Professional Documents
Culture Documents
134q
Number: 70-535
Passing Score: 800
Time Limit: 120 min
https://www.gratisexam.com/
70-535
https://www.gratisexam.com/
Testlet 1
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may
be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in
the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and
other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this
case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answer and to make changes before you move to the next section
of the exam. After you begin a new section, you cannot return to this section.
Background
Security
The security team at Tailspin Toys plans to eliminate legacy authentication methods that are in use, including NTLM and Windows pass-through authentication.
Tailspin Toys needs to share resources with several business partners. You are investigating options to securely share corporate data.
Tailspin Toys has several databases that contain personally identifiable information (PII). User access PII only through the Tailspin Toys e-commerce website.
You secure apps by using on-premises Active Directory Domain Services (AD DS) credentials or Microsoft SQL Server logins.
Apps
The Tailspin Toys e-commerce site is hosted on multiple on-premises virtual machines (VMs). The VM runs either Internet Information Server (IIS) or SQL Server
2012 depending on role. The site is published to the Internet by using a single endpoint that balances the load across web servers. The site does not encrypt traffic
between database servers and web servers.
The Tailspin Toys Customer Analyzer app analyzes e-commerce transactions to identify customer buying patterns, and outputs recommended product sale pricing.
The app runs large processing jobs that run for 75-120 minutes several times each day. The application development team plans to replace the current solution with
a parallel processing solution that scales based on computing demands.
The Tailspin Toys Human Resources (HR) app is an in-house developed app that hosts sensitive employee data. The app uses SQL authentication for Role-Based
Access Control (RBAC).
https://www.gratisexam.com/
Problem statement
The Tailspin Toys IT Leadership Team plans to address deficiencies in access control, data security, performance, and availability requirements. All applications
must be updated to meet any new standards that are defined.
The Tailspin Toys e-commerce site was recently targeted by a cyberattack. In the attack, account information was stolen from the customer database. Transactions
that were in progress during the attack were not completed. Forensic investigation of the attack has revealed that the stolen customer data was captured in-transit
from the database to a compromised web server.
The HR team reports that unauthorized IT employees can view sensitive employee data by using service or application accounts.
Business Requirements
Technical Requirements
Security
The security team has established the following requirements for role-separation and RBAC:
Log on hours defined in AD DS must be enforced for users that access cloud resources.
IT operations team members must be able to deploy and manage all resources in Azure, but must not be able to grant permissions to others.
Application development team members must be able to deploy and manage Azure Web Apps.
SQL database administrators must be able to deploy and manage SQL databases used by TailSpin Toys applications.
Application support analysts must be able to manage resources for the application(s) for which they are responsible.
Service desk analysts must be able to view service status and component settings.
Role assignment should use the principle of least privilege.
https://www.gratisexam.com/
Allow secure web traffic on port 443 only.
Enable customers to authentication with Facebook, Microsoft Live ID or other social media identities.
Encrypt SQL data at-rest.
Encrypt data in motion between back-end SQL database instances and web application instances.
Prevent administrator and service accounts from viewing PII data.
Mask account and PII data presented to end user.
Minimize outage duration in event of an Azure datacenter failure.
The site should scale automatically to meet customer demand.
The site should continue to serve requests, even in the event of failure of an Azure datacenter.
Optimize site response time by auto-directing to the closest datacenter based on customer's geographic location.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
QUESTION 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
https://www.gratisexam.com/
You need to recommend a solution architecture for the Tailspin Toys e-commerce website for app tier, data tier, and user authentication.
Solution:
Web App hosted in Azure virtual machines
App data stored in Azure SQL Server 2016, hosted in Azure virtual machines
Authentication provided through Azure AD business-to-consumer (B2C)
Solution deployed to multiple Azure regional datacenters
Load balancing with Azure Traffic Manager
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to recommend a solution architecture for the Tailspin Toys e-commerce website for app tier, data tier, and user authentication.
Solution:
Mobile App based on Azure App Service
App data stored in DocumentDB
Authentication provided through Azure AD business-to-business (B2B)
Solution deployed to multiple Azure regional datacenters
Load balancing with a virtual appliance
https://www.gratisexam.com/
https://www.gratisexam.com/
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 3
You need to select Azure components to meet site performance and availability requirements for the Tailspin Toys e-commerce site.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Explanation:
You can use Azure Traffic Manager to control how requests from web clients are distributed to apps in Azure App Service. When App Service endpoints are added
to an Azure Traffic Manager profile, Azure Traffic Manager keeps track of the status of your App Service apps (running, stopped, or deleted) so that it can decide
which of those endpoints should receive traffic.
Scenario: The site must be highly available at each application tier, as well as the published endpoint.
https://www.gratisexam.com/
Reference: https://docs.microsoft.com/en-us/azure/app-service/web-sites-traffic-manager
QUESTION 4
You need to select an Azure compute provider for the Tailspin Toys Customer Analyzer app.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Azure virtual machine scale sets let you create and manage a group of identical, load balanced VMs. The number of VM instances can automatically increase or
decrease in response to demand or a defined schedule. Scale sets provide high availability to your applications, and allow you to centrally manage, configure, and
update a large number of VMs. With virtual machine scale sets, you can build large-scale services for areas such as compute, big data, and container workloads.
Scenario: The Tailspin Toys Customer Analyzer app analyzes e-commerce transactions to identify customer buying patterns, and outputs recommended product
sale pricing. The app runs large processing jobs that run for 75-120 minutes several times each day. The application development team plans to replace the current
solution with a parallel processing solution that scales based on computing demands.
Reference: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview
QUESTION 5
You need to select an Azure identity provider for the Tailspin Toys e-commerce website.
Correct Answer: A
https://www.gratisexam.com/
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Azure Active Directory (Azure AD) B2C is an identity management service that enables you to customize and control how customers sign up, sign in, and manage
their profiles when using your applications. This includes applications developed for iOS, Android, and .NET, among others. Azure AD B2C enables these actions
while protecting your customer identities at the same time.
For instance, a B2C sign-up policy allows you to control behaviors by configuring the following settings:
Social accounts that the customer can use to sign up for the application
Scenario: Customers must be able to authenticate to the e-commerce site with their existing social media accounts.
Reference: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-overview
QUESTION 6
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to recommend a solution architecture for the Tailspin Toys e-commerce website for app tier, data tier, and user authentication.
Solution:
Web site based on Azure App Service
App data stored in Azure SQL Database
Authentication provided through Azure AD business-to-business (B2B)
Solution deployed to multiple Azure regional datacenters
Load balancing with Azure Traffic Manager
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
https://www.gratisexam.com/
Explanation:
Authentication should be provided through Azure AD business-to-consumer (B2C), not through Azure AD business-to-business (B2B).
QUESTION 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to recommend a solution architecture for the Tailspin Toys e-commerce website for app tier, data tier, and user authentication.
Solution:
Mobile App based on Azure App Service
App data stored in CosmosDB
Authentication provided through Azure AD business-to-business (B2B)
Solution deployed to multiple Azure regional datacenters
Load balancing with a virtual appliance
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
https://www.gratisexam.com/
Testlet 1
Overview
VanArsdel, Ltd. builds skyscrapers, subways, and bridges.
VanArsdel employees are able to use their own mobile devices for work activities because the company recognizes that this usage enables employee productivity.
Employees also access Software as a Service (SaaS) applications, including DocuSign, Dropbox, and Citrix.
The company continues to evaluate and adopt more SaaS applications for its business.
VanArsdel uses Azure Active Directory (AD) to authenticate its employees, as well as Multi-Factor Authentication (MFA). Management enjoys the ease with which
MFA can be enabled and disabled for employees who use cloud-based services.
Helpdesk:
VanArsdel creates a helpdesk group to assist its employees. The company sends email messages to all its employees about the helpdesk group and how to
contact it. Configuring employee access for SaaS applications is often a time-consuming task.
It is not always obvious to the helpdesk group which users should be given access to which SaaS applications. The helpdesk group must respond to many phone
calls and email messages to solve this problem, which takes up valuable time.
However, many employees do not work with the helpdesk group to solve their access problems. Instead, these employees contact their co-workers or managers to
find someone who can help them. Also, new employees are not always told to contact the helpdesk group for access problems. Some employees report that they
cannot see the applications in the Access Panel that they have access to. Some employees report that they must re-enter their passwords when they access cloud
applications, even though they have already authenticated.
Customer Support
VanArsdel wants a mobile app for customer profile registration and feedback.
The company would like to keep track of all its previous, current, and future customers worldwide. A profile system using third-party authentication is required as
well as feedback and support sections for the mobile app.
https://www.gratisexam.com/
Migration:
VanArsdel plans to migrate several virtual machine (VM) workloads into Azure.
They also plan to extend their on-premises Active Directory into Azure for mobile app authentication.
Business Requirements
Hybrid Solution:
A single account and credentials for both on-premises and cloud applications Certain applications that are hosted both in Azure and on-site must be accessible
to both VanArsdel employees and partners.
The service level agreement (SLA) for the solution requires an uptime of 99.9%.
The partners all use Hotmail.com email addresses.
Mobile App:
VanArsdel requires a mobile app for project managers on construction job sites.
The mobile app has the following requirements:
The app must display partner information.
The app must alert project managers when changes to the partner information occur.
The app must display project information including an image gallery to view pictures of construction projects.
Project managers must be able to access the information remotely and securely.
Security:
VanArsdel must control access to its resources to ensure sensitive services and information are accessible only by authorized users and/or managed devices.
Employees must be able to securely share data, based on corporate policies, with other VanArsdel employees and with partners who are located on construction
job sites.
VanArsdel management does NOT want to create and manage user accounts for partners.
Technical Requirements
Architecture:
VanArsdel requires a non-centralized stateless architecture fonts data and services where application, data, and computing power are at the logical extremes of
the network.
VanArsdel requires separation of CPU storage and SQL services
Data Storage:
VanArsdel needs a solution to reduce the number of operations on the contractor information table. Currently, data transfer rates are excessive, and queue
length for read/write operations affects performance.
A mobile service that is used to access contractor information must have automatically scalable, structured storage
Images must be stored in an automatically scalable, unstructured form.
Mobile Apps:
VanArsdel mobile app must authenticate employees to the company's Active Directory. Event-triggered alerts must be pushed to mobile apps by using a custom
Node.js script.
https://www.gratisexam.com/
The customer support app should use an identity provider that is configured by using the Access Control Service for current profile registration and
authentication.
The customer support team will adopt future identity providers that are configured through Access Control Service.
Security:
Active Directory Federated Server (AD FS) will be used to extend AD into Azure. Helpdesk administrators must have access to only the groups of Azure
resources they are responsible for.
Azure administration will be performed by a separate group. IT administrative overhead must be minimized.
Permissions must be assigned by using Role Based Access Control (RBAC). Line of business applications must be accessed securely.
QUESTION 1
You need to design the system that alerts project managers to data changes in the contractor information app.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Scenario:
Mobile Apps: Event-triggered alerts must be pushed to mobile apps by using a custom Node.js script.
The service level agreement (SLA) for the solution requires an uptime of 99.9%
If you are already using Azure Storage Blobs or Tables and you start using queues, you are guaranteed 99.9% availability. If you use Blobs or Tables with Service
Bus queues, you will have lower availability.
Note: Microsoft Azure supports two types of queue mechanisms: Azure Queues and Service Bus Queues.
Azure Queues, which are part of the Azure storage infrastructure, feature a simple REST- based Get/Put/Peek interface, providing reliable, persistent
messaging within and between services.
Service Bus queues are part of a broader Azure messaging infrastructure that supports queuing as well as publish/subscribe, Web service remoting, and
integration patterns.
References: https://msdn.microsoft.com/en-us/library/azure/hh767287.aspx
QUESTION 2
https://www.gratisexam.com/
You need to recommend a solution that allows partners to authenticate.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Scenario: The partners all use Hotmail.com email addresses.
In Microsoft Azure Active Directory Access Control (also known as Access Control Service or ACS), an identity provider is a service that authenticates user or client
identities and issues security tokens that ACS consumes.
The ACS Management Portal provides built-in support for configuring Windows Live ID as an ACS Identity Provider.
Incorrect Answers:
C, D: VanArsdel management does NOT want to create and manage user accounts for partners.
References: https://msdn.microsoft.com/en-us/library/azure/gg185971.aspx
QUESTION 3
You are designing a plan to deploy a new application to Azure.
https://www.gratisexam.com/
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
A Microsoft cloud service administrator who wants to provide their Azure Active Directory (AD) users with sign-on validation can use a SAML 2.0 compliant SP-Lite
profile based Identity Provider as their preferred Security Token Service (STS) / identity provider. This is useful where the solution implementer already has a user
directory and password store on-premises that can be accessed using SAML 2.0. This existing user directory can be used for sign-on to Office 365 and other Azure
AD-secured resources.
References: https://msdn.microsoft.com/en-us/library/azure/dn641269.aspx?f=255&MSPPError=-2147217396
QUESTION 4
You need to prepare the implementation of data storage for the contractor information app.
https://www.gratisexam.com/
C. Create a Cloud Service and a Deployment group. Implement Entity Group transactions.
D. Create a Deployment group and a Mobile Service. Implement multiple data partitions.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Scenario:
VanArsdel needs a solution to reduce the number of operations on the contractor information table. Currently, data transfer rates are excessive, and queue
length for read/write operations affects performance.
https://www.gratisexam.com/
A mobile service that is used to access contractor information must have automatically scalable, structured storage
The basic unit of deployment and scale in Azure is the Cloud Service.
References: https://msdn.microsoft.com/en-us/library/azure/dd894038.aspx
QUESTION 5
You need to ensure that users do not need to re-enter their passwords after they authenticate to cloud applications for the first time.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access
to all systems without being prompted to log in again at each of them.
References: http://en.wikipedia.org/wiki/Single_sign-on
QUESTION 6
You need to recommend a business continuity and disaster recovery solution for all the existing line of business applications.
https://www.gratisexam.com/
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
https://www.gratisexam.com/
Testlet 1
Background
Overview
Contoso, Ltd., manufactures and sells golf clubs and golf balls. Contoso also sells golf accessories under the Contoso Golf and Odyssey brands worldwide.
Most of the company's IT infrastructure is located in the company's Carlsbad, California, headquarters. Contoso also has a sizable third-party colocation datacenter
that costs the company USD $30,000 to $40,000 a month. Contoso has other servers scattered around the United States.
Infrastructure
Contoso's datacenters are filled with dozens of smaller web servers and databases that run on under-utilized hardware. This creates issues for data backup.
Contoso currently backs up data to tape by using System Center Data Protection Manager. System Center Operations Manager is not deployed in the enterprise.
All of the servers are expensive to acquire and maintain, and scaling the infrastructure takes significant time. Contoso conducts weekly server maintenance, which
causes downtime for some of its global offices. Special events, such as high-profile golf tournaments, create a large increase in site traffic. Contoso has difficulty
scaling the web- hosting environment fast enough to meet these surges in site traffic.
Contoso has resellers and consumers in Japan and China. These resellers must use applications that run in a datacenter that is located in the state of Texas, in the
United States. Because of the physical distance, the resellers experience slow response times and downtime.
Business Requirements
Management
Web servers and databases must automatically apply updates to the operating system and products.
Automatically monitor the health of worldwide sites, databases, and virtual machines.
Automatically back up the website and databases.
Manage hosted resources by using on- premises tools.
Performance
The management team would like to centralize data backups and eliminate the use of tapes.
The website must automatically scale without code changes or redeployment. Support changes in service tier without reconfiguration or redeployment. Site-hosting
must automatically scale to accommodate data bandwidth and number of connections.
https://www.gratisexam.com/
Scale databases without requiring migration to a larger server. Migrate business critical applications to Azure. Migrate databases to the cloud and centralize
databases where possible.
Business Continuity
Minimize downtime in the event of regional disasters. Recover data if unintentional modifications or deletions are discovered. Run the website on multiple web
server instances to minimize downtime and support a high service level agreement (SLA).
Connectivity
Allow enterprise web services to access data and other services located on- premises. Provide and monitor lowest latency possible to website visitors. Automatically
balance traffic among all web servers. Provide secure transactions for users of both legacy and modern browsers. Provide automated auditing and reporting of web
servers and databases.
Development Environment
You identify the following requirements for the development environment:
Support the current development team's knowledge of Microsoft web development and SQL Service tools.
Support building experimental applications by using data from the Azure deployment and on-premises data sources.
Mitigate the need to purchase additional tools for monitoring and debugging.
System designers and architects must be able to create custom Web APIs without requiring any coding.
Support automatic website deployment from source control.
Support automated build verification and testing to mitigate bugs introduced during builds.
Manage website versions across all deployments.
Ensure that website versions are consistent across ail deployments.
Technical Requirement
Management
Use build automation to deploy directly from Visual Studio.
Use build-time versioning of assets and builds/releases.
Automate common IT tasks such as VM creation by using Windows PowerShell workflows.
Use advanced monitoring features and reports of workloads in Azure by using existing Microsoft tools.
Performance
Websites must automatically load balance across multiple servers to adapt to varying traffic. In production, websites must run on multiple instances. First-time
published websites must be published by using Visual Studio and scaled to a single instance to test publishing.
https://www.gratisexam.com/
Data storage must support automatic load balancing across multiple servers. Websites must adapt to wide increases in traffic during special events. Azure virtual
machines (VMs) must be created in the same datacenter when applicable.
Business Continuity
Automatically co-locate data and applications in different geographic locations. Provide real-time reporting of changes to critical data and binaries. Provide real-time
alerts of security exceptions. Unwanted deletions or modifications of data must be reversible for up to one month, especially in business critical applications and
databases. Any cloud-hosted servers must be highly available.
Enterprise Support
The solution must use stored procedures to access on-premises SQL Server data from Azure. A debugger must automatically attach to websites on a weekly basis.
The scripts that handle the configuration and setup of debugging cannot work if there is a delay in attaching the debugger.
QUESTION 1
You need to recommend a solution for publishing one of the company websites to Azure and configuring it for remote debugging.
Which two actions should you perform? Each correct answer presents part of the solution.
Correct Answer: AE
Section: [none]
Explanation
Explanation/Reference:
You can also remotely debug your Windows Azure Web Site with Visual Studio 2012, but you’ll need to configure a few things manually for now. We are working to
bring the same experience for remote debugging to Visual Studio 2012 but we are not there yet. For now you can use the steps below for Visual Studio 2012.
1. In the Windows Azure Management Portal, go to the Configure tab for your web site, and then scroll down to the Site Diagnostics section
2. Set Remote Debugging to On, and set Remote Debugging Visual Studio Version to 2012 image (E)
3. In the Visual Studio Debug menu, click Attach to Process
4. In the Qualifier box, enter the URL for your web site, without the http:// prefix
5. Select Show processes from all users
6. When you’re prompted for credentials, enter the user name and password that has permissions to publish the web site. To get these credentials, go to the
Dashboard tab for your web site in the management portal and click Download the publish profile. Open the file in a text editor, and you’ll find the user name and
password after the first occurrences of userName= and userPWD=.
https://www.gratisexam.com/
7. When the processes appear in the Available Processes table, select w3wp.exe, and then click Attach. (A)
8. Open a browser to your site URL.
References: https://blogs.msdn.microsoft.com/webdev/2013/11/04/remote-debugging-a-window-azure-web-site-with-visual-studio-2013/
QUESTION 2
You need to configure availability for the virtual machines that the company is migrating to Azure.
https://www.gratisexam.com/
A. Traffic Manager
B. Express Route
C. Update Domains
D. Cloud Services
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Each virtual machine in your availability set is assigned an update domain and a fault domain by the underlying Azure platform. For a given availability set, five non-
user-configurable update domains are assigned by default (Resource Manager deployments can then be increased to provide up to 20 update domains) to indicate
groups of virtual machines and underlying physical hardware that can be rebooted at the same time.
References: https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-manage-availability/
QUESTION 3
You need to recommend a data storage solution that meets the business continuity requirements.
Which two features should you recommend? Each correct answer presents part of the solution.
https://www.gratisexam.com/
C. SQL Database Premium
D. Azure Virtual Machines
Correct Answer: AB
Section: [none]
Explanation
Explanation/Reference:
From scenario:
Business Continuity
Minimize downtime in the event of regional disasters. Recover data if unintentional modifications or deletions are discovered. Run the website on multiple web
server instances to minimize downtime and support a high service level agreement (SLA).
https://www.gratisexam.com/
Testlet 1
Background
Overview
Northwind Electric Cars is the premier provider of private, low-cost transportation in Denver. Northwind drivers are company employees who work together as a
team. The founding partners believe that by hiring their drivers as employees, their drivers focus on providing a great customer experience. Northwind Electric Cars
has a reputation for offering fast, reliable, and friendly service, due largely to their extensive network of drivers and their proprietary dispatching software named
NorthRide.
Northwind Electric Cars drivers depend on frequent, automatic updates for the NorthRide mobile app. The Northwind management team is concerned about
unplanned system downtime and slow connection speeds caused by high usage. Additionally, Northwind's in- house data storage solution is unsustainable because
of the new influx of customer data that is retained. Data backups are made periodically on DVDs and stored on-premises at corporate headquarters.
Apps
NorthRide App
Northwind drivers use the NorthRide app to meet customer pickup requests. The app uses a GPS transponder in each Northwind vehicle and Bing Maps APIs to
monitor the location of each vehicle in the fleet in real time. NorthRide allows Northwind dispatchers to optimize their driver coverage throughout the city.
When new customers call, the dispatcher enters their pickup locations into NorthRide. NorthRide identifies the closest available driver. The dispatcher then contacts
the driver with the pick-up details. This process usually results in a pick-up time that is far faster than the industry average. Drivers use NorthRide to track the
number of miles they drive and the number of customers they transport. Drivers also track their progress towards their established goals, which are measured by
using key performance indicators (KPIs).
To support the growth of the business, Northwind's development team completes an overhaul of the NorthRide system that it has named NorthRide 2.0. When a
dispatcher enters a customer's pickup location, the address and driving directions are automatically sent to the driver who is closest to the customer's pickup
location.
Drivers indicate their availability on the NorthRide mobile app and can view progress towards their KPI's in real time. Drivers can also record customer ratings and
feedback for each pickup.
Business Requirements
Apps
NorthRideFinder App
Northwind Electric Cars needs a customer-facing website and mobile app that allows customers to schedule pickups. Customers should also be able to create
https://www.gratisexam.com/
profiles that will help ensure the customer gets a ride faster by storing customer information.
Predictor App
Northwind Electric Cars needs a new solution named Predictor. Predictor is an employee- facing mobile app. The app predicts periods of high usage and popular
pickup locations and provides various ways to view this predictive data. Northwind uses this information to better distribute its drivers. Northwind wants to use the
latest Azure technology to create this solution.
Other Requirements
On-premises data must be constantly backed up.
Mobile data must be protected from loss, even if connectivity with the backend is lost.
Dispatch offices need to have seamless access to both their primary data center and the applications and services that are hosted in the Azure cloud.
Connectivity needs to be redundant to on-premises and cloud services, while providing a way for each dispatch office to continue to operate even if one or all of
the connection options fail. The management team requires that operational data is accessible 24/7 from any office location.
Technical Requirements
Other Requirements
Data Storage:
The data storage must interface with an on-premises Microsoft SQL backend database.
A disaster recovery system needs to be in place for large amounts of data that will backup to Azure.
Backups must be fully automated and managed the Azure Management Portal.
The recovery system for company data must use a hybrid solution to back up both the on-premises Microsoft SQL backend and any Azure storage.
Predictive Routing:
An Azure solution must be used for prediction systems.
Predictive analytics must be published as a web service and accessible by using the REST API.
https://www.gratisexam.com/
Security:
The NorthRide app must use an additional level of authentication other than the employee's password.
Access must be secured in NorthRide without opening a firewall port.
Company policy prohibits inbound connections from internet callers to the on- premises network.
Customer usernames in NorthRideFinder cannot exceed 10 characters.
Customer data in NorthRideFinder can be received only by the user ID that is associated with the data.
QUESTION 1
You need to recommend a technology for processing customer pickup requests.
A. Notification hub
B. Queue messaging
C. Mobile Service with push notifications
D. Service Bus messaging
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Azure Service Bus Queue
Web Roles and Worker Roles can directly communicate with each other. However, a more common pattern is to use a reliable messaging system such as Azure
Service Bus Queue to pass messages between them.
Cloud service role: A cloud service role is comprised of application files and a configuration. A cloud service can have two types of role:
web role: A web role provides a dedicated Internet Information Services (IIS) web-server used for hosting front-end web applications.
worker role: Applications hosted within worker roles can run asynchronous, long-running or perpetual tasks independent of user interaction or input
References: https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-azure-and-service-bus-queues-compared-contrasted
QUESTION 2
You need to recommend the appropriate technology to provide the predictive analytics for passenger pickup.
A. Use Power BI to analyze the traffic data and PowerPivot to categorize the results.
B. Use HDInsight to analyze the traffic data and write a .NET program to categorize the results.
https://www.gratisexam.com/
C. Use Machine Learning Studio to create a predictive model and publish the results as a web service.
D. Use Hadoop on-premises to analyze the traffic and produce a report that shows high traffic zones.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Scenario: Predictive Routing:
An Azure solution must be used for prediction systems.
Predictive analytics must be published as a web service and accessible by using the REST API.
Microsoft Azure Machine Learning Studio is a collaborative visual development environment that enables you to build, test, and deploy predictive analytics solutions
that operate on your data. The Machine Learning service and development environment is cloud-based, provides compute resource and memory flexibility, and
eliminates setup and installation concerns because you work through your web browser.
References: https://azure.microsoft.com/en-us/documentation/articles/machine-learning-what-is-ml-studio/
QUESTION 3
You need to design the authentication solution for the NorthRide app.
A. Azure Active Directory Basic with multi-factor authentication for the cloud and on- premises users.
B. Active Directory Domain Services with mutual authentication
C. Azure Active Directory Premium and add multi-factor authentication for the cloud users
D. Active Directory Domain Services with multi-factor authentication
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Scenario: The NorthRide app must use an additional level of authentication other than the employee’s password.
Azure Multi-Factor Authentication is the multi-factor authentication service that requires users to also verify sign-ins using a mobile app, phone call or text
message. It is available to use with Azure Active Directory, to secure on-premise resources with the Azure Multi-Factor Authentication Server, and with custom
applications and directories using the SDK.
https://www.gratisexam.com/
Incorrect answers:
A: Azure Active Directory Basic does not support multi-factor authentication. Azure Active Directory Premium is required.
References:
https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication/ Azure Active Directory Pricing
http://azure.microsoft.com/en-gb/pricing/details/active-directory/
QUESTION 4
You need to recommend a solution that meets the requirements for data storage for the NorthRide app.
https://www.gratisexam.com/
What should you include in the recommendation?
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
Explanation:
AZURE SQL DATABASE
Each SQL Database has three database replicas running at any given time.
In addition, SQL Database provides an automatic “Point in Time Restore” feature, which automatically backs up your SQL database and retains the backups for 7
days for Basic tier, 14 days for Standard tier, and 35 days for Premium tier.
Another fault tolerance feature you get automatically is “geo-restore.” When backing up your databases, Azure stores the most recent daily backup of your database
in a different geographical location.
In the event of a large-scale outage in a region, your data can be restored within 24 hours from another region. If you have more aggressive recovery requirements,
you can use “Standard georeplication” or “Active geo-replication.” Standard geo-replication (available to Standard and Premium-tier users) creates additional
https://www.gratisexam.com/
secondary replicas in a different region than the region in which your database is deployed (this region is called a paired region). These replicas are offline, but they
can be brought online for an application to fail-over to them in the event of a datacenter disruption. Active geo-replication (available to Premium-tier users) provides
the most rapid recovery time by keeping four geo-replicated live secondaries.
References: Exam Ref 70-534 Architecting Microsoft Azure Solutions, Microsoft Press, 15 May 2015
QUESTION 5
You need to configure the Northwind website.
Which two solutions should you use? Each correct answer presents part of the solution.
A. Use Azure Zone Redundant Storage to provide redundancy across Azure global data center.
B. Deploy the Northwind site in an Azure web app
C. Configure a hybrid connection to the database.
D. Implement Azure ExpressRoure to increase the bandwidth for users of the Northwind public website.
E. Create Azure virtual machines that run Windows and Linux servers in Azure data Centers.
Correct Answer: AB
Section: [none]
Explanation
Explanation/Reference:
https://www.gratisexam.com/
Testlet 1
Background
Trey Research is the global leader in analytical data collection and research. Trey Research houses its servers in a highly secure server environment. The company
has continuous monitoring, surveillance, and support to prevent unauthorized access data security.
The company uses advanced security measures including firewalls, security guards, and surveillance to ensure the continued service and protection of data from
natural disaster, intruders, and disruptive events.
Trey Research has recently expanded its operations into the cloud using Microsoft Azure, The Company creates an Azure virtual network and a Virtual Machine
(VM) for moving on-premises Subversion repositories to the cloud. Employees access Trey Research applications hosted on- premises and in the cloud by using
credentials stored on-premises.
Applications
Trey Research host two mobile apps on Azure, DataViewer and DataManager. The company uses Azure-hosted web apps for internal and external users.
Federated partners of the Trey Research have a single sign-on (SSO) experience with the DataViewer application.
Architecture
You have an Azure Virtual Network (VNET) named TREYRESEARCH_VNET. The VNET includes all hosted VMs. The virtual network includes a subnet named
Frontend and a subnet named RepoBackend. A resource group has been created to contain the TREYRESEARCH_VNET, DataManager and DataViewer. You
manage VMs using System Center VM Manager (SCVMM). Data for specific high security projects and clients are hosted on- premises. Data for the other projects
and clients are hosted in the cloud.
Azure Administration
Data Manager
The DataManager app connects to a RESTful service. It allows users to retrieve, update, and delete Trey Research data.
Disaster Recovery
You have the following general requirements:
Azure deployment tasks must be automated by using Azure Resource Manager (ARM) Azure tasks must be automated by using Azure PowerShell.
Disaster recovery and business continuity plans must use single, integrated service that support the following features:
https://www.gratisexam.com/
- All VMs must be backed up to the Azure.
- All on-premises data must be backed up off-site and available for recovery in the event of a disaster.
- Disaster testing must be performed to ensure that recovery times meet management guidelines.
- Fail-over testing must not impact production.
Security
You identify the following security requirements:
You host multiple subversion (SVN) repositories in the RepoBackend subnet. The SVN servers on this subnet must use inbound and outbound TCP at port
8443.
Any configuration changes to account synchronization must be tested without disrupting the services.
High availability is required for account synchronization services.
Employees must never have to revert to old passwords.
Usernames and passwords must not be passed in plain text.
Any identity solution must support Kerberos authentication protocol. You must use Security Assertion Markup Language (SAML) claims to authenticate to on
premise data resources. You must implement an on- premises password policy.
User must be able to reset their passwords in the cloud.
https://www.gratisexam.com/
QUESTION 1
You need to configure identity Synchronization.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Scenario: Any configuration changes to account synchronization must be tested without disrupting the services.
High availability is required for account synchronization services.
QUESTION 2
DRAG DROP
You are creating scripts to authenticate Azure monitoring tasks. You need to authenticate according to the requirements.
How should you complete the relevant Azure PowerShell script? Develop the solution by selecting and arranging the required Azure PowerShell commands in the
correct order.
NOTE: You will not need all of the Azure PowerSell commands.
https://www.gratisexam.com/
https://www.gratisexam.com/
Correct Answer:
https://www.gratisexam.com/
https://www.gratisexam.com/
Section: [none]
Explanation
Explanation/Reference:
Explanation:
The Add-AzureAccount cmdlet makes your Azure account and its subscriptions available in Windows PowerShell. It's like logging into your Azure account in
Windows PowerShell.
The Select-AzureSubscription cmdlet sets and clears the current and default Azure subscriptions.
References: https://docs.microsoft.com/en-us/powershell/module/servicemanagement/azure/add-azureaccount?view=azuresmps-4.0.0
https://docs.microsoft.com/en-us/powershell/module/servicemanagement/azure/select-azuresubscription?view=azuresmps-4.0.0
QUESTION 3
You need to design the business continuity framework.
https://www.gratisexam.com/
A. Hyper-V Replica
B. Azure Backup
C. Azure Site Recovery
D. Azure StoreSimple
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Azure Recovery Services contribute to your BCDR strategy:
Site Recovery service: Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. Site Recovery replicates
https://www.gratisexam.com/
workloads running on physical and virtual machines (VMs) from a primary site to a secondary location. When an outage occurs at your primary site, you fail over to
secondary location, and access apps from there. After the primary location is running again, you can fail back to it.
Backup service: The Azure Backup service keeps your data safe and recoverable by backing it up to Azure.
Scenario: Disaster recovery and business continuity plans must use single, integrated service that support the following features:
All VMs must be backed up to the Azure.
All on-premises data must be backed up off-site and available for recovery in the event of a disaster.
Disaster testing must be performed to ensure that recovery times meet management guidelines.
Fail-over testing must not impact production.
References: https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview
QUESTION 4
DRAG DROP
For each requirement, which solution should you implement? To answer, drag the appropriate solution to the correct requirement. Each solution may be used once,
more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Correct Answer:
https://www.gratisexam.com/
Section: [none]
Explanation
Explanation/Reference:
QUESTION 5
DRAG DROP
You need to design the role-based access control strategy for the company.
What should you do? To answer, drag the appropriate role to the correct user tier. Each role may be used one, more than once, or not at all. You may need to drag
the split bar between panes or scroll to view content.
https://www.gratisexam.com/
Correct Answer:
Section: [none]
Explanation
https://www.gratisexam.com/
Explanation/Reference:
Explanation:
Scenario:
Azure Administration
References: https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-built-in-roles
QUESTION 6
HOTSPOT
You need to enforce the securely requirements for all subversion servers.
How should you configure network security? To answer, select the appropriate answer from each list in the answer area.
Hot Area:
https://www.gratisexam.com/
Correct Answer:
Section: [none]
Explanation
Explanation/Reference:
Explanation:
https://www.gratisexam.com/
You host multiple subversion (SVN) repositories in the RepoBackend subnet.
The SVN servers on this subnet must use inbound and outbound TCP at port 8443.
QUESTION 7
You need to assign permissions for tier four employees.
A. Security Manager
B. Network Contributor
C. Contributor
D. Owner
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Security Manager for Access Control.
Scenario: Tier 4: Access Control
https://www.gratisexam.com/
Testlet 1
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may
be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in
the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and
other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this
case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answer and to make changes before you move to the next section
of the exam. After you begin a new section, you cannot return to this section.
Background
Security
The security team at Tailspin Toys plans to eliminate legacy authentication methods that are in use, including NTLM and Windows pass-through authentication.
Tailspin Toys needs to share resources with several business partners. You are investigating options to securely share corporate data.
Tailspin Toys has several databases that contain personally identifiable information (PII). User access PII only through the Tailspin Toys e-commerce website.
You secure apps by using on-premises Active Directory Domain Services (AD DS) credentials or Microsoft SQL Server logins.
Apps
The Tailspin Toys e-commerce site is hosted on multiple on-premises virtual machines (VMs). The VM runs either Internet Information Server (IIS) or SQL Server
2012 depending on role. The site is published to the Internet by using a single endpoint that balances the load across web servers. The site does not encrypt traffic
between database servers and web servers.
The Tailspin Toys Customer Analyzer app analyzes e-commerce transactions to identify customer buying patterns, and outputs recommended product sale pricing.
The app runs large processing jobs that run for 75-120 minutes several times each day. The application development team plans to replace the current solution with
a parallel processing solution that scales based on computing demands.
The Tailspin Toys Human Resources (HR) app is an in-house developed app that hosts sensitive employee data. The app uses SQL authentication for Role-Based
Access Control (RBAC).
https://www.gratisexam.com/
Problem statement
The Tailspin Toys IT Leadership Team plans to address deficiencies in access control, data security, performance, and availability requirements. All applications
must be updated to meet any new standards that are defined.
The Tailspin Toys e-commerce site was recently targeted by a cyberattack. In the attack, account information was stolen from the customer database. Transactions
that were in progress during the attack were not completed. Forensic investigation of the attack has revealed that the stolen customer data was captured in-transit
from the database to a compromised web server.
The HR team reports that unauthorized IT employees can view sensitive employee data by using service or application accounts.
Business Requirements
Technical Requirements
Security
The security team has established the following requirements for role-separation and RBAC:
Log on hours defined in AD DS must be enforced for users that access cloud resources.
IT operations team members must be able to deploy and manage all resources in Azure, but must not be able to grant permissions to others.
Application development team members must be able to deploy and manage Azure Web Apps.
SQL database administrators must be able to deploy and manage SQL databases used by TailSpin Toys applications.
Application support analysts must be able to manage resources for the application(s) for which they are responsible.
Service desk analysts must be able to view service status and component settings.
Role assignment should use the principle of least privilege.
https://www.gratisexam.com/
Allow secure web traffic on port 443 only.
Enable customers to authentication with Facebook, Microsoft Live ID or other social media identities.
Encrypt SQL data at-rest.
Encrypt data in motion between back-end SQL database instances and web application instances.
Prevent administrator and service accounts from viewing PII data.
Mask account and PII data presented to end user.
Minimize outage duration in event of an Azure datacenter failure.
The site should scale automatically to meet customer demand.
The site should continue to serve requests, even in the event of failure of an Azure datacenter.
Optimize site response time by auto-directing to the closest datacenter based on customer's geographic location.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
QUESTION 1
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
You need to select an Azure compute provider for the Tailspin Toys Customer Analyzer app.
https://www.gratisexam.com/
A. Microsoft Flow
B. Azure Batch
C. Azure Logic Apps
D. Azure Web Jobs
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Azure Batch is a Microsoft cloud computing service for running large-scale parallel and batch compute jobs.
Scenario: The Tailspin Toys Customer Analyzer app analyzes e-commerce transactions to identify customer buying patterns, and outputs recommended product
sale pricing. The app runs large processing jobs that run for 75-120 minutes several times each day. The application development team plans to replace the current
solution with a parallel processing solution that scales based on computing demands.
References: https://azure.microsoft.com/en-us/services/batch/
QUESTION 2
HOTSPOT
You need to secure the network traffic and isolate the Azure SQL Database network traffic.
Which configuration should you use? To answer, select the appropriate options in the answer area.
Hot Area:
https://www.gratisexam.com/
Correct Answer:
https://www.gratisexam.com/
Section: [none]
Explanation
Explanation/Reference:
Explanation:
https://www.gratisexam.com/
A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location
over the public Internet. You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network.
Scenario:
The Azure SQL Database must have a direct connection from the virtual network.
References:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-vnet-service-endpoint-rule-overview
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways
QUESTION 3
You need to correlate the usage and performance data collected by Azure Application Insights with configuration and performance data across the Azure resources
that support the E-Commerce Web Application.
https://www.gratisexam.com/
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Application Insights Analytics, which provides a rich query language for analyzing all data collected by Application Insights. A query can be generated for you that
renders the request count as a chart. You can write your own queries to analyze other data.
https://www.gratisexam.com/
References: https://docs.microsoft.com/en-us/azure/application-insights/quick-monitor-portal
QUESTION 4
Note: This question is part of a series of questions that present the same scenario. Each question on the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to grant an administrator access for the provisioning of Azure resources.
Solution: Enable and configure Azure Active Directory (Azure AD) Privileged Identity Management.
A. Yes
B. No
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Azure AD Privileged Identity Management helps your organization enable on-demand, "just in time" administrative access to Microsoft Online Services like Office
365 and Intune, and to Azure resources (Preview) of subscriptions, resource groups, and individual resources such as Virtual Machines.
References: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
QUESTION 5
Note: This question is part of a series of questions that present the same scenario. Each question on the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to grant an administrator access for the provisioning of Azure resources.
https://www.gratisexam.com/
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Use Azure AD Privileged Identity Management. It helps your organization enable on-demand, "just in time" administrative access to Microsoft Online Services like
Office 365 and Intune, and to Azure resources (Preview) of subscriptions, resource groups, and individual resources such as Virtual Machines.
References: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
QUESTION 6
Note: This question is part of a series of questions that present the same scenario. Each question on the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to grant an administrator access for the provisioning of Azure resources.
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Use Azure AD Privileged Identity Management. It helps your organization enable on-demand, "just in time" administrative access to Microsoft Online Services like
Office 365 and Intune, and to Azure resources (Preview) of subscriptions, resource groups, and individual resources such as Virtual Machines.
https://www.gratisexam.com/
References: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
https://www.gratisexam.com/
Question Set 1
QUESTION 1
A company plans to use Azure Cosmos DB as the document store for an application.
You need to estimate the request units required for the application.
A. collection size
B. database size
C. item size
D. cache size
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
When you estimate the number of request units to provision, it's important to consider the following variables:
Item size. As size increases, the number of request units consumed to read or write the data also increases.
References: https://docs.microsoft.com/en-us/azure/cosmos-db/request-units
QUESTION 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
A company has custom ASP.net and Java applications that run on old versions of Windows and Linux. The company plans to place applications in containers.
You need to design a solution that includes networking, service discovery, and load balancing for the applications. The solution must support storage orchestration.
Solution: You deploy each application to an Azure Web App that has container support.
A. Yes
B. No
https://www.gratisexam.com/
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 3
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
A company has custom ASP.net and Java applications that run on old versions of Windows and Linux. The company plans to place applications in containers.
You need to design a solution that includes networking, service discovery, and load balancing for the applications. The solution must support storage orchestration.
Solution: Deploy a Kubernetes cluster that has the desired number of instances of the applications.
A. Yes
B. No
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/container-service/kubernetes/container-service-intro-kubernetes
QUESTION 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing a storage solution to support on-premises resources and Azure-hosted resources.
https://www.gratisexam.com/
You need to provide on-premises storage that has built-in replication to Azure.
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing a storage solution to support on-premises resources and Azure-hosted resources.
You need to provide on-premises storage that has built-in replication to Azure.
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 6
https://www.gratisexam.com/
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing a storage solution to support on-premises resources and Azure-hosted resources.
You need to provide on-premises storage that has built-in replication to Azure.
https://www.gratisexam.com/
A. Yes
B. No
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/storsimple/storsimple-overview
QUESTION 7
You are designing an Azure Web App that includes many static content files.
The application is accessed from locations all over the world by using a custom domain name.
You need to recommend an approach for providing access to the static content with the least amount of latency.
Which two actions should you recommend? Each correct answer presents part of the solution.
https://www.gratisexam.com/
A. Place the static content in Azure Blob storage and enable Content Delivery Network (CDN) on the account.
B. Place the static content in Azure Table storage.
C. Configure a custom domain name that is an alias for the Azure Storage domain.
D. Configure a CNAME DNS record for the Azure Content Delivery Network (CDN) domain.
Correct Answer: AD
Section: [none]
Explanation
Explanation/Reference:
Explanation:
A: The Azure Content Delivery Network (CDN) offers developers a global solution for delivering high-bandwidth content by caching blobs and static content of
compute instances at physical nodes in the United States, Europe, Asia, Australia and South America.
D: There are two ways to map your custom domain to a CDN endpoint.
1. Create a CNAME record with your domain registrar and map your custom domain and subdomain to the CDN endpoint
2. Add an intermediate registration step with Azure cdnverify
References:
https://docs.microsoft.com/en-us/azure/architecture/best-practices/cdn
QUESTION 8
You are designing a microservices architecture that will support a web application.
https://www.gratisexam.com/
B. Azure Container Service
C. Azure Virtual Machine Scale Set
D. Azure Service Fabric
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
References:
https://msdn.microsoft.com/en-us/magazine/mt595752.aspx
QUESTION 9
You have a customer database on your internal network. The database supports an application that your sales organization uses. You plan to migrate the
application to the cloud.
You need to ensure that the application can access the customer data without affecting network security.
A. Open the ports required to access the database in the network firewall.
B. Use Microsoft Azure Service Bus Relay to expose and consume a SOAP web service with TCP.
C. Configure Direct Access on the virtual network.
D. Create a Site-to-Site VPN connection.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/directaccess/directaccess
QUESTION 10
You are designing an Azure Media Services solution. The solution must meet the following requirements:
Allow only authenticated users to play back media.
Ensure that media playback uses dynamic and envelope encryption.
https://www.gratisexam.com/
Which three actions should you recommend? Each correct answer presents part of the solution.
Explanation/Reference:
References:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/media-services/media-services-protect-with-aes128.md
QUESTION 11
A company uses Microsoft Operations Management Suite (OMS) to manage 1,000 virtual machines (VMs) in Azure.
The security officer reports that VMs often are not updated. You recommend to the company that they implement the OMS Update Management solution.
You need to describe the OMS Update Management solution to the company.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
https://www.gratisexam.com/
Explanation:
The Update Management solution in Azure automation allows you to manage operating system updates for your Windows and Linux computers deployed in Azure,
on-premises environments, or other cloud providers. You can quickly assess the status of available updates on all agent computers and manage the process of
installing required updates for servers.
Note: After updates are assessed for all the Linux and Windows computers in your workspace, you can install required updates by creating an update deployment.
An update deployment is a scheduled installation of required updates for one or more computers.
References:
https://docs.microsoft.com/en-us/azure/operations-management-suite/oms-solution-update-management
QUESTION 12
A company has a public-facing website that is being monitored using Microsoft Operations Management Suite (OMS). The OMS service map solution is deployed.
Customers report that the website displays error messages and is very slow to load pages each day at 04:00. The company plans to use the OMS Service Map
solution to investigate the issues.
You need to recommend actions that the company should perform with OMS Service Map.
Which three actions should you recommend? Each correct answer presents a complete solution.
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/operations-management-suite/operations-management-suite-service-map
QUESTION 13
You have business services that run on an on-premises mainframe server.
You must provide an intermediary configuration to support existing business services and Azure. The business services cannot be rewritten. The business services
https://www.gratisexam.com/
are not exposed externally.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Explanation:
The Azure WCF Relay service enables you to build hybrid applications that run in both an Azure datacenter and your own on-premises enterprise environment. The
relay service facilitates this by enabling you to securely expose Windows Communication Foundation (WCF) services that reside within a corporate enterprise
network to the public cloud, without having to open a firewall connection, or requiring intrusive changes to a corporate network infrastructure.
References:
http://azure.microsoft.com/en-gb/documentation/articles/service-bus-dotnet-how-to-use-relay/
QUESTION 14
A partner manages on-premises and Azure environments. The partner deploys an on-premises solution that needs to use Azure services. The partner deploys a
virtual appliance.
All network traffic that is directed to a specific subnet must flow through the virtual appliance.
Which two options should you recommend? Each correct answer presents a complete solution.
https://www.gratisexam.com/
Correct Answer: AD
Section: [none]
Explanation
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-routing
QUESTION 15
You manage on-premises network and Azure virtual networks.
You need a secure private connection between the on-premises networks and the Azure virtual networks. The connection must offer a redundant pair of cross
connections to provide high availability.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
QUESTION 16
You are designing a solution that will aggregate and analyze data from Internet of Things (IoT) devices.
https://www.gratisexam.com/
What should you recommend?
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
References:
https://azure.microsoft.com/en-us/services/data-lake-store/
QUESTION 17
Your company uses Office 365 for all employees. The company plans to create a website where customers can view and register technical support cases.
Which two actions should you recommend? Each correct answer presents part of the solution.
Correct Answer: AD
Section: [none]
Explanation
https://www.gratisexam.com/
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-overview
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-overview-custom
QUESTION 18
Note: This question is part of a series of questions that present the same scenario. Each question on the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
A company has custom ASP.net and Java applications that run on old versions of Windows and Linux. The company plans to place applications in containers.
You need to design a solution that includes networking, service discovery, and load balancing for the applications. The solution must support storage orchestration.
A. Yes
B. No
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Azure Container Instances are really containers as a service. You request a container instance to be created based on an image and the container is created for
you. You don't see an orchestrator, you don't see a VM, you don't see anything other than your container instance.
References: https://azure.microsoft.com/en-us/services/container-instances/
QUESTION 19
Note: This question is part of a series of questions that present the same scenario. Each question on the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing a storage solution to support on-premises resources and Azure-hosted resources.
https://www.gratisexam.com/
You need to provide on-premises storage that has built-in replication to Azure.
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
References: https://azure.microsoft.com/en-us/services/container-instances/
QUESTION 20
You develop a new Azure Web App that uses multiple Azure blobs and static content. The Web App uses a large number of JavaScript files and cascading style
sheets. Some of these files contain references to other files. Users are geographically dispersed.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Azure Web Apps provides a great way of building and scale Web Apps. Adding a Redis Cache allows you serve data much faster to the user which increases the
performance a lot. Redis Cache is an open source engine which has consistent low latency and high throughput.
https://www.gratisexam.com/
References: https://docs.microsoft.com/en-us/azure/redis-cache/cache-web-app-cache-aside-leaderboard
QUESTION 21
You are designing the deployment of virtual machines (VMs) and web services that run in Azure.
You need to specify the desired state of a node and ensure that the node remains at that state.
https://www.gratisexam.com/
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Azure Automation DSC is an Azure service that allows you to write, manage, and compile PowerShell Desired State Configuration (DSC) configurations, import
DSC Resources, and assign configurations to target nodes, all in the cloud.
References: https://docs.microsoft.com/en-us/azure/automation/automation-dsc-overview
QUESTION 22
A company has a hybrid ASP.NET Web API application that is based on a software as a service (SaaS) offering.
Users report general issues with the data. You advise the company to implement live monitoring and use ad hoc queries on stored JSON data. You also advise the
company to set up smart alerting to detect anomalies in the data.
https://www.gratisexam.com/
What should you recommend?
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
References: https://azure.microsoft.com/en-us/blog/how-azure-security-center-helps-analyze-attacks-using-investigation-and-log-search/
QUESTION 23
A company hosts virtual machines (VMs) in an on-premises datacenter and in Azure. The on-premises and Azure-based VMs communicate using ExpressRoute.
The company wants to be able to continue regular operations if the ExpressRoute connection fails. Failover connections must use the Internet and must not require
Multiprotocol Label Switching (MPLS) support.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Remember that replication from Azure to on-premises can happen only over the S2S VPN, or over the private peering of your ExpressRoute network. Ensure that
enough bandwidth is available over that network channel.
References: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-faqs
https://www.gratisexam.com/
QUESTION 24
A company receives over 1,000 emails each day through the general alias info@contoso.com. The emails originate from all over the world, and include complaints
and sales inquiries. Many emails relate to random topics.
The company must be able to automatically categorize emails based upon the company location geographically closest to the sender.
Which two options should you recommend? Each correct answer presents a complete solution.
Correct Answer: BC
Section: [none]
Explanation
Explanation/Reference:
Explanation:
The Microsoft Bot Framework provides just what you need to build and connect intelligent bots that interact naturally wherever your users are talking, from text/SMS
to Skype, Slack, Office 365 mail and other popular services.
References: https://blog.botframework.com/2018/05/07/build-a-microsoft-bot-framework-bot-with-the-bot-builder-sdk-v4/
QUESTION 25
You are developing a hybrid solution for a video editing company. Videos are currently edited on-premises and stored in Server Message Block (SMB) protocol
share. Due to legal regulations, videos must be stored on-premises.
A. Azure StorSimple
B. Azure Blob storage
https://www.gratisexam.com/
C. Azure Table storage
D. Azure Cosmos DB
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
The Microsoft Azure StorSimple Virtual Array is an integrated storage solution that manages storage tasks between an on-premises virtual array running in a
hypervisor and Microsoft Azure cloud storage.
The virtual array supports the iSCSI or Server Message Block (SMB) protocol. It runs on your existing hypervisor infrastructure and provides tiering to the cloud,
cloud backup, fast restore, item-level recovery, and disaster recovery features.
References: https://docs.microsoft.com/en-us/azure/storsimple/storsimple-ova-overview
QUESTION 26
A company plans to use Azure Cosmos DB as the document store for an application.
You need to estimate the request units required for the application.
A. item size
B. consistency level
C. cache size
D. number of regions
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
When you estimate the number of request units to provision, it's important to consider the following variables:
* Item size. As size increases, the number of request units consumed to read or write the data also increases.
* Etc.
https://www.gratisexam.com/
References: https://docs.microsoft.com/en-us/azure/cosmos-db/request-units
QUESTION 27
HOTSPOT
You manage a network that includes an on-premises Active Directory Domain Services domain and an Azure Active Directory (Azure AD).
Employees are required to use different accounts when using on-premises or cloud resources. You must recommend a solution that lets employees sign in to all
company resources by using a single account. The solution must implement an identity provider.
How should you describe each identity provider? To answer, select the appropriate description from each list in the answer area.
Hot Area:
https://www.gratisexam.com/
Correct Answer:
https://www.gratisexam.com/
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Synchronized identity is the simplest way to synchronize on-premises directory objects (users and groups) with Azure AD.
While synchronized identity is the easiest and quickest method, your users still need to maintain a separate password for cloud-based resources. To avoid this, you
can also (optionally) synchronize a hash of user passwords to your Azure AD directory. Synchronizing password hashes enables users to log in to cloud-based
organizational resources with the same user name and password that they use on-premises. Azure AD Connect periodically checks your on-premises directory for
changes and keeps your Azure AD directory synchronized. When a user attribute or password is changed on-premises Active Directory, it is automatically updated
https://www.gratisexam.com/
in Azure AD.
Federated identity:
For more control over how users access Office 365 and other cloud services, you can set up directory synchronization with single sign-on (SSO) using Active
Directory Federation Services (AD FS). Federating your user's sign-ins with AD FS delegates authentication to an on-premises server that validates user
credentials. In this model, on-premises Active Directory credentials are never passed to Azure AD.
https://www.gratisexam.com/
Reference: https://docs.microsoft.com/en-us/azure/active-directory/choose-hybrid-identity-solution#synchronized-identity
QUESTION 28
Note: This question is part of a series of questions that present the same scenario. Each ques-tion on the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
https://www.gratisexam.com/
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are planning to create a virtual network that has a scale set that contains six virtual machines (VMs).
A monitoring solution on a different network will need access to the VMs inside the scale set.
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Public IP addresses are necessary because they provide the load balanced entry point for the virtual machines in the scale set. The public IP address will route
traffic to the appropriate virtual machines in the scale set.
Reference: https://mitra.computa.asia/articles/msdn-virtual-machine-scale-sets-it-really-about-protecting-your-applications-performance
QUESTION 29
Note: This question is part of a series of questions that present the same scenario. Each ques-tion on the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are planning to create a virtual network that has a scale set that contains six virtual machines (VMs).
A monitoring solution on a different network will need access to the VMs inside the scale set.
Solution: Design a scale set to automatically assign public IP addresses to all VMs.
https://www.gratisexam.com/
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
All VMs do not need public IP addresses.
Public IP addresses are necessary because they provide the load balanced entry point for the virtual machines in the scale set. The public IP address will route
traffic to the appropriate virtual machines in the scale set.
Reference: https://mitra.computa.asia/articles/msdn-virtual-machine-scale-sets-it-really-about-protecting-your-applications-performance
QUESTION 30
Note: This question is part of a series of questions that present the same scenario. Each ques-tion on the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are planning to create a virtual network that has a scale set that contains six virtual machines (VMs).
A monitoring solution on a different network will need access to the VMs inside the scale set.
Solution: Deploy a standalone VM that has a public IP address to the virtual network.
A. Yes
B. No
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Public IP addresses are necessary because they provide the load balanced entry point for the virtual machines in the scale set. The public IP address will route
traffic to the appropriate virtual machines in the scale set.
https://www.gratisexam.com/
Reference: https://mitra.computa.asia/articles/msdn-virtual-machine-scale-sets-it-really-about-protecting-your-applications-performance
QUESTION 31
Note: This question is part of a series of questions that present the same scenario. Each ques-tion on the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a solution in Azure. You configure Event Hubs to collect telemetry data from dozens of industrial machines. Hundreds of events per minute are logged
in near real-time. You use this data to create dashboards for analysts.
The company is expanding their machinery and wants to know if the current telemetry solution will be sufficient to handle the volume of the increasing workload.
The volume will increase 10 times by year end and on a regular basis thereafter. Latency will become more and more important as volume increases.
Messages must be retained for a week. Data must be captured automatically without price increase.
Solution: Use single-tenant hosting in the dedicated tier to handle the increased volume.
A. Yes
B. No
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Azure Event Hubs Dedicated is ideal for customers that need a single-tenant deployment to manage the most demanding requirements.
Note: The dedicated tier option involves Zero maintenance: The service manages load balancing, OS updates, security patches, and partitioning.
The following table compares the available service tiers of Event Hubs. The Event Hubs Dedicated offering is a fixed monthly price, compared to usage pricing for
most features of Standard. The Dedicated tier offers all the features of the Standard plan, but with enterprise scale capacity for customers with demanding
workloads.
https://www.gratisexam.com/
Reference: https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-dedicated-overview
QUESTION 32
Note: This question is part of a series of questions that present the same scenario. Each ques-tion on the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a solution in Azure. You configure Event Hubs to collect telemetry data from dozens of industrial machines. Hundreds of events per minute are logged
in near real-time. You use this da-ta to create dashboards for analysts.
The company is expanding their machinery and wants to know if the current telemetry solution will be sufficient to handle the volume of the increasing workload.
The volume will increase 10 times by year end and on a regular basis thereafter. Latency will become more and more important as volume increases.
Messages must be retained for a week. Data must be captured automatically without price increase.
https://www.gratisexam.com/
You need to recommend a solution.
Solution: Use the fully-managed platform as a service option in the dedicated tier to handle the increased volume.
A. Yes
B. No
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Azure Event Hubs Dedicated is ideal for customers that need a single-tenant deployment, not the fully-managed platform, to manage the most demanding
requirements.
Reference: https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-dedicated-overview
QUESTION 33
Your company is developing an e-commerce Azure App Service Web App to support hundreds of restaurant locations around the world. You are designing the
messaging solution architecture to support the e-commerce transactions and messages.
https://www.gratisexam.com/
You need to choose the Azure messaging solution to support the Restaurant Telemetry feature.
Correct Answer: A
Section: [none]
https://www.gratisexam.com/
Explanation
Explanation/Reference:
Explanation:
Azure Event Hubs is a highly scalable data streaming platform and event ingestion service, capable of receiving and processing millions of events per second.
Event Hubs can process and store events, data, or telemetry produced by distributed software and devices.
Capture enables you to capture Event Hubs streaming data and store it in an Azure Blob storage account.
Incorrect Answers:
D: The Azure Relay service facilitates hybrid applications by enabling you to securely expose services that reside within a corporate enterprise network to the public
cloud, without having to open a firewall connection, or require intrusive changes to a corporate network infrastructure.
Reference: https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-what-is-event-hubs
QUESTION 34
You have an Azure solution that uses Multi-Factor Authentication for added security when users are outside of the office. The billing model has been set to per-
authentication.
Your company acquires another company and adds the new staff to Azure Active Directory (Azure AD). New staff members must use Multi-Factor Authentication.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
The billing model is selected during resource creation and cannot be changed once the resource is provisioned. It's possible, however, to create a new Multi-Factor
Authentication resource to replace the original. Please note that user settings and configuration options cannot be transferred to the new resource.
Reference: https://azure.microsoft.com/en-us/pricing/details/multi-factor-authentication/
QUESTION 35
https://www.gratisexam.com/
DRAG DROP
The bot provides custom responses to questions based upon the identity of the user.
What should you recommend? To answer, drag the appropriate solution to the correct scenario. Each solution may be used once, more than once, or not at all. You
may need to drag the split bar between panes to scroll or view content.
Correct Answer:
https://www.gratisexam.com/
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Note: With Azure, built-in intelligence is within the reach of all app developers. Enable your serverless code or logic to use Machine Learning and Cognitive
Services.
Example:
Speech: Convert spoken audio into text, use voice for verification, or add speaker recognition to your app.
https://www.gratisexam.com/
Box 3, Read questions to users: Azure Functions
Azure Functions is a serverless solution.
Reference:
https://docs.microsoft.com/en-us/azure/cognitive-services/face/overview
https://azure.microsoft.com/en-us/services/cognitive-services/
QUESTION 36
You manage an Azure environment for a company. The environment has over 25,000 licensed users and 100 mission-critical applications.
You need to recommend a solution that provides advanced endpoint threat detection and remediation strategies.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Azure Active Directory Identity Protection is a feature of the Azure AD Premium P2 edition that enables you to:
Configure automated responses to detected suspicious actions that are related to your organization’s identities
Reference: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection
QUESTION 37
You manage a solution in Azure.
You must collect usage data including MAC addresses from all devices on the network.
https://www.gratisexam.com/
You need to recommend a monitoring solution.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Wire data is consolidated network and performance data collected from Windows-connected and Linux-connected computers with the OMS agent, including those
monitored by Operations Manager in your environment. Network data is combined with your other log data to help you correlate data.
When you search using wire data, you can filter and group data to view information about the top agents and top protocols. Or you can view when certain
computers (IP addresses/MAC addresses) communicated with each other, for how long, and how much data was sent — basically, you view metadata about
network traffic, which is search-based
Reference: https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-wire-data
QUESTION 38
You are responsible for mobile app development for a company. The company develops apps on Windows Mobile, iOS, and Android. You plan to integrate push
notifications into every app.
Which two options can you use to achieve this goal? Each correct answer presents a complete solution.
https://www.gratisexam.com/
Correct Answer: AC
Section: [none]
Explanation
Explanation/Reference:
A: With the release of Social Cloud we got to use many different features of Windows Azure Mobile Services including Push Notifications. As a long time developer
of mobile apps, leveraging push notifications is a great way to stay connected and engaged with your customers and Azure Mobile Services makes it really easy to
implement without having the headache of deploying server infrastructure.
C: The Mobile Apps feature of Azure App Service uses Azure Notification Hubs to send pushes, so you will be configuring a notification hub for your mobile app.
Reference:
https://docs.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-ios-get-started-push
http://www.redbitdev.com/implementing-push-notifications-with-azure-mobile-services/
QUESTION 39
You are designing two Azure HDInsight clusters for a bank. The clusters will process millions of transactions each day.
The storage solution for the clusters must meet the following requirements:
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Azure Data Lake uses an Hierarchical file system.
Incorrect Answers:
A: Azure Blob storage uses an object store with flat namespace.
https://www.gratisexam.com/
Reference: https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-comparison-with-blob-storage
QUESTION 40
You are migrating an existing Windows application to an Azure virtual machine (VM) that runs Windows.
The application generates, stores, and retrieves a large number of small files. The performance of the application directly corresponds to the speed that these files
can be loaded and saved.
Which are two possible ways to achieve this goal? Each correct answer presents a complete solution.
Correct Answer: AD
Section: [none]
Explanation
Explanation/Reference:
A: Azure Premium Storage delivers high-performance, low-latency disk support for virtual machines (VMs) with input/output (I/O)-intensive workloads. VM disks that
use Premium Storage store data on solid-state drives (SSDs). To take advantage of the speed and performance of premium storage disks, you can migrate existing
VM disks to Premium Storage.
Azure offers two ways to create premium storage disks for VMs:
Unmanaged disks
The original method is to use unmanaged disks. In an unmanaged disk, you manage the storage accounts that you use to store the virtual hard disk (VHD) files that
correspond to your VM disks. VHD files are stored as page blobs in Azure storage accounts.
Managed disks
When you choose Azure Managed Disks, Azure manages the storage accounts that you use for your VM disks. You specify the disk type (Premium or Standard)
and the size of the disk that you need. Azure creates and manages the disk for you.
Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/premium-storage
https://www.gratisexam.com/
QUESTION 41
You are designing an Azure application that will use a worker role. The worker role will create temporary files.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Local storage is temporary in Azure. So, if the virtual machine supporting your role dies and cannot recover, your local storage is lost! Therefore, Azure developers
will tell you, only volatile data should ever be stored in local storage of Azure.
References:
http://www.intertech.com/Blog/windows-azure-local-file-storage-how-to-guide-and-warnings/ http://blog.codingoutloud.com/2011/06/12/azure-faq-can-i-write-to-the-
file-system-on- windowsazure/
QUESTION 42
You are designing an Azure web application. The application uses one worker role.
https://www.gratisexam.com/
https://www.gratisexam.com/
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Explanation:
On the Scale page of the Azure Management Portal, you can manually scale your application or you can set parameters to automatically scale it. You can scale
applications that are running Web Roles, Worker Roles, or Virtual Machines. To scale an application that is running instances of Web Roles or Worker Roles, you
add or remove role instances to accommodate the work load.
References: http://azure.microsoft.com/en-gb/documentation/articles/cloud-services-how-to-scale/
QUESTION 43
You are evaluating an Azure application.
A web role that provides the ASP.NET user interface and business logic
A single SQL database that contains all application data
Each webpage must receive data from the business logic layer before returning results to the client. Traffic has increased significantly.
You need to recommend an approach for scaling the application. What should you recommend?
https://www.gratisexam.com/
C. Move the business logic to a worker role.
D. Store the business logic results in Azure local storage.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Explanation:
For Cloud Services in Azure applications need both web and worker roles to scale well. Application Patterns and Development Strategies for SQL Server in Azure
Virtual Machines
References: https://msdn.microsoft.com/en-us/library/azure/dn574746.aspx
QUESTION 44
You are planning an upgrade strategy for an existing Azure application.
The management team is concerned about application downtime, due to a business service level agreement (SLA).
You are evaluating which change in your environment will require downtime. You need to identify the changes to the environment that will force downtime. Which
change always requires downtime?
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
If you change the number of endpoints for your service, for example by adding a HTTPS endpoint for your existing Web Role, it will require downtime.
https://www.gratisexam.com/
QUESTION 45
You are designing an Azure application that processes graphical image files.
The graphical images are processed in batches by remote applications that run on multiple servers.
You need to ensure that each remote application has exclusive access to an image while the application processes the image.
A. Table service
B. Queue service
C. Blob service
D. A single Azure VHD that is attached to the web role
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Explanation:
* Blob Leases allow you to claim ownership to a Blob. Once you have the lease you can then update the Blob or delete the Blob without worrying about another
process changing it underneath you. When a Blob is leased, other processes can still read it, but any attempt to update it will fail. You can update Blobs without
taking a lease first, but you do run the chance of another process also attempting to modify it at the same time.
* You can opt to use either optimistic or pessimistic concurrency models to manage access to blobs and containers in the blob service.
References:
http://justazure.com/azure-blob-storage-part-8-blob-leases/
http://www.azurefromthetrenches.com/?p=1371
QUESTION 46
You are designing an Azure application that stores data.
The data storage system must support storing more than 500 GB of data.
https://www.gratisexam.com/
Data retrieval must be possible from a large number of parallel threads.
Threads must not block each other.
You need to recommend an approach for storing data. What should you recommend?
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
Explanation:
* Azure Table Storage can be useful for applications that must store large amounts of nonrelational data, and need additional structure for that data. Tables offer
key-based access to unschematized data at a low cost for applications with simplified data-access patterns. While Azure Table Storage stores structured data
without schemas, it does not provide any way to represent relationships between the data.
References: https://msdn.microsoft.com/en-us/library/azure/jj553018.aspx
QUESTION 47
You are designing a Windows Azure application.
The application includes processes that communicate by using Windows Communications Foundation (WCF) services.
You need to recommend a host for the processes and a WCF binding.
Which two actions should you recommend? Each correct answer presents part of the solution. (Choose two.)
https://www.gratisexam.com/
B. Host the processes in worker roles.
C. Use NetTcpBinding for the WCF services.
D. Use WSHttpBinding for the WCF services.
Correct Answer: BC
Section: [none]
Explanation
Explanation/Reference:
Worker roles are Windows Server VMs with IIS disabled.
WCF Streaming is only available with the following system-defined bindings: BasicHttpBinding, NetTcpBinding, NetNamedPipeBinding, and WebHttpBinding.
Incorrect:
Not A: Web roles are Windows Server VMs with IIS enabled.
References:
https://msdn.microsoft.com/en-us/library/ms733742(v=vs.110).aspx
QUESTION 48
You are designing a Windows Azure application that will use a worker role. The worker role will create temporary files.
You need to recommend an approach for creating the temporary files that minimizes storage transactions.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Local storage is temporary in Azure. So, if the virtual machine supporting your role dies and cannot recover, your local storage is lost! Therefore, Azure developers
will tell you, only volatile data should ever be stored in local storage of Azure.
https://www.gratisexam.com/
Windows Azure Local File Storage How To Guide And Warnings
References:
http://www.intertech.com/Blog/windows-azure-local-file-storage-how-to-guide-and-warnings/ http://blog.codingoutloud.com/2011/06/12/azure-faq-can-i-write-to-the-
file-system-on- windowsazure/
QUESTION 49
You design an Azure web application.
You need to recommend a DNS resource record type that will allow you to configure access to the web application by using a custom domain name.
A. SRV
B. MX
C. CNAME
D. A
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Explanation:
You can also use CNAME or A records to associate a custom domain name with your VM. When you use A records, however, you need to note that the VIP of your
VM might change. When you deallocate a VM, the associated VIP is released. And when the VM is restarted later, a new VIP will be picked and assigned. If you
want to ensure that your VM has a static public IP address, you’ll need to configure a static IP address for it as described earlier.
References: http://azure.microsoft.com/en-gb/documentation/articles/cloud-services-custom-domain-name/
QUESTION 50
You are designing an Azure application.
The application includes services hosted in different geographic locations. The service locations may change.
You need to recommend an approach for data transmission between your application and Azure services.
https://www.gratisexam.com/
The solution must minimize administrative effort. What should you recommend?
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Explanation:
The cost of ACS transactions is insignificant when performing messaging operations against Service Bus queues. Service Bus acquires one ACS token per a single
instance of the messaging factory object. The token is then reused until it expires, after about 20 minutes. Therefore, the volume of messaging operations in
Service Bus is not directly proportional to the amount of ACS transactions required to support these operations.
References: https://msdn.microsoft.com/library/azure/hh767287.aspx
QUESTION 51
You are designing a distributed application for Azure.
You need to recommend a method of enabling Internet Protocol security (IPsec)-protected connections between on-premises servers and the distributed
application.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
Explanation:
https://www.gratisexam.com/
IPsec can be used on Azure Site-to-Site VPN connections. Distributed applications can use the IPSec VPN connections to communicate.
References: https://msdn.microsoft.com/en-us/library/azure/dn133798.aspx
QUESTION 52
A company has 10 on-premises SQL databases.
The company plans to move the databases to SQL Server 2012 that runs in Azure Infrastructure- as-a-Service (IaaS).
After migration, the databases will support a limited number of Azure websites in the same Azure Virtual Network.
You must restore copies of existing on-premises SQL databases to the SQL servers that run in Azure IaaS.
You must be able to manage the SQL databases remotely.
You must not open a direct connection from all of the machines on the on-premises network to Azure.
Connections to the databases must originate from only five Windows computers.
You need to configure remote connectivity to the databases.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Explanation:
A point-to-site VPN would meet the requirements.
Configure a Point-to-Site VPN connection to an Azure Virtual Network
References:
https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-point-to-site-create/
QUESTION 53
You have several virtual machines (VMs) that run in Azure.
https://www.gratisexam.com/
You also have a single System Center 2012 R2 Configuration Manager (SCCM) primary site on- premises.
You need to use SCCM to collect inventory and deploy software to Azure VMs.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Cloud-based distribution Point, a Configuration Manager Site System Role in the Cloud Much of the Configuration Manager topology is made up of distribution
points, they are very helpful in many situations where bandwidth and geographical separation are the facts of life, but also hard to manage if you have hundreds or
even thousands of them.
This feature started with the vision that it makes perfect sense to have big distribution points in the Windows Azure cloud where one should not worry about things
like (but not limited to) size, performance, reliability, security, access from all around the world, hardware/software update issues etc.
Note: Content management in System Center 2012 Configuration Manager provides the tools for you to manage content files for applications, packages, software
updates, and operating system deployment. Configuration Manager uses distribution points to store files that are required for software to run on client computers.
These distribution points function as distribution centers for the content files and let users download and run the software. Clients must have access to at least one
distribution point from which they can download the files.
QUESTION 54
You are running a Linux guest in Azure Infrastructure-as-a-Service (IaaS). You must run a daily maintenance task.
The maintenance task requires native BASH commands. You need to configure Azure Automation to perform this task.
https://www.gratisexam.com/
Which three actions should you perform? Each correct answer presents part of the solution.
Explanation/Reference:
Explanation:
A: An Automation Account is a container for your Azure Automation resources: it provides a way to separate your environments or further organize your workflows.
To create an Automation Account
1. Log in to the Azure Management Portal.
2. In the Management Portal, click Create an Automation Account.
3. On the Add a New Automation Account page, enter a name and pick a region for the account.
E:
Managing SSH enabled Linux hosts using Service Management Automation
References:
http://azure.microsoft.com/blog/2014/07/29/getting-started-with-azure-automation- automationassets-2/
http://blogs.technet.com/b/orchestrator/archive/2014/05/01/managing-ssh-enabled-linux- hostsusing-service-management-automation.aspx
QUESTION 55
A company has multiple Azure subscriptions.
https://www.gratisexam.com/
You install the Azure PowerShell module, but you are unable connect to all of the company's Azure subscriptions.
A. Get-AzurePublishSettingsFile
B. Import-AzurePublishSettingsFile
C. Add-AzureSubscription
D. Import-AzureCertificate
E. Get-AzureCertificate
Correct Answer: AB
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Before you start using the Windows Azure cmdlets to automate deployments, you must configure connectivity between the provisioning computer and Windows
Azure. You can do this automatically by downloading the PublishSettings file from Windows Azure and importing it.
1. To download and import publish settings and subscription information at the Windows PowerShell command prompt, type the following command, and then
press Enter. Get-AzurePublishSettingsFile
2. Sign in to the Windows Azure Management Portal, and then follow the instructions to download your Windows Azure publishing settings. Save the file as a
.publishsettings type file to your computer.
3. In the Windows Azure PowerShell window, at the command prompt, type the following command, and then press Enter. Import-AzurePublishSettingsFile
<mysettings>.publishsettings
References: https://msdn.microsoft.com/en-us/library/dn385850%28v=nav.70%29.aspx
QUESTION 56
You are designing a solution that will interact with non-Windows applications over unreliable network connections.
You need to ensure that non-Windows applications retrieve messages from the solution.
A. An Azure Queue
B. The Azure Service Bus Queue
https://www.gratisexam.com/
C. An Azure blob storage container that has a private access policy
D. Azure Table storage
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Any Microsoft or non-Microsoft applications can use a Service Bus REST API to manage and access messaging entities over HTTPS.
By using REST applications based on non-Microsoft technologies (e.g. Java, Ruby, etc.) are allowed not only to send and receive messages from the Service Bus,
but also to create or delete queues, topics and subscription in a given namespace.
References: https://code.msdn.microsoft.com/windowsazure/service-bus-explorer-f2abca5a
QUESTION 57
You are designing a plan for testing a Windows Azure service.
The service runs in the development fabric but fails on Windows Azure.
You need to recommend an approach for identifying errors that occur when the service runs on Windows Azure.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
The Azure Diagnostics extension is an agent within Azure that enables the collection of diagnostic data on a deployed application. You can use the diagnostics
extension from a number of different sources. Currently supported are Azure Cloud Service (classic) Web and Worker Roles, Virtual Machines, Virtual Machine
Scale sets, and Service Fabric.
References: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/azure-diagnostics
https://www.gratisexam.com/
QUESTION 58
You are designing a plan to migrate an existing application to Windows Azure. The application currently resides on a server that has 20 GB of hard disk space.
You need to recommend the smallest compute instance size that provides local storage equivalent to that of the existing server.
A. ExtraSmall
B. ExtraLarge
C. Small
D. Large
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
References: https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-sizes-specs#a-series
QUESTION 59
An application currently resides on an on-premises virtual machine that has 2 CPU cores, 4 GB of RAM, 20 GB of hard disk space, and a 10 megabit/second
https://www.gratisexam.com/
network connection.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Explanation:
General purpose compute: Basic tier
An economical option for development workloads, test servers, and other applications that don’t require load balancing, auto-scaling, or memory-intensive virtual
machines.
CPU core range: 1-8
RAM range: 0.75 – 14 GB
Disk size: 20-240 GB
Incorrect Answers:
A: Network optimized: fast networking with InfiniBand support Available in select data centers. A8 and A9 virtual machines feature Intel® Xeon® E5 processors.
Adds a 40Gbit/s InfiniBand network with remote direct memory access (RDMA) technology. Ideal for Message Passing Interface (MPI) applications, high-
performance clusters, modeling and simulations, video encoding, and other compute or network intensive scenarios.
D: D-series virtual machines feature solid state drives (SSDs) and 60% faster processors than the A-series and are also available for web or worker roles in Azure
https://www.gratisexam.com/
Cloud Services. This series is ideal for applications that demand faster CPUs, better local disk performance, or higher memories.
References: http://azure.microsoft.com/en-us/pricing/details/virtual-machines/
QUESTION 60
You are designing an Azure development environment.
Team members learn Azure development techniques by training in the development environment. The development environment must auto scale and load balance
additional virtual machine (VM) instances.
You need to recommend the most cost-effective compute-instance size that allows team members to work with Azure in the development environment.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Azure A1 standard VM Instance would be cheapest with 1 CPU core, 0.75 GB RAM, and 40 GB HD. It would be good enough for training purposes.
References: http://azure.microsoft.com/en-us/pricing/details/virtual-machines/
QUESTION 61
You manage an Azure virtual network that hosts 15 virtual machines (VMs) on a single subnet, which is used for testing a line of business (LOB) application.
You need to ensure that TestWebServiceVM always starts by using the same IP address. You need to achieve this goal by using the least amount of administrative
effort.
https://www.gratisexam.com/
B. Use RDP to configure TestWebServiceVM.
C. Run the Set-AzureStaticVNetIP PowerShell cmdlet.
D. Run the Get-AzureReservedIP PowerShell cmdlet.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Specify a static internal IP for a previously created VM.
If you want to set a static IP address for a VM that you previously created, you can do so by using the following cmdlets. If you already set an IP address for the VM
and you want to change it to a different IP address, you'll need to remove the existing static IP address before running these cmdlets. See the instructions below to
remove a static IP. For this procedure, you'll use the Update-AzureVM cmdlet. The Update-AzureVM cmdlet restarts the VM as part of the update process. The DIP
that you specify will be assigned after the VM restarts. In this example, we set the IP address for VM2, which is located in cloud service StaticDemo.
Get-AzureVM -ServiceName StaticDemo -Name VM2 | Set-AzureStaticVNetIP -IPAddress 192.168.4.7 | Update-AzureVM
References:http://msdn.microsoft.com/en-us/library/azure/dn630228.aspx
QUESTION 62
You administer of a set of virtual machine (VM) guests hosted in Hyper-V on Windows Server 2012 R2.
All guests currently are provisioned with one or more network interfaces with static bindings and VHDX disks.
You need to move the VMs to Azure Virtual Machines hosted in an Azure subscription.
Which three actions should you perform? Each correct answer presents part of the solution.
https://www.gratisexam.com/
Correct Answer: ACE
Section: [none]
Explanation
Explanation/Reference:
A: You need to install the the Azure Linux Agent.
E: The VHDX format is not supported in Azure, only fixed VHD. You can convert the disk to VHD format using Hyper-V Manager or the convert-vhd cmdlet.
References: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/suse-create-upload-vhd#prerequisites
https://support.microsoft.com/en-us/help/2721672/microsoft-server-software-support-for-microsoft-azure-virtual-machines
QUESTION 63
A company creates an API and makes it accessible on an Azure website. External partners use the API occasionally. The website uses the Standard web hosting
plan.
Partners report that the first API call in a sequence of API calls occasionally takes longer than expected to run. Subsequent API calls consistently perform as
expected.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Always On. By default, web apps are unloaded if they are idle for some period of time. This lets the system conserve resources. In Basic or Standard mode, you
can enable Always On to keep the app loaded all the time. If your app runs continuous WebJobs or runs WebJobs triggered using a CRON expression, you should
enable Always On, or the web jobs may not run reliably.
References: https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure
https://www.gratisexam.com/
QUESTION 64
HOTSPOT
You have an Azure SQL Database named Contosodb. Contosodb is running in the Standard/S2 tier and has a service level objective of 99 percent.
You review the service tiers in Microsoft Azure SQL Database as well as the results of running performance queries for the usage of the database for the past week
as shown in the exhibits. (Click the Exhibits button.)
https://www.gratisexam.com/
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
https://www.gratisexam.com/
Correct Answer:
https://www.gratisexam.com/
Section: [none]
Explanation
Explanation/Reference:
QUESTION 65
You manage a virtual Windows Server 2012 web server that is hosted by an on-premises Windows Hyper-V server. You plan to use the virtual machine (VM) in
Azure.
https://www.gratisexam.com/
Which Azure Power Shell cmdlet should you use?
A. Import-AzureVM
B. New-AzureVM
C. Add-AzureDisk
D. Add-AzureWebRole
E. Add-AzureVhd
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
The Add-AzureDisk cmdlet adds a new disk to the Azure disk repository in the current subscription.
References: http://msdn.microsoft.com/en-us/library/azure/dn495252.aspx
QUESTION 66
Your company network has two physical locations configured in a geo-clustered environment. You create a Blob storage account in Azure that contains all the data
associated with your company.
You need to ensure that the data remains available in the event of a site outage.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Introducing Read-only Access to Geo Redundant Storage (RA-GRS):
RA-GRS allows you to have higher read availability for your storage account by providing "read only" access to the data replicated to the secondary location. Once
you enable this feature, the secondary location may be used to achieve higher availability in the event the data is not available in the primary region. This is an "opt-
https://www.gratisexam.com/
in" feature which requires the storage account be geo-replicated.
References: https://blogs.msdn.microsoft.com/windowsazurestorage/2013/12/11/windows-azure-storage-redundancy-options-and-read-access-geo-redundant-
storage/
QUESTION 67
You administer an Azure Storage account named contosostorage. The account has a blob container to store image files.
You need to ensure that anonymous users can successfully read image files from the container.
https://www.gratisexam.com/
A.
https://www.gratisexam.com/
B.
C.
D.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
https://www.gratisexam.com/
Check for GetBlob and for AnonymousSuccess. Example: Get Blob AnonymousSuccess:
1.0;2011-07-
28T18:52:40.9241789Z;GetBlob;AnonymousSuccess;200;18;10;anonymous;;sally;blob;"htt p://sally.blob.core.windows.net/thumbnails/lake.jpg?timeout=30000";"/
sally/thumbnails/lake.jpg ";a84aa705-8a85-48c5-b064-b43bd22979c3;0;123.100.2.10;2009-09- 19;252;0;265;100;0;;;"0x8CE1B6EA95033D5";Thursday, 28-Jul-11
18:52:40 GMT;;;;"7/28/2011
6:52:40 PM ba98eb12-700b-4d53-9230-33a3330571fc"
Incorrect Answers:
B, not D: Check for GetBlob not GetBlobProperties
C: Check for AnonymousSuccess not Access.
References: http://blogs.msdn.com/b/windowsazurestorage/archive/2011/08/03/windows-azure-storage-logging-using-logs-to-track-storage-requests.aspx
QUESTION 68
You manage a software-as-a-service application named SaasApp1 that provides user management features in a multi-directory environment.
You plan to offer SaasApp1 to other organizations that use Azure Active Directory. You need to ensure that SaasApp1 can access directory objects.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
Explanation:
The Azure Active Directory Graph API provides programmatic access to Azure AD through REST API endpoints. Applications can use the Graph API to perform
create, read, update, and delete (CRUD) operations on directory data and objects. For example, the Graph API supports the following common operations for a
user object:
Create a new user in a directory
Get a user's detailed properties, such as their groups
Update a user's properties, such as their location and phone number, or change their password
Check a user's group membership for role-based access
Disable a user's account or delete it entirely
References: http://msdn.microsoft.com/en-us/library/azure/hh974476.aspx
https://www.gratisexam.com/
QUESTION 69
You connect to an existing service over the network by using HTTP. The service listens on HTTP port 80. You plan to create a test environment for this existing
service by using an Azure virtual machine (VM) that runs Windows Server.
The service must be accessible from the public Internet over HTTP port 8080. You need to configure the test environment.
Which two actions should you take? Each correct answer presents part of the solution.
Correct Answer: AE
Section: [none]
Explanation
Explanation/Reference:
QUESTION 70
Your company network includes two branch offices. Users at the company access internal virtual machines (VMs).
You want to ensure secure communications between the branch offices and the internal VMs and network.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
Correct Answer: CD
Section: [none]
Explanation
https://www.gratisexam.com/
Explanation/Reference:
Explanation:
C (not A): VPN Device IP Address - This is public facing IPv4 address of your on-premises VPN device that you'll use to connect to Azure. The VPN device cannot
be located behind a NAT.
D (Not B): At least one or preferably two publicly visible IP addresses: One of the IP addresses is used on the Windows Server 2012 machine that acts as the VPN
device by using RRAS.
The other optional IP address is to be used as the Default gateway for out- bound traffic from the on-premises network. If the second IP address is not available, it
is possible to configure network address translation (NAT) on the RRAS machine itself, to be discussed in the following sections. It is important to note that the IP
addresses must be public. They cannot be behind NAT and/or a firewall.
QUESTION 71
You administer a DirSync server configured with Azure Active Directory (Azure AD).
You need to provision a user in Azure AD without waiting for the default DirSync synchronization interval.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
Correct Answer: BD
Section: [none]
Explanation
Explanation/Reference:
Explanation:
If you don't want to wait for the recurring synchronizations that occur every three hours, you can force directory synchronization at any time.
D: Azure Active Directory Sync Services (AAD Sync) In September 2014 the Microsoft Azure AD Sync tool was released. This changed how manual sync requests
are issued.
https://www.gratisexam.com/
To perform a manual update, we now use the DirectorySyncClientCmd.exe tool. The Delta and Initial parameters are added to the command to specify the relevant
task.
You can use the directory synchronization Windows PowerShell cmdlet to force synchronization. The cmdlet is installed when you install the Directory Sync tool. On
the computer that is running the Directory Sync tool, start PowerShell, type Import- Module DirSync, and then press ENTER. Type Start-OnlineCoexistenceSync,
and then press ENTER.
References: https://blogs.technet.microsoft.com/rmilne/2014/10/01/how-to-run-manual-dirsync-azure-active-directory-sync-updates/
QUESTION 72
You administer an Azure Active Directory (Azure AD) tenant that has a SharePoint web application named TeamSite1. TeamSite1 accesses your Azure AD tenant
for user information. The application access key for TeamSite1 has been compromised.
You need to ensure that users can continue to use TeamSite1 and that the compromised key does not allow access to the data in your Azure AD tenant.
Which two actions should you perform? Each correct answer presents part of the solution.
A. Remove the compromised key from the application definition for TeamSite1.
B. Delete the application definition for TeamSite1.
C. Generate a new application key for TeamSite1.
D. Generate a new application definition for TeamSite1.
E. Update the existing application key.
Correct Answer: AC
Section: [none]
Explanation
Explanation/Reference:
Explanation:
One of the security aspects of Windows Azure storage is that all access is protected by access keys.
It is possible to change the access keys (e.g. if the keys become compromised), and if changed, we'd need to update the application to have the new key.
QUESTION 73
You manage a cloud service on two instances.
https://www.gratisexam.com/
Service1 has performance issues during heavy traffic periods.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
The Set-AzureRole cmdlet sets the number of instances of a specified role to run in an Azure deployment.
References: https://msdn.microsoft.com/en-us/library/azure/dn495223.aspx
QUESTION 74
Your company has a subscription to Azure.
You deploy a web site named MyApp by using the Shared (Preview) web hosting plan. You need to ensure that clients are able to access the MyApp website by
using https.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
https://www.gratisexam.com/
Explanation:
Enabling HTTPS for a custom domain is only available for the Standard web hosting plan mode of Azure websites.
QUESTION 75
You manage a cloud service that hosts a customer-facing application. The application allows users to upload images and create collages.
The cloud service is running in two medium instances and utilizes Azure Queue storage for image processing.
The sales department plans to send a newsletter to potential clients. As a result, you expect a significant increase in global traffic.
Configure the cloud service to ensure the application is responsive to the traffic increase.
Minimize hosting and administration costs.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
Correct Answer: BE
Section: [none]
Explanation
Explanation/Reference:
Explanation:
An autoscaling solution reduces the amount of manual work involved in dynamically scaling an application. It can do this in two different ways: either preemptively
by setting constraints on the number of role instances based on a timetable, or reactively by adjusting the number of role instances in response to some counter(s)
or measurement(s) that you can collect from your application or from the Azure environment.
QUESTION 76
You manage an application running on Azure Web Sites Standard tier. The application uses a substantial amount of large image files and is used by people around
the world.
Users from Europe report that the load time of the site is slow.
https://www.gratisexam.com/
You need to implement a solution by using Azure services.
Which two actions will achieve the goal? Each correct answer presents a complete solution.
Correct Answer: AD
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Blobs that benefit the most from Azure CDN caching are those that are accessed frequently during their time-to-live (TTL) period. A blob stays in the cache for the
TTL period and then is refreshed by the blob service after that time is elapsed. Then the process repeats.
References:
http://azure.microsoft.com/en-us/documentation/articles/storage-custom-domainname/
http://blog.maartenballiauw.be/post/2013/08/20/Using-the-Windows-Azure-Content-Delivery- Network-CDN.aspx
QUESTION 77
HOTSPOT
You manage a public-facing web application which allows authenticated users to upload and download large files. On the initial public page there is a promotional
video.
You plan to give users access to the site content and promotional video.
In the table below, identify the access method that should be used for the anonymous and authenticated parts of the application. Make only one selection in each
column.
Hot Area:
https://www.gratisexam.com/
Correct Answer:
https://www.gratisexam.com/
Section: [none]
Explanation
Explanation/Reference:
QUESTION 78
You plan to deploy an application as a cloud service.
https://www.gratisexam.com/
The application uses a virtual network to extend your on-premises network into Azure. You need to configure a site-to-site VPN for cross-premises network
connections.
Which two objects should you configure? Each correct answer presents part of the solution.
Correct Answer: BD
Section: [none]
Explanation
Explanation/Reference:
QUESTION 79
You manage a web application published to Azure Cloud Services.
Your service level agreement (SLA) requires that you are notified in the event of poor performance from customer locations in the US, Asia, and Europe.
You need to configure the Azure Management Portal to notify you when the SLA performance targets are not met.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
An alert rule enables you to monitor an available metric within a supported Azure service. When the value of a specified metric violates the threshold assigned
for a rule, the alert rule becomes active and registers an alert. When you create an alert rule, you can select options to send an email notification to the service
administrator and co- administrators, or another administrator, when the rule becomes active, and when an alert condition is resolved.
https://www.gratisexam.com/
You can configure cloud service alert rules on: Web endpoint status metrics
Monitoring metrics from the cloud service host operating system Performance counters collected from the cloud service guest virtual machine
References: http://msdn.microsoft.com/en-us/library/azure/dn306639.aspx
QUESTION 80
Your company has recently signed up for Azure.
You plan to register a Data Protection Manager (DPM) server with the Azure Backup service. You need to recommend a method for registering the DPM server with
the Azure Backup vault.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
Correct Answer: AC
Section: [none]
Explanation
Explanation/Reference:
Explanation:
A: You can create a self-signed certificate using the makecert tool, or use any valid SSL certificate issued by a Certification Authority (CA) trusted by Microsoft,
whose root certificates are distributed via the Microsoft Root Certificate Program.
C: The certificate must have a valid ClientAuthentication EKU.
References: http://technet.microsoft.com/en-us/library/dn296608.aspx
QUESTION 81
Your company plans to migrate from On-Premises Exchange to Exchange Online in Office 365.
You plan to integrate your existing Active Directory Domain Services (AD DS) infrastructure with Azure AD.
You need to ensure that users can log in by using their existing AD DS accounts and passwords. You need to achieve this goal by using minimal additional
systems.
Which two actions should you perform? Each answer presents part of the solution.
https://www.gratisexam.com/
B. Set up a DirSync Server.
C. Set up an Active Directory Federation Services Server.
D. Set up an Active Directory Federation Services Proxy Server.
Correct Answer: BC
Section: [none]
Explanation
Explanation/Reference:
Azure Active Directory (AD) Connect (formerly known as the Directory Synchronization tool, Directory Sync tool, or the DirSync.exe tool) is a server-based
application that you install on a domain-joined server to synchronize your on-premises Windows Server Active Directory users to the Azure Active Directory tenant
of your Office 365 subscription.
QUESTION 82
You develop a set of Power Shell scripts that will run when you deploy new virtual machines (VMs).
You need to ensure that the scripts are executed on new VMs.
You want to achieve this goal by using the least amount of administrative effort.
Correct Answer: E
Section: [none]
Explanation
Explanation/Reference:
Explanation:
After you deploy a Virtual Machine you typically need to make some changes before it's ready to use. This is something you can do manually or you could use
Remote PowerShell to automate the configuration of your VM after deployment for example.
https://www.gratisexam.com/
But now there's a third alternative available allowing you customize your VM: the CustomScript extension.
This CustomScript extension is executed by the VM Agent and it's very straightforward: you specify which files it needs to download from your storage account and
which file it needs to execute. You can even specify arguments that need to be passed to the script. The only requirement is that you execute a .ps1 file.
References: http://fabriccontroller.net/customizing-your-microsoft-azure-virtual-machines-with-the-new-customscript-extension/
QUESTION 83
You administer an Azure Web Site named contosoweb that is used to sell various products. Contosoweb experiences heavy traffic during weekends.
You need to analyze the response time of the product catalog page during peak times, from different locations.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Endpoint monitoring configures web tests from geo-distributed locations that test response time and uptime of web URLs. The test performs an HTTP get operation
on the web URL to determine the response time and uptime from each location. Each configured location runs a test every five minutes. After you configure
endpoint monitoring, you can drill down into the individual endpoints to view details response time and uptime status over the monitoring interval from each of the
test location
References: http://msdn.microsoft.com/en-us/library/dn589789.aspx
QUESTION 84
You manage a cloud service that utilizes an Azure Service Bus queue.
You need to ensure that messages that are never consumed are retained.
A. Check the MOVE TO THE DEAD-LETTER SUBQUEUE option for Expired Messages in the Azure Portal.
https://www.gratisexam.com/
B. From the Azure Management Portal, create a new queue and name it Dead-Letter.
C. Execute the Set-AzureServiceBus PowerShell cmdlet.
D. Execute the New-AzureSchedulerStorageQueueJob PowerShell cmdlet.
Correct Answer: A
Section: [none]
Explanation
Explanation/Reference:
Explanation:
The purpose of the dead-letter queue is to hold messages that cannot be delivered to any receiver, or messages that could not be processed. Messages can then
be removed from the DLQ and inspected. An application might, with help of an operator, correct issues and resubmit the message, log the fact that there was an
error, and take corrective action.
References: https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-dead-letter-queues
QUESTION 85
You manage a cloud service that has a web role named fabWeb.
You create a virtual network named fabVNet that has two subnets defined as Web and Apps. You need to be able to deploy fabWeb into the Web subnet.
Correct Answer: E
Section: [none]
Explanation
Explanation/Reference:
Explanation:
To deploy a cloud service into the Apps subnet in the virtual network, you need to add an element to the cloud service configuration file with settings identifying the
Apps subnet in the virtual network.
When the cloud service with this configuration is deployed, Azure will identify the network configuration and provision the virtual machine instances in the Apps
subnet.
https://www.gratisexam.com/
References: https://outhereinthefield.wordpress.com/2014/05/23/adding-a-windows-azure-cloud-service-to- virtual-network/
QUESTION 86
You administer an Azure Active Directory (Azure AD) tenant where Box is configured for:
Application Access
Password Single Sign-on
An employee moves to an organizational unit that does not require access to Box through the Access Panel.
You need to remove only Box from the list of applications only for this user.
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Note: Use Azure AD to manage user access, provision user accounts, and enable single sign-on with Box. Requires an existing Box subscription.
QUESTION 87
You administer an Azure Storage account named contoso storage. The account has queue containers with logging enabled.
You need to view all log files generated during the month of July 2014.
A. http://contosostorage.queue.core.windows.net/$logs?
restype=container&comp=list&prefix=queue/2014/07
B. http://contosostorage.queue.core.windows.net/$files?
restype=container&comp=list&prefix=queue/2014/07
C. http://contosostorage.blob.core.windows.net/$files?
https://www.gratisexam.com/
restype=container&comp=list&prefix=blob/2014/07
D. http://contosostorage.blob.core.windows.net/$logs?
restype=container&comp=list&prefix=blob/2014/07
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
Explanation:
All logs are stored in block blobs in a container named $logs, which is automatically created when Storage Analytics is enabled for a storage account.
The$logs container is located in the blob namespace of the storage account, for example:
http://<accountname>.blob.core.windows.net/$logs. This container cannot be deleted once Storage Analytics has been enabled, though its contents can be deleted.
References: http://msdn.microsoft.com/library/azure/hh343262.aspx
QUESTION 88
You work for a company named Contoso, Ltd.
The network contains an on premises Active Directory domain that has Active Directory Federation Services (AD FS). Contoso uses an internally developed claims
... App1.
You implement directory synchronization with Azure Active Directory (Azure AD).
You need to recommend which configuration should be performed to ... Single-Sign-On to App1 to ... authenticated by Azure AD.
Correct Answer: BC
Section: [none]
Explanation
https://www.gratisexam.com/
Explanation/Reference:
QUESTION 89
You need to recommend the appropriate strategy for the data mining application.
A. Configure multiple on-premises cluster that runs multiple Azure virtual machines to connect by using an Azure virtual private network (VPN)
B. Configure an on-premises cluster that runs multiple Azure virtual machines that is located in the central office.
C. Configure a cluster of high-performance computing virtual machines (VMs) that use the largest number of cores. Ensure that the VMs are instantiated in
different Azure datacenters that are distributed across the same affinity group.
D. Configure a cluster of high-performance computing virtual machines (VMs) that use the largest number of cores. Ensure that the VMs are instantiated in the
same Azure datacenter.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
References: https://docs.microsoft.com/en-us/sql/analysis-services/data-mining/data-mining-concepts?view=sql-server-2017
QUESTION 90
You need to select the appropriate solution for monitoring the.NET application.
https://www.gratisexam.com/
https://www.gratisexam.com/
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Application Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web
application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users
actually do with your app. It's designed to help you continuously improve performance and usability.
References: https://docs.microsoft.com/en-us/azure/application-insights/app-insights-overview
QUESTION 91
You design an Azure web application. The web application is accessible by default as a standard cloudapp.net URL. You need to recommend DNS resource record
types that allow you to configure access to the web application by using a custom domain name.
A. CNAME
B. A
C. SRV
D. MX
Correct Answer: AB
Section: [none]
Explanation
Explanation/Reference:
QUESTION 92
You need to upload video to the company's Azure environment.
Correct Answer: A
Section: [none]
https://www.gratisexam.com/
Explanation
Explanation/Reference:
You can upload files into a Azure Media Services account using REST.
References: https://docs.microsoft.com/en-us/azure/media-services/previous/media-services-rest-upload-files
QUESTION 93
You need to ensure that the customer-facing website meets the scaling and deployment requirements.
A. Use Traffic Manager with load balancing enabled. Deploy websites in a single region
B. Use Traffic Manager with load balancing enabled. Deploy web apps in multiple regions that are nearest to the website visitor populations.
C. Implement operational procedures to quickly deploy additional local instances of the web apps when you are notified by Traffic Manager.
D. Deploy and maintain multiple web app instances in the largest Azure datacenters in North America, Europe, and Asia.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
QUESTION 94
You have an Azure subscription that contains 10 VMs.
All of the VMs are set to use the Basic VM tier and are located in the West US region. The storage account used for the VMs is set to Locally Redundant replication.
You plan to deploy several web apps in Azure that will retrieve data from the VMs. The web apps will use a new App Service plan.
You need to ensure that the web apps remain available if the hardware in a data center fails. The solution must minimize the Azure costs associated with bandwith
utilization.
A. Set the App Service plan for the web apps to any region other than West US region
B. Create a new storage account that is set to Geo-Redundant replication.
https://www.gratisexam.com/
Move the virtual machines to the new storage account.
Set the App service plan for the web apps to use the default app service.
C. Set the App Service plan for the web apps to use the default app service.
Configure ExpressRoute for the Azure subscription.
D. Create a new storage account that is set to Zone Redundant replication.
Move the virtual machines to the new storage account.
Set the App Service plan for the web apps to use the default app service.
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
Zone-redundant storage (ZRS) replicates your data synchronously across three storage clusters in a single region.
References: https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-zrs
QUESTION 95
You administer a cloud service.
You plan to host two web applications named contosoweb and contosowebsupport.
You need to ensure that you can host both applications and qualify for the Azure Service Level Agreement.
You want to achieve this goal while minimizing costs. How should you host both applications?
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Explanation:
A cloud service must have at least two instances of every role to qualify for the Azure Service Level Agreement, which guarantees external connectivity to your
Internet-facing roles at least 99.95 percent of the time.
https://www.gratisexam.com/
References: http://azure.microsoft.com/en-us/documentation/articles/cloud-services-what-is/
QUESTION 96
You deploy an application as a cloud service in Azure.
A. Service definition
B. Diagnostics configuration
C. Service configuration
D. Network configuration
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
References: https://docs.microsoft.com/en-us/azure/cloud-services/schema-cscfg-networkconfiguration
QUESTION 97
You develop an ASP.NET Web API that is hosted as an Azure Web API.
You observe that the WebJob is not running and processing information as expected.
A. Update the API to self-host by using the Open Web interface for .NET (OWIN).
Migrate the API to Azure Service Fabric.
https://www.gratisexam.com/
B. Enable the Always On configuration setting for the Web App.
C. Include a setting Job JSON file at the root of the WebJob zip file and include a valid CRON expression.
D. Schedule the WebJob by using the Azure Scheduler.
Correct Answer: B
Section: [none]
Explanation
Explanation/Reference:
Web jobs require your web app to have Always on enabled.
References: http://www.samulihaverinen.com/web-development/dotnet/2016/02/24/guide-to-azure-webjobs/
QUESTION 98
Your company has an Azure subscription.
You need to recommend a solution to optimize the compute resources consumed by the Web App. The solution must minimize costs and provide a separation of
resources.
A. Basic
B. Free
C. Premium
D. Shared
E. Standard
Correct Answer: C
Section: [none]
Explanation
Explanation/Reference:
Explanation:
Only the Premium service provides App Service Environments which provide the required isolation (separation of resources).
References:
https://azure.microsoft.com/en-us/pricing/details/app-service/
https://azure.microsoft.com/en-us/blog/introducing-app-service-environment/
https://www.gratisexam.com/
https://docs.microsoft.com/en-us/azure/app-service-web/app-service-app-service-environment- intro
QUESTION 99
You are designing a solution that will host 20 different web applications.
You need to recommend a solution to secure the web applications with a firewall that protects against common web-based attacks including SQL injection, cross-
site scripting attacks, and session hijacks. The solution must minimize costs.
Which three Azure features should you recommend? Each correct answer presents part of the solution.
Explanation/Reference:
Explanation:
AD: The web application firewall (WAF) in Azure Application Gateway helps protect web applications from common web-based attacks like SQL injection, cross-site
scripting attacks, and session hijacks. It comes preconfigured with protection from threats identified by the Open Web Application Security Project (OWASP) as the
top 10 common vulnerabilities.
B: You can use Azure PowerShell to configure URL path-based routing rules when you create an application gateway. You can create backend pools using a virtual
machine scale set. You then create routing rules that make sure web traffic arrives at the appropriate servers in the pools.
Reference:
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-web-application-firewall-overview
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-create-url-route-arm-ps
QUESTION 100
You are designing a web app deployment in Azure.
You need to ensure that inbound requests to the web app are routed based on the endpoint that has the lowest latency.
https://www.gratisexam.com/
What should you use?
Correct Answer: D
Section: [none]
Explanation
Explanation/Reference:
Azure Traffic Manager supports four traffic-routing methods to determine how to route network traffic to the various service endpoints.
Select Performance routing method when you have endpoints in different geographic locations and you want end users to use the "closest" endpoint in terms of the
lowest network latency.
References: https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods
https://www.gratisexam.com/
https://www.gratisexam.com/