Q1. HOTSPOT - (Topic 1)
You need to design the contractor information app.
What should you recommend? To answer, select the appropriate options in the answer area.
Answer:
Explanation:
/ They also plan to extend their on-premises Active Directory into Azure for mobile app authentication
/ VanArsdel mobile app must authenticate employees to the company's Active Directory.
Q2. HOTSPOT - (Topic 4)
The company has two corporate offices. Customers will access the websites from datacenters around the world.
You need to architect the global website strategy to meet the business requirements. Use the drop-down menus to select the answer choice that answers each question.
Answer:
Explanation:
* Scenario: The customer-facing website must have access to all ad copy and media.
Q3. - (Topic 6)
You design an Azure web application. The web application is accessible by default as a standard cloudapp.net URL.
You need to recommend a DNS resource record type that will allow you to configure access to the web application by using a custom domain name.
Which DNS record type should you recommend?
A. SRV
B. MX
C. CNAME
D. A
Answer: C
Explanation: A CNAME record maps a specific domain, such as contoso.com or www.contoso.com, to a canonical domain name. In this case, the canonical domain name is the <myapp>.cloudapp.net domain name of your Azure hosted application. Once
created, the CNAME creates an alias for the <myapp>.cloudapp.net. The CNAME entry will resolve to the IP address of your <myapp>.cloudapp.net service automatically, so if the IP address of the cloud service changes, you do not have to take any action.
Incorrect: Not D:
* Since an A record is mapped to a static IP address, it cannot automatically resolve changes to the IP address of your Cloud Service.
* An A record maps a domain, such as contoso.com or www.contoso.com, or a wildcard domain such as *.contoso.com, to an IP address. In the case of an Azure Cloud Service, the virtual IP of the service. So the main benefit of an A record over a CNAME record is that you can have one entry that uses a wildcard, such as *.contoso.com, which would handle requests for multiple sub-domains such as mail.contoso.com, login.contoso.com, or www.contso.com.
Reference: Configuring a custom domain name for an Azure cloud service http://azure.microsoft.com/en-gb/documentation/articles/cloud-services-custom-domain-
name/
Q4. - (Topic 6)
You are designing the deployment of virtual machines (VMs) and web services that run in Azure.
You need to specify the desired state of a node and ensure that the node remains at that state.
What should you use?
A. Microsoft Azure Pack
B. Service Management Automation
C. System Center 2021 Orchestrator
D. Azure Automation
Answer: A
Q5. - (Topic 1)
You need to assign permissions for the Virtual Machine workloads that you migrate to Azure.
The solution must use the principal of least privileges. What should you do?
A. Create all VMs in the cloud service named Groupl and then connect to the Azure subscription. Run the following Windows PowerShell command:
New-AzureRoleAssignment -Mail user1@vanarsdelltd.com -RoleDefinitionName Contributor -ResourceGroupName group1
B. In the Azure portal, select an individual virtual machine and add an owner.
C. In the Azure portal, assign read permission to the user at the subscription level.
D. Create each VM in a separate cloud service and then connect to the Azure subscription. Run the following Windows PowerShell command:
Get-AzureVM | New-AzureRoleAssignment -Mail userl@vanarsdelltd.com - RoleDefinitionName Contributor
Answer: A
Explanation: * Scenario: Permissions must be assigned by using Role Based Access Control (RBAC).
* Role-Based access control (RBAC) in the Azure Portal and Azure Resource Management
API allows you to manage access to your subscription at a fine-grained level. With this feature, you can grant access for Active Directory users, groups, or service principals by assigning some roles to them at a particular scope.
Create a role assignment
Use New-AzureRoleAssignment to create a role assignment.
Example: This will create a role assignment for a group at a resource group level.
PS C:\> New-AzureRoleAssignment -ObjectID <group object ID> -RoleDefinitionName Reader -ResourceGroupName group1
Reference: Managing Role-Based Access Control with Windows PowerShell https://azure.microsoft.com/en-gb/documentation/articles/role-based-access-control-
powershell/
Q6. - (Topic 6)
You are evaluating an Azure application. The application includes the following elements:
✑ A web role that provides the ASP.NET user interface and business logic
✑ A single SQL database that contains all application data
Each webpage must receive data from the business logic layer before returning results to the client. Traffic has increased significantly. The business logic is causing high CPU usage.
You need to recommend an approach for scaling the application. What should you recommend?
A. Store the business logic results in Azure Table storage.
B. Vertically partition the SQL database.
C. Move the business logic to a worker role.
D. Store the business logic results in Azure local storage.
Answer: C
Explanation: For Cloud Services in Azure applications need both web and worker roles to
scale well.
Reference: Application Patterns and Development Strategies for SQL Server in Azure Virtual Machines
https://msdn.microsoft.com/en-us/library/azure/dn574746.aspx
Topic 7, Woodgrove Bank
Overview
Woodgrove Bank has 20 regional offices and operates 1,500 branch office locations. Each regional office hosts the servers, infrastructure, and applications that support that region. Woodgrove Bank plans to move all of Their on-premises resources to Azure, including virtual machine (VM)-based, line-of-business workloads, and SQL databases. You are the owner of the Azure subscription that Woodgrove Bank is using. Your team is using Git repositories hosted on GitHub for source control.
Security
Currently, Woodgrove Bank's Computer Security Incident Response Team (CSIRT) has a problem investigating security issues due to the lack of security intelligence integrated with their current incident response tools. This lack of integration introduces a problem during the detection (too many false positives), assessment, and diagnose stages. You decide to use Azure Security Center to help address this problem.
Woodgrove Bank has several apps with regulated data such as Personally Identifiable Information (PU) that require a higher level of security. All apps are currently secured by using an on-premises Active Directory Domain Services (AD DS). The company depends on following mission-critical apps: WGBLoanMaster, WGBLeaseLeader, and WGBCreditCruncher apps. You plan to move each of these apps to Azure as part of an app migration project.
Apps
The WGBLoanMaster app has been audited for transaction loss. Many transactions have been lost in processing and monetary write-offs have cost the bank. The app runs on two VMs that include several public end points.
The WGBteaseLeader app has been audited for several data breaches. The app includes a SQL Server database and a web-based portal. The portal uses an ASP.NET Web API function to generate a monthly aggregate report from the database.
The WGBCreditCruncher app runs on a VM and is load balanced at the network level. The app includes several stateless components and must accommodate scaling of increased credit processing. The app runs on a nightly basis to process credit transactions that are batched during the day. The app includes a web-based portal where customers can check their credit information. A mobile version of the app allows users to upload check images.
Business Requirements: WGBLoanMasterApp
The app audit revealed a need for zero transaction loss. The business is losing money due to the app losing and not processing loan information. In addition, transactions fail to process after running for a long time. The business has requested the aggregation processing to be scheduled for 01:00 to prevent system slowdown.
WGBLeaseLeader App
The app should be secured to stop data breaches. It the data is breached, it must not be readable. The app is continuing to see increased volume and the business does not want the issues presented in the WGBLoanMaster app. Transaction loss is unacceptable, and although the lease monetary amounts are smaller than loans, they are still an important profit center for Woodgrove Bank. The business would also like the monthly report to be automatically generated on the first of the month. Currently, a user must log in to the portal and click a button to generate the report.
WGBCreditCruncher app
The web-based portal area of the app must allow users to sign in with their Facebook credentials. The bank would like to allow this feature to enable more users to check their credit within the app.
Woodgrove Bank needs to develop a new financial risk modeling feature that they can include in the WGBCreditCruncher app. The financial risk modeling feature has not been developed due to costs associated with processing, transforming, and analyzing the large volumes of data that are collected. You need to find a way to implement parallel processing to ensure that the features runs efficiently, reliably, and quickly. The feature must scale based on computing demand to process the large volumes of data and output several financial risk models.
Technical Requirements: WGBLoanMaster App
The app uses several compute-intensive tasks that create long-running requests to the system. The app is critical to the business and must be scalable to increased loan processing demands. The VMs that run the app include a Windows Task Scheduler task that aggregates loan information from the app to send to a third party. This task runs a console app on the VM.
The app requires a messaging system to handle transaction processing. The messaging system must meet the following requirements:
*Allow messages to reside in the queue for up to a month
*Be able to publish and consume batches of messages
*Allow full integration with the Windows Communication Foundation (WCF) communication stack
*Provide a role-based access model to the queues, including different permissions for senders and receivers
You develop an Azure Resource Manager (ARM) template to deploy the VMs used to support the app. The template must be deployed to a new resource group and you must validate your deployment settings before creating actual resources.
WGBLeaseLeader App
The app must use Azure SQL Databases as a replacement to the current Microsoft SQL Server environment. The monthly report must be automatically generated.
The app requires a messaging system to handle transaction processing. The messaging system must meet the following requirements:
*Require server-side logs of all of the transactions run against your queues
*Track progress of a message within the queue
*Process the messages within 7 days
*Provide a differing timeout value per message
WGBCreditCruncher app
The app must
*Secure inbound and outbound traffic
*Analyze inbound network traffic for vulnerabilities.
*Use an instance-level public IP and allow web traffic on port 443 only.
*Upgrade the portal to a Single Page Application (SPA) that uses JavaScript Azure Active Directory (Azure AD), and the OAuth 2.0 implicit authorization grant to secure the Web API back end.
*Cache authentication and host the Web API back end using the Open Web Interface for
.NET (OWIN) middleware.
*Immediately compress check images received from the mobile web app.
*Schedule processing of the batched credit transactions on a nightly basis.
*Provide parallel processing and scalable computing resources to output financial risk models.
*Use simultaneous compute nodes to enable high performance computing and updating of the financial risk models.
Key Security Areas
Q7. - (Topic 6)
A company has multiple Azure subscriptions. It plans to deploy a large number of virtual machines (VMs) into Azure.
You install the Azure PowerShell module, but you are unable connect to all of the company's Azure subscriptions.
You need to automate the management of the Azure subscriptions. Which two Azure PowerShell cmdlets should you run?
A. Get-AzurePublishSettingsFile
B. Import-AzurePublishSettingsFile
C. Add-AzureSubscription
D. Import-AzureCertificate
E. Get-AzureCertificate
Answer: A,B
Explanation: Before you start using the Windows Azure cmdlets to automate deployments, you must configure connectivity between the provisioning computer and Windows Azure. You can do this automatically by downloading the PublishSettings file from Windows Azure and importing it.
To download and import publish settings and subscription information
✑ At the Windows PowerShell command prompt, type the following command, and then press Enter.
Get-AzurePublishSettingsFile
2. Sign in to the Windows Azure Management Portal, and then follow the instructions to download your Windows Azure publishing settings. Save the file as a .publishsettings type file to your computer.
3. In the Windows Azure PowerShell window, at the command prompt, type the following command, and then press Enter.
Import-AzurePublishSettingsFile <mysettings>.publishsettings
Reference: How to: Download and Import Publish Settings and Subscription Information https://msdn.microsoft.com/en-us/library/dn385850%28v=nav.70%29.aspx
Q8. DRAG DROP - (Topic 6)
You are designing the deployment for Linux virtual machines (VMs) in Azure. The VMs will be used for a web app that will run in Azure.
The web app must be able to run Bash scripts on demand. Parallel workloads must also be set to scale automatically based on use.
You need to design the environment for the Bash scripts and parallel workloads. Which processing type should you use for each component? To answer, drag the
appropriate processing types to the correct components. Each processing type may be
used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Answer:
Q9. - (Topic 6)
You are designing an Azure web application that includes many static content files.
The application is accessed from locations all over the world by using a custom domain name.
You need to recommend an approach for providing access to the static content with the least amount of latency.
Which two actions should you recommend? Each correct answer presents part of the solution.
A. Place the static content in Azure Table storage.
B. Configure a CNAME DNS record for the Azure Content Delivery Network (CDN) domain.
C. Place the static content in Azure Blob storage.
D. Configure a custom domain name that is an alias for the Azure Storage domain.
Answer: B,C
Explanation: B: There are two ways to map your custom domain to a CDN endpoint.
1. Create a CNAME record with your domain registrar and map your custom domain and subdomain to the CDN endpoint
2. Add an intermediate registration step with Azure cdnverify
C: The Azure Content Delivery Network (CDN) offers developers a global solution for delivering high-bandwidth content by caching blobs and static content of compute instances at physical nodes in the United States, Europe, Asia, Australia and South America.
The benefits of using CDN to cache Azure data include:
/ Better performance and user experience for end users who are far from a content source, and are using applications where many 'internet trips' are required to load content
/ Large distributed scale to better handle instantaneous high load, say, at the start of an event such as a product launch
Reference: Using CDN for Azure
https://azure.microsoft.com/en-gb/documentation/articles/cdn-how-to-use/
Reference: How to map Custom Domain to Content Delivery Network (CDN) endpoint https://github.com/Azure/azure-content/blob/master/articles/cdn-map-content-to-custom-
domain.md
https://github.com/Azure/azure-content/blob/master/articles/cdn-map-content-to-custom- domain.md
Q10. HOTSPOT - (Topic 6)
You have an on-premises Active Directory Domain Services domain. You are considering moving your infrastructure to Azure Active Directory.
You need describe the features that each directory service provides.
For each feature, what should you implement? To answer, select the appropriate option from each list in the answer area.
Answer: