Q1. - (Topic 4)
You need to ensure that the website scales. What should you do?
A. Deploy Traffic Manager and configure it to route user traffic to specified endpoints to other Azure datacenters.
B. Enter multiple DNS entries in each virtual network to route requests to other Azure datacenters.
C. Set up a new Azure datacenter to Azure datacenter VPN to enable the solution to communicate across regions.
D. Use a virtual network to route network traffic in a single Azure datacenter.
Answer: C
Explanation: Scenario: The customer-facing website must automatically scale and replicate to locations around the world.
Azure ExpressRoute enables you to create private connections between Azure datacenters and infrastructure that’s on your premises or in a colocation environment. ExpressRoute connections do not go over the public Internet, and offer more reliability, faster speeds, lower latencies and higher security than typical connections over the Internet. In some cases, using ExpressRoute connections to transfer data between on-premises and Azure can also yield significant cost benefits.
Reference: ExpressRoute, Experience a faster, private connection to Azure http://azure.microsoft.com/en-us/services/expressroute/
Q2. HOTSPOT - (Topic 6)
A company uses Azure for several virtual machine (VM) and website workloads. The company plans to assign administrative roles to a specific group of users. You have a resource group named GROUP1 and a virtual machine named VM2.
The users have the following responsibilities:
You need to assign the appropriate level of privileges to each of the administrators by using the principle of least privilege.
What should you do? To answer, select the appropriate target objects and permission levels in the answer area.
Answer:
Explanation:
* Owner can manage everything, including access.
* Contributors can manage everything except access.
Note: Azure role-based access control allows you to grant appropriate access to Azure AD users, groups, and services, by assigning roles to them on a subscription or resource group or individual resource level.
Q3. - (Topic 4)
You need to upload video to the company's Azure environment. What should you do?
A. Create a site-to-site VPN connection.
B. Write directly to the storage REST APIs.
C. Create an ExpressRoute connection.
D. Use the Azure Import/Export service to move the data.
Answer: B
Q4. HOTSPOT - (Topic 6)
You plan to acquire a secure connection between a data center and Azure, for disaster
recovery purposes. The company anticipate moving more than 5 terabytes (TB) of data during each failover instance. You have the following requirements:
*You must be able to monitor connection throughput and all network traffic.
*You must minimize the time it takes to transfer data after a failover. You need to recommend the correct configuration.
What should you recommend? To answer, select the appropriate connects and routing gateway from the lists in the answer area.
Answer:
Q5. - (Topic 6)
You design an Azure application that processes images. The maximum size of an image is 10 MB. The application includes a web role that allows users to upload images and a worker role with multiple instances that processes the images. The web role communicates with the worker role by using an Azure Queue service.
You need to recommend an approach for storing images that minimizes storage transactions.
What should you recommend?
A. Store images in Azure Blob service. Store references to the images in the queue.
B. Store images in the queue.
C. Store images in OneDrive attached to the worker role instances. Store references to the images in the queue.
D. Store images in local storage on the web role instance. Store references to the images in the queue.
Answer: A
Explanation: Azure Queues provide a uniform and consistent programming model across queues, tables, and BLOBs – both for developers and for operations teams.
Microsoft Azure blob storage can be used to store the image data, the application can use a worker role in Azure to perform background processing tasks on the images, how the application may use shared access signatures to control access to the images by users. Azure blobs provide a series of containers aimed at storing text or binary data. Block blob containers are ideal for streaming data, while page blob containers can be used for random read/write operations.
Reference: 5 – Executing Background Tasks
https://msdn.microsoft.com/en-gb/library/ff803365.aspx
Reference: Azure Queues and Service Bus Queues - Compared and Contrasted https://msdn.microsoft.com/en-us/library/azure/hh767287.aspx
Q6. DRAG DROP - (Topic 6)
You are developing an ASP.NET Web API that you will host by using the Open Web Interface for .NET (OWIN) libraries. The API is used by an ASP.NET MVC Web App that is hosted in Azure.
You need to secure the API by using Azure Active Directory (Azure AD) B2C.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q7. - (Topic 6)
You have business services that run on an on-premises mainframe server.
You must provide an intermediary configuration to support existing business services and
Azure. The business services cannot be rewritten. The business services are not exposed externally.
You need to recommend an approach for accessing the business services. What should you recommend?
A. Connect to the on-premises server by using a custom service in Azure.
B. Expose the business services to the Azure Service Bus by using a custom service that uses relay binding.
C. Expose the business services externally.
D. Move all business service functionality to Azure.
Answer: B
Explanation: The Service Bus relay service enables you to build hybrid applications that run in both an Azure datacenter and your own on-premises enterprise environment. The Service Bus relay facilitates this by enabling you to securely expose Windows Communication Foundation (WCF) services that reside within a corporate enterprise network to the public cloud, without having to open a firewall connection, or require intrusive changes to a corporate network infrastructure.
Reference: How to Use the Service Bus Relay Service
http://azure.microsoft.com/en-gb/documentation/articles/service-bus-dotnet-how-to-use- relay/
Q8. - (Topic 2)
You need to assign permissions for Her four employees. Which role should you assign?
A. Security Manager
B. Website Contributor
C. Owner
D. Network Contributor
Answer: C
Q9. - (Topic 6)
You are running a Linux guest in Azure Infrastructure-as-a-Service (IaaS).
You must run a daily maintenance task. The maintenance task requires native BASH commands.
You need to configure Azure Automation to perform this task.
Which three actions should you perform? Each correct answer presents part of the solution.
A. Create an automation account.
B. Create an Orchestrator runbook.
C. Create an asset credential.
D. Run the Invoke-Workflow Azure PowerShell cmdlet.
E. Import the SSH PowerShell Module.
Answer: A,C,E
Explanation: A: An Automation Account is a container for your Azure Automation resources: it provides a way to separate your environments or further organize your workflows.
To create An Automation Account
1. Log in to the Azure Management Portal.
2. In the Management Portal, click Create an Automation Account.
3. On the Add a New Automation Account page, enter a name and pick a region for the account.
Reference: Get started with Azure Automation
http://azure.microsoft.com/en-gb/documentation/articles/automation-create-runbook-from- samples/
C:
* Asset credentials are either a username and password combination that can be used with Windows PowerShell commands or a certificate that is uploaded to Azure Automation.
* The Assets page in Automation displays the various resources (also called “settings”) that are globally available to be used in or associated with a runbook, plus commands to import an integration module, add a new asset, or delete an asset. Assets include variables, schedules, credentials, and connections.
Reference: Getting Started with Azure Automation: Automation Assets http://azure.microsoft.com/blog/2014/07/29/getting-started-with-azure-automation-
automation-assets-2/
E:
Reference: Managing SSH enabled Linux hosts using Service Management Automation http://blogs.technet.com/b/orchestrator/archive/2014/05/01/managing-ssh-enabled-linux-hosts-using-service-management-automation.aspx
Q10. - (Topic 6)
Contoso, Ltd., uses Azure websites for public-facing customer websites. The company has a mobile app that requires customers sign in by using a Contoso customer account.
Customers must be able to sign on to the websites and mobile app by using a Microsoft, Facebook, or Google account. All transactions must be secured in-transit regardless of device.
You need to configure the websites and mobile app to work with external identity providers. Which three actions should you perform? Each correct answer presents part of the
solution.
A. Request a certificate from a domain registrar for the website URL, and enable TLS/SSL.
B. Configure IPsec for the websites and the mobile app.
C. Configure the KerberosTokenProfile 1.1 protocol.
D. Configure OAuth2 to connect to an external authentication provider.
E. Build an app by using MVC 5 that is hosted in Azure to provide a framework for the underlying authentication.
Answer: A,D,E
Explanation: DE: This tutorial shows you how to build an ASP.NET MVC 5 web application that enables users to log in using OAuth 2.0 with credentials from an external authentication provider, such as Facebook, Twitter, LinkedIn, Microsoft, or Google.
A:
* You will now be redirected back to the Register page of the MvcAuth application where you can register your Google account. You have the option of changing the local email registration name used for your Gmail account, but you generally want to keep the default email alias (that is, the one you used for authentication). Click Register.
* To connect to authentication providers like Google and Facebook, you will need to set up IIS-Express to use SSL.
Reference: Code! MVC 5 App with Facebook, Twitter, LinkedIn and Google OAuth2 Sign- on (C#)
http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and- google-oauth2-and-openid-sign-on