Full Transcript

QUESTION 1 Topic 1 - Question Set 1 You have two Hyper-V hosts named Host1 and Host2. Host1 has an Azure virtual machine named VM1 that was deployed by using a custom Azure Resource Manager template. You need to move VM1 to Host2. What should you do? A. From the Update management blade, click Enabl...

QUESTION 1 Topic 1 - Question Set 1 You have two Hyper-V hosts named Host1 and Host2. Host1 has an Azure virtual machine named VM1 that was deployed by using a custom Azure Resource Manager template. You need to move VM1 to Host2. What should you do? A. From the Update management blade, click Enable. B. From the Overview blade, move VM1 to a different subscription. C. From the Redeploy blade, click Redeploy. D. From the Profile blade, modify the usage location. Correct Answer: C Explanation/Reference: When you redeploy a VM, it moves the VM to a new node within the Azure infrastructure and then powers it back on, retaining all your configuration options and associated resources. Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node QUESTION 2 DRAG DROP - You have downloaded an Azure Resource Manager template to deploy numerous virtual machines. The template is based on a current virtual machine, but must be adapted to reference an administrative password. You need to make sure that the password is not stored in plain text. You are preparing to create the necessary components to achieve your goal. Which of the following should you create to achieve your goal? Answer by dragging the correct option from the list to the answer area. Select and Place: Correct answer: QUESTION 3 Your company has an Azure Kubernetes Service (AKS) cluster that you manage from an Azure AD-joined device. The cluster is located in a resource group. Developers have created an application named MyApp. MyApp was packaged into a container image. You need to deploy the YAML manifest file for the application. Solution: You install the Azure CLI on the device and run the kubectl apply `"f myapp.yaml command. Does this meet the goal? A. Yes B. No Correct Answer: B Explanation/Reference: Should be: kubectl apply -f myapp.yaml if you use "kubectl apply `"f myapp.yaml" to deploy anything it will fail. https://docs.microsoft.com/en-us/azure/aks/tutorial-kubernetes-deploy-application?tabs=azure-cli#deploy-the- application QUESTION 4 Your company has an Azure Kubernetes Service (AKS) cluster that you manage from an Azure AD-joined device. The cluster is located in a resource group. Developers have created an application named MyApp. MyApp was packaged into a container image. You need to deploy the YAML manifest file for the application. Solution: You install the docker client on the device and run the docker run -it microsoft/azure-cli:0.10.17 command. Does this meet the goal? A. Yes B. No Correct Answer: B Explanation/Reference: docker run -it microsoft/azure-cli:0.10.17 is no k8s command QUESTION 5 Your company has a web app named WebApp1. You use the WebJobs SDK to design a triggered App Service background task that automatically invokes a function in the code every time new data is received in a queue. You are preparing to configure the service processes a queue data item. Which of the following is the service you should use? A. Logic Apps B. WebJobs C. Flow D. Functions Correct Answer: B Explanation/Reference: "You use the WebJobs SDK to design a triggered App Service background task" B - WebJob Usually you'll host the WebJobs SDK in Azure WebJobs, but you can also run your jobs in a Worker Role. The Azure WebJobs feature of Azure Web Apps provides an easy way for you to run programs such as services or background tasks in a Web App... https://github.com/Azure/azure-webjobs-sdk QUESTION 6 Your company has an Azure subscription. You need to deploy a number of Azure virtual machines to the subscription by using Azure Resource Manager (ARM) templates. The virtual machines will be included in a single availability set. You need to ensure that the ARM template allows for as many virtual machines as possible to remain accessible in the event of fabric failure or maintenance. Which of the following is the value that you should configure for the platformFaultDomainCount property? A. 10 B. 30 C. Min Value D. Max Value Correct Answer: D Explanation/Reference: The number of fault domains for managed availability sets varies by region - either two or three per region. Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-manage-fault- domains QUESTION 7 Your company has an Azure subscription. You need to deploy a number of Azure virtual machines to the subscription by using Azure Resource Manager (ARM) templates. The virtual machines will be included in a single availability set. You need to ensure that the ARM template allows for as many virtual machines as possible to remain accessible in the event of fabric failure or maintenance. Which of the following is the value that you should configure for the platformUpdateDomainCount property? A. 10 B. 20 C. 30 D. 40 Correct Answer: B Explanation/Reference: Each availability set can be configured with up to three fault domains and twenty update domains. https://docs.microsoft.com/en-us/azure/virtual-machines/availability-set-overview QUESTION 8 DRAG DROP - You are creating an Azure Cosmos DB account that makes use of the SQL API. Data will be added to the account every day by a web application. You need to ensure that an email notification is sent when information is received from IoT devices, and that compute cost is reduced. You decide to deploy a function app. Which of the following should you configure the function app to use? Answer by dragging the correct options from the list to the answer area. Select and Place: Correct answer: QUESTION 9 This question requires that you evaluate the underlined text to determine if it is correct. You company has an on-premises deployment of MongoDB, and an Azure Cosmos DB account that makes use of the MongoDB API. You need to devise a strategy to migrate MongoDB to the Azure Cosmos DB account. You include the Data Management Gateway tool in your migration strategy. Instructions: Review the underlined text. If it makes the statement correct, select `No change required.` If the statement is incorrect, select the answer choice that makes the statement correct. A. No change required B. mongorestore C. Azure Storage Explorer D. AzCopy Correct Answer: B Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/cosmos-db/mongodb-migrate https://docs.mongodb.com/manual/reference/program/mongorestore/ QUESTION 10 You are developing an e-Commerce Web App. You want to use Azure Key Vault to ensure that sign-ins to the e-Commerce Web App are secured by using Azure App Service authentication and Azure Active Directory (AAD). What should you do on the e-Commerce Web App? A. Run the az keyvault secret command B. Enable Azure AD Connect C. Enable Managed Service Identity (MSI). D. Create an Azure AD service principal. Correct Answer: C Explanation/Reference: A managed identity from Azure Active Directory allows your app to easily access other AAD-protected resources such as Azure Key Vault. Reference: https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity https://docs.microsoft.com/en-us/samples/azure-samples/app-service-msi-keyvault-dotnet/keyvault-msi- appservice-sample/ QUESTION 11 This question requires that you evaluate the underlined text to determine if it is correct. Your Azure Active Directory Azure (Azure AD) tenant has an Azure subscription linked to it. Your developer has created a mobile application that obtains Azure AD access tokens using the OAuth 2 implicit grant type. The mobile application must be registered in Azure AD. You require a redirect URI from the developer for registration purposes. Instructions: Review the underlined text. If it makes the statement correct, select `No change is needed.` If the statement is incorrect, select the answer choice that makes the statement correct. A. No change required B. a secret C. a login hint D. a client ID Correct Answer: A Explanation/Reference: You don't need client id to register an application in Azure AD. You just need redirect URI. Upon registration, the portal will give client id and tenant id. Both of them must be included in the app configuration json file, so given answer is correct as far as app registration is concerned. For Native Applications you need to provide a Redirect URI, which Azure AD will use to return token responses. Reference: https://docs.microsoft.com/en-us/learn/modules/secure-app-with-oidc-and-azure-ad/4-exercise-create-aad- register-app https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code QUESTION 12 You are creating an Azure key vault using PowerShell. Objects deleted from the key vault must be kept for a set period of 90 days. Which two of the following parameters must be used in conjunction to meet the requirement? (Choose two.) A. EnabledForDeployment B. EnablePurgeProtection C. EnabledForTemplateDeployment D. EnableSoftDelete Correct Answer: BD Explanation/Reference: Reference: https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/new-azurermkeyvault https:// docs.microsoft.com/en-us/azure/key-vault/key-vault-ovw-soft-delete QUESTION 13 HOTSPOT - You have an Azure Active Directory (Azure AD) tenant. You want to implement multi-factor authentication by making use of a conditional access policy. The conditional access policy must be applied to all users when they access the Azure portal. Which three settings should you configure? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Correct answer: Explanation/Reference: Box 1: The conditional access policy must be applied or assigned to Users and Groups. Box 2: The conditional access policy must be applied when users access the Azure portal, which is a cloud app. That is: Microsoft Azure Management Box 3: Access control must require multi-factor authentication when granting access. Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-based-mfa QUESTION 14 You manage an Azure SQL database that allows for Azure AD authentication. You need to make sure that database developers can connect to the SQL database via Microsoft SQL Server Management Studio (SSMS). You also need to make sure the developers use their on-premises Active Directory account for authentication. Your strategy should allow for authentication prompts to be kept to a minimum. Which of the following should you implement? A. Azure AD token. B. Azure Multi-Factor authentication C. Active Directory integrated authentication D. OATH software tokens Correct Answer: C Explanation/Reference: Azure AD can be the initial Azure AD managed domain. Azure AD can also be an on-premises Active Directory Domain Services that is federated with the Azure AD. Using an Azure AD identity to connect using SSMS or SSDT The following procedures show you how to connect to a SQL database with an Azure AD identity using SQL Server Management Studio or SQL Server Database Tools. Active Directory integrated authentication Use this method if you are logged in to Windows using your Azure Active Directory credentials from a federated domain. 1. Start Management Studio or Data Tools and in the Connect to Server (or Connect to Database Engine) dialog box, in the Authentication box, select Active Directory - Integrated. No password is needed or can be entered because your existing credentials will be presented for the connection. 2. Select the Options button, and on the Connection Properties page, in the Connect to database box, type the name of the user database you want to connect to. (The AD domain name or tenant ID‫ג‬€ option is only supported for Universal with MFA connection options, otherwise it is greyed out.) QUESTION 15 You are developing an application to transfer data between on-premises file servers and Azure Blob storage. The application stores keys, secrets, and certificates in Azure Key Vault and makes use of the Azure Key Vault APIs. You want to configure the application to allow recovery of an accidental deletion of the key vault or key vault objects for 90 days after deletion. What should you do? A. Run the Add-AzKeyVaultKey cmdlet. B. Run the az keyvault update --enable-soft-delete true --enable-purge-protection true CLI. C. Implement virtual network service endpoints for Azure Key Vault. D. Run the az keyvault update --enable-soft-delete false CLI. Correct Answer: B Explanation/Reference: When soft-delete is enabled, resources marked as deleted resources are retained for a specified period (90 days by default). The service further provides a mechanism for recovering the deleted object, essentially undoing the deletion. Purge protection is an optional Key Vault behavior and is not enabled by default. Purge protection can only be enabled once soft-delete is enabled. When purge protection is on, a vault or an object in the deleted state cannot be purged until the retention period has passed. Soft-deleted vaults and objects can still be recovered, ensuring that the retention policy will be followed. The default retention period is 90 days, but it is possible to set the retention policy interval to a value from 7 to 90 days through the Azure portal. Once the retention policy interval is set and saved it cannot be changed for that vault. Reference: https://docs.microsoft.com/en-us/azure/key-vault/general/overview-soft-delete QUESTION 16 HOTSPOT - You have developed a Web App for your company. The Web App provides services and must run in multiple regions. You want to be notified whenever the Web App uses more than 85 percent of the available CPU cores over a 5 minute period. Your solution must minimize costs. Which command should you use? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Correct answer: Explanation/Reference: Reference: https://docs.microsoft.com/sv-se/cli/azure/monitor/metrics/alert QUESTION 17 Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are configuring a web app that delivers streaming video to users. The application makes use of continuous integration and deployment. You need to ensure that the application is highly available and that the users' streaming experience is constant. You also want to configure the application to store data in a geographic location that is nearest to the user. Solution: You include the use of Azure Redis Cache in your design. Does the solution meet the goal? A. Yes B. No Correct Answer: B Explanation/Reference: Instead, use CDN - https://docs.microsoft.com/en-us/azure/architecture/best-practices/cdn QUESTION 18 Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are configuring a web app that delivers streaming video to users. The application makes use of continuous integration and deployment. You need to ensure that the application is highly available and that the users' streaming experience is constant. You also want to configure the application to store data in a geographic location that is nearest to the user. Solution: You include the use of an Azure Content Delivery Network (CDN) in your design. Does the solution meet the goal? A. Yes B. No Correct Answer: A Explanation/Reference: Reference: https://docs.microsoft.com/en-in/azure/cdn/ QUESTION 19 Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are configuring a web app that delivers streaming video to users. The application makes use of continuous integration and deployment. You need to ensure that the application is highly available and that the users' streaming experience is constant. You also want to configure the application to store data in a geographic location that is nearest to the user. Solution: You include the use of a Storage Area Network (SAN) in your design. Does the solution meet the goal? A. Yes B. No Correct Answer: B Explanation/Reference: Instead you use CDN QUESTION 20 You develop a Web App on a tier D1 app service plan. You notice that page load times increase during periods of peak traffic. You want to implement automatic scaling when CPU load is above 80 percent. Your solution must minimize costs. What should you do first? A. Enable autoscaling on the Web App. B. Switch to the Premium App Service tier plan C. Switch to the Standard App Service tier plan D. Switch to the Azure App Services consumption plan. Correct Answer: C Explanation/Reference: Configure the web app to the Standard App Service Tier. The Standard tier supports auto-scaling, and we should minimize the cost. We can then enable autoscaling on the web app, add a scale rule and add a Scale condition. Reference: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-autoscale-get-started https:// azure.microsoft.com/en-us/pricing/details/app-service/plans/ QUESTION 21 Your company's Azure subscription includes an Azure Log Analytics workspace. Your company has a hundred on-premises servers that run either Windows Server 2012 R2 or Windows Server 2016, and is linked to the Azure Log Analytics workspace. The Azure Log Analytics workspace is set up to gather performance counters associated with security from these linked servers. You must configure alerts based on the information gathered by the Azure Log Analytics workspace. You have to make sure that alert rules allow for dimensions, and that alert creation time should be kept to a minimum. Furthermore, a single alert notification must be created when the alert is created and when the alert is resolved. You need to make use of the necessary signal type when creating the alert rules. Which of the following is the option you should use? A. The Activity log signal type. B. The Application Log signal type. C. The Metric signal type. D. The Audit Log signal type. Correct Answer: C Explanation/Reference: Metric alerts in Azure Monitor provide a way to get notified when one of your metrics cross a threshold. Metric alerts work on a range of multi-dimensional platform metrics, custom metrics, Application Insights standard and custom metrics. Note: Signals are emitted by the target resource and can be of several types. Metric, Activity log, Application Insights, and Log. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-metric QUESTION 22 You are developing a.NET Core MVC application that allows customers to research independent holiday accommodation providers. You want to implement Azure Search to allow the application to search the index by using various criteria to locate documents related to accommodation. You want the application to allow customers to search the index by using regular expressions. What should you do? A. Configure the SearchMode property of the SearchParameters class. B. Configure the QueryType property of the SearchParameters class. C. Configure the Facets property of the SearchParameters class. D. Configure the Filter property of the SearchParameters class. Correct Answer: B Explanation/Reference: The SearchParameters.QueryType Property gets or sets a value that specifies the syntax of the search query. The default is 'simple'. Use 'full' if your query uses the Lucene query syntax. You can write queries against Azure Search based on the rich Lucene Query Parser syntax for specialized query forms: wildcard, fuzzy search, proximity search, regular expressions are a few examples. Reference: https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.search.models.searchparameters https:// docs.microsoft.com/en-us/dotnet/api/microsoft.azure.search.models.searchparameters.querytype QUESTION 23 You are a developer at your company. You need to update the definitions for an existing Logic App. What should you use? A. the Enterprise Integration Pack (EIP) B. the Logic App Code View C. the API Connections D. the Logic Apps Designer Correct Answer: B Explanation/Reference: Edit JSON - Azure portal - 1. Sign in to the Azure portal. 2. From the left menu, choose All services. In the search box, find "logic apps", and then from the results, select your logic app. 3. On your logic app's menu, under Development Tools, select Logic App Code View. 4. The Code View editor opens and shows your logic app definition in JSON format. Reference: https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-enterprise-integration-overview https:// docs.microsoft.com/en-us/azure/logic-apps/logic-apps-author-definitions QUESTION 24 Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are developing a solution for a public facing API. The API back end is hosted in an Azure App Service instance. You have implemented a RESTful service for the API back end. You must configure back-end authentication for the API Management service instance. Solution: You configure Basic gateway credentials for the Azure resource. Does the solution meet the goal? A. Yes B. No Correct Answer: B Explanation/Reference: API Management allows to secure access to the back-end service of an API using client certificates. Reference: https://docs.microsoft.com/en-us/rest/api/apimanagement/apimanagementrest/azure-api-management-rest-api- backend-entity QUESTION 25 Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are developing a solution for a public facing API. The API back end is hosted in an Azure App Service instance. You have implemented a RESTful service for the API back end. You must configure back-end authentication for the API Management service instance. Solution: You configure Client cert gateway credentials for the HTTP(s) endpoint. Does the solution meet the goal? A. Yes B. No Correct Answer: A Explanation/Reference: This is scenario questions. If backend is accepts HTTP(S) Then Basic AUTH or Certificate will work. so Client Certificate + HTTP(s) YES https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates#configure- an-api-to-use-client-certificate-for-gateway-authentication QUESTION 26 Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are developing a solution for a public facing API. The API back end is hosted in an Azure App Service instance. You have implemented a RESTful service for the API back end. You must configure back-end authentication for the API Management service instance. Solution: You configure Basic gateway credentials for the HTTP(s) endpoint. Does the solution meet the goal? A. Yes B. No Correct Answer: A Explanation/Reference: Design Tab->Backend panel->HTTP(s) endpoint->And you have None, Basic and Certificate Use the authentication-basic policy to authenticate with a backend service using Basic authentication. https://docs.microsoft.com/en-us/azure/api-management/api-management-authentication-policies#Basic QUESTION 27 Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are developing a solution for a public facing API. The API back end is hosted in an Azure App Service instance. You have implemented a RESTful service for the API back end. You must configure back-end authentication for the API Management service instance. Solution: You configure Client cert gateway credentials for the Azure resource. Does the solution meet the goal? A. Yes B. No Correct Answer: B Explanation/Reference: This is scenario questions. If backend is accepts HTTP(S) Then Basic AUTH or Certificate will work. so Certificate + Azure Resource NO https://www.youtube.com/watch?v=HQ0U7lwP93o QUESTION 28 You are developing a.NET Core MVC application that allows customers to research independent holiday accommodation providers. You want to implement Azure Search to allow the application to search the index by using various criteria to locate documents related to accommodation venues. You want the application to list holiday accommodation venues that fall within a specific price range and are within a specified distance to an airport. What should you do? A. Configure the SearchMode property of the SearchParameters class. B. Configure the QueryType property of the SearchParameters class. C. Configure the Facets property of the SearchParameters class. D. Configure the Filter property of the SearchParameters class. Correct Answer: D Explanation/Reference: The Filter property gets or sets the OData $filter expression to apply to the search query. Reference: https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.search.models.searchparameters https:// docs.microsoft.com/en-us/dotnet/api/microsoft.azure.search.models.searchparameters.querytype QUESTION 29 You are a developer at your company. You need to edit the workflows for an existing Logic App. What should you use? A. the Enterprise Integration Pack (EIP) B. the Logic App Code View C. the API Connections D. the Logic Apps Designer Correct Answer: B QUESTION 30 DRAG DROP - You are a developer for a company that provides a bookings management service in the tourism industry. You are implementing Azure Search for the tour agencies listed in your company's solution. You create the index in Azure Search. You now need to use the Azure Search.NET SDK to import the relevant data into the Azure Search service. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions from left to right and arrange them in the correct order. Select and Place: Correct answer: Explanation/Reference: 1. The index needs to be populated. To do this, we will need a SearchIndexClient. There are two ways to obtain one: by constructing it, or by calling Indexes.GetClient on the SearchServiceClient. Here we will use the first method. 2. Create the indexBatch with the documents Something like: var hotels = new Hotel[]; { new Hotel() { HotelId = "3", BaseRate = 129.99, Description = "Close to town hall and the river" } }; "¦ var batch = IndexBatch.Upload(hotels); 3. The next step is to populate the newly-created index Example: var batch = IndexBatch.Upload(hotels); try { indexClient.Documents.Index(batch); } Reference: https://docs.microsoft.com/en-us/azure/search/search-howto-dotnet-sdk QUESTION 31 You are developing an application that applies a set of governance policies for internal and external services, as well as for applications. You develop a stateful ASP.NET Core 2.1 web application named PolicyApp and deploy it to an Azure App Service Web App. The PolicyApp reacts to events from Azure Event Grid and performs policy actions based on those events. You have the following requirements: ✑ Authentication events must be used to monitor users when they sign in and sign out. ✑ All authentication events must be processed by PolicyApp. ✑ Sign outs must be processed as fast as possible. What should you do? A. Create a new Azure Event Grid subscription for all authentication events. Use the subscription to process sign-out events. B. Create a separate Azure Event Grid handler for sign-in and sign-out events. C. Create separate Azure Event Grid topics and subscriptions for sign-in and sign-out events. D. Add a subject prefix to sign-out events. Create an Azure Event Grid subscription. Configure the subscription to use the subjectBeginsWith filter. Correct Answer: D Explanation/Reference: "A subscription tells Event Grid which events on a topic you're interested in receving. When creating the subscription, you provide an endpoint for handling the vent. You can filter the events that are sent to the endpoint. You can filter by event type or subject pattern." https://docs.microsoft.com/en-us/azure/event-grid/concepts https://docs.microsoft.com/en-us/azure/event-grid/event-filtering https://docs.microsoft.com/en-us/azure/event-grid/subscription-creation-schema QUESTION 32 HOTSPOT - You are developing a C++ application that compiles to a native application named process.exe. The application accepts images as input and returns images in one of the following image formats: GIF, PNG, or JPEG. You must deploy the application as an Azure Function. You need to configure the function and host json files. How should you complete the json files? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Correct answers: Box 1: "type": "http" Box 2: "customHandler": { "description":{ A custom handler is defined by configuring the host.json file with details on how to run the web server via the customHandler section. The customHandler section points to a target as defined by the defaultExecutablePath. Example: "customHandler": { "description": { "defaultExecutablePath": "handler.exe" Box 3: "enableForwardingHttpRequest": false Incorrect: For HTTP-triggered functions with no additional bindings or outputs, you may want your handler to work directly with the HTTP request and response instead of the custom handler request and response payloads. This behavior can be configured in host.json using the enableForwardingHttpRequest setting. At the root of the app, the host.json file is configured to run handler.exe and enableForwardingHttpRequest is set to true. Reference: https://docs.microsoft.com/en-us/azure/azure-functions/functions-custom-handlers QUESTION 33 Topic 2 - Question Set 2 HOTSPOT - You are implementing a software as a service (SaaS) ASP.NET Core web service that will run as an Azure Web App. The web service will use an on-premises SQL Server database for storage. The web service also includes a WebJob that processes data updates. Four customers will use the web service. ✑ Each instance of the WebJob processes data for a single customer and must run as a singleton instance. ✑ Each deployment must be tested by using deployment slots prior to serving production data. ✑ Azure costs must be minimized. ✑ Azure resources must be located in an isolated network. You need to configure the App Service plan for the Web App. How should you configure the App Service plan? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Correct answer: Explanation/Reference: Number of VM instances: 4 - You are not charged extra for deployment slots. Pricing tier: Isolated - The App Service Environment (ASE) is a powerful feature offering of the Azure App Service that gives network isolation and improved scale capabilities. It is essentially a deployment of the Azure App Service into a subnet of a customer's Azure Virtual Network (VNet). Reference: https://azure.microsoft.com/sv-se/blog/announcing-app-service-isolated-more-power-scale-and-ease-of-use/ QUESTION 34 DRAG DROP - You are a developer for a software as a service (SaaS) company that uses an Azure Function to process orders. The Azure Function currently runs on an Azure Function app that is triggered by an Azure Storage queue. You are preparing to migrate the Azure Function to Kubernetes using Kubernetes-based Event Driven Autoscaling (KEDA). You need to configure Kubernetes Custom Resource Definitions (CRD) for the Azure Function. Which CRDs should you configure? To answer, drag the appropriate CRD types to the correct locations. Each CRD type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place: Correct answer: Explanation/Reference: Box 1: Deployment - To deploy Azure Functions to Kubernetes use the func kubernetes deploy command has several attributes that directly control how our app scales, once it is deployed to Kubernetes. Box 2: ScaledObject - With --polling-interval, we can control the interval used by KEDA to check Azure Service Bus Queue for messages. Example of ScaledObject with polling interval apiVersion: keda.k8s.io/v1alpha1 kind: ScaledObject metadata: name: transformer-fn namespace: tt labels: deploymentName: transformer-fn spec: scaleTargetRef: deploymentName: transformer-fn pollingInterval: 5 minReplicaCount: 0 maxReplicaCount: 100 Box 3: Secret - Store connection strings in Kubernetes Secrets. Example: to create the Secret in our demo Namespace: # create the k8s demo namespace kubectl create namespace tt # grab connection string from Azure Service Bus KEDA_SCALER_CONNECTION_STRING=$(az servicebus queue authorization-rule keys list \ -g $RG_NAME \ --namespace-name $SBN_NAME \ --queue-name inbound \ -n keda-scaler \ --query "primaryConnectionString" \ -o tsv) # create the kubernetes secret kubectl create secret generic tt-keda-auth \ --from-literal KedaScaler=$KEDA_SCALER_CONNECTION_STRING \ --namespace tt Reference: https://www.thinktecture.com/en/kubernetes/serverless-workloads-with-keda/ QUESTION 35 HOTSPOT - You are creating a CLI script that creates an Azure web app and related services in Azure App Service. The web app uses the following variables: You need to automatically deploy code from GitHub to the newly created web app. How should you complete the script? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Correct answer: Explanation/Reference: Box 1: az appservice plan create The azure group creates command successfully returns JSON result. Now we can use resource group to create a azure app service plan Box 2: az webapp create - Create a new web app.. Box 3: --plan $webappname -..with the serviceplan we created in step 1. Box 4: az webapp deployment - Continuous Delivery with GitHub. Example: az webapp deployment source config --name firstsamplewebsite1 --resource-group websites--repo-url $gitrepo --branch master --git-token $token Box 5: --repo-url $gitrepo --branch master --manual-integration Reference: https://medium.com/@satish1v/devops-your-way-to-azure-web-apps-with-azure-cli-206ed4b3e9b1 QUESTION 36 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2. When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute. You need to design the process that starts the photo processing. Solution: Trigger the photo processing from Blob storage events. Does the solution meet the goal? A. Yes B. No Correct Answer: B Explanation/Reference: You need to catch the triggered event, so move the photo processing to an Azure Function triggered from the blob upload. Note: Azure Storage events allow applications to react to events. Common Blob storage event scenarios include image or video processing, search indexing, or any file-oriented workflow. Events are pushed using Azure Event Grid to subscribers such as Azure Functions, Azure Logic Apps, or even to your own http listener. However, the processing must start in less than one minute. Note: Only storage accounts of kind StorageV2 (general purpose v2) and BlobStorage support event integration. Storage (general purpose v1) does not support integration with Event Grid. Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-event-overview QUESTION 37 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop and deploy an Azure App Service API app to a Windows-hosted deployment slot named Development. You create additional deployment slots named Testing and Production. You enable auto swap on the Production deployment slot. You need to ensure that scripts run and resources are available before a swap operation occurs. Solution: Update the web.config file to include the applicationInitialization configuration element. Specify custom initialization actions to run the scripts. Does the solution meet the goal? A. Yes B. No Correct Answer: A Explanation/Reference: https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots#specify-custom-warm-up QUESTION 38 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop and deploy an Azure App Service API app to a Windows-hosted deployment slot named Development. You create additional deployment slots named Testing and Production. You enable auto swap on the Production deployment slot. You need to ensure that scripts run and resources are available before a swap operation occurs. Solution: Enable auto swap for the Testing slot. Deploy the app to the Testing slot. Does the solution meet the goal? A. Yes B. No Correct Answer: B Explanation/Reference: You cannot ensure that scripts run and resources are available before a swap operation occurs by configuring auto swap. The applicationInitialization configuration in the web.config does. https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots#specify-custom-warm-up https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots#Auto-Swap QUESTION 39 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop and deploy an Azure App Service API app to a Windows-hosted deployment slot named Development. You create additional deployment slots named Testing and Production. You enable auto swap on the Production deployment slot. You need to ensure that scripts run and resources are available before a swap operation occurs. Solution: Disable auto swap. Update the app with a method named statuscheck to run the scripts. Re-enable auto swap and deploy the app to the Production slot. Does the solution meet the goal? A. No B. Yes Correct Answer: A Explanation/Reference: Instead, use applicationInitialization web.config file with applicationinitialization is correct answer. So A is the correct answer. QUESTION 40 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2. When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute. You need to design the process that starts the photo processing. Solution: Convert the Azure Storage account to a BlockBlobStorage storage account. Does the solution meet the goal? A. Yes B. No Correct Answer: B Explanation/Reference: Not necessary to convert the account, instead move photo processing to an Azure Function triggered from the blob upload.. Azure Storage events allow applications to react to events. Common Blob storage event scenarios include image or video processing, search indexing, or any file- oriented workflow. Note: Only storage accounts of kind StorageV2 (general purpose v2) and BlobStorage support event integration. Storage (general purpose v1) does not support integration with Event Grid. Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-event-overview QUESTION 41 HOTSPOT - You are developing an Azure Web App. You configure TLS mutual authentication for the web app. You need to validate the client certificate in the web app. To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Correct answer: Explanation/Reference: Accessing the client certificate from App Service. If you are using ASP.NET and configure your app to use client certificate authentication, the certificate will be available through the HttpRequest.ClientCertificate property. For other application stacks, the client cert will be available in your app through a base64 encoded value in the "X-ARR-ClientCert" request header. Your application can create a certificate from this value and then use it for authentication and authorization purposes in your application. Reference: https://docs.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth QUESTION 42 DRAG DROP - You are developing a Docker/Go using Azure App Service Web App for Containers. You plan to run the container in an App Service on Linux. You identify a Docker container image to use. None of your current resource groups reside in a location that supports Linux. You must minimize the number of resource groups required. You need to create the application and perform an initial deployment. Which three Azure CLI commands should you use to develop the solution? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order. Select and Place: Correct answer: Explanation/Reference: You can host native Linux applications in the cloud by using Azure Web Apps. To create a Web App for Containers, you must run Azure CLI commands that create a group, then a service plan, and finally the web app itself. Step 1: az group create - In the Cloud Shell, create a resource group with the az group create command. Step 2: az appservice plan create In the Cloud Shell, create an App Service plan in the resource group with the az appservice plan create command. Step 3: az webapp create - In the Cloud Shell, create a web app in the myAppServicePlan App Service plan with the az webapp create command. Don't forget to replace with a unique app name, and with your Docker ID. Reference: https://docs.microsoft.com/mt-mt/azure/app-service/containers/quickstart-docker-go?view=sql-server-ver15 QUESTION 43 DRAG DROP - Fourth Coffee has an ASP.NET Core web app that runs in Docker. The app is mapped to the www.fourthcoffee.com domain. Fourth Coffee is migrating this application to Azure. You need to provision an App Service Web App to host this docker image and map the custom domain to the App Service web app. A resource group named FourthCoffeePublicWebResourceGroup has been created in the WestUS region that contains an App Service Plan named AppServiceLinuxDockerPlan. Which order should the CLI commands be used to develop the solution? To answer, move all of the Azure CLI commands from the list of commands to the answer area and arrange them in the correct order. Select and Place: Correct answer: Explanation/Reference: Step 1: #bin/bash - The appName is used when the webapp-name is created in step 2. Step 2: az webapp create - Create a web app. In the Cloud Shell, create a web app in the myAppServicePlan App Service plan with the az webapp create command. Step 3: az webapp config container set In Create a web app, you specified an image on Docker Hub in the az webapp create command. This is good enough for a public image. To use a private image, you need to configure your Docker account ID and password in your Azure web app. Step 4: az webapp config hostname add The webapp-name is used when the webapp is created in step 2. In the Cloud Shell, follow the az webapp create command with az webapp config container set. Reference: https://docs.microsoft.com/en-us/azure/app-service/containers/tutorial-custom-docker-image https:// docs.microsoft.com/en-us/azure/app-service/tutorial-custom-container?pivots=container-linux https:// docs.microsoft.com/en-us/azure/app-service/scripts/cli-configure-custom-domain QUESTION 44 DRAG DROP - You are developing a serverless Java application on Azure. You create a new Azure Key Vault to work with secrets from a new Azure Functions application following. The application must meet the requirements: ✑ Reference the Azure Key Vault without requiring any changes to the Java code. ✑ Dynamically add and remove instances of the Azure Functions host based on the number of incoming application events. ✑ Ensure that instances are perpetually warm to avoid any cold starts. ✑ Connect to a VNet. ✑ Authentication to the Azure Key Vault instance must be removed if the Azure Function application is deleted. You need to grant the Azure Functions application access to the Azure Key Vault. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place: Correct answer: Explanation/Reference: Step 1: Create the Azure Functions app with a Consumption plan type. Use the Consumption plan for serverless. Step 2: Create a system-assigned managed identity for the application. Create a system-assigned managed identity for your application. Key Vault references currently only support system-assigned managed identities. User-assigned identities cannot be used. Step 3: Create an access policy in Key Vault for the application identity. Create an access policy in Key Vault for the application identity you created earlier. Enable the "Get" secret permission on this policy. Do not configure the "authorized application" or applicationId settings, as this is not compatible with a managed identity. Reference: https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references QUESTION 45 You develop a website. You plan to host the website in Azure. You expect the website to experience high traffic volumes after it is published. You must ensure that the website remains available and responsive while minimizing cost. You need to deploy the website. What should you do? A. Deploy the website to a virtual machine. Configure the virtual machine to automatically scale when the CPU load is high. B. Deploy the website to an App Service that uses the Shared service tier. Configure the App Service plan to automatically scale when the CPU load is high C. Deploy the website to a virtual machine. Configure a Scale Set to increase the virtual machine instance count when the CPU load is high. D. Deploy the website to an App Service that uses the Standard service tier. Configure the App Service plan to automatically scale when the CPU load is high. Correct Answer: D Explanation/Reference: Windows Azure Web Sites (WAWS) offers 3 modes: Standard, Free, and Shared. Standard mode carries an enterprise-grade SLA (Service Level Agreement) of 99.9% monthly, even for sites with just one instance. Standard mode runs on dedicated instances, making it different from the other ways to buy Windows Azure Web Sites. Incorrect Answers: B: Shared and Free modes do not offer the scaling flexibility of Standard, and they have some important limits. Shared mode, just as the name states, also uses shared Compute resources, and also has a CPU limit. So, while neither Free nor Shared is likely to be the best choice for your production environment due to these limits. QUESTION 46 HOTSPOT - A company is developing a Java web app. The web app code is hosted in a GitHub repository located at https:// github.com/Contoso/webapp. The web app must be evaluated before it is moved to production. You must deploy the initial code release to a deployment slot named staging. You need to create the web app and deploy the code. How should you complete the commands? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Correct answer: Explanation/Reference: Box 1: group - # Create a resource group. az group create --location westeurope --name myResourceGroup Box 2: appservice plan - # Create an App Service plan in STANDARD tier (minimum required by deployment slots). az appservice plan create --name $webappname --resource-group myResourceGroup --sku S1 Box 3: webapp - # Create a web app. az webapp create --name $webappname --resource-group myResourceGroup \ --plan $webappname Box 4: webapp deployment slot - #Create a deployment slot with the name "staging". az webapp deployment slot create --name $webappname --resource-group myResourceGroup \ --slot staging Box 5: webapp deployment source - # Deploy sample code to "staging" slot from GitHub. az webapp deployment source config --name $webappname --resource-group myResourceGroup \ --slot staging --repo-url $gitrepo --branch master --manual-integration Reference: https://docs.microsoft.com/en-us/azure/app-service/scripts/cli-deploy-staging-environment QUESTION 47 HOTSPOT - You have a web service that is used to pay for food deliveries. The web service uses Azure Cosmos DB as the data store. You plan to add a new feature that allows users to set a tip amount. The new feature requires that a property named tip on the document in Cosmos DB must be present and contain a numeric value. There are many existing websites and mobile apps that use the web service that will not be updated to set the tip property for some time. How should you complete the trigger? NOTE: Each correct selection is worth one point. Hot Area: Correct answer: QUESTION 48 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop an HTTP triggered Azure Function app to process Azure Storage blob data. The app is triggered using an output binding on the blob. The app continues to time out after four minutes. The app must process the blob data. You need to ensure the app does not time out and processes the blob data. Solution: Use the Durable Function async pattern to process the blob data. Does the solution meet the goal? A. Yes B. No Correct Answer: A Explanation/Reference: "230 seconds is the maximum amount of time[...] For longer processing times, consider using the DURABLE FUNCTIONS ASYNC PATTERN[...]" https://docs.microsoft.com/en-us/azure/azure-functions/functions-scale#timeout QUESTION 49 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop an HTTP triggered Azure Function app to process Azure Storage blob data. The app is triggered using an output binding on the blob. The app continues to time out after four minutes. The app must process the blob data. You need to ensure the app does not time out and processes the blob data. Solution: Pass the HTTP trigger payload into an Azure Service Bus queue to be processed by a queue trigger function and return an immediate HTTP success response. Does the solution meet the goal? A. Yes B. No Correct Answer: A Explanation/Reference: Large, long-running functions can cause unexpected timeout issues. General best practices include: Whenever possible, refactor large functions into smaller function sets that work together and return responses fast. For example, a webhook or HTTP trigger function might require an acknowledgment response within a certain time limit; it's common for webhooks to require an immediate response. You can pass the HTTP trigger payload into a queue to be processed by a queue trigger function. This approach lets you defer the actual work and return an immediate response. Reference: https://docs.microsoft.com/en-us/azure/azure-functions/functions-best-practices Regardless of the function app timeout setting, 230 seconds is the maximum amount of time that an HTTP triggered function can take to respond to a request. This is because of the default idle timeout of Azure Load Balancer. For longer processing times, consider using the Durable Functions async pattern or defer the actual work and return an immediate response. So, pass the HTTP trigger payload into an Azure Service Bus queue to be processed by a queue trigger function and return an immediate HTTP success response. Reference: https://docs.microsoft.com/en-us/azure/azure-functions/functions-best-practices https://docs.microsoft.com/en-us/azure/azure-functions/functions-scale#timeout https://docs.microsoft.com/en-us/azure/azure-functions/functions-best-practices#avoid-long-running-functions QUESTION 50 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop an HTTP triggered Azure Function app to process Azure Storage blob data. The app is triggered using an output binding on the blob. The app continues to time out after four minutes. The app must process the blob data. You need to ensure the app does not time out and processes the blob data. Solution: Configure the app to use an App Service hosting plan and enable the Always On setting. Does the solution meet the goal? A. Yes B. No Correct Answer: B Explanation/Reference: Instead pass the HTTP trigger payload into an Azure Service Bus queue to be processed by a queue trigger function and return an immediate HTTP success response. Note: Large, long-running functions can cause unexpected timeout issues. General best practices include: Whenever possible, refactor large functions into smaller function sets that work together and return responses fast. For example, a webhook or HTTP trigger function might require an acknowledgment response within a certain time limit; it's common for webhooks to require an immediate response. You can pass the HTTP trigger payload into a queue to be processed by a queue trigger function. This approach lets you defer the actual work and return an immediate response. Reference: https://docs.microsoft.com/en-us/azure/azure-functions/functions-best-practices QUESTION 51 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2. When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute. You need to design the process that starts the photo processing. Solution: Move photo processing to an Azure Function triggered from the blob upload. Does the solution meet the goal? A. Yes B. No Correct Answer: A Explanation/Reference: Azure Storage events allow applications to react to events. Common Blob storage event scenarios include image or video processing, search indexing, or any file- oriented workflow. Events are pushed using Azure Event Grid to subscribers such as Azure Functions, Azure Logic Apps, or even to your own http listener. Note: Only storage accounts of kind StorageV2 (general purpose v2) and BlobStorage support event integration. Storage (general purpose v1) does not support integration with Event Grid. Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-event-overview QUESTION 52 You are developing an application that uses Azure Blob storage. The application must read the transaction logs of all the changes that occur to the blobs and the blob metadata in the storage account for auditing purposes. The changes must be in the order in which they occurred, include only create, update, delete, and copy operations and be retained for compliance reasons. You need to process the transaction logs asynchronously. What should you do? A. Process all Azure Blob storage events by using Azure Event Grid with a subscriber Azure Function app. B. Enable the change feed on the storage account and process all changes for available events. C. Process all Azure Storage Analytics logs for successful blob events. D. Use the Azure Monitor HTTP Data Collector API and scan the request body for successful blob events. Correct Answer: B Explanation/Reference: Change feed support in Azure Blob Storage The purpose of the change feed is to provide transaction logs of all the changes that occur to the blobs and the blob metadata in your storage account. The change feed provides ordered, guaranteed, durable, immutable, read-only log of these changes. Client applications can read these logs at any time, either in streaming or in batch mode. The change feed enables you to build efficient and scalable solutions that process change events that occur in your Blob Storage account at a low cost. Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-change-feed QUESTION 53 DRAG DROP - You plan to create a Docker image that runs an ASP.NET Core application named ContosoApp. You have a setup script named setupScript.ps1 and a series of application files including ContosoApp.dll. You need to create a Dockerfile document that meets the following requirements: ✑ Call setupScripts.ps1 when the container is built. ✑ Run ContosoApp.dll when the container starts. The Dockerfile document must be created in the same folder where ContosoApp.dll and setupScript.ps1 are stored. Which five commands should you use to develop the solution? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order. Select and Place: Correct answer: Explanation/Reference: Box 1: CMD [..] Cmd starts a new instance of the command interpreter, Cmd.exe. Syntax: CMD Specifies the command you want to carry out. Box 2: FROM microsoft/aspnetcore-build:latest Box 3: WORKDIR /apps/ContosoApp - Bxo 4: COPY./. Box 5: RUN powershell./setupScript.ps1 QUESTION 54 You are developing an Azure Function App that processes images that are uploaded to an Azure Blob container. Images must be processed as quickly as possible after they are uploaded, and the solution must minimize latency. You create code to process images when the Function App is triggered. You need to configure the Function App. What should you do? A. Use an App Service plan. Configure the Function App to use an Azure Blob Storage input trigger. B. Use a Consumption plan. Configure the Function App to use an Azure Blob Storage trigger. C. Use a Consumption plan. Configure the Function App to use a Timer trigger. D. Use an App Service plan. Configure the Function App to use an Azure Blob Storage trigger. E. Use a Consumption plan. Configure the Function App to use an Azure Blob Storage input trigger. Correct Answer: Explanation/Reference: The answer is D. Use an App Service plan. Configure the Function App to use an Azure Blob Storage trigger. Consumption plan can cause a 10-min delay in processing new blobs if a function app has gone idle. To avoid this latency, you can switch to an App Service plan with Always On enabled. https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-storage-blob-trigger?tabs=csharp QUESTION 55 HOTSPOT - You are configuring a new development environment for a Java application. The environment requires a Virtual Machine Scale Set (VMSS), several storage accounts, and networking components. The VMSS must not be created until the storage accounts have been successfully created and an associated load balancer and virtual network is configured. How should you complete the Azure Resource Manager template? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Correct answers: Explanation/Reference: Box 1: copyIndex - Notice that the name of each resource includes the copyIndex() function, which returns the current iteration in the loop. copyIndex() is zero-based. Box 2: copy - By adding the copy element to the resources section of your template, you can dynamically set the number of resources to deploy. Box 3: dependsOn - Example: "type": "Microsoft.Compute/virtualMachineScaleSets", "apiVersion": "2020-06-01", "name": "[variables('namingInfix')]", "location": "[parameters('location')]", "sku": { "name": "[parameters('vmSku')]", "tier": "Standard", "capacity": "[parameters('instanceCount')]" }, "dependsOn": [ "[resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName'))]", "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]" ], Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/copy-resources https:// docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/quick-create-template-windows QUESTION 56 HOTSPOT - You are developing an Azure Function App by using Visual Studio. The app will process orders input by an Azure Web App. The web app places the order information into Azure Queue Storage. You need to review the Azure Function App code shown below. NOTE: Each correct selection is worth one point. Hot Area: Correct answer: Explanation/Reference: Box 1: No - ExpirationTime - The time that the message expires. InsertionTime - The time that the message was added to the queue. Box 2: Yes - maxDequeueCount - The number of times to try processing a message before moving it to the poison queue. Default value is 5. Box 3: Yes - When there are multiple queue messages waiting, the queue trigger retrieves a batch of messages and invokes function instances concurrently to process them. By default, the batch size is 16. When the number being processed gets down to 8, the runtime gets another batch and starts processing those messages. So the maximum number of concurrent messages being processed per function on one virtual machine (VM) is 24. Box 4: Yes - Reference: https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-storage-queue QUESTION 57 DRAG DROP - You are developing a solution for a hospital to support the following use cases: ✑ The most recent patient status details must be retrieved even if multiple users in different locations have updated the patient record. ✑ Patient health monitoring data retrieved must be the current version or the prior version. ✑ After a patient is discharged and all charges have been assessed, the patient billing record contains the final charges. You provision a Cosmos DB NoSQL database and set the default consistency level for the database account to Strong. You set the value for Indexing Mode to Consistent. You need to minimize latency and any impact to the availability of the solution. You must override the default consistency level at the query level to meet the required consistency guarantees for the scenarios. Which consistency levels should you implement? To answer, drag the appropriate consistency levels to the correct requirements. Each consistency level may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place: Correct Answer: Explanation/Reference: Box 1: Strong - Strong: Strong consistency offers a linearizability guarantee. The reads are guaranteed to return the most recent committed version of an item. A client never sees an uncommitted or partial write. Users are always guaranteed to read the latest committed write. Box 2: Bounded staleness - Bounded staleness: The reads are guaranteed to honor the consistent-prefix guarantee. The reads might lag behind writes by at most "K" versions (that is "updates") of an item or by "t" time interval. When you choose bounded staleness, the "staleness" can be configured in two ways: The number of versions (K) of the item The time interval (t) by which the reads might lag behind the writes Box 3: Eventual - Eventual: There's no ordering guarantee for reads. In the absence of any further writes, the replicas eventually converge. Incorrect Answers: Consistent prefix: Updates that are returned contain some prefix of all the updates, with no gaps. Consistent prefix guarantees that reads never see out-of-order writes. Reference: https://docs.microsoft.com/en-us/azure/cosmos-db/consistency-levels QUESTION 58 HOTSPOT - You are configuring a development environment for your team. You deploy the latest Visual Studio image from the Azure Marketplace to your Azure subscription. The development environment requires several software development kits (SDKs) and third-party components to support application development across the organization. You install and customize the deployed virtual machine (VM) for your development team. The customized VM must be saved to allow provisioning of a new team member development environment. You need to save the customized VM for future provisioning. Which tools or services should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Correct answer: Explanation/Reference: Box 1: Azure Powershell - Creating an image directly from the VM ensures that the image includes all of the disks associated with the VM, including the OS disk and any data disks. Before you begin, make sure that you have the latest version of the Azure PowerShell module. You use Sysprep to generalize the virtual machine, then use Azure PowerShell to create the image. Box 2: Azure Blob Storage - You can store images in Azure Blob Storage. Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/capture-image-resource#create-an-image-of- a-vm-using-powershell QUESTION 59 You are preparing to deploy a website to an Azure Web App from a GitHub repository. The website includes static content generated by a script. You plan to use the Azure Web App continuous deployment feature. You need to run the static generation script before the website starts serving traffic. What are two possible ways to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Add the path to the static content generation tool to WEBSITE_RUN_FROM_PACKAGE setting in the host.json file. B. Add a PreBuild target in the websites csproj project file that runs the static content generation script. C. Create a file named run.cmd in the folder /run that calls a script which generates the static content and deploys the website. D. Create a file named.deployment in the root of the repository that calls a script which generates the static content and deploys the website. Correct Answer: BD Explanation/Reference: D: To customize your deployment, include a.deployment file in the repository root. You just need to add a file to the root of your repository with the name.deployment and the content: [config] command = YOUR COMMAND TO RUN FOR DEPLOYMENT this command can be just running a script (batch file) that has all that is required for your deployment, like copying files from the repository to the web root directory for example. Reference: https://github.com/projectkudu/kudu/wiki/Custom-Deployment-Script https://docs.microsoft.com/bs-latn-ba/ azure/azure-functions/run-functions-from-deployment-package - run.cmd is used only to start a project as a dll file https://www.sohaibtariq.com/console-webjob/%C3% ACndex/ - WEBSITE_RUN_FROM_PACKAGE doesn't consent the execution of any script. You can only run your web project from a package (.zip file tipically) https://docs.microsoft.com/bs-latn-ba/azure/azure-functions/run-functions-from-deployment-package https://github.com/Azure/app-service-announcements/issues/84 - Instead in.csproj file PreBuild Event Target you can specify any command to execute before the compilation and the application execution. https://docs.microsoft.com/en-us/visualstudio/msbuild/msbuild-targets?view=vs-2019 https://stackoverflow.com/questions/44818730/is-there-a-net-core-cli-pre-before-build-task https://stackoverflow.com/questions/28916414/visual-studio-add-pre-build-event-that-always-runs-c-project https://docs.microsoft.com/en-us/azure/app-service/deploy-best-practices#net QUESTION 60 DRAG DROP - You are developing an application to use Azure Blob storage. You have configured Azure Blob storage to include change feeds. A copy of your storage account must be created in another region. Data must be copied from the current storage account to the new storage account directly between the storage servers. You need to create a copy of the storage account in another region and copy the data. In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order. Select and Place: Correct Answer: Explanation/Reference: To move a storage account, create a copy of your storage account in another region. Then, move your data to that account by using AzCopy, or another tool of your choice. The steps are: ✑ Export a template. ✑ Modify the template by adding the target region and storage account name. ✑ Deploy the template to create the new storage account. ✑ Configure the new storage account. ✑ Move data to the new storage account. ✑ Delete the resources in the source region. Note: You must enable the change feed on your storage account to begin capturing and recording changes. You can enable and disable changes by using Azure Resource Manager templates on Portal or Powershell. Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-account-move https://docs.microsoft.com/en- us/azure/storage/blobs/storage-blob-change-feed QUESTION 61 DRAG DROP - You are preparing to deploy an Azure virtual machine (VM)-based application. The VMs that run the application have the following requirements: ✑ When a VM is provisioned the firewall must be automatically configured before it can access Azure resources. ✑ Supporting services must be installed by using an Azure PowerShell script that is stored in Azure Storage. You need to ensure that the requirements are met. Which features should you use? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place: Correct Answer: Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/automation/automation-hybrid-runbook-worker https:// docs.microsoft.com/en-us/azure/virtual-machines/windows/run-command QUESTION 62 HOTSPOT - A company is developing a Node.js web app. The web app code is hosted in a GitHub repository located at https://github.com/TailSpinToys/webapp. The web app must be reviewed before it is moved to production. You must deploy the initial code release to a deployment slot named review. You need to create the web app and deploy the code. How should you complete the commands? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: Explanation/Reference: Box 1: New-AzResourceGroup - The New-AzResourceGroup cmdlet creates an Azure resource group. Box 2: New-AzAppServicePlan - The New-AzAppServicePlan cmdlet creates an Azure App Service plan in a given location Box 3: New-AzWebApp - The New-AzWebApp cmdlet creates an Azure Web App in a given a resource group Box 4: New-AzWebAppSlot - The New-AzWebAppSlot cmdlet creates an Azure Web App slot. Reference: https://docs.microsoft.com/en-us/powershell/module/az.resources/new-azresourcegroup?view=azps-2.3.2 https://docs.microsoft.com/en-us/powershell/module/az.websites/new-azappserviceplan?view=azps-2.3.2 https://docs.microsoft.com/en-us/powershell/module/az.websites/new-azwebapp?view=azps-2.3.2 https:// docs.microsoft.com/en-us/powershell/module/az.websites/new-azwebappslot?view=azps-2.3.2 QUESTION 63 HOTSPOT - You are developing an application that needs access to an Azure virtual machine (VM). The access lifecycle for the application must be associated with the VM service instance. You need to enable managed identity for the VM. How should you complete the PowerShell segment? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: Explanation/Reference: Box 1: -IdentityType - Enable system-assigned managed identity on an existing Azure VM: To enable a system-assigned managed identity, use the -IdentityType switch on the Update-AzVM cmdlet (see below). Box 2: $SystemAssigned - $vm = Get-AzVM -ResourceGroupName myResourceGroup -Name myVM Update-AzVM -ResourceGroupName myResourceGroup -VM $vm -IdentityType SystemAssigned Reference: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure- powershell-windows-vm QUESTION 64 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2. When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute. You need to design the process that starts the photo processing. Solution: Create an Azure Function app that uses the Consumption hosting model and that is triggered from the blob upload. Does the solution meet the goal? A. Yes B. No Correct Answer: B Explanation/Reference: Consumption plan can take up to several minutes to trigger the function. See note from https:// docs.microsoft.com/en-us/azure/azure-functions/functions-create-storage-blob-triggered-function. "When your function app runs in the default Consumption plan, there may be a delay of up to several minutes between the blob being added or updated and the function being triggered. If you need low latency in your blob triggered functions, consider running your function app in an App Service plan." QUESTION 65 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop and deploy an Azure App Service API app to a Windows-hosted deployment slot named Development. You create additional deployment slots named Testing and Production. You enable auto swap on the Production deployment slot. You need to ensure that scripts run and resources are available before a swap operation occurs. Solution: Update the app with a method named statuscheck to run the scripts. Update the app settings for the app. Set the WEBSITE_SWAP_WARMUP_PING_PATH and WEBSITE_SWAP_WARMUP_PING_STATUSES with a path to the new method and appropriate response codes. Does the solution meet the goal? A. Yes B. No Correct Answer: A Explanation/Reference: https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots You can also customize the warm-up behavior with one or both of the following app settings: WEBSITE_SWAP_WARMUP_PING_PATH: The path to ping to warm up your site. Add this app setting by specifying a custom path that begins with a slash as the value. An example is /statuscheck. The default value is /. WEBSITE_SWAP_WARMUP_PING_STATUSES: Valid HTTP response codes for the warm-up operation. Add this app setting with a comma-separated list of HTTP codes. An example is 200,202. If the returned status code isn't in the list, the warmup and swap operations are stopped. By default, all response codes are valid. WEBSITE_WARMUP_PATH: A relative path on the site that should be pinged whenever the site restarts (not only during slot swaps). Example values include /statuscheck or the root path, /. QUESTION 66 HOTSPOT - You create the following PowerShell script: For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: Explanation/Reference: Box 1: No - The AzScheduledQueryRuleSource is Heartbeat, not CPU. Box 2: Yes - The AzScheduledQueryRuleSource is Heartbeat! Note: New-AzScheduledQueryRuleTriggerCondition creates an object of type Trigger Condition. This object is to be passed to the command that creates Alerting Action object. Box 3: No - The schedule is 60 minutes, not two hours. -FrequencyInMinutes: The alert frequency. -TimeWindowInMinutes: The alert time window The New-AzAscheduledQueryRuleSchedule command creates an object of type Schedule. This object is to be passed to the command that creates Log Alert Rule. Reference: https://docs.microsoft.com/en-us/powershell/module/az.monitor/new-azscheduledqueryrule https:// docs.microsoft.com/en-us/powershell/module/az.monitor/new-azscheduledqueryruletriggercondition QUESTION 67 DRAG DROP - You are developing an Azure Function app. The app must meet the following requirements: ✑ Enable developers to write the functions by using the Rust language. ✑ Declaratively connect to an Azure Blob Storage account. You need to implement the app. Which Azure Function app features should you use? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place: Correct Answer: Explanation/Reference: Box 1: Custom handler - Custom handlers can be used to create functions in any language or runtime by running an HTTP server process, for example Go or Rust. Box 2: Trigger - Functions are invoked by a trigger and can have exactly one. In addition to invoking the function, certain triggers also serve as bindings. You may also define multiple bindings in addition to the trigger. Bindings provide a declarative way to connect data to your code. Reference: https://docs.microsoft.com/en-us/azure/azure-functions/create-first-function-vs-code-other https:// docs.microsoft.com/en-us/dotnet/architecture/serverless/azure-functions QUESTION 68 HOTSPOT - You are developing an ASP.NET Core web application. You plan to deploy the application to Azure Web App for Containers. The application needs to store runtime diagnostic data that must be persisted across application restarts. You have the following code: You need to configure the application settings so that diagnostic data is stored as required. How should you configure the web app's settings? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: Explanation/Reference: Box 1: If WEBSITES_ENABLE_APP_SERVICE_STORAGE If WEBSITES_ENABLE_APP_SERVICE_STORAGE setting is unspecified or set to true, the /home/ directory will be shared across scale instances, and files written will persist across restarts Box 2: /home - Reference: https://docs.microsoft.com/en-us/azure/app-service/containers/app-service-linux-faq QUESTION 69 You are developing a web app that is protected by Azure Web Application Firewall (WAF). All traffic to the web app is routed through an Azure Application Gateway instance that is used by multiple web apps. The web app address is contoso.azurewebsites.net. All traffic must be secured with SSL. The Azure Application Gateway instance is used by multiple web apps. You need to configure the Azure Application Gateway for the web app. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. In the Azure Application Gateway's HTTP setting, enable the Use for App service setting. B. Convert the web app to run in an Azure App service environment (ASE). C. Add an authentication certificate for contoso.azurewebsites.net to the Azure Application Gateway. D. In the Azure Application Gateway's HTTP setting, set the value of the Override backend path option to contoso22.azurewebsites.net. Correct Answer: AD Explanation/Reference: D: The ability to specify a host override is defined in the HTTP settings and can be applied to any back-end pool during rule creation. The ability to derive the host name from the IP or FQDN of the back-end pool members. HTTP settings also provide an option to dynamically pick the host name from a back-end pool member's FQDN if configured with the option to derive host name from an individual back-end pool member. A (not C): SSL termination and end to end SSL with multi-tenant services. In case of end to end SSL, trusted Azure services such as Azure App service web apps do not require whitelisting the backends in the application gateway. Therefore, there is no need to add any authentication certificates. Reference: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-web-app-overview QUESTION 70 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2. When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute. You need to design the process that starts the photo processing. Solution: Use the Azure Blob Storage change feed to trigger photo processing. Does the solution meet the goal? A. Yes B. No Correct Answer: B Explanation/Reference: The change feed is a log of changes that are organized into hourly segments but appended to and updated every few minutes. These segments are created only when there are blob change events that occur in that hour. Instead catch the triggered event, so move the photo processing to an Azure Function triggered from the blob upload. Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-change-feed https://docs.microsoft.com/en- us/azure/storage/blobs/storage-blob-event-overview QUESTION 71 You are developing a web application that runs as an Azure Web App. The web application stores data in Azure SQL Database and stores files in an Azure Storage account. The web application makes HTTP requests to external services as part of normal operations. The web application is instrumented with Application Insights. The external services are OpenTelemetry compliant. You need to ensure that the customer ID of the signed in user is associated with all operations throughout the overall system. What should you do? A. Add the customer ID for the signed in user to the CorrelationContext in the web application B. On the current SpanContext, set the TraceId to the customer ID for the signed in user C. Set the header Ocp-Apim-Trace to the customer ID for the signed in user D. Create a new SpanContext with the TraceFlags value set to the customer ID for the signed in user Correct Answer: A Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/app/correlation QUESTION 72 HOTSPOT - You are developing an Azure Function App. You develop code by using a language that is not supported by the Azure Function App host. The code language supports HTTP primitives. You must deploy the code to a production Azure Function App environment. You need to configure the app for deployment. Which configuration values should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: Explanation/Reference: Box 1: Docker container - A custom handler can be deployed to every Azure Functions hosting option. If your handler requires operating system or platform dependencies (such as a language runtime), you may need to use a custom container. You can create and deploy your code to Azure Functions as a custom Docker container. Box 2: PowerShell core - When creating a function app in Azure for custom handlers, we recommend you select.NET Core as the stack. A "Custom" stack for custom handlers will be added in the future. PowerShell Core (PSC) is based on the new.NET Core runtime. Box 3: 7.0 - On Windows: The Azure Az PowerShell module is also supported for use with PowerShell 5.1 on Windows. On Linux: PowerShell 7.0.6 LTS, PowerShell 7.1.3, or higher is the recommended version of PowerShell for use with the Azure Az PowerShell module on all platforms. Reference: https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-function-linux-custom-image https:// docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-7.1.0 QUESTION 73 DRAG DROP - You provision virtual machines (VMs) as development environments. One VM does not start. The VM is stuck in a Windows update process. You attach the OS disk for the affected VM to a recovery VM. You need to correct the issue. In which order should you perform the actions? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place: Correct Answer: Explanation/Reference: Remove the update that causes the problem 1. Take a snapshot of the OS disk of the affected VM as a backup. 2. Attach the OS disk to a recovery VM. 3. Once the OS disk is attached on the recovery VM, run diskmgmt.msc to open Disk Management, and ensure the attached disk is ONLINE. 4. (Step 1) Open an elevated command prompt instance (Run as administrator). Run the following command to get the list of the update packages that are on the attached OS disk: dism /image::\ /get- packages > c:\temp\Patch_level 5. (Step 2) Open the C:\temp\Patch_level.txt file, and then read it from the bottom up. Locate the update that's in Install Pending or Uninstall Pending state. 6. Remove the update that caused the problem: dism /Image::\ /Remove-Package /PackageName:

Use Quizgecko on...
Browser
Browser