Microsoft 70-535 Free Practice Questions

Q1. Contoso, Ltd., uses Azure websites for public-facing customer websites. The company has a mobile app that requires customers sign in by using a Contoso customer account.

Customers must be able to sign on to the websites and mobile app by using a Microsoft, Facebook, or Google account. All transactions must be secured in-transit regardless of device.

You need to configure the websites and mobile app to work with external identity providers. Which three actions should you perform? Each correct answer presents part of the

solution.

A. Request a certificate from a domain registrar for the website URL, and enable TLS/SSL.

B. Configure IPsec for the websites and the mobile app.

C. Configure the KerberosTokenProfile 1.1 protocol.

D. Configure OAuth2 to connect to an external authentication provider.

E. Build an app by using MVC 5 that is hosted in Azure to provide a framework for the underlying authentication.

View Answer

Q2. Case Study

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other question on this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next sections of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question on this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Background Overview

Woodgrove Bank has 20 regional offices and operates 1,500 branch office locations. Each regional office hosts the servers, infrastructure, and applications that support that region.

Woodgrove Bank plans to move all of their on-premises resources to Azure, including virtual machine (VM)-based, line-of-business workloads, and SQL databases. You are the owner of the Azure subscription that Woodgrove Bank is using. Your team is using Git repositories hosted on GitHub for source control.

Security

Currently, Woodgrove Banku2021s Computer Security Incident Response Team (CSIRT) has a problem investigating security issues due to the lack of security intelligence integrated with their current incident response tools. This lack of integration introduces a problem during the detection (too many false positives), assessment, and diagnose stages. You decide to use Azure Security Center to help address this problem.

Woodgrove Bank has several apps with regulates data such as Personally Identifiable Information (PII) that require a higher level of security. All apps are currently secured by using an on-premises Active Directory Domain Services (ADDS). The company depends on following mission-critical apps: WGBLoanMaster, WGBLeaseLeader, and WGBCreditCruncher apps. You plan to move each of these apps to Azure as part of an app migration project.

Apps

The WGBLoanMaster app has been audited for transaction loss. Many transactions have been lost is processing and monetary write-offs have cost the bank. The app runs on two VMs that include several public endpoints.

The WGBLeaseLeader app has been audited for several data breaches. The app includes a SQL Server database and a web-based portal. The portal uses an ASP.NET Web API

function to generate a monthly aggregate report from the database.

The WGBCreditCruncher app runs on a VM and is load balanced at the network level. The app includes several stateless components and must accommodate scaling of increased credit processing. The app runs on a nightly basis to process credit transactions that are batched during the day. The app includes a web-based portal where customers can check their credit information. A mobile version of the app allows users to upload check images.

Business Requirements WGBLoanMaster app

The app audit revealed a need for zero transaction loss. The business is losing money due to the app losing and not processing loan information. In addition, transactions fail to process after running for a long time. The business has requested the aggregation processing to be scheduled for 01:00 to prevent system slowdown.

WGBLeaseLeader app

The app should be secured to stop data breaches. If the data is breached, it must not be readable. The app is continuing to see increased volume and the business does not want the issues presented in the WGBLoanMaster app. Transaction loss is unacceptable, and although the lease monetary amounts are smaller than loans, they are still an important profit center for Woodgrove Bank. The business would also like the monthly report to be automatically generated on the first of the month. Currently, a user must log in to the portal and click a button to generate the report.

WGBCreditCruncher app

The web-based portal area of the app must allow users to sign in with their Facebook credentials. The bank would like to allow this feature to enable more users to check their credit within the app.

Woodgrove Bank needs to develop a new financial risk modeling feature that they can include in the WGBCreditCruncher app. The financial risk modeling feature has not been developed due to costs associated with processing, transforming, and analyzing the large volumes of data that are collected. You need to find a way to implement parallel processing to ensure that the features run efficiently, reliably, and quickly. The feature must scale based on computing demand to process the large volumes of data and output several financial risk models.

Technical Requirements

WGBLoanMaster app

The app uses several compute-intensive tasks that create long-running requests to the system. The app is critical to the business and must be scalable to increased loan processing demands. The VMs that run the app include a Windows Task Scheduler task that aggregates loan information from the app to send to a third party. This task runs a console app on the VM.

The app requires a messaging system to handle transaction processing. The messaging system must meet the following requirements:

Allow messages to reside in the queue for up to a month. Be able to publish and consume batches of messages.

Allow full integration with the Windows Communication Foundation (WCF) communication stack.

Provide a role-based access model to the queues, including different permissions for senders and receivers.

You develop an Azure Resource Manager (ARM) template to deploy the VMs used to support the app. The template must be deployed to a new resource group and you must validate your deployment settings before creating actual resources.

WGBLeaseLeader app

The app must use Azure SQL Databases as a replacement to the current Microsoft SQL Server environment. The monthly report must be automatically generated.

The app requires a messaging system to handle transaction processing. The messaging system must meet the following requirements:

Require server-side logs of all of the transactions run against your queues. Track progress of a message within the queue.

Process the messages within 7 days.

Provide a differing timeout value per message.

WGBCreditCruncher app

The app must:

Secure inbound and outbound traffic.

Analyze inbound network traffic for vulnerabilities.

Use an instance-level public IP and allow web traffic on port 443 only.

Upgrade the portal to a Single Page Application (SPA) that uses JavaScript, Azure Active Directory (Azure AD), and the OAuth 2.0 implicit authorization grant to secure the Web API back end.

Cache authentication and host the Web API back end using the Open Web Interface for

.NET (OWIN) middleware.

Immediately compress check images received from the mobile web app. Schedule processing of the batched credit transactions on a nightly basis.

Provide parallel processing and scalable computing resources to output financial risk models.

Use simultaneous computer nodes to enable high performance computing and updating of the financial risk models.

Key security area

You need to recommend a business continuity and disaster recovery solution for all of the existing line of business applications.

What are two ways to achieve the goal? Each correct answer presents a complete solution.

A. Create new virtual machines (VMs) in Azure and migrate the line of business applications to the VMs. Migrate any backend databases to SQL Database.

B. Migrate the virtual machines to the Hyper-V cluster and enable Hyper-V replica.

C. Configure ExpressRoute to enable migration to Azure.

D. Install the Azure Backup agent on the virtual machines.

View Answer

Q3. A company has multiple Azure subscriptions. It plans to deploy a large number of virtual machines (VMs) into Azure.

You install the Azure PowerShell module, but you are unable connect to all of the company's Azure subscriptions.

You need to automate the management of the Azure subscriptions. Which two Azure PowerShell cmdlets should you run?

A. Get-AzurePublishSettingsFile

B. Import-AzurePublishSettingsFile

C. Add-AzureSubscription

D. Import-AzureCertificate

E. Get-AzureCertificate

View Answer

Q4. You manage a web application published to Azure Cloud Services. Your service level agreement (SLA) requires that you are notified in the event of poor performance from customer locations in the US, Asia, and Europe.

You need to configure the Azure Management Portal to notify you when the SLA performance targets are not met. What should you do?

A. Create an alert rule to monitor web endpoints

B. Create a Notification Hub alert with response time metrics.

C. Add an endpoint monitor and alert rule to the Notification Hub.

D. Configure the performance counter on the cloud service.

View Answer

Q5. You need to implement the security requirements. What should you implement?

A. the GraphAPI to query the directory

B. LDAP to query the directory

C. single sign-on

D. user certificates

View Answer

Q6. You administer a virtual machine (VM) that is deployed to Azure. You configure a rule to generate an alert when the average availability of a web service on your VM drops below 95 percent for 15 minutes. The development team schedules a one-hour maintenance

period. You have the following requirements:

* No alerts are created during the maintenance period.

* Alerts can be restored when the maintenance is complete.

You want to achieve this goal by using the least amount of administrative effort. What should you do from the Management Portal?

A. Select and disable the rule from the Dashboard page of the virtual machine.

B. Select and delete the rule from the Configure page of the virtual machine.

C. Select and disable the rule from the Monitor page of the virtual machine.

D. Select and disable the rule on the Configure page of the virtual machine.

View Answer

Q7. A company has 10 on-premises SQL databases. The company plans to move the databases to SQL Server 2012 that runs in Azure Infrastructure-as-a-Service (IaaS). After migration, the databases will support a limited number of Azure websites in the same Azure Virtual Network.

You have the following requirements:

* You must restore copies of existing on-premises SQL databases to the SQL servers that

run in Azure IaaS.

* You must be able to manage the SQL databases remotely.

* You must not open a direct connection from all of the machines on the on-premises network to Azure.

* Connections to the databases must originate from only five Windows computers.

You need to configure remote connectivity to the databases. Which technology solution should you implement?

A. Azure Virtual Network site-to-site VPN

B. Azure Virtual Network multi-point VPN

C. Azure Virtual Network point-to-site VPN

D. Azure ExpressRoute

View Answer

Q8. You are designing an Azure application that will use a worker role. The worker role will create temporary files.

You need to minimize storage transaction charges. Where should you create the files?

A. In Azure local storage

B. In Azure Storage page blobs

C. On an Azure Drive

D. In Azure Storage block blobs

View Answer

Q9. Your company network includes two branch offices. Users at the company access internal virtual machines (VMs). You want to ensure secure communications between the branch offices and the internal VMs and network.

You need to create a site-to-site VPN connection. What are two possible ways to achieve this goal? Each correct answer presents a complete solution

A. a private IPv4 IP address and a compatible VPN device

B. a private IPv4 IP address and a RRAS running on Windows Server 2012

C. a public-facing IPv4 IP address and a compatible VPN device

D. a public-facing IPv4 IP address and a RRAS running on Windows Server 2012

View Answer