Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 1)
You need to ensure that users do not need to re-enter their passwords after they authenticate to cloud applications for the first time.
What should you do?
A. Enable Microsoft Account authentication.
B. Set up a virtual private network (VPN) connection between the VanArsdel premises and Azure datacenter. Set up a Windows Active Directory domain controller in Azure VM. Implement Integrated Windows authentication.
C. Deploy ExpressRoute.
D. Configure Azure Active Directory Sync to use single sign-on (SSO).
Answer: D
Explanation: Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them.
Reference: http://en.wikipedia.org/wiki/Single_sign-on
Q2. - (Topic 6)
A company has 10 on-premises SQL databases. The company plans to move the databases to SQL Server 2012 that runs in Azure Infrastructure-as-a-Service (IaaS). After migration, the databases will support a limited number of Azure websites in the same Azure Virtual Network.
You have the following requirements:
. You must restore copies of existing on-premises SQL databases to the SQL
servers that run in Azure IaaS.
. You must be able to manage the SQL databases remotely.
. You must not open a direct connection from all of the machines on the on-
premises network to Azure.
. Connections to the databases must originate from only five Windows computers.
You need to configure remote connectivity to the databases.
Which technology solution should you implement?
A. Azure Virtual Network site-to-site VPN
B. Azure Virtual Network multi-point VPN
C. Azure Virtual Network point-to-site VPN
D. Azure ExpressRoute
Answer: C
Explanation: A point-to-site VPN would meet the requirements.
Reference: Configure a Point-to-Site VPN connection to an Azure Virtual Network
https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-point-to-site-create/
Q3. - (Topic 6)
You are designing an Azure development environment. Team members learn Azure development techniques by training in the development environment.
The development environment must auto scale and load balance additional virtual machine (VM) instances.
You need to recommend the most cost-effective compute-instance size that allows team members to work with Azure in the development environment.
What should you recommend?
A. Azure A1 standard VM Instance
B. Azure A2 basic VM Instance
C. Azure A3 basic VM Instance
D. Azure A9 standard VM Instance
Answer: A
Explanation: Azure A1 standard VM Instance would be cheapest with 1 CPU core, 0.75 GB RAM, and 40 GB HD. It would be good enough for training purposes.
Reference: Virtual Machines Pricing, Launch Windows Server and Linux in minutes
http://azure.microsoft.com/en-us/pricing/details/virtual-machines/
Q4. - (Topic 6)
You design an Azure application that processes images. The maximum size of an image is 10 MB. The application includes a web role that allows users to upload images and a worker role with multiple instances that processes the images. The web role communicates with the worker role by using an Azure Queue service.
You need to recommend an approach for storing images that minimizes storage transactions.
What should you recommend?
A. Store images in Azure Blob service. Store references to the images in the queue.
B. Store images in the queue.
C. Store images in OneDrive attached to the worker role instances. Store references to the images in the queue.
D. Store images in local storage on the web role instance. Store references to the images in the queue.
Answer: A
Explanation: Azure Queues provide a uniform and consistent programming model across queues, tables, and BLOBs – both for developers and for operations teams. Microsoft Azure blob storage can be used to store the image data, the application can use a worker role in Azure to perform background processing tasks on the images, how the application may use shared access signatures to control access to the images by users. Azure blobs provide a series of containers aimed at storing text or binary data. Block blob containers are ideal for streaming data, while page blob containers can be used for random
read/write operations. Reference: 5 – Executing Background Tasks https://msdn.microsoft.com/en-gb/library/ff803365.aspx Reference: Azure Queues and Service Bus Queues - Compared and Contrasted https://msdn.microsoft.com/en-us/library/azure/hh767287.aspx
Q5. ic 1, VanArsdel, Ltd
Overview
VanArsdel, Ltd. builds skyscrapers, subways, and bridges. VanArsdel is a leader in using technology to do construction better.
Overview
VanArsdel employees are able to use their own mobile devices for work activities because the company recognizes that this usage enables employee productivity. Employees also access Software as a Service (SaaS) applications, including DocuSign, Dropbox, and Citrix. The company continues to evaluate and adopt more SaaS applications for its business. VanArsdel uses Azure Active Directory (AD) to authenticate its employees, as well as Multi-Factor Authentication (MFA). Management enjoys the ease with which MFA
can be enabled and disabled for employees who use cloud-based services. VanArsdel's on-premises directory contains a single forest.
Helpdesk:
VanArsdel creates a helpdesk group to assist its employees. The company sends email messages to all its employees about the helpdesk group and how to contact it. Configuring employee access for SaaS applications is often a time-consuming task. It is not always obvious to the helpdesk group which users should be given access to which SaaS applications. The helpdesk group must respond to many phone calls and email messages to solve this problem, which takes up valuable time. The helpdesk group is unable to meet the needs of VanArsdel's employees.
However, many employees do not work with the helpdesk group to solve their access problems. Instead, these employees contact their co-workers or managers to find someone who can help them. Also, new employees are not always told to contact the helpdesk group for access problems. Some employees report that they cannot see all the applications in the Access Panel that they have access to. Some employees report that they must re-enter their passwords when they access cloud applications, even though they have already authenticated.
Bring your own device (BYOD):
VanArsdel wants to continue to support users and their mobile and personal devices, but the company is concerned about how to protect corporate assets that are stored on these devices. The company does not have a strategy to ensure that its data is removed from the devices when employees leave the company.
Customer Support
VanArsdel wants a mobile app for customer profile registration and feedback. The company would like to keep track of all its previous, current, and future customers worldwide. A profile system using third-party authentication is required as well as feedback and support sections for the mobile app.
Migration:
VanArsdel plans to migrate several virtual machine (VM) workloads into Azure. They also plan to extend their on-premises Active Directory into Azure for mobile app authentication.
Business Requirements
Hybrid Solution:
A single account and credentials for both on-premises and cloud applications Certain applications that are hosted both in Azure and on-site must be accessible to both VanArsdel employees and partners
The service level agreement (SLA) for the solution requires an uptime of 99.9%
The partners all use Hotmail.com email addresses
Mobile App:
VanArsdel requires a mobile app for project managers on construction job sites. The mobile app has the following requirements:
The app must display partner information.
The app must alert project managers when changes to the partner information occur.
The app must display project information including an image gallery to view pictures of construction projects.
Project managers must be able to access the information remotely and securely.
Security:
VanArsdel must control access to its resources to ensure sensitive services and information are accessible only by authorized users and/or managed devices.
Employees must be able to securely share data, based on corporate policies, with other VanArsdel employees and with partners who are located on construction job sites.
VanArsdel management does NOT want to create and manage user accounts for partners.
Technical Requirements
Architecture:
VanArsdel requires a non-centralized stateless architecture fonts data and services where application, data, and computing power are at the logical extremes of the network.
VanArsdel requires separation of CPU storage and SQL services
Data Storage:
VanArsdel needs a solution to reduce the number of operations on the contractor information table. Currently, data transfer rates are excessive, and queue length for read/write operations affects performance.
A mobile service that is used to access contractor information must have automatically scalable, structured storage Images must be stored in an automatically scalable, unstructured form.
Mobile Apps:
VanArsdel mobile app must authenticate employees to the company's Active Directory.
Event-triggered alerts must be pushed to mobile apps by using a custom Node.js script.
The customer support app should use an identity provider that is configured by using the Access Control Service for current profile registration and authentication.
The customer support team will adopt future identity providers that are configured through Access Control Service.
Security:
Active Directory Federated Server (AD FS) will be used to extend AD into Azure.
Helpdesk administrators must have access to only the groups of Azure resources they are responsible for. Azure administration will be performed by a separate group.
IT administrative overhead must be minimized.
Permissions must be assigned by using Role Based Access Control (RBAC).
Line of business applications must be accessed securely.
1. - (Topic 1)
You need to prepare the implementation of data storage for the contractor information app.
What should you?
A. Create a storage account and implement multiple data partitions.
B. Create a Cloud Service and a Mobile Service. Implement Entity Group transactions.
C. Create a Cloud Service and a Deployment group. Implement Entity Group transactions.
D. Create a Deployment group and a Mobile Service. Implement multiple data partitions.
Answer: B
Explanation:
* Scenario: / VanArsdel needs a solution to reduce the number of operations on the contractor information table. Currently, data transfer rates are excessive, and queue length for read/write operations affects performance. / A mobile service that is used to access contractor information must have automatically scalable, structured storage
* The basic unit of deployment and scale in Azure is the Cloud Service.
Reference: Performing Entity Group Transactions
https://msdn.microsoft.com/en-us/library/azure/dd894038.aspx
Q6. - (Topic 6)
You are designing an Azure application that will use a worker role. The worker role will create temporary files.
You need to minimize storage transaction charges.
Where should you create the files?
A. In Azure local storage
B. In Azure Storage page blobs
C. On an Azure Drive
D. In Azure Storage block blobs
Answer: A
Explanation: Local storage is temporary in Azure. So, if the virtual machine supporting your role dies and cannot recover, your local storage is lost! Therefore, Azure developers will tell you, only volatile data should ever be stored in local storage of Azure.
Reference: Windows Azure Local File Storage How To Guide And Warnings
http://www.intertech.com/Blog/windows-azure-local-file-storage-how-to-guide-and-warnings/
Reference: http://blog.codingoutloud.com/2011/06/12/azure-faq-can-i-write-to-the-file-system-on-windows-azure/
Q7. - (Topic 1)
You are designing a plan to deploy a new application to Azure. The solution must provide a
single sign-on experience for users.
You need to recommend an authentication type.
Which authentication type should you recommend?
A. SAML credential tokens
B. Azure managed access keys
C. Windows Authentication
D. MS-CHAP
Answer: A
Explanation: A Microsoft cloud service administrator who wants to provide their Azure Active Directory (AD) users with sign-on validation can use a SAML 2.0 compliant SP-Lite profile based Identity Provider as their preferred Security Token Service (STS) / identity provider. This is useful where the solution implementer already has a user directory and password store on-premises that can be accessed using SAML 2.0. This existing user directory can be used for sign-on to Office 365 and other Azure AD-secured resources.
Reference: Use a SAML 2.0 identity provider to implement single sign-on
https://msdn.microsoft.com/en-us/library/azure/dn641269.aspx?f=255&MSPPError=-2147217396
Q8. - (Topic 6)
You are designing an Azure web application. The solution will be used by multiple customers. Each customer has different business logic and user interface requirements. Not all customers use the same version of the .NET runtime.
You need to recommend a deployment strategy.
What should you recommend?
A. Deploy with multiple web role instances.
B. Deploy each application in a separate tenant.
C. Deploy all applications in one tenant.
D. Deploy with multiple worker role instances.
Answer: B
Explanation: There are two types of tenant environments. The simplest type is a single-tenant application where one customer has 100% dedicated access to an application’s process space. A single Tenant Applications has a separate, logical instance of the application for each customer or client. A single tenant application is much more predictable and stable by its nature since there will never be more than one dedicated customer at any point in time in that VM. That customer has all of its users accessing that dedicated instance of the application.
Reference: Multi Tenancy and Windows Azure. Overview of Multi tenant Application and Single tenant Application Architectural considerations.
http://sanganakauthority.blogspot.in/2011/12/multi-tenancy-and-windows-azure.html
Q9. - (Topic 5)
You need to design the authentication solution for the NorthRide app. Which solution should you use?
A. Azure Active Directory Basic with multi-factor authentication for the cloud and on-premises users.
B. Active Directory Domain Services with mutual authentication
C. Azure Active Directory Premium and add multi-factor authentication the for cloud users
D. Active Directory Domain Services with multi-factor authentication
Answer: C
Explanation: * Scenario: The NorthRide app must use an additional level of authentication other than the employee's password.
* Azure Multi-Factor Authentication is the multi-factor authentication service that requires users to also verify sign-ins using a mobile app, phone call or text message. It is available to use with Azure Active Directory, to secure on-premise resources with the Azure Multi-Factor Authentication Server, and with custom applications and directories using the SDK.
Reference: What is Azure Multi-Factor Authentication?
https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication/
Reference: Azure Active Directory Pricing
http://azure.microsoft.com/en-gb/pricing/details/active-directory/
Q10. - (Topic 6)
You are the administrator for a company named Contoso, Ltd.
Contoso also has an Azure subscription and uses many on-premises Active Directory products as roles in Windows Server including the following:
Active Directory Domain Services (AD DS)
Active Directory Certificate Services (AD CS)
Active Directory Rights Management Services (AD RMS)
Active Directory Lightweight Directory Services (AD LDS)
Active Directory Federation Services (AD FS).
Contoso must use the directory management services available in Azure Active Directory.
You need to provide information to Contoso on the similarities and differences between Azure Active Directory and the Windows Server Active Directory family of services.
Which feature does Azure Active Directory and on-premises Active Directory both support?
A. Using the GraphAPI to query the directory
B. Issuing user certificates
C. Supporting single sign-on (SSO)
D. Querying the directory with LDAP
Answer: C
Explanation: AD FS supports Web single-sign-on (SSO) technologies, and so does Azure
Active Directory.
If you want single sign on we usually suggest using ADFS if you’re a Windows shop. Going
forward though, Azure Active Directory is another alternative you can use.
Reference: Using Azure Active Directory for Single Sign On with Yammer
https://samlman.wordpress.com/2015/03/02/using-azure-active-directory-for-single-sign-on-with-yammer/
Q11. - (Topic 6)
A company hosts a website and exposes web services on the company intranet.
The intranet is secured by using a firewall. Company policies prohibit changes to firewall
rules.
Devices outside the firewall must be able to access the web services.
You need to recommend an approach to enable inbound communication.
What should you recommend?
A. The Azure Access Control Service
B. Windows Azure Pack
C. The Azure Service Bus
D. A web service in an Azure role that relays data to the internal web services
Answer: C
Explanation: The Service Bus Relay is designed for the use-case of taking existing Windows Communication Foundation (WCF) web services and making those services securely accessible to solutions that reside outside the corporate perimeter without requiring intrusive changes to the corporate network infrastructure. Such Service Bus relay services are still hosted inside their existing environment, but they delegate listening for incoming sessions and requests to the cloud-hosted Service Bus.
Reference: .NET On-Premises/Cloud Hybrid Application Using Service Bus Relay
http://azure.microsoft.com/en-gb/documentation/articles/cloud-services-dotnet-hybrid-app-using-service-bus-relay/
Q12. - (Topic 6)
You are designing an Azure web application. The application uses one worker role. It does not use SQL Database. You have the following requirements:
. Maximize throughput and system resource availability
. Minimize downtime during scaling
You need to recommend an approach for scaling the application.
Which approach should you recommend?
A. Increase the role instance size.
B. Set up horizontal partitioning.
C. Increase the number of role instances.
D. Set up vertical partitioning.
Answer: C
Explanation: On the Scale page of the Azure Management Portal, you can manually scale your application or you can set parameters to automatically scale it. You can scale applications that are running Web Roles, Worker Roles, or Virtual Machines. To scale an application that is running instances of Web Roles or Worker Roles, you add or remove role instances to accommodate the work load.
Reference: How to Scale an Application
http://azure.microsoft.com/en-gb/documentation/articles/cloud-services-how-to-scale/
Q13. HOTSPOT - (Topic 1)
You need to design the contractor information app.
What should you recommend? To answer, select the appropriate options in the answer area.
Answer:
Q14. - (Topic 6)
You are designing an Azure application. The application includes two web roles and three instances of a worker role. The web roles send requests to the worker role by using one or more Azure Queues.
You need to recommend a queue design for sending requests to the worker role.
What should you recommend?
A. Create a queue for each combination of web roles and worker role instances. Send requests to all worker role instances based on the sending web role.
B. Create a single queue. Send all requests on the single queue.
C. Create a queue for each worker role instance. Send requests on each worker queue by using a round robin rotation.
D. Create a queue for each web role. Send requests on all queues at the same time.
Answer: B
Explanation: To communicate with the worker role, a web role instance places messages on to a queue. A worker role instance polls the queue for new messages, retrieves them, and processes them. There are a couple of important things to know about the way the queue service works in Azure. First, you reference a queue by name, and multiple role instances can share a single queue. Second, there is no concept of a typed message; you construct a message from either a string or a byte array. An individual message can be no more than 64 kilobytes (KB) in size.
Reference: 5 – Executing Background Tasks
https://msdn.microsoft.com/en-gb/library/ff803365.aspx
Reference: .NET Multi-Tier Application Using Service Bus Queues http://azure.microsoft.com/en-gb/documentation/articles/cloud-services-dotnet-multi-tier-app-using-service-bus-queues/
Q15. - (Topic 3)
You need to recommend a solution for publishing one of the company websites to Azure and configuring it for remote debugging.
Which two actions should you perform? Each correct answer presents part of the solution.
A. From Visual Studio, attach the debugger to the solution.
B. Set the application logging level to Verbose and enable logging.
C. Set the Web Server logging level to Information and enable logging.
D. Set the Web Server logging level to Verbose and enable logging.
E. From Visual Studio, configure the site to enable Debugger Attaching and then publish the site.
Answer: A,D
Explanation: * Scenario:
/ Mitigate the need to purchase additional tools for monitoring and debugging.
/A debugger must automatically attach to websites on a weekly basis. The scripts that
handle the configuration and setup of debugging cannot work if there is a delay in attaching
the debugger.
* A: After publishing your application you can use the Server Explorer in Visual Studio to
access your web sites.
After signing in you will see your Web Sites under the Windows Azure node in Server
Explorer. Right click on the site that you would like to debug and select Attach Debugger.
D: We need to debug the web site, not an application. We should use the more informative
Verbose logging level.
Reference: Remote Debugging a Window Azure Web Site with Visual Studio 2013
http://blogs.msdn.com/b/webdev/archive/2013/11/05/remote-debugging-a-window-azure-web-site-with-visual-studio-2013.aspx
Q16. - (Topic 6)
You are designing an Azure web application that includes many static content files.
The application is accessed from locations all over the world by using a custom domain name.
You need to recommend an approach for providing access to the static content with the least amount of latency.
Which two actions should you recommend? Each correct answer presents part of the solution.
A. Place the static content in Azure Table storage.
B. Configure a CNAME DNS record for the Azure Content Delivery Network (CDN) domain.
C. Place the static content in Azure Blob storage.
D. Configure a custom domain name that is an alias for the Azure Storage domain.
Answer: B,C
Explanation: B: There are two ways to map your custom domain to a CDN endpoint.
1.
Create a CNAME record with your domain registrar and map your custom domain and subdomain to the CDN endpoint
2.
Add an intermediate registration step with Azure cdnverify
C: The Azure Content Delivery Network (CDN) offers developers a global solution for delivering high-bandwidth content by caching blobs and static content of compute instances at physical nodes in the United States, Europe, Asia, Australia and South America. The benefits of using CDN to cache Azure data include: / Better performance and user experience for end users who are far from a content source, and are using applications where many 'internet trips' are required to load content / Large distributed scale to better handle instantaneous high load, say, at the start of an event such as a product launch
Reference: Using CDN for Azure https://azure.microsoft.com/en-gb/documentation/articles/cdn-how-to-use/
Reference: How to map Custom Domain to Content Delivery Network (CDN) endpoint
https://github.com/Azure/azure-content/blob/master/articles/cdn-map-content-to-custom-domain.md
https://github.com/Azure/azure-content/blob/master/articles/cdn-map-content-to-custom-domain.md
Q17. DRAG DROP - (Topic 6)
You have a web application on Azure.
The web application does not employ Secure Sockets Layer (SSL).
You need to enable SSL for your production deployment web application on Azure.
Which four actions should you perform in sequence? To answer, move the appropriate
actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q18. - (Topic 4)
You need to configure the deployment of the storage analysis application.
What should you do?
A. Create a new Mobile Service.
B. Configure the deployment from source control.
C. Add a new deployment slot.
D. Turn on continuous integration.
Answer: B
Explanation:
Scenario: Data analysis results:
The solution must provide a web service that allows applications to access the results of
analyses.