Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. DRAG DROP - (Topic 8)
You are training a new developer.
You need to describe the process flow for sending a notification.
Which three actions must be performed in sequence? To answer, move the appropriate
actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q2. - (Topic 3)
You need to recommend a solution for publishing one of the company websites to Azure and configuring it for remote debugging.
Which two actions should you perform? Each correct answer presents part of the solution.
A. From Visual Studio, attach the debugger to the solution.
B. Set the application logging level to Verbose and enable logging.
C. Set the Web Server logging level to Information and enable logging.
D. Set the Web Server logging level to Verbose and enable logging.
E. From Visual Studio, configure the site to enable Debugger Attaching and then publish the site.
Answer: A,D
Explanation: * Scenario:
/ Mitigate the need to purchase additional tools for monitoring and debugging.
/A debugger must automatically attach to websites on a weekly basis. The scripts that handle the configuration and setup of debugging cannot work if there is a delay in attaching the debugger.
* A: After publishing your application you can use the Server Explorer in Visual Studio to access your web sites.
After signing in you will see your Web Sites under the Windows Azure node in Server Explorer. Right click on the site that you would like to debug and select Attach Debugger.
D: We need to debug the web site, not an application. We should use the more informative Verbose logging level.
Reference: Remote Debugging a Window Azure Web Site with Visual Studio 2013 http://blogs.msdn.com/b/webdev/archive/2013/11/05/remote-debugging-a-window-azure-
web-site-with-visual-studio-2013.aspx
Q3. - (Topic 1)
You are designing a plan to deploy a new application to Azure. The solution must provide a single sign-on experience for users.
You need to recommend an authentication type. Which authentication type should you recommend?
A. SAML credential tokens
B. Azure managed access keys
C. Windows Authentication
D. MS-CHAP
Answer: A
Explanation: A Microsoft cloud service administrator who wants to provide their Azure Active Directory (AD) users with sign-on validation can use a SAML 2.0 compliant SP-Lite profile based Identity Provider as their preferred Security Token Service (STS) / identity provider. This is useful where the solution implementer already has a user directory and password store on-premises that can be accessed using SAML 2.0. This existing user directory can be used for sign-on to Office 365 and other Azure AD-secured resources.
Reference: Use a SAML 2.0 identity provider to implement single sign-on https://msdn.microsoft.com/en-us/library/azure/dn641269.aspx?f=255&MSPPError=-2147217396
Topic 2, Trey Research
Background Overview
Trey Research conducts agricultural research and sells the results to the agriculture and food industries. The company uses a combination of on-premises and third-party server clusters to meet its storage needs. Trey Research has seasonal demands on its services, with up to 50 percent drops in data capacity and bandwidth demand during low-demand periods. They plan to host their websites in an agile, cloud environment where the company can deploy and remove its websites based on its business requirements rather than the requirements of the hosting company.
A recent fire near the datacenter that Trey Research uses raises the management team's awareness of the vulnerability of hosting all of the company's websites and data at any single location. The management team is concerned about protecting its data from loss as a result of a disaster.
Websites
Trey Research has a portfolio of 300 websites and associated background processes that are currently hosted in a third-party datacenter. All of the websites are written in ASP.NET, and the background processes use Windows Services. The hosting environment costs Trey Research approximately S25 million in hosting and maintenance fees.
Infrastructure
Trey Research also has on-premises servers that run VMs to support line-of-business applications. The company wants to migrate the line-of-business applications to the cloud, one application at a time. The company is migrating most of its production VMs from an aging VMWare ESXi farm to a Hyper-V cluster that runs on Windows Server 2012.
Applications DistributionTracking
Trey Research has a web application named Distributiontracking. This application
constantly collects realtime data that tracks worldwide distribution points to customer retail sites. This data is available to customers at all times.
The company wants to ensure that the distribution tracking data is stored at a location that is geographically close to the customers who will be using the information. The system must continue running in the event of VM failures without corrupting data. The system is processor intensive and should be run in a multithreading environment.
HRApp
The company has a human resources (HR) application named HRApp that stores data in an on-premises SQL Server database. The database must have at least two copies, but data to support backups and business continuity must stay in Trey Research locations only. The data must remain on-premises and cannot be stored in the cloud.
HRApp was written by a third party, and the code cannot be modified. The human resources data is used by all business offices, and each office requires access to the entire database. Users report that HRApp takes all night to generate the required payroll reports, and they would like to reduce this time.
MetricsTracking
Trey Research has an application named MetricsTracking that is used to track analytics for the DistributionTracking web application. The data MetricsTracking collects is not customer-facing. Data is stored on an on-premises SQL Server database, but this data should be moved to the cloud. Employees at other locations access this data by using a remote desktop connection to connect to the application, but latency issues degrade the functionality.
Trey Research wants a solution that allows remote employees to access metrics data without using a remote desktop connection. MetricsTracking was written in-house, and the development team is available to make modifications to the application if necessary. However, the company wants to continue to use SQL Server for MetricsTracking.
Business Requirements
Business Continuity
You have the following requirements:
✑ Move all customer-facing data to the cloud.
✑ Web servers should be backed up to geographically separate locations,
✑ If one website becomes unavailable, customers should automatically be routed to websites that are still operational.
✑ Data must be available regardless of the operational status of any particular website.
✑ The HRApp system must remain on-premises and must be backed up.
✑ The MetricsTracking data must be replicated so that it is locally available to all Trey Research offices.
Auditing and Security
You have the following requirements:
✑ Both internal and external consumers should be able to access research results.
✑ Internal users should be able to access data by using their existing company credentials without requiring multiple logins.
✑ Consumers should be able to access the service by using their Microsoft credentials.
✑ Applications written to access the data must be authenticated.
✑ Access and activity must be monitored and audited.
✑ Ensure the security and integrity of the data collected from the worldwide distribution points for the distribution tracking application.
Storage and Processing
You have the following requirements:
✑ Provide real-time analysis of distribution tracking data by geographic location.
✑ Collect and store large datasets in real-time data for customer use.
✑ Locate the distribution tracking data as close to the central office as possible to improve bandwidth.
✑ Co-locate the distribution tracking data as close to the customer as possible based on the customer's location.
✑ Distribution tracking data must be stored in the JSON format and indexed by metadata that is stored in a SQL Server database.
✑ Data in the cloud must be stored in geographically separate locations, but kept with the same political boundaries.
Technical Requirements Migration
You have the following requirements:
✑ Deploy all websites to Azure.
✑ Replace on-premises and third-party physical server clusters with cloud-based solutions.
✑ Optimize the speed for retrieving exiting JSON objects that contain the distribution
tracking data.
✑ Recommend strategies for partitioning data for load balancing.
Auditing and Security
You have the following requirements:
✑ Use Active Directory for internal and external authentication.
✑ Use OAuth for application authentication.
Business Continuity
You have the following requirements:
✑ Data must be backed up to separate geographic locations.
✑ Web servers must run concurrent versions of all websites in distinct geographic locations.
✑ Use Azure to back up the on-premises MetricsTracking data.
✑ Use Azure virtual machines as a recovery platform for MetricsTracking and HRApp.
✑ Ensure that there is at least one additional on-premises recovery environment for the HRApp.
Q4. - (Topic 6)
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are designing the deployment of resources in Azure. You plan to use templates to customize deployment options.
You need to ensure that Azure services are deployed and updated identically. Solution: You customize the $schema element of the template.
Does the solution meet the goal?
A. Yes
B. No
Answer: A
Q5. - (Topic 5)
You need to design the authentication solution for the NorthRide app. Which solution should you use?
A. Azure Active Directory Basic with multi-factor authentication for the cloud and on- premises users.
B. Active Directory Domain Services with mutual authentication
C. Azure Active Directory Premium and add multi-factor authentication the for cloud users
D. Active Directory Domain Services with multi-factor authentication
Answer: C
Explanation: * Scenario: The NorthRide app must use an additional level of authentication other than the employee's password.
* Azure Multi-Factor Authentication is the multi-factor authentication service that requires users to also verify sign-ins using a mobile app, phone call or text message. It is available to use with Azure Active Directory, to secure on-premise resources with the Azure Multi- Factor Authentication Server, and with custom applications and directories using the SDK.
Reference: What is Azure Multi-Factor Authentication? https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication/
Reference: Azure Active Directory Pricing http://azure.microsoft.com/en-gb/pricing/details/active-directory/
Q6. - (Topic 6)
A company has a very large dataset that includes sensitive information. The dataset is over 30 TB in size.
You have a standard business-class ISP internet connection that is rated at 100 megabits/second.
You have 10 4-TB hard drives that are approved to work with the Azure Import/Export Service.
You need to migrate the dataset to Azure. The solution must meet the following requirements:
✑ The dataset must be transmitted securely to Azure.
✑ Network bandwidth must not increase.
✑ Hardware costs must be minimized.
What should you do?
A. Prepare the drives with the Azure Import/Export tool and then create the import job. Ship the drives to Microsoft via a supported carrier service.
B. Create an export job and then encrypt the data on the drives by using the Advanced Encryption Standard (AES). Create a destination Blob to store the export data.
C. Create an import job and then encrypt the data on the drives by using the Advanced Encryption Standard (AES). Create a destination Blob to store the import data.
D. Prepare the drives by using Sysprep.exe and then create the import job. Ship the drives to Microsoft via a supported carrier service.
Answer: A
Explanation: You can use the Microsoft Azure Import/Export service to transfer large amounts of file data to Azure Blob storage in situations where uploading over the network is prohibitively expensive or not feasible.
Reference: Use the Microsoft Azure Import/Export Service to Transfer Data to Blob Storage http://azure.microsoft.com/en-gb/documentation/articles/storage-import-export-service/
Q7. - (Topic 6)
You are planning an upgrade strategy for an existing Azure application. Multiple instances of the application run in Azure. The management team is concerned about application downtime, due to a business service level agreement (SLA).
You are evaluating which change in your environment will require downtime. You need to identify the changes to the environment that will force downtime. Which change always requires downtime?
A. Adding an HTTPS endpoint to a web role
B. Upgrading the hosted service by deploying a new package
C. Changing the value of a configuration setting
D. Changing the virtual machine size
Answer: A
Explanation: If you change the number of endpoints for your service, for example by adding a HTTPS endpoint for your existing Web Role, it will require downtime.
Reference: Re-Deploying your Windows Azure Service without Incurring Downtime http://blog.toddysm.com/2010/06/re-deploying-your-windows-azure-service-without-incurring-downtime.html
Q8. DRAG DROP - (Topic 6)
You are the Azure architect for an organization. You are working with C-level management to assign Azure role-based access control roles to a team within the organization. A single director oversees two teams, a development team and a test team. The director is wholly responsible for the organization's Azure account, including billing, infrastructure, and access control. The director is the only member of the team with the ability to alter access controls.
You have the following requirements:
✑ Members of the development team must be able to view or alter Azure infrastructure to support application development.
✑ Members of the test team must be able to view Azure infrastructure to support test
cases.
You need to assign built-in Azure role-based access control roles to team members within the organization.
Which role should you assign to each team member? To answer, drag the appropriate role to the correct team member. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q9. - (Topic 6)
Contoso, Ltd., uses Azure websites for public-facing customer websites. The company has a mobile app that requires customers sign in by using a Contoso customer account.
Customers must be able to sign on to the websites and mobile app by using a Microsoft, Facebook, or Google account. All transactions must be secured in-transit regardless of device.
You need to configure the websites and mobile app to work with external identity providers. Which three actions should you perform? Each correct answer presents part of the
solution.
A. Request a certificate from a domain registrar for the website URL, and enable TLS/SSL.
B. Configure IPsec for the websites and the mobile app.
C. Configure the KerberosTokenProfile 1.1 protocol.
D. Configure OAuth2 to connect to an external authentication provider.
E. Build an app by using MVC 5 that is hosted in Azure to provide a framework for the underlying authentication.
Answer: A,D,E
Explanation: DE: This tutorial shows you how to build an ASP.NET MVC 5 web application that enables users to log in using OAuth 2.0 with credentials from an external authentication provider, such as Facebook, Twitter, LinkedIn, Microsoft, or Google.
A:
* You will now be redirected back to the Register page of the MvcAuth application where you can register your Google account. You have the option of changing the local email registration name used for your Gmail account, but you generally want to keep the default email alias (that is, the one you used for authentication). Click Register.
* To connect to authentication providers like Google and Facebook, you will need to set up IIS-Express to use SSL.
Reference: Code! MVC 5 App with Facebook, Twitter, LinkedIn and Google OAuth2 Sign- on (C#)
http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and- google-oauth2-and-openid-sign-on
Q10. - (Topic 5)
You need to recommend a technology for processing customer pickup requests. Which technology should you recommend?
A. Notification hub
B. Queue messaging
C. Mobile Service with push notifications
D. Service Bus messaging
Answer: D
Explanation: Service Bus queues are part of a broader Azure messaging infrastructure that supports queuing as well as publish/subscribe, Web service remoting, and integration patterns.
Service Bus Queue support Push-style API (while Azure Queue messaging does not).
Incorrect:
Not A: Notification Hub is only used to push notification, not for processing requests. Not B As a solution architect/developer, you should consider using Azure Queues when:
* Your application must store over 80 GB of messages in a queue, where the messages have a lifetime shorter than 7 days.
* Your application wants to track progress for processing a message inside of the queue. This is useful if the worker processing a message crashes. A subsequent worker can then use that information to continue from where the prior worker left off.
You require server side logs of all of the transactions executed against your queues. Not C: To process the messages we do not need push notification.
Reference: Azure Queues and Service Bus Queues - Compared and Contrasted
https://msdn.microsoft.com/en-us/library/azure/hh767287.aspx
Q11. HOTSPOT - (Topic 3)
You need implement tools at the client's location for monitoring and deploying Azure resources.
Which tools should you use? To answer, select the appropriate on-premises tool for each task in the answer area.
Answer:
Explanation:
* System Center Virtual Machine Manager (SCVMM) enables rapid provisioning of new virtual machines by the administrator and end users using a self-service provisioning tool.
* System Center Operations Manager (SCOM) is a cross-platform data center management system for operating systems and hypervisors. It uses a single interface that shows state, health and performance information of computer systems. It also provides alerts generated according to some availability, performance, configuration or security situation being identified.
The basic idea is to place a piece of software, an agent, on the computer to be monitored. The agent watches several sources on that computer, including the Windows Event Log, for specific events or alerts generated by the applications executing on the monitored computer.
* Scenario:
Leverage familiarity with Microsoft server management tools. Manage hosted resources by using on-premises tools.
Mitigate the need to purchase additional tools for monitoring and debugging.
Use advanced monitoring features and reports of workloads in Azure by using existing Microsoft tools.
Q12. - (Topic 3)
You need to configure availability for the virtual machines that the company is migrating to Azure.
What should you implement?
A. Traffic Manager
B. Express Route
C. Update Domains
D. Cloud Services
Answer: B
Explanation: ExpressRoute gives you a fast and reliable connection to Azure making it suitable for scenarios like periodic data migration, replication for business continuity, disaster recovery and other high availability strategies. It can also be a cost-effective option for transferring large amounts of data such as datasets for high performance computing applications or moving large VMs between your dev/test environment in Azure and on- premises production environment.
Reference: ExpressRoute, Experience a faster, private connection to Azure http://azure.microsoft.com/en-us/services/expressroute/
Q13. - (Topic 1)
You need to recommend a solution that allows partners to authenticate. Which solution should you recommend?
A. Configure the federation provider to trust social identity providers.
B. Configure the federation provider to use the Azure Access Control service.
C. Create a new directory in Azure Active Directory and create a user account for the partner.
D. Create an account on the VanArsdel domain for the partner and send an email message that contains the password to the partner.
Answer: B
Explanation: * Scenario: The partners all use Hotmail.com email addresses.
* In Microsoft Azure Active Directory Access Control (also known as Access Control Service or ACS), an identity provider is a service that authenticates user or client identities and issues security tokens that ACS consumes.
The ACS Management Portal provides built-in support for configuring Windows Live ID as an ACS Identity Provider.
Incorrect:
Not C, not D: Scenario: VanArsdel management does NOT want to create and manage user accounts for partners.
Reference: Identity Providers
https://msdn.microsoft.com/en-us/library/azure/gg185971.aspx
Q14. - (Topic 4)
You need to select the appropriate solution for monitoring the .NET application. What should you recommend?
A. Visual Studio IntelliTrace
B. Application Insights
C. Data Factory
D. Microsoft Analytics Platform
Answer: D
Topic 5, Northwind traders
Background Overview
Northwind Electric Cars is the premier provider of private, low-cost transportation in Denver. Northwind drivers are company employees who work together as a team. The founding partners believe that by hiring their drivers as employees, their drivers focus on providing a great customer experience. Northwind Electric Cars has a reputation for offering fast, reliable, and friendly service, due largely to their extensive network of drivers and their proprietary dispatching software named NorthRide.
Northwind Electric Cars drivers depend on frequent, automatic updates for the NorthRide mobile app. The Northwind management team is concerned about unplanned system downtime and slow connection speeds caused by high usage. Additionally, Northwind's in- house data storage solution is unsustainable because of the new influx of customer data
that is retained. Data backups are made periodically on DVDs and stored on-premises at corporate headquarters.
Apps NorthRide App
Northwind drivers use the NorthRide app to meet customer pickup requests. The app uses
a GPS transponder in each Northwind vehicle and Bing Maps APIs to monitor the location of each vehicle in the fleet in real time. NorthRide allows Northwind dispatchers to optimize their driver coverage throughout the city.
When new customers call, the dispatcher enters their pickup locations into NorthRide. NorthRide identifies the closest available driver. The dispatcher then contacts the driver with the pick-up details. This process usually results in a pick-up time that is far faster than the industry average.
Drivers use NorthRide to track the number of miles they drive and the number of customers they transport. Drivers also track their progress towards their established goals, which are measured by using key performance indicators (KPIs).
NorthRide App 2.0
Northwind Electric Cars is growing quickly. New callers often wait for their calls to be answered because the dispatchers are contacting their drivers to arrange pickups for other customers.
To support the growth of the business, Northwind's development team completes an overhaul of the NorthRide system that it has named NorthRide 2.0. When a dispatcher enters a customer's pickup location, the address and driving directions are automatically sent to the driver who is closest to the customer's pickup location.
Drivers indicate their availability on the NorthRide mobile app and can view progress towards their KPI's in real time. Drivers can also record customer ratings and feedback for each pickup.
Business Requirements Apps
NorthRideFinder App
Northwind Electric Cars needs a customer-facing website and mobile app that allows customers to schedule pickups. Customers should also be able to create profiles that will help ensure the customer gets a ride faster by storing customer information.
Predictor App
Northwind Electric Cars needs a new solution named Predictor. Predictor is an employee- facing mobile app. The app predicts periods of high usage and popular pickup locations and provides various ways to view this predictive data. Northwind uses this information to
better distribute its drivers. Northwind wants to use the latest Azure technology to create this solution.
Other Requirements
✑ On-premises data must be constantly backed up.
✑ Mobile data must be protected from loss, even if connectivity with the backend is lost.
✑ Dispatch offices need to have seamless access to both their primary data center and the applications and services that are hosted in the Azure cloud.
✑ Connectivity needs to be redundant to on-premises and cloud services, while providing a way for each dispatch office to continue to operate even if one or all of the connection options fail.
✑ The management team requires that operational data is accessible 24/7 from any office location.
Technical Requirements Apps and Website
NorthRide / NorthRideFinder Apps:
✑ The solution must support on-premises and Azure data storage.
✑ The solution must scale as necessary based on the current number of concurrent users.
✑ Customer pickup requests from NorthRideFinder must be asynchronous.
✑ The customer pickup request system will be high in volume, and each request will have a short life span.
✑ Data for NorthRideFinder must be protected during a loss of connectivity.
✑ NorthRide users must authenticate to the company's Azure Active Directory.
Northwind Public Website
✑ The customer website must use a WebJob to process profile images into thumbnails
✑ The customer website must be developed with lowest cost and difficulty in mind.
✑ The customer website must automatically scale to minimize response times for customers.
Other Requirements Data Storage:
✑ The data storage must interface with an on-premises Microsoft SQL backend database.
✑ A disaster recovery system needs to be in place for large amounts of data that will backup to Azure.
✑ Backups must be fully automated and managed the Azure Management Portal.
✑ The recovery system for company data must use a hybrid solution to back up both the on-premises Microsoft SQL backend and any Azure storage.
Predictive Routing:
✑ An Azure solution must be used for prediction systems.
✑ Predictive analytics must be published as a web service and accessible by using the REST API.
Security:
✑ The NorthRide app must use an additional level of authentication other than the employee's password.
✑ Access must be secured in NorthRide without opening a firewall port.
✑ Company policy prohibits inbound connections from internet callers to the on- premises network.
✑ Customer usernames in NorthRideFinder cannot exceed 10 characters.
✑ Customer data in NorthRideFinder can be received only by the user ID that is associated with the data.
Q15. - (Topic 6)
You are designing an Azure development environment. Team members learn Azure development techniques by training in the development environment.
The development environment must auto scale and load balance additional virtual machine (VM) instances.
You need to recommend the most cost-effective compute-instance size that allows team members to work with Azure in the development environment.
What should you recommend?
A. Azure A1 standard VM Instance
B. Azure A2 basic VM Instance
C. Azure A3 basic VM Instance
D. Azure A9 standard VM Instance
Answer: A
Explanation: Azure A1 standard VM Instance would be cheapest with 1 CPU core, 0.75 GB RAM, and 40 GB HD. It would be good enough for training purposes.
Reference: Virtual Machines Pricing, Launch Windows Server and Linux in minutes http://azure.microsoft.com/en-us/pricing/details/virtual-machines/