Azure Quiz 01

Question 1

You have an app named App1 that uses an on-premises PostgreSQL database named DB1. You plan to migrate DB1 to an Azure Database for PostgreSQL. You need to enable customer-managed Transparent Data Encryption (TDE) for the database. The solution must maximize encryption strength. Which type of encryption algorithm and key length should you use for the TDE protector?

Question 2

You have a web application that uses Azure SQL Database as its backend. The database contains sensitive customer data that must be protected from unauthorized access. You need to recommend a solution that implements row-level security (RLS) in the database. The solution must meet the following requirements: * Allow users to access only the data that is relevant to them. * Ensure that users cannot access data that is not relevant to them. * Minimize the amount of administration required to manage the security. What should you include in the recommendation?

Question 3

You are designing an Azure solution that requires highly available and scalable message processing. The solution must ensure that no messages are lost, even during a zone outage, and must minimize costs. Which Azure service should you use?

Question 4

You have an Azure AD tenant that has a security group named Group1. Group1 is configured for assigned memberships and has several members, including guest users. You need to ensure that Group1 is evaluated every month to identify any members who no longer require access. What solution should you recommend?

Question 5

You plan to deploy an Azure web app that will store sensitive data. The web app will access a database server that also stores sensitive data. You need to ensure that sensitive data is encrypted at rest and in transit. What should you include in the solution?

Question 6

You are designing an Azure solution that requires a highly available and scalable message broker with the following requirements: The message broker must support publish-subscribe messaging patterns and message persistence. The message broker must be able to scale elastically to accommodate a growing number of messages and subscribers. The solution must minimize costs while meeting the above requirements. Which Azure service should you use?

Question 7

You are designing an Azure environment that will contain many virtual machines. You need to ensure that all virtual machines are configured according to the organization’s policies. Which Azure Policy scope should you use to achieve this goal?

Question 8

You are designing an Azure solution for a company that requires a highly available and scalable container orchestration platform with the following requirements: The platform must support multiple container runtimes and orchestration engines. The platform must be able to scale elastically to accommodate a growing number of containers and workloads. The solution must minimize costs while meeting the above requirements. Which Azure service should you use?

Question 9

You are responsible for managing an Azure environment that contains many virtual machines. You need to generate a monthly report of all new virtual machine deployments. Which solution should you recommend?

Question 10

You need to design a highly available Azure SQL database that meets the following requirements: ✑ The database must support read scale-out. ✑ The database must remain available in the event of a regional outage. ✑ Costs must be minimized. Which deployment option should you use?

Question 11

You have an Azure Active Directory (Azure AD) tenant that syncs with an on-premises Active Directory domain. You need to provide users with a way to request access to a specific resource. The request must be approved by a designated approver before access is granted. What should you do?

Question 12

You plan to deploy 5 applications to Azure. The applications will be deployed to a single Azure Kubernetes Service (AKS) cluster that is deployed to an Azure region. The application deployment must meet the following requirements: ✑ Ensure that the applications remain available if a single pod fails. ✑ Ensure that the connection traffic over the internet is encrypted by using SSL without having to configure SSL on each container. Which service should you include in the recommendation?

Question 13

You have an Azure subscription that contains an Azure Kubernetes Service (AKS) cluster. You need to ensure that the AKS cluster can authenticate to Azure AD to access Azure resources. What should you use?

Question 14

You are the IT administrator for a large organization that uses a variety of on-premises and cloud-based services. One of the services used by the organization is a SQL Server instance running on an Azure virtual machine. You need to recommend a disaster recovery solution that meets the following requirements: Provides near real-time data replication to a secondary location in a different Azure region. Supports an RTO of 10 minutes. Supports an RPO of 5 minutes. Minimizes costs while providing the necessary level of protection. What solution should you recommend?

Question 15

You are designing a new Azure solution that requires a database. The database must support SQL commands and have the ability to scale out to support a high number of read operations. The solution must also be cost-effective. Which Azure database service should you recommend?

Question 16

Introductory Info Case Study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.Overview -Fabrikam, Inc. is an engineering company that has offices throughout Europe. The company has a main office in London and three branch offices in Amsterdam,Berlin, and Rome.Existing Environment: Active Directory EnvironmentThe network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests.Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication.Rd.fabrikam.com is used by the research and development (R&D) department only. The R&D department is restricted to using on-premises resources only.Existing Environment: Network InfrastructureEach office contains at least one domain controller from the corp.fabrikam.com domain. The main office contains all the domain controllers for the rd.fabrikam.com forest.All the offices have a high-speed connection to the internet.An existing application named WebApp1 is hosted in the data center of the London office. WebApp1 is used by customers to place and track orders. WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V.The IT department currently uses a separate Hyper-V environment to test updates to WebApp1.Fabrikam purchases all Microsoft licenses through a Microsoft Enterprise Agreement that includes Software Assurance.Existing Environment: Problem StatementsThe use of WebApp1 is unpredictable. At peak times, users often report delays. At other times, many resources for WebApp1 are underutilized.Requirements: Planned Changes -Fabrikam plans to move most of its production workloads to Azure during the next few years, including virtual machines that rely on Active Directory for authentication.As one of its first projects, the company plans to establish a hybrid identity model, facilitating an upcoming Microsoft 365 deployment.All R&D operations will remain on-premises.Fabrikam plans to migrate the production and test instances of WebApp1 to Azure.Requirements: Technical RequirementsFabrikam identifies the following technical requirements: Website content must be easily updated from a single point. User input must be minimized when provisioning new web app instances. Whenever possible, existing on-premises licenses must be used to reduce cost. Users must always authenticate by using their corp.fabrikam.com UPN identity. Any new deployments to Azure must be redundant in case an Azure region fails. Whenever possible, solutions must be deployed to Azure by using the Standard pricing tier of Azure App Service. An email distribution group named IT Support must be notified of any issues relating to the directory synchronization services. In the event that a link fails between Azure and the on-premises network, ensure that the virtual machines hosted in Azure can authenticate to Active Directory. Directory synchronization between Azure Active Directory (Azure AD) and corp.fabrikam.com must not be affected by a link failure between Azure and the on- premises network.Requirements: Database RequirementsFabrikam identifies the following database requirements: Database metrics for the production instance of WebApp1 must be available for analysis so that database administrators can optimize the performance settings. To avoid disrupting customer access, database downtime must be minimized when databases are migrated. Database backups must be retained for a minimum of seven years to meet compliance requirements.Requirements: Security RequirementsFabrikam identifies the following security requirements: Company information including policies, templates, and data must be inaccessible to anyone outside the company. Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an internet link fails. Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials. All administrative access to the Azure portal must be secured by using multi-factor authentication (MFA). The testing of WebApp1 updates must not be visible to anyone outside the company. Question You need to recommend a solution to meet the database retention requirements.What should you recommend?

Question 17

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You plan to deploy multiple instances of an Azure web app across several Azure regions.You need to design an access solution for the app. The solution must meet the following replication requirements:✑ Support rate limiting.✑ Balance requests between all instances.✑ Ensure that users can access the app in the event of a regional outage.Solution: You use Azure Load Balancer to provide access to the app.Does this meet the goal?

Question 18

You need to deploy a web application on Azure that requires the use of custom software that cannot be installed on a PaaS offering. The solution must meet the following requirements: The application must be highly available within a single region. The application must be able to scale to handle large volumes of user traffic. The application must use a managed database service. Which Azure services should you use to achieve these requirements?

Question 19

You are designing an Azure IoT solution that will include 1 million devices. Each device will stream data, including pressure, device ID, and time data. Approximately 1 million records will be written every second. The data will be visualized in near real-time. You need to recommend a service to store and query the data. Which two services can you recommend?

Question 20

You have an Azure AD tenant that has multiple security groups with assigned memberships. Each group has several members, including guest users. You need to ensure that all security groups are evaluated every three months to identify any members who no longer require access. What solution should you recommend?

Question 21

You are designing an application that requires low-latency reads and writes with strong consistency. The application also needs to scale horizontally as demand increases. Which database solution should you recommend?

Question 22

You have 100 servers that run Windows Server 2016 and host Microsoft SQL Server 2017 instances. The instances host databases that have the following characteristics: ✑ Stored procedures are implemented by using CLR. ✑ The largest database is currently 6 TB. None of the databases will ever exceed 8 TB. You plan to move all the data from SQL Server to Azure. You need to recommend a service to host the databases. The solution must meet the following requirements: ✑ Minimize the downtime during the migration process. ✑ Ensure that the databases can be accessed from any geographical location. ✑ Support automatic scaling of resources to handle varying workloads. What should you include in the recommendation?

Question 23

You are designing an Azure solution for a company that requires a highly secure and scalable identity and access management platform with the following requirements: The platform must support multi-factor authentication and conditional access policies. The platform must be able to scale elastically to accommodate a growing number of users and applications. The solution must maximize security while meeting the above requirements. Which Azure service should you use?

Question 24

You are planning an Azure IoT Hub solution that will include 500,000 IoT devices. Each device will stream data, including images, device ID, and time data. Approximately 500,000 records will be written every second. The data will be visualized in real-time. You need to recommend a service to store and query the data. Which two services can you recommend? Each correct answer presents a complete solution

Question 25

You have an app named App1 that uses an on-premises PostgreSQL database named DB1. You plan to migrate DB1 to an Azure Database for PostgreSQL. You need to enable customer-managed Transparent Data Encryption (TDE) for the database. The solution must maximize encryption strength. Which type of encryption algorithm and key length should you use for the TDE protector?