1. Topic 1, Fabrikam, inc Case Study A

Overview:

Existing Environment

Fabrikam, Inc. is an engineering company that has offices throughout Europe. The company has a main office in London and three branch offices in Amsterdam Berlin, and Rome.

Active Directory Environment:

The network contains two Active Directory forests named corp.fabnkam.com and rd.fabrikam.com. There are no trust relationships between the forests. Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication. Rd.fabrikam.com is used by the research and development (R&D) department only.

Network Infrastructure:

Each office contains at least one domain controller from the corp.fabrikam.com domain. The main office contains all the domain controllers for the rd.fabrikam.com forest.

All the offices have a high-speed connection to the Internet.

An existing application named WebApp1 is hosted in the data center of the London office. WebApp1 is used by customers to place and track orders. WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.

The IT department currently uses a separate Hyper-V environment to test updates to WebApp1.

Fabrikam purchases all Microsoft licenses through a Microsoft Enterprise Agreement that includes Software Assurance.

Problem Statement:

The use of Web App1 is unpredictable. At peak times, users often report delays. Al other times, many resources for WebApp1 are underutilized.

Requirements:

Planned Changes:

Fabrikam plans to move most of its production workloads to Azure during the next few years.

As one of its first projects, the company plans to establish a hybrid identity model, facilitating an upcoming Microsoft Office 365 deployment

All R&D operations will remain on-premises.

Fabrikam plans to migrate the production and test instances of WebApp1 to Azure.

Technical Requirements:

Fabrikam identifies the following technical requirements:

• Web site content must be easily updated from a single point.

• User input must be minimized when provisioning new app instances.

• Whenever possible, existing on premises licenses must be used to reduce cost.

• Users must always authenticate by using their corp.fabrikam.com UPN identity.

• Any new deployments to Azure must be redundant in case an Azure region fails.

• Whenever possible, solutions must be deployed to Azure by using platform as a service (PaaS).

• An email distribution group named IT Support must be notified of any issues relating to the directory synchronization services.

• Directory synchronization between Azure Active Directory (Azure AD) and corp.fabhkam.com must not be affected by a link failure between Azure and the on premises network.

Database Requirements:

Fabrikam identifies the following database requirements:

• Database metrics for the production instance of WebApp1 must be available for analysis so that database administrators can optimize the performance settings.

• To avoid disrupting customer access, database downtime must be minimized when databases are migrated.

• Database backups must be retained for a minimum of seven years to meet compliance requirement

Security Requirements:

Fabrikam identifies the following security requirements:

* Company information including policies, templates, and data must be inaccessible to anyone outside the company

* Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails.

* Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials.

* All administrative access to the Azure portal must be secured by using multi-factor authentication.

* The testing of WebApp1 updates must not be visible to anyone outside the company.

HOTSPOT

You are evaluating the components of the migration to Azure that require you to provision an Azure Storage account.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

2. What should you include in the identity management strategy to support the planned changes?

3. You need to recommend a notification solution for the IT Support distribution group.

What should you include in the recommendation?

4. You need to recommend a data storage strategy for WebApp1.

What should you include in in the recommendation?

5. You need to recommend a strategy for migrating the database content of WebApp1 to Azure.

What should you include in the recommendation?

6. HOTSPOT

You design a solution for the web tier of WebApp1 as shown in the exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

7. You need to recommend a strategy for the web tier of WebApp1. The solution must minimize.

What should you recommend?

8. HOTSPOT

To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

9. You need to recommend a solution to meet the database retention requirement.

What should you recommend?

10. Topic 2, Contoso, Ltd Case Study B

Overview

Contoso,Ltd is a US-base finance service company that has a main office New York and an office in San Francisco.

Payment Processing Query System

Contoso hosts a business critical payment processing system in its New York data center. The system has three tiers a front-end web app a middle -tier API and a back end data store implemented as a Microsoft SQL Server 2014 database All servers run Windows Server 2012 R2.

The front -end and middle net components are hosted by using Microsoft Internet Inform-non Services (IK) The application rode is written in C# and middle- tier API uses the Entity framework to communicate the SQL Server database. Maintenance of the database e performed by using SQL Server Ago-

The database is currently J IB and is not expected to grow beyond 3 TB.

The payment processing system has the following compliance related requirement

• Encrypt data in transit and at test. Only the front-end and middle-tier components must be able to access the encryption keys that protect the date store.

• Keep backups of the two separate physical locations that are at last 200 miles apart and can be restored for op to seven years.

• Support blocking inbound and outbound traffic based on the source IP address, the description IP address, and the port number

• Collect Windows security logs from all the middle-tier servers and retain the log for a period of seven years,

• Inspect inbound and outbound traffic from the from-end tier by using highly available network appliances.

• Only allow all access to all the tiers from the internal network of Contoso.

Tape backups ate configured by using an on-premises deployment or Microsoft System Center Data protection Manager (DPMX and then shaped ofsite for long term storage

Historical Transaction Query System

Contoso recently migrate a business-Critical workload to Azure. The workload contains a NET web server for querying the historical transaction data residing in azure Table Storage. The NET service is accessible from a client app that was developed in-house and on the client computer in the New Your office. The data in the storage is 50 GB and is not except to increase.

Information Security Requirement

The IT security team wants to ensure that identity management n performed by using Active Directory.

Password hashes must be stored on premises only.

Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger multi-factor authentication prompt automatically Legitimate users must be able to authenticate successfully by using multi-factor authentication.

Planned Changes

Contoso plans to implement the following changes:

* Migrate the payment processing system to Azure.

* Migrate the historical transaction data to Azure Cosmos DB to address the performance issues.

Migration Requirements

Contoso identifies the following general migration requirements:

Infrastructure services must remain available if a region or a data center fails. Failover must occur without any administrative intervention

• Whenever possible. Azure managed serves must be used to management overhead

• Whenever possible, costs must be minimized.

Contoso identifies the following requirements for the payment processing system:

• If a data center fails, ensure that the payment processing system remains available without any administrative intervention. The middle-tier and the web front end must continue to operate without any additional configurations-

• If that the number of compute nodes of the from -end and the middle tiers of the payment processing system can increase or decrease automatically based on CPU utilization.

• Ensure that each tier of the payment processing system is subject to a Service level Agreement (SLA) of 9959 percent availability

• Minimize the effort required to modify the middle tier API and the back-end tier of the payment processing system.

• Generate alerts when unauthorized login attempts occur on the middle-tier virtual machines.

• Insure that the payment processing system preserves its current compliance status.

• Host the middle tier of the payment processing system on a virtual machine.

Contoso identifies the following requirements for the historical transaction query system:

• Minimize the use of on-premises infrastructure service.

• Minimize the effort required to modify the .NET web service querying Azure Cosmos DB.

• If a region fails, ensure that the historical transaction query system remains available without any administrative intervention.

Current Issue

The Contoso IT team discovers poor performance of the historical transaction query as the queries frequently cause table scans.

Information Security Requirements

The IT security team wants to ensure that identity management is performed by using Active Directory.

Password hashes must be stored on-premises only.

Access to all business-critical systems must rely on Active Directory credentials. Any suspicious authentication attempts must trigger a multi-factor authentication prompt automatically. legitimate users must be able to authenticate successfully by using multi-factor authentication.

HOTSPOT

You need to recommend a solution for data of the historical transaction query system.

What should you include in the recommendation? To answer, Select the appropriate or options in the answer area. NOTE: Each correct selection is worth one point

11. You need to recommend a solution for protecting the content of the back-end tier of the payment processing system.

What should you include in the recommendations?

12. HOTSPOT

You need to recommend a solution for the users at Contoso to authenticate to the cloud-based services and the Azure AD-integrated applications.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

13. HOTSPOT

You need to recommend a solution for the data store of the historical transaction query system.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

14. HOTSPOT

You need to recommend a solution for the user at Contoso to authenticate to the cloud-based sconces and the Azure AD-integrated application.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

15. You need to recommend a solution for the network configuration of the front-end tier of the payment processing.

What should you include in the recommendation?

16. You need to recommend a high-availability solution for the middle tier of the payment processing system.

What should you include in the recommendation?

17. You need to recommend a compute solution for the middle tier of the payment processing system.

What should you include in the recommendation?

18. You need to recommend a solution for the collection of security logs the middle tier of the payment processing system.

What should you include in the recommendation?

19. You need to recommend a solution for protecting the content of the payment processing system.

What should you include in the recommendation?

20. You need to recommend a solution for implementing the back-end tier of the payment processing system in Azure.

What should you include in the recommendation?

21. You need to recommend a disaster recovery solution for the back-end tier of the payment processing system.

What should you include in the recommendation?

22. HOTSPOT

You need to design a solution for securing access to the historical transaction data.

What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

23. You need to recommend a backup solution for the data store of the payment processing.

What should you include in the recommendation?

24. HOTSPOT

You need to recommend a solution for configuring the Azure Multi-Factor Authentication (MFA) settings.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

25. You need to recommend a backup solution for the data store of the payment processing system.

What should you include in the recommendation?

26. Topic 3, Misc Questions

You have an Azure subscription that contains a custom application named Application was developed by an external company named fabric, Ltd. Developers at Fabrikam were assigned role-based access control (RBAV) permissions to the Application components. All users are licensed for the Microsoft 365 E5 plan.

You need to recommends a solution to verify whether the Faricak developers still require permissions to Application1.

The solution must the following requirements.

* To the manager of the developers, send a monthly email message that lists the access permissions to Application1.

* If the manager does not verify access permission, automatically revoke that permission.

* Minimize development effort.

What should you recommend?

27. HOTSPOT

You have an Azure SQL database named DB1.

You need to recommend a data security solution for DB1. the solution must meet the following requirements:

• When helpdesk supervisors query DS1. they must see the full number of each credit card.

• When helpdesk operators Query DB1. they must see only the last four digits of each credit card number

• A column named Credit Rating must never appear in plain text within the database system, and only client applications must be able to decrypt the Credit Rating column.

What should you include in the recommendation To answer, select the appropriate options in the answer area? NOTE: Each correct selection is worth one point.

28. You have an Azure subscription.

Your on-premises network contains a file server named Server1. Server 1 stores 5 TB of company files that are accessed rarely.

You plan to copy the files to Azure Storage.

You need to implement a storage solution for the files that meets the following requirements:

• The files must be available within 24 hours of being requested.

• Storage costs must be minimized.

Which two possible storage solutions achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

29. You have 500 Azure web apps in the same Azure region. The apps use a premium Azure Key vault for authentication. A developer reports that some authentication requests are being throttled.

You need 10 recommend a solution to increase the available throughput of the key vault the solution must minimize costs.

What should you recommend?

30. A company has a hybrid ASP.NET Web API application that is based on a software as a service (SaaS) offering.

Users report general issues with the data. You advise the company to implement live monitoring and use ad hoc queries on stored JSON data. You also advise the company to set up smart alerting to detect anomalies in the data.

You need to recommend a solution to set up smart alerting.

What should you recommend?

31. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are designing an Azure solution for a company that has four departments. Each department will deploy several Azure app services and Azure SQL databases.

You need to recommend a solution to report the costs for each department to deploy the app services and the databases. The solution must provide a consolidated view for cost reporting that displays cost broken down by department.

Solution: Create a resource group for each resource type. Assign tags to each resource group.

Does the solution meet the goal?

32. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are designing an Azure solution for a company that has four departments. Each department will deploy several Azure app services and Azure SQL databases.

You need to recommend a solution to report the costs for each department to deploy the app services and the databases. The solution must provide a consolidated view for cost reporting that displays cost broken down by department.

Solution: Place all resources in the same resource group. Assign tags to each resource.

Does the solution meet the goal?

33. HOTSPOT

You have an existing implementation of Microsoft SQL Server Integration Services (SSIS) packages stored in an SSISDB catalog on your on-premises network. The on-premises network does not have hybrid connectivity to Azure by using Site-to-Site VPN or ExpressRoute.

You want to migrate the packages to Azure Data Factory.

You need to recommend a solution that facilitates the migration while minimizing changes to the existing packages. The solution must minimize costs.

What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

34. You use Azure virtual machines to run a custom application that uses an Azure SQL

database on the back end.

The IT apartment at your company recently enabled forced tunneling, Since the configuration change, developers have noticed degraded performance when they access the database.

You need to recommend a solution to minimize latency when accessing the database. The solution must minimize costs.

What should you include in the recommendation?

35. You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant. The subscription contains 10 resource groups, one for each department at your company.

Each department has a specific spending limit for its Azure resources.

You need to ensure that when a department reaches its spending limit, the compute resources of the department shut down automatically.

Which two features should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

36. HOTSPOT

You configure OAuth2 authorization in API Management as shown in the exhibit.

Use the drop-domain to select the answer choice that completes each statement based on

the information presented in the graphic. NOTE: Each correct selection is worth one point.

37. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service instances will be deployed at the same time as the Azure SQL databases.

The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region.

You need to recommend a solution to meet the regulatory requirement.

Solution: You recommend creating resource groups based on locations and implementing resource locks on the resource groups.

Does this meet the goal?

38. You are designing an order processing system in Azure that will contain the Azure resources shown in the following table.

The order processing system will have the following transaction flow:

✑ A customer will place an order by using App1.

✑ When the order is received, App1 will generate a message to check for product availability at vendor 1 and vendor 2.

✑ An integration component will process the message, and then trigger either Function1 or Function2 depending on the type of order.

✑ Once a vendor confirms the product availability, a status message for App1 will be generated by Function1 or Function2.

✑ All the steps of the transaction will be logged to storage1.

Which type of resource should you recommend for the integration component?

39. You need to recommend a data storage solution that meets the following requirements:

• Ensures that applications can access the data by using a REST connection

• Hosts 20 independent tables of varying sizes and usage patterns

• Automatically replicates the data to a second Azure region

• Minimizes costs

What should you recommend?

40. HOTSPOT

Your company has two on-premises sites in New York and Los Angeles and Azure virtual networks in the East US Azure region and the West US Azure region. Each on-premises site has Azure ExpressRoute circuits to both regions.

You need to recommend a solution that meets the following requirements:

✑ Outbound traffic to the Internet from workloads hosted on the virtual networks must be routed through the closest available on-premises site.

✑ If an on-premises site fails, traffic from the workloads on the virtual networks to the Internet must reroute automatically to the other site.

What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

41. Your company purchases an app named App1.

You plan to tun App1 on seven Azure virtual machines In an Availability Set. The number of fault domains is set to 3. The number of update domains is set to 20.

You need to identity how many App1 instances will remain available during a period of planned maintenance.

How many Appl instances should you identify?

42. DRAG DROP

You are designing a network connectivity strategy for a new Azure subscription.

You identify the following requirements:

✑ The Azure virtual machines on a subnet named Subnet1 must be accessible only from the computers in your London office.

✑ Engineers require access to the Azure virtual machine on a subnet named Subnet2 over the Internet on a specific TCP/IP management port.

✑ The Azure virtual machines in the West Europe Azure region must be able to communicate on all ports to the Azure virtual machines in the North Europe Azure region.

You need to recommend which components must be used to meet the requirements. The solution must minimize costs and administrative effort whenever possible.

What should you include in the recommendation? To answer, drag the appropriate components to the correct requirements. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

43. DRAG DROP

A company has an existing web application that runs on virtual machines (VMs) in Azure.

You need to ensure that the application is protected from SQL injection attempts and uses a layer-7 load balancer. The solution must minimize disruption to the code for the existing web application.

What should you recommend? To answer, drag the appropriate values to the correct items. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

44. You use Azure Application Insights.

You plan to use continuous export.

You need to store Application Insights data for five years.

Which Azure service should you use?

45. You have an Azure Storage account that contains the data shown in the following exhibit.

You need to identify which files can be accessed immediately from the storage account.

Which files should you identify?

46. You have an Azure subscription. The subscription contains an app ir-tal is hosted in Ihe East US, Central Europe, ant) East Asia regions You need to recommend a data-tier solution for the app.

The solution must meet the following requirements:

• Support multiple consistency levels.

• Be able to store at least 1 TB of data.

• Be able to perform read and write operations in the Azure region that is local to the app instance

What should you Include In the recommendation?

47. Your company has the infrastructure shown in the following table.

The on-premises Active Directory domain syncs to Azure Active Directory (Azure AD).

Server1 runs an application named Appl that uses LDAP queries to verify user identities in the on-premises Active Directory domain.

You plan to migrate Server1 to a virtual machine in Subscription1.

A company security policy states that the virtual machines and services deployed to Subscription! must be prevented from accessing the on-premises network.

You need to recommend a solution to ensure that Appl continues to function after the migration. The solution must meet the security policy.

What should you include in the recommendation?

48. You are reviewing an Azure architecture as shown in the Architecture exhibit (Click the Architecture tab.)

The estimated monthly costs for the architecture are shown in the Costs exhibit. (Click the Costs tab.)

The log files are generated by user activity to Apache web servers. The log files are in a consistent format. Approximately 1 GB of logs are generated per day. Microsoft Power Bl is used to display weekly reports of the user activity.

You need to recommend a solution to minimize costs while maintaining the functionality of the architecture.

What should you recommend?

49. You have an Azure Active Directory (Azure AD) tenant.

You plan to provide users with access to shared files by using Azure Storage. The users will be provided with different levels of access to various Azure file shares based on their user account or their group membership.

You need to recommend which additional Azure services must be used to support the planned deployment.

What should you include in the recommendation?

50. DRAG DROP

You are planning an Azure solution that will host production databases for a high-performance application. The solution will include the following components:

✑ Two virtual machines that will run Microsoft SQL Server 2016, will be deployed to different data centers in the same Azure region, and will be part of an Always On availability group.

✑ SQL Server data that will be backed up by using the Automated Backup feature of the SQL Server IaaS Agent Extension (SQLIaaSExtension)

You identify the storage priorities for various data types as shown in the following table.

Which storage type should you recommend for each data type? To answer, drag the appropriate storage types to the correct data types. Each storage type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

51. You are developing a sales application that will contain several Azure cloud services and will handle different components of a transaction Different cloud services will process customer orders balling, payment inventory, and stopping.

You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using REST messages.

What should you include in the recommendation?

52. Your company purchases an app named App1.

You need to recommend a solution 10 ensure that App 1 can read and modify access reviews.

What should you recommend?

53. You have an Azure subscription that contains an Azure Blob storage account named store1.

You have an on-premises file server named Setver1 that runs Windows Sewer 2016.

Server1 stores 500 GB of company files.

You need to store a copy of the company files from Server 1 in store1.

Which two possible Azure services achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point

54. You nave 200 resource groups across 20 Azure subscriptions.

Your company's security policy states that the security administrator most verify all assignments of the Owner role for the subscriptions and resource groups once a month. All assignments that are not approved try the security administrator must be removed automatically. The security administrator must be prompted every month to perform the verification.

What should you use to implement the security policy?

55. DRAG DROP

You are designing a virtual machine that will run Microsoft SQL Server and will contain two data disks. The first data disk will store log files, and the second data disk will store data. Both disks are P40 managed disks.

You need to recommend a caching policy for each disk. The policy must provide the best overall performance for the virtual machine.

Which caching policy should you recommend for each disk? To answer, drag the appropriate policies to the correct disks. Each policy may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

56. HOTSPOT

Your company deploys several Linux and Windows virtual machines (VMs) to Azure. The VMs are deployed with the Microsoft Dependency Agent and the Log Analytics Agent installed by using Azure VM extensions. On-premises connectivity has been enabled by using Azure ExpressRoute.

You need to design a solution to monitor the VMs.

Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area. NOTE: Each correct selection is worth one point.

57. Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.

Your company would like users to be automatically signed in to cloud apps when they are

on their corporate desktops that are connected to the corporate network.

You need to enable single sign-on (SSO) for company users.

Solution: Install and configure an on-premises Active Directory Federation Services (AD FS) server with a trust established between the AD FS server and Azure AD.

Does the solution meet the goal?

58. Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment.

Your company would like users to be automatically signed in to cloud apps when they are on their corporate desktops that are connected to the corporate network.

You need to enable single sign-on (SSO) for company users.

Solution: Install and configure an Azure AD Connect server to use pass-through authentication and select the Enable single sign-on option.

Does the solution meet the goal?

59. HOTSPOT

Your company develops a web service that is deployed to an Azure virtual machine named VM1. The web service allows an API to access real-time data from VM1.

The current virtual machine deployment is shown in the Deployment exhibit. (Click the Deployment tab).

The chief technology officer (CTO) sends you the following email message: “Our developers have deployed the web service to a virtual machine named VM1. Testing has shown that the API is accessible from VM1 and VM2. Our partners must be able to connect to the API over the Internet. Partners will use this data in applications that they develop.”

You deploy an Azure API Management (APIM) service. The relevant API Management configuration is shown in the API exhibit. (Click the API tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

60. You store web access logs data in Azure Blob storage.

You plan to generate monthly reports from the access logs.

You need to recommend an automated process to upload the data to Azure SQL Database every month.

What should you include in the recommendation?

61. You are designing a data protection strategy for Azure virtual machines. All the virtual machines use managed disks.

You need to recommend a solution that meets the following requirements:

• The use of encryption keys is audited.

• All the data is encrypted at rest always.

• You manage the encryption keys, not Microsoft.

What should you include in the recommendation?

62. Note: This question is part of a series of questions that present the same scenario. Each

question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service instances will be deployed at the same time as the Azure SQL databases.

The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region.

You need to recommend a solution to meet the regulatory requirement.

Solution: You recommend using the Regulatory compliance dashboard in Azure Security Center.

Does this meet the goal?

63. Your company has the divisions shown in the following table.

Sub1 contains an Azure web app that runs an ASP.NET application named App1 uses the Microsoft identity platform (v2.0) to handler user authentication. users from east.contoso.com can authenticate to App1.

You need to recommend a solution to allow users from west.contoso.com to authenticate to App1.

What should you recommend for the west.contoso.com Azure AD tenant?

64. You have an Azure subscription that contains an Azure SQL database named DB1.

Several queries that query the data in DB1 take a long time to execute.

You need to recommend a solution to identify the queries that take the longest to execute.

What should you include in the recommendation?

65. You need to deploy resources to host a stateless web app in an Azure subscription.

The solution must meet the following requirements:

• Provide access to the full .NET framework.

• Provide redundancy if an Azure region fails.

• Grant administrators access to the operating system to install custom application dependencies.

Solution: You deploy a web app in an Isolated App Service plan.

Does this meet the goal?

66. HOTSPOT

You are designing a solution for a stateless front-end application named Application1.

Application1 will be hosted on two Azure virtual machines named VM1 and VM2.

You plan to load balance connections to VM1 and VM2 from the Internet by using one Azure load balancer.

You need to recommend the minimum number of required public IP addresses.

How many public IP addresses should you recommend using for each resource? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

67. You are designing a microservices architecture that will be hosted in an Azure Kubernetes Service (AKS) cluster. Apps that will consume the microservices will be hosted on Azure virtual machines. The virtual machines and the AKS cluster will reside on the same virtual network.

You need to design a solution to expose the microservices to the consumer apps.

The solution must meet the following requirements:

• Ingress access to the microservices must be restricted to a single private IP address and protected by using mutual TLS authentication.

• The number of incoming microservice calls must be rate-limited.

• Costs must be minimized.

What should you include in the solution?

68. Your network contains an on-premises Active Directory domain.

The domain contains the Hyper-V clusters shown in the following table.

You plan to implement Azure Site Recovery to protect six virtual machines running on Cluster1 and three virtual machines running on Cluster1 Virtual machines are running on all Cluster! and Cluster2 nodes.

You need to identify the minimum number of Azure Site Recovery Providers that must be installed on premises.

How many Providers should you identify?

69. HOTSPOT

You are designing a cost-optimized solution that uses Azure Batch to run two types of jobs on Linux nodes. The first job type will consist of short-running tasks for a development environment. The second jot type will consist of long-running Message Passing Interface (MPI) applications for a production environment that requires timely job completion.

You need to recommend the pool type and node type for each job type. The solution must minimize compute charges and leverage Azure Hybrid Benefit whenever possible.

What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

70. You have an Azure Active Directory (Azure AD) tenant named Contoso.com. The tenant contains a group named Group1. Group1 contains all the administrator user accounts.

You discover several login attempts to the Azure portal from countries administrator users do NOT work.

You need to ensure that all login attempts to the portal from those countries require Azure Multi-Factor Authentication (MFA).

Solution: You implement an access package.

Does this meet the goal?

71. You are designing an Azure web app that will use Azure Active Directory (Azure AD) for authentication.

You need to recommend a solution to provide users from multiple Azure AD tenants with access to App1. The solution must ensure that the users use Azure Multi-Factor Authentication (MFA) when they connect to App1.

Which two types of objects should you include in the recommendation? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

72. You are developing a web application that provides streaming video to users. You configure the application to use continuous integration and deployment.

The app must be highly available and provide a continuous streaming experience for users.

You need to recommend a solution that allows the application to store data in a geographical location that is closest to the user.

What should you recommend?

73. DRAG DROP

A company named Contoso, Ltd- has an Azure Active Directory {Azure AD) tenant that uses the Basic license. You plan to deploy two applications to Azure.

The applications have the requirements shown in the following table.

Which authentication strategy should you recommend for each application? To answer, drag the appropriate authentication strategies to the correct applications. Each authentication strategy may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

74. Your deploy Azure App Service Web Apps that connect to on-premises Microsoft SQL Server instances by using Azure ExpressRoute You plan to migrate the SQL Server instances to Azure.

Migration of the SQL Server instances to Azure must

• Support automatic patching and version updates to SQL Server.

• Provide automatic backup services.

• Allow for high-availability of the instances,

• Provide a native VNET with private IP addressing.

• Encrypt all data in transit

• Be in a single-tenant environment with dedicated underlying infrastructure (compute, storage}.

You need to migrate the SQL Server instances to Azure.

Which Azure service should you use?

75. You have a hybrid deployment of Azure Active Directory (Azure AD).

You need to recommend a solution to ensure that the Azure AD tenant can be managed only from the computers on your on-premises network.

What should you include in the recommendation?

76. You have 70 TB of files on your on-premises file server.

You need to recommend solution for importing data to Azure. The solution must minimize cost.

What Azure service should you recommend?

77. HOTSPOT

You plan to deploy an Azure web app named Appl that will use Azure Active Directory (Azure AD) authentication.

App1 will be accessed from the internet by the users at your company. All the users have computers that run Windows 10 and are joined to Azure AD.

You need to recommend a solution to ensure that the users can connect to App1 without being prompted for authentication and can access App1 only from company-owned computers.

What should you recommend for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

78. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Storage v2 account named Storage1.

You plan to archive data to Storage1.

You need to ensure that the archived data cannot be deleted for five years. The solution must prevent administrators from deleting the data.

Solution: You create a file share, and you configure an access policy.

Does this meet the goal?

79. You manage an Azure environment for a company. The environment has over 25,000 licensed users and 100 mission-critical applications. You need to recommend a solution that provides advanced user threat detection and remediation strategies.

What should you recommend?

80. You have an Azure SQL Database elastic pool.

You need to monitor the resource usage of the elastic pool for anomalous database activity based on historic usage patterns. The solution must minimize administrative effort.

What should you include in the solution?