Q1. - (Topic 6)
A company uses Azure to host all resources and uses Microsoft Visual Studio Team Services to manage product life cycles.
You need to ensure the team can start runbooks from Visual Studio Team Services. Which solution should you use?
A. Azure Portal
B. Hybrid Runbook Workers
C. Azure Automation API
D. Schedule
E. Webhook
Answer: C
Q2. - (Topic 6)
You are preparing an application to run on Azure virtual machines (VMs). The VMs will be backed up using Azure Backup.
The application maintains its state in three binary files stored on disk. Changes in application state require that all three files be updated on disk. If only one or two of the files are updated on disk, work is lost and the system is in an inconsistent state.
You need to ensure that when a backup occurs, the application's data is always in a consistent state.
What should you do?
A. Disable caching for the VM’s virtual hard disks.
B. Use Premium Storage for the VM’s virtual hard disks.
C. Implement the Volume Shadow Copy Service (VSS) API in the application.
D. Store the application files on an Azure File Service network share.
Answer: A
Q3. ic 1, VanArsdel, Ltd
Overview
VanArsdel, Ltd. builds skyscrapers, subways, and bridges. VanArsdel is a leader in using technology to do construction better.
Overview
VanArsdel employees are able to use their own mobile devices for work activities because the company recognizes that this usage enables employee productivity. Employees also access Software as a Service (SaaS) applications, including DocuSign, Dropbox, and Citrix. The company continues to evaluate and adopt more SaaS applications for its business. VanArsdel uses Azure Active Directory (AD) to authenticate its employees, as well as Multi-Factor Authentication (MFA). Management enjoys the ease with which MFA can be enabled and disabled for employees who use cloud-based services. VanArsdel's on-premises directory contains a single forest.
Helpdesk:
VanArsdel creates a helpdesk group to assist its employees. The company sends email messages to all its employees about the helpdesk group and how to contact it. Configuring employee access for SaaS applications is often a time-consuming task. It is not always obvious to the helpdesk group which users should be given access to which SaaS applications. The helpdesk group must respond to many phone calls and email messages to solve this problem, which takes up valuable time. The helpdesk group is unable to meet the needs of VanArsdel's employees.
However, many employees do not work with the helpdesk group to solve their access problems. Instead, these employees contact their co-workers or managers to find someone who can help them. Also, new employees are not always told to contact the helpdesk group for access problems. Some employees report that they cannot see all the applications in the Access Panel that they have access to. Some employees report that they must re-enter their passwords when they access cloud applications, even though they have already authenticated.
Bring your own device (BYOD):
VanArsdel wants to continue to support users and their mobile and personal devices, but the company is concerned about how to protect corporate assets that are stored on these devices. The company does not have a strategy to ensure that its data is removed from the devices when employees leave the company.
Customer Support
VanArsdel wants a mobile app for customer profile registration and feedback. The company would like to keep track of all its previous, current, and future customers worldwide. A profile system using third-party authentication is required as well as feedback and support sections for the mobile app.
Migration:
VanArsdel plans to migrate several virtual machine (VM) workloads into Azure. They also plan to extend their on-premises Active Directory into Azure for mobile app authentication.
Business Requirements Hybrid Solution:
✑ A single account and credentials for both on-premises and cloud applications
✑ Certain applications that are hosted both in Azure and on-site must be accessible to both VanArsdel employees and partners
✑ The service level agreement (SLA) for the solution requires an uptime of 99.9%
✑ The partners all use Hotmail.com email addresses
Mobile App:
VanArsdel requires a mobile app for project managers on construction job sites. The mobile app has the following requirements:
✑ The app must display partner information.
✑ The app must alert project managers when changes to the partner information occur.
✑ The app must display project information including an image gallery to view pictures of construction projects.
✑ Project managers must be able to access the information remotely and securely.
Security:
✑ VanArsdel must control access to its resources to ensure sensitive services and information are accessible only by authorized users and/or managed devices.
✑ Employees must be able to securely share data, based on corporate policies, with other VanArsdel employees and with partners who are located on construction job sites.
✑ VanArsdel management does NOT want to create and manage user accounts for partners.
Technical Requirements Architecture:
✑ VanArsdel requires a non-centralized stateless architecture fonts data and services where application, data, and computing power are at the logical extremes of the network.
✑ VanArsdel requires separation of CPU storage and SQL services
Data Storage:
VanArsdel needs a solution to reduce the number of operations on the contractor information table. Currently, data transfer rates are excessive, and queue length for read/write operations affects performance.
✑ A mobile service that is used to access contractor information must have automatically scalable, structured storage
✑ Images must be stored in an automatically scalable, unstructured form.
Mobile Apps:
✑ VanArsdel mobile app must authenticate employees to the company's Active Directory.
✑ Event-triggered alerts must be pushed to mobile apps by using a custom Node.js script.
✑ The customer support app should use an identity provider that is configured by using the Access Control Service for current profile registration and authentication.
✑ The customer support team will adopt future identity providers that are configured through Access Control Service.
Security:
✑ Active Directory Federated Server (AD FS) will be used to extend AD into Azure.
✑ Helpdesk administrators must have access to only the groups of Azure resources they are responsible for. Azure administration will be performed by a separate group.
✑ IT administrative overhead must be minimized.
✑ Permissions must be assigned by using Role Based Access Control (RBAC).
✑ Line of business applications must be accessed securely.
Answer:
Q4. DRAG DROP - (Topic 5)
You need to design the notification service for the customer-facing mobile app.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Azure Notification Hubs provide an easy-to-use infrastructure that enables you to send mobile push notifications from any backend (in the cloud or on-premises) to any mobile platform.
Configuration steps include:
1. Configure your Notification Hub
2. Connecting your app to the Notification Hub
3. Send notification from your back-end
You can send notifications using Notification Hubs from any back-end using the REST interface. You do this through a script, not a configuration of Mobile Services. Use Java or PHP for the script.
Q5. - (Topic 1)
You need to design the system that alerts project managers to data changes in the contractor information app.
Which service should you use?
A. Azure Mobile Service
B. Azure Service Bus Message Queueing
C. Azure Queue Messaging
D. Azure Notification Hub
Answer: C
Explanation: * Scenario:
/ Mobile Apps: Event-triggered alerts must be pushed to mobile apps by using a custom Node.js script.
/ The service level agreement (SLA) for the solution requires an uptime of 99.9%
* If you are already using Azure Storage Blobs or Tables and you start using queues, you are guaranteed 99.9% availability. If you use Blobs or Tables with Service Bus queues, you will have lower availability.
Note: Microsoft Azure supports two types of queue mechanisms: Azure Queues and Service Bus Queues.
/ Azure Queues, which are part of the Azure storage infrastructure, feature a simple REST- based Get/Put/Peek interface, providing reliable, persistent messaging within and between services.
/ Service Bus queues are part of a broader Azure messaging infrastructure that supports queuing as well as publish/subscribe, Web service remoting, and integration patterns.
Reference: Azure Queues and Service Bus Queues - Compared and Contrasted https://msdn.microsoft.com/en-us/library/azure/hh767287.aspx
Q6. DRAG DROP - (Topic 7)
You need to deploy the WGBLoanMaster app by using Azure PowerShell.
Which four Azure PowerShell cmdlets should you run in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q7. DRAG DROP - (Topic 2)
You need to ensure that customer data is secured both in transit and at rest.
Which technologies should you recommend? To answer, drag the appropriate technology to the correct security requirement. Each technology may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Explanation:
* Azure Rights Management service
Azure Rights Management service uses encryption, identity, and authorization policies to help secure your files and email, and it works across multiple devices—phones, tablets, and PCs. Information can be protected both within your organization and outside your organization because that protection remains with the data, even when it leaves your organization’s boundaries.
* Transparent Data Encryption
Transparent Data Encryption (often abbreviated to TDE) is a technology employed by both Microsoft and Oracle to encrypt database files. TDE offers encryption at file level. TDE solves the problem of protecting data at rest, encrypting databases both on the hard drive and consequently on backup media.
* TLS/SSL
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating, and to negotiate a symmetric key.
Q8. HOTSPOT - (Topic 2)
You need to plan the business continuity strategy.
For each requirement, what should you recommend? To answer, select the appropriate option from each list in the answer area.
Answer:
Q9. - (Topic 1)
You need to recommend a solution that allows partners to authenticate. Which solution should you recommend?
A. Configure the federation provider to trust social identity providers.
B. Configure the federation provider to use the Azure Access Control service.
C. Create a new directory in Azure Active Directory and create a user account for the partner.
D. Create an account on the VanArsdel domain for the partner and send an email message that contains the password to the partner.
Answer: B
Explanation: * Scenario: The partners all use Hotmail.com email addresses.
* In Microsoft Azure Active Directory Access Control (also known as Access Control Service or ACS), an identity provider is a service that authenticates user or client identities and issues security tokens that ACS consumes.
The ACS Management Portal provides built-in support for configuring Windows Live ID as an ACS Identity Provider.
Incorrect:
Not C, not D: Scenario: VanArsdel management does NOT want to create and manage user accounts for partners.
Reference: Identity Providers
https://msdn.microsoft.com/en-us/library/azure/gg185971.aspx
Q10. - (Topic 6)
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing the deployment of resources in Azure. You plan to use templates to customize deployment options.
You need to ensure that Azure services are deployed and updated identically. Solution: You customize the $schema element of the template.
Does the solution meet the goal?
A. Yes
B. No
Answer: A