Updated AZ-204 Dumps To Pass Developing Solutions for Microsoft Azure Exam

1. Case Study 1

Current environment

Windows Server 2016 virtual machine

The virtual machine (VM) runs BizTalk Server 2016.

The VM runs the following workflows:

- Ocean Transport C This workflow gathers and validates container information including container contents and arrival notices at various shipping ports.

- Inland Transport C This workflow gathers and validates trucking information including fuel usage, number of stops, and routes.

The VM supports the following REST API calls:

- Container API C This API provides container information including weight, contents, and other attributes.

- Location API C This API provides location information regarding shipping ports of call and tracking stops.

- Shipping REST API C This API provides shipping information for use and display on the shipping website.

Shipping Data

The application uses MongoDB JSON document storage database for all container and transport information.

Shipping Web Site

The site displays shipping container tracking information and container contents. The site is located at http://shipping.wideworldimporters.com/

Proposed solution

The on-premises shipping application must be moved to Azure. The VM has been migrated to a new Standard_D16s_v3 Azure VM by using Azure Site Recovery and must remain running in Azure to complete the BizTalk component migrations. You create a Standard_D16s_v3 Azure VM to host BizTalk Server.

The Azure architecture diagram for the proposed solution is shown below:

Requirements

Shipping Logic app

The Shipping Logic app must meet the following requirements:

- Support the ocean transport and inland transport workflows by using a Logic App.

- Support industry-standard protocol X12 message format for various messages including vessel content details and arrival notices.

- Secure resources to the corporate VNet and use dedicated storage resources with a fixed costing model.

- Maintain on-premises connectivity to support legacy applications and final BizTalk migrations.

Shipping Function app

Implement secure function endpoints by using app-level security and include Azure Active Directory (Azure AD).

REST APIs

The REST API’s that support the solution must meet the following requirements:

- Secure resources to the corporate VNet.

- Allow deployment to a testing location within Azure while not incurring additional costs.

- Automatically scale to double capacity during peak shipping times while not causing application downtime.

- Minimize costs when selecting an Azure payment model.

Shipping data

Data migration from on-premises to Azure must minimize costs and downtime.

Shipping website

Use Azure Content Delivery Network (CDN) and ensure maximum performance for dynamic content while minimizing latency and costs.

Issues

Windows Server 2016 VM

The VM shows high network latency, jitter, and high CPU utilization. The VM is critical and has not been backed up in the past. The VM must enable a quick restore from a 7-day snapshot to include in-place restore of disks in case of failure.

Shipping website and REST APIs

The following error message displays while you are testing the website:

Failed to load http://test-shippingapi.wideworldimporters.com/: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://test.wideworldimporters.com/' is therefore not allowed access.

You need to secure the Shipping Logic App.

What should you use?

Azure App Service Environment (ASE)

Integration Service Environment (ISE)

VNet service endpoint

Azure AD B2B integration

2. Case Study 1

Current environment

Windows Server 2016 virtual machine

The virtual machine (VM) runs BizTalk Server 2016.

The VM runs the following workflows:

- Ocean Transport C This workflow gathers and validates container information including container contents and arrival notices at various shipping ports.

- Inland Transport C This workflow gathers and validates trucking information including fuel usage, number of stops, and routes.

The VM supports the following REST API calls:

- Container API C This API provides container information including weight, contents, and other attributes.

- Location API C This API provides location information regarding shipping ports of call and tracking stops.

- Shipping REST API C This API provides shipping information for use and display on the shipping website.

Shipping Data

The application uses MongoDB JSON document storage database for all container and transport information.

Shipping Web Site

The site displays shipping container tracking information and container contents. The site is located at http://shipping.wideworldimporters.com/

Proposed solution

The on-premises shipping application must be moved to Azure. The VM has been migrated to a new Standard_D16s_v3 Azure VM by using Azure Site Recovery and must remain running in Azure to complete the BizTalk component migrations. You create a Standard_D16s_v3 Azure VM to host BizTalk Server.

The Azure architecture diagram for the proposed solution is shown below:

Requirements

Shipping Logic app

The Shipping Logic app must meet the following requirements:

- Support the ocean transport and inland transport workflows by using a Logic App.

- Support industry-standard protocol X12 message format for various messages including vessel content details and arrival notices.

- Secure resources to the corporate VNet and use dedicated storage resources with a fixed costing model.

- Maintain on-premises connectivity to support legacy applications and final BizTalk migrations.

Shipping Function app

Implement secure function endpoints by using app-level security and include Azure Active Directory (Azure AD).

REST APIs

The REST API’s that support the solution must meet the following requirements:

- Secure resources to the corporate VNet.

- Allow deployment to a testing location within Azure while not incurring additional costs.

- Automatically scale to double capacity during peak shipping times while not causing application downtime.

- Minimize costs when selecting an Azure payment model.

Shipping data

Data migration from on-premises to Azure must minimize costs and downtime.

Shipping website

Use Azure Content Delivery Network (CDN) and ensure maximum performance for dynamic content while minimizing latency and costs.

Issues

Windows Server 2016 VM

The VM shows high network latency, jitter, and high CPU utilization. The VM is critical and has not been backed up in the past. The VM must enable a quick restore from a 7-day snapshot to include in-place restore of disks in case of failure.

Shipping website and REST APIs

The following error message displays while you are testing the website:

Failed to load http://test-shippingapi.wideworldimporters.com/: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://test.wideworldimporters.com/' is therefore not allowed access.

You need to support the requirements for the Shipping Logic App.

What should you use?

Azure Active Directory Application Proxy

Site-to-Site (S2S) VPN connection

On-premises Data Gateway

Point-to-Site (P2S) VPN connection

3. Case Study 1

Current environment

Windows Server 2016 virtual machine

The virtual machine (VM) runs BizTalk Server 2016.

The VM runs the following workflows:

- Ocean Transport C This workflow gathers and validates container information including container contents and arrival notices at various shipping ports.

- Inland Transport C This workflow gathers and validates trucking information including fuel usage, number of stops, and routes.

The VM supports the following REST API calls:

- Container API C This API provides container information including weight, contents, and other attributes.

- Location API C This API provides location information regarding shipping ports of call and tracking stops.

- Shipping REST API C This API provides shipping information for use and display on the shipping website.

Shipping Data

The application uses MongoDB JSON document storage database for all container and transport information.

Shipping Web Site

The site displays shipping container tracking information and container contents. The site is located at http://shipping.wideworldimporters.com/

Proposed solution

The on-premises shipping application must be moved to Azure. The VM has been migrated to a new Standard_D16s_v3 Azure VM by using Azure Site Recovery and must remain running in Azure to complete the BizTalk component migrations. You create a Standard_D16s_v3 Azure VM to host BizTalk Server.

The Azure architecture diagram for the proposed solution is shown below:

Requirements

Shipping Logic app

The Shipping Logic app must meet the following requirements:

- Support the ocean transport and inland transport workflows by using a Logic App.

- Support industry-standard protocol X12 message format for various messages including vessel content details and arrival notices.

- Secure resources to the corporate VNet and use dedicated storage resources with a fixed costing model.

- Maintain on-premises connectivity to support legacy applications and final BizTalk migrations.

Shipping Function app

Implement secure function endpoints by using app-level security and include Azure Active Directory (Azure AD).

REST APIs

The REST API’s that support the solution must meet the following requirements:

- Secure resources to the corporate VNet.

- Allow deployment to a testing location within Azure while not incurring additional costs.

- Automatically scale to double capacity during peak shipping times while not causing application downtime.

- Minimize costs when selecting an Azure payment model.

Shipping data

Data migration from on-premises to Azure must minimize costs and downtime.

Shipping website

Use Azure Content Delivery Network (CDN) and ensure maximum performance for dynamic content while minimizing latency and costs.

Issues

Windows Server 2016 VM

The VM shows high network latency, jitter, and high CPU utilization. The VM is critical and has not been backed up in the past. The VM must enable a quick restore from a 7-day snapshot to include in-place restore of disks in case of failure.

Shipping website and REST APIs

The following error message displays while you are testing the website:

Failed to load http://test-shippingapi.wideworldimporters.com/: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://test.wideworldimporters.com/' is therefore not allowed access.

Hotspot Question

You need to configure Azure CDN for the Shipping web site.

Which configuration options should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

4. Case Study 1

Current environment

Windows Server 2016 virtual machine

The virtual machine (VM) runs BizTalk Server 2016.

The VM runs the following workflows:

- Ocean Transport C This workflow gathers and validates container information including container contents and arrival notices at various shipping ports.

- Inland Transport C This workflow gathers and validates trucking information including fuel usage, number of stops, and routes.

The VM supports the following REST API calls:

- Container API C This API provides container information including weight, contents, and other attributes.

- Location API C This API provides location information regarding shipping ports of call and tracking stops.

- Shipping REST API C This API provides shipping information for use and display on the shipping website.

Shipping Data

The application uses MongoDB JSON document storage database for all container and transport information.

Shipping Web Site

The site displays shipping container tracking information and container contents. The site is located at http://shipping.wideworldimporters.com/

Proposed solution

The on-premises shipping application must be moved to Azure. The VM has been migrated to a new Standard_D16s_v3 Azure VM by using Azure Site Recovery and must remain running in Azure to complete the BizTalk component migrations. You create a Standard_D16s_v3 Azure VM to host BizTalk Server.

The Azure architecture diagram for the proposed solution is shown below:

Requirements

Shipping Logic app

The Shipping Logic app must meet the following requirements:

- Support the ocean transport and inland transport workflows by using a Logic App.

- Support industry-standard protocol X12 message format for various messages including vessel content details and arrival notices.

- Secure resources to the corporate VNet and use dedicated storage resources with a fixed costing model.

- Maintain on-premises connectivity to support legacy applications and final BizTalk migrations.

Shipping Function app

Implement secure function endpoints by using app-level security and include Azure Active Directory (Azure AD).

REST APIs

The REST API’s that support the solution must meet the following requirements:

- Secure resources to the corporate VNet.

- Allow deployment to a testing location within Azure while not incurring additional costs.

- Automatically scale to double capacity during peak shipping times while not causing application downtime.

- Minimize costs when selecting an Azure payment model.

Shipping data

Data migration from on-premises to Azure must minimize costs and downtime.

Shipping website

Use Azure Content Delivery Network (CDN) and ensure maximum performance for dynamic content while minimizing latency and costs.

Issues

Windows Server 2016 VM

The VM shows high network latency, jitter, and high CPU utilization. The VM is critical and has not been backed up in the past. The VM must enable a quick restore from a 7-day snapshot to include in-place restore of disks in case of failure.

Shipping website and REST APIs

The following error message displays while you are testing the website:

Failed to load http://test-shippingapi.wideworldimporters.com/: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://test.wideworldimporters.com/' is therefore not allowed access.

Hotspot Question

You need to secure the Shipping Function app.

How should you configure the app? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

5. Case Study 1

Current environment

Windows Server 2016 virtual machine

The virtual machine (VM) runs BizTalk Server 2016.

The VM runs the following workflows:

- Ocean Transport C This workflow gathers and validates container information including container contents and arrival notices at various shipping ports.

- Inland Transport C This workflow gathers and validates trucking information including fuel usage, number of stops, and routes.

The VM supports the following REST API calls:

- Container API C This API provides container information including weight, contents, and other attributes.

- Location API C This API provides location information regarding shipping ports of call and tracking stops.

- Shipping REST API C This API provides shipping information for use and display on the shipping website.

Shipping Data

The application uses MongoDB JSON document storage database for all container and transport information.

Shipping Web Site

The site displays shipping container tracking information and container contents. The site is located at http://shipping.wideworldimporters.com/

Proposed solution

The on-premises shipping application must be moved to Azure. The VM has been migrated to a new Standard_D16s_v3 Azure VM by using Azure Site Recovery and must remain running in Azure to complete the BizTalk component migrations. You create a Standard_D16s_v3 Azure VM to host BizTalk Server.

The Azure architecture diagram for the proposed solution is shown below:

Requirements

Shipping Logic app

The Shipping Logic app must meet the following requirements:

- Support the ocean transport and inland transport workflows by using a Logic App.

- Support industry-standard protocol X12 message format for various messages including vessel content details and arrival notices.

- Secure resources to the corporate VNet and use dedicated storage resources with a fixed costing model.

- Maintain on-premises connectivity to support legacy applications and final BizTalk migrations.

Shipping Function app

Implement secure function endpoints by using app-level security and include Azure Active Directory (Azure AD).

REST APIs

The REST API’s that support the solution must meet the following requirements:

- Secure resources to the corporate VNet.

- Allow deployment to a testing location within Azure while not incurring additional costs.

- Automatically scale to double capacity during peak shipping times while not causing application downtime.

- Minimize costs when selecting an Azure payment model.

Shipping data

Data migration from on-premises to Azure must minimize costs and downtime.

Shipping website

Use Azure Content Delivery Network (CDN) and ensure maximum performance for dynamic content while minimizing latency and costs.

Issues

Windows Server 2016 VM

The VM shows high network latency, jitter, and high CPU utilization. The VM is critical and has not been backed up in the past. The VM must enable a quick restore from a 7-day snapshot to include in-place restore of disks in case of failure.

Shipping website and REST APIs

The following error message displays while you are testing the website:

Failed to load http://test-shippingapi.wideworldimporters.com/: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://test.wideworldimporters.com/' is therefore not allowed access.

Drag and Drop Question

You need to support the message processing for the ocean transport workflow.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

6. Case Study 2

Requirements

ContentAnalysisService

The company’s data science group built ContentAnalysisService which accepts user generated content as a string and returns a probable value for inappropriate content. Any values over a specific threshold must be reviewed by an employee of Contoso, Ltd.

You must create an Azure Function named CheckUserContent to perform the content checks.

Costs

You must minimize costs for all Azure services.

Manual review

To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role. All completed reviews must include the reviewer’s email address for auditing purposes.

High availability

All services must run in multiple regions. The failure of any service in a region must not impact overall application availability.

Monitoring

An alert must be raised if the ContentUploadService uses more than 80 percent of available CPU-cores.

Security

You have the following security requirements:

- Any web service accessible over the Internet must be protected from cross site scripting attacks.

- All websites and services must use SSL from a valid root certificate authority.

- Azure Storage access keys must only be stored in memory and must be available only to the service.

- All Internal services must only be accessible from Internal Virtual Networks (VNets)

- All parts of the system must support inbound and outbound traffic restrictions.

- All service calls must be authenticated by using Azure AD.

User agreements

When a user submits content, they must agree to a user agreement. The agreement allows employees of Contoso.Ltd to review content, store cookies on user devices and track user’s IP addresses.

Information regarding agreements is used by multiple divisions within Contoso, Ltd.

User responses must not be lost and must be available to all parties regardless of individual service uptime. The volume of agreements is expected to be in the millions per hour.

Validation testing

When a new version of the ContentAnalysisService is available the previous seven days of content must be processed with the new version to verify that the new version does not significantly deviate from the old version.

Issues

Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.

Code

ContentUploadService

You need to configure the ContentUploadService deployment.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Add the following markup to line CS23: types: Private

Add the following markup to line CS24: osType: Windows

Add the following markup to line CS24: osType: Linux

Add the following markup to line CS23: types: Public

7. Case Study 2

Requirements

ContentAnalysisService

The company’s data science group built ContentAnalysisService which accepts user generated content as a string and returns a probable value for inappropriate content. Any values over a specific threshold must be reviewed by an employee of Contoso, Ltd.

You must create an Azure Function named CheckUserContent to perform the content checks.

Costs

You must minimize costs for all Azure services.

Manual review

To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role. All completed reviews must include the reviewer’s email address for auditing purposes.

High availability

All services must run in multiple regions. The failure of any service in a region must not impact overall application availability.

Monitoring

An alert must be raised if the ContentUploadService uses more than 80 percent of available CPU-cores.

Security

You have the following security requirements:

- Any web service accessible over the Internet must be protected from cross site scripting attacks.

- All websites and services must use SSL from a valid root certificate authority.

- Azure Storage access keys must only be stored in memory and must be available only to the service.

- All Internal services must only be accessible from Internal Virtual Networks (VNets)

- All parts of the system must support inbound and outbound traffic restrictions.

- All service calls must be authenticated by using Azure AD.

User agreements

When a user submits content, they must agree to a user agreement. The agreement allows employees of Contoso.Ltd to review content, store cookies on user devices and track user’s IP addresses.

Information regarding agreements is used by multiple divisions within Contoso, Ltd.

User responses must not be lost and must be available to all parties regardless of individual service uptime. The volume of agreements is expected to be in the millions per hour.

Validation testing

When a new version of the ContentAnalysisService is available the previous seven days of content must be processed with the new version to verify that the new version does not significantly deviate from the old version.

Issues

Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.

Code

ContentUploadService

You need to store the user agreements.

Where should you store the agreement after it is completed?

Azure Storage queue

Azure Event Hub

Azure Service Bus topic

Azure Event Grid topic

8. Case Study 2

Requirements

ContentAnalysisService

The company’s data science group built ContentAnalysisService which accepts user generated content as a string and returns a probable value for inappropriate content. Any values over a specific threshold must be reviewed by an employee of Contoso, Ltd.

You must create an Azure Function named CheckUserContent to perform the content checks.

Costs

You must minimize costs for all Azure services.

Manual review

To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role. All completed reviews must include the reviewer’s email address for auditing purposes.

High availability

All services must run in multiple regions. The failure of any service in a region must not impact overall application availability.

Monitoring

An alert must be raised if the ContentUploadService uses more than 80 percent of available CPU-cores.

Security

You have the following security requirements:

- Any web service accessible over the Internet must be protected from cross site scripting attacks.

- All websites and services must use SSL from a valid root certificate authority.

- Azure Storage access keys must only be stored in memory and must be available only to the service.

- All Internal services must only be accessible from Internal Virtual Networks (VNets)

- All parts of the system must support inbound and outbound traffic restrictions.

- All service calls must be authenticated by using Azure AD.

User agreements

When a user submits content, they must agree to a user agreement. The agreement allows employees of Contoso.Ltd to review content, store cookies on user devices and track user’s IP addresses.

Information regarding agreements is used by multiple divisions within Contoso, Ltd.

User responses must not be lost and must be available to all parties regardless of individual service uptime. The volume of agreements is expected to be in the millions per hour.

Validation testing

When a new version of the ContentAnalysisService is available the previous seven days of content must be processed with the new version to verify that the new version does not significantly deviate from the old version.

Issues

Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.

Code

ContentUploadService

You need to monitor ContentUploadService accourding to the requirements.

Which command should you use?

az monitor metrics alert create Cn alert Cg … - -scopes … - -condition "avg Percentage CPU > 8"

az monitor metrics alert create Cn alert Cg … - -scopes … - -condition "avg Percentage CPU > 800"

az monitor metrics alert create Cn alert Cg … - -scopes … - -condition "CPU Usage > 800"

az monitor metrics alert create Cn alert Cg … - -scopes … - -condition "CPU Usage > 8"

9. Case Study 2

Requirements

ContentAnalysisService

The company’s data science group built ContentAnalysisService which accepts user generated content as a string and returns a probable value for inappropriate content. Any values over a specific threshold must be reviewed by an employee of Contoso, Ltd.

You must create an Azure Function named CheckUserContent to perform the content checks.

Costs

You must minimize costs for all Azure services.

Manual review

To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role. All completed reviews must include the reviewer’s email address for auditing purposes.

High availability

All services must run in multiple regions. The failure of any service in a region must not impact overall application availability.

Monitoring

An alert must be raised if the ContentUploadService uses more than 80 percent of available CPU-cores.

Security

You have the following security requirements:

- Any web service accessible over the Internet must be protected from cross site scripting attacks.

- All websites and services must use SSL from a valid root certificate authority.

- Azure Storage access keys must only be stored in memory and must be available only to the service.

- All Internal services must only be accessible from Internal Virtual Networks (VNets)

- All parts of the system must support inbound and outbound traffic restrictions.

- All service calls must be authenticated by using Azure AD.

User agreements

When a user submits content, they must agree to a user agreement. The agreement allows employees of Contoso.Ltd to review content, store cookies on user devices and track user’s IP addresses.

Information regarding agreements is used by multiple divisions within Contoso, Ltd.

User responses must not be lost and must be available to all parties regardless of individual service uptime. The volume of agreements is expected to be in the millions per hour.

Validation testing

When a new version of the ContentAnalysisService is available the previous seven days of content must be processed with the new version to verify that the new version does not significantly deviate from the old version.

Issues

Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.

Code

ContentUploadService

Hotspot Question

You need to implement the bindings for the CheckUserContent function.

How should you complete the code segment? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

10. Case Study 2

Requirements

ContentAnalysisService

The company’s data science group built ContentAnalysisService which accepts user generated content as a string and returns a probable value for inappropriate content. Any values over a specific threshold must be reviewed by an employee of Contoso, Ltd.

You must create an Azure Function named CheckUserContent to perform the content checks.

Costs

You must minimize costs for all Azure services.

Manual review

To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role. All completed reviews must include the reviewer’s email address for auditing purposes.

High availability

All services must run in multiple regions. The failure of any service in a region must not impact overall application availability.

Monitoring

An alert must be raised if the ContentUploadService uses more than 80 percent of available CPU-cores.

Security

You have the following security requirements:

- Any web service accessible over the Internet must be protected from cross site scripting attacks.

- All websites and services must use SSL from a valid root certificate authority.

- Azure Storage access keys must only be stored in memory and must be available only to the service.

- All Internal services must only be accessible from Internal Virtual Networks (VNets)

- All parts of the system must support inbound and outbound traffic restrictions.

- All service calls must be authenticated by using Azure AD.

User agreements

When a user submits content, they must agree to a user agreement. The agreement allows employees of Contoso.Ltd to review content, store cookies on user devices and track user’s IP addresses.

Information regarding agreements is used by multiple divisions within Contoso, Ltd.

User responses must not be lost and must be available to all parties regardless of individual service uptime. The volume of agreements is expected to be in the millions per hour.

Validation testing

When a new version of the ContentAnalysisService is available the previous seven days of content must be processed with the new version to verify that the new version does not significantly deviate from the old version.

Issues

Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.

Code

ContentUploadService

Drag and Drop Question

You need to add markup at line AM04 to implement the ContentReview role.

How should you complete the markup? To answer, drag the appropriate json segments to the correct locations. Each json segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

11. Case Study 2

Requirements

ContentAnalysisService

The company’s data science group built ContentAnalysisService which accepts user generated content as a string and returns a probable value for inappropriate content. Any values over a specific threshold must be reviewed by an employee of Contoso, Ltd.

You must create an Azure Function named CheckUserContent to perform the content checks.

Costs

You must minimize costs for all Azure services.

Manual review

To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role. All completed reviews must include the reviewer’s email address for auditing purposes.

High availability

All services must run in multiple regions. The failure of any service in a region must not impact overall application availability.

Monitoring

An alert must be raised if the ContentUploadService uses more than 80 percent of available CPU-cores.

Security

You have the following security requirements:

- Any web service accessible over the Internet must be protected from cross site scripting attacks.

- All websites and services must use SSL from a valid root certificate authority.

- Azure Storage access keys must only be stored in memory and must be available only to the service.

- All Internal services must only be accessible from Internal Virtual Networks (VNets)

- All parts of the system must support inbound and outbound traffic restrictions.

- All service calls must be authenticated by using Azure AD.

User agreements

When a user submits content, they must agree to a user agreement. The agreement allows employees of Contoso.Ltd to review content, store cookies on user devices and track user’s IP addresses.

Information regarding agreements is used by multiple divisions within Contoso, Ltd.

User responses must not be lost and must be available to all parties regardless of individual service uptime. The volume of agreements is expected to be in the millions per hour.

Validation testing

When a new version of the ContentAnalysisService is available the previous seven days of content must be processed with the new version to verify that the new version does not significantly deviate from the old version.

Issues

Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.

Code

ContentUploadService

Hotspot Question

You need to add code at line AM09 to ensure that users can review content using ContentAnalysisService.

How should you complete the code? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

12. Case Study 2

Requirements

ContentAnalysisService

The company’s data science group built ContentAnalysisService which accepts user generated content as a string and returns a probable value for inappropriate content. Any values over a specific threshold must be reviewed by an employee of Contoso, Ltd.

You must create an Azure Function named CheckUserContent to perform the content checks.

Costs

You must minimize costs for all Azure services.

Manual review

To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role. All completed reviews must include the reviewer’s email address for auditing purposes.

High availability

All services must run in multiple regions. The failure of any service in a region must not impact overall application availability.

Monitoring

An alert must be raised if the ContentUploadService uses more than 80 percent of available CPU-cores.

Security

You have the following security requirements:

- Any web service accessible over the Internet must be protected from cross site scripting attacks.

- All websites and services must use SSL from a valid root certificate authority.

- Azure Storage access keys must only be stored in memory and must be available only to the service.

- All Internal services must only be accessible from Internal Virtual Networks (VNets)

- All parts of the system must support inbound and outbound traffic restrictions.

- All service calls must be authenticated by using Azure AD.

User agreements

When a user submits content, they must agree to a user agreement. The agreement allows employees of Contoso.Ltd to review content, store cookies on user devices and track user’s IP addresses.

Information regarding agreements is used by multiple divisions within Contoso, Ltd.

User responses must not be lost and must be available to all parties regardless of individual service uptime. The volume of agreements is expected to be in the millions per hour.

Validation testing

When a new version of the ContentAnalysisService is available the previous seven days of content must be processed with the new version to verify that the new version does not significantly deviate from the old version.

Issues

Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.

Code

ContentUploadService

Hotspot Question

You need to ensure that network security policies are met.

How should you configure network security? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

13. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2.

When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute.

You need to design the process that starts the photo processing.

Solution: Convert the Azure Storage account to a BlockBlobStorage storage account.

Does the solution meet the goal?

Yes

No

14. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2.

When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute.

You need to design the process that starts the photo processing.

Solution: Move photo processing to an Azure Function triggered from the blob upload.

Does the solution meet the goal?

Yes

No

15. You are developing an application that uses Azure Blob storage.

The application must read the transaction logs of all the changes that occur to the blobs and the blob metadata in the storage account for auditing purposes. The changes must be in the order in which they occurred, include only create, update, delete, and copy operations and be retained for compliance reasons.

You need to process the transaction logs asynchronously.

What should you do?

Process all Azure Blob storage events by using Azure Event Grid with a subscriber Azure Function app.

Enable the change feed on the storage account and process all changes for available events.

Process all Azure Storage Analytics logs for successful blob events.

Use the Azure Monitor HTTP Data Collector API and scan the request body for successful blob events.

16. You are developing a web app that is protected by Azure Web Application Firewall (WAF). All traffic to the web app is routed through an Azure Application Gateway instance that is used by multiple web apps. The web app address is contoso.azurewebsites.net.

All traffic must be secured with SSL. The Azure Application Gateway instance is used by multiple web apps.

You need to configure the Azure Application Gateway for the app.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

In the Azure Application Gateway's HTTP setting, enable the Use for App service setting.

Convert the web app to run in an Azure App service environment (ASE).

Add an authentication certificate for contoso.azurewebsites.net to the Azure Application gateway.

In the Azure Application Gateway's HTTP setting, set the value of the Override backend path option to contoso22.azurewebsites.net.

17. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2.

When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute.

You need to design the process that starts the photo processing.

Solution: Trigger the photo processing from Blob storage events.

Does the solution meet the goal?

Yes

No

18. You develop Azure solutions.

You must connect to a No-SQL globally-distributed database by using the .NET API.

You need to create an object to configure and execute requests in the database.

Which code segment should you use?

new Container(EndpointUri, PrimaryKey);

new Database(Endpoint, PrimaryKey);

new CosmosClient(EndpointUri, PrimaryKey);

19. Your company is developing an Azure API.

You need to implement authentication for the Azure API.

You have the following requirements:

- All API calls must be secure.

- Callers to the API must not send credentials to the API.

Which authentication mechanism should you use?

Basic

Anonymous

Managed identity

Client certificate

20. You are a developer for a SaaS company that offers many web services.

All web services for the company must meet the following requirements:

- Use API Management to access the services

- Use OpenID Connect for authentication

- Prevent anonymous usage

A recent security audit found that several web services can be called without any authentication.

Which API Management policy should you implement?

jsonp

authentication-certificate

check-header

validate-jwt

21. You have a new Azure subscription. You are developing an internal website for employees to view sensitive data. The website uses Azure Active Directory (Azure AD) for authentication.

You need to implement multifactor authentication for the website.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Configure the website to use Azure AD B2

In Azure AD, create a new conditional access policy.

Upgrade to Azure AD Premium.

In Azure AD, enable application proxy.

In Azure AD conditional access, enable the baseline policy.

22. You are developing an ASP.NET Core Web API web service. The web service uses Azure Application Insights for all telemetry and dependency tracking. The web service reads and writes data to a database other than Microsoft SQL Server.

You need to ensure that dependency tracking works for calls to the third-party database.

Which two dependency telemetry properties should you use? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Telemetry.Context.Cloud.RoleInstance

Telemetry.Id

Telemetry.Name

Telemetry.Context.Operation.Id

Telemetry.Context.Session.Id

23. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are developing an Azure Service application that processes queue data when it receives a message from a mobile application. Messages may not be sent to the service consistently.

You have the following requirements:

- Queue size must not grow larger than 80 gigabytes (GB).

- Use first-in-first-out (FIFO) ordering of messages.

- Minimize Azure costs.

You need to implement the messaging solution.

Solution: Use the .Net API to add a message to an Azure Service Bus Queue from the mobile application. Create an Azure Function App that uses an Azure Service Bus Queue trigger.

Does the solution meet the goal?

Yes

No

24. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are developing an Azure solution to collect point-of-sale (POS) device data from 2,000 stores located throughout the world. A single device can produce 2 megabytes (MB) of data every 24 hours. Each store location has one to five devices that send data.

You must store the device data in Azure Blob storage. Device data must be correlated based on a device identifier. Additional stores are expected to open in the future.

You need to implement a solution to receive the device data.

Solution: Provision an Azure Notification Hub. Register all devices with the hub.

Does the solution meet the goal?

Yes

No

25. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are developing an Azure solution to collect point-of-sale (POS) device data from 2,000 stores located throughout the world. A single device can produce 2 megabytes (MB) of data every 24 hours. Each store location has one to five devices that send data.

You must store the device data in Azure Blob storage. Device data must be correlated based on a device identifier. Additional stores are expected to open in the future.

You need to implement a solution to receive the device data.

Solution: Provision an Azure Service Bus. Configure a topic to receive the device data by using a correlation filter.

Does the solution meet the goal?

Yes

No

26. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are developing an Azure solution to collect point-of-sale (POS) device data from 2,000 stores located throughout the world. A single device can produce 2 megabytes (MB) of data every 24 hours. Each store location has one to five devices that send data.

You must store the device data in Azure Blob storage. Device data must be correlated based on a device identifier. Additional stores are expected to open in the future.

You need to implement a solution to receive the device data.

Solution: Provision an Azure Event Grid. Configure event filtering to evaluate the device identifier.

Does the solution meet the goal?

Yes

No

27. A company is developing a solution that allows smart refrigerators to send temperature information to a central location. You have an existing Service Bus.

The solution must receive and store message until they can be processed. You create an Azure Service Bus Instance by providing a name, pricing tier, subscription, resource group, and location.

You need to complete the configuration.

Which Azure CLI or PowerShell command should you run?

A)

B)

C)

D)

Option A

Option B

Option C

Option D

28. You are developing a solution that will use Azure messaging services.

You need to ensure that the solution uses a publish-subscribe model and eliminates the need for constant polling.

What are two possible ways to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Service Bus

Event Hub

Event Grid

Queue

29. A company is implementing a publish-subscribe (Pub/Sub) messaging component by using Azure Service Bus. You are developing the first subscription application.

In the Azure portal you see that messages are being sent to the subscription for each topic. You create and initialize a subscription client object by supplying the correct details, but the subscription application is still not consuming the messages.

You need to ensure that the subscription client processes all messages.

Which code segment should you use?

await subscriptionClient.AddRuleAsync(new RuleDescription(RuleDescription.DefaultRuleName, new TrueFilter()));

subscriptionClient = new SubscriptionClient(ServiceBusConnectionString, TopicName, SubscriptionName);

await subscriptionClient.CloseAsync();

subscriptionClient.RegisterMessageHandler(ProcessMessageAsync, messageHandlerOptions);

30. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are developing an Azure Service application that processes queue data when it receives a message from a mobile application. Messages may not be sent to the service consistently.

You have the following requirements:

- Queue size must not grow larger than 80 gigabytes (GB).

- Use first-in-first-out (FIFO) ordering of messages.

- Minimize Azure costs.

You need to implement the messaging solution.

Solution: Use the .Net API to add a message to an Azure Storage Queue from the mobile application. Create an Azure VM that is triggered from Azure Storage Queue events.

Does the solution meet the goal?

Yes

No

31. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are developing an Azure Service application that processes queue data when it receives a message from a mobile application. Messages may not be sent to the service consistently.

You have the following requirements:

- Queue size must not grow larger than 80 gigabytes (GB).

- Use first-in-first-out (FIFO) ordering of messages.

- Minimize Azure costs.

You need to implement the messaging solution.

Solution: Use the .Net API to add a message to an Azure Service Bus Queue from the mobile application. Create an Azure Windows VM that is triggered from Azure Service Bus Queue.

Does the solution meet the goal?

Yes

No

32. In the merged camera company, which technology would you use for the lens quality control procedure?

Microsoft Power Automate

Azure Logic Apps

Azure Functions

Azure App Service WebJobs

33. How many triggers must a function have?

Zero

One

Two

34. A CRON expression is a string that consists of six fields that represent a set of times. The order of the six fields in Azure is: {second} {minute} {hour} {day} {month} {day of the week}.

Suppose you needed a CRON expression that meant "every day", what special character would you put in the {day of the week} position?

/

*

,

-

35. What is Durable Functions?

Durable Functions is an extension of Azure Functions, that allow you to simplify complex stateful executions in a serverless-environment

Durable Functions is a logical container for a single workflow that you define using triggers and actions.

Durable Functions is a serverless compute service that enables you to run code on-demand without having to explicitly provision or manage infrastructure.

36. Suppose your Azure Function has a blob trigger associated with it and you want it to execute only when images are uploaded.

Which of the following blob trigger Path values should you use?

samples-workitems/{name}

samples-workitems/{name}/png

samples-workitems/{name}?png

samples-workitems/{name}.png

37. Suppose you're sending a message with Azure Service Bus and you want multiple components to receive it.

Which Azure Service Bus exchange feature should you use?

Queue

Topic

Relay

38. In the merged camera company, which technology would you use for the ordering and dispatch procedure?

Microsoft Power Automate

Azure Logic Apps

Azure Functions

Azure App Service WebJobs

39. We secured our function against unknown HTTP callers by requiring a function-specific API key be passed with each call.

Which of the following fields is the name header in the HTTP requests that needs to contain this key?

x-functions-key

x-requested-with

x-csrf-token

40. Which of the following best describes the role of the Orchestrator function in a workflow?

It's used as the basic unit of work (actions and tasks in a durable function orchestration.

It's the entry point for creating an instance of a Durable Functions orchestration.

It's used for describing how actions are executed and the order in which actions are executed.

41. Which of the following is an advantage of using bindings in your Azure Functions to access data sources and data sinks?

They provide access to more data sources than are available using code.

They let you connect to Azure resources without authentication.

They simplify the connection process; you don't need to code specific connection logic.

42. A company is building a traffic monitoring system. The system would be monitoring the traffic along 4 highways. The system would be responsible for producing a time series-based analysis report for each highway.

The traffic sensors on each highway have been configured to send its data to Azure Event Hubs. The data from Event Hubs is then consumed by three departments. Each department makes use of an Azure Web App to display the data.

You have to implement the Azure Event Hub instance. You need to implement a solution which ensures data throughput is maximized and latency is minimized.

Which of the following would you use as the partition key?

Highway

Department

Timestamp

Datestamp

43. You have to deploy a microservice based application to Azure. The application needs to be deployed to an Azure Kubernetes cluster.

The solution has the following requirements:

- Reverse proxy capabilities

- Ability to configure traffic routing

- Termination of TLS with a custom certificate

Which of the following would you use to implement a single public IP endpoint to route traffic to multiple microservices?

Helm

Brigade

Kubectl

Ingress Controller

Virtual Kubelet

44. You have to develop an ASP.Net Core application. The application is used to work with blobs in an Azure storage account. The application authenticates via Azure AD credentials.

Role based access has been implemented on the containers that contain the blobs. These roles have been assigned to the users.

You have to configure the application so that the user's permissions can be used with the Azure Blob containers.

Which of the following would you use as the Permission for the Microsoft Graph API?

User.Read

User.Write

client_id

user_impersonation

45. You have to build a web application that would be deployed onto Azure. The web application would not allow anonymous access. The authentication would be carried out via Azure AD.

The application needs to above by the following requirements

- Users must be able to log into the web application using their Azure AD credentials

- The personalization of the web application must be based on the membership in Active Directory groups

You have to configure the application manifest file:

Which of the following would go into Slot 2?

"allowPublicClient"

"oauth2Permissions"

"requiredResourceAccess"

"oauth2AllowImplicitFlow"

46. You are developing an application that is going to making use of the Azure Service Bus. You have to create filters based on the different types of subscribers that would subscribe to the topic.

The broad classification of these subscribers are:

- Subscribers should be able to receive all messages being sent to the topic

- Subscribers should NOT be able to receive all messages being sent to the topic

- Subscribers should be able to receive messages based on a SQL-like conditional expression

Which of the following would you use as the filter condition for the requirement?

"Subscribers should be able to receive all messages being sent to the topic"

Boolean filters

Primary filters

SQL filters

Correlation filters

47. A company has a web application that has been deployed using the Azure Web App service.

The current service plan being used is D1. It needs to be ensured that the application infrastructure can automatically scale when the CPU load reaches 85 percent.

You also have to ensure costs are minimized.

Which of the following steps would you implement to achieve the requirements? Choose 4 answers from the options given below

Enable autoscaling on the Web application

Configure a scale condition

Configure the web application to use the Standard App Service Plan

Configure the web application to use the Premium App Service Plan

Add a scale rule.

48. A company is implementing an order processing system. The orders are going to be published to an Azure Service Bus topic.

The properties of the messages that would be sent are as follows:

The following subscriptions will be created. The requirement for each subscription is also given:

You need to implement the right filters for each of the subscriptions given above.

Which of the following would you implement for the Subscription - AllOrders?

SqlFilter

CorrelationFilter

TrueFilter

No Filter

FalseFilter

49. Drag and Drop Question

You are developing an application to use Azure Blob storage. You have configured Azure Blob storage to include change feeds.

A copy of your storage account must be created in another region. Data must be copied from the current storage account to the new storage account directly between the storage servers.

You need to create a copy of the storage account in another region and copy the data.

In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.

50. Hotspot Question

You are developing an ASP.NET Core web application. You plan to deploy the application to Azure Web App for Containers.

The application needs to store runtime diagnostic data that must be persisted across application restarts.

You have the following code:

You need to configure the application settings so that diagnostic data is stored as required.

How should you configure the web app's settings? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

51. Hotspot Question

You are implementing a software as a service (SaaS) ASP.NET Core web service that will run as an Azure Web App. The web service will use an on-premises SQL Server database for storage. The web service also includes a WebJob that processes data updates.

Four customers will use the web service.

- Each instance of the WebJob processes data for a single customer and must run as a singleton instance.

- Each deployment must be tested by using deployment slots prior to serving production data.

- Azure costs must be minimized.

- Azure resources must be located in an isolated network.

You need to configure the App Service plan for the Web App.

How should you configure the App Service plan? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.

52. Drag and Drop Question

You are a developer for a software as a service (SaaS) company that uses an Azure Function to process orders. The Azure Function currently runs on an Azure Function app that is triggered by an Azure Storage queue.

You are preparing to migrate the Azure Function to Kubernetes using Kubernetes-based Event Driven Autoscaling (KEDA).

You need to configure Kubernetes Custom Resource Definitions (CRD) for the Azure Function.

Which CRDs should you configure? To answer, drag the appropriate CRD types to the correct locations. Each CRD type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

53. Hotspot Question

You are creating a CLI script that creates an Azure web app and related services in Azure App Service.

The web app uses the following variables:

You need to automatically deploy code from Git-Hub to the newly created web app.

How should you complete the script? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

54. Hotspot Question

You are developing a ticket reservation system for an airline.

The storage solution for the application must meet the following requirements:

- Ensure at least 99.99% availability and provide low latency.

- Accept reservations event when localized network outages or other unforeseen failures occur.

- Process reservations in the exact sequence as reservations are submitted to minimize overbooking or selling the same seat to multiple travelers.

- Allow simultaneous and out-of-order reservations with a maximum five-

second tolerance window.

You provision a resource group named airlineResourceGroup in the Azure South-Central US region.

You need to provision a SQL SPI Cosmos DB account to support the app.

How should you complete the Azure CLI commands? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

55. Drag and Drop Question

You are developing a new page for a website that uses Azure Cosmos DB for data storage.

The feature uses documents that have the following format:

You must display data for the new page in a specific order.

You create the following query for the page:

You need to configure a Cosmos DB policy to the support the query.

How should you configure the policy? To answer, drag the appropriate JSON segments to the correct locations. Each JSON segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

56. Hotspot Question

You are building a traffic monitoring system that monitors traffic along six highways. The system produces time series analysis-based reports for each highway.

Data from traffic sensors are stored in Azure Event Hub.

Traffic data is consumed by four departments. Each department has an Azure Web App that displays the time series-based reports and contains a WebJob that processes the incoming data from Event Hub. All Web Apps run on App Service Plans with three instances.

Data throughput must be maximized. Latency must be minimized.

You need to implement the Azure Event Hub.

Which settings should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

57. Drag and Drop Question

You are developing a microservices solution. You plan to deploy the solution to a multinode Azure Kubernetes Service (AKS) cluster.

You need to deploy a solution that includes the following features:

- reverse proxy capabilities

- configurable traffic routing

- TLS termination with a custom certificate

Which component should you use? To answer, drag the appropriate components to the correct requirements. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

58. Drag and Drop Question

Contoso, Ltd. provides an API to customers by using Azure API Management (APIM). The API authorizes users with a JWT token.

You must implement response caching for the APIM gateway. The caching mechanism must detect the user ID of the client that accesses data for a given location and cache the response for that user ID.

You need to add the following policies to the policies file:

- a set-variable policy to store the detected user identity

- a cache-lookup-value policy

- a cache-store-value policy

- a find-and-replace policy to update the response body with the user profile information

To which policy section should you add the policies? To answer, drag the appropriate sections to the correct policies. Each section may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

59. Drag and Drop Question

You develop a web application.

You need to register the application with an active Azure Active Directory (Azure AD) tenant.

Which three actions should you perform in sequence? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.

60. Drag and Drop Question

You are developing an application. You have an Azure user account that has access to two subscriptions.

You need to retrieve a storage account key secret from Azure Key Vault.

In which order should you arrange the PowerShell commands to develop the solution? To answer, move all commands from the list of commands to the answer area and arrange them in the correct order.

61. Hotspot Question

You are using Azure Front Door Service.

You are expecting inbound files to be compressed by using Brotli compression. You discover that inbound XML files are not compressed. The files are 9 megabytes (MB) in size.

You need to determine the root cause for the issue.

To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

62. Hotspot Question

You are developing an Azure App Service hosted ASP.NET Core web app to deliver video on-demand streaming media. You enable an Azure Content Delivery Network (CDN) Standard for the web endpoint. Customer videos are downloaded from the web app by using the following example URL.: http://www.contoso.com/ content.mp4?quality=1

All media content must expire from the cache after one hour. Customer videos with varying quality must be delivered to the closest regional point of presence (POP) node.

You need to configure Azure CDN caching rules.

Which options should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

63. Drag and Drop Question

You develop a web app that uses tier D1 app service plan by using the Web Apps feature of Microsoft Azure App Service.

Spikes in traffic have caused increases in page load times.

You need to ensure that the web app automatically scales when CPU load is about 85 percent and minimize costs.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

64. Drag and Drop Question

You manage several existing Logic Apps.

You need to change definitions, add new logic, and optimize these apps on a regular basis.

What should you use? To answer, drag the appropriate tools to the correct functionalities. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

65. Hotspot Question

You are developing an application that uses Azure Storage Queues.

You have the following code:

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

66. Hotspot Question

You are working for Contoso, Ltd.

You define an API Policy object by using the following XML markup:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

67. Case study 1 - Litware Inc

Background

You are a developer for Litware Inc., a SaaS company that provides a solution for managing employee expenses. The solution consists of an ASP.NET Core Web API project that is deployed as an Azure Web App.

Overall architecture

Employees upload receipts for the system to process. When processing is complete, the employee receives a summary report email that details the processing results. Employees then use a web application to manager their receipts and perform any additional tasks needed for reimbursement.

Receipt processing

Employees may upload receipts in two ways:

- Uploading using an Azure Files mounted folder

- Uploading using the web application

Data Storage

Receipt and employee information is stored in an Azure SQL database.

Documentation

Employees are provided with a getting started document when they first use the solution. The documentation includes details on supported operating systems for Azure File upload, and instructions on how to configure the mounted folder.

Solution details

Users table

Web Application

You enable MSI for the Web App and configure the Web App to use the security principal name.

Processing

Processing is performed by an Azure Function that uses version 2 of the Azure Function runtime. Once processing is completed, results are stored in Azure Blob Storage and an Azure SQL database. Then, an email summary is sent to the user with a link to the processing report. The link to the report must remain valid if the email is forwarded to another user.

Requirements

Receipt processing

Concurrent processing of a receipt must be prevented.

Logging

Azure Application Insights is used for telemetry and logging in both the processor and the web application. The processor also has TraceWriter logging enabled. Application Insights must always contain all log messages.

Disaster recovery

Regional outage must not impact application availability. All DR operations must not be dependent on application running and must ensure that data in the DR region is up to date.

Security

- Users’ SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins.

- All certificates and secrets used to secure data must be stored in Azure Key Vault.

- You must adhere to the Least Privilege Principal.

- All access to Azure Storage and Azure SQL database must use the application’s Managed Service Identity (MSI)

- Receipt data must always be encrypted at rest.

- All data must be protected in transit.

- User’s expense account number must be visible only to logged in users. All other views of the expense account number should include only the last segment with the remaining parts obscured.

- In the case of a security breach, access to all summary reports must be revoked without impacting other parts of the system.

Issues

Upload format issue

Employees occasionally report an issue with uploading a receipt using the web application. They report that when they upload a receipt using the Azure File Share, the receipt does not appear in their profile. When this occurs, they delete the file in the file share and use the web application, which returns a 500 Internal Server error page.

Capacity issue

During busy periods, employees report long delays between the time they upload the receipt and when it appears in the web application.

Log capacity issue

Developers report that the number of log messages in the trace output for the processor is too high, resulting in lost log messages.

Processing.cs

Database.cs

ReceiptUploader.cs

ConfigureSSE.ps1

Hotspot Question

You need to add the Supporting Operating Systems section to the Getting Started document.

How should you complete the section? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

68. Case study 1 - Litware Inc

Background

You are a developer for Litware Inc., a SaaS company that provides a solution for managing employee expenses. The solution consists of an ASP.NET Core Web API project that is deployed as an Azure Web App.

Overall architecture

Employees upload receipts for the system to process. When processing is complete, the employee receives a summary report email that details the processing results. Employees then use a web application to manager their receipts and perform any additional tasks needed for reimbursement.

Receipt processing

Employees may upload receipts in two ways:

- Uploading using an Azure Files mounted folder

- Uploading using the web application

Data Storage

Receipt and employee information is stored in an Azure SQL database.

Documentation

Employees are provided with a getting started document when they first use the solution. The documentation includes details on supported operating systems for Azure File upload, and instructions on how to configure the mounted folder.

Solution details

Users table