Microsoft Azure Integration and Security v1.0

Page:    1 / 7   
Exam contains 102 questions

You have an Azure Logic App named App1. App1 provides a response when an HTTP POST request or an HTTP GET request is received.
During peak periods, App1 is expected to receive up to 200,000 requests in a five-minute period.
You need to ensure that App1 can handle the expected load.
What should you configure?

  • A. Access control (IAM)
  • B. API connections
  • C. Workflow settings
  • D. Access keys C


Answer : Explanation

References:
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-limits-and-config#throughput-limits

DRAG DROP -
You have an on-premises network that includes a Microsoft SQL Server instance named SQL1.
You create an Azure Logic App named App1.
You need to ensure that App1 can query a database on SQL1.
Which three actions should you perform in sequence? To answer, drag the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:




Answer :

References:
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-gateway-connection

You have a Basic App Service plan named ASP1 that hosts an Azure App Service named App1.
You need to configure a custom domain and enable backups for App1.
What should you do first?

  • A. Configure a WebJob for App1.
  • B. Scale up ASP1.
  • C. Scale out ASP1.
  • D. Configure the application settings for App1. D


Answer : Explanation

You have an Azure App Service plan named AdatumASP1 that hosts several Azure web apps.
You discover that the web apps respond slowly.
You need to provide additional memory and CPU resources to each instance of the web app.
What should you do?

  • A. Scale out AdatumASP1.
  • B. Add continuous WebJobs that use the multi-instance scale.
  • C. Scale up AdatumASP1.
  • D. Add a virtual machine scale set. C


Answer : Explanation

References:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/app-service/web-sites-scale.md

HOTSPOT -
You have an Azure web app named App1 that has two deployment slots named Production and Staging. Each slot has the unique settings shown in the following table.


You perform a slot swap.
What are the configurations of the Production slot after the swap? To answer, select the appropriate options in the answer area.
: Each correction is worth one point.

NOTE -
Hot Area:



Answer :

Explanation:
Swapping the slots means the destination slot website URL will run source slot code with destination slot settings.

You have an Azure subscription named Subscription1.
In Subscription1, you create an Azure web app named WebApp1. WebApp1 will access an external service that requires certificate authentication.
You plan to require the use of HTTPS to access WebApp1.
You need to upload certificates to WebApp1.
In which formats should you upload the certificate? To answer, select the appropriate options in the answer area.
: Each correct selection is worth one point.

NOTE -
Hot Area:




Answer :

Explanation:
A PFX file contains the public key file (SSL Certificate) and its unique private key file. This is required for HTTPS access. The web app will distribute the public key (in a CER file) to clients that connect to the web app.
The CER file is an SSL Certificate which has the public key of the external service. The external service will have the private key associated with the public key contained in the CER file.

You have an Azure web app named App1 that streams video content to users. App1 is located in the East US Azure region.
Users in North America stream the video content without any interruption.
Users in Asia and Europe report that the video buffer often and do not play back smoothly.
You need to recommend a solution to improve video streaming to the European and Asian users.
What should you recommend?

  • A. Scale out the App Service plan.
  • B. Scale up the App Service plan.
  • C. Configure an Azure Content Delivery Network (CDN) endpoint.
  • D. Configure Azure File Sync. C


Answer : Explanation

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an
Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a

All -
question, click the Question button to return to the question.

Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The Montreal office has 2,000 employees. The Seattle office has 1,000 employees. The New York office has 200 employees.
All the resources used by Contoso are hosted on-premises.
Contoso creates a new Azure subscription. The Azure Active Directory (Azure AD) tenant uses a domain named contoso.onmicrosoft.com. The tenant uses the P1 pricing tier.

Existing Environment -
The network contains an Active Directory forest named contoso.com. All domain controllers are configured as DNS servers and host the contoso.com DNS zone.
Contoso has finance, human resources, sales, research, and information technology departments. Each department has an organizational unit (OU) that contains all the accounts of that respective department. All the user accounts have the department attribute set to their respective department. New users are added frequently.
Contoso.com contains a user named User1.
All the offices connect by using private links.
Contoso has data centers in the Montreal and Seattle offices. Each data center has a firewall that can be configured as a VPN device.
All infrastructure servers are virtualized. The virtualization environment contains the servers in the following table.


Contoso uses two web applications named App1 and App2. Each instance on each web application requires 1GB of memory.
The Azure subscription contains the resources in the following table.

The network security team implements several network security groups (NSGs).

Planned Changes -
Contoso plans to implement the following changes:
Deploy Azure ExpressRoute to the Montreal office.
Migrate the virtual machines hosted on Server1 and Server2 to Azure.
Synchronize on-premises Active Directory to Azure Active Directory (Azure AD).
Migrate App1 and App2 to two Azure web apps named WebApp1 and WebApp2.

Technical requirements -
Contoso must meet the following technical requirements:
Ensure that WebApp1 can adjust the number of instances automatically based on the load and can scale up to five instances.
Ensure that VM3 can establish outbound connections over TCP port 8080 to the applications servers in the Montreal office.
Ensure that routing information is exchanged automatically between Azure and the routers in the Montreal office.
Ensure Azure Multi-Factor Authentication (MFA) for the users in the finance department only.
Ensure that webapp2.azurewebsites.net can be accessed by using the name app2.contoso.com
Connect the New York office to VNet1 over the Internet by using an encrypted connection.
Create a workflow to send an email message when the settings of VM4 are modified.

Create a custom Azure role named Role1 that is based on the Reader role.
Minimize costs whenever possible.

You need to meet the technical requirement for VM4.
What should you create and configure?

  • A. an Azure Notification Hub
  • B. an Azure Event Hub
  • C. an Azure Logic App
  • D. an Azure Service Bus B


Answer : Explanation

Explanation:
Scenario: Create a workflow to send an email message when the settings of VM4 are modified.
You can start an automated logic app workflow when specific events happen in Azure resources or third-party resources. These resources can publish those events to an Azure event grid. In turn, the event grid pushes those events to subscribers that have queues, webhooks, or event hubs as endpoints. As a subscriber, your logic app can wait for those events from the event grid before running automated workflows to perform tasks - without you writing any code.
References:
https://docs.microsoft.com/en-us/azure/event-grid/monitor-virtual-machine-changes-event-grid-logic-app

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studied might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changed before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. Note that the information displayed on the All information tab is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
ADatum Corporation is a financial company that has two main offices in New York and Los Angeles. ADatum has a subsidiary named Fabrikam, Inc. that shares the Los Angeles office.
ADatum is conducting an initial deployment of Azure services to host new line-of-business applications and is preparing to migrate its existing on-premises workloads to Azure.
ADatum uses Microsoft Exchange Online for email.

Existing Environment -

On-Premises Environment -
The on-premises workloads run on virtual machines hosted in a VMware vSphere 6 infrastructure. All the virtual machines are members of an Active Directory forest named adatum.com and run Windows Server 2016.
The New York office uses an IP address space of 10.0.0.0/16. The Los Angeles office uses an IP address space of 10.10.0.0/16.
The offices connect by using a VPN provided by an ISP. Each office has one Azure ExpressRoute circuit that provides access to Azure services and Microsoft
Online Services. Routing is implemented by using Microsoft peering.
The New York office has a virtual machine named VM1 that has the vSphere console installed.

Azure Environment -
You provision the Azure infrastructure by using the Azure portal. The infrastructure contains the resources shown in the following table.


AG1 has two backend pools named Pool11 and Pool12. AG2 has two backend pools named Pool21 and Pool22.

Requirements -

Planned Changes -
ADatum plans to migrate the virtual machines from the New York office to the East US Azure region by using Azure Site Recovery.

Infrastructure Requirements -
ADatum identifies the following infrastructure requirements:
A new web app named App1 that will access third-parties for credit card processing must be deployed.
A newly developed API must be implemented as an Azure function named App2. App2 will use a blob storage trigger. App2 must process new blobs immediately.
The Azure infrastructure and the on-premises infrastructure must be prepared for the migration of the VMware virtual machines to Azure.
The sizes of the Azure virtual machines that will be used to migrate the on-premises workloads must be identified.
All migrated and newly deployed Azure virtual machines must be joined to the adatum.com domain.
AG1 must load balance incoming traffic in the following manner:
http://corporate.adatum.com/video/* will be load balanced across Pool11.
http://corporate.adatum.com/images/* will be load balanced across Pool12.
AG2 must load balance incoming traffic in the following manner:
http://www.adatum.com will be load balanced across Pool21.
http://fabrikam.com will be load balanced across Pool22.
ER1 must route traffic between the New York office and platform as a service (PaaS) services in the East US Azure region, as long as ER1 is available.

ER1 must route traffic between the Los Angeles office and the PaaS services in the West US region, as long as ER2 is available.
ER1 and ER2 must be configured to fail over automatically.

Application Requirements -
App2 must be available to connect directly to the private IP addresses of the Azure virtual machines. App2 will be deployed directly to an Azure virtual network.
Inbound and outbound communications to App1 must be controlled by using NSGs.

Pricing Requirements -
ADatum identifies the following pricing requirements:
The cost of App1 and App2 must be minimized
The transactional charges of Azure Storage accounts must be minimized

You need to recommend an environment for the deployment of App1.
What should you recommend?

  • A. a new App Service plan that uses the P3v2 pricing tier
  • B. ASE1 and an App Service plan that uses the I1 pricing tier
  • C. ASE1 and an App Service plan that uses the I3 pricing tier
  • D. a new App Service plan that uses the S1 pricing tier B


Answer : Explanation

References:
https://docs.microsoft.com/en-us/azure/app-service/environment/app-service-app-service-environment-control-inbound-traffic

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studied might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changed before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. Note that the information displayed on the All information tab is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
ADatum Corporation is a financial company that has two main offices in New York and Los Angeles. ADatum has a subsidiary named Fabrikam, Inc. that shares the Los Angeles office.
ADatum is conducting an initial deployment of Azure services to host new line-of-business applications and is preparing to migrate its existing on-premises workloads to Azure.
ADatum uses Microsoft Exchange Online for email.

Existing Environment -

On-Premises Environment -
The on-premises workloads run on virtual machines hosted in a VMware vSphere 6 infrastructure. All the virtual machines are members of an Active Directory forest named adatum.com and run Windows Server 2016.
The New York office uses an IP address space of 10.0.0.0/16. The Los Angeles office uses an IP address space of 10.10.0.0/16.
The offices connect by using a VPN provided by an ISP. Each office has one Azure ExpressRoute circuit that provides access to Azure services and Microsoft
Online Services. Routing is implemented by using Microsoft peering.
The New York office has a virtual machine named VM1 that has the vSphere console installed.

Azure Environment -
You provision the Azure infrastructure by using the Azure portal. The infrastructure contains the resources shown in the following table.


AG1 has two backend pools named Pool11 and Pool12. AG2 has two backend pools named Pool21 and Pool22.

Requirements -

Planned Changes -
ADatum plans to migrate the virtual machines from the New York office to the East US Azure region by using Azure Site Recovery.

Infrastructure Requirements -
ADatum identifies the following infrastructure requirements:
A new web app named App1 that will access third-parties for credit card processing must be deployed.
A newly developed API must be implemented as an Azure function named App2. App2 will use a blob storage trigger. App2 must process new blobs immediately.
The Azure infrastructure and the on-premises infrastructure must be prepared for the migration of the VMware virtual machines to Azure.
The sizes of the Azure virtual machines that will be used to migrate the on-premises workloads must be identified.
All migrated and newly deployed Azure virtual machines must be joined to the adatum.com domain.
AG1 must load balance incoming traffic in the following manner:
http://corporate.adatum.com/video/* will be load balanced across Pool11.
http://corporate.adatum.com/images/* will be load balanced across Pool12.
AG2 must load balance incoming traffic in the following manner:
http://www.adatum.com will be load balanced across Pool21.
http://fabrikam.com will be load balanced across Pool22.
ER1 must route traffic between the New York office and platform as a service (PaaS) services in the East US Azure region, as long as ER1 is available.

ER1 must route traffic between the Los Angeles office and the PaaS services in the West US region, as long as ER2 is available.
ER1 and ER2 must be configured to fail over automatically.

Application Requirements -
App2 must be available to connect directly to the private IP addresses of the Azure virtual machines. App2 will be deployed directly to an Azure virtual network.
Inbound and outbound communications to App1 must be controlled by using NSGs.

Pricing Requirements -
ADatum identifies the following pricing requirements:
The cost of App1 and App2 must be minimized
The transactional charges of Azure Storage accounts must be minimized


HOTSPOT -
You need to implement App2 to meet the application requirements.
What should you include in the implementation? To answer, select the appropriate options in the answer area.
Each correct selection is worth one point.
NOTE:
Hot Area:



Answer :

Explanation:
-> A newly developed API must be implemented as an Azure function named App2. App2 will use a blob storage trigger. App2 must process new blobs immediately.
This requires “Always Onâ€.
-> The cost of App1 and App2 must be minimized
The Standard pricing tier is the cheapest tier that supports Always On.

You have a Microsoft SQL Server Always On availability group on Azure virtual machines.
You need to configure an Azure internal load balancer as a listener for the availability group.
What should you do?

  • A. Enable Floating IP.
  • B. Set Session persistence to Client IP and protocol.
  • C. Set Session persistence to Client IP.
  • D. Create an HTTP health probe on port 1433. A


Answer : Explanation

Explanation:
Incorrect Answers:
D: The Health probe is created with the TCP protocol, not with the HTTP protocol.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sql/virtual-machines-windows-portal-sql-alwayson-int-listener

SIMULATION -
This is a lab or performance-based testing (PBT) section.
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please, note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

To start the lab -
You may start lab by clicking the Next button

Tasks -

Click to expand each objective -
To connect to the Azure portal, type https:/portal.azure.com in the browser address bar.
Another administrator reports that she is unable to configure a web app named corplod7509086n3 to prevent all connections from an IP address of 11.0.0.11.
You need to modify corplod7509086n3 to successfully prevent the connections from the IP address. The solution must minimize Azure-related costs.
What should you do from the Azure portal?
See explanation below.



Answer : Explanation

Explanation:
Step 1:
Find and select application corplod7509086n3:
1. In the Azure portal, on the left navigation panel, click Azure Active Directory.
2. In the Azure Active Directory blade, click Enterprise applications.
Step 2:
To add an IP restriction rule to your app, use the menu to open Network>IP Restrictions and click on Configure IP Restrictions


Step 3:

Click Add rule -
You can click on [+] Add to add a new IP restriction rule. Once you add a rule, it will become effective immediately.

Step 4:
Add name, IP address of 11.0.0.11, select Deny, and click Add Rule

References:
https://docs.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions

SIMULATION -
This is a lab or performance-based testing (PBT) section.
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please, note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

To start the lab -
You may start lab by clicking the Next button

Tasks -

Click to expand each objective -
To connect to the Azure portal, type https:/portal.azure.com in the browser address bar.
You plan to deploy an application gateway named appgw1015 to load balance internal IP traffic to the Azure virtual machines connected to subnet0.
You need to configure a virtual network named VNET1015 to support the planned application gateway.
What should you do from the Azure portal?
See explanation below.



Answer : Explanation

Explanation:
Step 1:
Click Networking, Virtual Network, and select VNET1015.
Step 2:
Click Subnets, and Click +Add on the VNET1015 - Subnets pane that appears.
Step 3:
On the Subnets page, click +Gateway subnet at the top to open the Add subnet page.


Step 4:
Locate subnet0 and add it.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

SIMULATION -
This is a lab or performance-based testing (PBT) section.
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please, note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

To start the lab -
You may start lab by clicking the Next button

Tasks -

Click to expand each objective -
To connect to the Azure portal, type https:/portal.azure.com in the browser address bar.
You need to deploy an application gateway named appgw1015 to meet the following requirements:
Load balance internal IP traffic to the Azure virtual machines connected to subnet0. Provide a Service Level Agreement (SLA) of 99.99 percent availability for the
Azure virtual machines.
What should you from the Azure portal?
See explanation below.



Answer : Explanation

Explanation:
Step 1:
Click New found on the upper left-hand corner of the Azure portal.
Step 2:
Select Networking and then select Application Gateway in the Featured list.
Step 3:
Enter these values for the application gateway:
appgw1015 - for the name of the application gateway.

SKU Size: Standard_V2 -
The new SKU [Standard_V2] offers autoscaling and other critical performance enhancements.


Step 4:
Accept the default values for the other settings and then click OK.
Step 5:
Click Choose a virtual network, and select subnet0.
References:
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-create-gateway-portal

SIMULATION -
This is a lab or performance-based testing (PBT) section.
The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please, note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

To start the lab -
You may start lab by clicking the Next button

Tasks -

Click to expand each objective -
To connect to the Azure portal, type https:/portal.azure.com in the browser address bar.
You need to deploy an Azure load balancer named lb1016 to your Azure subscription. The solution must meet the following requirements:
-> Support the load balancing of IP traffic from the Internet to Azure virtual machines connected to VNET1016\subnet0.
-> Provide a Service Level Agreement (SLA) of 99.99 percent availability for the Azure virtual machines.
Minimize Azure-related costs.


What should you do from the Azure portal?
To complete this task, you do NOT need to wait for the deployment to complete. Once the deployment starts in Azure, you can move to the next task.
See explanation below.



Answer : Explanation

Explanation:
Step 1:
On the top left-hand side of the screen, click Create a resource > Networking > Load Balancer.
Step 2:
In the Create a load balancer page enter these values for the load balancer: myLoadBalancer - for the name of the load balancer.
Internal - for the type of the load balancer.
Basic - for SKU version.
Microsoft guarantees that apps running in a customer subscription will be available 99.99% of the time.
VNET1016\subnet0 - for subnet that you choose from the list of existing subnets.
Step 3: Accept the default values for the other settings and click Create to create the load balancer.

Page:    1 / 7   
Exam contains 102 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us