AZ-203 Exam - Developing Solutions for Microsoft Azure

NEW QUESTION 1
You need to meet the LabelMaker security requirement. What should you do?

• A. Create a conditional access policy and assign it to the Azure Kubernetes Service duster
• B. Place the Azure Active Directory account into an Azure AD grou
• C. Create a ClusterRoleBinding and assign it to the group.
• D. Create a Microsoft Azure Active Directory service principal and assign it to the Azure Kubernetes Service (AKS) duster.
• E. Create a RoleBinding and assign it to the Azure AD account.

Answer: D

NEW QUESTION 2
DRAG DROP
You have an application that provides weather forecasting data to external partners. You use Azure API Management to publish APIs.
You must change the behavior of the API to meet the following requirements:
• Support alternative input parameters.
• Remove formatting text from responses.
• Provide additional context to back-end services.
Which types of policies should you implement? To answer, drag the policy types to the correct scenarios. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 3
HOTSPOT
You need to ensure that security requirements are met.
What value should be used for the ConnectionString field on line DB03 in the Database class? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Integrated Security=SSPI
Integrated security: For all data source types, connect using the current user account.
For SqlClient you can use Integrated Security=true; or Integrated Security=SSPI; Scenario: All access to Azure Storage and Azure SQL database must use the application’s Managed Service Identity (MSI)
Box 2: Encrypt = True
Scenario: All data must be protected in transit. References:
https://docs.microsoft.com/en-us/dotnet/framework/data/adonet/connection-string- syntax

NEW QUESTION 4
HOTSPOT
You need to update the Inventory API.
Which development tools should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Scenario: The Inventory API must be written by using ASP.NET Core and Node.js. Box 1: Entity Framework Core
Box 2: Code first References:
https://docs.microsoft.com/en-us/aspnet/mvc/overview/getting-started/getting- started-with-ef-using-mvc/creating-an-entity-framework-data-model-for-an-asp-net- mvc-application

NEW QUESTION 5
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that authentication events are triggered and processed according to the policy.
Solution: Ensure that signout events have a subject prefix. Create an Azure Event Grid subscription that uses the subjectBeginsWith filter.

• A. Yes
• B. No

Answer: B

NEW QUESTION 6
You develop an Azure web app. You monitor performance of the web app by using Application Insights. You need to ensure the cost for Application Insights does not exceed a preset budget. What should you do?

• A. Implement ingestion sampling using the Azure portal.
• B. Set a daily cap for the Application Insights instance.
• C. Implement adaptive sampling using the Azure portal.
• D. Implement adaptive sampling using the Application Insights SDK.
• E. Implement ingestion sampling using the Application Insights SDK.

Answer: B

NEW QUESTION 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the
solution meets the stated goals.
You need to meet the LabelMaker application security requirement.
Solution: Create a Microsoft Azure Active Directory service principal and assign it to the Azure Kubernetes Service (AKS) cluster.
Does the solution meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 8
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that the SecurityPin security requirements are met.
Solution: Using the Azure Portal, add Data Masking to the SecurityPin column, and exclude the dbo user. Add a SQL security policy with a filter predicate based on the user identity.
Does the solution meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 9
You must implement Application Insights instrumentation capabilities utilizing the Azure Mobile Apps SDK to provide meaningful analysis of user interactions with a mobile app.
You need to capture the data required to implement the Usage Analytics feature of Application Insights. Which three data values should you capture? Each correct answer presents part of the solution
NOTE: Each correct selection is worth one pant.

• A. Session Id
• B. Events
• C. User Id
• D. Exception
• E. Trace

Answer: ABC

NEW QUESTION 10
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it As a result these questions will not appear in the review screen.
You need to ensure that authentication events are triggered and processed according to the policy.
Solution: Create a new Azure Event Grid topic and add a subscription for the events. Does the solution meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Use a separate Azure Event Grid topics and subscriptions for sign-in and sign-out events.
Scenario: Authentication events are used to monitor users signing in and signing out. All authentication events must be processed by Policy service. Sign outs must be processed as quickly as possible.

NEW QUESTION 11
DRAG DROP
You need to add code at line PC32 in Processing.es to implement the GetCredentials method in the Processing class.
How should you complete the code? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 12
You need to provision and deploy the order workflow.
Which three components should you include? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point

• A. Workflow definition
• B. Connections
• C. Resources
• D. Functions
• E. On-premises Data Gateway

Answer: CDE

NEW QUESTION 13
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution. Determine whether the solution meets the stated goals. You need to meet the LabelMaket application
Solution; Create a conditional access policy and assign it to the Azure Kubernetes service cluster.
Does the solution meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Scenario: The LabelMaker applications must be secured by using an AAD account that has full access to all namespaces of the Azure Kubernetes Service (AKS) cluster.
Before an Azure Active Directory account can be used with the AKS cluster, a role binding or cluster role binding needs to be created.
References:
https://docs.microsoft.com/en-us/azure/aks/aad-integration

NEW QUESTION 14
HOTSPOT
You need to meet the security requirements for external partners. Which Azure Active Directory features should you use?
To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 15
You need to implement the e-commerce checkout API.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. In the Azure Function App, enable Manger Service Identity (MSI).
• B. Set the function template's Mode property to Webhook and the Webhook type property to Generic JSON
• C. Set the function template's Mode property to Webhook and the Webhook type property to GitHub.
• D. Create an Azure Function using the HTTP POST function template.
• E. In the Azure Function App, enable Cross-Origin Resource Sharing (CORS) with all origins permitted.
• F. Create an Azure Function using the Generic webhook function template.

Answer: CDF

Explanation:
Case Study: 2
Litware Inc
Overview
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference infonnation that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, dick the Next button Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overwiew Background
You are a developer for Litware Inc., a SaaS company that provides a solution for managing employee expenses. The solution consists of an ASP.NET Core Web API project that is deployed as an Azure Web App.
Overall architecture
Employees upload receipts for the system to process. When processing is complete, the employee receives a summary report email that details the processing results. Employees then use a web application to manage their receipts and perform any additional tasks needed for reimbursement
Receipt processing
Employees may upload receipts in two ways:
• Uploading using an Azure Files mounted folder
• Uploading using the web application Data Storage
Receipt and employee information is stored in an Azure SQL database.
Documentation
Employees are provided with a getting started document when they first use the solution. The documentation includes details on supported operating systems for Azure File upload, and instructions on how to configure the mounted folder.
Solution details Users table

Web Application
You enable MSI for the Web App and configure the Web App to use the security principal name,
Processing
Processing is performed by an Azure Function that uses version 2 of the Azure Function runtime. Once processing is completed, results are stored in Azure Blob. Storage and an Azure SQL database. Then, an email summary is sent to the user with a link to the processing report. The link to the report must remain valid if the email is forwarded to another user.
Requirements Receipt processing
Concurrent processing of a receipt must be prevented.
Logging
Azure Application Insights is used for telemetry and logging in both the processor and the web application. The processor also has Trace Writer logging enabled. Application Insights must always contain all log messages.
Disaster recovery
Regional outage must not impact application availability. All DR operations must not be dependent on application running and must ensure that data in the DR region is up to date.
Security
Users' SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins.
All certificates and secrets used to secure data must be stored in Azure Key Vault. You must adhere to the Least Privilege Principal.
All access to Azure Storage and Azure SQL database must use the application's Managed Service Identity (MSI).
Receipt data must always be encrypted at rest. All data must be protected in transit,
User's expense account number must be visible only to logged in users. All other views of the expense account number should include only the last segment, with the remaining parts obscured.
In the case of a security breach, access to all summary reports must be revoked without impacting other parts of the system.
Issues
Upload format issue
Employees occasionally report an issue with uploading a receipt using the web application. They report that when they upload a receipt using the Azure File Share,
the receipt does not appear in their profile. When this occurs, they delete the file in the file share and use the web application, which returns a 500 Internal Server error page.
Capacity issue
During busy periods, employees report long delays between the time they upload the receipt and when it appears in the web application.
Log capacity issue
Developers report that the number of log messages in the trace output for the processor is too high, resulting in lost log messages-
Application code Processing.cs


Database.cs

ReceiptUploader.cs

ConfigureSSE.ps1

NEW QUESTION 16
You need to implement the purchase requirement. What should you do?

• A. Use the Bot FrameworkREST API attachment operations to send the user's voice and the Speech Service API to recognize intents.
• B. Use the Direct line REST API to send the user's voice and the Speech Service API to recognize intents.
• C. Use the Speech Service API to send the user's voice and the Bot Framework REST API conversation operations to recognize intents.
• D. Use the Bot Framework REST API conversation operations to send the user's voice and the Speech Service API to recognize intents.

Answer: D

Explanation:
Scenario: Enable users to place an order for delivery or pickup by using their voice. You must develop a chatbot by using the Bot Builder SDK and Language Understanding Intelligence Service (LUIS). The chatbot must allow users to order food for pickup or delivery.
The Bot Framework REST APIs enable you to build bots that exchange messages with channels configured in the Bot Framework Portal, store and retrieve state data, and connect your own client applications to your bots. All Bot Framework services use industry-standard REST and JSON over HTTPS.
The Speech Service API is used to recognize intents. References:
https://docs.microsoft.com/en-us/azure/bot-service/rest-api/bot-framework-rest-connector-concepts?view=azure-bot-service-4.0
https://docs.microsoft.com/en-us/azure/cognitive-services/speech-service/how-to-recognize-intents-from-speech-cpp

NEW QUESTION 17
You need to ensure that the solution can meet the scaling requirements for Policy Service. Which Azure Application Insights data model should you use?

• A. an Application Insights metric
• B. an Application Insights dependency
• C. an Application Insights trace
• D. an Application Insights event

Answer: D

NEW QUESTION 18
DRAG DROP
You need to ensure that PolicyLib requirements are met.
How should you complete the code segment? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 19
HOTSPOT
You have an app that stores player scores for an online game. The app stores data in Azure tables using a class named PlayerScore as the table entity. The table is populated with 100,000 records.
You are reviewing the following section of code that is intended to retrieve 20 records where the player score exceeds 15,000. (Line numbers are included for reference only.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 20
You are developing an internal website for employees to view sensitive data. The website uses Azure Active Directory (AAD) for authentication. You need to implement multifactor authentication for the website.
What should you do? Each correct answer presents part of the solution. NOTE; Each correct selection is worth one point.

• A. In Azure AD, create a new conditional access policy.
• B. In Azure AD, enable application proxy.
• C. Configure the website to use Azure AD B2C.
• D. In Azure AD conditional access, enable the baseline policy.
• E. Upgrade to Azure AD Premium.

Answer: CE

NEW QUESTION 21
You need to resolve a notification latency issue.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point

• A. Ensure that the Azure Function is using an App Service plan.
• B. Set Always On to false
• C. Ensure that the Azure Function is set to use a consumption plan.
• D. Set Always On to true.

Answer: AD

Explanation:
Azure Functions can run on either a Consumption Plan or a dedicated App Service Plan. If you run in a dedicated mode, you need to turn on the Always On setting for your Function App to run properly. The Function runtime will go idle after a few minutes of inactivity, so only HTTP triggers will actually "wake up" your functions. This is similar to how WebJobs must have Always On enabled.
Scenario: Notification latency: Users report that anomaly detection emails can sometimes arrive several minutes after an anomaly is detected.
Anomaly detection service: You have an anomaly detection service that analyzes log information for anomalies. It is implemented as an Azure Machine Learning model. The model is deployed as a web service.
If an anomaly is detected, an Azure Function that emails administrators is called by using an HTTP WebHook.
References:
https://github.com/Azure/Azure-Functions/wiki/Enable-Always-On-when-running-on-dedicated-App-Service-Plan

NEW QUESTION 22
......