az-204-compressed.pdf
Document Details
Uploaded by ScenicTriangle
Microsoft
Tags
Full Transcript
Certy IQ Premium exam material Get certification quickly with the CertyIQ Premium exam material. Everything you need to prepare, learn & pass your certification exam easily. Lifetime free updates First attempt guaranteed success. https://www.CertyIQ.com Microsoft...
Certy IQ Premium exam material Get certification quickly with the CertyIQ Premium exam material. Everything you need to prepare, learn & pass your certification exam easily. Lifetime free updates First attempt guaranteed success. https://www.CertyIQ.com Microsoft (AZ-204) Developing Solutions for Microsoft Azure Total: 397 Questions Link: https://certyiq.com/papers?provider=microsoft&exam=az-204 Question: 1 CertyIQ You have two Hyper-V hosts named Host1 and Host2. Host1 has an Azure virtual machine named VM1 that was deployed by using a custom Azure Resource Manager template. You need to move VM1 to Host2. What should you do? A. From the Update management blade, click Enable. B. From the Overview blade, move VM1 to a different subscription. C. From the Redeploy blade, click Redeploy. D. From the Profile blade, modify the usage location. Answer: C Explanation: When you redeploy a VM, it moves the VM to a new node within the Azure infrastructure and then powers it back on, retaining all your configuration options and associated resources. Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/redeploy-to-new-node Question: 2 CertyIQ DRAG DROP - You have downloaded an Azure Resource Manager template to deploy numerous virtual machines. The template is based on a current virtual machine, but must be adapted to reference an administrative password. You need to make sure that the password is not stored in plain text. You are preparing to create the necessary components to achieve your goal. Which of the following should you create to achieve your goal? Answer by dragging the correct option from the list to the answer area. Select and Place: Answer: Explanation: Key Vault + Access Policy. Using Key Vault we create a secret containing our Password: https://docs.microsoft.com/en-us/azure/key- vault/secrets/quick-create-portal. Using an Access Policy we allow access to the previously created secre https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/key-vault-parameter? tabs=azure-cli Question: 3 CertyIQ Your company has an Azure Kubernetes Service (AKS) cluster that you manage from an Azure AD-joined device. The cluster is located in a resource group. Developers have created an application named MyApp. MyApp was packaged into a container image. You need to deploy the YAML manifest file for the application. Solution: You install the Azure CLI on the device and run the kubectl apply `"f myapp.yaml command. Does this meet the goal? A. Yes B. No Answer: A Explanation: kubectl apply -f myapp.yaml applies a configuration change to a resource from a file or stdin. Reference: https://kubernetes.io/docs/reference/kubectl/overview/ https://docs.microsoft.com/en-us/cli/azure/aks Question: 4 CertyIQ Your company has an Azure Kubernetes Service (AKS) cluster that you manage from an Azure AD-joined device. The cluster is located in a resource group. Developers have created an application named MyApp. MyApp was packaged into a container image. You need to deploy the YAML manifest file for the application. Solution: You install the docker client on the device and run the docker run -it microsoft/azure-cli:0.10.17 command. Does this meet the goal? A. Yes B. No Answer: B Explanation: NO docker run -it microsoft/azure-cli:0.10.17 is no k8s command Question: 5 CertyIQ Your company has a web app named WebApp1. You use the WebJobs SDK to design a triggered App Service background task that automatically invokes a function in the code every time new data is received in a queue. You are preparing to configure the service processes a queue data item. Which of the following is the service you should use? A. Logic Apps B. WebJobs C. Flow D. Functions Answer: B Explanation: "You use the WebJobs SDK to design a triggered App Service background task" B - WebJob Usually you'll host the WebJobs SDK in Azure WebJobs, but you can also run your jobs in a Worker Role. The Azure WebJobs feature of Azure Web Apps provides an easy way for you to run programs such as services or background tasks in a Web App... https://github.com/Azure/azure-webjobs-sdk Question: 6 CertyIQ Your company has an Azure subscription. You need to deploy a number of Azure virtual machines to the subscription by using Azure Resource Manager (ARM) templates. The virtual machines will be included in a single availability set. You need to ensure that the ARM template allows for as many virtual machines as possible to remain accessible in the event of fabric failure or maintenance. Which of the following is the value that you should configure for the platformFaultDomainCount property? A. 10 B. 30 C. Min Value D. Max Value Answer: D Explanation: The number of fault domains for managed availability sets varies by region - either two or three per region. Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability Question: 7 CertyIQ Your company has an Azure subscription. You need to deploy a number of Azure virtual machines to the subscription by using Azure Resource Manager (ARM) templates. The virtual machines will be included in a single availability set. You need to ensure that the ARM template allows for as many virtual machines as possible to remain accessible in the event of fabric failure or maintenance. Which of the following is the value that you should configure for the platformUpdateDomainCount property? A. 10 B. 20 C. 30 D. 40 Answer: B Explanation: 1. Answer is B 20 Each availability set can be configured with up to three fault domains and twenty update domains. https://docs.microsoft.com/en-us/azure/virtual-machines/availability-set-overview Question: 8 CertyIQ DRAG DROP - You are creating an Azure Cosmos DB account that makes use of the SQL API. Data will be added to the account every day by a web application. You need to ensure that an email notification is sent when information is received from IoT devices, and that compute cost is reduced. You decide to deploy a function app. Which of the following should you configure the function app to use? Answer by dragging the correct options from the list to the answer area. Select and Place: Answer: Question: 9 CertyIQ This question requires that you evaluate the underlined text to determine if it is correct. You company has an on-premises deployment of MongoDB, and an Azure Cosmos DB account that makes use of the MongoDB API. You need to devise a strategy to migrate MongoDB to the Azure Cosmos DB account. You include the Data Management Gateway tool in your migration strategy. Instructions: Review the underlined text. If it makes the statement correct, select `No change required.` If the statement is incorrect, select the answer choice that makes the statement correct. A. No change required B. mongorestore C. Azure Storage Explorer D. AzCopy Answer: B Explanation: Reference: https://docs.microsoft.com/en-us/azure/cosmos-db/mongodb-migrate https://docs.mongodb.com/manual/ref erence/program/mongorestore/ Question: 10 CertyIQ You are developing an e-Commerce Web App. You want to use Azure Key Vault to ensure that sign-ins to the e-Commerce Web App are secured by using Azure App Service authentication and Azure Active Directory (AAD). What should you do on the e-Commerce Web App? A. Run the az keyvault secret command. B. Enable Azure AD Connect. C. Enable Managed Service Identity (MSI). D. Create an Azure AD service principal. Answer: C Explanation: A managed identity from Azure Active Directory allows your app to easily access other AAD-protected resources such as Azure Key Vault. Reference: https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity https://docs.microsoft.com/en-us/samples/azure-samples/app-service-msi-keyvault-dotnet/keyvault-msi- appservice-sample/ Question: 11 CertyIQ This question requires that you evaluate the underlined text to determine if it is correct. Your Azure Active Directory Azure (Azure AD) tenant has an Azure subscription linked to it. Your developer has created a mobile application that obtains Azure AD access tokens using the OAuth 2 implicit grant type. The mobile application must be registered in Azure AD. You require a redirect URI from the developer for registration purposes. Instructions: Review the underlined text. If it makes the statement correct, select `No change is needed.` If the statement is incorrect, select the answer choice that makes the statement correct. A. No change required. B. a secret C. a login hint D. a client ID Answer: A Explanation: For Native Applications you need to provide a Redirect URI, which Azure AD will use to return token responses. Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code Question: 12 CertyIQ You are creating an Azure key vault using PowerShell. Objects deleted from the key vault must be kept for a set period of 90 days. Which two of the following parameters must be used in conjunction to meet the requirement? (Choose two.) A. EnabledForDeployment B. EnablePurgeProtection C. EnabledForTemplateDeployment D. EnableSoftDelete Answer: BD Explanation: B. EnablePurgeProtection D. EnableSoftDelete To meet the requirement of keeping objects deleted from the key vault for 90 days, you need to use the EnablePurgeProtection and EnableSoftDelete parameters when creating the key vault using PowerShell. EnablePurgeProtection prevents the key vault from being permanently deleted before the soft-delete retention period has elapsed. EnableSoftDelete allows deleted vault and its contents to be retained and recoverable for the specified number of days. Reference: https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/new-azurermkeyvault https://docs.microsoft.com/en-us/azure/key-vault/key-vault-ovw-soft-delete Question: 13 CertyIQ HOTSPOT - You have an Azure Active Directory (Azure AD) tenant. You want to implement multi-factor authentication by making use of a conditional access policy. The conditional access policy must be applied to all users when they access the Azure portal. Which three settings should you configure? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Answer: Explanation: Box 1: The conditional access policy must be applied or assigned to Users and Groups. Box 2: The conditional access policy must be applied when users access the Azure portal, which is a cloud app. That is: Microsoft Azure Management Box 3: Access control must require multi-factor authentication when granting access. Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-based-mfa Question: 14 CertyIQ You manage an Azure SQL database that allows for Azure AD authentication. You need to make sure that database developers can connect to the SQL database via Microsoft SQL Server Management Studio (SSMS). You also need to make sure the developers use their on-premises Active Directory account for authentication. Your strategy should allow for authentication prompts to be kept to a minimum. Which of the following should you implement? A. Azure AD token. B. Azure Multi-Factor authentication. C. Active Directory integrated authentication. D. OATH software tokens. Answer: C Explanation: Azure AD can be the initial Azure AD managed domain. Azure AD can also be an on-premises Active Directory Domain Services that is federated with the Azure AD. Using an Azure AD identity to connect using SSMS or SSDT The following procedures show you how to connect to a SQL database with an Azure AD identity using SQL Server Management Studio or SQL Server Database Tools. Active Directory integrated authentication Use this method if you are logged in to Windows using your Azure Active Directory credentials from a federated domain. 1. Start Management Studio or Data Tools and in the Connect to Server (or Connect to Database Engine) dialog box, in the Authentication box, select Active Directory - Integrated. No password is needed or can be entered because your existing credentials will be presented for the connection. 2. Select the Options button, and on the Connection Properties page, in the Connect to database box, type the name of the user database you want to connect to. (The AD domain name or tenant ID option is only supported for Universal with MFA connection options, otherwise it is greyed out.) Question: 15 CertyIQ You are developing an application to transfer data between on-premises file servers and Azure Blob storage. The application stores keys, secrets, and certificates in Azure Key Vault and makes use of the Azure Key Vault APIs. You want to configure the application to allow recovery of an accidental deletion of the key vault or key vault objects for 90 days after deletion. What should you do? A. Run the Add-AzKeyVaultKey cmdlet. B. Run the az keyvault update --enable-soft-delete true --enable-purge-protection true CLI. C. Implement virtual network service endpoints for Azure Key Vault. D. Run the az keyvault update --enable-soft-delete false CLI. Answer: B Explanation: When soft-delete is enabled, resources marked as deleted resources are retained for a specified period (90 days by default). The service further provides a mechanism for recovering the deleted object, essentially undoing the deletion. Purge protection is an optional Key Vault behavior and is not enabled by default. Purge protection can only be enabled once soft-delete is enabled. When purge protection is on, a vault or an object in the deleted state cannot be purged until the retention period has passed. Soft-deleted vaults and objects can still be recovered, ensuring that the retention policy will be followed. The default retention period is 90 days, but it is possible to set the retention policy interval to a value from 7 to 90 days through the Azure portal. Once the retention policy interval is set and saved it cannot be changed for that vault. Reference: https://docs.microsoft.com/en-us/azure/key-vault/general/overview-soft-delete Question: 16 CertyIQ HOTSPOT - You have developed a Web App for your company. The Web App provides services and must run in multiple regions. You want to be notified whenever the Web App uses more than 85 percent of the available CPU cores over a 5 minute period. Your solution must minimize costs. Which command should you use? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Answer: Explanation: Reference: https://docs.microsoft.com/sv-se/cli/azure/monitor/metrics/alert Question: 17 CertyIQ Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are configuring a web app that delivers streaming video to users. The application makes use of continuous integration and deployment. You need to ensure that the application is highly available and that the users' streaming experience is constant. You also want to configure the application to store data in a geographic location that is nearest to the user. Solution: You include the use of Azure Redis Cache in your design. Does the solution meet the goal? A. Yes B. No Answer: B Question: 18 CertyIQ Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are configuring a web app that delivers streaming video to users. The application makes use of continuous integration and deployment. You need to ensure that the application is highly available and that the users' streaming experience is constant. You also want to configure the application to store data in a geographic location that is nearest to the user. Solution: You include the use of an Azure Content Delivery Network (CDN) in your design. Does the solution meet the goal? A. Yes B. No Answer: A Explanation: Reference: https://docs.microsoft.com/en-in/azure/cdn/ Question: 19 CertyIQ Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are configuring a web app that delivers streaming video to users. The application makes use of continuous integration and deployment. You need to ensure that the application is highly available and that the users' streaming experience is constant. You also want to configure the application to store data in a geographic location that is nearest to the user. Solution: You include the use of a Storage Area Network (SAN) in your design. Does the solution meet the goal? A. Yes B. No Answer: B Explanation: Instead you use CDN Question: 20 CertyIQ You develop a Web App on a tier D1 app service plan. You notice that page load times increase during periods of peak traffic. You want to implement automatic scaling when CPU load is above 80 percent. Your solution must minimize costs. What should you do first? A. Enable autoscaling on the Web App. B. Switch to the Premium App Service tier plan. C. Switch to the Standard App Service tier plan. D. Switch to the Azure App Services consumption plan. Answer: C Explanation: Configure the web app to the Standard App Service Tier. The Standard tier supports auto-scaling, and we should minimize the cost. We can then enable autoscaling on the web app, add a scale rule and add a Scale condition. Reference: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-autoscale-get-started https:/ /azure.microsoft.com/en-us/pricing/details/app-service/plans/ Question: 21 CertyIQ Your company's Azure subscription includes an Azure Log Analytics workspace. Your company has a hundred on-premises servers that run either Windows Server 2012 R2 or Windows Server 2016, and is linked to the Azure Log Analytics workspace. The Azure Log Analytics workspace is set up to gather performance counters associated with security from these linked servers. You must configure alerts based on the information gathered by the Azure Log Analytics workspace. You have to make sure that alert rules allow for dimensions, and that alert creation time should be kept to a minimum. Furthermore, a single alert notification must be created when the alert is created and when the alert is resolved. You need to make use of the necessary signal type when creating the alert rules. Which of the following is the option you should use? A. The Activity log signal type. B. The Application Log signal type. C. The Metric signal type. D. The Audit Log signal type. Answer: C Explanation: Metric alerts in Azure Monitor provide a way to get notified when one of your metrics cross a threshold. Metric alerts work on a range of multi-dimensional platform metrics, custom metrics, Application Insights standard and custom metrics. Note: Signals are emitted by the target resource and can be of several types. Metric, Activity log, Application Insights, and Log. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-metric Question: 22 CertyIQ You are developing a.NET Core MVC application that allows customers to research independent holiday accommodation providers. You want to implement Azure Search to allow the application to search the index by using various criteria to locate documents related to accommodation. You want the application to allow customers to search the index by using regular expressions. What should you do? A. Configure the SearchMode property of the SearchParameters class. B. Configure the QueryType property of the SearchParameters class. C. Configure the Facets property of the SearchParameters class. D. Configure the Filter property of the SearchParameters class. Answer: B Explanation: The SearchParameters.QueryType Property gets or sets a value that specifies the syntax of the search query. The default is 'simple'. Use 'full' if your query uses the Lucene query syntax. You can write queries against Azure Search based on the rich Lucene Query Parser syntax for specialized query forms: wildcard, fuzzy search, proximity search, regular expressions are a few examples. Reference: https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.search.models.searchparameters https://docs.mi crosoft.com/en-us/dotnet/api/microsoft.azure.search.models.searchparameters.querytype Question: 23 CertyIQ You are a developer at your company. You need to update the definitions for an existing Logic App. What should you use? A. the Enterprise Integration Pack (EIP) B. the Logic App Code View C. the API Connections D. the Logic Apps Designer Answer: B Explanation: Edit JSON - Azure portal - 1. Sign in to the Azure portal. 2. From the left menu, choose All services. In the search box, find "logic apps", and then from the results, select your logic app. 3. On your logic app's menu, under Development Tools, select Logic App Code View. 4. The Code View editor opens and shows your logic app definition in JSON format. Reference: https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-enterprise-integration-overview https://docs.m icrosoft.com/en-us/azure/logic-apps/logic-apps-author-definitions Question: 24 CertyIQ Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are developing a solution for a public facing API. The API back end is hosted in an Azure App Service instance. You have implemented a RESTful service for the API back end. You must configure back-end authentication for the API Management service instance. Solution: You configure Basic gateway credentials for the Azure resource. Does the solution meet the goal? A. Yes B. No Answer: A Explanation: "Authenticate with Basic policy" for api-management https://docs.microsoft.com/en-us/azure/api- management/api-management-authentication-policies#Basic So Yes is correct answer Question: 25 CertyIQ Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are developing a solution for a public facing API. The API back end is hosted in an Azure App Service instance. You have implemented a RESTful service for the API back end. You must configure back-end authentication for the API Management service instance. Solution: You configure Client cert gateway credentials for the HTTP(s) endpoint. Does the solution meet the goal? A. Yes B. No Answer: A Explanation: This is scenario questions. If backend is accepts HTTP(S) Then Basic AUTH or Certificate will work. so Client Certificate + HTTP(s) YES Question: 26 CertyIQ Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are developing a solution for a public facing API. The API back end is hosted in an Azure App Service instance. You have implemented a RESTful service for the API back end. You must configure back-end authentication for the API Management service instance. Solution: You configure Basic gateway credentials for the HTTP(s) endpoint. Does the solution meet the goal? A. Yes B. No Answer: A Explanation: This is scenario questions. If backend is accepts HTTP(S) Then Basic AUTH or Certificate will work. so Basic + HTTPS Yes Question: 27 CertyIQ Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are developing a solution for a public facing API. The API back end is hosted in an Azure App Service instance. You have implemented a RESTful service for the API back end. You must configure back-end authentication for the API Management service instance. Solution: You configure Client cert gateway credentials for the Azure resource. Does the solution meet the goal? A. Yes B. No Answer: B Explanation: This is scenario questions. If backend is accepts HTTP(S) Then Basic AUTH or Certificate will work. so Certificate + Azure Resource NO Question: 28 CertyIQ You are developing a.NET Core MVC application that allows customers to research independent holiday accommodation providers. You want to implement Azure Search to allow the application to search the index by using various criteria to locate documents related to accommodation venues. You want the application to list holiday accommodation venues that fall within a specific price range and are within a specified distance to an airport. What should you do? A. Configure the SearchMode property of the SearchParameters class. B. Configure the QueryType property of the SearchParameters class. C. Configure the Facets property of the SearchParameters class. D. Configure the Filter property of the SearchParameters class. Answer: D Explanation: The Filter property gets or sets the OData $filter expression to apply to the search query. Reference: https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.search.models.searchparameters https://docs.mi crosoft.com/en-us/dotnet/api/microsoft.azure.search.models.searchparameters.querytype Question: 29 CertyIQ You are a developer at your company. You need to edit the workflows for an existing Logic App. What should you use? A. the Enterprise Integration Pack (EIP) B. the Logic App Code View C. the API Connections D. the Logic Apps Designer Answer: D Explanation: the Logic Apps Designer To edit the workflows for an existing Logic App, you should use the Logic App Designer. The Logic App Designer is a visual interface that you can use to create, update, and manage Logic Apps. The Designer allows you to define the triggers, actions, and conditions that make up the Logic App's workflow. You can use the Designer to add, remove, or modify the connectors, expressions and actions that make up the Logic App. Question: 30 CertyIQ DRAG DROP - You are a developer for a company that provides a bookings management service in the tourism industry. You are implementing Azure Search for the tour agencies listed in your company's solution. You create the index in Azure Search. You now need to use the Azure Search.NET SDK to import the relevant data into the Azure Search service. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions from left to right and arrange them in the correct order. Select and Place: Answer: Explanation: 1. The index needs to be populated. To do this, we will need a SearchIndexClient. There are two ways to obtain one: by constructing it, or by calling Indexes.GetClient on the SearchServiceClient. Here we will use the first method. 2. Create the indexBatch with the documents Something like: var hotels = new Hotel[]; new Hotel() HotelId = "3", BaseRate = 129.99, Description = "Close to town hall and the river" ; var batch = IndexBatch.Upload(hotels); 3. The next step is to populate the newly-created index Example: var batch = IndexBatch.Upload(hotels); try indexClient.Documents.Index(batch); Reference: https://docs.microsoft.com/en-us/azure/search/search-howto-dotnet-sdk Question: 31 CertyIQ You are developing an application that applies a set of governance policies for internal and external services, as well as for applications. You develop a stateful ASP.NET Core 2.1 web application named PolicyApp and deploy it to an Azure App Service Web App. The PolicyApp reacts to events from Azure Event Grid and performs policy actions based on those events. You have the following requirements: ✑ Authentication events must be used to monitor users when they sign in and sign out. ✑ All authentication events must be processed by PolicyApp. ✑ Sign outs must be processed as fast as possible. What should you do? A. Create a new Azure Event Grid subscription for all authentication events. Use the subscription to process sign-out events. B. Create a separate Azure Event Grid handler for sign-in and sign-out events. C. Create separate Azure Event Grid topics and subscriptions for sign-in and sign-out events. D. Add a subject prefix to sign-out events. Create an Azure Event Grid subscription. Configure the subscription to use the subjectBeginsWith filter. Answer: C Explanation: Create separate Azure Event Grid topics and subscriptions for sign-in and sign-out events. To meet the requirements of processing sign-out events as fast as possible, it would be best to create separate Azure Event Grid topics and subscriptions for sign-in and sign-out events. This way, you can configure the subscription for sign-out events to have a higher priority, and process those events with a higher priority. This will ensure that sign-out events are processed as fast as possible, allowing for a more responsive user experience. Question: 32 CertyIQ HOTSPOT - You are developing a C++ application that compiles to a native application named process.exe. The application accepts images as input and returns images in one of the following image formats: GIF, PNG, or JPEG. You must deploy the application as an Azure Function. You need to configure the function and host json files. How should you complete the json files? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Answer: Explanation: Box 1: "type": "http" Box 2: "customHandler": "description": A custom handler is defined by configuring the host.json file with details on how to run the web server via the customHandler section. The customHandler section points to a target as defined by the defaultExecutablePath. Example: "customHandler": "description": "defaultExecutablePath": "handler.exe" Box 3: "enableForwardingHttpRequest": false Incorrect: For HTTP-triggered functions with no additional bindings or outputs, you may want your handler to work directly with the HTTP request and response instead of the custom handler request and response payloads. This behavior can be configured in host.json using the enableForwardingHttpRequest setting. At the root of the app, the host.json file is configured to run handler.exe and enableForwardingHttpRequest is set to true. Reference: https://docs.microsoft.com/en-us/azure/azure-functions/functions-custom-handlers Question: 33 CertyIQ HOTSPOT - You are developing an Azure Static Web app that contains training materials for a tool company. Each tool’s training material is contained in a static web page that is linked from the tool’s publicly available description page. A user must be authenticated using Azure AD prior to viewing training. You need to ensure that the user can view training material pages after authentication. How should you complete the configuration file? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer: Question: 34 CertyIQ HOTSPOT - You are authoring a set of nested Azure Resource Manager templates to deploy Azure resources. You author an Azure Resource Manager template named mainTemplate.json that contains the following linked templates: linkedTemplate1.json, linkedTemplate2.json. You add parameters to a parameters template file named mainTemplate.parameters,json. You save all templates on a local device in the C:\templates\ folder. You have the following requirements: Store the templates in Azure for later deployment. Enable versioning of the templates. Manage access to the templates by using Azure RBAC. Ensure that users have read-only access to the templates. Allow users to deploy the templates. You need to store the templates in Azure. How should you complete the command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer: Question: 35 CertyIQ HOTSPOT - You are developing a service where customers can report news events from a browser using Azure Web PubSub. The service is implemented as an Azure Function App that uses the JSON WebSocket subprotocol to receive news events. You need to implement the bindings for the Azure Function App. How should you configure the binding? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer: Question: 36 CertyIQ HOTSPOT - You are building a software-as-a-service (SaaS) application that analyzes DNA data that will run on Azure virtual machines (VMs) in an availability zone. The data is stored on managed disks attached to the VM. The performance of the analysis is determined by the speed of the disk attached to the VM. You have the following requirements: The application must be able to quickly revert to the previous day’s data if a systemic error is detected. The application must minimize downtime in the case of an Azure datacenter outage. You need to provision the managed disk for the VM to maximize performance while meeting the requirements. Which type of Azure Managed Disk should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer: Explanation: Premium SSD and ZRS They are asking for high performance workloads which is supported by Premium tier https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types Also they are asking for zone redundancy (if datacenter goes down, NOT region outage). Also managed disk doesn't support GRS https://learn.microsoft.com/en-us/azure/virtual-machines/disks-redundancy Question: 37 CertyIQ HOTSPOT - You are developing an application that includes two Docker containers. The application must meet the following requirements: The containers must not run as root. The containers must be deployed to Azure Container Instances by using a YAML file. The containers must share a lifecycle, resources, local network, and storage volume. The storage volume must persist through container crashes. The storage volume must be deployed on stop or restart of the containers. You need to configure Azure Container Instances for the application. Which configuration values should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer: Explanation: Container group, EmptyDirectory Container group is the only logical answer that can have shared lifecycle Azure files need root permission Secret is for secrets and read-only EmtyDir can persist through crash and redeployed on stop and restart https://learn.microsoft.com/en-us/azure/container-instances/container-instances-volume- emptydir#emptydir-volume https://learn.microsoft.com/en-us/azure/container-instances/container-instances-container-groups? source=recommendations#what-is-a-container-group Cloned Git Repo also does the job but it needs more details like Git URL and stuff which are not mentioned to be available in the question Question: 38 CertyIQ HOTSPOT - You are implementing a software as a service (SaaS) ASP.NET Core web service that will run as an Azure Web App. The web service will use an on-premises SQL Server database for storage. The web service also includes a WebJob that processes data updates. Four customers will use the web service. ✑ Each instance of the WebJob processes data for a single customer and must run as a singleton instance. ✑ Each deployment must be tested by using deployment slots prior to serving production data. ✑ Azure costs must be minimized. ✑ Azure resources must be located in an isolated network. You need to configure the App Service plan for the Web App. How should you configure the App Service plan? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Answer: Explanation: Number of VM instances: 4 - You are not charged extra for deployment slots. Pricing tier: Isolated - The App Service Environment (ASE) is a powerful feature offering of the Azure App Service that gives network isolation and improved scale capabilities. It is essentially a deployment of the Azure App Service into a subnet of a customer's Azure Virtual Network (VNet). Reference: https://azure.microsoft.com/sv-se/blog/announcing-app-service-isolated-more-power-scale-and-ease-of-use/ Question: 39 CertyIQ DRAG DROP - You are a developer for a software as a service (SaaS) company that uses an Azure Function to process orders. The Azure Function currently runs on an Azure Function app that is triggered by an Azure Storage queue. You are preparing to migrate the Azure Function to Kubernetes using Kubernetes-based Event Driven Autoscaling (KEDA). You need to configure Kubernetes Custom Resource Definitions (CRD) for the Azure Function. Which CRDs should you configure? To answer, drag the appropriate CRD types to the correct locations. Each CRD type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place: Answer: Explanation: Box 1: Deployment - To deploy Azure Functions to Kubernetes use the func kubernetes deploy command has several attributes that directly control how our app scales, once it is deployed to Kubernetes. Box 2: ScaledObject - With --polling-interval, we can control the interval used by KEDA to check Azure Service Bus Queue for messages. Example of ScaledObject with polling interval apiVersion: keda.k8s.io/v1alpha1 kind: ScaledObject metadata: name: transformer-fn namespace: tt labels: deploymentName: transformer-fn spec: scaleTargetRef: deploymentName: transformer-fn pollingInterval: 5 minReplicaCount: 0 maxReplicaCount: 100 Box 3: Secret - Store connection strings in Kubernetes Secrets. Example: to create the Secret in our demo Namespace: # create the k8s demo namespace kubectl create namespace tt # grab connection string from Azure Service Bus KEDA_SCALER_CONNECTION_STRING=$(az servicebus queue authorization-rule keys list \ -g $RG_NAME \ --namespace-name $SBN_NAME \ --queue-name inbound \ -n keda-scaler \ --query "primaryConnectionString" \ -o tsv) # create the kubernetes secret kubectl create secret generic tt-keda-auth \ --from-literal KedaScaler=$KEDA_SCALER_CONNECTION_STRING \ --namespace tt Reference: https://www.thinktecture.com/en/kubernetes/serverless-workloads-with-keda/ Question: 40 CertyIQ HOTSPOT - You are creating a CLI script that creates an Azure web app and related services in Azure App Service. The web app uses the following variables: You need to automatically deploy code from GitHub to the newly created web app. How should you complete the script? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Answer: Explanation: Box 1: az appservice plan create The azure group creates command successfully returns JSON result. Now we can use resource group to create a azure app service plan Box 2: az webapp create - Create a new web app.. Box 3: --plan $webappname -..with the serviceplan we created in step 1. Box 4: az webapp deployment - Continuous Delivery with GitHub. Example: az webapp deployment source config --name firstsamplewebsite1 --resource-group websites--repo-url $gitrepo --branch master --git-token $token Box 5: --repo-url $gitrepo --branch master --manual-integration Reference: https://medium.com/@satish1v/devops-your-way-to-azure-web-apps-with-azure-cli-206ed4b3e9b1 Question: 41 CertyIQ Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2. When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute. You need to design the process that starts the photo processing. Solution: Trigger the photo processing from Blob storage events. Does the solution meet the goal? A. Yes B. No Answer: B Explanation: You need to catch the triggered event, so move the photo processing to an Azure Function triggered from the blob upload. Note: Azure Storage events allow applications to react to events. Common Blob storage event scenarios include image or video processing, search indexing, or any file-oriented workflow. Events are pushed using Azure Event Grid to subscribers such as Azure Functions, Azure Logic Apps, or even to your own http listener. However, the processing must start in less than one minute. Note: Only storage accounts of kind StorageV2 (general purpose v2) and BlobStorage support event integration. Storage (general purpose v1) does not support integration with Event Grid. Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-event-overview Question: 42 CertyIQ Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop and deploy an Azure App Service API app to a Windows-hosted deployment slot named Development. You create additional deployment slots named Testing and Production. You enable auto swap on the Production deployment slot. You need to ensure that scripts run and resources are available before a swap operation occurs. Solution: Update the web.config file to include the applicationInitialization configuration element. Specify custom initialization actions to run the scripts. Does the solution meet the goal? A. No B. Yes Answer: B Explanation: https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots#specify-custom-warm-up Question: 43 CertyIQ Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop and deploy an Azure App Service API app to a Windows-hosted deployment slot named Development. You create additional deployment slots named Testing and Production. You enable auto swap on the Production deployment slot. You need to ensure that scripts run and resources are available before a swap operation occurs. Solution: Enable auto swap for the Testing slot. Deploy the app to the Testing slot. Does the solution meet the goal? A. No B. Yes Answer: A Explanation: 1. I vote A, No, because for me the solution is updating the web.config file to include the applicationInitialization configuration element. 2. To meet the goal of ensuring that scripts run and resources are available before a swap operation occurs, you should update the web.config file to include the application Initialization configuration element, as described in my previous answer. Question: 44 CertyIQ Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop and deploy an Azure App Service API app to a Windows-hosted deployment slot named Development. You create additional deployment slots named Testing and Production. You enable auto swap on the Production deployment slot. You need to ensure that scripts run and resources are available before a swap operation occurs. Solution: Disable auto swap. Update the app with a method named statuscheck to run the scripts. Re-enable auto swap and deploy the app to the Production slot. Does the solution meet the goal? A. No B. Yes Answer: A Explanation: Instead, use applicationInitialization Question: 45 CertyIQ Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2. When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute. You need to design the process that starts the photo processing. Solution: Convert the Azure Storage account to a BlockBlobStorage storage account. Does the solution meet the goal? A. Yes B. No Answer: B Explanation: Not necessary to convert the account, instead move photo processing to an Azure Function triggered from the blob upload.. Azure Storage events allow applications to react to events. Common Blob storage event scenarios include image or video processing, search indexing, or any file- oriented workflow. Note: Only storage accounts of kind StorageV2 (general purpose v2) and BlobStorage support event integration. Storage (general purpose v1) does not support integration with Event Grid. Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-event-overview Question: 46 CertyIQ HOTSPOT - You are developing an Azure Web App. You configure TLS mutual authentication for the web app. You need to validate the client certificate in the web app. To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Answer: Explanation: Accessing the client certificate from App Service. If you are using ASP.NET and configure your app to use client certificate authentication, the certificate will be available through the HttpRequest.ClientCertificate property. For other application stacks, the client cert will be available in your app through a base64 encoded value in the "X-ARR-ClientCert" request header. Your application can create a certificate from this value and then use it for authentication and authorization purposes in your application. Reference: https://docs.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth Question: 47 CertyIQ DRAG DROP - You are developing a Docker/Go using Azure App Service Web App for Containers. You plan to run the container in an App Service on Linux. You identify a Docker container image to use. None of your current resource groups reside in a location that supports Linux. You must minimize the number of resource groups required. You need to create the application and perform an initial deployment. Which three Azure CLI commands should you use to develop the solution? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order. Select and Place: Answer: Explanation: You can host native Linux applications in the cloud by using Azure Web Apps. To create a Web App for Containers, you must run Azure CLI commands that create a group, then a service plan, and finally the web app itself. Step 1: az group create - In the Cloud Shell, create a resource group with the az group create command. Step 2: az appservice plan create In the Cloud Shell, create an App Service plan in the resource group with the az appservice plan create command. Step 3: az webapp create - In the Cloud Shell, create a web app in the myAppServicePlan App Service plan with the az webapp create command. Don't forget to replace with a unique app name, and with your Docker ID. Reference: https://docs.microsoft.com/mt-mt/azure/app-service/containers/quickstart-docker-go?view=sql-server-ver15 Question: 48 CertyIQ DRAG DROP - Fourth Coffee has an ASP.NET Core web app that runs in Docker. The app is mapped to the www.fourthcoffee.com domain. Fourth Coffee is migrating this application to Azure. You need to provision an App Service Web App to host this docker image and map the custom domain to the App Service web app. A resource group named FourthCoffeePublicWebResourceGroup has been created in the WestUS region that contains an App Service Plan named AppServiceLinuxDockerPlan. Which order should the CLI commands be used to develop the solution? To answer, move all of the Azure CLI commands from the list of commands to the answer area and arrange them in the correct order. Select and Place: Answer: Explanation: Step 1: #bin/bash - The appName is used when the webapp-name is created in step 2. Step 2: az webapp create - Create a web app. In the Cloud Shell, create a web app in the myAppServicePlan App Service plan with the az webapp create command. Step 3: az webapp config container set In Create a web app, you specified an image on Docker Hub in the az webapp create command. This is good enough for a public image. To use a private image, you need to configure your Docker account ID and password in your Azure web app. Step 4: az webapp config hostname add The webapp-name is used when the webapp is created in step 2. In the Cloud Shell, follow the az webapp create command with az webapp config container set. Reference: https://docs.microsoft.com/en-us/azure/app-service/containers/tutorial-custom-docker-image https://docs.mi crosoft.com/en-us/azure/app-service/tutorial-custom-container?pivots=container-linux https://docs.microsoft.com/en-us/azure/app-service/scripts/cli-configure-custom-domain Question: 49 CertyIQ DRAG DROP - You are developing a serverless Java application on Azure. You create a new Azure Key Vault to work with secrets from a new Azure Functions application. The application must meet the following requirements: ✑ Reference the Azure Key Vault without requiring any changes to the Java code. ✑ Dynamically add and remove instances of the Azure Functions host based on the number of incoming application events. ✑ Ensure that instances are perpetually warm to avoid any cold starts. ✑ Connect to a VNet. ✑ Authentication to the Azure Key Vault instance must be removed if the Azure Function application is deleted. You need to grant the Azure Functions application access to the Azure Key Vault. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place: Answer: Explanation: 1. create ~Premium plan Type (Consumption X) 2. create system-assigned ~ (user-assigned X) 3. create an access policy in Azure Key Vault~ Question: 50 CertyIQ You develop a website. You plan to host the website in Azure. You expect the website to experience high traffic volumes after it is published. You must ensure that the website remains available and responsive while minimizing cost. You need to deploy the website. What should you do? A. Deploy the website to a virtual machine. Configure the virtual machine to automatically scale when the CPU load is high. B. Deploy the website to an App Service that uses the Shared service tier. Configure the App Service plan to automatically scale when the CPU load is high. C. Deploy the website to a virtual machine. Configure a Scale Set to increase the virtual machine instance count when the CPU load is high. D. Deploy the website to an App Service that uses the Standard service tier. Configure the App Service plan to automatically scale when the CPU load is high. Answer: D Explanation: Windows Azure Web Sites (WAWS) offers 3 modes: Standard, Free, and Shared. Standard mode carries an enterprise-grade SLA (Service Level Agreement) of 99.9% monthly, even for sites with just one instance. Standard mode runs on dedicated instances, making it different from the other ways to buy Windows Azure Web Sites. Incorrect Answers: B: Shared and Free modes do not offer the scaling flexibility of Standard, and they have some important limits. Shared mode, just as the name states, also uses shared Compute resources, and also has a CPU limit. So, while neither Free nor Shared is likely to be the best choice for your production environment due to these limits. Question: 51 CertyIQ HOTSPOT - A company is developing a Java web app. The web app code is hosted in a GitHub repository located at https://github.com/Contoso/webapp. The web app must be evaluated before it is moved to production. You must deploy the initial code release to a deployment slot named staging. You need to create the web app and deploy the code. How should you complete the commands? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Answer: Explanation: Box 1: group - # Create a resource group. az group create --location westeurope --name myResourceGroup Box 2: appservice plan - # Create an App Service plan in STANDARD tier (minimum required by deployment slots). az appservice plan create --name $webappname --resource-group myResourceGroup --sku S1 Box 3: webapp - # Create a web app. az webapp create --name $webappname --resource-group myResourceGroup \ --plan $webappname Box 4: webapp deployment slot - #Create a deployment slot with the name "staging". az webapp deployment slot create --name $webappname --resource-group myResourceGroup \ --slot staging Box 5: webapp deployment source - # Deploy sample code to "staging" slot from GitHub. az webapp deployment source config --name $webappname --resource-group myResourceGroup \ --slot staging --repo-url $gitrepo --branch master --manual-integration Reference: https://docs.microsoft.com/en-us/azure/app-service/scripts/cli-deploy-staging-environment Question: 52 CertyIQ HOTSPOT - You have a web service that is used to pay for food deliveries. The web service uses Azure Cosmos DB as the data store. You plan to add a new feature that allows users to set a tip amount. The new feature requires that a property named tip on the document in Cosmos DB must be present and contain a numeric value. There are many existing websites and mobile apps that use the web service that will not be updated to set the tip property for some time. How should you complete the trigger? NOTE: Each correct selection is worth one point. Hot Area: Answer: Explanation: Right answer in second drop down is the first one (..."tip" in i...) Similiar example can be found on https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-write-stored- procedures-triggers-udfs Question: 53 CertyIQ Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop an HTTP triggered Azure Function app to process Azure Storage blob data. The app is triggered using an output binding on the blob. The app continues to time out after four minutes. The app must process the blob data. You need to ensure the app does not time out and processes the blob data. Solution: Use the Durable Function async pattern to process the blob data. Does the solution meet the goal? A. Yes B. No Answer: A Explanation: Yes "230 seconds is the maximum amount of time[...] For longer processing times, consider using the DURABLE FUNCTIONS ASYNC PATTERN[...]" https://docs.microsoft.com/en-us/azure/azure-functions/functions-scale#timeout Question: 54 CertyIQ Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop an HTTP triggered Azure Function app to process Azure Storage blob data. The app is triggered using an output binding on the blob. The app continues to time out after four minutes. The app must process the blob data. You need to ensure the app does not time out and processes the blob data. Solution: Pass the HTTP trigger payload into an Azure Service Bus queue to be processed by a queue trigger function and return an immediate HTTP success response. Does the solution meet the goal? A. Yes B. No Answer: A Explanation: Large, long-running functions can cause unexpected timeout issues. General best practices include: Whenever possible, refactor large functions into smaller function sets that work together and return responses fast. For example, a webhook or HTTP trigger function might require an acknowledgment response within a certain time limit; it's common for webhooks to require an immediate response. You can pass the HTTP trigger payload into a queue to be processed by a queue trigger function. This approach lets you defer the actual work and return an immediate response. Reference: https://docs.microsoft.com/en-us/azure/azure-functions/functions-best-practices Question: 55 CertyIQ Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop an HTTP triggered Azure Function app to process Azure Storage blob data. The app is triggered using an output binding on the blob. The app continues to time out after four minutes. The app must process the blob data. You need to ensure the app does not time out and processes the blob data. Solution: Configure the app to use an App Service hosting plan and enable the Always On setting. Does the solution meet the goal? A. Yes B. No Answer: B Explanation: Instead pass the HTTP trigger payload into an Azure Service Bus queue to be processed by a queue trigger function and return an immediate HTTP success response. Note: Large, long-running functions can cause unexpected timeout issues. General best practices include: Whenever possible, refactor large functions into smaller function sets that work together and return responses fast. For example, a webhook or HTTP trigger function might require an acknowledgment response within a certain time limit; it's common for webhooks to require an immediate response. You can pass the HTTP trigger payload into a queue to be processed by a queue trigger function. This approach lets you defer the actual work and return an immediate response. Reference: https://docs.microsoft.com/en-us/azure/azure-functions/functions-best-practices Question: 56 CertyIQ Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2. When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute. You need to design the process that starts the photo processing. Solution: Move photo processing to an Azure Function triggered from the blob upload. Does the solution meet the goal? A. Yes B. No Answer: A Explanation: Azure Storage events allow applications to react to events. Common Blob storage event scenarios include image or video processing, search indexing, or any file- oriented workflow. Events are pushed using Azure Event Grid to subscribers such as Azure Functions, Azure Logic Apps, or even to your own http listener. Note: Only storage accounts of kind StorageV2 (general purpose v2) and BlobStorage support event integration. Storage (general purpose v1) does not support integration with Event Grid. Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-event-overview Question: 57 CertyIQ You are developing an application that uses Azure Blob storage. The application must read the transaction logs of all the changes that occur to the blobs and the blob metadata in the storage account for auditing purposes. The changes must be in the order in which they occurred, include only create, update, delete, and copy operations and be retained for compliance reasons. You need to process the transaction logs asynchronously. What should you do? A. Process all Azure Blob storage events by using Azure Event Grid with a subscriber Azure Function app. B. Enable the change feed on the storage account and process all changes for available events. C. Process all Azure Storage Analytics logs for successful blob events. D. Use the Azure Monitor HTTP Data Collector API and scan the request body for successful blob events. Answer: B Explanation: Change feed support in Azure Blob Storage The purpose of the change feed is to provide transaction logs of all the changes that occur to the blobs and the blob metadata in your storage account. The change feed provides ordered, guaranteed, durable, immutable, read-only log of these changes. Client applications can read these logs at any time, either in streaming or in batch mode. The change feed enables you to build efficient and scalable solutions that process change events that occur in your Blob Storage account at a low cost. Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-change-feed Question: 58 CertyIQ DRAG DROP - You plan to create a Docker image that runs an ASP.NET Core application named ContosoApp. You have a setup script named setupScript.ps1 and a series of application files including ContosoApp.dll. You need to create a Dockerfile document that meets the following requirements: ✑ Call setupScripts.ps1 when the container is built. ✑ Run ContosoApp.dll when the container starts. The Dockerfile document must be created in the same folder where ContosoApp.dll and setupScript.ps1 are stored. Which five commands should you use to develop the solution? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order. Select and Place: Answer: Explanation: FROM - WORKDIR - COPY - RUN - CMD Question: 59 CertyIQ You are developing an Azure Function App that processes images that are uploaded to an Azure Blob container. Images must be processed as quickly as possible after they are uploaded, and the solution must minimize latency. You create code to process images when the Function App is triggered. You need to configure the Function App. What should you do? A. Use an App Service plan. Configure the Function App to use an Azure Blob Storage input trigger. B. Use a Consumption plan. Configure the Function App to use an Azure Blob Storage trigger. C. Use a Consumption plan. Configure the Function App to use a Timer trigger. D. Use an App Service plan. Configure the Function App to use an Azure Blob Storage trigger. E. Use a Consumption plan. Configure the Function App to use an Azure Blob Storage input trigger. Answer: D Explanation: Use an App Service plan. Configure the Function App to use an Azure Blob Storage trigger. Consumption plan can cause a 10-min delay in processing new blobs if a function app has gone idle. To avoid this latency, you can switch to an App Service plan with Always On enabled. https://docs.microsoft.com/en-us/azure/azure- functions/functions-bindings-storage-blob-trigger?tabs=csharp Question: 60 CertyIQ HOTSPOT - You are configuring a new development environment for a Java application. The environment requires a Virtual Machine Scale Set (VMSS), several storage accounts, and networking components. The VMSS must not be created until the storage accounts have been successfully created and an associated load balancer and virtual network is configured. How should you complete the Azure Resource Manager template? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Answer: Explanation: Box 1: copyIndex - Notice that the name of each resource includes the copyIndex() function, which returns the current iteration in the loop. copyIndex() is zero-based. Box 2: copy - By adding the copy element to the resources section of your template, you can dynamically set the number of resources to deploy. Box 3: dependsOn - Example: "type": "Microsoft.Compute/virtualMachineScaleSets", "apiVersion": "2020-06-01", "name": "[variables('namingInfix')]", "location": "[parameters('location')]", "sku": "name": "[parameters('vmSku')]", "tier": "Standard", "capacity": "[parameters('instanceCount')]" , "dependsOn": [ "[resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName'))]", "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]" ], Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/copy-resources https://docs.micr osoft.com/en-us/azure/virtual-machine-scale-sets/quick-create-template-windows Question: 61 CertyIQ HOTSPOT - You are developing an Azure Function App by using Visual Studio. The app will process orders input by an Azure Web App. The web app places the order information into Azure Queue Storage. You need to review the Azure Function App code shown below. NOTE: Each correct selection is worth one point. Hot Area: Answer: Explanation: Box 1: No - ExpirationTime - The time that the message expires. InsertionTime - The time that the message was added to the queue. Box 2: Yes - maxDequeueCount - The number of times to try processing a message before moving it to the poison queue. Default value is 5. Box 3: Yes - When there are multiple queue messages waiting, the queue trigger retrieves a batch of messages and invokes function instances concurrently to process them. By default, the batch size is 16. When the number being processed gets down to 8, the runtime gets another batch and starts processing those messages. So the maximum number of concurrent messages being processed per function on one virtual machine (VM) is 24. Box 4: Yes - Reference: https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-storage-queue Question: 62 CertyIQ DRAG DROP - You are developing a solution for a hospital to support the following use cases: ✑ The most recent patient status details must be retrieved even if multiple users in different locations have updated the patient record. ✑ Patient health monitoring data retrieved must be the current version or the prior version. ✑ After a patient is discharged and all charges have been assessed, the patient billing record contains the final charges. You provision a Cosmos DB NoSQL database and set the default consistency level for the database account to Strong. You set the value for Indexing Mode to Consistent. You need to minimize latency and any impact to the availability of the solution. You must override the default consistency level at the query level to meet the required consistency guarantees for the scenarios. Which consistency levels should you implement? To answer, drag the appropriate consistency levels to the correct requirements. Each consistency level may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place: Answer: Explanation: Box 1: Strong - Strong: Strong consistency offers a linearizability guarantee. The reads are guaranteed to return the most recent committed version of an item. A client never sees an uncommitted or partial write. Users are always guaranteed to read the latest committed write. Box 2: Bounded staleness - Bounded staleness: The reads are guaranteed to honor the consistent-prefix guarantee. The reads might lag behind writes by at most "K" versions (that is "updates") of an item or by "t" time interval. When you choose bounded staleness, the "staleness" can be configured in two ways: The number of versions (K) of the item The time interval (t) by which the reads might lag behind the writes Box 3: Eventual - Eventual: There's no ordering guarantee for reads. In the absence of any further writes, the replicas eventually converge. Incorrect Answers: Consistent prefix: Updates that are returned contain some prefix of all the updates, with no gaps. Consistent prefix guarantees that reads never see out-of-order writes. Reference: https://docs.microsoft.com/en-us/azure/cosmos-db/consistency-levels Question: 63 CertyIQ HOTSPOT - You are configuring a development environment for your team. You deploy the latest Visual Studio image from the Azure Marketplace to your Azure subscription. The development environment requires several software development kits (SDKs) and third-party components to support application development across the organization. You install and customize the deployed virtual machine (VM) for your development team. The customized VM must be saved to allow provisioning of a new team member development environment. You need to save the customized VM for future provisioning. Which tools or services should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Answer: Explanation: Box 1: Azure Powershell - Creating an image directly from the VM ensures that the image includes all of the disks associated with the VM, including the OS disk and any data disks. Before you begin, make sure that you have the latest version of the Azure PowerShell module. You use Sysprep to generalize the virtual machine, then use Azure PowerShell to create the image. Box 2: Azure Blob Storage - You can store images in Azure Blob Storage. Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/capture-image-resource#create-an-image -of-a-vm-using-powershell Question: 64 CertyIQ You are preparing to deploy a website to an Azure Web App from a GitHub repository. The website includes static content generated by a script. You plan to use the Azure Web App continuous deployment feature. You need to run the static generation script before the website starts serving traffic. What are two possible ways to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Add the path to the static content generation tool to WEBSITE_RUN_FROM_PACKAGE setting in the host.json file. B. Add a PreBuild target in the websites csproj project file that runs the static content generation script. C. Create a file named run.cmd in the folder /run that calls a script which generates the static content and deploys the website. D. Create a file named.deployment in the root of the repository that calls a script which generates the static content and deploys the website. Answer: BD Explanation: D.) https://docs.microsoft.com/en-us/azure/app-service/deploy-local-git?tabs=cli B.) https://docs.microsoft.com/en-us/visualstudio/msbuild/msbuild-targets?view=vs-2022 ( for build pipeline in Azure DevOps) Question: 65 CertyIQ DRAG DROP - You are developing an application to use Azure Blob storage. You have configured Azure Blob storage to include change feeds. A copy of your storage account must be created in another region. Data must be copied from the current storage account to the new storage account directly between the storage servers. You need to create a copy of the storage account in another region and copy the data. In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order. Select and Place: Answer: Explanation: 1. Export the template and download/save it. 2.Create a new template and load the previously exported template's json file. 3.Modify the required details. 4.Deploy it. 4.Use Az copy https://docs.microsoft.com/en-us/azure/storage/common/storage-account-move? toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&tabs=azure-portal Question: 66 CertyIQ DRAG DROP - You are preparing to deploy an Azure virtual machine (VM)-based application. The VMs that run the application have the following requirements: ✑ When a VM is provisioned the firewall must be automatically configured before it can access Azure resources. ✑ Supporting services must be installed by using an Azure PowerShell script that is stored in Azure Storage. You need to ensure that the requirements are met. Which features should you use? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place: Answer: Explanation: Box 1: Run Command This capability is useful in all scenarios where you want to run a script within a VM. It's one of the only ways to troubleshoot and remediate a VM that doesn't have the RDP or SSH port open, because of improper network or administrative user configuration. Box 2: Customer Script Extension The Custom Script Extension downloads and executes scripts on Azure virtual machines. This extension is useful for post deployment configuration, software installation, or any other configuration or management tasks. Scripts can be downloaded from Azure storage or GitHub, or provided to the Azure portal at extension run time. The Custom Script Extension integrates with Azure Resource Manager templates, and can be run using the Azure CLI, PowerShell, Azure portal, or the Azure Virtual Machine REST API. Question: 67 CertyIQ HOTSPOT - A company is developing a Node.js web app. The web app code is hosted in a GitHub repository located at https://github.com/TailSpinToys/webapp. The web app must be reviewed before it is moved to production. You must deploy the initial code release to a deployment slot named review. You need to create the web app and deploy the code. How should you complete the commands? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Answer: Explanation: Box 1: New-AzResourceGroup - The New-AzResourceGroup cmdlet creates an Azure resource group. Box 2: New-AzAppServicePlan - The New-AzAppServicePlan cmdlet creates an Azure App Service plan in a given location Box 3: New-AzWebApp - The New-AzWebApp cmdlet creates an Azure Web App in a given a resource group Box 4: New-AzWebAppSlot - The New-AzWebAppSlot cmdlet creates an Azure Web App slot. Reference: https://docs.microsoft.com/en-us/powershell/module/az.resources/new-azresourcegroup?view=azps-2.3.2 htt ps://docs.microsoft.com/en-us/powershell/module/az.websites/new-azappserviceplan?view=azps-2.3.2 https: //docs.microsoft.com/en-us/powershell/module/az.websites/new-azwebapp?view=azps-2.3.2 https://docs.mic rosoft.com/en-us/powershell/module/az.websites/new-azwebappslot?view=azps-2.3.2 Question: 68 CertyIQ HOTSPOT - You are developing an application that needs access to an Azure virtual machine (VM). The access lifecycle for the application must be associated with the VM service instance. You need to enable managed identity for the VM. How should you complete the PowerShell segment? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Answer: Explanation: Box 1: -IdentityType - Enable system-assigned managed identity on an existing Azure VM: To enable a system-assigned managed identity, use the -IdentityType switch on the Update-AzVM cmdlet (see below). Box 2: $SystemAssigned - $vm = Get-AzVM -ResourceGroupName myResourceGroup -Name myVM Update-AzVM -ResourceGroupName myResourceGroup -VM $vm -IdentityType SystemAssigned Reference: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-p owershell-windows-vm Question: 69 CertyIQ Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2. When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute. You need to design the process that starts the photo processing. Solution: Create an Azure Function app that uses the Consumption hosting model and that is triggered from the blob upload. Does the solution meet the goal? A. Yes B. No Answer: B Explanation: "No". Consumption plan can take up to several minutes to trigger the function. See note from https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-storage-blob-triggered-function. "When your function app runs in the default Consumption plan, there may be a delay of up to several minutes between the blob being added or updated and the function being triggered. If you need low latency in your blob triggered functions, consider running your function app in an App Service plan." Question: 70 CertyIQ Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop and deploy an Azure App Service API app to a Windows-hosted deployment slot named Development. You create additional deployment slots named Testing and Production. You enable auto swap on the Production deployment slot. You need to ensure that scripts run and resources are available before a swap operation occurs. Solution: Update the app with a method named statuscheck to run the scripts. Update the app settings for the app. Set the WEBSITE_SWAP_WARMUP_PING_PATH and WEBSITE_SWAP_WARMUP_PING_STATUSES with a path to the new method and appropriate response codes. Does the solution meet the goal? A. No B. Yes Answer: B Explanation: https://docs.microsoft.com/en-us/azure/app-service/deploy-staging-slots You can also customize the warm-up behavior with one or both of the following app settings: WEBSITE_SWAP_WARMUP_PING_PATH: The path to ping to warm up your site. Add this app setting by specifying a custom path that begins with a slash as the value. An example is /statuscheck. The default value is /. WEBSITE_SWAP_WARMUP_PING_STATUSES: Valid HTTP response codes for the warm-up operation. Add this app setting with a comma-separated list of HTTP codes. An example is 200,202. If the returned status code isn't in the list, the warmup and swap operations are stopped. By default, all response codes are valid. WEBSITE_WARMUP_PATH: A relative path on the site that should be pinged whenever the site restarts (not only during slot swaps). Example values include /statuscheck or the root path, /. Question: 71 CertyIQ HOTSPOT - You create the following PowerShell script: For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer: Explanation: Box 1: No - The AzScheduledQueryRuleSource is Heartbeat, not CPU. Box 2: Yes - The AzScheduledQueryRuleSource is Heartbeat! Note: New-AzScheduledQueryRuleTriggerCondition creates an object of type Trigger Condition. This object is to be passed to the command that creates Alerting Action object. Box 3: No - The schedule is 60 minutes, not two hours. -FrequencyInMinutes: The alert frequency. -TimeWindowInMinutes: The alert time window The New-AzAscheduledQueryRuleSchedule command creates an object of type Schedule. This object is to be passed to the command that creates Log Alert Rule. Reference: https://docs.microsoft.com/en-us/powershell/module/az.monitor/new-azscheduledqueryrule https://docs.micr osoft.com/en-us/powershell/module/az.monitor/new-azscheduledqueryruletriggercondition Question: 72 CertyIQ DRAG DROP - You are developing an Azure Function app. The app must meet the following requirements: ✑ Enable developers to write the functions by using the Rust language. ✑ Declaratively connect to an Azure Blob Storage account. You need to implement the app. Which Azure Function app features should you use? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place: Answer: Explanation: Box 1: Custom handler Custom handlers can be used to create functions in any language or runtime by running an HTTP server process, for example Go or Rust. Box 2: extension bundles is needed to support the bindings and triggers that you use https://docs.microsoft.com/en-us/azure/azure-functions/functions-custom-handlers? WT.mc_id=thomasmaurer-blog-thmaure#bindings-support Question: 73 CertyIQ HOTSPOT - You are developing an ASP.NET Core web application. You plan to deploy the application to Azure Web App for Containers. The application needs to store runtime diagnostic data that must be persisted across application restarts. You have the following code: You need to configure the application settings so that diagnostic data is stored as required. How should you configure the web app's settings? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Answer: Explanation: Box 1: If WEBSITES_ENABLE_APP_SERVICE_STORAGE If WEBSITES_ENABLE_APP_SERVICE_STORAGE setting is unspecified or set to true, the /home/ directory will be shared across scale instances, and files written will persist across restarts Box 2: /home - Reference: https://docs.microsoft.com/en-us/azure/app-service/containers/app-service-linux-faq Question: 74 CertyIQ You are developing a web app that is protected by Azure Web Application Firewall (WAF). All traffic to the web app is routed through an Azure Application Gateway instance that is used by multiple web apps. The web app address is contoso.azurewebsites.net. All traffic must be secured with SSL. The Azure Application Gateway instance is used by multiple web apps. You need to configure the Azure Application Gateway for the web app. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. A. In the Azure Application Gateway's HTTP setting, enable the Use for App service setting. B. Convert the web app to run in an Azure App service environment (ASE). C. Add an authentication certificate for contoso.azurewebsites.net to the Azure Application Gateway. D. In the Azure Application Gateway's HTTP setting, set the value of the Override backend path option to contoso22.azurewebsites.net. Answer: AD Explanation: D: The ability to specify a host override is defined in the HTTP settings and can be applied to any back-end pool during rule creation. The ability to derive the host name from the IP or FQDN of the back-end pool members. HTTP settings also provide an option to dynamically pick the host name from a back-end pool member's FQDN if configured with the option to derive host name from an individual back-end pool member. A (not C): SSL termination and end to end SSL with multi-tenant services. In case of end to end SSL, trusted Azure services such as Azure App service web apps do not require whitelisting the backends in the application gateway. Therefore, there is no need to add any authentication certificates. Reference: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-web-app-overview Question: 75 CertyIQ Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2. When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute. You need to design the process that starts the photo processing. Solution: Use the Azure Blob Storage change feed to trigger photo processing. Does the solution meet the goal? A. Yes B. No Answer: B Explanation: The change feed is a log of changes that are organized into hourly segments but appended to and updated every few minutes. These segments are created only when there are blob change events that occur in that hour. Instead catch the triggered event, so move the photo processing to an Azure Function triggered from the blob upload. Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-change-feed https://docs.microsoft.com/ en-us/azure/storage/blobs/storage-blob-event-overview Question: 76 CertyIQ You are developing a web application that runs as an Azure Web App. The web application stores data in Azure SQL Database and stores files in an Azure Storage account. The web application makes HTTP requests to external services as part of normal operations. The web application is instrumented with Application Insights. The external services are OpenTelemetry compliant. You need to ensure that the customer ID of the signed in user is associated with all operations throughout the overall system. What should you do? A. Add the customer ID for the signed in user to the CorrelationContext in the web application B. On the current SpanContext, set the TraceId to the customer ID for the signed in user C. Set the header Ocp-Apim-Trace to the customer ID for the signed in user D. Create a new SpanContext with the TraceFlags value set to the customer ID for the signed in user Answer: B Explanation: 1OpenTelemetry uses correlation context and it fits the requirements: Correlation context carries user- defined properties. These properties are typically data that you would like to eventually aggregate for correlation analysis or use to filter your trace data, such as a customer identifier,... https://lightstep.com/opentelemetry/context-propagation Question: 77 CertyIQ HOTSPOT - You are developing an Azure Function App. You develop code by using a language that is not supported by the Azure Function App host. The code language supports HTTP primitives. You must deploy the code to a production Azure Function App environment. You need to configure the app for deployment. Which configuration values should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Answer: Explanation: >Code >Custom Handler >custom (only option when you pick Custom Handler) Question: 78 CertyIQ DRAG DROP - You provision virtual machines (VMs) as development environments. One VM does not start. The VM is stuck in a Windows update process. You attach the OS disk for the affected VM to a recovery VM. You need to correct the issue. In which order should you perform the actions? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place: Answer: Explanation: Remove the update that causes the problem 1. Take a snapshot of the OS disk of the affected VM as a backup. 2. Attach the OS disk to a recovery VM. 3. Once the OS disk is att