/service/apis",
      "apiVersion": "2022-08-01",
      "name": "[concat(parameters('apimServiceName'), '/myapi')]",
      "properties": {
        "displayName": "My API",
        "path": "myapi",
        "protocols": ["https"],
        "serviceUrl": "https://mybackend.azurewebsites.net",
        "authenticationSettings": {
          "oAuth2": {
            "authorizationServerId": "auth-server-1",
            "scope": "read write"
          }
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.ApiManagement/service/authorizationServers', parameters('apimServiceName'), 'auth-server-1')]"
      ]
    }
  ]
}
Question 126mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

Refer to the exhibit. An Azure OpenAI Service account is deployed with this ARM template. After deployment, a developer tries to call the OpenAI endpoint from an Azure App Service that has no public IP. The request is blocked. What change should be made to allow access?

Exhibit

{
  "type": "Microsoft.CognitiveServices/accounts",
  "apiVersion": "2023-05-01",
  "name": "myopenai",
  "location": "eastus",
  "kind": "OpenAI",
  "sku": {
    "name": "S0"
  },
  "properties": {
    "customSubDomainName": "myopenai",
    "networkAcls": {
      "defaultAction": "Deny",
      "ipRules": [
        {
          "value": "203.0.113.0/24"
        }
      ]
    }
  }
}
Question 127easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing a solution that needs to retrieve secrets from Azure Key Vault. The solution will run as an Azure App Service managed identity. Which authentication method should you use?

Question 128mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are configuring an Azure Event Grid subscription to trigger an Azure Function when a blob is created in a storage account. However, the function is not being triggered. You have verified that the function endpoint is reachable and the storage account is in the same region. What is the most likely cause?

Question 129hardmultiple choice
Read the full NAT/PAT explanation →

You are designing a solution that requires asynchronous processing of messages from an Azure Service Bus queue. The solution must guarantee at-least-once delivery and handle poison messages automatically. Which combination of Service Bus features should you use?

Question 130easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing an application that needs to store and retrieve large binary objects (up to 5 TB) in Azure Blob Storage. The application requires the ability to access data from any URL via HTTP/HTTPS. Which Blob Storage access tier should you use?

Question 131mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are implementing a custom API that calls a downstream API secured with OAuth 2.0. The downstream API requires a client credentials grant flow. You need to securely store the client secret and obtain an access token. What should you use?

Question 132hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are using Azure API Management to expose a legacy SOAP API as a RESTful API. The SOAP API has complex XML schemas. You need to transform the SOAP response to JSON. Which policy should you use?

Question 133easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You need to process large volumes of streaming data from IoT devices in near real-time. The processed data must be stored in Azure Cosmos DB for further analysis. Which Azure service should you use for stream processing?

Question 134mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing a microservice that needs to publish events to multiple subscribers. Each subscriber should receive the event independently and at its own pace. The event must be retained for up to 7 days. Which Azure messaging service should you use?

Question 135hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are using Azure Cognitive Search to index documents stored in Azure Blob Storage. The indexer is failing with the error 'Data source credentials are invalid.' You have verified that the connection string for the storage account is correct. What is the most likely cause?

Question 136mediummultiple choice
Review the full subnetting walkthrough →

Refer to the exhibit. You are deploying an ARM template that includes the above network security group rule. The rule is intended to block all outbound internet traffic from a virtual network. However, after deployment, virtual machines in the subnet still have outbound internet access. What is the most likely reason?

Exhibit

Refer to the exhibit.

{
  "type": "Microsoft.Network/networkSecurityGroups/securityRules",
  "apiVersion": "2021-02-01",
  "name": "DenyInternetOutbound",
  "properties": {
    "priority": 100,
    "direction": "Outbound",
    "access": "Deny",
    "sourceAddressPrefixes": ["VirtualNetwork"],
    "destinationAddressPrefixes": ["Internet"],
    "destinationPortRanges": ["*"],
    "protocol": "*",
    "sourcePortRange": "*"
  }
}
Question 137hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Refer to the exhibit. You run the above Azure CLI command to upload a blob to Azure Blob Storage. The command fails with the error 'This request is not authorized to perform this operation.' You have verified that the storage account name and container name are correct, and the file exists. What should you do to resolve the error?

Exhibit

Refer to the exhibit.

az storage blob upload \
  --account-name mystorageaccount \
  --container-name mycontainer \
  --name myblob \
  --file /path/to/file \
  --auth-mode key
Question 138mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

Refer to the exhibit. You are configuring Azure Monitor autoscale for a virtual machine scale set using the above JSON metric configuration. The autoscale rule is supposed to scale out when average memory usage exceeds 80%. However, autoscale is not triggering even when memory usage is consistently above 90%. What is the most likely cause?

Exhibit

Refer to the exhibit.

{
  "version": "1.0",
  "aggregation": {
    "aggregationInterval": "00:05:00",
    "aggregationType": "Average"
  },
  "effectiveStartTime": "2023-01-01T00:00:00Z",
  "effectiveEndTime": "2023-12-31T23:59:59Z",
  "metrics": [
    {
      "name": "MemoryPercent",
      "displayName": "Memory Usage",
      "unit": "Percent",
      "aggregationType": "Average",
      "dimensions": []
    }
  ]
}
Question 139easymulti select
Read the full NAT/PAT explanation →

Which TWO services can be used to implement a pub/sub messaging pattern in Azure? (Choose two.)

Question 140mediummulti select
Read the full Connect to and consume services and third-party services explanation →

Which THREE actions should you take to securely access Azure Key Vault from an Azure App Service? (Choose three.)

Question 141hardmulti select
Read the full Connect to and consume services and third-party services explanation →

Which THREE are best practices for implementing an API using Azure API Management? (Choose three.)

Question 142easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing an application that needs to retrieve secrets from Azure Key Vault. The application will run as an Azure Functions app. Which authentication method should you use to access Key Vault?

Question 143mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your company has an Azure Logic App that processes orders by calling a third-party REST API using an HTTP trigger. Recently, the API provider changed their authentication to require OAuth 2.0 with client credentials. The Logic App currently uses a basic authentication header. What should you do to update the Logic App?

Question 144hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are designing a solution to send email notifications from an Azure App Service web app. The app must use a third-party email service that requires an API key. You need to minimize management overhead and ensure the key is rotated automatically. What should you do?

Question 145easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company uses Azure Functions to process messages from Azure Service Bus. The function needs to scale out during high load. Which consumption plan should you choose to enable automatic scaling?

Question 146mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing a microservice that processes images. After processing, it needs to store the result in Azure Blob Storage and send a message to Azure Service Bus for further processing. Which Azure SDK client should you use to minimize overhead?

Question 147hardmultiple choice
Study the full multicast explanation →

Your organization uses Azure API Management (APIM) to expose internal APIs to external partners. You need to ensure that only partners with a valid subscription key can access the APIs. Additionally, you want to log all requests for auditing. Which APIM policy should you implement?

Question 148easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building a solution that needs to send millions of events per second to Azure for processing. Which Azure service should you use to ingest the events?

Question 149mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

A developer writes an Azure Function that uses the Azure.Storage.Blobs SDK to upload a file to Blob Storage. The function runs locally but fails when deployed to Azure with a '403 Forbidden' error. What is the most likely cause?

Question 150hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

You have an Azure Function that processes messages from an Event Hubs event stream. The function is failing with 'Message lock lost' errors. The processing time per event is about 10 minutes. What should you do to resolve the errors?

Question 151mediummulti select
Read the full Connect to and consume services and third-party services explanation →

Which TWO authentication methods can be used to connect an Azure App Service to an Azure SQL Database without storing connection strings in code or configuration files?

Question 152hardmulti select
Read the full Connect to and consume services and third-party services explanation →

Which THREE Azure services can be used to trigger an Azure Function when a new blob is uploaded to a storage account?

Question 153easymulti select
Read the full NAT/PAT explanation →

Which TWO Azure services can be used to implement a publish-subscribe messaging pattern?

Question 154hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Refer to the exhibit. The exhibit shows an Azure Event Grid subscription configuration. You notice that the webhook endpoint is not receiving events when a .png file is uploaded to the 'images' container. What is the most likely reason?

Exhibit

{
  "properties": {
    "enabled": true,
    "events": [
      "Microsoft.Storage.BlobCreated",
      "Microsoft.Storage.BlobDeleted"
    ],
    "destination": {
      "endpointType": "WebHook",
      "properties": {
        "endpointUrl": "https://myapp.azurewebsites.net/api/events"
      }
    },
    "filter": {
      "subjectBeginsWith": "/blobServices/default/containers/images/",
      "subjectEndsWith": ".jpg"
    }
  }
}
Question 155mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

Refer to the exhibit. You executed the Azure CLI command to create a storage account. Later, you attempt to connect from an application that uses TLS 1.1. The connection fails. What is the most likely reason?

Network Topology
az storage account createname mystorageaccountresource-group myResourceGrouplocation eastussku Standard_GRSkind StorageV2min-tls-version 1.2
Question 156hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Refer to the exhibit. You deploy the ARM template to create an Azure Key Vault. After deployment, you attempt to add an access policy to grant a user 'Get' secret permissions using the Azure portal, but the option is grayed out. What is the most likely reason?

Exhibit

{
  "type": "Microsoft.KeyVault/vaults",
  "apiVersion": "2022-07-01",
  "name": "myKeyVault",
  "location": "[resourceGroup().location]",
  "properties": {
    "sku": {
      "family": "A",
      "name": "standard"
    },
    "tenantId": "[subscription().tenantId]",
    "accessPolicies": [],
    "enabledForDeployment": false,
    "enabledForDiskEncryption": false,
    "enabledForTemplateDeployment": false,
    "enableSoftDelete": true,
    "softDeleteRetentionInDays": 90,
    "enableRbacAuthorization": true
  }
}
Question 157easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company develops a web app that processes images uploaded by users. The app uses Azure Cognitive Services to analyze images for moderation. The solution must minimize latency when calling the Cognitive Services endpoint. Which service should the developer use to call the endpoint?

Question 158mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company uses Azure Logic Apps to integrate with a third-party CRM system. The CRM API requires OAuth 2.0 authentication. The developer needs to securely store the client secret and refresh token. Which Azure service should the developer use?

Question 159hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

A developer is building a microservices application on Azure Kubernetes Service (AKS). One service needs to consume messages from an Azure Service Bus queue. The solution must minimize cost and automatically scale based on the number of messages. Which approach should the developer choose?

Question 160easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company wants to send email notifications from an Azure Function app. The function app runs on a Consumption plan. Which service should be used to send emails?

Question 161mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

A developer is configuring a web app to authenticate users with Microsoft Entra ID. The web app needs to call a downstream API that also uses Microsoft Entra ID for authentication. The developer must ensure that the web app can securely obtain access tokens for the downstream API. Which authentication flow should the developer implement?

Question 162hardmultiple choice
Study the full multicast explanation →

A company uses Azure API Management (APIM) to expose a set of REST APIs. A new requirement mandates that all API calls must be throttled per user based on usage tiers (Free, Basic, Premium). User identity is provided via a JWT token. Which policy should the developer configure in APIM to enforce this throttling?

Question 163easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

A developer is building an application that needs to store and retrieve large binary files (e.g., images, videos). The application runs on Azure Virtual Machines. Which Azure service provides the most cost-effective storage for these files?

Question 164mediummultiple choice
Read the full NAT/PAT explanation →

An application uses Azure Functions with a Durable Functions extension to orchestrate a workflow. The workflow calls multiple external APIs. The developer needs to handle transient failures when calling these APIs. Which pattern should the developer implement?

Question 165hardmultiple choice
Read the full network assurance explanation →

A company uses Azure Event Hubs to ingest telemetry data from IoT devices. The data is processed by a stream analytics job that outputs to Azure Data Lake Storage Gen2. The developer needs to ensure that the stream analytics job can authenticate to Event Hubs without storing connection strings in code. Which authentication method should the developer use?

Question 166mediummulti select
Read the full Connect to and consume services and third-party services explanation →

Which TWO services can be used to implement serverless event-driven architectures in Azure? (Choose 2)

Question 167hardmulti select
Read the full Connect to and consume services and third-party services explanation →

Which THREE factors should be considered when choosing between Azure Service Bus and Azure Event Hubs for a messaging solution? (Choose 3)

Question 168easymulti select
Read the full Connect to and consume services and third-party services explanation →

Which TWO Azure services can be used to store and manage secrets, such as API keys and connection strings? (Choose 2)

Question 169easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

Refer to the exhibit. A developer is creating an Azure Data Factory pipeline to copy data from Azure Blob Storage to Azure SQL Database. The pipeline fails with a timeout error when copying large files. Which action should the developer take to resolve the issue?

Exhibit

Refer to the exhibit.

```json
{
  "type": "Microsoft.DataFactory/factories/pipelines",
  "properties": {
    "activities": [
      {
        "name": "CopyData",
        "type": "Copy",
        "inputs": [
          {
            "referenceName": "BlobInput",
            "type": "DatasetReference"
          }
        ],
        "outputs": [
          {
            "referenceName": "SqlOutput",
            "type": "DatasetReference"
          }
        ],
        "typeProperties": {
          "source": {
            "type": "BlobSource"
          },
          "sink": {
            "type": "SqlSink"
          }
        }
      }
    ]
  }
}
```
Question 170mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

Refer to the exhibit. A developer deploys this ARM template to create a web app with a connection string to Azure Cosmos DB. The deployment succeeds but the web app cannot connect to Cosmos DB. What is the most likely cause?

Exhibit

Refer to the exhibit.

```json
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.Web/sites",
      "apiVersion": "2021-03-01",
      "name": "[parameters('webAppName')]",
      "location": "[resourceGroup().location]",
      "properties": {
        "siteConfig": {
          "appSettings": [
            {
              "name": "CosmosDbConnectionString",
              "value": "[listKeys(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('cosmosAccountName')), '2021-04-15').primaryMasterKey]"
            }
          ]
        }
      }
    }
  ]
}
```
Question 171hardmultiple choice
Read the full network assurance explanation →

Refer to the exhibit. An Azure Function is configured with an Event Hub trigger to process telemetry data. The function uses the EventProcessorHost to read events. The developer notices that the function is not processing all events; some events are skipped. What is the most likely cause?

Exhibit

Refer to the exhibit.

```json
{
  "parameters": {
    "eventHubConnectionString": {
      "type": "securestring"
    },
    "storageAccountName": {
      "type": "string"
    }
  },
  "functions": [
    {
      "name": "EventProcessor",
      "type": "EventHubTrigger",
      "direction": "in",
      "eventHubName": "telemetry",
      "connection": "EventHubConnectionString",
      "cardinality": "many",
      "consumerGroup": "$Default"
    }
  ]
}
```
Question 172easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company uses Azure Functions to process orders. The function needs to read messages from an Azure Service Bus queue. Which binding should the developer configure in the function.json?

Question 173mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

A web app uses Azure Key Vault to store secrets. The app runs in a production environment and needs to authenticate to Key Vault without storing connection strings in configuration files. Which authentication method should be used?

Question 174hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

A microservices application deployed on Azure Kubernetes Service (AKS) needs to securely store and retrieve configuration settings. The configuration should be updated without redeploying containers. Which Azure service should be used?

Question 175mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Azure Logic Apps to integrate with a third-party SaaS application. The Logic App must send an HTTP request to the SaaS API and handle pagination. Which connector should be used?

Question 176easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

A developer is building an app that uses Azure Cognitive Services Text Analytics. The app needs to detect the language of text input. Which Azure SDK method should be called?

Question 177hardmultiple choice
Study the full multicast explanation →

A company uses Azure API Management (APIM) to expose APIs to external partners. They need to enforce rate limiting per subscription key. Which APIM policy should be configured?

Question 178mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

An app uses Azure Event Grid to publish events. The events must be delivered to an Azure Function that processes them. Which Event Grid event delivery model should be used?

Question 179hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

A company has an Azure App Service web app that reads from Azure Blob Storage. The app uses a connection string stored in app settings. Recently, the storage account key was rotated, and the app started throwing authentication errors. What should the developer do to resolve this issue without redeploying the app?

Question 180easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

A developer needs to store a large number of binary files (images) that are accessed frequently from a web app. Which Azure storage solution is most cost-effective?

Question 181mediummulti select
Read the full NAT/PAT explanation →

Which TWO Azure services can be used to implement a pub/sub messaging pattern?

Question 182hardmulti select
Study the full multicast explanation →

Which THREE considerations are important when designing a solution using Azure API Management (APIM) to secure backend APIs?

Question 183easymulti select
Read the full Connect to and consume services and third-party services explanation →

Which TWO Azure services can be used to store application configuration settings?

Question 184mediummultiple choice
Study the full multicast explanation →

Refer to the exhibit. The APIM policy is applied to an API. What is the effect of this policy?

Exhibit

{
  "type": "Microsoft.ApiManagement/service/apis/policies",
  "apiVersion": "2021-08-01",
  "properties": {
    "value": "<policies>\n  <inbound>\n    <base />\n    <rate-limit calls=\"10\" renewal-period=\"60\" />\n  </inbound>\n  <backend>\n    <base />\n  </backend>\n  <outbound>\n    <base />\n  </outbound>\n</policies>"
  }
}
Question 185hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Refer to the exhibit. A developer deploys this ARM template to create a blob container. Later, they attempt to upload a file to the container using a SAS token. What is the result?

Exhibit

{
  "type": "Microsoft.Storage/storageAccounts/blobServices/containers",
  "apiVersion": "2021-02-01",
  "name": "images-container",
  "properties": {
    "publicAccess": "None"
  }
}
Question 186mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

Refer to the exhibit. A developer runs this Azure CLI command to set an app setting for a web app. What is the impact on the web app?

Network Topology
resource-group myRGname myAppsettings "DBConnection=Server=tcp:myserver.database.windows.netDatabase=mydbUser ID=adminPassword=pass"
Question 187easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing a microservices application that needs to send messages between services asynchronously. Which Azure service should you use to decouple the components and ensure reliable message delivery?

Question 188mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your app uses Azure Key Vault to store secrets. You need to grant the app access to read secrets using managed identity. Which RBAC role should you assign to the app's managed identity?

Question 189hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building a solution that processes orders from multiple regions. Orders must be processed in the order they are received, but processing can take up to 5 minutes. You need to ensure exactly-once processing and minimize latency. Which Azure service and configuration should you use?

Question 190easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your web app needs to authenticate users with Microsoft Entra ID (formerly Azure AD). Which OAuth 2.0 flow should you use for a single-page application (SPA) that uses MSAL.js?

Question 191mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are using Azure Logic Apps to integrate with a third-party CRM. The CRM API requires OAuth 2.0 authentication with a client secret. The secret must be stored securely and rotated automatically. What should you do?

Question 192hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

You have an Azure Function app that processes messages from a Service Bus queue. The function uses the Service Bus trigger. You notice that under high load, some messages are processed multiple times. What is the most likely cause?

Question 193easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You need to call a third-party REST API from your Azure Function app. The API requires an API key in the header. Where should you store the API key to keep it secure?

Question 194mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are designing a solution that needs to relay events from an on-premises system to Azure Event Grid. The on-premises system cannot make outbound HTTPS calls. Which Azure service should you use as a bridge?

Question 195hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your application uses Azure Cosmos DB for NoSQL. You need to implement server-side computed properties that depend on multiple document fields. The computation must be performed atomically. Which approach should you use?

Question 196easymulti select
Read the full Connect to and consume services and third-party services explanation →

Which TWO Azure services can be used to implement serverless event-driven architectures?

Question 197mediummulti select
Read the full Connect to and consume services and third-party services explanation →

Which THREE are valid ways to authenticate an Azure app to an Azure resource using managed identities?

Question 198hardmulti select
Read the full Connect to and consume services and third-party services explanation →

Which TWO are best practices when using Azure Service Bus for high-throughput messaging?

Question 199easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing a web app that uses Azure Key Vault to retrieve secrets. The app must authenticate using a system-assigned managed identity. Which endpoint should you use to get an access token for Key Vault?

Question 200mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building an event-driven solution that processes orders from an Azure Storage Queue. Each order triggers an Azure Function. To improve reliability, you need to automatically retry processing if an exception occurs, but only up to 3 times. You must also preserve the original order message in a poison queue after max retries. Which configuration should you use in the function's host.json?

Question 201hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

You have an Azure API Management instance that exposes a REST API. You need to secure the API using OAuth 2.0 with Microsoft Entra ID. The API should accept tokens from multiple client applications. Which policy should you add to the inbound processing section?

Question 202mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building a solution that uses Azure Cosmos DB for NoSQL. You need to implement a change feed processor to handle real-time updates. The application runs on multiple instances to ensure high availability. Which lease container configuration ensures that each instance processes a distinct set of partitions?

Question 203easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are using Azure Blob Storage to store large media files. Clients upload files directly to the storage account using SAS tokens. You need to ensure that the SAS token expires 1 hour after creation. Which parameter should you set when generating the SAS token?

Question 204hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing a .NET Core application that uses Azure Service Bus queues. You need to implement a dead-lettering mechanism for messages that cannot be processed after 5 delivery attempts. Which property should you set on the queue to automate this?

Question 205mediummultiple choice
Review the full routing breakdown →

You are designing a solution that uses Azure Event Grid to handle events from multiple Azure services. The events must be filtered and routed to different endpoints based on event type. Which component should you use to filter events before they are sent to subscribers?

Question 206hardmultiple choice
Read the full NAT/PAT explanation →

You are using Azure Cache for Redis to cache frequently accessed database query results. You need to ensure that the cache is updated automatically when the underlying data changes. Which pattern should you implement?

Question 207easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You need to authenticate an Azure Function to an Azure SQL Database using a managed identity. The function has a system-assigned managed identity enabled. Which connection string setting should you use in the function's application settings?

Question 208mediummulti select
Read the full Connect to and consume services and third-party services explanation →

Which TWO actions should you take to securely store and retrieve secrets for an Azure App Service application? (Choose two.)

Question 209hardmulti select
Read the full Connect to and consume services and third-party services explanation →

Which THREE features of Azure API Management help enforce security policies for APIs? (Choose three.)

Question 210hardmulti select
Read the full Connect to and consume services and third-party services explanation →

Which TWO scenarios require the use of Azure Event Hubs over Azure Service Bus? (Choose two.)

Question 211mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

Refer to the exhibit. You are reviewing an ARM template for a storage account. A security audit requires that all storage accounts enforce TLS 1.2 or higher. Does this configuration meet the requirement?

Exhibit

{
  "resources": [
    {
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2021-09-01",
      "name": "[parameters('storageName')]",
      "location": "[resourceGroup().location]",
      "kind": "StorageV2",
      "sku": {
        "name": "Standard_LRS"
      },
      "properties": {
        "minimumTlsVersion": "TLS1_2",
        "supportsHttpsTrafficOnly": true
      }
    }
  ]
}
Question 212hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Refer to the exhibit. You are creating an Azure Service Bus queue using an ARM template. The requirement is that messages should be automatically dead-lettered after 3 failed delivery attempts. Does this configuration meet the requirement?

Exhibit

{
  "queues": [
    {
      "name": "orders",
      "maxDeliveryCount": 10,
      "lockDuration": "PT30S",
      "defaultMessageTimeToLive": "PT5M"
    }
  ]
}
Question 213hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your company deploys a microservices architecture on Azure Kubernetes Service (AKS). The application consists of a frontend service, an order service, and a payment service. The order service writes messages to an Azure Service Bus queue, and the payment service processes them. You need to ensure that the payment service can scale independently based on the queue length, and that the processing is fault-tolerant: if the payment service crashes during message processing, the message should not be lost and should be retried. You also need to minimize cost by reducing the number of idle instances. You configure the payment service as an Azure Function triggered by the Service Bus queue. Which configuration options should you set?

Question 214mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing a .NET Core application that needs to authenticate users via Microsoft Entra ID and call Microsoft Graph API. You register an app in the Microsoft Entra admin center and configure the necessary permissions. However, when the app tries to acquire a token, it receives an 'interaction_required' error. What is the most likely cause?

Question 215hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are designing a solution to securely store connection strings for an Azure Function app that connects to Azure Service Bus. The connection string contains a Shared Access Key. The company policy requires that secrets be rotated every 90 days and that no secret is stored in source code or configuration files. The solution should minimize operational overhead. What should you use?

Question 216easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing a web application that uses Azure Cosmos DB for NoSQL. You need to perform a point read by document ID and partition key. Which API method should you use to achieve the best performance and lowest cost?

Question 217hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your company uses Azure API Management to expose APIs to external partners. You need to implement rate limiting per subscription key to prevent abuse, but you also want to allow burst traffic up to a certain limit. Which policy should you configure?

Question 218mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing a solution that processes large files uploaded by users to Azure Blob Storage. Each file must be validated for malware using Microsoft Defender for Cloud Apps before being moved to a different container for further processing. The validation can take several minutes. What is the most cost-effective and scalable approach?

Question 219easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You need to send email notifications from an Azure Function app when a new user registers in your application hosted on Azure App Service. Which Azure service should you use to send the emails?

Question 220mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are deploying a microservices application to Azure Kubernetes Service (AKS). One service needs to retrieve configuration values from Azure App Configuration. The configuration includes sensitive values that must be stored in Azure Key Vault. The solution should not require application code changes to reference Key Vault. What should you use?

Question 221hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your application uses Azure Cache for Redis to cache session state. You notice that after a scaling operation, some users are prompted to log in again. What is the most likely cause?

Question 222easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You need to deploy a web app that uses Azure SQL Database. The connection string must be securely stored and automatically rotated without application downtime. What should you use?

Question 223mediummulti select
Read the full Connect to and consume services and third-party services explanation →

You are designing a solution that processes orders from an e-commerce website. The solution must guarantee that each order is processed exactly once. Which TWO Azure services can you use to achieve this requirement?

Question 224hardmulti select
Read the full Connect to and consume services and third-party services explanation →

Your company uses Azure API Management to manage APIs. You need to implement policies that ensure only authenticated requests from partners are allowed, and that responses are cached to improve performance. Which THREE policies should you configure?

Question 225easymulti select
Read the full Connect to and consume services and third-party services explanation →

You are developing a solution that uses Azure Functions to process messages from Azure Service Bus. Which TWO configurations are required to ensure the function scales out to handle high throughput?

Question 226hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are a developer at Contoso Ltd. The company has an existing .NET Core web application hosted on Azure App Service that allows users to upload images. The application currently stores images directly to Azure Blob Storage using connection strings stored in the Web.config file. The security team has mandated that all secrets must be stored in Azure Key Vault and rotated automatically. Additionally, the application must be able to access the Key Vault without storing any credentials in the application code or configuration files. The application uses Microsoft Entra ID for user authentication. You need to modify the application to meet these requirements with minimal changes to the application code. You have the following resources: an Azure Key Vault instance with the secrets (storage account connection string) already stored; a managed identity enabled for the App Service. You want to use the Key Vault references feature of Azure App Configuration or direct Key Vault access. Which approach should you take?

Question 227mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your company is building a real-time dashboard that displays sales data from multiple stores. The data is generated as events from point-of-sale systems and must be ingested with low latency. The dashboard needs to display aggregated data (e.g., total sales per store per minute) with a maximum delay of 5 seconds from event generation. You have decided to use Azure Event Hubs for ingestion and Azure Stream Analytics for real-time processing. The processed data will be stored in Azure Cosmos DB for the dashboard to query. However, the dashboard requires that the data in Cosmos DB be updated as soon as new aggregations are available. You need to design the output from Azure Stream Analytics to Cosmos DB. Which output configuration should you use?

Question 228easymultiple choice
Read the full NAT/PAT explanation →

You are developing a mobile app backend using Azure Functions. The app allows users to upload profile pictures. The pictures are stored in Azure Blob Storage and the metadata (user ID, blob URL, upload timestamp) is stored in Azure SQL Database. You need to implement a process that automatically generates a thumbnail for each uploaded picture and updates the metadata with the thumbnail URL. The thumbnail generation is CPU-intensive and may take up to 30 seconds per image. The solution should be serverless and cost-effective. Which combination of Azure services should you use?

Question 229easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing an app that processes orders. When an order is placed, you need to send a confirmation email and update an inventory database. The email service may be slow but must not delay the order processing. Which approach should you use?

Question 230mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are deploying a microservice that needs to read secrets (e.g., connection strings) from Azure Key Vault. The service runs on Azure Kubernetes Service (AKS). You want to minimize code changes and automatically rotate secrets. Which approach should you use?

Question 231hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your Azure Function app processes messages from an Azure Service Bus queue. The function is triggered by Service Bus messages. Occasionally, the function throws an unhandled exception after the message is processed but before the function completes. What happens to the message?

Question 232easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You need to expose an on-premises API securely to external partners without opening firewall ports. Which Azure service should you use?

Question 233mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your application uses Azure Cosmos DB for NoSQL. You need to query items by a property that is not the partition key. The container has 10,000 RU/s. How can you optimize this query to minimize cost and latency?

Question 234hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are using Azure Logic Apps to orchestrate a workflow that calls a third-party API. The API occasionally returns HTTP 429 (Too Many Requests). How should you handle this to ensure the workflow completes successfully without manual intervention?

Question 235easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You need to authenticate an Azure Function app to call Microsoft Graph API on behalf of the signed-in user. Which authentication flow should you use?

Question 236mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your company uses Azure Blob Storage to store sensitive documents. You need to ensure that all access to the storage account is encrypted in transit and that clients must use TLS 1.2 or higher. Which configuration should you enforce?

Question 237hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

You have an Azure App Service web app that uses Azure SQL Database. The connection string is stored in Azure Key Vault. You need to automatically rotate the database password every 30 days without app downtime. Which solution should you implement?

Question 238easymulti select
Read the full Connect to and consume services and third-party services explanation →

Which TWO Azure services can be used to securely store and retrieve secrets, such as API keys and connection strings, for use in cloud applications?

Question 239mediummulti select
Read the full Connect to and consume services and third-party services explanation →

Which TWO approaches can you use to call an external REST API from an Azure Function while ensuring the API key is not exposed in the function code?

Question 240hardmulti select
Read the full Connect to and consume services and third-party services explanation →

Which THREE Azure services or features can be used to implement retry logic for transient failures when calling an external API from a .NET Core application?

Question 241easymultiple choice
Review the full routing breakdown →

You need to send notifications to mobile devices when a new file is uploaded to Azure Blob Storage. Which Azure service should you use to route the event to a notification hub?

Question 242mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing a solution that needs to consume an external SOAP web service. Which approach should you use to integrate it into a modern .NET Core application?

Question 243hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your application uses Azure Service Bus topics. You need to ensure that messages are processed in the order they were sent within a session. What must you configure?

Question 244mediummulti select
Read the full Connect to and consume services and third-party services explanation →

Which TWO authentication mechanisms can be used to securely connect an Azure Function app to an Azure SQL Database using managed identities?

Question 245hardmulti select
Read the full NAT/PAT explanation →

Which THREE Azure services can be used to securely store and retrieve secrets, connection strings, and API keys for a cloud-native application?

Question 246easymulti select
Read the full Connect to and consume services and third-party services explanation →

Which TWO authentication methods can be used to call a Microsoft Entra ID-protected web API from a client application?

Question 247mediummulti select
Read the full Connect to and consume services and third-party services explanation →

Which THREE Azure services can be used to send email notifications from an application?

Question 248mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

Contoso Ltd. is migrating a legacy on-premises application to Azure. The application processes customer orders and sends confirmation emails. The new solution must use Azure Functions with an HTTP trigger to receive orders, store order data in Azure Cosmos DB, and send emails via SendGrid. Security requirements: All connections must use managed identities where possible. No secrets should be stored in code or configuration files. Cosmos DB and SendGrid API keys must be retrieved at runtime from Azure Key Vault. The Azure Function app must be able to access Key Vault without storing any connection strings or secrets in application settings. The development team plans to use the Azure.Identity and Azure.Security.KeyVault.Secrets libraries. Which approach should the team use to authenticate to Key Vault?

Question 249hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Northwind Traders is building a microservices architecture on Azure Kubernetes Service (AKS). One service needs to read messages from an Azure Service Bus queue and write them to an Azure SQL database. The solution must use managed identities for authentication. The AKS cluster is integrated with Microsoft Entra ID. The development team wants to avoid managing service principals and secrets. The team has chosen to use the Azure Identity SDK for authentication. The service will run as a pod in AKS. Which approach should the team use to authenticate to Service Bus and Azure SQL Database?

Question 250easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

Fabrikam Inc. has an Azure Function app that processes image uploads. Each time a blob is added to a container in Azure Blob Storage, the function is triggered. The function resizes the image and stores the result in another container. Currently, the function uses an Azure Storage account connection string stored in application settings. The security team requires that no connection strings or access keys be stored in application settings. The function must use managed identity to access the storage account. The storage account is in the same subscription. Which action should the team take?

Question 251hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Adventure Works is developing a payment processing system on Azure. The system uses an Azure Service Bus queue to decouple the frontend from the backend. The frontend sends a message to the queue. A backend service, running as an Azure WebJob, processes the message and calls a third-party payment gateway via HTTPS. The backend must authenticate to the payment gateway using a client certificate stored in Azure Key Vault. The WebJob must be able to access the certificate without storing any secrets in configuration. The WebJob runs in an App Service plan with system-assigned managed identity enabled. Which approach should the team use to retrieve the certificate and authenticate to the payment gateway?

Question 252mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

Tailwind Traders uses Azure Logic Apps to orchestrate a multi-step business process. The workflow must call an external REST API that requires OAuth 2.0 authentication. The API is registered in Microsoft Entra ID. The Logic App must authenticate using a system-assigned managed identity. The API's app registration has been configured to accept tokens from the managed identity. Which connector should the team use in the Logic App to call the API, and how should they configure authentication?

Question 253easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

Contoso is building a serverless application using Azure Functions. One function needs to read messages from an Azure Event Hub and store them in Azure Blob Storage. The function uses the Event Hubs trigger. The team wants to authenticate to both Event Hubs and Blob Storage using managed identities. The Function app has system-assigned managed identity enabled. Which role assignments are required on the Event Hubs namespace and the storage account?

Question 254hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Litware Inc. has an Azure App Service web app that needs to authenticate users via Microsoft Entra ID. The app uses the Microsoft Authentication Library (MSAL) for .NET. The app must also call Microsoft Graph to read user profiles. The app is registered in Entra ID with delegated permissions for 'User.Read'. The team wants to use the OAuth 2.0 authorization code flow with PKCE. The redirect URI is set to the App Service's URL. The app uses the App Service Authentication feature (EasyAuth) and also custom code. The team notices that after signing in, the app receives an ID token but not an access token for Microsoft Graph. What is the most likely cause?

Question 255mediummultiple choice
Study the full multicast explanation →

Wide World Importers has an Azure API Management (APIM) instance that exposes several APIs. One API is a custom REST API hosted on an Azure App Service. The API requires authentication via a subscription key. APIM is configured to require subscription keys for all APIs. The team wants to offload authentication to APIM so that backend services do not need to validate keys. However, the backend API also needs to know the identity of the calling application for logging. The team decides to use APIM's OAuth 2.0 authorization with Microsoft Entra ID. The backend API should receive the JWT token from APIM. How should the team configure APIM to pass the token to the backend?

Question 256easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

Avanade is developing a .NET Core console application that runs on an Azure VM. The application needs to read a secret from Azure Key Vault. The VM has a system-assigned managed identity enabled. The managed identity has been granted 'Get' and 'List' permissions on the Key Vault secrets. The code uses the Azure.Identity and Azure.Security.KeyVault.Secrets NuGet packages. Which code snippet should the developer use to authenticate to Key Vault?

Question 257hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Trey Research uses Azure Service Bus for messaging between microservices. One microservice written in Node.js needs to send messages to a queue. The team wants to use managed identity to authenticate to Service Bus. The microservice runs in an Azure Container Instance (ACI) with a user-assigned managed identity. The identity has been granted 'Sender' role on the Service Bus namespace. The team uses the @azure/service-bus SDK. Which code snippet should the developer use to create a ServiceBusClient?

Question 258mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

Coho Vineyard has an Azure Logic App that processes orders. The workflow must call a third-party API that uses Basic authentication. The credentials (username and password) must be stored securely in Azure Key Vault. The Logic App uses a system-assigned managed identity. The managed identity has been granted 'Get' permission on the Key Vault secrets. Which approach should the team use to pass the credentials to the third-party API?

Question 259hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are developing a microservices-based application deployed to Azure Kubernetes Service (AKS). One of the microservices needs to securely retrieve secrets (e.g., database connection strings) from Azure Key Vault. The application uses managed identity for authentication. You need to implement a solution that meets the following requirements: 1) The microservice should retrieve secrets from Key Vault without storing any credentials in the application code or configuration files. 2) The solution must support automatic rotation of secrets without application restart. 3) The solution should minimize latency and avoid direct calls to Key Vault on every request. 4) The application is written in .NET 8 and uses the Azure SDK. What should you do?

Question 260mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You develop an app that uses Azure Cosmos DB for NoSQL. The app requires reading a specific item by ID with low latency. You need to ensure the query is as fast as possible. What should you use?

Question 261hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your company uses Azure Service Bus topics and subscriptions to send order notifications. You notice that some messages are not being delivered to a subscription. The subscription has a SQL filter that matches messages with a 'region' property equal to 'EU'. You verify that the messages have 'region' set to 'eu' (lowercase). What is the most likely cause?

Question 262easymultiple choice
Read the full Connect to and consume services and third-party services explanation →

You are building a solution that processes images uploaded to Azure Blob Storage. Each image must be analyzed by Azure AI Vision (Computer Vision). You need to trigger the analysis automatically when a new blob is created. Which Azure service should you use?

Question 263mediummulti select
Read the full Connect to and consume services and third-party services explanation →

Which TWO actions can you take to improve the performance of an Azure App Service web app that makes calls to an external API? (Choose two.)

Question 264hardmulti select
Read the full Connect to and consume services and third-party services explanation →

Which THREE components are required to implement a secure authentication flow for a single-page application (SPA) using Microsoft Entra ID to call Microsoft Graph? (Choose three.)

Question 265mediummultiple choice
Read the full Connect to and consume services and third-party services explanation →

You deploy the above policy to an Azure API Management API. What is the effect?

Exhibit

Refer to the exhibit.
{
  "type": "Microsoft.ApiManagement/service/apis/operations/policies",
  "apiVersion": "2021-12-01-preview",
  "properties": {
    "value": "<policies>\n  <inbound>\n    <base />\n    <rate-limit calls=\"100\" renewal-period=\"60\" />\n  </inbound>\n</policies>"
  }
}
Question 266hardmultiple choice
Read the full Connect to and consume services and third-party services explanation →

Your company has a microservices application deployed on Azure Kubernetes Service (AKS). One service, OrderProcessor, needs to read messages from an Azure Service Bus queue and write results to Azure Cosmos DB. The processing must be reliable: if the service crashes mid-processing, the message should not be lost and should be retried. You also need to ensure that messages are processed in order within a partition. The solution should minimize code changes and leverage platform features. Which approach should you use?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

AZ-204 Practice Test 1 — 10 Questions→AZ-204 Practice Test 2 — 10 Questions→AZ-204 Practice Test 3 — 10 Questions→AZ-204 Practice Test 4 — 10 Questions→AZ-204 Practice Test 5 — 10 Questions→AZ-204 Practice Exam 1 — 20 Questions→AZ-204 Practice Exam 2 — 20 Questions→AZ-204 Practice Exam 3 — 20 Questions→AZ-204 Practice Exam 4 — 20 Questions→Free AZ-204 Practice Test 1 — 30 Questions→Free AZ-204 Practice Test 2 — 30 Questions→Free AZ-204 Practice Test 3 — 30 Questions→AZ-204 Practice Questions 1 — 50 Questions→AZ-204 Practice Questions 2 — 50 Questions→AZ-204 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Develop Azure compute solutionsDevelop for Azure storageImplement Azure securityConnect to and consume Azure services and third-party servicesMonitor, troubleshoot, and optimize Azure solutions

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Connect to and consume Azure services and third-party services setsAll Connect to and consume Azure services and third-party services questionsAZ-204 Practice Hub