TEST SUPPRIMÉ, VOUS POUVEZ ÊTRE INTÉRESSÉ PAR :
AZ-204
COMMENTAIRES |
STATISTIQUES |
RECORDS
|
|---|
EFFECTUER UN TEST
|
Titre du test:
AZ-204 Description: AZ-204 - Microsoft Auteur:
Date de création: 29/08/2023 Catégorie: Informatique Questions numériques : 180 |
PARTAGER LE TEST
COMMENTAIRE
Il n'y a aucun commentaire sur ce test.
Ordre du jour :
|
You have two Hyper-V hosts named Host1 and Host2. Host1 has an Azure virtual machine named VM1 that was deployed by using a custom Azure Resource
Manager template.
You need to move VM1 to Host2.
What should you do? From the Update management blade, click Enable. From the Overview blade, move VM1 to a different subscription. From the Redeploy blade, click Redeploy. From the Profile blade, modify the usage location. You have downloaded an Azure Resource Manager template to deploy numerous virtual machines. The template is based on a current virtual machine, but must be adapted to reference an administrative password. You need to make sure that the password is not stored in plain text. You are preparing to create the necessary components to achieve your goal. Which of the following should you create to achieve your goal? An azure key vault An azure storage account Azure Active Directory (AD) Identity Protection An access policy An Azure policy a backup policy. Your company has an Azure Kubernetes Service (AKS) cluster that you manage from an Azure AD-joined device. The cluster is located in a resource group. Developers have created an application named MyApp. MyApp was packaged into a container image. You need to deploy the YAML manifest file for the application. Solution: You install the Azure CLI on the device and run the kubectl apply `"f myapp.yaml command. Does this meet the goal? Yes No. Your company has an Azure Kubernetes Service (AKS) cluster that you manage from an Azure AD-joined device. The cluster is located in a resource group. Developers have created an application named MyApp. MyApp was packaged into a container image. You need to deploy the YAML manifest file for the application. Solution: You install the docker client on the device and run the docker run -it microsoft/azure-cli:0.10.17 command. Does this meet the goal? Yes No. Your company has a web app named WebApp1. You use the WebJobs SDK to design a triggered App Service background task that automatically invokes a function in the code every time new data is received in a queue. You are preparing to configure the service processes a queue data item. Which of the following is the service you should use? Logic Apps WebJobs Flow Functions. Your company has an Azure subscription. You need to deploy a number of Azure virtual machines to the subscription by using Azure Resource Manager (ARM) templates. The virtual machines will be included in a single availability set. You need to ensure that the ARM template allows for as many virtual machines as possible to remain accessible in the event of fabric failure or maintenance. Which of the following is the value that you should configure for the platformFaultDomainCount property? 10 30 Min Value Max Value. Your company has an Azure subscription. You need to deploy a number of Azure virtual machines to the subscription by using Azure Resource Manager (ARM) templates. The virtual machines will be included in a single availability set. You need to ensure that the ARM template allows for as many virtual machines as possible to remain accessible in the event of fabric failure or maintenance. Which of the following is the value that you should configure for the platformUpdateDomainCount property? 10 20 30 40. You are creating an Azure Cosmos DB account that makes use of the SQL API. Data will be added to the account every day by a web application. You need to ensure that an email notification is sent when information is received from IoT devices, and that compute cost is reduced. You decide to deploy a function app. Which of the following should you configure the function app to use? Azure Cosmos DB connector SendGrid action Consumption plan Azure Event Hubs binding SendGrid binding. This question requires that you evaluate the underlined text to determine if it is correct. You company has an on-premises deployment of MongoDB, and an Azure Cosmos DB account that makes use of the MongoDB API. You need to devise a strategy to migrate MongoDB to the Azure Cosmos DB account. You include the Data Management Gateway tool in your migration strategy. Instructions: Review the underlined text. If it makes the statement correct, select `No change required.` If the statement is incorrect, select the answer choice that makes the statement correct. No change required mongorestore Azure Storage Explorer AzCopy. You are developing an e-Commerce Web App. You want to use Azure Key Vault to ensure that sign-ins to the e-Commerce Web App are secured by using Azure App Service authentication and Azure Active Directory (AAD). What should you do on the e-Commerce Web App? Run the az keyvault secret command. Enable Azure AD Connect. Enable Managed Service Identity (MSI). Create an Azure AD service principal. This question requires that you evaluate the underlined text to determine if it is correct. Your Azure Active Directory Azure (Azure AD) tenant has an Azure subscription linked to it. Your developer has created a mobile application that obtains Azure AD access tokens using the OAuth 2 implicit grant type. The mobile application must be registered in Azure AD. You require a redirect URI from the developer for registration purposes. Instructions: Review the underlined text. If it makes the statement correct, select `No change is needed.` If the statement is incorrect, select the answer choice that makes the statement correct. No change required. a secret a login hint a client ID. You are creating an Azure key vault using PowerShell. Objects deleted from the key vault must be kept for a set period of 90 days. Which two of the following parameters must be used in conjunction to meet the requirement? (Choose two.) EnabledForDeployment EnablePurgeProtection EnabledForTemplateDeployment EnableSoftDelete . You have an Azure Active Directory (Azure AD) tenant. You want to implement multi-factor authentication by making use of a conditional access policy. The conditional access policy must be applied to all users when they access the Azure portal. Which three settings should you configure? To answer, select the appropriate settings. Assignments - Users and groups Assignments - Cloud apps Assignments - Conditions Access controls - Grant Access controls - Session. You manage an Azure SQL database that allows for Azure AD authentication. You need to make sure that database developers can connect to the SQL database via Microsoft SQL Server Management Studio (SSMS). You also need to make sure the developers use their on-premises Active Directory account for authentication. Your strategy should allow for authentication prompts to be kept to a minimum. Which of the following should you implement? Azure AD token. Azure Multi-Factor authentication. Active Directory integrated authentication. OATH software tokens. You are developing an application to transfer data between on-premises file servers and Azure Blob storage. The application stores keys, secrets, and certificates in Azure Key Vault and makes use of the Azure Key Vault APIs. You want to configure the application to allow recovery of an accidental deletion of the key vault or key vault objects for 90 days after deletion. What should you do? Run the Add-AzKeyVaultKey cmdlet. Run the az keyvault update --enable-soft-delete true --enable-purge-protection true CLI. Implement virtual network service endpoints for Azure Key Vault. Run the az keyvault update --enable-soft-delete false CLI. You have developed a Web App for your company. The Web App provides services and must run in multiple regions. You want to be notified whenever the Web App uses more than 85 percent of the available CPU cores over a 5 minute period. Your solution must minimize costs. Which command should you use? az monitor metrics alert create -n myAlert -g myResourceGroup --scopes targetResourceId --condition "ANSWER1" >85" ANSWER2 5m ANSWER1 ANSWER2. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are configuring a web app that delivers streaming video to users. The application makes use of continuous integration and deployment. You need to ensure that the application is highly available and that the users' streaming experience is constant. You also want to configure the application to store data in a geographic location that is nearest to the user. Solution: You include the use of Azure Redis Cache in your design. Does the solution meet the goal Yes No. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are configuring a web app that delivers streaming video to users. The application makes use of continuous integration and deployment. You need to ensure that the application is highly available and that the users' streaming experience is constant. You also want to configure the application to store data in a geographic location that is nearest to the user. Solution: You include the use of an Azure Content Delivery Network (CDN) in your design. Does the solution meet the goal? Yes No. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are configuring a web app that delivers streaming video to users. The application makes use of continuous integration and deployment. You need to ensure that the application is highly available and that the users' streaming experience is constant. You also want to configure the application to store data in a geographic location that is nearest to the user. Solution: You include the use of a Storage Area Network (SAN) in your design. Does the solution meet the goal? Yes No. You develop a Web App on a tier D1 app service plan. You notice that page load times increase during periods of peak traffic. You want to implement automatic scaling when CPU load is above 80 percent. Your solution must minimize costs. What should you do first? Enable autoscaling on the Web App. Switch to the Premium App Service tier plan. Switch to the Standard App Service tier plan. Switch to the Azure App Services consumption plan. Your company's Azure subscription includes an Azure Log Analytics workspace. Your company has a hundred on-premises servers that run either Windows Server 2012 R2 or Windows Server 2016, and is linked to the Azure Log Analytics workspace. The Azure Log Analytics workspace is set up to gather performance counters associated with security from these linked servers. You must configure alerts based on the information gathered by the Azure Log Analytics workspace. You have to make sure that alert rules allow for dimensions, and that alert creation time should be kept to a minimum. Furthermore, a single alert notification must be created when the alert is created and when the alert is resolved. You need to make use of the necessary signal type when creating the alert rules. Which of the following is the option you should use? The Activity log signal type. The Application Log signal type. The Metric signal type. The Audit Log signal type. You are developing a .NET Core MVC application that allows customers to research independent holiday accommodation providers. You want to implement Azure Search to allow the application to search the index by using various criteria to locate documents related to accommodation. You want the application to allow customers to search the index by using regular expressions. What should you do? Configure the SearchMode property of the SearchParameters class. Configure the QueryType property of the SearchParameters class. Configure the Facets property of the SearchParameters class. Configure the Filter property of the SearchParameters class. You are a developer at your company. You need to update the definitions for an existing Logic App. What should you use? the Enterprise Integration Pack (EIP) the Logic App Code View the API Connections the Logic Apps Designer. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are developing a solution for a public facing API. The API back end is hosted in an Azure App Service instance. You have implemented a RESTful service for the API back end. You must configure back-end authentication for the API Management service instance. Solution: You configure Basic gateway credentials for the Azure resource. Does the solution meet the goal? Yes No. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are developing a solution for a public facing API. The API back end is hosted in an Azure App Service instance. You have implemented a RESTful service for the API back end. You must configure back-end authentication for the API Management service instance. Solution: You configure Client cert gateway credentials for the HTTP(s) endpoint. Does the solution meet the goal? Yes No. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are developing a solution for a public facing API. The API back end is hosted in an Azure App Service instance. You have implemented a RESTful service for the API back end. You must configure back-end authentication for the API Management service instance. Solution: You configure Basic gateway credentials for the HTTP(s) endpoint. Does the solution meet the goal? Yes No. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are developing a solution for a public facing API. The API back end is hosted in an Azure App Service instance. You have implemented a RESTful service for the API back end. You must configure back-end authentication for the API Management service instance. Solution: You configure Client cert gateway credentials for the Azure resource. Does the solution meet the goal? Yes No. You are developing a .NET Core MVC application that allows customers to research independent holiday accommodation providers. You want to implement Azure Search to allow the application to search the index by using various criteria to locate documents related to accommodation venues. You want the application to list holiday accommodation venues that fall within a specific price range and are within a specified distance to an airport. What should you do? Configure the SearchMode property of the SearchParameters class. Configure the QueryType property of the SearchParameters class. Configure the Facets property of the SearchParameters class. Configure the Filter property of the SearchParameters class. You are a developer at your company. You need to edit the workflows for an existing Logic App. What should you use? the Enterprise Integration Pack (EIP) the Logic App Code View the API Connections the Logic Apps Designer. You are a developer for a company that provides a bookings management service in the tourism industry. You are implementing Azure Search for the tour agencies listed in your company's solution. You create the index in Azure Search. You now need to use the Azure Search .NET SDK to import the relevant data into the Azure Search service. Which three actions should you perform in sequence? Create a DataSource instance and set its Container property to the DataContainer. Create an IndexBatch that contains the documents which must be added Set the DataSources property of the SearchServiceClient. Create a SearchIndexClient object to connect to the search index. Call the Documents.Index method of the SearchIndexClient and pass the IndexBatch Call the Documents.Suggets method of the SearchIndexClient and pass the DataSource. You are developing an application that applies a set of governance policies for internal and external services, as well as for applications. You develop a stateful ASP.NET Core 2.1 web application named PolicyApp and deploy it to an Azure App Service Web App. The PolicyApp reacts to events from Azure Event Grid and performs policy actions based on those events. You have the following requirements: ✑ Authentication events must be used to monitor users when they sign in and sign out. ✑ All authentication events must be processed by PolicyApp. ✑ Sign outs must be processed as fast as possible. What should you do? Create a new Azure Event Grid subscription for all authentication events. Use the subscription to process sign-out events. Create a separate Azure Event Grid handler for sign-in and sign-out events. Create separate Azure Event Grid topics and subscriptions for sign-in and sign-out events. Add a subject prefix to sign-out events. Create an Azure Event Grid subscription. Configure the subscription to use the subjectBeginsWith filter. You are developing a C++ application that compiles to a native application named process.exe. The application accepts images as input and returns images in one of the following image formats: GIF, PNG, or JPEG. You must deploy the application as an Azure Function. You need to configure the function and host json files. How should you complete the json files? ANSWER1 ANSWER2 ANSWER3. You are developing an Azure Static Web app that contains training materials for a tool company. Each tool’s training material is contained in a static web page that is linked from the tool’s publicly available description page. A user must be authenticated using Azure AD prior to viewing training. You need to ensure that the user can view training material pages after authentication. How should you complete the configuration file? ANSWER1 ANSWER2 ANSWER3 ANSWER4. You are authoring a set of nested Azure Resource Manager templates to deploy Azure resources. You author an Azure Resource Manager template named mainTemplate.json that contains the following linked templates: linkedTemplate1.json, linkedTemplate2.json. You add parameters to a parameters template file named mainTemplate.parameters,json. You save all templates on a local device in the C:\templates\ folder. You have the following requirements: • Store the templates in Azure for later deployment. • Enable versioning of the templates. • Manage access to the templates by using Azure RBAC. • Ensure that users have read-only access to the templates. • Allow users to deploy the templates. You need to store the templates in Azure. How should you complete the command? ANSWER1 ANSWER2. You are developing a service where customers can report news events from a browser using Azure Web PubSub. The service is implemented as an Azure Function App that uses the JSON WebSocket subprotocol to receive news events. You need to implement the bindings for the Azure Function App. How should you configure the binding? ANSWER1 ANSWER2. You are building a software-as-a-service (SaaS) application that analyzes DNA data that will run on Azure virtual machines (VMs) in an availability zone. The data is stored on managed disks attached to the VM. The performance of the analysis is determined by the speed of the disk attached to the VM. You have the following requirements: • The application must be able to quickly revert to the previous day’s data if a systemic error is detected. • The application must minimize downtime in the case of an Azure datacenter outage. You need to provision the managed disk for the VM to maximize performance while meeting the requirements. Which type of Azure Managed Disk should you use? Disk type Redundancy. You are developing an application that includes two Docker containers. The application must meet the following requirements: • The containers must not run as root. • The containers must be deployed to Azure Container Instances by using a YAML file. • The containers must share a lifecycle, resources, local network, and storage volume. • The storage volume must persist through container crashes. • The storage volume must be deployed on stop or restart of the containers. You need to configure Azure Container Instances for the application. Which configuration values should you use? Shared lifecycle StorageVolume. You are implementing a software as a service (SaaS) ASP.NET Core web service that will run as an Azure Web App. The web service will use an on-premises SQL Server database for storage. The web service also includes a WebJob that processes data updates. Four customers will use the web service. ✑ Each instance of the WebJob processes data for a single customer and must run as a singleton instance. ✑ Each deployment must be tested by using deployment slots prior to serving production data. ✑ Azure costs must be minimized. ✑ Azure resources must be located in an isolated network. You need to configure the App Service plan for the Web App. How should you configure the App Service plan? Number of VM instances Pricing tier. You are a developer for a software as a service (SaaS) company that uses an Azure Function to process orders. The Azure Function currently runs on an Azure Function app that is triggered by an Azure Storage queue. You are preparing to migrate the Azure Function to Kubernetes using Kubernetes-based Event Driven Autoscaling (KEDA). You need to configure Kubernetes Custom Resource Definitions (CRD) for the Azure Function. Which CRDs should you configure? Azure Function code Polling interval Azure Storage connection string. You are creating a CLI script that creates an Azure web app and related services in Azure App Service. The web app uses the following variables: Variable name : $gitrepo , Value : https://github/Contos/webapp Variable name : $webappname , Value : WebApp1103 You need to automatically deploy code from GitHub to the newly created web app. How should you complete the script? ANSWER1 ANSWER2 ANSWER3 ANSWER4 ANSWER5. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2. When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute. You need to design the process that starts the photo processing. Solution: Trigger the photo processing from Blob storage events. Does the solution meet the goal Yes No. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop and deploy an Azure App Service API app to a Windows-hosted deployment slot named Development. You create additional deployment slots named Testing and Production. You enable auto swap on the Production deployment slot. You need to ensure that scripts run and resources are available before a swap operation occurs. Solution: Update the web.config file to include the applicationInitialization configuration element. Specify custom initialization actions to run the scripts. Does the solution meet the goal? No Yes. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop and deploy an Azure App Service API app to a Windows-hosted deployment slot named Development. You create additional deployment slots named Testing and Production. You enable auto swap on the Production deployment slot. You need to ensure that scripts run and resources are available before a swap operation occurs. Solution: Enable auto swap for the Testing slot. Deploy the app to the Testing slot. Does the solution meet the goal? No Yes. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop and deploy an Azure App Service API app to a Windows-hosted deployment slot named Development. You create additional deployment slots named Testing and Production. You enable auto swap on the Production deployment slot. You need to ensure that scripts run and resources are available before a swap operation occurs. Solution: Disable auto swap. Update the app with a method named statuscheck to run the scripts. Re-enable auto swap and deploy the app to the Production slot. Does the solution meet the goal? No Yes. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2. When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute. You need to design the process that starts the photo processing. Solution: Convert the Azure Storage account to a BlockBlobStorage storage account. Does the solution meet the goal? Yes No. You are developing an Azure Web App. You configure TLS mutual authentication for the web app. You need to validate the client certificate in the web app. To answer, select the appropriate options in the answer area. Client certificate location Encoding type. You are developing a Docker/Go using Azure App Service Web App for Containers. You plan to run the container in an App Service on Linux. You identify a Docker container image to use. None of your current resource groups reside in a location that supports Linux. You must minimize the number of resource groups required. You need to create the application and perform an initial deployment. Which three Azure CLI commands should you use to develop the solution? Choose in the correct order 1 2 3. Fourth Coffee has an ASP.NET Core web app that runs in Docker. The app is mapped to the www.fourthcoffee.com domain. Fourth Coffee is migrating this application to Azure. You need to provision an App Service Web App to host this docker image and map the custom domain to the App Service web app. A resource group named FourthCoffeePublicWebResourceGroup has been created in the WestUS region that contains an App Service Plan named AppServiceLinuxDockerPlan. Which order should the CLI commands be used to develop the solution? Choose in the correct order 1 2 3 4. You are developing a serverless Java application on Azure. You create a new Azure Key Vault to work with secrets from a new Azure Functions application. The application must meet the following requirements: ✑ Reference the Azure Key Vault without requiring any changes to the Java code. ✑ Dynamically add and remove instances of the Azure Functions host based on the number of incoming application events. ✑ Ensure that instances are perpetually warm to avoid any cold starts. ✑ Connect to a VNet. ✑ Authentication to the Azure Key Vault instance must be removed if the Azure Function application is deleted. You need to grant the Azure Functions application access to the Azure Key Vault. Which three actions should you perform in sequence? Choose the correct order 1 2 3. You develop a website. You plan to host the website in Azure. You expect the website to experience high traffic volumes after it is published. You must ensure that the website remains available and responsive while minimizing cost. You need to deploy the website. What should you do? Deploy the website to a virtual machine. Configure the virtual machine to automatically scale when the CPU load is high. Deploy the website to an App Service that uses the Shared service tier. Configure the App Service plan to automatically scale when the CPU load is high. Deploy the website to a virtual machine. Configure a Scale Set to increase the virtual machine instance count when the CPU load is high. Deploy the website to an App Service that uses the Standard service tier. Configure the App Service plan to automatically scale when the CPU load is high. . A company is developing a Java web app. The web app code is hosted in a GitHub repository located at https://github.com/Contoso/webapp. The web app must be evaluated before it is moved to production. You must deploy the initial code release to a deployment slot named staging. You need to create the web app and deploy the code. How should you complete the commands? ANSWER1 ANSWER2 ANSWER3 ANSWER4 ANSWER5. You have a web service that is used to pay for food deliveries. The web service uses Azure Cosmos DB as the data store. You plan to add a new feature that allows users to set a tip amount. The new feature requires that a property named tip on the document in Cosmos DB must be present and contain a numeric value. There are many existing websites and mobile apps that use the web service that will not be updated to set the tip property for some time. How should you complete the trigger? ANSWER1 ANSWER2 ANSWER3. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop an HTTP triggered Azure Function app to process Azure Storage blob data. The app is triggered using an output binding on the blob. The app continues to time out after four minutes. The app must process the blob data. You need to ensure the app does not time out and processes the blob data. Solution: Use the Durable Function async pattern to process the blob data. Does the solution meet the goal? Yes No. ote: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop an HTTP triggered Azure Function app to process Azure Storage blob data. The app is triggered using an output binding on the blob. The app continues to time out after four minutes. The app must process the blob data. You need to ensure the app does not time out and processes the blob data. Solution: Pass the HTTP trigger payload into an Azure Service Bus queue to be processed by a queue trigger function and return an immediate HTTP success response. Does the solution meet the goal? Yes No. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop an HTTP triggered Azure Function app to process Azure Storage blob data. The app is triggered using an output binding on the blob. The app continues to time out after four minutes. The app must process the blob data. You need to ensure the app does not time out and processes the blob data. Solution: Configure the app to use an App Service hosting plan and enable the Always On setting. Does the solution meet the goal? Yes No. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2. When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute. You need to design the process that starts the photo processing. Solution: Move photo processing to an Azure Function triggered from the blob upload. Does the solution meet the goal? Yes No. You are developing an application that uses Azure Blob storage. The application must read the transaction logs of all the changes that occur to the blobs and the blob metadata in the storage account for auditing purposes. The changes must be in the order in which they occurred, include only create, update, delete, and copy operations and be retained for compliance reasons. You need to process the transaction logs asynchronously. What should you do? Process all Azure Blob storage events by using Azure Event Grid with a subscriber Azure Function app. Enable the change feed on the storage account and process all changes for available events Process all Azure Storage Analytics logs for successful blob events. Use the Azure Monitor HTTP Data Collector API and scan the request body for successful blob events. You plan to create a Docker image that runs an ASP.NET Core application named ContosoApp. You have a setup script named setupScript.ps1 and a series of application files including ContosoApp.dll. You need to create a Dockerfile document that meets the following requirements: ✑ Call setupScripts.ps1 when the container is built. ✑ Run ContosoApp.dll when the container starts. The Dockerfile document must be created in the same folder where ContosoApp.dll and setupScript.ps1 are stored. Which five commands should you use to develop the solution? Choose a correct order 1 2 3 4 5. You are developing an Azure Function App that processes images that are uploaded to an Azure Blob container. Images must be processed as quickly as possible after they are uploaded, and the solution must minimize latency. You create code to process images when the Function App is triggered. You need to configure the Function App. What should you do? Use an App Service plan. Configure the Function App to use an Azure Blob Storage input trigger. Use a Consumption plan. Configure the Function App to use an Azure Blob Storage trigger. Use a Consumption plan. Configure the Function App to use a Timer trigger. Use an App Service plan. Configure the Function App to use an Azure Blob Storage trigger. Use a Consumption plan. Configure the Function App to use an Azure Blob Storage input trigger. You are configuring a new development environment for a Java application. The environment requires a Virtual Machine Scale Set (VMSS), several storage accounts, and networking components. The VMSS must not be created until the storage accounts have been successfully created and an associated load balancer and virtual network is configured. How should you complete the Azure Resource Manager template? ANSWER1 ANSWER2 ASNWER3. You are developing an Azure Function App by using Visual Studio. The app will process orders input by an Azure Web App. The web app places the order information into Azure Queue Storage. You need to review the Azure Function App code shown below. Which of these answers are true? The code will log the time that the order was processed from the queue. When the ProcessOrders function fails, the function will retry up to five times for a given order, including the first try. When there are multiple orders in the queue, a batch of orders will be retrieved from the queue and the ProcessOrders function will run multiple instances concurrently to process the orders. The ProcessOrders function will output the order to an Orders table in Azure Table Storage. You are developing a solution for a hospital to support the following use cases: ✑ The most recent patient status details must be retrieved even if multiple users in different locations have updated the patient record. ✑ Patient health monitoring data retrieved must be the current version or the prior version. ✑ After a patient is discharged and all charges have been assessed, the patient billing record contains the final charges. You provision a Cosmos DB NoSQL database and set the default consistency level for the database account to Strong. You set the value for Indexing Mode to Consistent. You need to minimize latency and any impact to the availability of the solution. You must override the default consistency level at the query level to meet the required consistency guarantees for the scenarios. Which consistency levels should you implement? Return the most recent patient status. Return health monitoring data that is no less than one version behind. After patient is discharged and all charges are assessed, retrieve the correct billing data with the final charges. You are configuring a development environment for your team. You deploy the latest Visual Studio image from the Azure Marketplace to your Azure subscription. The development environment requires several software development kits (SDKs) and third-party components to support application development across the organization. You install and customize the deployed virtual machine (VM) for your development team. The customized VM must be saved to allow provisioning of a new team member development environment. You need to save the customized VM for future provisioning. Which tools or services should you use? Generalize the VM Store images. You are preparing to deploy a website to an Azure Web App from a GitHub repository. The website includes static content generated by a script. You plan to use the Azure Web App continuous deployment feature. You need to run the static generation script before the website starts serving traffic. What are two possible ways to achieve this goal? Each correct answer presents a complete solution. Add the path to the static content generation tool to WEBSITE_RUN_FROM_PACKAGE setting in the host.json file. Add a PreBuild target in the websites csproj project file that runs the static content generation script. Create a file named run.cmd in the folder /run that calls a script which generates the static content and deploys the website. Create a file named .deployment in the root of the repository that calls a script which generates the static content and deploys the website. . You are developing an application to use Azure Blob storage. You have configured Azure Blob storage to include change feeds. A copy of your storage account must be created in another region. Data must be copied from the current storage account to the new storage account directly between the storage servers. You need to create a copy of the storage account in another region and copy the data. In which order should you perform the actions? Choose the correct order 1 2 3 4 5. You are preparing to deploy an Azure virtual machine (VM)-based application. The VMs that run the application have the following requirements: ✑ When a VM is provisioned the firewall must be automatically configured before it can access Azure resources. ✑ Supporting services must be installed by using an Azure PowerShell script that is stored in Azure Storage. You need to ensure that the requirements are met. Which features should you use? Firewall configuration Supporting services script. A company is developing a Node.js web app. The web app code is hosted in a GitHub repository located at https://github.com/TailSpinToys/webapp. The web app must be reviewed before it is moved to production. You must deploy the initial code release to a deployment slot named review. You need to create the web app and deploy the code. How should you complete the commands? ANSWER1 ANSWER2 ANSWER3 ANSWER4. You are developing an application that needs access to an Azure virtual machine (VM). The access lifecycle for the application must be associated with the VM service instance. You need to enable managed identity for the VM. How should you complete the PowerShell segment? ANSWER1 ANSWER2. This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2. When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute. You need to design the process that starts the photo processing. Solution: Create an Azure Function app that uses the Consumption hosting model and that is triggered from the blob upload. Does the solution meet the goal? Yes No. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop and deploy an Azure App Service API app to a Windows-hosted deployment slot named Development. You create additional deployment slots named Testing and Production. You enable auto swap on the Production deployment slot. You need to ensure that scripts run and resources are available before a swap operation occurs. Solution: Update the app with a method named statuscheck to run the scripts. Update the app settings for the app. Set the WEBSITE_SWAP_WARMUP_PING_PATH and WEBSITE_SWAP_WARMUP_PING_STATUSES with a path to the new method and appropriate response codes. Does the solution meet the goal? No Yes. You create the following PowerShell script: Which of these answers are true ? A log alert is created that sends an email when the CPU percentage is above 60 percent for five minutes. A log alert is created that sends an email when the number of virtual machine heartbeats in the past hour is less than five. The log alert is scheduled to run every two hours. You are developing an Azure Function app. The app must meet the following requirements: ✑ Enable developers to write the functions by using the Rust language. ✑ Declaratively connect to an Azure Blob Storage account. You need to implement the app. Which Azure Function app features should you use? Enable developers to write the functions by using the Rust language. Declaratively connect to an Azure Blob Storage account. You are developing an ASP.NET Core web application. You plan to deploy the application to Azure Web App for Containers. The application needs to store runtime diagnostic data that must be persisted across application restarts. You have the following code. You need to configure the application settings so that diagnostic data is stored as required. How should you configure the web app's settings? LOCALAPPDATA WEBSITE_LOCALCACHE_ENABLED DOTNET_HOSTING_OPTIMIZATION_CACHE WEBSITES_ENABLE_APP_SERVICE_STORAGE DIAGDATA. You are developing a web app that is protected by Azure Web Application Firewall (WAF). All traffic to the web app is routed through an Azure Application Gateway instance that is used by multiple web apps. The web app address is contoso.azurewebsites.net. All traffic must be secured with SSL. The Azure Application Gateway instance is used by multiple web apps. You need to configure the Azure Application Gateway for the web app. Which two actions should you perform? In the Azure Application Gateway's HTTP setting, enable the Use for App service setting. Convert the web app to run in an Azure App service environment (ASE). Add an authentication certificate for contoso.azurewebsites.net to the Azure Application Gateway. In the Azure Application Gateway's HTTP setting, set the value of the Override backend path option to contoso22.azurewebsites.net. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2. When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute. You need to design the process that starts the photo processing. Solution: Use the Azure Blob Storage change feed to trigger photo processing. Does the solution meet the goal? Yes No. You are developing a web application that runs as an Azure Web App. The web application stores data in Azure SQL Database and stores files in an Azure Storage account. The web application makes HTTP requests to external services as part of normal operations. The web application is instrumented with Application Insights. The external services are OpenTelemetry compliant. You need to ensure that the customer ID of the signed in user is associated with all operations throughout the overall system. What should you do? Add the customer ID for the signed in user to the CorrelationContext in the web application On the current SpanContext, set the TraceId to the customer ID for the signed in user Set the header Ocp-Apim-Trace to the customer ID for the signed in user Create a new SpanContext with the TraceFlags value set to the customer ID for the signed in user. You are developing an Azure Function App. You develop code by using a language that is not supported by the Azure Function App host. The code language supports HTTP primitives. You must deploy the code to a production Azure Function App environment. You need to configure the app for deployment. Which configuration values should you use? Publish Runtime stack Version. You provision virtual machines (VMs) as development environments. One VM does not start. The VM is stuck in a Windows update process. You attach the OS disk for the affected VM to a recovery VM. You need to correct the issue. In which order should you perform the actions? Choose the correct order 1 2 3 4. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop an HTTP triggered Azure Function app to process Azure Storage blob data. The app is triggered using an output binding on the blob. The app continues to time out after four minutes. The app must process the blob data. You need to ensure the app does not time out and processes the blob data. Solution: Update the functionTimeout property of the host.json project file to 10 minutes. Does the solution meet the goal? Yes No. You are developing an Azure Durable Function based application that processes a list of input values. The application is monitored using a console application that retrieves JSON data from an Azure Function diagnostic endpoint. During processing a single instance of invalid input does not cause the function to fail. Invalid input must be available to the monitoring application. You need to implement the Azure Durable Function and the monitoring console application. How should you complete the code segments? ANSWER1 ANSWER2 ANSWER3. You are developing an Azure Durable Function to manage an online ordering process. The process must call an external API to gather product discount information. You need to implement the Azure Durable Function. Which Azure Durable Function types should you use? Orchestrator Entity Client Activity. You are authoring a set of nested Azure Resource Manager templates to deploy multiple Azure resources. The templates must be tested before deployment and must follow recommended practices. You need to validate and test the templates before deployment. Which tools should you use? Determine whether the templates follow recommended practices Test and validate changes that templates will make to the environment. You develop Azure Durable Functions to manage vehicle loans. The loan process includes multiple actions that must be run in a specified order. One of the actions includes a customer credit check process, which may require multiple days to process. You need to implement Azure Durable Functions for the loan process. Which Azure Durable Functions type should you use? orchestrator client entity activity. You are developing an Azure Function app. All functions in the app meet the following requirements: • Run until either a successful run or until 10 run attempts occur. • Ensure that there are at least 20 seconds between attempts for up to 15 minutes. You need to configure the host.json file. How should you complete the code segment? ANSWER1 ANSWER2 ANSWER3. You develop Azure Web Apps for a commercial diving company. Regulations require that all divers fill out a health questionnaire every 15 days after each diving job starts. You need to configure the Azure Web Apps so that the instance count scales up when divers are filling out the questionnaire and scales down after they are complete. You need to configure autoscaling. What are two possible auto scaling configurations to achieve this goal? Each correct answer presents a complete solution. Recurrence profile CPU usage-based autoscaling Fixed date profile Predictive autoscaling. You are developing an online game that allows players to vote for their favorite photo that illustrates a word. The game is built by using Azure Functions and uses durable entities to track the vote count. The voting window is 30 seconds. You must minimize latency. You need to implement the Azure Function for voting. How should you complete the code? ANSWER1 ANSWER2. You have an App Service plan named asp1 based on the Free pricing tier. You plan to use asp1 to implement an Azure Function app with a queue trigger. Your solution must minimize cost. You need to identify the configuration options that will meet the requirements. Which value should you configure? ANSWER1 ANSWER2. You are developing several microservices to run on Azure Container Apps. The microservices must allow HTTPS access by using a custom domain. You need to configure the custom domain in Azure Container Apps. In which order should you perform the actions? Choose the correct order 1 2 3 4 5. You are developing several microservices to run on Azure Container Apps. External HTTP ingress traffic has been enabled for the microservices. The microservices must be deployed to the same virtual network and write logs to the same Log Analytics workspace. You need to deploy the microservices. What should you do? Enable single revision mode. Use a separate environment for each container. Use a private container registry image and single image for all containers. Use a single environment for all containers. Enable multiple revision mode. You are developing several microservices to run on Azure Container Apps. External HTTP ingress traffic has been enabled for the microservices. A deployed microservice must be updated to allow users to test new features. You have the following requirements: • Enable and maintain a single URL for the updated microservice to provide to test users. • Update the microservice that corresponds to the current microservice version. You need to configure Azure Container Apps. Which features should you configure? ANSWER1 ANSWER2. You are developing a solution that uses the Azure Storage Client library for .NET. You have the following code: (Line numbers are included for reference only.) Which of these answers are true The code creates an infinite lease The code at line 06 always creates a new blob The finally block releases the lease. You are building a website that uses Azure Blob storage for data storage. You configure Azure Blob storage lifecycle to move all blobs to the archive tier after 30 days. Customers have requested a service-level agreement (SLA) for viewing data older than 30 days. You need to document the minimum SLA for data recovery. Which SLA should you use? at least two days between one and 15 hours at least one day between zero and 60 minutes. You are developing a ticket reservation system for an airline. The storage solution for the application must meet the following requirements: ✑ Ensure at least 99.99% availability and provide low latency. ✑ Accept reservations even when localized network outages or other unforeseen failures occur. ✑ Process reservations in the exact sequence as reservations are submitted to minimize overbooking or selling the same seat to multiple travelers. ✑ Allow simultaneous and out-of-order reservations with a maximum five-second tolerance window. You provision a resource group named airlineResourceGroup in the Azure South-Central US region. You need to provision a SQL API Cosmos DB account to support the app. How should you complete the Azure CLI commands? ANSWER1 ANSWER2 ANSWER3. You are preparing to deploy a Python website to an Azure Web App using a container. The solution will use multiple containers in the same container group. The Dockerfile that builds the container is as follows: FROM python:3 ADD website.py CMD [ "python", "./website.py"] You build a container by using the following command. The Azure Container Registry instance named images is a private registry. docker build -t images.azurecr.io/website:v1.0.0 The user name and password for the registry is admin. The Web App must always run the same version of the website regardless of future builds. You need to create an Azure Web App to run the website. How should you complete the commands? ANSWER1 ANSWER2 ANSWER3. You are developing a back-end Azure App Service that scales based on the number of messages contained in a Service Bus queue. A rule already exists to scale up the App Service when the average queue length of unprocessed and valid queue messages is greater than 1000. You need to add a new rule that will continuously scale down the App Service as long as the scale up condition is not met. How should you configure the Scale rule? ANSWER1 ANSWER2 ANSWER3. You have an application that uses Azure Blob storage. You need to update the metadata of the blobs. Which three methods should you use to develop the solution? Choose the correct order 1 2 3. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are developing an Azure solution to collect point-of-sale (POS) device data from 2,000 stores located throughout the world. A single device can produce 2 megabytes (MB) of data every 24 hours. Each store location has one to five devices that send data. You must store the device data in Azure Blob storage. Device data must be correlated based on a device identifier. Additional stores are expected to open in the future. You need to implement a solution to receive the device data. Solution: Provision an Azure Event Grid. Configure the machine identifier as the partition key and enable capture. Does the solution meet the goal? Yes No. You develop Azure solutions. A .NET application needs to receive a message each time an Azure virtual machine finishes processing data. The messages must NOT persist after being processed by the receiving application. You need to implement the .NET object that will receive the messages. Which object should you use? QueueClient SubscriptionClient TopicClient CloudQueueClient. You are maintaining an existing application that uses an Azure Blob GPv1 Premium storage account. Data older than three months is rarely used. Data newer than three months must be available immediately. Data older than a year must be saved but does not need to be available immediately. You need to configure the account to support a lifecycle management rule that moves blob data to archive storage for data not modified in the last year. Which three actions should you perform in sequence? Choose the correct order 1 2 3. You develop Azure solutions. You must connect to a No-SQL globally-distributed database by using the .NET API. You need to create an object to configure and execute requests in the database. Which code segment should you use? new Container(EndpointUri, PrimaryKey); new Database(EndpointUri, PrimaryKey); new CosmosClient(EndpointUri, PrimaryKey);. You have an existing Azure storage account that stores large volumes of data across multiple containers. You need to copy all data from the existing storage account to a new storage account. The copy process must meet the following requirements: ✑ Automate data movement. ✑ Minimize user input required to perform the operation. ✑ Ensure that the data movement process is recoverable. What should you use? AzCopy Azure Storage Explorer Azure portal .NET Storage Client Library. You are developing a web service that will run on Azure virtual machines that use Azure Storage. You configure all virtual machines to use managed identities. You have the following requirements: ✑ Secret-based authentication mechanisms are not permitted for accessing an Azure Storage account. ✑ Must use only Azure Instance Metadata Service endpoints. You need to write code to retrieve an access token to access Azure Storage Code segment 1 Code segment 2. You are developing a new page for a website that uses Azure Cosmos DB for data storage. The feature uses documents that have the following format: { "name": "John", "city": "Seattle" } You must display data for the new page in a specific order. You create the following query for the page: SELECT* FROM People p ORDER BY p.name, p.city DESC You need to configure a Cosmos DB policy to support the query. How should you configure the policy? ANSWER1 ANSWER2. You are building a traffic monitoring system that monitors traffic along six highways. The system produces time series analysis-based reports for each highway. Data from traffic sensors are stored in Azure Event Hub. Traffic data is consumed by four departments. Each department has an Azure Web App that displays the time series-based reports and contains a WebJob that processes the incoming data from Event Hub. All Web Apps run on App Service Plans with three instances. Data throughput must be maximized. Latency must be minimized. You need to implement the Azure Event Hub. Which settings should you use? ANSWER1 ANSWER2. You are developing a microservices solution. You plan to deploy the solution to a multinode Azure Kubernetes Service (AKS) cluster. You need to deploy a solution that includes the following features: ✑ reverse proxy capabilities ✑ configurable traffic routing ✑ TLS termination with a custom certificate Which components should you use? Deploy solution View cluster and external IP addresing Implement a single, public IP endpoint that is routed to multiple microservices. Which filter types should you implement? Each filter type may be used once, more than once, or not at all. SQLFilter CorrelationFilter No Filter. Your company has several websites that use a company logo image. You use Azure Content Delivery Network (CDN) to store the static image. You need to determine the correct process of how the CDN and the Point of Presence (POP) server will distribute the image and list the items in the correct order. In which order do the actions occur? Choose the correct order 1 2 3 4. You are developing an Azure Cosmos DB solution by using the Azure Cosmos DB SQL API. The data includes millions of documents. Each document may contain hundreds of properties. The properties of the documents do not contain distinct values for partitioning. Azure Cosmos DB must scale individual containers in the database to meet the performance needs of the application by spreading the workload evenly across all partitions over time. You need to select a partition key. Which two partition keys can you use? a single property value that does not appear frequently in the documents a value containing the collection name a single property value that appears frequently in the documents a concatenation of multiple property values with a random suffix appended a hash suffix appended to a property value. You are developing an Azure-hosted e-commerce web application. The application will use Azure Cosmos DB to store sales orders. You are using the latest SDK to manage the sales orders in the database. You create a new Azure Cosmos DB instance. You include a valid endpoint and valid authorization key to an appSettings.json file in the code project. You are evaluating the following application code: (Line number are included for reference only.) Which of these answers are true A database named SalesOrders is created. The database will include two containers Container1 will contain two items Container2 will contain one item. You develop an Azure solution that uses Cosmos DB. The current Cosmos DB container must be replicated and must use a partition key that is optimized for queries. You need to implement a change feed processor solution. Which change feed processor components should you use? Store the data from which the change feed is generated Coordinate processing of the change feed across multiple workers Use the change feed processor to listen for changes Handle each batch of changes. You are developing a web application that will use Azure Storage. Older data will be less frequently used than more recent data. You need to configure data storage for the application. You have the following requirements: ✑ Retain copies of data for five years. ✑ Minimize costs associated with storing data that is over one year old. ✑ Implement Zone Redundant Storage for application data. What should you do? ANSWER1 ANSWER2. Which of these answers are true SaveScore will work with Cosmos DB SaveScore will update and replace a record if one already exists with the same playerId and gameId Leader board data for the game will be automatically partitioned using gameId SaveScore will store the values for the gameId and playerId parameters in the database. You develop and deploy a web application to Azure App Service. The application accesses data stored in an Azure Storage account. The account contains several containers with several blobs with large amounts of data. You deploy all Azure resources to a single region. You need to move the Azure Storage account to the new region. You must copy all data to the new region. What should you do first? Export the Azure Storage account Azure Resource Manager template Initiate a storage account failover Configure object replication for all blobs Use the AzCopy command line tool Create a new Azure Storage account in the current region Create a new subscription in the current region. You are developing an application to collect the following telemetry data for delivery drivers: first name, last name, package count, item id, and current location coordinates. The app will store the data in Azure Cosmos DB. You need to configure Azure Cosmos DB to query the data. Which values should you use? ANSWER1 ANSWER2. You are implementing an Azure solution that uses Azure Cosmos DB and the latest Azure Cosmos DB SDK. You add a change feed processor to a new container instance. You attempt to read a batch of 100 documents. The process fails when reading one of the documents. The solution must monitor the progress of the change feed processor instance on the new container as the change feed is read. You must prevent the change feed processor from retrying the entire batch when one document cannot be read. You need to implement the change feed processor to read the documents. Which features should you use? Monitor the progress of the change feed processor Prevent the change feed processor from retrying the entire batch when one document cannot be read. You are implementing an Azure solution that uses Azure Cosmos DB and the latest Azure Cosmos DB SDK. You add a change feed processor to a new container instance. You attempt to read a batch of 100 documents. The process fails when reading one of the documents. The solution must monitor the progress of the change feed processor instance on the new container as the change feed is read. You must prevent the change feed processor from retrying the entire batch when one document cannot be read. You need to implement the change feed processor to read the documents. Which features should you use? Which of these answers are true Block blobs prefixed with transactions will transition blobs that have not been modified in over 60 days to cool storage, and delete blobs not modified in 365 days Blobs are moved to cool storage if they have not been accessed for 60 days The policy rule tiers previous versions within a container named transactions that are 60 days or older to the cool tier and deletes previous versions that are 365 days or older Blobs will automatically be tiered from cool back to hot if accessed again after being tiered to cool. An organization deploys Azure Cosmos DB. You need to ensure that the index is updated as items are created, updated, or deleted. What should you do? Set the indexing mode to Lazy. Set the value of the automatic property of the indexing policy to False. Set the value of the EnableScanInQuery option to True. Set the indexing mode to Consistent. You are developing a .Net web application that stores data in Azure Cosmos DB. The application must use the Core API and allow millions of reads and writes. The Azure Cosmos DB account has been created with multiple write regions enabled. The application has been deployed to the East US2 and Central US regions. You need to update the application to support multi-region writes. What are two possible ways to achieve this goal? Update the ConnectionPolicy class for the Cosmos client and populate the PreferredLocations property based on the geo-proximity of the application. Update Azure Cosmos DB to use the Strong consistency level. Add indexed properties to the container to indicate region. Update the ConnectionPolicy class for the Cosmos client and set the UseMultipleWriteLocations property to true. Create and deploy a custom conflict resolution policy. Update Azure Cosmos DB to use the Session consistency level. Send the SessionToken property value from the FeedResponse object of the write action to the end-user by using a cookie. You are developing a solution to store documents in Azure Blob storage. Customers upload documents to multiple containers. Documents consist of PDF, CSV, Microsoft Office format and plain text files. The solution must process millions of documents across hundreds of containers. The solution must meet the following requirements: ✑ Documents must be categorized by a customer identifier as they are uploaded to the storage account. ✑ Allow filtering by the customer identifier. ✑ Allow searching of information contained within a document ✑ Minimize costs. You create and configure a standard general-purpose v2 storage account to support the solution. You need to implement the solution. What should you implement? ANSWER1 ANSWER2. You are developing a web application by using the Azure SDK. The web application accesses data in a zone-redundant BlockBlobStorage storage account. The application must determine whether the data has changed since the application last read the data. Update operations must use the latest data changes when writing data to the storage account. You need to implement the update operations. Which values should you use? ANSWER1 ANSWER2. An organization deploys a blob storage account. Users take multiple snapshots of the blob storage account over time. You need to delete all snapshots of the blob storage account. You must not delete the blob storage account itself. How should you complete the code segment? ANSWER1 ANSWER2. An organization deploys a blob storage account. Users take multiple snapshots of the blob storage account over time. You need to delete all snapshots of the blob storage account. You must not delete the blob storage account itself. How should you complete the code segment? ANSWER1 ANSWER2. You are developing an application that monitors data added to an Azure Blob storage account. You need to process each change made to the storage account. How should you complete the code segment? ANSWER1 ANSWER2. You develop an application that sells AI generated images based on user input. You recently started a marketing campaign that displays unique ads every second day. Sales data is stored in Azure Cosmos DB with the date of each sale being stored in a property named ‘whenFinished’. The marketing department requires a view that shows the number of sales for each unique ad. You need to implement the query for the view. How should you complete the query? ANSWER1 ANSWER2 ANSWER3. You implement an Azure solution to include Azure Cosmos DB, the latest Azure Cosmos DB SDK, and the Core (SQL) API. You also implement a change feed processor on a new container instance by using the Azure Functions trigger for Azure Cosmos DB. A large batch of documents continues to fail when reading one of the documents in the batch. The same batch of documents is continuously retried by the triggered function and a new batch of documents must be read. You need to implement the change feed processor to read the documents. Which feature should you implement? Read a new batch of documents while keeping track of the failing batch of documents. Handle errors in the change feed processor. You are developing an application to store business-critical data in Azure Blob storage. The application must meet the following requirements: • Data must not be modified or deleted for a user-specified interval. • Data must be protected from overwrites and deletes. • Data must be written once and allowed to be read many times. You need to protect the data in the Azure Blob storage account. Which two actions should you perform? Configure a time-based retention policy for the storage account. Create an account shared-access signature (SAS). Enable the blob change feed for the storage account. Enable version-level immutability support for the storage account. Enable point-in-time restore for containers in the storage account. Create a service shared-access signature (SAS). You are updating an application that stores data on Azure and uses Azure Cosmos DB for storage. The application stores data in multiple documents associated with a single username. The application requires the ability to update multiple documents for a username in a single ACID operation. You need to configure Azure Cosmos DB. Which two actions should you perform? Create a collection sharded on username to store documents. Configure Azure Cosmos DB to use the Gremlin API. Create an unsharded collection to store documents. Configure Azure Cosmos DB to use the MongoDB API. You develop Azure solutions. You must connect to a No-SQL globally-distributed database by using the .NET API. You need to create an object to configure and execute requests in the database. Which code segment should you use? database_name = 'MyDatabase' database = client.create_database_if_not_exists(id=database_name) client = CosmosClient(endpoint, key) container_name = 'MyContainer' container = database.create_container_if_not_exists( id=container_name, partition_key=PartitionKey(path="/lastName"), offer_throughput=400 ). You develop a web application that provides access to legal documents that are stored on Azure Blob Storage with version-level immutability policies. Documents are protected with both time-based policies and legal hold policies. All time-based retention policies have the AllowProtectedAppendWrites property enabled. You have a requirement to prevent the user from attempting to perform operations that would fail only when a legal hold is in effect and when all other policies are expired. You need to meet the requirement. Which two operations should you prevent? adding data to documents deleting documents creating documents overwriting existing documents. You provisioned an Azure Cosmos DB for NoSQL account named account1 with the default consistency level. You plan to configure the consistency level on a per request basis. The level needs to be set for consistent prefix for read and write operations to account1. You need to identify the resulting consistency level for read and write operations. Which levels should you configure? ANSWER1 ANSWER2. You are developing an application to store millions of images in Azure blob storage. The images are uploaded to an Azure blob storage container named companyimages contained in an Azure blob storage account named companymedia. The stored images are uploaded with multiple blob index tags across multiple blobs in the container. You must find all blobs whose tags match a search expression in the container. The search expression must evaluate an index tag named status with a value of final. You need to construct the GET method request URI. How should you complete the URI? ANSWER1 ANSWER2 ANSWER3. You develop two Python scripts to process data. The Python scripts must be deployed to two, separate Linux containers running in an Azure Container Instance container group. The containers must access external data by using the Server Message Block (SMB) protocol. Containers in the container group must run only once. You need to configure the Azure Container Instance. Which configuration value should you use? ANSWER1 ANSWER2. You are developing a static website hosted on Azure Blob Storage. You create a storage account and enable static website hosting. The website must support the following requirements: • Custom domain name • Custom header values for all responses • Custom SSL certificate You need to implement the static website. What should you configure? ANSWER1 ANSWER2 ANSWER3. You are developing an inventory tracking solution. The solution includes an Azure Function app containing multiple functions triggered by Azure Cosmos DB. You plan to deploy the solution to multiple Azure regions. The solution must meet the following requirements: • Item results from Azure Cosmos DS must return the most recent committed version of an item. • Items written to Azure Cosmos DB must provide ordering guarantees. You need to configure the consistency level for the Azure Cosmos DB deployments. Which consistency level should you use? consistent prefix eventual bounded staleness strong session. You are developing an application that runs in several customer Azure Kubernetes Service clusters. Within each cluster, a pod runs that collects performance data to be analyzed later. A large amount of data is collected so saving latency must be minimized. The performance data must be stored so that pod restarts do not impact the stored data. Write latency should be minimized. You need to configure blob storage. How should you complete the YAML configuration? ANSWER1 ANSWER2 ANSWER3. Case study - This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided. To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study. At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section. To start the case study - To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question. Background - VanArsdel, Ltd. is a global office supply company. The company is based in Canada and has retail store locations across the world. The company is developing several cloud-based solutions to support their stores, distributors, suppliers, and delivery services. Current environment - Corporate website - The company provides a public website located at http://www.vanarsdelltd.com. The website consists of a React JavaScript user interface, HTML, CSS, image assets, and several APIs hosted in Azure Functions. Retail Store Locations - The company supports thousands of store locations globally. Store locations send data every hour to an Azure Blob storage account to support inventory, purchasing and delivery services. Each record includes a location identifier and sales transaction information. Requirements - The application components must meet the following requirements: Corporate website - • Secure the website by using SSL. • Minimize costs for data storage and hosting. • Implement native GitHub workflows for continuous integration and continuous deployment (CI/CD). • Distribute the website content globally for local use. • Implement monitoring by using Application Insights and availability web tests including SSL certificate validity and custom header value verification. • The website must have 99.95 percent uptime. Retail store locations - • Azure Functions must process data immediately when data is uploaded to Blob storage. Azure Functions must update Azure Cosmos DB by using native SQL language queries. • Audit store sale transaction information nightly to validate data, process sales financials, and reconcile inventory. Delivery services - • Store service telemetry data in Azure Cosmos DB by using an Azure Function. Data must include an item id, the delivery vehicle license plate, vehicle package capacity, and current vehicle location coordinates. • Store delivery driver profile information in Azure Active Directory (Azure AD) by using an Azure Function called from the corporate website. Inventory services - The company has contracted a third-party to develop an API for inventory processing that requires access to a specific blob within the retail store storage account for three months to include read-only access to the data. Security - • All Azure Functions must centralize management and distribution of configuration data for different environments and geographies, encrypted by using a company-provided RSA-HSM key. • Authentication and authorization must use Azure AD and services must use managed identities where possible. Issues - Retail Store Locations - • You must perform a point-in-time restoration of the retail store location data due to an unexpected and accidental deletion of data. • Azure Cosmos DB queries from the Azure Function exhibit high Request Unit (RU) usage and contain multiple, complex queries that exhibit high point read latency for large items as the function app is scaling. You need to implement the delivery service telemetry data. How should you configure the solution? ANSWER1 ANSWER2. You create and publish a new Azure App Service web app. User authentication and authorization must use Azure Active Directory (Azure AD). You need to configure authentication and authorization. What should you do first? Add an identity provider. Map an existing custom DNS name. Create and configure a new app setting. Add a private certificate. Create and configure a managed identity. You have an Azure Cosmos DB for NoSQL account. You plan to develop two apps named App1 and App2 that will use the change feed functionality to track changes to containers. App1 will use the pull model and App2 will use the push model. You need to choose the method to track the most recently processed change in App1 and App2. Which component should you use? App1 App2. You are developing a Java application that uses Cassandra to store key and value data. You plan to use a new Azure Cosmos DB resource and the Cassandra API in the application. You create an Azure Active Directory (Azure AD) group named Cosmos DB Creators to enable provisioning of Azure Cosmos accounts, databases, and containers. The Azure AD group must not be able to access the keys that are required to access the data. You need to restrict access to the Azure AD group. Which role-based access control should you use? DocumentDB Accounts Contributor Cosmos Backup Operator Cosmos DB Operator Cosmos DB Account Reader. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are developing a website that will run as an Azure Web App. Users will authenticate by using their Azure Active Directory (Azure AD) credentials. You plan to assign users one of the following permission levels for the website: admin, normal, and reader. A user's Azure AD group membership must be used to determine the permission level. You need to configure authorization. Solution: Configure the Azure Web App for the website to allow only authenticated requests and require Azure AD log on. Does the solution meet the goal? Yes No. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are developing a website that will run as an Azure Web App. Users will authenticate by using their Azure Active Directory (Azure AD) credentials. You plan to assign users one of the following permission levels for the website: admin, normal, and reader. A user's Azure AD group membership must be used to determine the permission level. You need to configure authorization. Solution: ✑ Create a new Azure AD application. In the application's manifest, set value of the groupMembershipClaims option to All. ✑ In the website, use the value of the groups claim from the JWT for the user to determine permissions. Does the solution meet the goal? Yes No. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are developing a website that will run as an Azure Web App. Users will authenticate by using their Azure Active Directory (Azure AD) credentials. You plan to assign users one of the following permission levels for the website: admin, normal, and reader. A user's Azure AD group membership must be used to determine the permission level. You need to configure authorization. Solution: ✑ Create a new Azure AD application. In the application's manifest, define application roles that match the required permission levels for the application. ✑ Assign the appropriate Azure AD group to each role. In the website, use the value of the roles claim from the JWT for the user to determine permissions. Does the solution meet the goal? Yes No. You are developing an application to securely transfer data between on-premises file systems and Azure Blob storage. The application stores keys, secrets, and certificates in Azure Key Vault. The application uses the Azure Key Vault APIs. The application must allow recovery of an accidental deletion of the key vault or key vault objects. Key vault objects must be retained for 90 days after deletion. You need to protect the key vault and key vault objects. Which Azure Key Vault feature should you use? Enable retention period and accidental deletion Enforce retention period and accidental deletion. You provide an Azure API Management managed web service to clients. The back-end web service implements HTTP Strict Transport Security (HSTS). Every request to the backend service must include a valid HTTP authorization header. You need to configure the Azure API Management instance with an authentication policy. Which two policies can you use? Basic Authentication Digest Authentication Certificate Authentication OAuth Client Credential Grant. You are developing an ASP.NET Core website that can be used to manage photographs which are stored in Azure Blob Storage containers. Users of the website authenticate by using their Azure Active Directory (Azure AD) credentials. You implement role-based access control (RBAC) role permissions on the containers that store photographs. You assign users to RBAC roles. You need to configure the website's Azure AD Application so that user's permissions can be used with the Azure Blob containers. How should you configure the application? API : Azure Storage ; Permission : ANSWER1 ; Type : ANSWER2 API : Microsoft Graph ; Permission : User.Read ; Type : ANSWER3 ANSWER1 ANSWER2 ANSWER3. You are developing an ASP.NET Core app that includes feature flags which are managed by Azure App Configuration. You create an Azure App Configuration store named AppFeatureFlagStore that contains a feature flag named Export. You need to update the app to meet the following requirements: ✑ Use the Export feature in the app without requiring a restart of the app. ✑ Validate users before users are allowed access to secure resources. ✑ Permit users to access secure resources. How should you complete the code segment? ANSWER1 ANSWER2 ANSWER3. You have an application that includes an Azure Web app and several Azure Function apps. Application secrets including connection strings and certificates are stored in Azure Key Vault. Secrets must not be stored in the application or application runtime environment. Changes to Azure Active Directory (Azure AD) must be minimized. You need to design the approach to loading application secrets. What should you do? Create a single user-assigned Managed Identity with permission to access Key Vault and configure each App Service to use that Managed Identity. Create a single Azure AD Service Principal with permission to access Key Vault and use a client secret from within the App Services to access Key Vault. Create a system assigned Managed Identity in each App Service with permission to access Key Vault. Create an Azure AD Service Principal with Permissions to access Key Vault for each App Service and use a certificate from within the App Services to access Key Vault. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are developing a medical records document management website. The website is used to store scanned copies of patient intake forms. If the stored intake forms are downloaded from storage by a third party, the contents of the forms must not be compromised. You need to store the intake forms according to the requirements. Solution: 1. Create an Azure Key Vault key named skey. 2. Encrypt the intake forms using the public key portion of skey. 3. Store the encrypted data in Azure Blob storage. Does the solution meet the goal? Yes No. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are developing a medical records document management website. The website is used to store scanned copies of patient intake forms. If the stored intake forms are downloaded from storage by a third party, the contents of the forms must not be compromised. You need to store the intake forms according to the requirements. Solution: 1. Create an Azure Cosmos DB database with Storage Service Encryption enabled. 2. Store the intake forms in the Azure Cosmos DB database. Does the solution meet the goal? Yes No. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are developing a medical records document management website. The website is used to store scanned copies of patient intake forms. If the stored intake forms are downloaded from storage by a third party, the contents of the forms must not be compromised. You need to store the intake forms according to the requirements. Solution: Store the intake forms as Azure Key Vault secrets. Does the solution meet the goal? Yes No. You plan to deploy a new application to a Linux virtual machine (VM) that is hosted in Azure. The entire VM must be secured at rest by using industry-standard encryption technology to address organizational security and compliance requirements. You need to configure Azure Disk Encryption for the VM. How should you complete the Azure CLI commands? ANSWER1 ANSWER2 ANSWER3 ANSWER4 ANSWER5. Your company is developing an Azure API hosted in Azure. You need to implement authentication for the Azure API to access other Azure resources. You have the following requirements: ✑ All API calls must be authenticated. ✑ Callers to the API must not send credentials to the API. Which authentication mechanism should you use? Basic Anonymous Managed identity Client certificate. You are developing an application. You have an Azure user account that has access to two subscriptions. You need to retrieve a storage account key secret from Azure Key Vault. In which order should you arrange the PowerShell commands to develop the solution? Choose the correct order 1 2 3 4 5. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop Azure solutions. You must grant a virtual machine (VM) access to specific resource groups in Azure Resource Manager. You need to obtain an Azure Resource Manager access token. Solution: Use an X.509 certificate to authenticate the VM with Azure Resource Manager. Does the solution meet the goal? Yes No. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop Azure solutions. You must grant a virtual machine (VM) access to specific resource groups in Azure Resource Manager. You need to obtain an Azure Resource Manager access token. Solution: Use the Reader role-based access control (RBAC) role to authenticate the VM with Azure Resource Manager. Does the solution meet the goal? Yes No. You are building a website that is used to review restaurants. The website will use an Azure CDN to improve performance and add functionality to requests. You build and deploy a mobile app for Apple iPhones. Whenever a user accesses the website from an iPhone, the user must be redirected to the app store. You need to implement an Azure CDN rule that ensures that iPhone users are redirected to the app store. How should you complete the Azure Resource Manager template? ANSWER1 ANSWER2 ANSWER3 ANSWER4 ANSWER5. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are developing a website that will run as an Azure Web App. Users will authenticate by using their Azure Active Directory (Azure AD) credentials. You plan to assign users one of the following permission levels for the website: admin, normal, and reader. A user's Azure AD group membership must be used to determine the permission level. You need to configure authorization. Solution: ✑ Configure and use Integrated Windows Authentication in the website. ✑ In the website, query Microsoft Graph API to load the groups to which the user is a member. Does the solution meet the goal? Yes No. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop Azure solutions. You must grant a virtual machine (VM) access to specific resource groups in Azure Resource Manager. You need to obtain an Azure Resource Manager access token. Solution: Run the Invoke-RestMethod cmdlet to make a request to the local managed identity for Azure resources endpoint. Does the solution meet the goal? Yes No. You are building a website to access project data related to teams within your organization. The website does not allow anonymous access. Authentication is performed using an Azure Active Directory (Azure AD) app named internal. The website has the following authentication requirements: ✑ Azure AD users must be able to login to the website. ✑ Personalization of the website must be based on membership in Active Directory groups. You need to configure the application's manifest to meet the authentication requirements. How should you configure the manifest? ANSWER1 ANSWER2. You develop an app that allows users to upload photos and videos to Azure storage. The app uses a storage REST API call to upload the media to a blob storage account named Account1. You have blob storage containers named Container1 and Container2. Uploading of videos occurs on an irregular basis. You need to copy specific blobs from Container1 to Container2 when a new video is uploaded. What should you do? Copy blobs to Container2 by using the Put Blob operation of the Blob Service REST API Create an Event Grid topic that uses the Start-AzureStorageBlobCopy cmdlet Use AzCopy with the Snapshot switch to copy blobs to Container2 Download the blob to a virtual machine and then upload the blob to Container2. You are developing an ASP.NET Core website that uses Azure FrontDoor. The website is used to build custom weather data sets for researchers. Data sets are downloaded by users as Comma Separated Value (CSV) files. The data is refreshed every 10 hours. Specific files must be purged from the FrontDoor cache based upon Response Header values. You need to purge individual assets from the Front Door cache. Which type of cache purge should you use? single path wildcard root domain. Your company is developing an Azure API. You need to implement authentication for the Azure API. You have the following requirements: All API calls must be secure. ✑ Callers to the API must not send credentials to the API. Which authentication mechanism should you use? Basic Anonymous Managed identity Client certificate. You are a developer for a SaaS company that offers many web services. All web services for the company must meet the following requirements: ✑ Use API Management to access the services ✑ Use OpenID Connect for authentication ✑ Prevent anonymous usage A recent security audit found that several web services can be called without any authentication. Which API Management policy should you implement? jsonp authentication-certificate check-header validate-jwt. Contoso, Ltd. provides an API to customers by using Azure API Management (APIM). The API authorizes users with a JWT token. You must implement response caching for the APIM gateway. The caching mechanism must detect the user ID of the client that accesses data for a given location and cache the response for that user ID. You need to add the following policies to the policies file: ✑ a set-variable policy to store the detected user identity ✑ a cache-lookup-value policy ✑ a cache-store-value policy ✑ a find-and-replace policy to update the response body with the user profile information To which policy section should you add the policies? Each section may be used once, more than once, or not at all. Set-variable Cache-lookup-value Cache-store-value Find-and-replace. You are developing an Azure solution. You need to develop code to access a secret stored in Azure Key Vault. How should you complete the code segment? ANSWER1 ANSWER2. You are developing an Azure App Service REST API. The API must be called by an Azure App Service web app. The API must retrieve and update user profile information stored in Azure Active Directory (Azure AD). You need to configure the API to make the updates. Which two tools should you use? Microsoft Graph API Microsoft Authentication Library (MSAL) Azure API Management Microsoft Azure Security Center Microsoft Azure Key Vault SDK. You develop a REST API. You implement a user delegation SAS token to communicate with Azure Blob storage. The token is compromised. You need to revoke the token. What are two possible ways to achieve this goal? Revoke the delegation key. Delete the stored access policy. Regenerate the account key. Remove the role assignment for the security principle. You are developing an Azure-hosted application that must use an on-premises hardware security module (HSM) key. The key must be transferred to your existing Azure Key Vault by using the Bring Your Own Key (BYOK) process. You need to securely transfer the key to Azure Key Vault. Which four actions should you perform in sequence? Choose in the correct order 1 2 3 4. You develop and deploy an Azure Logic app that calls an Azure Function app. The Azure Function app includes an OpenAPI (Swagger) definition and uses an Azure Blob storage account. All resources are secured by using Azure Active Directory (Azure AD). The Azure Logic app must securely access the Azure Blob storage account. Azure AD resources must remain if the Azure Logic app is deleted. You need to secure the Azure Logic app. What should you do? Create a user-assigned managed identity and assign role-based access controls. Create an Azure AD custom role and assign the role to the Azure Blob storage account. Create an Azure Key Vault and issue a client certificate. Create a system-assigned managed identity and issue a client certificate. Create an Azure AD custom role and assign role-based access controls. You are developing an application that uses a premium block blob storage account. You are optimizing costs by automating Azure Blob Storage access tiers. You apply the following policy rules to the storage account. You must determine the implications of applying the rules to the data. (Line numbers are included for reference only.) Which of these answers are true ? Block blobs prefixed with container1/salesorders or container2/inventory which have not been modified in over 60 days are moved to cool storage. Blobs that have not been modified in 120 days are moved to the archive tier. Blobs are moved to cool storage if they have not been accessed for 30 days. Blobs will automatically be tiered from cool back to hot if accessed again after being tiered to cool. All block blobs older than 730 days will be deleted. You are developing a solution that will use a multi-partitioned Azure Cosmos DB database. You plan to use the latest Azure Cosmos DB SDK for development. The solution must meet the following requirements: ✑ Send insert and update operations to an Azure Blob storage account. ✑ Process changes to all partitions immediately. ✑ Allow parallelization of change processing. You need to process the Azure Cosmos DB operations. What are two possible ways to achieve this goal Create an Azure App Service API and implement the change feed estimator of the SDK. Scale the API by using multiple Azure App Service instances. Create a background job in an Azure Kubernetes Service and implement the change feed feature of the SDK. Create an Azure Function to use a trigger for Azure Cosmos DB. Configure the trigger to connect to the container. Create an Azure Function that uses a FeedIterator object that processes the change feed by using the pull model on the container. Use a FeedRange object to parallelize the processing of the change feed across multiple functions. You have an Azure Web app that uses Cosmos DB as a data store. You create a CosmosDB container by running the following PowerShell script: $resourceGroupName = "testResourceGroup" $accountName = "testCosmosAccount" $databaseName = "testDatabase" $containerName = "testContainer" $partitionKeyPath = "/EmployeeId" $autoscaleMaxThroughput = 5000 New-AzCosmosDBSqlContainer - -ResourceGroupName $resourceGroupName -AccountName $accountName -DatabaseName $databaseName -Name $containerName -PartitionKeyKind Hash -PartitionKeyPath $partitionKeyPath -AutoscaleMaxThroughput $autoscaleMaxThroughput You create the following queries that target the container: SELECT * FROM c WHERE c.EmployeeId > '12345' SELECT * FROM c WHERE c.UserID = '12345' Which of these answers are true ? The minimum throughput for the container is 400 R/Us. The first query statement is an in-partition query. The second query statement is a cross-partition query. You are developing a web application that makes calls to the Microsoft Graph API. You register the application in the Azure portal and upload a valid X509 certificate. You create an appsettings.json file containing the certificate name, client identifier for the application, and the tenant identifier of the Azure Active Directory (Azure AD). You create a method named ReadCertificate to return the X509 certificate by name. You need to implement code that acquires a token by using the certificate. How should you complete the code segment? ANSWER1 ANSWER2. You develop a containerized application. You plan to deploy the application to a new Azure Container instance by using a third-party continuous integration and continuous delivery (CI/CD) utility. The deployment must be unattended and include all application assets. The third-party utility must only be able to push and pull images from the registry. The authentication must be managed by Azure Active Directory (Azure AD). The solution must use the principle of least privilege. You need to ensure that the third-party utility can access the registry. Which authentication options should you use? To ANSWER1 ANSWER2. You deploy an Azure App Service web app. You create an app registration for the app in Azure Active Directory (Azure AD) and Twitter. The app must authenticate users and must use SSL for all communications. The app must use Twitter as the identity provider. You need to validate the Azure AD request in the app code. What should you validate? ID token header ID token signature HTTP response code Tenant ID. A development team is creating a new REST API. The API will store data in Azure Blob storage. You plan to deploy the API to Azure App Service. Developers must access the Azure Blob storage account to develop the API for the next two months. The Azure Blob storage account must not be accessible by the developers after the two-month time period. You need to grant developers access to the Azure Blob storage account. What should you do? Generate a shared access signature (SAS) for the Azure Blob storage account and provide the SAS to all developers. Create and apply a new lifecycle management policy to include a last accessed date value. Apply the policy to the Azure Blob storage account. Provide all developers with the access key for the Azure Blob storage account. Update the API to include the Coordinated Universal Time (UTC) timestamp for the request header. Grant all developers access to the Azure Blob storage account by assigning role-based access control (RBAC) roles. You develop a web application. You need to register the application with an active Azure Active Directory (Azure AD) tenant. Which three actions should you perform in sequence? Choose the correct order 1 2 3. You have a new Azure subscription. You are developing an internal website for employees to view sensitive data. The website uses Azure Active Directory (Azure AD) for authentication. You need to implement multifactor authentication for the website. Which two actions should you perform? Configure the website to use Azure AD B2C. In Azure AD, create a new conditional access policy. Upgrade to Azure AD Premium. In Azure AD, enable application proxy. In Azure AD conditional access, enable the baseline policy. An organization plans to deploy Azure storage services. You need to configure shared access signature (SAS) for granting access to Azure Storage. Which SAS types should you use? Delegate access to resources in one or more of the storage services Delegate access to a resource in a single storage service Secure a resource by using Azure AD credentials. Which values should you use? Controller attribute Startup method AppConfig endpoint setting. |