Q1. - (Topic 1)
You are designing a plan to deploy a new application to Azure. The solution must provide a single sign-on experience for users.
You need to recommend an authentication type. Which authentication type should you recommend?
A. SAML credential tokens
B. Azure managed access keys
C. Windows Authentication
D. MS-CHAP
Answer: A
Explanation: A Microsoft cloud service administrator who wants to provide their Azure Active Directory (AD) users with sign-on validation can use a SAML 2.0 compliant SP-Lite profile based Identity Provider as their preferred Security Token Service (STS) / identity provider. This is useful where the solution implementer already has a user directory and password store on-premises that can be accessed using SAML 2.0. This existing user directory can be used for sign-on to Office 365 and other Azure AD-secured resources.
Reference: Use a SAML 2.0 identity provider to implement single sign-on https://msdn.microsoft.com/en-us/library/azure/dn641269.aspx?f=255&MSPPError=-2147217396
Topic 2, Trey Research
Background Overview
Trey Research conducts agricultural research and sells the results to the agriculture and food industries. The company uses a combination of on-premises and third-party server clusters to meet its storage needs. Trey Research has seasonal demands on its services, with up to 50 percent drops in data capacity and bandwidth demand during low-demand periods. They plan to host their websites in an agile, cloud environment where the company can deploy and remove its websites based on its business requirements rather than the requirements of the hosting company.
A recent fire near the datacenter that Trey Research uses raises the management team's awareness of the vulnerability of hosting all of the company's websites and data at any single location. The management team is concerned about protecting its data from loss as a result of a disaster.
Websites
Trey Research has a portfolio of 300 websites and associated background processes that are currently hosted in a third-party datacenter. All of the websites are written in ASP.NET, and the background processes use Windows Services. The hosting environment costs Trey Research approximately S25 million in hosting and maintenance fees.
Infrastructure
Trey Research also has on-premises servers that run VMs to support line-of-business applications. The company wants to migrate the line-of-business applications to the cloud, one application at a time. The company is migrating most of its production VMs from an aging VMWare ESXi farm to a Hyper-V cluster that runs on Windows Server 2012.
Applications DistributionTracking
Trey Research has a web application named Distributiontracking. This application
constantly collects realtime data that tracks worldwide distribution points to customer retail sites. This data is available to customers at all times.
The company wants to ensure that the distribution tracking data is stored at a location that is geographically close to the customers who will be using the information. The system must continue running in the event of VM failures without corrupting data. The system is processor intensive and should be run in a multithreading environment.
HRApp
The company has a human resources (HR) application named HRApp that stores data in an on-premises SQL Server database. The database must have at least two copies, but data to support backups and business continuity must stay in Trey Research locations only. The data must remain on-premises and cannot be stored in the cloud.
HRApp was written by a third party, and the code cannot be modified. The human resources data is used by all business offices, and each office requires access to the entire database. Users report that HRApp takes all night to generate the required payroll reports, and they would like to reduce this time.
MetricsTracking
Trey Research has an application named MetricsTracking that is used to track analytics for the DistributionTracking web application. The data MetricsTracking collects is not customer-facing. Data is stored on an on-premises SQL Server database, but this data should be moved to the cloud. Employees at other locations access this data by using a remote desktop connection to connect to the application, but latency issues degrade the functionality.
Trey Research wants a solution that allows remote employees to access metrics data without using a remote desktop connection. MetricsTracking was written in-house, and the development team is available to make modifications to the application if necessary. However, the company wants to continue to use SQL Server for MetricsTracking.
Business Requirements
Business Continuity
You have the following requirements:
✑ Move all customer-facing data to the cloud.
✑ Web servers should be backed up to geographically separate locations,
✑ If one website becomes unavailable, customers should automatically be routed to websites that are still operational.
✑ Data must be available regardless of the operational status of any particular website.
✑ The HRApp system must remain on-premises and must be backed up.
✑ The MetricsTracking data must be replicated so that it is locally available to all Trey Research offices.
Auditing and Security
You have the following requirements:
✑ Both internal and external consumers should be able to access research results.
✑ Internal users should be able to access data by using their existing company credentials without requiring multiple logins.
✑ Consumers should be able to access the service by using their Microsoft credentials.
✑ Applications written to access the data must be authenticated.
✑ Access and activity must be monitored and audited.
✑ Ensure the security and integrity of the data collected from the worldwide distribution points for the distribution tracking application.
Storage and Processing
You have the following requirements:
✑ Provide real-time analysis of distribution tracking data by geographic location.
✑ Collect and store large datasets in real-time data for customer use.
✑ Locate the distribution tracking data as close to the central office as possible to improve bandwidth.
✑ Co-locate the distribution tracking data as close to the customer as possible based on the customer's location.
✑ Distribution tracking data must be stored in the JSON format and indexed by metadata that is stored in a SQL Server database.
✑ Data in the cloud must be stored in geographically separate locations, but kept with the same political boundaries.
Technical Requirements Migration
You have the following requirements:
✑ Deploy all websites to Azure.
✑ Replace on-premises and third-party physical server clusters with cloud-based solutions.
✑ Optimize the speed for retrieving exiting JSON objects that contain the distribution
tracking data.
✑ Recommend strategies for partitioning data for load balancing.
Auditing and Security
You have the following requirements:
✑ Use Active Directory for internal and external authentication.
✑ Use OAuth for application authentication.
Business Continuity
You have the following requirements:
✑ Data must be backed up to separate geographic locations.
✑ Web servers must run concurrent versions of all websites in distinct geographic locations.
✑ Use Azure to back up the on-premises MetricsTracking data.
✑ Use Azure virtual machines as a recovery platform for MetricsTracking and HRApp.
✑ Ensure that there is at least one additional on-premises recovery environment for the HRApp.
Q2. - (Topic 6)
A company uses Azure to host all resources and uses Microsoft Visual Studio Team Services to manage product life cycles.
You need to ensure the team can start runbooks from Visual Studio Team Services. Which solution should you use?
A. Azure Portal
B. Hybrid Runbook Workers
C. Azure Automation API
D. Schedule
E. Webhook
Answer: C
Q3. - (Topic 6)
You are designing an Azure web application that includes many static content files.
The application is accessed from locations all over the world by using a custom domain name.
You need to recommend an approach for providing access to the static content with the least amount of latency.
Which two actions should you recommend? Each correct answer presents part of the solution.
A. Place the static content in Azure Table storage.
B. Configure a CNAME DNS record for the Azure Content Delivery Network (CDN) domain.
C. Place the static content in Azure Blob storage.
D. Configure a custom domain name that is an alias for the Azure Storage domain.
Answer: B,C
Explanation: B: There are two ways to map your custom domain to a CDN endpoint.
1. Create a CNAME record with your domain registrar and map your custom domain and subdomain to the CDN endpoint
2. Add an intermediate registration step with Azure cdnverify
C: The Azure Content Delivery Network (CDN) offers developers a global solution for delivering high-bandwidth content by caching blobs and static content of compute instances at physical nodes in the United States, Europe, Asia, Australia and South America.
The benefits of using CDN to cache Azure data include:
/ Better performance and user experience for end users who are far from a content source, and are using applications where many 'internet trips' are required to load content
/ Large distributed scale to better handle instantaneous high load, say, at the start of an event such as a product launch
Reference: Using CDN for Azure
https://azure.microsoft.com/en-gb/documentation/articles/cdn-how-to-use/
Reference: How to map Custom Domain to Content Delivery Network (CDN) endpoint https://github.com/Azure/azure-content/blob/master/articles/cdn-map-content-to-custom-
domain.md
https://github.com/Azure/azure-content/blob/master/articles/cdn-map-content-to-custom- domain.md
Q4. - (Topic 1)
You need to ensure that users do not need to re-enter their passwords after they authenticate to cloud applications for the first time.
What should you do?
A. Enable Microsoft Account authentication.
B. Set up a virtual private network (VPN) connection between the VanArsdel premises and Azure datacenter. Set up a Windows Active Directory domain controller in Azure VM. Implement Integrated Windows authentication.
C. Deploy ExpressRoute.
D. Configure Azure Active Directory Sync to use single sign-on (SSO).
Answer: D
Explanation: Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them.
Reference: http://en.wikipedia.org/wiki/Single_sign-on
Q5. - (Topic 2)
You need to configure identity synchronization. What should you create?
A. a second Azure Active Directory Connect sync server
B. backups of all on-premises server farms
C. backups of all Azure VMs
D. a second Azure Active Directory Connect staging server
E. a second Azure Active Directory directory
Answer: D
Q6. DRAG DROP - (Topic 3)
You need to recommend network connectivity solutions for the experimental applications.
What should you recommend? To answer, drag the appropriate solution to the correct network connection requirements. Each solution may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Explanation:
ExpressRoute gives you a fast and reliable connection to Azure making it suitable for scenarios like periodic data migration, replication for business continuity, disaster recovery and other high availability strategies. It can also be a cost-effective option for transferring large amounts of data such as datasets for high performance computing applications or moving large VMs between your dev/test environment in Azure and on-premises production environment.
Box 2: point-to-site VPN Box 3: point-to-site VPN
A point-to-site VPN also allows you to create a secure connection to your virtual network. In a point-to-site configuration, the connection is configured individually on each client computer that you want to connect to the virtual network
Box 4: site-to-site VPN
A site-to-site VPN allows you to create a secure connection between your on-premises site and your virtual network. To create a site-to-site connection, a VPN device that is located on your on-premises network is configured to create a secure connection with the Azure Virtual Network Gateway. Once the connection is created, resources on your local network and resources located in your virtual network can communicate directly and securely. Site- to-site connections do not require you to establish a separate connection for each client computer on your local network to access resources in the virtual network.
* Scenario: Support building experimental applications by using data from the Azure
deployment and on-premises data sources.
Q7. - (Topic 6)
You are designing an Azure web application. The application uses one worker role. It does not use SQL Database. You have the following requirements:
✑ Maximize throughput and system resource availability
✑ Minimize downtime during scaling
You need to recommend an approach for scaling the application. Which approach should you recommend?
A. Increase the role instance size.
B. Set up horizontal partitioning.
C. Increase the number of role instances.
D. Set up vertical partitioning.
Answer: C
Explanation: On the Scale page of the Azure Management Portal, you can manually scale your application or you can set parameters to automatically scale it. You can scale applications that are running Web Roles, Worker Roles, or Virtual Machines. To scale an application that is running instances of Web Roles or Worker Roles, you add or remove role instances to accommodate the work load.
Reference: How to Scale an Application
http://azure.microsoft.com/en-gb/documentation/articles/cloud-services-how-to-scale/
Q8. - (Topic 6)
You are designing a web app deployment in Azure.
You need to ensure that inbound requests to the web app are routed based on the endpoint that has the lowest latency.
What should you use?
A. Azure health probes
B. Azure Fabric Controller
C. Azure Load Balancer
D. Azure Traffic Manager
Answer: D
Q9. DRAG DROP - (Topic 8)
You are training a new developer.
You need to describe the process flow for sending a notification.
Which three actions must be performed in sequence? To answer, move the appropriate
actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q10. - (Topic 6)
You develop a new Azure Web App that uses multiple Azure Blobs and static content The Web App uses a large number of JavaScript tiles and cascading style sheets. Some of these files contain references to other files. Users are geographically dispersed.
You need to minimize the time to load individual pages. What should you do?
A. Migrate the Web App to Azure Service Fabric.
B. Implement an Azure Redis Cache.
C. Enable the Always On feature of the Web App.
D. Create a services layer by using an Azure-hosted ASP.NET web API.
E. Use an Azure Content Delivery Network (CDN).
Answer: A