Architecting Microsoft Azure Solutions

Topic 1, VanArsdel, Ltd

Overview

VanArsdel, Ltd. builds skyscrapers, subways, and bridges. VanArsdel is a leader in using technology to do construction better.

Overview

VanArsdel employees are able to use their own mobile devices for work activities because the company recognizes that this usage enables employee productivity. Employees also access Software as a Service (SaaS) applications, including DocuSign, Dropbox, and Citrix. The company continues to evaluate and adopt more SaaS applications for its business. VanArsdel uses Azure Active Directory (AD) to authenticate its employees, as well as Multi-Factor Authentication (MFA). Management enjoys the ease with which MFA can be enabled and disabled for employees who use cloud-based services. VanArsdel's on-premises directory contains a single forest.

Helpdesk:

VanArsdel creates a helpdesk group to assist its employees. The company sends email messages to all its employees about the helpdesk group and how to contact it. Configuring employee access for SaaS applications is often a time-consuming task. It is not always obvious to the helpdesk group which users should be given access to which SaaS applications. The helpdesk group must respond to many phone calls and email messages to solve this problem, which takes up valuable time. The helpdesk group is unable to meet the needs of VanArsdel's employees.

However, many employees do not work with the helpdesk group to solve their access problems. Instead, these employees contact their co-workers or managers to find someone who can help them. Also, new employees are not always told to contact the helpdesk group for access problems. Some employees report that they cannot see all the applications in the Access Panel that they have access to. Some employees report that they must re-enter their passwords when they access cloud applications, even though they have already authenticated.

Bring your own device (BYOD):

VanArsdel wants to continue to support users and their mobile and personal devices, but the company is concerned about how to protect corporate assets that are stored on these devices. The company does not have a strategy to ensure that its data is removed from the devices when employees leave the company.

Customer Support

VanArsdel wants a mobile app for customer profile registration and feedback. The company would like to keep track of all its previous, current, and future customers worldwide. A profile system using third-party authentication is required as well as feedback and support sections for the mobile app.

Migration:

VanArsdel plans to migrate several virtual machine (VM) workloads into Azure. They also plan to extend their on-premises Active Directory into Azure for mobile app authentication.

Business Requirements

Hybrid Solution:

  • A single account and credentials for both on-premises and cloud applications

  • Certain applications that are hosted both in Azure and on-site must be accessible to both VanArsdel employees and partners

  • The service level agreement (SLA) for the solution requires an uptime of 99.9%

  • The partners all use Hotmail.com email addresses

Mobile App:

VanArsdel requires a mobile app for project managers on construction job sites. The mobile app has the following requirements:

  • The app must display partner information.

  • The app must alert project managers when changes to the partner information occur.

  • The app must display project information including an image gallery to view pictures of construction projects.

  • Project managers must be able to access the information remotely and securely.

Security:

  • VanArsdel must control access to its resources to ensure sensitive services and information are accessible only by authorized users and/or managed devices.

  • Employees must be able to securely share data, based on corporate policies, with other VanArsdel employees and with partners who are located on construction job sites.

  • VanArsdel management does NOT want to create and manage user accounts for partners.

Technical Requirements

Architecture:

  • VanArsdel requires a non-centralized stateless architecture fonts data and services where application, data, and computing power are at the logical extremes of the network.

  • VanArsdel requires separation of CPU storage and SQL services

Data Storage:

VanArsdel needs a solution to reduce the number of operations on the contractor information table. Currently, data transfer rates are excessive, and queue length for read/write operations affects performance.

  • A mobile service that is used to access contractor information must have automatically scalable, structured storage

  • Images must be stored in an automatically scalable, unstructured form.

Mobile Apps:

  • VanArsdel mobile app must authenticate employees to the company's Active Directory.

  • Event-triggered alerts must be pushed to mobile apps by using a custom Node.js script.

  • The customer support app should use an identity provider that is configured by using the Access Control Service for current profile registration and authentication.

  • The customer support team will adopt future identity providers that are configured through Access Control Service.

Security:

  • Active Directory Federated Server (AD FS) will be used to extend AD into Azure.

  • Helpdesk administrators must have access to only the groups of Azure resources they are responsible for. Azure administration will be performed by a separate group.

  • IT administrative overhead must be minimized.

  • Permissions must be assigned by using Role Based Access Control (RBAC).

  • Line of business applications must be accessed securely.

QUESTION NO: 1

You need to assign permissions for the Virtual Machine workloads that you migrate to Azure.

The solution must use the principal of least privileges.

What should you do?

A. Create all VMs in the cloud service named Groupl and then connect to the Azure subscription. Run the following Windows PowerShell command:

New-AzureRoleAssignment -Mail user1@vanarsdelltd.com -RoleDefinitionName Contributor -ResoureeGroupName group1

B. In the Azure portal, select an individual virtual machine and add an owner.

C. In the Azure portal, assign read permission to the user at the subscription level.

D. Create each VM in a separate cloud service and then connect to the Azure subscription. Run the following Windows PowerShell command:

Get-AzureVM | New-AzureRoleAssignment -Mail userl@vanarsdelltd.com -RoleDefinitionName Contributor

Answer: A

QUESTION NO: 2 DRAG DROP

You need to recommend data storage mechanisms for the solution.

What should you recommend? To answer, drag the appropriate data storage mechanism to the correct information type. Each data storage mechanism may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer: <map><m x1="13" x2="165" y1="29" y2="61" ss="0" a="0" /><m x1="12" x2="165" y1="69" y2="106" ss="0" a="0" /><m x1="13" x2="166" y1="115" y2="147" ss="0" a="0" /><m x1="13" x2="166" y1="159" y2="189" ss="0" a="0" /><m x1="416" x2="660" y1="78" y2="112" ss="1" a="0" /><m x1="418" x2="662" y1="124" y2="160" ss="1" a="0" /><c start="0" stop="0" /><c start="1" stop="1" /></map>

Ref: http://www.thewindowsclub.com/understanding-blobqueuetable-storage-windows-azure

QUESTION NO: 3

You need to design the system that alerts project managers to data changes in the contractor information app.

Which service should you use?

A. Azure Mobile Service

B. Azure Service Bus Message Queueing

C. Azure Queue Messaging

D. Azure Notification Hub

Answer: B

Ref: https://msdn.microsoft.com/en-us/library/azure/hh767287.aspx

QUESTION NO: 4

You need to recommend a solution that allows partners to authenticate.

Which solution should you recommend?

A. Configure the federation provider to trust social identity providers.

B. Configure the federation provider to use the Azure Access Control service.

C. Create a new directory in Azure Active Directory and create a user account for the partner.

D. Create an account on the VanArsdel domain for the partner and send an email message that contains the password to the partner.

Answer: B

Ref: http://azure.microsoft.com/en-gb/documentation/articles/active-directory-dotnet-how-to-use-access-control/

https://msdn.microsoft.com/en-us/library/azure/gg185971.aspx

QUESTION NO: 5 HOTSPOT

You need to design the contractor information app.

What should you recommend? To answer, select the appropriate options in the answer area.

Answer: <map><m x1="463" x2="641" y1="108" y2="133" ss="0" a="0" /><m x1="466" x2="604" y1="194" y2="214" ss="0" a="0" /></map>

Explanation:

/ They also plan to extend their on-premises Active Directory into Azure for mobile app authentication

/ VanArsdel mobile app must authenticate employees to the company's Active Directory.

http://azure.microsoft.com/en-gb/documentation/articles/mobile-services-ios-get-started-offline-data/

QUESTION NO: 6

You are designing a plan to deploy a new application to Azure. The solution must provide a single sign-on experience for users.

You need to recommend an authentication type.

Which authentication type should you recommend?

A. SAML credential tokens

B. Azure managed access keys

C. Windows Authentication

D. MS-CHAP

Answer: A

Ref: https://msdn.microsoft.com/en-us/library/azure/dn641269.aspx?f=255&MSPPError=-2147217396

QUESTION NO: 7

You need to prepare the implementation of data storage for the contractor information app.

What should you?

A. Create a storage account and implement multiple data partitions.

B. Create a Cloud Service and a Mobile Service. Implement Entity Group transactions.

C. Create a Cloud Service and a Deployment group. Implement Entity Group transactions.

D. Create a Deployment group and a Mobile Service. Implement multiple data partitions.

Answer: B

Explanation:

/ VanArsdel needs a solution to reduce the number of operations on the contractor information table. Currently, data transfer rates are excessive, and queue length for read/write operations affects performance.

Ref: https://msdn.microsoft.com/en-us/library/azure/dd894038.aspx

QUESTION NO: 8

You need to ensure that users do not need to re-enter their passwords after they authenticate to cloud applications for the first time.

What should you do?

A. Enable Microsoft Account authentication.

B. Set up a virtual private network (VPN) connection between the VanArsdel premises and Azure datacenter. Set up a Windows Active Directory domain controller in Azure VM. Implement Integrated Windows authentication.

C. Deploy ExpressRoute.

D. Configure Azure Active Directory Sync to use single sign-on (SSO).

Answer: D

Topic 2, Mix Questions

QUESTION NO: 1

You are designing an Azure web application. The solution will be used by multiple customers. Each customer has different business logic and user interface requirements. Not all customers use the same version of the .NET runtime.

You need to recommend a deployment strategy.

What should you recommend?

A. Deploy with multiple web role instances.

B. Deploy each application in a separate tenant.

C. Deploy all applications in one tenant.

D. Deploy with multiple worker role instances.

Answer: B

Ref: http://sanganakauthority.blogspot.in/2011/12/multi-tenancy-and-windows-azure.html

QUESTION NO: 2

You design an Azure application that processes images. The maximum size of an image is 10 MB. The application includes a web role that allows users to upload images and a worker role with multiple instances that processes the images. The web role communicates with the worker role by using an Azure Queue service.

You need to recommend an approach for storing images that minimizes storage transactions.

What should you recommend?

A. Store images in Azure Blob service. Store references to the images in the queue.

B. Store images in the queue.

C. Store images in OneDrive attached to the worker role instances. Store references to the images in the queue.

D. Store images in local storage on the web role instance. Store references to the images in the queue.

Answer: A

Ref: https://msdn.microsoft.com/en-gb/library/ff803365.aspx

https://msdn.microsoft.com/en-us/library/azure/hh767287.aspx

QUESTION NO: 3

You are designing an Azure application. The application includes two web roles and three instances of a worker role. The web roles send requests to the worker role by using one or more Azure Queues.

You need to recommend a queue design for sending requests to the worker role.

What should you recommend?

A. Create a queue for each combination of web roles and worker role instances. Send requests to all worker role instances based on the sending web role.

B. Create a single queue. Send all requests on the single queue.

C. Create a queue for each worker role instance. Send requests on each worker queue by using a round robin rotation.

D. Create a queue for each web role. Send requests on all queues at the same time.

Answer: B

to communicate with the worker role, a web role instance places messages on to a queue. A worker role instance polls the queue for new messages, retrieves them, and processes them. There are a couple of important things to know about the way the queue service works in Azure. First, you reference a queue by name, and multiple role instances can share a single queue . Second, there is no concept of a typed message; you construct a message from either a string or a byte array. An individual message can be no more than 64 kilobytes (KB) in size.

Ref: https://msdn.microsoft.com/en-gb/library/ff803365.aspx

http://azure.microsoft.com/en-gb/documentation/articles/cloud-services-dotnet-multi-tier-app-using-service-bus-queues/

QUESTION NO: 4

You are designing an Azure application that will use a worker role. The worker role will create temporary files.

You need to minimize storage transaction charges.

Where should you create the files?

A. In Azure local storage

B. In Azure Storage page blobs

C. On an Azure Drive

D. In Azure Storage block blobs

Answer: A

Ref: http://blog.codingoutloud.com/2011/06/12/azure-faq-can-i-write-to-the-file-system-on-windows-azure/

http://www.intertech.com/Blog/windows-azure-local-file-storage-how-to-guide-and-warnings/

QUESTION NO: 5

You are designing an Azure web application. The application uses one worker role. It does not use SQL Database. You have the following requirements:

  • Maximize throughput and system resource availability

  • Minimize downtime during scaling

You need to recommend an approach for scaling the application.

Which approach should you recommend?

A. Increase the role instance size.

B. Set up horizontal partitioning.

C. Increase the number of role instances.

D. Set up vertical partitioning.

Answer: C

Ref: http://azure.microsoft.com/en-gb/documentation/articles/cloud-services-how-to-scale/

QUESTION NO: 6

You are evaluating an Azure application. The application includes the following elements:

  • A web role that provides the ASP.NET user interface and business logic

  • A single SQL database that contains all application data

Each webpage must receive data from the business logic layer before returning results to the client. Traffic has increased significantly. The business logic is causing high CPU usage.

You need to recommend an approach for scaling the application.

What should you recommend?

A. Store the business logic results in Azure Table storage.

B. Vertically partition the SQL database.

C. Move the business logic to a worker role.

D. Store the business logic results in Azure local storage.

Answer: C

QUESTION NO: 7

You are planning an upgrade strategy for an existing Azure application. Multiple instances of the application run in Azure. The management team is concerned about application downtime, due to a business service level agreement (SLA).

You are evaluating which change in your environment will require downtime.

You need to identify the changes to the environment that will force downtime.

Which change always requires downtime?

A. Adding an HTTPS endpoint to a web role

B. Upgrading the hosted service by deploying a new package

C. Changing the value of a configuration setting

D. Changing the virtual machine size

Answer: A

Ref: http://blog.toddysm.com/2010/06/re-deploying-your-windows-azure-service-without-incurring-downtime.html

QUESTION NO: 8

You are designing an Azure application that processes graphical image files. The graphical Images are processed in batches by remote applications that run on multiple servers.

You have the following requirements:

  • The application must remain operational during batch-processing operations.

  • Users must be able to roll back each image to a previous version.

You need to ensure that each remote application has exclusive access to an image while the application processes the image. Which type of storage should you use to store the images?

A. Table service

B. Queue service

C. Blob service

D. A single Azure VHD that is attached to the web role

Answer: C

Ref: http://justazure.com/azure-blob-storage-part-8-blob-leases/

http://justazure.com/azure-blob-storage-part-7-snapshots/

QUESTION NO: 9

You are designing an Azure application that stores data.

You have the following requirements:

  • The data storage system must support storing more than 500 GB of data.

  • Data retrieval must be possible from a large number of parallel threads.

  • Threads must not block each other.

You need to recommend an approach for storing data. What should you recommend?

A. Azure Notification Hubs

B. A single SQL database in Azure

C. Azure Queue storage

D. Azure Table storage

Answer: D

Ref: https://msdn.microsoft.com/en-us/library/azure/jj553018.aspx

QUESTION NO: 10 HOTSPOT

You have an Azure website that runs on several instances. You have a WebJob that provides additional functionality to the website.

The WebJob must run on all instances of the website.

You need to ensure that the WebJob runs even when the website is idle for long periods of time.

How should you create and configure the WebJob object? To answer, select the appropriate options in the answer area.

Answer: <map><m x1="286" x2="585" y1="135" y2="154" ss="0" a="0" /><m x1="286" x2="483" y1="220" y2="236" ss="0" a="0" /></map>

Ref: http://azure.microsoft.com/en-us/documentation/articles/web-sites-create-web-jobs/

QUESTION NO: 11

An application currently resides on an on-premises virtual machine that has 2 CPU cores, 4 GB of RAM, 20 GB of hard disk space, and a 10 megabit/second network connection.

You plan to migrate the application to Azure. You have the following requirements:

  • You must not make changes to the application.

  • You must minimize the costs for hosting the application.

You need to recommend the appropriate virtual machine instance type.

Which virtual machine tier should you recommend?

A. Network Optimized (A Series)

B. General Purpose Compute, Basic Tier (A Series)

C. General Purpose Compute, Standard Tier (A Series)

D. Optimized Compute (D Series)

Answer: B

Ref: http://azure.microsoft.com/en-us/pricing/details/virtual-machines/

QUESTION NO: 12

You are designing an Azure web application that includes many static content files.

The application is accessed from locations all over the world by using a custom domain name.

You need to recommend an approach for providing access to the static content with the least amount of latency,

Which two actions should you recommend? Each correct answer presents part of the solution.

A. Place the static content in Azure Table storage.

B. Configure a CNAME DNS record for the Azure Content Delivery Network (CDN) domain.

C. Place the static content in Azure Blob storage.

D. Configure a custom domain name that is an alias for the Azure Storage domain.

Answer: B, C

Ref: https://github.com/Azure/azure-content/blob/master/articles/cdn-map-content-to-custom-domain.md

https://www.simple-talk.com/cloud/development/using-the-windows-azure-content-delivery-network/

QUESTION NO: 13

You are designing an Azure development environment. Team members learn Azure development techniques by training in the development environment.

The development environment must auto scale and load balance additional virtual machine (VM) instances.

You need to recommend the most cost-effective compute-instance size that allows team members to work with Azure in the development environment.

What should you recommend?

A. Azure A1 standard VM Instance

B. Azure A2 basic VM Instance

C. Azure A3 basic VM Instance

D. Azure A9 standard VM Instance

Answer: A

Ref: http://azure.microsoft.com/en-us/pricing/details/virtual-machines/

QUESTION NO: 14

You have business services that run on an on-premises mainframe server.

You must provide an intermediary configuration to support existing business services and Azure. The business services cannot be rewritten. The business services are not exposed externally.

You need to recommend an approach for accessing the business services.

What should you recommend?

A. Connect to the on-premises server by using a custom service in Azure.

B. Expose the business services to the Azure Service Bus by using a custom service that uses relay binding.

C. Expose the business services externally.

D. Move all business service functionality to Azure.

Answer: B

Ref: http://azure.microsoft.com/en-gb/documentation/articles/service-bus-dotnet-how-to-use-relay/

QUESTION NO: 15

You design an Azure web application. The web application is accessible by default as a standard cloudapp.net URL.

You need to recommend a DNS resource record type that will allow you to configure access to the web application by using a custom domain name.

Which DNS record type should you recommend?

A. SRV

B. MX

C. CNAME

D. A

Answer: C

Ref: http://azure.microsoft.com/en-gb/documentation/articles/cloud-services-custom-domain-name/

QUESTION NO: 16

A company hosts a website and exposes web services on the company intranet.

The intranet is secured by using a firewall. Company policies prohibit changes to firewall rules.

Devices outside the firewall must be able to access the web services.

You need to recommend an approach to enable inbound communication.

What should you recommend?

A. The Azure Access Control Service

B. Windows Azure Pack

C. The Azure Service Bus

D. A web service in an Azure role that relays data to the internal web services

Answer: C

Ref: http://azure.microsoft.com/en-gb/documentation/articles/cloud-services-dotnet-hybrid-app-using-service-bus-relay/

https://brosteins.com/2015/02/13/accessing-internal-data-from-mobile-apps/

QUESTION NO: 17 DRAG DROP

You have a website that displays text, pictures, video files, and audio files. The website processes requests from countries and regions all over the world. You plan to migrate the website to the Azure platform.

The website has the following requirements:

  • Encode, store, and stream audio and video at scale.

  • Load-balance communications with the website instance that is closest to the user's location.

  • Deliver content with high-bandwidth and low latency.

You need to recommend the technologies to implement the solution.

Which technologies should you recommend? To answer, drag the appropriate technology to the correct requirement. Each technology may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer: <map><m x1="12" x2="245" y1="29" y2="63" ss="0" a="0" /><m x1="14" x2="246" y1="72" y2="104" ss="0" a="0" /><m x1="15" x2="245" y1="117" y2="149" ss="0" a="0" /><m x1="13" x2="246" y1="159" y2="192" ss="0" a="0" /><m x1="12" x2="245" y1="202" y2="236" ss="0" a="0" /><m x1="14" x2="244" y1="243" y2="274" ss="0" a="0" /><m x1="16" x2="243" y1="288" y2="318" ss="0" a="0" /><m x1="12" x2="245" y1="328" y2="364" ss="0" a="0" /><m x1="497" x2="746" y1="80" y2="113" ss="1" a="0" /><m x1="497" x2="744" y1="123" y2="161" ss="1" a="0" /><m x1="497" x2="745" y1="172" y2="209" ss="1" a="0" /><c start="1" stop="0" /><c start="0" stop="1" /><c start="5" stop="2" /></map>

Ref: http://azure.microsoft.com/en-gb/services/media-services/

http://azure.microsoft.com/en-gb/services/

QUESTION NO: 18

You are designing an Azure application. The application includes services hosted in different geographic locations. The service locations may change.

You must minimize the cost of communication between services.

You need to recommend an approach for data transmission between your application and Azure services. The solution must minimize administrative effort.

What should you recommend?

A. Azure Table storage

B. Service Bus

C. Service Management API

D. Azure Queue storage

Answer: B

Ref: https://msdn.microsoft.com/library/azure/hh767287.aspx

QUESTION NO: 19

You are designing a distributed application for Azure.

The application must securely integrate with on-premises servers.

You need to recommend a method of enabling Internet Protocol security (IPsec)-protected connections between on-premises servers and the distributed application.

What should you recommend?

A. Azure Access Control

B. Azure Content Delivery Network (CDN)

C. Azure Service Bus

D. Azure Site-to-Site VPN

Answer: D

Ref: https://msdn.microsoft.com/en-us/library/azure/dn133798.aspx

http://azure.microsoft.com/en-gb/documentation/articles/virtual-networks-create-site-to-site-cross-premises-connectivity/

QUESTION NO: 20

A company has 10 on-premises SQL databases. The company plans to move the databases to SQL Server 2012 that runs in Azure Infrastructure-as-a-Service (IaaS). After migration, the databases will support a limited number of Azure websites in the same Azure Virtual Network.

You have the following requirements:

  • You must restore copies of existing on-premises SQL databases to the SQL servers that run in Azure IaaS.

  • You must be able to manage the SQL databases remotely.

  • You must not open a direct connection from all of the machines on the on-premises network to Azure.

  • Connections to the databases must originate from only five Windows computers.

You need to configure remote connectivity to the databases. Which technology solution should you implement?

A. Azure Virtual Network site-to-site VPN

B. Azure Virtual Network multi-point VPN

C. Azure Virtual Network point-to-site VPN

D. Azure ExpressRoute

Answer: C

Ref: https://msdn.microsoft.com/library/azure/dn133792.aspx

QUESTION NO: 21

You have several virtual machines (VMs) that run in Azure. You also have a single System Center 2012 R2 Configuration Manager (SCCM) primary site on-premises.

You have the following requirements:

  • All VMs must run on the same virtual network.

  • Network traffic must be minimized between the on-premises datacenter and Azure.

  • The solution minimize complexity.

You need to use SCCM to collect inventory and deploy software to Azure VMs.

What should you do first?

A. Configure client push for the Azure virtual network.

B. Enable and configure Operations Insights in Azure.

C. Install a cloud distribution point on an Azure VM.

D. Install a secondary site underneath the primary site onto an Azure VM.

Answer: C

Ref: http://www.aidanfinn.com/?p=16047

QUESTION NO: 22

You are running a Linux guest in Azure Infrastructure-as-a-Service (IaaS).

You must run a daily maintenance task. The maintenance task requires native BASH commands.

You need to configure Azure Automation to perform this task.

Which three actions should you perform? Each correct answer presents part of the solution.

A. Create an automation account.

B. Create an Orchestrator runbook.

C. Create an asset credential.

D. Run the Invoke-Workflow Azure PowerShell cmdlet.

E. Import the SSH PowerShell Module.

Answer: A, C, E

Ref: http://azure.microsoft.com/en-gb/documentation/articles/automation-create-runbook-from-samples/

http://channel9.msdn.com/Shows/Azure-Friday/Azure-Automation-104-managing-Linux-and-creating-Modules-with-Joe-Levy

http://azure.microsoft.com/blog/2014/07/29/getting-started-with-azure-automation-automation-assets-2/

QUESTION NO: 23

A company has multiple Azure subscriptions. It plans to deploy a large number of virtual machines (VMs) into Azure.

You install the Azure PowerShell module, but you are unable connect to all of the company's Azure subscriptions.

You need to automate the management of the Azure subscriptions.

Which two Azure PowerShell cmdlets should you run?

A. Get-AzurePublishSettingsFile

B. Import-AzurePublishSettingsFile

C. Add-AzureSubscription

D. Import-AzureCertificate

E. Get-AzureCertificate

Answer: A, B

Ref: https://msdn.microsoft.com/en-us/library/dn385850%28v=nav.70%29.aspx

QUESTION NO: 24 DRAG DROP

You need to automate tasks with Azure by using Azure PowerShell workflows.

How should you complete the Azure PowerShell script? To answer, drag the appropriate cmdlet to the correct location. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer: <map><m x1="14" x2="280" y1="32" y2="62" ss="0" a="0" /><m x1="13" x2="278" y1="73" y2="108" ss="0" a="0" /><m x1="13" x2="279" y1="119" y2="150" ss="0" a="0" /><m x1="13" x2="280" y1="161" y2="193" ss="0" a="0" /><m x1="12" x2="279" y1="204" y2="235" ss="0" a="0" /><m x1="311" x2="686" y1="122" y2="154" ss="1" a="0" /><m x1="326" x2="704" y1="212" y2="245" ss="1" a="0" /><m x1="313" x2="689" y1="332" y2="364" ss="1" a="0" /><c start="0" stop="0" /><c start="2" stop="1" /><c start="4" stop="2" /></map>

Ref: https://gallery.technet.microsoft.com/scriptcenter/How-to-use-workflow-cd57324f

QUESTION NO: 25 HOTSPOT

A company uses Azure for several virtual machine (VM) and website workloads. The company plans to assign administrative roles to a specific group of users. You have a resource group named GROUP1 and a virtual machine named VM2.

The users have the following responsibilities:

You need to assign the appropriate level of privileges to each of the administrators by using the principle of least privilege.

What should you do? To answer, select the appropriate target objects and permission levels in the answer area.

Answer: <map><m x1="249" x2="298" y1="104" y2="120" ss="0" a="0" /><m x1="486" x2="531" y1="113" y2="130" ss="0" a="0" /><m x1="481" x2="530" y1="232" y2="247" ss="0" a="0" /><m x1="250" x2="352" y1="263" y2="280" ss="0" a="0" /><m x1="487" x2="563" y1="378" y2="399" ss="0" a="0" /><m x1="247" x2="314" y1="360" y2="382" ss="0" a="0" /></map>

Ref: http://azure.microsoft.com/en-us/documentation/articles/role-based-access-control-configure/

QUESTION NO: 26 HOTSPOT

Resources must authenticate to an identity provider.

You need to configure the Azure Access Control service.

What should you recommend? To answer, select the appropriate responses for each requirement in the answer area.

Answer: <map><m x1="446" x2="699" y1="99" y2="122" ss="0" a="0" /><m x1="442" x2="539" y1="248" y2="262" ss="0" a="0" /></map>

Ref: http://azure.microsoft.com/en-gb/documentation/articles/active-directory-dotnet-how-to-use-access-control/

https://msdn.microsoft.com/en-us/library/azure/gg185948.aspx

QUESTION NO: 27

Contoso, Ltd., uses Azure websites for public-facing customer websites. The company has a mobile app that requires customers sign in by using a Contoso customer account.

Customers must be able to sign on to the websites and mobile app by using a Microsoft, Facebook, or Google account. All transactions must be secured in-transit regardless of device.

You need to configure the websites and mobile app to work with external identity providers.

Which three actions should you perform? Each correct answer presents part of the solution.

A. Request a certificate from a domain registrar for the website URL, and enable TLS/SSL.

B. Configure IPsec for the websites and the mobile app.

C. Configure the KerberosTokenProfile 1.1 protocol.

D. Configure OAuth2 to connect to an external authentication provider.

E. Build an app by using MVC 5 that is hosted in Azure to provide a framework for the underlying authentication.

Answer: A, D, E

Ref: http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on

QUESTION NO: 28

You are designing a solution that will interact with non-Windows applications over unreliable network connections. You have a security token for each non-Windows application.

You need to ensure that non-Windows applications retrieve messages from the solution.

Where should you retrieve messages?

A. An Azure Queue

B. The Azure Service Bus Queue

C. An Azure blob storage container that has a private access policy

D. Azure Table storage

Answer: B

Ref: http://azure.microsoft.com/en-gb/documentation/articles/fundamentals-service-bus-hybrid-solutions/

QUESTION NO: 29

You are the administrator for a company named Contoso, Ltd.

Contoso also has an Azure subscription and uses many on-premises Active Directory products as roles in Windows Server including the following:

  • Active Directory Domain Services (AD DS)

  • Active Directory Certificate Services (AD CS)

  • Active Directory Rights Management Services (AD RMS)

  • Active Directory Lightweight Directory Services (AD LDS)

  • Active Directory Federation Services (AD FS).

Contoso must use the directory management services available in Azure Active Directory.

You need to provide information to Contoso on the similarities and differences between Azure Active Directory and the Windows Server Active Directory family of services.

Which feature does Azure Active Directory and on-premises Active Directory both support?

A. Using the GraphAPI to query the directory

B. Issuing user certificates

C. Supporting single sign-on (SSO)

D. Querying the directory with LDAP

Answer: C

Ref: http://justazure.com/azure-active-directory-part-5-graph-api/

http://windowsitpro.com/azure/azure-active-directory-vs-premises-active-directory

https://technet.microsoft.com/en-gb/windowsserver/dd448613.aspx?f=255&MSPPError=-2147217396

QUESTION NO: 30 DRAG DROP

Contoso, Ltd., uses Azure websites for their company portal sites.

Admin users need enough access to effectively perform site monitoring or management tasks.

You need to grant admin access to a group of 10 users.

How should you configure the connection? To answer, drag the role or object to the correct connection setting. Each item may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer: <map><m x1="10" x2="239" y1="29" y2="59" ss="0" a="0" /><m x1="12" x2="242" y1="72" y2="103" ss="0" a="0" /><m x1="10" x2="241" y1="117" y2="147" ss="0" a="0" /><m x1="11" x2="239" y1="158" y2="188" ss="0" a="0" /><m x1="10" x2="241" y1="202" y2="232" ss="0" a="0" /><m x1="10" x2="241" y1="241" y2="273" ss="0" a="0" /><m x1="429" x2="635" y1="78" y2="110" ss="1" a="0" /><m x1="432" x2="633" y1="123" y2="151" ss="1" a="0" /><m x1="432" x2="636" y1="165" y2="199" ss="1" a="0" /><c start="0" stop="0" /><c start="2" stop="1" /><c start="4" stop="2" /></map>

Ref: http://azure.microsoft.com/blog/2015/01/05/rbac-and-azure-websites-publishing/

QUESTION NO: 31

A company has a very large dataset that includes sensitive information. The dataset is over 30 TB in size.

You have a standard business-class ISP internet connection that is rated at 100 megabits/second.

You have 10 4-TB hard drives that are approved to work with the Azure Import/Export Service.

You need to migrate the dataset to Azure.

The solution must meet the following requirements:

  • The dataset must be transmitted securely to Azure.

  • Network bandwidth must not increase.

  • Hardware costs must be minimized.

What should you do?

A. Prepare the drives with the Azure Import/Export tool and then create the import job. Ship the drives to Microsoft via a supported carrier service.

B. Create an export job and then encrypt the data on the drives by using the Advanced Encryption Standard (AES). Create a destination Blob to store the export data.

C. Create an import job and then encrypt the data on the drives by using the Advanced Encryption Standard (AES). Create a destination Blob to store the import data.

D. Prepare the drives by using Sysprep.exe and then create the import job. Ship the drives to Microsoft via a supported carrier service.

Answer: A

Ref: http://azure.microsoft.com/en-gb/documentation/articles/storage-import-export-service/

QUESTION NO: 32 DRAG DROP

You are migrating Active Directory Domain Services (AD DS) domains to Azure.

You need to recommend the least complex directory synchronization solution.

What should you recommend? To answer, drag the appropriate solution to the correct client requirement. Each solution may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer: <map><m x1="5" x2="341" y1="36" y2="66" ss="0" a="0" /><m x1="3" x2="342" y1="79" y2="107" ss="0" a="0" /><m x1="2" x2="340" y1="121" y2="151" ss="0" a="0" /><m x1="736" x2="1094" y1="83" y2="115" ss="1" a="0" /><m x1="735" x2="1093" y1="161" y2="192" ss="1" a="0" /><m x1="734" x2="1095" y1="241" y2="270" ss="1" a="0" /><m x1="733" x2="1095" y1="317" y2="352" ss="1" a="0" /><c start="2" stop="0" /><c start="0" stop="1" /><c start="1" stop="2" /><c start="0" stop="3" /></map>

Ref: https://msdn.microsoft.com/en-us/library/azure/dn246918.aspx?f=255&MSPPError=-2147217396

http://blogs.office.com/2014/04/15/synchronizing-your-directory-with-office-365-is-easy/

http://blogs.office.com/2014/05/13/choosing-a-sign-in-model-for-office-365/

QUESTION NO: 33 DRAG DROP

You have a web application on Azure.

The web application does not employ Secure Sockets Layer (SSL).

You need to enable SSL for your production deployment web application on Azure.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Answer: <map><m x1="4" x2="349" y1="28" y2="60" ss="0" a="0" /><m x1="4" x2="351" y1="65" y2="116" ss="0" a="0" /><m x1="2" x2="351" y1="122" y2="154" ss="0" a="0" /><m x1="5" x2="350" y1="158" y2="187" ss="0" a="0" /><m x1="4" x2="348" y1="193" y2="225" ss="0" a="0" /><m x1="384" x2="735" y1="23" y2="76" ss="1" a="0" /><m x1="388" x2="735" y1="85" y2="130" ss="1" a="0" /><m x1="387" x2="736" y1="135" y2="180" ss="1" a="0" /><m x1="387" x2="741" y1="189" y2="228" ss="1" a="0" /><c start="1" stop="0" /><c start="3" stop="1" /><c start="4" stop="3" /><c start="2" stop="2" /></map>

Box 1:

Box 2:

Box 3:

Box 4:

Ref: http://azure.microsoft.com/en-gb/documentation/articles/cloud-services-configure-ssl-certificate/

QUESTION NO: 34 HOTSPOT

You use the Windows PowerShell Desired State Configuration (DSC) feature to configure your company's servers. Line numbers are included for reference only.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer: <map><m x1="607" x2="631" y1="63" y2="87" ss="0" a="0" /><m x1="607" x2="632" y1="109" y2="138" ss="0" a="0" /><m x1="560" x2="587" y1="155" y2="184" ss="0" a="0" /></map>

QUESTION NO: 35 HOTSPOT

You have an existing server that runs Windows Server. You plan to create a base image of this server. You will use this base image to prepare several virtual servers for future use. After the base image is prepared, you will capture it by using the Azure management portal.

You must use the System Preparation Tool (Sysprep) to prepare the server so that the base image can be captured.

You need to prepare the server so that the base image can be captured.

What should you do? To answer, configure the appropriate options in the dialog box in the answer area.

Answer: <map><m x1="44" x2="282" y1="181" y2="201" ss="0" a="0" /><m x1="43" x2="68" y1="224" y2="246" ss="0" a="0" /><m x1="45" x2="108" y1="335" y2="357" ss="0" a="0" /></map>

QUESTION NO: 36 HOTSPOT

A company creates an Azure worker role to manage products.

The number of customers who inquire about how many products are in inventory rapidly increases.

You need to ensure that the worker role can scale to accommodate the increased workload.

How should you complete the relevant code? To answer, select the appropriate option or options in the answer area.

Answer: <map><m x1="149" x2="221" y1="61" y2="78" ss="0" a="0" /><m x1="205" x2="255" y1="161" y2="180" ss="0" a="0" /><m x1="499" x2="562" y1="144" y2="159" ss="0" a="0" /></map>

QUESTION NO: 37

You connect to an existing service over the network by using HTTP. The service listens on HTTP port 80. You plan to create a test environment for this existing service by using an Azure virtual machine (VM) that runs Windows Server.

The service must be accessible from the public Internet over HTTP port 8080.

You need to configure the test environment.

Which two actions should you take? Each correct answer presents part of the solution.

A. Configure an endpoint to route traffic from port 8080 to port 80.

B. Configure an endpoint to route traffic from port 80 to port 8080.

C. Ensure that the public IP address is configured as a static IP address.

D. Configure the Windows Server firewall to allow incoming and outgoing traffic on port 8080.

E. Configure the Windows Server firewall to allow incoming and outgoing traffic on port 80.

Answer: A, E

QUESTION NO: 38 HOTSPOT

You are developing a messaging solution for a financial services company named Adatum. The solution must integrate an application named Enrollment and an application named Activation.

The Enrollment application is used to enroll new customers. The Activation application is used to activate accounts for new customers.

You need to ensure that each message that the Enrollment application sends is stored in a queue for ten minutes before the Activation application uses the message.

How should you complete the relevant code? To answer, select the appropriate option or options in the answer area.

Answer: <map><m x1="293" x2="319" y1="74" y2="89" ss="0" a="0" /><m x1="31" x2="272" y1="184" y2="203" ss="0" a="0" /><m x1="99" x2="202" y1="255" y2="272" ss="0" a="0" /><m x1="157" x2="281" y1="377" y2="394" ss="0" a="0" /></map>

QUESTION NO: 39

An application sends Azure push notifications to a client application that runs on Windows Phone, iOS, and Android devices.

Users cannot use the application on some devices. The authentication mechanisms that the application uses are the source of the problem.

You need to monitor the number of notifications that failed because of authentication errors.

Which three metrics should you monitor? Each correct answer presents part of the solution.

A. Microsoft Push Notification Service (MPNS) authentication errors

B. External notification system errors

C. Apple Push Notification Service (APNS) authentication errors

D. Channel errors

E. Windows Push Notification Services (WNS) authentication errors

F. Google Cloud Messaging (GCM) authentication errors

Answer: A, C, F

QUESTION NO: 40

You deploy an application as a cloud service in Azure.

The application consists of five instances of a web role.

You need to move the web role instances to a different subnet.

Which file should you update?

A. Service definition

B. Diagnostics configuration

C. Service configuration

D. Network configuration

Answer: C

Site Search:

Close

Close
Download Free Demo of VCE
Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.


Simply submit your e-mail address below to get started with our interactive software demo of your free trial.


Enter Your Email Address

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.