Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 6)
Contoso, Ltd., uses Azure websites for public-facing customer websites. The company has a mobile app that requires customers sign in by using a Contoso customer account.
Customers must be able to sign on to the websites and mobile app by using a Microsoft, Facebook, or Google account. All transactions must be secured in-transit regardless of device.
You need to configure the websites and mobile app to work with external identity providers. Which three actions should you perform? Each correct answer presents part of the
solution.
A. Request a certificate from a domain registrar for the website URL, and enable TLS/SSL.
B. Configure IPsec for the websites and the mobile app.
C. Configure the KerberosTokenProfile 1.1 protocol.
D. Configure OAuth2 to connect to an external authentication provider.
E. Build an app by using MVC 5 that is hosted in Azure to provide a framework for the underlying authentication.
Answer: A,D,E
Explanation: DE: This tutorial shows you how to build an ASP.NET MVC 5 web application that enables users to log in using OAuth 2.0 with credentials from an external authentication provider, such as Facebook, Twitter, LinkedIn, Microsoft, or Google.
A:
* You will now be redirected back to the Register page of the MvcAuth application where you can register your Google account. You have the option of changing the local email registration name used for your Gmail account, but you generally want to keep the default email alias (that is, the one you used for authentication). Click Register.
* To connect to authentication providers like Google and Facebook, you will need to set up IIS-Express to use SSL.
Reference: Code! MVC 5 App with Facebook, Twitter, LinkedIn and Google OAuth2 Sign- on (C#)
http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and- google-oauth2-and-openid-sign-on
Q2. HOTSPOT - (Topic 4)
You need to recommend strategies for storing data.
Which services should you recommend? To answer, select the appropriate storage technology for each data type in the answer area.
Answer:
Explanation:
* Media metadata: Azure Queue Storage Service
Scenario: Media metadata must be stored in Azure Table storage.
Azure Queues provide a uniform and consistent programming model across queues, tables, and BLOBs – both for developers and for operations teams.
* Images: Azure Mobile Services
Scenario: Media files must be stored in Azure BLOB storage.
You can use Azure Mobile Services to access images from mobile devices.
* Audio: Azure Media Services
* Video: Azure Media Services
Microsoft Azure Media Services is an extensible cloud-based platform that enables developers to build scalable media management and delivery applications. Media Services is based on REST APIs that enable you to securely upload, store, encode and package video or audio content for both on-demand and live streaming delivery to various clients (for example, TV, PC, and mobile devices).
Q3. DRAG DROP - (Topic 3)
You need to recommend network connectivity solutions for the experimental applications.
What should you recommend? To answer, drag the appropriate solution to the correct network connection requirements. Each solution may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Explanation:
ExpressRoute gives you a fast and reliable connection to Azure making it suitable for scenarios like periodic data migration, replication for business continuity, disaster recovery and other high availability strategies. It can also be a cost-effective option for transferring large amounts of data such as datasets for high performance computing applications or moving large VMs between your dev/test environment in Azure and on-premises production environment.
Box 2: point-to-site VPN Box 3: point-to-site VPN
A point-to-site VPN also allows you to create a secure connection to your virtual network. In a point-to-site configuration, the connection is configured individually on each client computer that you want to connect to the virtual network
Box 4: site-to-site VPN
A site-to-site VPN allows you to create a secure connection between your on-premises site and your virtual network. To create a site-to-site connection, a VPN device that is located on your on-premises network is configured to create a secure connection with the Azure Virtual Network Gateway. Once the connection is created, resources on your local network and resources located in your virtual network can communicate directly and securely. Site- to-site connections do not require you to establish a separate connection for each client computer on your local network to access resources in the virtual network.
* Scenario: Support building experimental applications by using data from the Azure
deployment and on-premises data sources.
Q4. DRAG DROP - (Topic 6)
You are designing the deployment of Azure Site Recovery with Hyper-V Replica. The environment does not have System Center Virtual Machine Manager (VMM) deployed.
You need to instruct an implementation team to prepare the Azure environment for deployment.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the
correct order.
Answer:
Q5. - (Topic 8)
You need to support web and mobile application secure logons. Which technology should you use?
A. Azure Active Directory B2B
B. OAuth 1.0
C. LDAP
D. Azure Active Directory B2C
Answer: D
Q6. DRAG DROP - (Topic 2)
You need to ensure that customer data is secured both in transit and at rest.
Which technologies should you recommend? To answer, drag the appropriate technology to the correct security requirement. Each technology may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Explanation:
* Azure Rights Management service
Azure Rights Management service uses encryption, identity, and authorization policies to help secure your files and email, and it works across multiple devices—phones, tablets, and PCs. Information can be protected both within your organization and outside your organization because that protection remains with the data, even when it leaves your organization’s boundaries.
* Transparent Data Encryption
Transparent Data Encryption (often abbreviated to TDE) is a technology employed by both Microsoft and Oracle to encrypt database files. TDE offers encryption at file level. TDE solves the problem of protecting data at rest, encrypting databases both on the hard drive and consequently on backup media.
* TLS/SSL
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating, and to negotiate a symmetric key.
Q7. DRAG DROP - (Topic 7)
You need to deploy the WGBLoanMaster app by using the Azure Command-Line Interface (CLI).
Which five commands should you run in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q8. - (Topic 6)
You are planning an upgrade strategy for an existing Azure application. Multiple instances of the application run in Azure. The management team is concerned about application downtime, due to a business service level agreement (SLA).
You are evaluating which change in your environment will require downtime. You need to identify the changes to the environment that will force downtime. Which change always requires downtime?
A. Adding an HTTPS endpoint to a web role
B. Upgrading the hosted service by deploying a new package
C. Changing the value of a configuration setting
D. Changing the virtual machine size
Answer: A
Explanation: If you change the number of endpoints for your service, for example by adding a HTTPS endpoint for your existing Web Role, it will require downtime.
Reference: Re-Deploying your Windows Azure Service without Incurring Downtime http://blog.toddysm.com/2010/06/re-deploying-your-windows-azure-service-without-incurring-downtime.html
Q9. - (Topic 6)
A company has multiple Azure subscriptions. It plans to deploy a large number of virtual machines (VMs) into Azure.
You install the Azure PowerShell module, but you are unable connect to all of the company's Azure subscriptions.
You need to automate the management of the Azure subscriptions. Which two Azure PowerShell cmdlets should you run?
A. Get-AzurePublishSettingsFile
B. Import-AzurePublishSettingsFile
C. Add-AzureSubscription
D. Import-AzureCertificate
E. Get-AzureCertificate
Answer: A,B
Explanation: Before you start using the Windows Azure cmdlets to automate deployments, you must configure connectivity between the provisioning computer and Windows Azure. You can do this automatically by downloading the PublishSettings file from Windows Azure and importing it.
To download and import publish settings and subscription information
✑ At the Windows PowerShell command prompt, type the following command, and then press Enter.
Get-AzurePublishSettingsFile
2. Sign in to the Windows Azure Management Portal, and then follow the instructions to download your Windows Azure publishing settings. Save the file as a .publishsettings type file to your computer.
3. In the Windows Azure PowerShell window, at the command prompt, type the following command, and then press Enter.
Import-AzurePublishSettingsFile <mysettings>.publishsettings
Reference: How to: Download and Import Publish Settings and Subscription Information https://msdn.microsoft.com/en-us/library/dn385850%28v=nav.70%29.aspx
Q10. - (Topic 1)
You need to recommend a solution that allows partners to authenticate. Which solution should you recommend?
A. Configure the federation provider to trust social identity providers.
B. Configure the federation provider to use the Azure Access Control service.
C. Create a new directory in Azure Active Directory and create a user account for the partner.
D. Create an account on the VanArsdel domain for the partner and send an email message that contains the password to the partner.
Answer: B
Explanation: * Scenario: The partners all use Hotmail.com email addresses.
* In Microsoft Azure Active Directory Access Control (also known as Access Control Service or ACS), an identity provider is a service that authenticates user or client identities and issues security tokens that ACS consumes.
The ACS Management Portal provides built-in support for configuring Windows Live ID as an ACS Identity Provider.
Incorrect:
Not C, not D: Scenario: VanArsdel management does NOT want to create and manage user accounts for partners.
Reference: Identity Providers
https://msdn.microsoft.com/en-us/library/azure/gg185971.aspx
Q11. HOTSPOT - (Topic 6)
You have an on-premises Active Directory Domain Services domain. You are considering moving your infrastructure to Azure Active Directory.
You need describe the features that each directory service provides.
For each feature, what should you implement? To answer, select the appropriate option from each list in the answer area.
Answer:
Q12. - (Topic 6)
You are designing the deployment of virtual machines (VMs) and web services that run in Azure.
You need to specify the desired state of a node and ensure that the node remains at that state.
What should you use?
A. Microsoft Azure Pack
B. Service Management Automation
C. System Center 2021 Orchestrator
D. Azure Automation
Answer: A
Q13. HOTSPOT - (Topic 6)
Your company plans to migrate its on-premises Microsoft SQL Server databases to Azure.
You are considering using SQL Server 2014 on Azure virtual machines and Azure SQL Database. The planned migration must support the following data security features:
*Database-level firewall rules
*Dynamic Data Masking
*Transparent data encryption (TDE)
You need to identify the data security features supported by each product.
Which features should you identify? To answer, select the appropriate options in the answer area.
Answer:
Q14. - (Topic 6)
You are designing an Azure application. The application includes two web roles and three instances of a worker role. The web roles send requests to the worker role by using one or more Azure Queues.
You need to recommend a queue design for sending requests to the worker role. What should you recommend?
A. Create a queue for each combination of web roles and worker role instances. Send requests to all worker role instances based on the sending web role.
B. Create a single queue. Send all requests on the single queue.
C. Create a queue for each worker role instance. Send requests on each worker queue by using a round robin rotation.
D. Create a queue for each web role. Send requests on all queues at the same time.
Answer: B
Explanation: To communicate with the worker role, a web role instance places messages on to a queue. A worker role instance polls the queue for new messages, retrieves them, and processes them. There are a couple of important things to know about the way the queue service works in Azure. First, you reference a queue by name, and multiple role instances can share a single queue. Second, there is no concept of a typed message; you construct a message from either a string or a byte array. An individual message can be no more than 64 kilobytes (KB) in size.
Reference: 5 – Executing Background Tasks https://msdn.microsoft.com/en-gb/library/ff803365.aspx Reference: .NET Multi-Tier Application Using Service Bus Queues
http://azure.microsoft.com/en-gb/documentation/articles/cloud-services-dotnet-multi-tier- app-using-service-bus-queues/
Q15. HOTSPOT - (Topic 6)
A company uses Azure for several virtual machine (VM) and website workloads. The company plans to assign administrative roles to a specific group of users. You have a resource group named GROUP1 and a virtual machine named VM2.
The users have the following responsibilities:
You need to assign the appropriate level of privileges to each of the administrators by using the principle of least privilege.
What should you do? To answer, select the appropriate target objects and permission levels in the answer area.
Answer:
Explanation:
* Owner can manage everything, including access.
* Contributors can manage everything except access.
Note: Azure role-based access control allows you to grant appropriate access to Azure AD users, groups, and services, by assigning roles to them on a subscription or resource group or individual resource level.