Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

az-204 > (AZ-204) Case Studies > Flashcards

(AZ-204) Case Studies Flashcards

1
Q

<p>Case study -</p>

<p>Background -</p>

<p>You are a developer for Litware Inc., a SaaS company that provides a solution for managing employee expenses. The solution consists of an ASP.NET Core Web</p>

<p>API project that is deployed as an Azure Web App.</p>

<p></p>

<p>Overall architecture -</p>

<p>Employees upload receipts for the system to process. When processing is complete, the employee receives a summary report email that details the processing results. Employees then use a web application to manage their receipts and perform any additional tasks needed for reimbursement.</p>

<p>Receipt processing -</p>

<p>Employees may upload receipts in two ways:</p>

<p>Uploading using an Azure Files mounted folder</p>

<p>Uploading using the web application</p>

<p>Data Storage -</p>

<p>Receipt and employee information is stored in an Azure SQL database.</p>

<p>Documentation -</p>

<p>Employees are provided with a getting started document when they first use the solution. The documentation includes details on supported operating systems for</p>

<p>Azure File upload, and instructions on how to configure the mounted folder.</p>

<p>Solution details -</p>

<p>Users table – (SEE IMAGE)</p>

<p>Web Application - You enable MSI for the Web App and configure the Web App to use the security principal name WebAppIdentity.</p>

<p>Processing - Processing is performed by an Azure Function that uses version 2 of the Azure Function runtime. Once processing is completed, results are stored in Azure Blob</p>

<p>Storage and an Azure SQL database. Then, an email summary is sent to the user with a link to the processing report. The link to the report must remain valid if the email is forwarded to another user.</p>

<p>Logging - Azure Application Insights is used for telemetry and logging in both the processor and the web application. The processor also has TraceWriter logging enabled.</p>

<p>Application Insights must always contain all log messages.</p>

<p>Requirements -</p>

<p>Receipt processing - Concurrent processing of a receipt must be prevented.</p>

<p>Disaster recovery - Regional outage must not impact application availability. All DR operations must not be dependent on application running and must ensure that data in the DR region is up to date.</p>

<p>Security - User's SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins.</p>

<p>All certificates and secrets used to secure data must be stored in Azure Key Vault.</p>

<p>You must adhere to the principle of least privilege and provide privileges which are essential to perform the intended function.</p>

<p>All access to Azure Storage and Azure SQL database must use the application's Managed Service Identity (MSI).</p>

<p>Receipt data must always be encrypted at rest.</p>

<p>All data must be protected in transit.</p>

<p>User's expense account number must be visible only to logged in users. All other views of the expense account number should include only the last segment, with the remaining parts obscured.</p>

<p>In the case of a security breach, access to all summary reports must be revoked without impacting other parts of the system.</p>

<p>Issues -</p>

<p>Upload format issue - Employees occasionally report an issue with uploading a receipt using the web application. They report that when they upload a receipt using the Azure File</p>

<p>Share, the receipt does not appear in their profile. When this occurs, they delete the file in the file share and use the web application, which returns a 500 Internal</p>

<p>Server error page.</p>

<p>Capacity issue - During busy periods, employees report long delays between the time they upload the receipt and when it appears in the web application.</p>

<p>Log capacity issue - Developers report that the number of log messages in the trace output for the processor is too high, resulting in lost log messages.</p>

<p>Application code -</p>

<p>Processing.cs – (SEE IMAGE)</p>

<p>Database.cs – (SEE IMAGE)</p>

<p>ReceiptUploader.cs – (SEE IMAGE)</p>

<p>ConfigureSSE.ps1 –(SEE IMAGE)</p>

<p>Question You need to ensure the security policies are met.</p>

<p>What code do you add at line CS07 of ConfigureSSE.ps1?</p>

<p></p>

<p> A. PermissionsToKeys create, encrypt, decrypt</p>

<p> B. PermissionsToCertificates create, encrypt, decrypt</p>

<p> C. PermissionsToCertificates wrapkey, unwrapkey, get</p>

<p> D. PermissionsToKeys wrapkey, unwrapkey, get</p>

A

<p> B. PermissionsToCertificates create, encrypt, decrypt</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

<p>Case study -</p>

<p>Background -</p>

<p>Overview -</p>

<p>You are a developer for Contoso, Ltd. The company has a social networking website that is developed as a Single Page Application (SPA). The main web application for the social networking website loads user uploaded content from blob storage.</p>

<p>You are developing a solution to monitor uploaded data for inappropriate content. The following process occurs when users upload content by using the SPA:</p>

<p>ג€¢ Messages are sent to ContentUploadService.</p>

<p>ג€¢ Content is processed by ContentAnalysisService.</p>

<p>ג€¢ After processing is complete, the content is posted to the social network or a rejection message is posted in its place.</p>

<p>The ContentAnalysisService is deployed with Azure Container Instances from a private Azure Container Registry named contosoimages.</p>

<p>The solution will use eight CPU cores.</p>

<p>Azure Active Directory -</p>

<p>Contoso, Ltd. uses Azure Active Directory (Azure AD) for both internal and guest accounts.</p>

<p>Requirements -</p>

<p>ContentAnalysisService -</p>

<p>The companyג€™s data science group built ContentAnalysisService which accepts user generated content as a string and returns a probable value for inappropriate content. Any values over a specific threshold must be reviewed by an employee of Contoso, Ltd.</p>

<p>You must create an Azure Function named CheckUserContent to perform the content checks.</p>

<p>Costs -</p>

<p>You must minimize costs for all Azure services.</p>

<p>Manual review -</p>

<p>To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using</p>

<p>React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role. All completed reviews must include the reviewerג€™s email address for auditing purposes.</p>

<p>High availability -</p>

<p>All services must run in multiple regions. The failure of any service in a region must not impact overall application availability.</p>

<p>Monitoring -</p>

<p>An alert must be raised if the ContentUploadService uses more than 80 percent of available CPU cores.</p>

<p>Security -</p>

<p>You have the following security requirements:</p>

<p>Any web service accessible over the Internet must be protected from cross site scripting attacks.</p>

<p>All websites and services must use SSL from a valid root certificate authority.</p>

<p>Azure Storage access keys must only be stored in memory and must be available only to the service.</p>

<p>All Internal services must only be accessible from internal Virtual Networks (VNets).</p>

<p>All parts of the system must support inbound and outbound traffic restrictions.</p>

<p>All service calls must be authenticated by using Azure AD.</p>

<p>User agreements -</p>

<p>When a user submits content, they must agree to a user agreement. The agreement allows employees of Contoso, Ltd. to review content, store cookies on user devices, and track userג€™s IP addresses.</p>

<p>Information regarding agreements is used by multiple divisions within Contoso, Ltd.</p>

<p>User responses must not be lost and must be available to all parties regardless of individual service uptime. The volume of agreements is expected to be in the millions per hour.</p>

<p>Validation testing -</p>

<p>When a new version of the ContentAnalysisService is available the previous seven days of content must be processed with the new version to verify that the new version does not significantly deviate from the old version.</p>

<p>Issues -</p>

<p>Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.</p>

<p>Code -</p>

<p>ContentUploadService – (SEE IMAGE)</p>

<p>ApplicationManifest – (SEE IMAGE)</p>

<p>Question You need to monitor ContentUploadService according to the requirements.</p>

<p>Which command should you use?</p>

<p> A. az monitor metrics alert create -n alert -g ג€¦ - -scopes ג€¦ - -condition "avg Percentage CPU > 8"</p>

<p> B. az monitor metrics alert create-n alert -g ג€¦ - -scopes ג€¦ - -condition "avg Percentage CPU > 80"</p>

<p> C. az monitor metrics alert create -n alert -g ג€¦ - -scopes ג€¦ - -condition "CPU Usage > 800"</p>

<p> D. az monitor metrics alert create -n alert -g ג€¦ - -scopes ג€¦ - -condition "CPU Usage > 8"</p>

A

<p> B. az monitor metrics alert create-n alert -g ג€¦ - -scopes ג€¦ - -condition "avg Percentage CPU > 80"</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

<p>Case study -</p>

<p>Background -</p>

<p>Overview -</p>

<p>You are a developer for Contoso, Ltd. The company has a social networking website that is developed as a Single Page Application (SPA). The main web application for the social networking website loads user uploaded content from blob storage.</p>

<p>You are developing a solution to monitor uploaded data for inappropriate content. The following process occurs when users upload content by using the SPA:</p>

<p>ג€¢ Messages are sent to ContentUploadService.</p>

<p>ג€¢ Content is processed by ContentAnalysisService.</p>

<p>ג€¢ After processing is complete, the content is posted to the social network or a rejection message is posted in its place.</p>

<p>The ContentAnalysisService is deployed with Azure Container Instances from a private Azure Container Registry named contosoimages.</p>

<p>The solution will use eight CPU cores.</p>

<p>Azure Active Directory -</p>

<p>Contoso, Ltd. uses Azure Active Directory (Azure AD) for both internal and guest accounts.</p>

<p>Requirements -</p>

<p>ContentAnalysisService -</p>

<p>The companyג€™s data science group built ContentAnalysisService which accepts user generated content as a string and returns a probable value for inappropriate content. Any values over a specific threshold must be reviewed by an employee of Contoso, Ltd.</p>

<p>You must create an Azure Function named CheckUserContent to perform the content checks.</p>

<p>Costs -</p>

<p>You must minimize costs for all Azure services.</p>

<p>Manual review -</p>

<p>To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using</p>

<p>React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role. All completed reviews must include the reviewerג€™s email address for auditing purposes.</p>

<p>High availability -</p>

<p>All services must run in multiple regions. The failure of any service in a region must not impact overall application availability.</p>

<p>Monitoring -</p>

<p>An alert must be raised if the ContentUploadService uses more than 80 percent of available CPU cores.</p>

<p>Security -</p>

<p>You have the following security requirements:</p>

<p>Any web service accessible over the Internet must be protected from cross site scripting attacks.</p>

<p>All websites and services must use SSL from a valid root certificate authority.</p>

<p>Azure Storage access keys must only be stored in memory and must be available only to the service.</p>

<p>All Internal services must only be accessible from internal Virtual Networks (VNets).</p>

<p>All parts of the system must support inbound and outbound traffic restrictions.</p>

<p>All service calls must be authenticated by using Azure AD.</p>

<p>User agreements -</p>

<p>When a user submits content, they must agree to a user agreement. The agreement allows employees of Contoso, Ltd. to review content, store cookies on user devices, and track userג€™s IP addresses.</p>

<p>Information regarding agreements is used by multiple divisions within Contoso, Ltd.</p>

<p>User responses must not be lost and must be available to all parties regardless of individual service uptime. The volume of agreements is expected to be in the millions per hour.</p>

<p>Validation testing -</p>

<p>When a new version of the ContentAnalysisService is available the previous seven days of content must be processed with the new version to verify that the new version does not significantly deviate from the old version.</p>

<p>Issues -</p>

<p>Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.</p>

<p>Code -</p>

<p>ContentUploadService – (SEE IMAGE)</p>

<p>ApplicationManifest – (SEE IMAGE)</p>

<p>Question You need to investigate the http server log output to resolve the issue with the ContentUploadService.</p>

<p>Which command should you use first?</p>

<p> A. az webapp log</p>

<p> B. az ams live-output</p>

<p> C. az monitor activity-log</p>

<p> D. az container attach</p>

<p></p>

A

<p>C. az monitor activity-log</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

<p>Case study -</p>

<p>Background -</p>

<p>You are a developer for Proseware, Inc. You are developing an application that applies a set of governance policies for Prosewareג€™s internal services, external services, and applications. The application will also provide a shared library for common functionality.</p>

<p>Requirements -</p>

<p>Policy service -</p>

<p>You develop and deploy a stateful ASP.NET Core 2.1 web application named Policy service to an Azure App Service Web App. The application reacts to events from Azure Event Grid and performs policy actions based on those events.</p>

<p>The application must include the Event Grid Event ID field in all Application Insights telemetry.</p>

<p>Policy service must use Application Insights to automatically scale with the number of policy actions that it is performing.</p>

<p>Policies -</p>

<p>Log policy -</p>

<p>All Azure App Service Web Apps must write logs to Azure Blob storage. All log files should be saved to a container named logdrop. Logs must remain in the container for 15 days.</p>

<p>Authentication events -</p>

<p>Authentication events are used to monitor users signing in and signing out. All authentication events must be processed by Policy service. Sign outs must be processed as quickly as possible.</p>

<p>PolicyLib -</p>

<p>You have a shared library named PolicyLib that contains functionality common to all ASP.NET Core web services and applications. The PolicyLib library must:</p>

<p>Exclude non-user actions from Application Insights telemetry.</p>

<p>Provide methods that allow a web service to scale itself.</p>

<p>Ensure that scaling actions do not disrupt application usage.</p>

<p>Other -</p>

<p>Anomaly detection service -</p>

<p>You have an anomaly detection service that analyzes log information for anomalies. It is implemented as an Azure Machine Learning model. The model is deployed as a web service. If an anomaly is detected, an Azure Function that emails administrators is called by using an HTTP WebHook.</p>

<p>Health monitoring -</p>

<p>All web applications and services have health monitoring at the /health service endpoint.</p>

<p>Issues -</p>

<p>Policy loss -</p>

<p>When you deploy Policy service, policies may not be applied if they were in the process of being applied during the deployment.</p>

<p>Performance issue -</p>

<p>When under heavy load, the anomaly detection service undergoes slowdowns and rejects connections.</p>

<p>Notification latency -</p>

<p>Users report that anomaly detection emails can sometimes arrive several minutes after an anomaly is detected.</p>

<p>App code -</p>

<p>EventGridController.cs -</p>

<p>Relevant portions of the app files are shown below. Line numbers are included for reference only and include a two-character prefix that denotes the specific file to which they belong. (SEE IMAGE)</p>

<p>LoginEvent.cs -</p>

<p>Relevant portions of the app files are shown below. Line numbers are included for reference only and include a two-character prefix that denotes the specific file to which they belong. (SEE IMAGE)</p>

<p>Question You need to ensure that the solution can meet the scaling requirements for Policy Service.</p>

<p>Which Azure Application Insights data model should you use?</p>

<p> A. an Application Insights dependency</p>

<p> B. an Application Insights event</p>

<p> C. an Application Insights trace</p>

<p> D. an Application Insights metric</p>

A

<p>D. an Application Insights metric</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

<p>Case study -</p>

<p>Background -</p>

<p>You are a developer for Litware Inc., a SaaS company that provides a solution for managing employee expenses. The solution consists of an ASP.NET Core Web</p>

<p>API project that is deployed as an Azure Web App.</p>

<p>Overall architecture -</p>

<p>Employees upload receipts for the system to process. When processing is complete, the employee receives a summary report email that details the processing results. Employees then use a web application to manage their receipts and perform any additional tasks needed for reimbursement.</p>

<p>Receipt processing -</p>

<p>Employees may upload receipts in two ways:</p>

<p>Uploading using an Azure Files mounted folder</p>

<p>Uploading using the web application</p>

<p>Data Storage -</p>

<p>Receipt and employee information is stored in an Azure SQL database.</p>

<p>Documentation -</p>

<p>Employees are provided with a getting started document when they first use the solution. The documentation includes details on supported operating systems for</p>

<p>Azure File upload, and instructions on how to configure the mounted folder.</p>

<p>Solution details -</p>

<p></p>

<p>Users table – (SEE IMAGE)</p>

<p>Web Application -</p>

<p>You enable MSI for the Web App and configure the Web App to use the security principal name WebAppIdentity.</p>

<p>Processing -</p>

<p>Processing is performed by an Azure Function that uses version 2 of the Azure Function runtime. Once processing is completed, results are stored in Azure Blob</p>

<p>Storage and an Azure SQL database. Then, an email summary is sent to the user with a link to the processing report. The link to the report must remain valid if the email is forwarded to another user.</p>

<p>Logging -</p>

<p>Azure Application Insights is used for telemetry and logging in both the processor and the web application. The processor also has TraceWriter logging enabled.</p>

<p>Application Insights must always contain all log messages.</p>

<p>Requirements -</p>

<p>Receipt processing -</p>

<p>Concurrent processing of a receipt must be prevented.</p>

<p>Disaster recovery -</p>

<p>Regional outage must not impact application availability. All DR operations must not be dependent on application running and must ensure that data in the DR region is up to date.</p>

<p>Security -</p>

<p>Userג€™s SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins.</p>

<p>All certificates and secrets used to secure data must be stored in Azure Key Vault.</p>

<p>You must adhere to the principle of least privilege and provide privileges which are essential to perform the intended function.</p>

<p>All access to Azure Storage and Azure SQL database must use the applicationג€™s Managed Service Identity (MSI).</p>

<p>Receipt data must always be encrypted at rest.</p>

<p>All data must be protected in transit.</p>

<p>Userג€™s expense account number must be visible only to logged in users. All other views of the expense account number should include only the last segment, with the remaining parts obscured.</p>

<p>In the case of a security breach, access to all summary reports must be revoked without impacting other parts of the system.</p>

<p>Issues -</p>

<p>Upload format issue -</p>

<p>Employees occasionally report an issue with uploading a receipt using the web application. They report that when they upload a receipt using the Azure File</p>

<p>Share, the receipt does not appear in their profile. When this occurs, they delete the file in the file share and use the web application, which returns a 500 Internal</p>

<p>Server error page.</p>

<p>Capacity issue -</p>

<p>During busy periods, employees report long delays between the time they upload the receipt and when it appears in the web application.</p>

<p>Log capacity issue -</p>

<p>Developers report that the number of log messages in the trace output for the processor is too high, resulting in lost log messages.</p>

<p>Application code -</p>

<p>Processing.cs – (SEE IMAGE)<br></br>Database.cs – (SEE IMAGE)</p>

<p>ReceiptUploader.cs –(SEE IMAGE)</p>

<p>ConfigureSSE.ps1 –(SEE IMAGE)</p>

<p>Question You need to ensure receipt processing occurs correctly.</p>

<p>What should you do?</p>

<p> A. Use blob properties to prevent concurrency problems</p>

<p> B. Use blob SnapshotTime to prevent concurrency problems</p>

<p> C. Use blob metadata to prevent concurrency problems</p>

<p> D. Use blob leases to prevent concurrency problems</p>

A

<p>D. Use blob leases to prevent concurrency problems</p>

<p><a>https://www.examtopics.com/discussions/microsoft/view/47073-exam-az-204-topic-15-question-1-discussion/</a></p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

<p>Case study -</p>

<p>Background -</p>

<p>You are a developer for Litware Inc., a SaaS company that provides a solution for managing employee expenses. The solution consists of an ASP.NET Core Web</p>

<p>API project that is deployed as an Azure Web App.</p>

<p>Overall architecture -</p>

<p>Employees upload receipts for the system to process. When processing is complete, the employee receives a summary report email that details the processing results. Employees then use a web application to manage their receipts and perform any additional tasks needed for reimbursement.</p>

<p>Receipt processing -</p>

<p>Employees may upload receipts in two ways:</p>

<p>Uploading using an Azure Files mounted folder</p>

<p>Uploading using the web application</p>

<p>Data Storage -</p>

<p>Receipt and employee information is stored in an Azure SQL database.</p>

<p>Documentation -</p>

<p>Employees are provided with a getting started document when they first use the solution. The documentation includes details on supported operating systems for</p>

<p>Azure File upload, and instructions on how to configure the mounted folder.</p>

<p>Solution details -</p>

<p>Users table – (SEE IMAGE)</p>

<p>Web Application -</p>

<p>You enable MSI for the Web App and configure the Web App to use the security principal name WebAppIdentity.</p>

<p>Processing -</p>

<p>Processing is performed by an Azure Function that uses version 2 of the Azure Function runtime. Once processing is completed, results are stored in Azure Blob</p>

<p>Storage and an Azure SQL database. Then, an email summary is sent to the user with a link to the processing report. The link to the report must remain valid if the email is forwarded to another user.</p>

<p>Logging -</p>

<p>Azure Application Insights is used for telemetry and logging in both the processor and the web application. The processor also has TraceWriter logging enabled.</p>

<p>Application Insights must always contain all log messages.</p>

<p>Requirements -</p>

<p>Receipt processing -</p>

<p>Concurrent processing of a receipt must be prevented.</p>

<p>Disaster recovery -</p>

<p>Regional outage must not impact application availability. All DR operations must not be dependent on application running and must ensure that data in the DR region is up to date.</p>

<p>Security -</p>

<p>Userג€™s SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins.</p>

<p>All certificates and secrets used to secure data must be stored in Azure Key Vault.</p>

<p>You must adhere to the principle of least privilege and provide privileges which are essential to perform the intended function.</p>

<p>All access to Azure Storage and Azure SQL database must use the applicationג€™s Managed Service Identity (MSI).</p>

<p>Receipt data must always be encrypted at rest.</p>

<p>All data must be protected in transit.</p>

<p>Userג€™s expense account number must be visible only to logged in users. All other views of the expense account number should include only the last segment, with the remaining parts obscured.</p>

<p>In the case of a security breach, access to all summary reports must be revoked without impacting other parts of the system.</p>

<p>Issues -</p>

<p>Upload format issue -</p>

<p>Employees occasionally report an issue with uploading a receipt using the web application. They report that when they upload a receipt using the Azure File</p>

<p>Share, the receipt does not appear in their profile. When this occurs, they delete the file in the file share and use the web application, which returns a 500 Internal</p>

<p>Server error page.</p>

<p>Capacity issue -</p>

<p>During busy periods, employees report long delays between the time they upload the receipt and when it appears in the web application.</p>

<p>Log capacity issue -</p>

<p>Developers report that the number of log messages in the trace output for the processor is too high, resulting in lost log messages.</p>

<p>Application code -</p>

<p>Processing.cs – (SEE IMAGE)</p>

<p>Database.cs – (SEE IMAGE)</p>

<p>ReceiptUploader.cs – (SEE IMAGE)</p>

<p>ConfigureSSE.ps1 – (SEE IMAGE)</p>

<p>Question You need to resolve the capacity issue.</p>

<p>What should you do?</p>

<p> A. Convert the trigger on the Azure Function to an Azure Blob storage trigger</p>

<p> B. Ensure that the consumption plan is configured correctly to allow scaling</p>

<p> C. Move the Azure Function to a dedicated App Service Plan</p>

<p> D. Update the loop starting on line PC09 to process items in parallel</p>

A

<p>D. Update the loop starting on line PC09 to process items in parallel</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

<p>Case study -</p>

<p>Background -</p>

<p>You are a developer for Litware Inc., a SaaS company that provides a solution for managing employee expenses. The solution consists of an ASP.NET Core Web</p>

<p>API project that is deployed as an Azure Web App.</p>

<p>Overall architecture -</p>

<p>Employees upload receipts for the system to process. When processing is complete, the employee receives a summary report email that details the processing results. Employees then use a web application to manage their receipts and perform any additional tasks needed for reimbursement.</p>

<p>Receipt processing -</p>

<p>Employees may upload receipts in two ways:</p>

<p>Uploading using an Azure Files mounted folder</p>

<p>Uploading using the web application</p>

<p>Data Storage -</p>

<p>Receipt and employee information is stored in an Azure SQL database.</p>

<p>Documentation -</p>

<p>Employees are provided with a getting started document when they first use the solution. The documentation includes details on supported operating systems for</p>

<p>Azure File upload, and instructions on how to configure the mounted folder.</p>

<p>Solution details -</p>

<p>Users table – (SEE IMAGE)</p>

<p>Web Application -</p>

<p>You enable MSI for the Web App and configure the Web App to use the security principal name WebAppIdentity.</p>

<p>Processing -</p>

<p>Processing is performed by an Azure Function that uses version 2 of the Azure Function runtime. Once processing is completed, results are stored in Azure Blob</p>

<p>Storage and an Azure SQL database. Then, an email summary is sent to the user with a link to the processing report. The link to the report must remain valid if the email is forwarded to another user.</p>

<p>Logging -</p>

<p>Azure Application Insights is used for telemetry and logging in both the processor and the web application. The processor also has TraceWriter logging enabled.</p>

<p>Application Insights must always contain all log messages.</p>

<p>Requirements -</p>

<p>Receipt processing -</p>

<p>Concurrent processing of a receipt must be prevented.</p>

<p>Disaster recovery -</p>

<p>Regional outage must not impact application availability. All DR operations must not be dependent on application running and must ensure that data in the DR region is up to date.</p>

<p>Security -</p>

<p>Userג€™s SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins.</p>

<p>All certificates and secrets used to secure data must be stored in Azure Key Vault.</p>

<p>You must adhere to the principle of least privilege and provide privileges which are essential to perform the intended function.</p>

<p>All access to Azure Storage and Azure SQL database must use the applicationג€™s Managed Service Identity (MSI).</p>

<p>Receipt data must always be encrypted at rest.</p>

<p>All data must be protected in transit.</p>

<p>Userג€™s expense account number must be visible only to logged in users. All other views of the expense account number should include only the last segment, with the remaining parts obscured.</p>

<p>In the case of a security breach, access to all summary reports must be revoked without impacting other parts of the system.</p>

<p>Issues -</p>

<p>Upload format issue -</p>

<p>Employees occasionally report an issue with uploading a receipt using the web application. They report that when they upload a receipt using the Azure File</p>

<p>Share, the receipt does not appear in their profile. When this occurs, they delete the file in the file share and use the web application, which returns a 500 Internal</p>

<p>Server error page.</p>

<p>Capacity issue -</p>

<p>During busy periods, employees report long delays between the time they upload the receipt and when it appears in the web application.</p>

<p>Log capacity issue -</p>

<p>Developers report that the number of log messages in the trace output for the processor is too high, resulting in lost log messages.</p>

<p>Application code -</p>

<p>Processing.cs – (SEE IMAGE)</p>

<p>Database.cs – (SEE IMAGE)</p>

<p>ReceiptUploader.cs –(SEE IMAGE)</p>

<p>ConfigureSSE.ps1 – (SEE IMAGE)</p>

<p>Question You need to resolve the log capacity issue.</p>

<p>What should you do?</p>

<p> A. Create an Application Insights Telemetry Filter</p>

<p> B. Change the minimum log level in the host.json file for the function</p>

<p> C. Implement Application Insights Sampling</p>

<p> D. Set a LogCategoryFilter during startup</p>

A

<p>C. Implement Application Insights Sampling</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

<p>Case study -</p>

<p>LabelMaker app -</p>

<p>Coho Winery produces, bottles, and distributes a variety of wines globally. You are a developer implementing highly scalable and resilient applications to support online order processing by using Azure solutions.</p>

<p>Coho Winery has a LabelMaker application that prints labels for wine bottles. The application sends data to several printers. The application consists of five modules that run independently on virtual machines (VMs). Coho Winery plans to move the application to Azure and continue to support label creation.</p>

<p>External partners send data to the LabelMaker application to include artwork and text for custom label designs.</p>

<p>Requirements. Data -</p>

<p>You identify the following requirements for data management and manipulation:</p>

<p>Order data is stored as nonrelational JSON and must be queried using SQL.</p>

<p>Changes to the Order data must reflect immediately across all partitions. All reads to the Order data must fetch the most recent writes.</p>

<p>Requirements. Security -</p>

<p>You have the following security requirements:</p>

<p>Users of Coho Winery applications must be able to provide access to documents, resources, and applications to external partners.</p>

<p>External partners must use their own credentials and authenticate with their organizationג€™s identity management solution.</p>

<p>External partner logins must be audited monthly for application use by a user account administrator to maintain company compliance.</p>

<p>Storage of e-commerce application settings must be maintained in Azure Key Vault.</p>

<p>E-commerce application sign-ins must be secured by using Azure App Service authentication and Azure Active Directory (AAD).</p>

<p>Conditional access policies must be applied at the application level to protect company content.</p>

<p>The LabelMaker application must be secured by using an AAD account that has full access to all namespaces of the Azure Kubernetes Service (AKS) cluster.</p>

<p>Requirements. LabelMaker app -</p>

<p>Azure Monitor Container Health must be used to monitor the performance of workloads that are deployed to Kubernetes environments and hosted on Azure</p>

<p>Kubernetes Service (AKS).</p>

<p>You must use Azure Container Registry to publish images that support the AKS deployment.</p>

<p>Architecture – (SEE IMAGE)</p>

<p>Issues -</p>

<p>Calls to the Printer API App fail periodically due to printer communication timeouts.</p>

<p>Printer communication timeouts occur after 10 seconds. The label printer must only receive up to 5 attempts within one minute.</p>

<p>The order workflow fails to run upon initial deployment to Azure.</p>

<p></p>

<p>Order.json -</p>

<p>Relevant portions of the app files are shown below. Line numbers are included for reference only.</p>

<p>This JSON file contains a representation of the data for an order that includes a single item. (SEE IMAGE)</p>

<p>Question You need to troubleshoot the order workflow.</p>

<p>Which two actions should you perform? Each correct answer presents part of the solution.</p>

<p>NOTE: Each correct selection is worth one point.</p>

<p> A. Review the API connections.</p>

<p> B. Review the activity log.</p>

<p> C. Review the run history.</p>

<p> D. Review the trigger history.</p>

A

<p>C. Review the run history.</p>

<p>D. Review the trigger history.</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

<p>Case study -</p>

<p>Background -</p>

<p>You are a developer for Proseware, Inc. You are developing an application that applies a set of governance policies for Prosewareג€™s internal services, external services, and applications. The application will also provide a shared library for common functionality.</p>

<p>Requirements -</p>

<p>Policy service -</p>

<p>You develop and deploy a stateful ASP.NET Core 2.1 web application named Policy service to an Azure App Service Web App. The application reacts to events from Azure Event Grid and performs policy actions based on those events.</p>

<p>The application must include the Event Grid Event ID field in all Application Insights telemetry.</p>

<p>Policy service must use Application Insights to automatically scale with the number of policy actions that it is performing.</p>

<p>Policies -</p>

<p>Log policy -</p>

<p>All Azure App Service Web Apps must write logs to Azure Blob storage. All log files should be saved to a container named logdrop. Logs must remain in the container for 15 days.</p>

<p>Authentication events -</p>

<p>Authentication events are used to monitor users signing in and signing out. All authentication events must be processed by Policy service. Sign outs must be processed as quickly as possible.</p>

<p>PolicyLib -</p>

<p>You have a shared library named PolicyLib that contains functionality common to all ASP.NET Core web services and applications. The PolicyLib library must:</p>

<p>Exclude non-user actions from Application Insights telemetry.</p>

<p>Provide methods that allow a web service to scale itself.</p>

<p>Ensure that scaling actions do not disrupt application usage.</p>

<p>Other -</p>

<p>Anomaly detection service -</p>

<p>You have an anomaly detection service that analyzes log information for anomalies. It is implemented as an Azure Machine Learning model. The model is deployed as a web service. If an anomaly is detected, an Azure Function that emails administrators is called by using an HTTP WebHook.</p>

<p>Health monitoring -</p>

<p>All web applications and services have health monitoring at the /health service endpoint.</p>

<p>Issues -</p>

<p>Policy loss -</p>

<p>When you deploy Policy service, policies may not be applied if they were in the process of being applied during the deployment.</p>

<p>Performance issue -</p>

<p>When under heavy load, the anomaly detection service undergoes slowdowns and rejects connections.</p>

<p>Notification latency -</p>

<p>Users report that anomaly detection emails can sometimes arrive several minutes after an anomaly is detected.</p>

<p>App code -</p>

<p>EventGridController.cs -</p>

<p>Relevant portions of the app files are shown below. Line numbers are included for reference only and include a two-character prefix that denotes the specific file to which they belong. (SEE IMAGE)</p>

<p>LoginEvent.cs -</p>

<p>Relevant portions of the app files are shown below. Line numbers are included for reference only and include a two-character prefix that denotes the specific file to which they belong. (SEE IMAGE)</p>

<p>Question You need to resolve a notification latency issue.</p>

<p>Which two actions should you perform? Each correct answer presents part of the solution.</p>

<p>NOTE: Each correct selection is worth one point.</p>

<p> A. Set Always On to true.</p>

<p> B. Ensure that the Azure Function is using an App Service plan.</p>

<p> C. Set Always On to false.</p>

<p> D. Ensure that the Azure Function is set to use a consumption plan.</p>

A

<p>A. Set Always On to true.</p>

<p>B. Ensure that the Azure Function is using an App Service plan.</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

<p>. Case study -</p>

<p>Background -</p>

<p>Overview -</p>

<p>You are a developer for Contoso, Ltd. The company has a social networking website that is developed as a Single Page Application (SPA). The main web application for the social networking website loads user uploaded content from blob storage.</p>

<p>You are developing a solution to monitor uploaded data for inappropriate content. The following process occurs when users upload content by using the SPA:</p>

<p>Messages are sent to ContentUploadService.</p>

<p>Content is processed by ContentAnalysisService.</p>

<p>After processing is complete, the content is posted to the social network or a rejection message is posted in its place.</p>

<p>The ContentAnalysisService is deployed with Azure Container Instances from a private Azure Container Registry named contosoimages.</p>

<p>The solution will use eight CPU cores.</p>

<p>Azure Active Directory -</p>

<p>Contoso, Ltd. uses Azure Active Directory (Azure AD) for both internal and guest accounts.</p>

<p>Requirements -</p>

<p>ContentAnalysisService -</p>

<p>The companyג€™s data science group built ContentAnalysisService which accepts user generated content as a string and returns a probable value for inappropriate content. Any values over a specific threshold must be reviewed by an employee of Contoso, Ltd.</p>

<p>You must create an Azure Function named CheckUserContent to perform the content checks.</p>

<p>Costs -</p>

<p>You must minimize costs for all Azure services.</p>

<p>Manual review -</p>

<p>To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using</p>

<p>React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role. All completed reviews must include the reviewerג€™s email address for auditing purposes.</p>

<p>High availability -</p>

<p>All services must run in multiple regions. The failure of any service in a region must not impact overall application availability.</p>

<p>Monitoring -</p>

<p>An alert must be raised if the ContentUploadService uses more than 80 percent of available CPU cores.</p>

<p>Security -</p>

<p>You have the following security requirements:</p>

<p>Any web service accessible over the Internet must be protected from cross site scripting attacks.</p>

<p>All websites and services must use SSL from a valid root certificate authority.</p>

<p>Azure Storage access keys must only be stored in memory and must be available only to the service.</p>

<p>All Internal services must only be accessible from internal Virtual Networks (VNets).</p>

<p>All parts of the system must support inbound and outbound traffic restrictions.</p>

<p>All service calls must be authenticated by using Azure AD.</p>

<p>User agreements -</p>

<p>When a user submits content, they must agree to a user agreement. The agreement allows employees of Contoso, Ltd. to review content, store cookies on user devices, and track userג€™s IP addresses.</p>

<p>Information regarding agreements is used by multiple divisions within Contoso, Ltd.</p>

<p>User responses must not be lost and must be available to all parties regardless of individual service uptime. The volume of agreements is expected to be in the millions per hour.</p>

<p>Validation testing -</p>

<p>When a new version of the ContentAnalysisService is available the previous seven days of content must be processed with the new version to verify that the new version does not significantly deviate from the old version.</p>

<p>Issues -</p>

<p>Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.</p>

<p>Code -</p>

<p>ContentUploadService – (SEE IMAGE)</p>

<p>ApplicationManifest – (SEE IMAGE)</p>

<p>Question You need to deploy the CheckUserContent Azure Function. The solution must meet the security and cost requirements.</p>

<p>Which hosting model should you use?</p>

<p> A. Premium plan</p>

<p> B. App Service plan</p>

<p> C. Consumption plan</p>

A

<p>B. App Service plan</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

<p>Case study -</p>

<p>LabelMaker app -</p>

<p>Coho Winery produces, bottles, and distributes a variety of wines globally. You are a developer implementing highly scalable and resilient applications to support online order processing by using Azure solutions.</p>

<p>Coho Winery has a LabelMaker application that prints labels for wine bottles. The application sends data to several printers. The application consists of five modules that run independently on virtual machines (VMs). Coho Winery plans to move the application to Azure and continue to support label creation.</p>

<p>External partners send data to the LabelMaker application to include artwork and text for custom label designs.</p>

<p>Requirements. Data -</p>

<p>You identify the following requirements for data management and manipulation:</p>

<p>Order data is stored as nonrelational JSON and must be queried using SQL.</p>

<p>Changes to the Order data must reflect immediately across all partitions. All reads to the Order data must fetch the most recent writes.</p>

<p>Requirements. Security -</p>

<p>You have the following security requirements:</p>

<p>Users of Coho Winery applications must be able to provide access to documents, resources, and applications to external partners.</p>

<p>External partners must use their own credentials and authenticate with their organizationג€™s identity management solution.</p>

<p>External partner logins must be audited monthly for application use by a user account administrator to maintain company compliance.</p>

<p>Storage of e-commerce application settings must be maintained in Azure Key Vault.</p>

<p>E-commerce application sign-ins must be secured by using Azure App Service authentication and Azure Active Directory (AAD).</p>

<p>Conditional access policies must be applied at the application level to protect company content.</p>

<p>The LabelMaker application must be secured by using an AAD account that has full access to all namespaces of the Azure Kubernetes Service (AKS) cluster.</p>

<p>Requirements. LabelMaker app -</p>

<p>Azure Monitor Container Health must be used to monitor the performance of workloads that are deployed to Kubernetes environments and hosted on Azure</p>

<p>Kubernetes Service (AKS).</p>

<p>You must use Azure Container Registry to publish images that support the AKS deployment.</p>

<p>Architecture – (SEE IMAGE)</p>

<p>Issues -</p>

<p>Calls to the Printer API App fail periodically due to printer communication timeouts.</p>

<p>Printer communication timeouts occur after 10 seconds. The label printer must only receive up to 5 attempts within one minute.</p>

<p>The order workflow fails to run upon initial deployment to Azure.</p>

<p>Order.json -</p>

<p>Relevant portions of the app files are shown below. Line numbers are included for reference only.</p>

<p>This JSON file contains a representation of the data for an order that includes a single item.</p>

<p>Order.json – (SEE IMAGE)</p>

<p>Question You need to access data from the user claim object in the e-commerce web app.</p>

<p>What should you do first?</p>

<p> A. Write custom code to make a Microsoft Graph API call from the e-commerce web app.</p>

<p> B. Assign the Contributor RBAC role to the e-commerce web app by using the Resource Manager create role assignment API.</p>

<p> C. Update the e-commerce web app to read the HTTP request header values.</p>

<p> D. Using the Azure CLI, enable Cross-origin resource sharing (CORS) from the e-commerce checkout API to the e-commerce web app.</p>

A

<p>C. Update the e-commerce web app to read the HTTP request header values.</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

<p>Case study –</p>

<p>Background -</p>

<p>Overview -</p>

<p>You are a developer for Contoso, Ltd. The company has a social networking website that is developed as a Single Page Application (SPA). The main web application for the social networking website loads user uploaded content from blob storage.</p>

<p>You are developing a solution to monitor uploaded data for inappropriate content. The following process occurs when users upload content by using the SPA:</p>

<p>ג€¢ Messages are sent to ContentUploadService.</p>

<p>ג€¢ Content is processed by ContentAnalysisService.</p>

<p>ג€¢ After processing is complete, the content is posted to the social network or a rejection message is posted in its place.</p>

<p>The ContentAnalysisService is deployed with Azure Container Instances from a private Azure Container Registry named contosoimages.</p>

<p>The solution will use eight CPU cores.</p>

<p>Azure Active Directory -</p>

<p>Contoso, Ltd. uses Azure Active Directory (Azure AD) for both internal and guest accounts.</p>

<p>Requirements -</p>

<p>ContentAnalysisService -</p>

<p>The companyג€™s data science group built ContentAnalysisService which accepts user generated content as a string and returns a probable value for inappropriate content. Any values over a specific threshold must be reviewed by an employee of Contoso, Ltd.</p>

<p>You must create an Azure Function named CheckUserContent to perform the content checks.</p>

<p>Costs -</p>

<p>You must minimize costs for all Azure services.</p>

<p>Manual review -</p>

<p>To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using</p>

<p>React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role. All completed reviews must include the reviewerג€™s email address for auditing purposes.</p>

<p>High availability -</p>

<p>All services must run in multiple regions. The failure of any service in a region must not impact overall application availability.</p>

<p>Monitoring -</p>

<p>An alert must be raised if the ContentUploadService uses more than 80 percent of available CPU cores.</p>

<p>Security -</p>

<p>You have the following security requirements:</p>

<p>Any web service accessible over the Internet must be protected from cross site scripting attacks.</p>

<p>All websites and services must use SSL from a valid root certificate authority.</p>

<p>Azure Storage access keys must only be stored in memory and must be available only to the service.</p>

<p>All Internal services must only be accessible from internal Virtual Networks (VNets).</p>

<p>All parts of the system must support inbound and outbound traffic restrictions.</p>

<p>All service calls must be authenticated by using Azure AD.</p>

<p>User agreements -</p>

<p>When a user submits content, they must agree to a user agreement. The agreement allows employees of Contoso, Ltd. to review content, store cookies on user devices, and track userג€™s IP addresses.</p>

<p>Information regarding agreements is used by multiple divisions within Contoso, Ltd.</p>

<p>User responses must not be lost and must be available to all parties regardless of individual service uptime. The volume of agreements is expected to be in the millions per hour.</p>

<p>Validation testing -</p>

<p>When a new version of the ContentAnalysisService is available the previous seven days of content must be processed with the new version to verify that the new version does not significantly deviate from the old version.</p>

<p>Issues -</p>

<p>Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.</p>

<p>Code -</p>

<p>ContentUploadService – (SEE IMAGE)</p>

<p>ApplicationManifest – (SEE IMAGE)</p>

<p>Question You need to configure the ContentUploadService deployment.</p>

<p>Which two actions should you perform? Each correct answer presents part of the solution.</p>

<p>NOTE: Each correct selection is worth one point.</p>

<p> A. Add the following markup to line CS23: type: Private</p>

<p> B. Add the following markup to line CS24: osType: Windows</p>

<p> C. Add the following markup to line CS24: osType: Linux</p>

<p> D. Add the following markup to line CS23: type: Public</p>

A

<p>A. Add the following markup to line CS23: type: Private</p>

<p>C. Add the following markup to line CS24: osType: Linux</p>

<p><a>https://www.examtopics.com/discussions/microsoft/view/21545-exam-az-204-topic-19-question-1-discussion/</a></p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

<p>Case study -</p>

<p>Background -</p>

<p>Overview -</p>

<p>You are a developer for Contoso, Ltd. The company has a social networking website that is developed as a Single Page Application (SPA). The main web application for the social networking website loads user uploaded content from blob storage.</p>

<p>You are developing a solution to monitor uploaded data for inappropriate content. The following process occurs when users upload content by using the SPA:</p>

<p>ג€¢ Messages are sent to ContentUploadService.</p>

<p>ג€¢ Content is processed by ContentAnalysisService.</p>

<p>ג€¢ After processing is complete, the content is posted to the social network or a rejection message is posted in its place.</p>

<p>The ContentAnalysisService is deployed with Azure Container Instances from a private Azure Container Registry named contosoimages.</p>

<p>The solution will use eight CPU cores.</p>

<p>Azure Active Directory -</p>

<p>Contoso, Ltd. uses Azure Active Directory (Azure AD) for both internal and guest accounts.</p>

<p>Requirements -</p>

<p>ContentAnalysisService -</p>

<p>The companyג€™s data science group built ContentAnalysisService which accepts user generated content as a string and returns a probable value for inappropriate content. Any values over a specific threshold must be reviewed by an employee of Contoso, Ltd.</p>

<p>You must create an Azure Function named CheckUserContent to perform the content checks.</p>

<p>Costs -</p>

<p>You must minimize costs for all Azure services.</p>

<p>Manual review -</p>

<p>To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using</p>

<p>React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role. All completed reviews must include the reviewerג€™s email address for auditing purposes.</p>

<p>High availability -</p>

<p>All services must run in multiple regions. The failure of any service in a region must not impact overall application availability.</p>

<p>Monitoring -</p>

<p>An alert must be raised if the ContentUploadService uses more than 80 percent of available CPU cores.</p>

<p>Security -</p>

<p>You have the following security requirements:</p>

<p>Any web service accessible over the Internet must be protected from cross site scripting attacks.</p>

<p>All websites and services must use SSL from a valid root certificate authority.</p>

<p>Azure Storage access keys must only be stored in memory and must be available only to the service.</p>

<p>All Internal services must only be accessible from internal Virtual Networks (VNets).</p>

<p>All parts of the system must support inbound and outbound traffic restrictions.</p>

<p>All service calls must be authenticated by using Azure AD.</p>

<p>User agreements -</p>

<p>When a user submits content, they must agree to a user agreement. The agreement allows employees of Contoso, Ltd. to review content, store cookies on user devices, and track userג€™s IP addresses.</p>

<p>Information regarding agreements is used by multiple divisions within Contoso, Ltd.</p>

<p>User responses must not be lost and must be available to all parties regardless of individual service uptime. The volume of agreements is expected to be in the millions per hour.</p>

<p>Validation testing -</p>

<p>When a new version of the ContentAnalysisService is available the previous seven days of content must be processed with the new version to verify that the new version does not significantly deviate from the old version.</p>

<p>Issues -</p>

<p>Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.</p>

<p>Code -</p>

<p>ContentUploadService – (SEE IMAGE)</p>

<p>ApplicationManifest – (SEE IMAGE)</p>

<p>Question You need to store the user agreements.</p>

<p>Where should you store the agreement after it is completed?</p>

<p> A. Azure Storage queue</p>

<p> B. Azure Event Hub</p>

<p> C. Azure Service Bus topic</p>

<p> D. Azure Event Grid topic</p>

A

<p>B. Azure Event Hub</p>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

az-204 (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions