Azure Cert (70-535)
A
Use Case: Telemetry Ingestion Technology: A. Azure IoT Hub B. Azure Event Grid C. Azure Event Hubs D. Azure Time Series Insights E. Azure Stream Analytics
B
What is the primary concern you should have when designing a background job that is expected to take more than 100 hours to complete? A. Cost B. Resiliency C. Security D. Scalability E. Performance
B
A company creates an API and makes it accessible on an Azure website. External partners use the API occasionally. The website uses the Standard web hosting plan. Partners report that the first API call in a subsequence of API calls occasionally takes longer than expected to run. Subsequent API calls consistently perform as expected. You need to ensure that all API calls perform consistently. What should you do? A. Configure the website to use the Basic web hosting plan B. Enable AlwaysOn Support C. Configure the website to automatically scale D. Add a trigger to the web.config file for the website that causes the website to recycle periodically
A,D,E
A company has a public-facing website that is being monitored using Microsoft Operations Management Suite (OMS). The OMS service map solution is deployed. Customers report that the website displays error messages and is very slow to load pages each day at 04:00. The company plans to use the OMS Service Map solution to investigate the issues. You need to recommend actions that the company should perform with OMS Service Map. Which three actions should you recommend? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. View alerts that show critical CPU utilization. B. Install updates to the device that hosts the website. C. Create a backup of the web server. D. View the device that hosts the website. E. View the process that produced the alert.
A
A company has custom ASP .net and Java applications that run on old versions of Windows and Linux. The company plans to place applications in containers. You need to design a solution that includes networking, service discovery, and load balancing for the applications. The solution must support storage orchestration. You decided to deploy a Kubernetes cluster that has the desired number of instances of the applications. Does this solution meet the goal? A. Yes B. No
C
A company hosts a website and exposes web services on the company intranet. The intranet is secured by using a firewall. Company policies prohibit changes to firewall rules. Devices outside the firewall must be able to access the web services. You need to recommend an approach to enable inbound communication. What should you recommend? A. the Azure Access Control Service B. Windows Azure Pack C. the Azure WCF Relay D. a web service in an Azure role that relays data to the internal web services
D,H,C,B
A company runs multiple line-of-business applications in a Kubernetes container cluster. Source code for the applications resides in a version control repository which is a part of a continuous integration/continuous deployment (CI/CD) solution. You must be able to upgrade containerized applications without downtime after all tests and reviews have completed successfully. You need to recommend steps to go from source code to updated applications so that they can be automated in the CI/CD solution. Which four actions should you recommend be performed in sequence? A. Update the DNS CNAME record of the application B. Update the container C. Push the image to the registry D. Build the application E. Change the Azure Service Definition schema F. Reconfigure the routing tables G. Change the Azure Service Configuration file H. Build the container image with the application
A
A company uses Microsoft Operations Management Suite (OMS) to manage 1,000 VMs in Azure. The security officer reports that VMs are often not updated. You recommend to the company that they implement the OMS Update Management solution. Which functionality with the OMS Update Management provide? A. Assessment of missing Windows and Linux updates on the VMs B. Assessment of antimalware on the VMs C. Assessment of Windows and Linux upgrades on the VMs D. Alerts regarding VM issues
A,D
A partner manages on-premises and Azure environments. The partner deploys an on-premises solution that needs to use Azure services. The partner deploys a virtual appliance. All network traffic that is directed to a specific subnet must flow through the virtual appliance. You need to recommend solutions to manage network traffic. Which two options should you recommend? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Configure Azure Traffic Manager. B. Configure a routing table with forced tunneling. C. Implement an Azure virtual network. D. Implement Azure ExpressRoute.
A
You need to ensure that authentication requirements are met. What should you do? A. Enable multi-factor authentication. B. Enable Azure AD Identity Protection. C. Require users to authenticate by using Windows Hello for Business. D. Require users to authenticate by using certificate-based authentication.
A,C
Acme Inc has a popular mobile application with over 1 million app installs across several different brands of devices. For performance reasons, you've decided to use queues to asynchronously handle requests from the mobile application client to the backend services. As users make requests in the app, the app will feed those requests into a queue, and the backend services will pull items from the request queue, perform the task, and then add the results into a response queue. The mobile apps will monitor the request queue for confirmation of successful processing of the task, and update the UI accordingly. There is no concern over the lag time between request and response, because of the nature of the application, as long as that response is within a few seconds (less than 10). One concern you have is if too many users are using the application at once, the queue can easily grow in size and the response time does become an issue as it exceeds 10 seconds. What two things can you do to ensure the queue does not grow above a certain size? A. You can enable diagnostics on the queue, and have it call a webhook when the size of the queue exceeds a certain threshold. The webhook can be a job that starts another backend application instance to reduce the size of the queue. Similarly, diagnostics can trigger a job to reduce the number of instances when the queue size falls below a threshold B. You can enable diagnostics on the queue, and have it notify you by email when the queue falls below certain performance metrics. You can then manually start up extra backend application instances to reduce the size of the queue C. You can develop a WebJob that monitors the queue length, and programmatically starts extra backend application instances to process the items if the queue grows above a certain size. The same job can shut down those instances when the queue falls below a certain size. D. You can run your backend application on a high-performing server that can handle more requests per second than your highest estimate for peak traffic. There's no harm in having a really big server or cluster of servers standing by to receive requests even if it's idle most of the time E. You can use Azure's scaling options for web apps, web jobs and VMs to monitor the backend applications to detect that their CPU usage exceeds a certain threshold, and auto-scale the backend applications based on that
E
Acme Inc has a web app they use to host their web application. One of the problems they have been facing is, when updating the application, users notice a bit of slowness on the web app after the deployment starts, and as the app warms up. It takes a minute or two for the app to return to normal responsiveness. Another problem was that recently an important image file was missed during the deployment, and the web app had a broken image in the header until it could be repackaged and redeployed. What feature of Web Apps allows you to most easily avoid these types of problems? A. Webjobs B. Monitoring and Diagnostics C. Application Settings D. Continuous Integration with GitHub E. Deployment Slots
D
Acme Inc has defined a standard VM type of web servers, mid-tier servers, API servers and self-hosted SQL database servers. They want to ensure that all of their new Virtual Machines going forward follow this standard. What functionality does Azure provide to ensure that new VMs can be deployed using the exact same configuration each time? A. Copy VHD files and rename B. VM Clone function C. Write custom deployment scripts using PowerShell and Azure SDK commands manually D. ARM Templates
C
Acme Inc has many large video files that they would like to store in Azure storage. Every day, they produce several terabytes of video that needs to be uploaded to the cloud for storage and archival purposes. It's been decided that these will be stored as blobs using Azure Blob storage. You need to decide the type of blob to choose when storing these files. Which type do you recommend they choose for these files, and why? A. Page blobs, because they are the best for data that needs to be frequently accessed with reads and writes. Page blobs support up to 4.75 TB for a single file, which is ideal for Acme's video needs B. Page blobs, because they are the best for large binary file types. For instance, Azure VMs use Page blobs C. Block blobs are ideal for storing binary or text files, such as video files. A single block blob can contain up to 4.7TB - 50,000 blocks up to 100MB per block. These are best for files that do not need to be frequently accessed or updated D. Block blobs, because even though they support a smaller maximum file size of 1 TB, you can have many blocks in a single container - up to the maximum storage limit of the account
D
Acme Inc has traditionally run it's internal applications on it's own hosted servers, and have over 100 applications that they support. They're not ready to move everything to the cloud, but there is one application they are wanting to test. The problem is that the application relies on a number of WCF services that connect to their backend databases and other applications. They are not able to move the WCF services into Azure. What Azure technology allows them to place an application into Azure, but leave the WCF services running in their hosted data center in a secure fashion, without having to modify firewall settings or set up secure VPNs? A. Table Service B. Notification hub C. Event hub D. Service Bus Relay E. Queue Service
C
Acme Inc is developing a mobile application, and is expecting it to have a large installed base. They are expecting over 1 million mobile installations by the end of the first year. The application needs to store small bits of data in the cloud to store application state and ensure data persistence across re-installs, multiple devices, and multiple users using the same device. What Azure data storage solution is specifically aimed at highly available, low latency access for small bits of data? A. Azure Queue B. TableStorage C. DocumentDB D. SQL Database E. Page Blob
A,C,E
Acme Inc is looking to add some cool features to its public web application. One of them is integration with Facebook Connect as an authentication provider. They already use Azure Active Directory to manage the user accounts of the users of this application. What prerequisites need to be in place before they can connect Facebook as an authentication provider to AAD B2C? A. Must create a Facebook application and supply it the necessary parameters to communicate with ACS B. Must have established a secure VPN connection between Azure and Facebook's data centers C. Must have a Facebook account D. Must upload the existing user database to Facebook to establish the existing customer list E. Must register with Facebook as a developer
B,D
Acme Inc is very concerned about data security, as they should be. The CIO has specifically told you that they have a data policy that requires all data to be encrypted - in transit and at rest. What two solutions does Azure provide as part of their SQL Database service that allow you to fulfill these requirements? A. Data should be encrypted in the application, so that it is transferred over the wire encrypted and stored in the database encrypted B. Transparent Data Encryption encrypts the database, backups, and log files in a transparent way without requiring changes to the application C. SQL Database users a client-server certification model, such that the application uses the public key of the SQL Database to encrypt data before sending, and the server can use its private key to decrypt D. TLS provides end-to-end encryption between the database and the application calling the database - regardless of whether it exists inside or outside Azure
A
Acme Inc runs both Windows and Linux virtual machines in the Azure environment. This has all been going fairly well until this point. A co-worker recently tried to upload an existing Linux VM into Azure, and was unable to. And so they come to you for help. This particular server is running Ubuntu Core, which is a version of Ubuntu that is small, lightweight and doesn't come with all the baggage of the main Ubuntu distro. This will be used for development and testing of an IoT device Acme has under development. You conclude that this cannot be migrated into Azure and needs to remain in a local VM. What is likely the cause of not being able to migrate this VM to Azure? A. Azure does not support Ubuntu Core B. You'd need to move the application into the latest version of Ubuntu Server, which should not be difficult C. It does not make sense to have an IoT device in Azure for testing puproses D. Azure does not support migration of existing VMs into Azure. It's better to create a new VM
C
Acme Inc runs their Azure virtual machines in an availability set. All of the web sites are running in the same availability set. They do this to increase the availability of their application should plan or unplanned outages happen. What is the maximum number of fault domains (FD) and update domains (UD) that your application can be spread across? A. 2 FD and 5 UD B. Unlimited C. 3 FD and 5 UD D. 5 FD and 2 UD E. 2 FD and 4 UD
A
Acme Inc takes advantages of the benefits of scale sets by deploying a large number of VMs at once, and having Azure handle the load balancing and scaling of that. They want to be able to RDP into any of the nodes of the scale set, but those nodes do not have Public IP addresses and so they cannot. What is the best way to allow outside Remote Desktop Connections into the individual nodes of a scale set? A. Connect to the nodes using a jump box - a single VM that does have a public IP address from which you can remote into a private IP address B. Assign public IPs to each node of the scale set C. Use a static IP address for the scale set, instead of dynamic D. Open up port 22 of the Azure network firewall to allow traffic in
C
Acme Inc wants to increase the performance of their popular social media website. They are using a CDN to store all large static assets around the globe, but also want to be able to store application specific (but temporary) data such as localization strings, and user session data, in a reliable data store as well. They need a high-performance, low-latency data storage solution that will follow a basic key-value pattern. The application is robust enough to handle cases where the data it needs does not appear in the temporary data storage (by going to the backend-database which is a bit slower). Which Azure data storage product seems like a good fit for this need? A. Azure Queue B. TableStorage C. Redis D. File storage within the VM E. DocumentDB
A
Acme Pharma Inc is searching for the next big medical breakthrough. They have a plan (and budget) to develop an application that will go through the millions of protein and nucleotide sequences looking for a particular pattern. The problem is that it takes about a second to analyze each one, and so it could take years to run this analysis using a single computer. From an architectural perspective, how best can you design an application such as this? A. Break the application into tasks that can be done in parallel, and use Azure Batch to process them across thousands of servers at a time B. Using VM Scale Sets, you can design applications that work across hundreds of VMs at the same time, coordinating their work through a central database. You'd also need to write a central traffic cop application to monitor the various applications and ensure all the work is done C. Design an application that uses processes and threads to allow work to complete in parallel D. When designing long-running applications, the most important thing is that they can be restarted and not lose all of the work they had performed previously E. Create a large cluster of machines, with hundreds of cores, operating as one supercomputer in order to get through the job as fast as possible
C
Are resources in a Network Security Group limited geographically? A. No, any resource can be added to any NSG B. Yes, only resources in the same country/geo can be added to an NSG C. Yes, only resources in the same region can be added to an NSG
B
Azure Machine Learning is one of the exciting newer services within Azure that allow companies to come up with algorithms based on past data to predict or forecast the future. Even with perfect past data as input, which of the following applications would Machine Learning find it difficult to come up with an accurate predictive algorithm about the future? A. Financial fraud in credit card purchases B. The results of an election C. Spam emails D. Whether a consumer will enjoy a movie or not E. Weather forecasting
B
By default, what happens when a job fails in Azure Scheduler? A. Azure Scheduler will immediately attempt to rerun the job B. The URI defined in the task errorAction will be invoked C. The details of the job that failed are emailed to the administrators and others who have signed up to receive notifications D. There is no way to determine if a job has failed within Azure. It's up to the application to handle its failures, and perform tasks that need to be done on failure E. The details of the job that failed are written to the Windows Event Viewer, Application Log
B
You need to design the multi-tenant model for storing applications and customer data. Which pattern should you recommend? A. Share database-single B. Database-per-tenant with elastic pools C. Database-per-tenant without elastic pools D. Shared database-shared
A
Contosoweb experiences heavy traffic during weekends. You need to analyze the response time of the product catalog page during peak times, form different locations. What should you do? A. Configure endpoint monitoring B. Add the Requests metric C. Turn on Failed Request Tracing D. Turn on Detailed Error Messages
A
Update by using package from your local computer A. Service 1 B. Service 2
B
Update by using package in Azure Storage A. Service 1 B. Service 2
A
Use Case: Automate a portfolio of scripts Tool: A. Azure Automation B. Desired State Configuration
B
Use Case: Create an ad hoc script to add a virtual machine Tool: A. Azure PowerShell B. Desired State Configuration
A
Use Case: Monitoring Assets Technology: A. Azure IoT Hub B. Azure Event Grid C. Azure Event Hubs D. Azure Time Series Insights E. Azure Stream Analytics
D
Use Case: Providing real time predictions on IoT data Technology: A. Azure IoT Hub B. Azure Event Grid C. Azure Event Hubs D. Azure Time Series Insights E. Azure Stream Analytics
C
How do you give an application the correct level of access to a storage account without having to embed the security keys to the account in the application itself? A. Enable CORS access on the account B. Azure Active Directory allows setting of permissions at the file/container level C. Create a Shared Access Signature for each application that requires access at the account level D. Use Role Based Access Control E. Create a Shared Access Signature for each application that requires access at the individual container/blob level
B
How many free static IP address are Azure customers entitled per account to in the ARM model? A. 100 B. 20 C. No limit D. 1 E. 0 F. 5
D
If a network security group (NSG) contains several rules, how does Azure decide in which order to check to see if the rule applies? A. Optimistic. All allow rules are processed first, and then any deny rules are processed. B. Optimistic. All deny rules are processed first, and then any allow rules are processed. C. By priority order, from highest (4096) to lowest (100). D. By priority order, from lowest (100) to highest (4096).
C
Use Case: Spotting anomalies on IoT data Technology: A. Azure IoT Hub B. Azure Event Grid C. Azure Event Hubs D. Azure Time Series Insights E. Azure Stream Analytics
False
True or false: Azure Notification Hubs are for broadcasting messages to mass audiences of users, filtered by device or profile setting, and not for sending notifications to specific individual users. (i.e. notification of financial activity on their account)
False
True or false: Azure Table Storage is good for large amounts of unstructured object data.
True
True or false: you can use Azure API Management as a front-end management portal for API apps, even if those API apps are hosted outside of Azure - on your own premises or even within Amazon AWS.
B
What does the recommendation for Endpoint Protection mean within Azure Security Center? A. Configure CORS to prevent cross-site scripting attacks B. Install antivirus on the VMs C. Set the .NET framework configuration option to prevent SQL injection in forms D. Ensure remote desktop connection can only be accessed over a VPN and block access to that port over the open internet
E
What does the term "scale up" refer to when dealing with scaling of web apps? A. Add more memory to the application without changing the pricing tier B. Increase the CPU speed C. Increase the number of instances of the app running D. Add more CPUs to the application without changing the pricing tier E. Add more CPU and memory by upgrading to a higher pricing tier
A,B
What features are supported by Azure Active Directory? A. Users and Groups B. SAML C. Computers and Devices D. LDAP E. Kerberos
C
What is the Microsoft Active Directory service that allows you employees of other companies (business partners or agencies) to use their AD credentials to sign on to your applications? A. Azure AD Federation Services B. Azure AD core functionality C. Azure AD B2B D. Azure AD B2C
A
What is the basic philosophy of RBAC? A. Companies should focus on giving employees only the permissions they absolutely need. No more, no less B. Admins should be able to assign fine-grained permissions down to the individual file level and blob level if they wish C. Admins need to consider each individual user's required access to each individual resource. New users are assigned permissions by copying an existing user, and modifying the permissions accordingly D. RBAC has established a resource hierarchy and uses access inheritance to make it easier to assign permissions to broad ranges of resources in a single setting E. There are three basic roles - owner, contributor, and reader. Every user should be assigned one of those permissions
B
What is the maximum number of VMs you can have in a single Azure subscription? A. 500 B. 10,000 C. 100 D. 10 E. Unlimited
B
What is the maximum number of web apps that can be running on a single app service plan in the Standard tier? A. 100 B. Unlimited C. 20 D. 10 E. 1
A
What is the primary criteria to qualify for Microsoft's Service Level Agreement, promising 99.95% uptime for VMS? A. VMs must have two or more instances in the same availability set B. VMs must be created using the new Resource Manager model C. VMs must be backed up regularly using Azure Backup Service D. VMs must be running the latest version of Microsoft Windows (2016) and not an older version
B,D,E
What levels of web app pricing tiers provide a Service Level Agreement (SLA) from Microsoft that provides a financial guarantee of 99.95% uptime? A. Shared B. Premium C. Free D. Standard E. Basic
A
What programming languages are supported by Microsoft Web Apps? A. ASP.NET, PHP, Java, Node.js B. ASP.NET, PHP C. ASP.NET D. ASP.NET, Java
A
What types of data can be encrypted at rest using Storage Service Encryption? A. General purpose storage accounts and blob storage accounts; standard and premium storage; All redundancy levels; ARM accounts but not classic; All regions for blob storage; some regions for file storage B. Only blob storage accounts; standard and premium storage; only local and zone redundancy levels; ARM accounts but not classic; All regions C. All types of data can be encrypted at rest, regardless of type, location, or deployment model D. SSE is a separate service and not related to storage accounts; only data stored in SSE specifically can be encrypted; existing data already stored in Azure cannot be encrypted E. Only file storage accounts; standard and premium storage; All redundancy levels; ARM accounts but not classic; All regions
A,B,C
When considering migrating an on-premises SQL Server database to Azure SQL Database, what are the primary metrics you should use to determine the number of DTUs you will need? A. Processor usage % B. Disk reads and writes per second C. Database log flushes per second D. Number of schema objects (tables, procedures, users, etc) E. Disk space
C
When using Azure Geo Redundant Storage (GRS), in how many regions around the globe does Azure store your data? A. 3 B. 4 C. 2 D. 1
A,E
Which Azure Virtual Machine sizes are specifically designed for compute-intensive applications? A. H-series B. D-series C. G-series D. A0-A7-series E. A8-A11-series
C,D
Which Azure load-balancing solution(s) can direct traffic to any internal or external endpoint, and is not restricted to Azure hosted applications? A. VM Scale Sets B. Azure Load Balancer C. Application Gateway D. Azure Traffic Manager
D
Which Azure technology is responsible for translating a website or service name (domain name or fully-qualified name) to its IP address? A. Azure Active Directory B. Azure Service Fabric C. Azure Delegate Service D. Domain Name Service E. Azure Automation Service
A
Which Azure technology provides layer-7 load balancing capabilities for applications, and can only handle HTTP/HTTPS requests and not all TCP requests? A. Application Gateway B. Azure Traffic Manager C. Azure Load Balancer D. All of the above
D
Which Microsoft Azure service allows you to automate the replication of virtual machines data whether they are in Azure, or on prem running as Hyper-V, VMWare or as physical servers for the purposes of quickly recovering from a disaster? A. VM Data Disks B. Azure Automation C. Azure Backup D. Azure Site Recovery E. Azure Blob Storage
D,F
Which of the following Virtual Machine sizes can use Premium Storage for their data disks? A. A series B. G series C. H series D. DS series E. D series F. GS series
A,B
Which of the following are recommended options for connecting an Azure network to an on-premises network? A. ExpressRoute B. Site-to-Site VPN C. Point-to-Site VPN D. WAN E. Extended LAN
A,B,C,D
Which of the following can be used as an authentication provider for an Azure application using Azure AD B2C? A. LinkedIn B. Google+ C. Amazon D. Facebook
C
Which storage solution is best for hierarchical storage for data analytics? A. Azure Blob Storage B. Azure File Storage C. Azure Data Lake Storage D. Azure StorSimple virtual device E. Azure Site Recovery
A
Which storage solution is best for object-based storage? A. Azure Blob Storage B. Azure File Storage C. Azure Data Lake Storage D. Azure StorSimple virtual device E. Azure Site Recovery
B,C,E,A
You administer an Azure Web Site named contosoweb that uses a production database. You deploy changes to contosoweb from a deployment slot named contosoweb-staging. You discover issues in contosoweb that are affecting customer data. You need to resolve the issues in contosoweb while ensuring minimal downtime for users. You swap contosoweb to contosoweb-staging. Which four steps should you perform next in sequence? A. Swap contosoweb-staging to contosoweb B. Point contosoweb to the production database C. Point contosoweb-staging to the test database D. Fix the issues in contosoweb E. Fix the issues in contosoweb-staging F. Point contosoweb to the test database G. Point contosoweb-staging to the production database
D
You are designing a microservices architecture that will support a web application. The solution must meet the following requirements. - Allow independent upgrades to each microservice - Deploy the solution on-premises and to Azure - Set policies for performing automatic repairs to the microservices - Support low-latency and hyper-scale operations What should you recommend? A. Azure Container Service B. Azure Container Instance C. Azure VM Scale Set D. Azure Service Fabric
A
You are designing a solution that ingests, transforms, and stores streams of data from Internet of Things (IoT) devices. The solution has the following requirements: - Business users must be able to discover, understand, consume, and contribute to data creation. - Transform data by using Spark. - Data analysis must be performed by using a hub-and-spoke business intelligence model. You need to choose the appropriate products for the solution. Which technologies should you recommend? Use Case: Discover, understand, consume, and contribute data from IoT devices Product: A. Azure Analysis Services B. Azure Data Factory C. Azure Data Catalog D. Azure Data Lake Analytics
B
You are designing a solution that ingests, transforms, and stores streams of data from Internet of Things (IoT) devices. The solution has the following requirements: - Business users must be able to discover, understand, consume, and contribute to data creation. - Transform data by using Spark. - Data analysis must be performed by using a hub-and-spoke business intelligence model. You need to choose the appropriate products for the solution. Which technologies should you recommend? Use Case: Transform data from IoT devices Product: A. Azure Analysis Services B. Azure Data Factory C. Azure Data Catalog D. Azure Data Lake Analytics
A
You are designing a solution that will aggregate and analyze data from Internet of Things (IoT) devices. The solution must meet the following requirements: - Store petabytes of data - Use shared access policies to provide service connections to the IoT event source. - Conduct analysis of data in near real-time. - Provide ultra-low latency and highly scalable transaction processing. You need to recommend a technology. What should you recommend? A. Azure Data Lake Store B. Azure Redis Cache C. Azure Time Series Insights D. Azure Table storage
A
You are designing a storage solution to support on-premises resources and Azure-hosted resources. You need provide on-premises storage that has built-in replication to Azure. You Include Azure StorSimple storage in the design. Does this solution meet the goals? A. Yes B. No
C,E
You are designing a web app that creates some temporary files as part of its normal operation. You don't want these temporary files to exist forever, and so you've also written a small program to clean up these files and would like this application to run every few hours to clean up the mess. What two options to you have to schedule a web job to run every few hours? A. Azure Timed Functions B. Create a continuously WebJob and use the Timer Sleep function for it to wake up every few hours C. Azure Scheduler D. Have the associated web app trigger the job to run E. CRON job
C,E,F
You are designing an Azure Media Services solution. The solution must meet the following requirements: - Allow only authenticated users to play back media - Ensure that media playback uses dynamic and envelope encryption Which three options should you recommend? A. Configure the media encoder to use AES clear key encryption B. Encode source files into single-bitrate MP4 files C. Configure a content authorization key D. Configure the media encoder to use DRM encryption E. Configure an asset delivery policy F. Encode source files into an adaptive-bitrate MP4 files G. Encrypt the file using AES 256 bit encryption and upload to Azure Storage
C,D
You are designing an Azure Web App that includes many static content files. The application is accessed from locations all over the world by using custom domain name. You need to recommend an approach for providing access to the static content with the least amount of latency. Which two actions should you recommend? A. Place the static content in Azure Blob Storage and enable Content Delivery Network on the account B. Place the static content in Azure Table storage C. Configure a custom domain name that is an alias for the Azure Storage domain D. Configure a CNAME DNS record for the Azure CDN Domain
D
You are designing an Azure solution. The network traffic for the solution must be securely distributed by providing the following features: - HTTPS protocol - Round robin routing - SSL offloading You need to recommend a load balancing option. What should you recommend? A. Azure Internet Load Balancer (ILB) B. Azure Load Balancer C. Azure Traffic Manager D. Azure Application Gateway
B
You are developing the application security review document. You need to ensure that application data security requirements are met. What should you verify? A. Azure SQL connections use an account that does have administrative access B. Connection Strings use encryption and not trust server certificates C. Azure SQL connections use Azure Key Vault certificates for TLS D. Connection Strings are not stored in application code
E
You develop a set of PowerShell scripts that will run when you deploy new VM. You need to ensure that the scripts are executed on new VMs. You want to achieve this goal by using the least amount of administrative effort. What should you do? A. Create a new GPO to execute the scripts as a logon script B. Create a SetupComplete.cmd batch file to call the scripts after the VM starts. C. Create a new VHD that contains the scripts D. Load the scripts to a common file share accessible to the VMs E. Set the VMs to execute a custom script extension
A
You have a WebJob attached to a web app, and you've configured it to run "Continously". But you notice that the job stops after a while and is not running continuously like you expect. You're sure that there is nothing wrong with the code. What is likely the reason that a WebJob stops running when it shouldn't? A. You must enable the "AlwaysOn" setting on the web app. B. The Azure app service environment is restarted from time to time, which will stop any jobs that are running. C. The web app needs to be granted explicit permissions to a resource such as a storage account for logging. D. The WebJob only runs when the web app itself is running. If there are no visitors to the site for a time, the web app will go to sleep. You need to use Azure Scheduler to occasionally visit the web app to keep it awake.
C
You have a customer database on your internal network. The database supports an application that your sales organization uses. Your plan to migrate the application to the cloud. All customer data must remain inside the corporate network. You need to ensure that the application can access the customer data without affecting network security. What should you do? A. Open the ports required to access the database in the network firewall B. Use Microsoft Azure Service Bus Relay to expose and consume a SOAP web services with TCP C. Configure Direct Access on the virtual network D. Create a Site-to-Site VPN connection
B
You have business services that run on an on-premises mainframe server. You must provide an intermediary configuration to support existing business services and Azure. The business services cannot be rewritten. The business services are not exposed externally. You need to recommend an approach for accessing the business services. What should you recommend? A. Connect to the on-premises server by using a custom service in Azure. B. Expose the business service externally C. Expose the business service to the Azure Service Bus by using a custom service that uses relay binding. D. Move all business services functionality to Azure
B
You manage on-premises network and Azure virtual networks. You need a secure private connection between the on-premises networks and the Azure virtual networks. The connection must offer a redundant pair of cross connections to provide high availability. What should you recommend? A. virtual network peering B. Azure Load Balancer C. VPN Gateway D. ExpressRoute
None
You manage two cloud services named Service1 and Service2. The deployment team updates the code for each application and notifies you that the services are packaged and ready for deployment. Service 1 • You must be able to re-deploy the service using a previous package • The package must be retained for disaster recovery purposes Service 2 • Maintaining the existing service package is not required Identify the deployment for each service Manually update DLL on cloud service by means of RDP A. Service 1 B. Service 2 C. None
C
You need to configure availability for the virtual machines that the company is migrating to Azure. What should you implement? A. Traffic Manager B. Express Route C. Update Domains D. Cloud Services
C
You need to design the authentication solution for the NorthRide app. Which solution should you use? A. Azure Active Directory Basic with multi-factor authentication for the cloud and on- premises users. B. Active Directory Domain Services with mutual authentication C. Azure Active Directory Premium and add multi-factor authentication for the cloud users D. Active Directory Domain Services with multi-factor authentication
C
You need to implement the security requirements. What should you implement? A. The GraphAPI to query the directory B. LDAP to query the directory C. Single sign-on D. User Certificates
A
You need to prevent security attacks on the Tabular Data Stream (TDS). Solution: Isolate connection to Azure web apps and Azure SQL Database instances by implementing a virtual network. Does this meet the goal? A. Yes B. No
A
You need to recommend a solution architecture for the Tailspin Toys e-commerce website for app tier, data tier, and user authentication. Solution: - Website based on Azure App Service - App data stored in Azure SQL Database - Authentication provided through Azure AD Business-to-consumer - Solution deployed to multiple Azure regional datacenters - Load balancing with Azure Traffic Manager Does the solution meet the goal? A. Yes B. No
D
You need to recommend a solution that meets the requirements for data storage for the NorthRide app. What should you include in the recommendation? A. Azure Remote App B. Azure Service Bus C. Azure Connect D. Azure SQL Database
D
You need to recommend a technology for processing customer pickup requests. Which technology should you recommend? A. Notification hub B. Queue messaging C. Mobile Service with push notifications D. Service Bus messaging
C
You need to recommend the appropriate technology to provide the predictive analytics for passenger pickup. What should you do? A. Use Power BI to analyze the traffic data and PowerPivot to categorize the results. B. Use HDInsight to analyze the traffic data and write a .NET program to categorize the results. C. Use Machine Learning Studio to create a predictive model and publish the results as a web service. D. Use Hadoop on-premises to analyze the traffic and produce a report that shows high traffic zones.
A,D
You use a virtual network to extend an on-premises IT environment into the cloud. The virtual network has two virtual machines (VMs) that store sensitive data. The data must only be available using internal communication channels. Internet access to those VMs is not permitted. You need to ensure that the VMs cannot access Internet. Which two options should you recommend? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Azure ExpressRoute B. network interface (NIC) C. Source Network Address Translation (SNAT) D. Network Security Groups (NSG)
C
You've created a Microsoft Operations Management Suite (OMS) Workspace inside Azure for Log Analytics, at the free tier. You give it a day to collect data, and come back to it. You log into the OMS portal, and expect to be able to get useful insights and analytics from the Windows and Linux Virtual Machines you are running inside Azure. To your surprise, you cannot see any data. The reports are empty. What is required to get log data to feed from Virtual Machines into OMS? A. OMS Portal can only be connected to an Azure Storage account, so you must enable logging on VMs to save to a storage account B. Add the OMS connection string into VM settings tab of the Azure portal C. Download the OMS Agent and install on the VMs with the correct connection settings D. Select the VMs to add using the OMS Portal (Add VMs)
F
Your Azure application writes a lot of blob files to disk. In fact, you are starting to see throttling errors because the number of files you are attempting to create exceeds the limits that Azure places on storage accounts. As a result, you're looking to refactor your application a little bit to be able to handle more blobs per second. What is the recommended solution for handling this problem? A. Compress the files before writing, to reduce the amount of data being written to disk B. Create multiple storage accounts, and use automated sharding to allow Azure to automatically assign blobs to these accounts C. Create multiple containers within the storage account, so the blobs are logically separated D. Handling the throttling errors by retrying the write after a few seconds E. Instead of saving blobs into subfolders, save all blobs into the root of the container F. Create multiple storage accounts, and use manual sharding to place blobs into these accounts
C
Your IT department has done some analysis of your company's use of its existing hosted datacenter, and has come back with an objection over moving these applications to Azure. They say that traffic between your company headquarters and the datacenter spikes to around 1 Gbps during peak periods, and they are concerned with that speed of traffic over the public Internet to Azure. In addition, they are concerned with private company details travelling over the public Internet, even if it's encrypted. What Azure networking solution would satisfy the requirements of higher-speed traffic and increased privacy of that traffic? A. Azure Gateway B. Azure Site-to-Site VPN C. Azure ExpressRoute D. Always use an HTTPS connection
A,C,D
Your company has an application that runs in the cloud that occasionally needs access to a WCF web service running on a server on your on-prem network. You decide to use a hybrid connection using BizTalk Services to enable the cloud application to get access to the WCF service. What is the main benefit to using a hybrid connection compared with exposing your WCF service to the open internet? A. Reduces the number of open connections to your network since all requests can share a connection B. Require few code changes, reducing development efforts C. Is more secure since connectivity is not open to the whole world D. Does not require changes to corporate firewall settings which are sometimes difficult to make changes to
B
Your company has decided to extend it's on-prem network by utilizing some of Azure's cloud storage options. There will be significant cost-savings from being able to use storage on demand and not have to build out additional servers and drives as needs grow. Your concern is performance. You believe that traffic from your network to Azure will be very slow and not be able to support the Terabytes per day that need to be stored. Which network solution offers the fastest connection to the Azure datacenter? A. Point-to-Site VPN B. ExpressRoute C. Site-to-Site VPN
D
Your company has two physical locations configured in a geo-clustered environment that includes: - System Center Virtual Machine Manager 2012 R2 - System Center Data Protection Manager 2012 R2 - SQL Server 2012 - Windows Server 2012 R2 Hyper-V - Over 100 VMs in each location Your company has recently signed up for Azure. You plan to leverage your current network environment to provide a backup solution for your VMs. You need to recommend a solution that ensures all VMs are redundant and deployable between locations. You also want the solution to minimize downtime in the event of an outage at either physical location. What should you recommend? A. Configure a backup vault in Azure and use Data Protection Manager to back up the Windows Servers B. Use DPM and back up the VMs in each location C. Use Azure Site Recovery in an on-premises to Azure protection configuration D. Use Azure Site Recovery in an on-premises to on-premises configuration
A,B
Your company plans to migrate from On-Premises Exchange to Exchange Online in Office 365. You plan to integrate you existing Active Directory Domain Services infrastructure with Azure AD. You need to ensure that users can login by using their existing AD DS accounts and passwords. Which two actions should you perform? A. Configure Password Sync B. Setup a DirSync Server C. Setup an Active Directory Federation Services Server D. Setup an Active Directory Federation Services Proxy Server
A,D
Your company uses Office 365 for all employees. The company plans to create a website where customers can view and register technical support cases. The solution must meet the following requirements: - Provision customer identities by using social media accounts. - Users must be able to access the website by using social media accounts including Facebook. - Employees of the customer service department must be able to access the site to read the cases and resolve them. You need to design an identity solution for the company. Which two actions should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. a custom policy to link internal store to the external store B. a new Azure Active Directory (Azure AD) business-to-business (B2B) tenant C. an Azure SQL data sync to link the internal store to the external one D. a new Azure Active Directory (Azure AD) business-to-consumer (B2C) tenant E. a new Azure Active Directory (Azure AD) tenant
D
Your company would like to allow your employees to use their same Windows login and password on all services and devices, using single sign-on. Your network administrator uses Windows Active Directory to manage user accounts inside your network, and you'd like to use that as the master server for user accounts. You'll use Azure Active Directory for the cloud apps. What officially-supported Azure service allows you to use the same accounts from AD on AAD? A. Clone AD server running in the cloud, in a forest configuration B. DirSync C. AAD Sync D. Azure Active Directory Connect
A,B
Your web application uses Azure AD B2C to handle user authentication. It's been working well for a few months with no issues. Today, a customer has asked your support team to cancel his account, such that he does not want to be able to log in to the application. You don't want to delete the record from B2C (for auditing purposes) and there may be data within your application that is associated with that user. How can you block an Azure B2c user from logging in without deleting the account (choose two)? A. Remove him from the group that is authorized to log in to the application B. Mark the user as "block sign in" on the Active Directory user profile C. Change their password to something new D. Mark the account as expired by entering an expiry date in the past