Q1. - (Topic 6)
A company hosts a website and exposes web services on the company intranet.
The intranet is secured by using a firewall. Company policies prohibit changes to firewall
rules.
Devices outside the firewall must be able to access the web services.
You need to recommend an approach to enable inbound communication.
What should you recommend?
A. The Azure Access Control Service
B. Windows Azure Pack
C. The Azure Service Bus
D. A web service in an Azure role that relays data to the internal web services
Answer: C
Explanation: The Service Bus Relay is designed for the use-case of taking existing Windows Communication Foundation (WCF) web services and making those services securely accessible to solutions that reside outside the corporate perimeter without requiring intrusive changes to the corporate network infrastructure. Such Service Bus relay services are still hosted inside their existing environment, but they delegate listening for incoming sessions and requests to the cloud-hosted Service Bus.
Reference: .NET On-Premises/Cloud Hybrid Application Using Service Bus Relay
http://azure.microsoft.com/en-gb/documentation/articles/cloud-services-dotnet-hybrid-app-using-service-bus-relay/
Q2. - (Topic 5)
You need to recommend a technology for processing customer pickup requests.
Which technology should you recommend?
A. Notification hub
B. Queue messaging
C. Mobile Service with push notifications
D. Service Bus messaging
Answer: D
Explanation: Service Bus queues are part of a broader Azure messaging infrastructure
that supports queuing as well as publish/subscribe, Web service remoting, and integration
patterns.
Service Bus Queue support Push-style API (while Azure Queue messaging does not).
Incorrect:
Not A: Notification Hub is only used to push notification, not for processing requests.
Not B As a solution architect/developer, you should consider using Azure Queues when:
*
Your application must store over 80 GB of messages in a queue, where the messages have a lifetime shorter than 7 days.
*
Your application wants to track progress for processing a message inside of the queue. This is useful if the worker processing a message crashes. A subsequent worker can then use that information to continue from where the prior worker left off.
You require server side logs of all of the transactions executed against your queues.
Not C: To process the messages we do not need push notification.
Reference: Azure Queues and Service Bus Queues - Compared and Contrasted
https://msdn.microsoft.com/en-us/library/azure/hh767287.aspx
Topic 6, Mix Questions
31. - (Topic 6)
Contoso, Ltd., uses Azure websites for public-facing customer websites. The company has a mobile app that requires customers sign in by using a Contoso customer account.
Customers must be able to sign on to the websites and mobile app by using a Microsoft, Facebook, or Google account. All transactions must be secured in-transit regardless of device.
You need to configure the websites and mobile app to work with external identity providers.
Which three actions should you perform? Each correct answer presents part of the solution.
A. Request a certificate from a domain registrar for the website URL, and enable TLS/SSL.
B. Configure IPsec for the websites and the mobile app.
C. Configure the KerberosTokenProfile 1.1 protocol.
D. Configure OAuth2 to connect to an external authentication provider.
E. Build an app by using MVC 5 that is hosted in Azure to provide a framework for the underlying authentication.
Q3. - (Topic 6)
You are designing a distributed application for Azure.
The application must securely integrate with on-premises servers.
You need to recommend a method of enabling Internet Protocol security (IPsec)-protected
connections between on-premises servers and the distributed application.
What should you recommend?
A. Azure Access Control
B. Azure Content Delivery Network (CDN)
C. Azure Service Bus
D. Azure Site-to-Site VPN
Answer: D
Explanation: IPsec can be used on Azure Site-to-Site VPN connections. Distributed applications can used the IPSec VPN connections to communicate.
Reference: About Virtual Network Secure Cross-Premises Connectivity
https://msdn.microsoft.com/en-us/library/azure/dn133798.aspx
Q4. DRAG DROP - (Topic 5)
You need to provide a data access solution for the NorthRide app.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q5. HOTSPOT - (Topic 6)
You have an Azure website that runs on several instances. You have a WebJob that provides additional functionality to the website.
The WebJob must run on all instances of the website.
You need to ensure that the WebJob runs even when the website is idle for long periods of time.
How should you create and configure the WebJob object? To answer, select the appropriate options in the answer area.
Answer:
Q6. - (Topic 4)
You need to analyze Lucerne’s performance monitoring solution.
Which three applications should you monitor? Each correct answer presents a complete solution.
A. The Lucerne Media-D application
B. The data mining application
C. The Lucerne Media-W application
D. The Lucerne Media-M app
E. The Lucerne Media-N app
Answer: C,D,E
Explanation: Monitor the web application and the mobile apps.
C: Lucerne Media W - a web application that delivers media by using any browser
D: Lucerne Media M - a mobile app that delivers media by using Windows Phone 8.1
E: Lucerne Media N - a mobile app that delivers media by using an Android device
* Scenario:
/ Lucerne Publishing must be able to monitor the performance and usage of its customer-
facing app.
/ Customers must be able to access all data by using a web application. They must also be
able to access data by using a mobile app that is provided by Lucerne Publishing.
Q7. - (Topic 6)
You are designing an Azure application that processes graphical image files. The graphical Images are processed in batches by remote applications that run on multiple servers.
You have the following requirements:
. The application must remain operational during batch-processing operations.
. Users must be able to roll back each image to a previous version.
You need to ensure that each remote application has exclusive access to an image while the application processes the image. Which type of storage should you use to store the images?
A. Table service
B. Queue service
C. Blob service
D. A single Azure VHD that is attached to the web role
Answer: C
Explanation: * Blob Leases allow you to claim ownership to a Blob. Once you have the lease you can then update the Blob or delete the Blob without worrying about another process changing it underneath you. When a Blob is leased, other processes can still read it, but any attempt to update it will fail. You can update Blobs without taking a lease first, but you do run the chance of another process also attempting to modify it at the same time.
* You can opt to use either optimistic or pessimistic concurrency models to manage access to blobs and containers in the blob service.
: Azure Blob Storage Part 8: Blob Leases http://justazure.com/azure-blob-storage-part-8-blob-leases/ Reference: Using Blob Leases to Manage Concurrency with Table Storage http://www.azurefromthetrenches.com/?p=1371
Q8. - (Topic 5)
You need to design the authentication solution for the NorthRide app. Which solution should you use?
A. Azure Active Directory Basic with multi-factor authentication for the cloud and on-premises users.
B. Active Directory Domain Services with mutual authentication
C. Azure Active Directory Premium and add multi-factor authentication the for cloud users
D. Active Directory Domain Services with multi-factor authentication
Answer: C
Explanation: * Scenario: The NorthRide app must use an additional level of authentication other than the employee's password.
* Azure Multi-Factor Authentication is the multi-factor authentication service that requires users to also verify sign-ins using a mobile app, phone call or text message. It is available to use with Azure Active Directory, to secure on-premise resources with the Azure Multi-Factor Authentication Server, and with custom applications and directories using the SDK.
Reference: What is Azure Multi-Factor Authentication?
https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication/
Reference: Azure Active Directory Pricing
http://azure.microsoft.com/en-gb/pricing/details/active-directory/
Q9. - (Topic 6)
You are designing a solution that will interact with non-Windows applications over unreliable network connections. You have a security token for each non-Windows application.
You need to ensure that non-Windows applications retrieve messages from the solution.
Where should you retrieve messages?
A. An Azure Queue
B. The Azure Service Bus Queue
C. An Azure blob storage container that has a private access policy
D. Azure Table storage
Answer: B
Explanation: Any Microsoft or non-Microsoft applications can use a Service Bus REST
API to manage and access messaging entities over HTTPS.
By using REST applications based on non-Microsoft technologies (e.g. Java, Ruby, etc.)
are allowed not only to send and receive messages from the Service Bus, but also to
create or delete queues, topics and subscription in a given namespace.
: Service Bus Explorer
https://code.msdn.microsoft.com/windowsazure/service-bus-explorer-f2abca5a
Q10. - (Topic 6)
You are designing an Azure application that provides online backup storage for hundreds of media files. Each file is larger than 1GB.
The data storage solution has the following requirements:
It must be capable of storing an average of 1TB of data for each user. It must support sharing of data between all Windows Azure instances. It must provide random read/write access.
You need to recommend a durable data storage solution.
What should you recommend?
A. Azure Drive
B. Azure Page Blob service
C. Azure Block Blob service
D. Local storage on an Azure instance
Answer: B
Reference: Understanding Block Blobs and Page Blobs https://msdn.microsoft.com/en-us/library/azure/ee691964.aspx