Exam Question Flashcards
Question #27
You are preparing to deploy a website to an Azure Web App from a GitHub repository. The website includes static content generated by a script.
You plan to use the Azure Web App continuous deployment feature.
You need to run the static generation script before the website starts serving traffic.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Add the path to the static content generation tool to WEBSITE_RUN_FROM_PACKAGE setting in the host.json file.
B. Add a PreBuild target in the websites csproj project file that runs the static content generation script.
C. Create a file named run.cmd in the folder /run that calls a script which generates the static content and deploys the website.
D. Create a file named .deployment in the root of the repository that calls a script which generates the static content and deploys the website.
Correct Answer: AD
A: In Azure, you can run your functions directly from a deployment package file in your function app. The other option is to deploy your files in
the
\wwwroot directory of your function app (see A above).
To enable your function app to run from a package, you just add a setting to your function app settings.
Note: The host.json metadata file contains global configuration options that affect all functions for a function app.
D: To customize your deployment, include a .deployment file in the repository root.
You just need to add a file to the root of your repository with the name .deployment and the content:
You are developing an application to use Azure Blob storage. You have configured Azure Blob storage to include change feeds.
A copy of your storage account must be created in another region. Data must be copied from the current storage account to the new storage
account directly between the storage servers.
You need to create a copy of the storage account in another region and copy the data.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the
- Use AzCopy to copy the data to the new storage account
- Export a Resource Manager Template
- Modify the template by changing the storage account name and region
- Create a new Template deployment
- Deploy the template to create a new storage account in the target region
- Create a new Template deployment
- Export a Resource Manager Template
- Modify the template by changing the storage account name and region
- Deploy the template to create a new storage account in the target region
- Use AzCopy to copy the data to the new storage account
You are preparing to deploy an Azure virtual machine (VM)-based application.
The VMS that run the application have the following requirements:
When a VM is provisioned the firewall must be automatically configured before it can access Azure resources.
Supporting services must be installed by using an Azure PowerShell script that is stored in Azure Storage.
You need to ensure that the requirements are met.
Which features should you use? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than
once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
choice here:
Features
Serial console
Custom Script Extension
Run Command
Hybrid Runbook Worker
Requirement
Firewall configuration - {Answer here}
Supporting serivces script - {Answer here}
Firewall configuration -> Run Command
Supporting serivces script -> Hybrid Runbook Worker
A company is developing a Node.js web app. The web app code is hosted in a GitHub repository located at
The web app must be reviewed before it is moved to production. You must deploy the initial code release to a deployment slot named review.
You need to create the web app and deploy the code.
How should you complete the commands? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
$gltrepo=”https://github.convTailSpinToys,’webapp”
$webappnarne=TailSpinToysWeb”
{dropdown}-Name myResourceGroup -Location $location
New-AzWebAppSlot
New-AzWebApp
New-AzAppServicePlan
New-AzResourceGroup
{dropdown}-Name $webappname -Location $location -ResourceGroupName myResourceGroup -Tier Standard
New-AzWebAppSlot
New-AzWebApp
New-AzAppServicePlan
New-AzResourceGroup
{dropdown}-Name $webappname -Location $location -AppServicePlan $webappname -ResourceGroupName myResourceGroup
New-AzWebAppSlot
New-AzWebApp
New-AzAppService
New-AzResourceGroup
{dropdown}Name $webappname -ResourceGroupName myResourceGroup -Slot review
New-AzWebAppSlot
New-AzWebApp
New-AzAppServicePlan
New-AzResourceGroup
$ProperiesObject = “$gitrepo”;branch = “master”;}
Set-AzResource -PropertyObject $PropertiesObject -ResourceGroupName myResourceGroup -ResourceType
Microsoft. Web/sites/slots/sourcecontrols -ResourceName $webappname/revtew/web -ApiVersion 2015-08-01 -Force
Switch-AzWebAppSlot -Name $webappname -ResourceGroupName myResourceGroup
-SourceSlotNarne review -DestinationSlotName production
{dropdown}-Name myResourceGroup -Location $location
New-AzResourceGroup
{dropdown}-Name $webappname -Location $location -ResourceGroupName myResourceGroup -Tier Standard
New-AzAppServicePlan
{dropdown}-Name $webappname -Location $location -AppServicePlan $webappname -ResourceGroupName myResourceGroup
New-AzWebApp
{dropdown}Name $webappname -ResourceGroupName myResourceGroup -Slot review
New-AzWebAppSlot
You are developing an application that needs access to an Azure virtual machine (VM).
The access lifecycle for the application must be associated with the VM service instance.
You need to enable managed identity for the VM.
How should you complete the PowerShell segment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area
$vm = Get-AzVM -ResourceGroupName “ContosoRG” -Name “ContosoVM”
Update-AzVM -ResourceGroupName “ContosoRG” -VM $vm {dropdown1} {dropdown2}
dropdown1
-Assignldentity:
IdentityType :
dropdown2
$SystemAssigned
$UserAssigned
Correct Answer:
Box 1: -IdentityType -
Enable system-assigned managed identity on an existing Azure VM:
To enable a system-assigned managed identity, use the -IdentityType switch on the Update-AzVM cmdlet (see below).
Box 2: $SystemAssigned -
$vm = Get-AzVM -ResourceGroupName myResourceGroup -Name myVM
Update-AzVM -ResourceGroupName myResourceGroup -VM Svm -IdentityType SystemAssigned
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-powershell-windows-vm
You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos
in Azure
Storage Blob storage. The storage account type is General-purpose V2.
When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-
friendly version of the image must start in less than one minute.
You need to design the process that starts the photo processing.
Solution: Create an Azure Function app that uses the Consumption hosting model and that is triggered from the blob upload.
Does the solution meet the goal?
A. Yes
B. No
Correct Answer: A
Yes, the solution meets the goal. Creating an Azure Function app that uses the Consumption hosting model and is triggered by the blob upload is an effective way to start the photo processing quickly. Azure Functions can respond to events in near real-time, ensuring that the process to produce a mobile-friendly version of the image starts within the required timeframe1.
Upload and analyze a file with Azure Functions and Blob Storage
https://learn.microsoft.com/en-us/azure/storage/blobs/blob-upload-function-trigger
In this tutorial, you’ll learn how to upload an image to Azure Blob Storage and process it using Azure Functions and Computer Vision. You’ll also learn how to implement Azure Function triggers and bindings as part of this process.
You develop and deploy an Azure App Service API app to a Windows-hosted deployment slot named Development. You create additional
deployment slots named Testing and Production. You enable auto swap on the Production deployment slot.
You need to ensure that scripts run and resources are available before a swap operation occurs.
Solution: Update the app with a method named statuscgheck to run the scripts. Update the app settings for the app. Set the
WEBSITE_SWAP_WARMUP_PING_PATH and WEB_SWAP_WARMUP_PING_STATUS with a path to the new method and appropriate response
codes.
Does the solution meet the goal?
A. No
B. Yes
Correct Answer: B
Yes, the solution meets the goal. By updating the app with a method named statuscheck to run the scripts and configuring the app settings with WEBSITE_SWAP_WARMUP_PING_PATH and WEB_SWAP_WARMUP_PING_STATUS, you ensure that the necessary scripts run and resources are available before a swap operation occurs. This setup leverages Azure’s built-in health check feature to validate the app’s readiness before completing the swap1.
You create the following PowerSheII script:
$source New-AzSchedu1edQueryRu1eSource -Query ‘Heartbeat I where TimeGenerated > ago(lh)’ -DataSourceId “contoso”
$schedule New-AzSchedu1edQueryRu1eSchedu1e -FrequencyInMinutes 60 -TimeWindowInMinutes 60
$triggerCondition - New-AzSchedu1edQueryRuleTriggerCondition -ThresholdOperator “LessThan” -Threshold 5
$aznsActionGroup * New-AzScheduledQueryRuleAznsActionGroup -ActionGroup “contoso” -EmailSubject “Custom email subject”
-CustomWebhookPay10ad “{ * “alert’”: * “#alertrulename’”,
$a1ertingAction New-AzSchedu1edQueryRu1eA1ertingAction -AznsAction
$aznsActionGroup -Severity “3” -Trigger $triggerCondition
New-AzSchedu1edQueryRu1e -ResourceGroupName “contoso” -Location “eastus” -Action $alertingAction -Enabled $true
-Description “Alert description” -Schedule $schedule -Source $source -Name “Alert Name”
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area
A log alert is created that sends an email when the CPU
percentage is above 60 percent for five minutes.
A. No
B. Yes
A log alert is created that sends an email when the number of
virtual machine heartbeats in the past hour is less than five.
A. No
B. Yes
The log alert is scheduled to run every two hours.
A. No
B. Yes
Box 1: No
The AzScheduledQueryRuleSource is Heartbeat, not CPU.
Box 2: Yes -
The AzScheduledQueryRuleSource is Heartbeat!
Note: New-AzScheduledQueryRuleTriggerCondition creates an object of type Trigger Condition. This object is to be passed to the command that creates Alerting Action object.
Box 3: No -
The schedule is 60 minutes, not two hours.
-FrequencyInMinutes: The alert frequency.
-TimeWindowlnMinutes: The alert time window
The New-AzAscheduIedQueryRuIeScheduIe command creates an object of type Schedule. This object is to be passed to the command that
creates Log Alert
Rule.
You are developing an Azure Function app.
The app must meet the following requirements:
Enable developers to write the functions by using the Rust language.
Declaratively connect to an Azure Blob Storage account.
You need to implement the app.
Which Azure Function app features should you use? To answer, drag the appropriate features to the correct requirements. Each feature may be
used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Enable developers to write the functions by using the Rust language. Which feature should I use? {Box 1)
And
Declaratively connect to an Azure Blob Storage Trigger account. Which feature should I use? {Box 2}
Choose :
Custom handler
Extension bundle
Trigger
Runtime
Policy
Hosting plan
Box 1: Custom handler
Custom handlers can be used to create functions in any language or runtime by running an HTTP server process, for example Go or Rust.
Box 2: Trigger -
Functions are invoked by a trigger and can have exactly one. In addition to invoking the function, certain triggers also serve as bindings. You
may also define multiple bindings in addition to the trigger. Bindings provide a declarative way to connect data to your code.
Reference:
https://docs.microsoft.com/en-us/azure/azure-functions/create-first-function-vs-code-other https://docs.microsoft.com/en-us/dotnet/architecture/serverless/azure-functions
Correct Answer:
Enable developers to write the functions by using Custom handler
the Rust language. {pick one from choose}
Declaratively connect to an Azure Blob Storage Trigger
account. {pick one from choose}
You are developing an ASP.NET Core web application. You plan to deploy the application to Azure Web App for Containers.
The application needs to store runtime diagnostic data that must be persisted across application restarts. You have the following code:
public void SaveDiagData (string data)
var path = Environment. GetEnvironmentVaziabIe (“DIAGDÄTA”) ;
File . WriteAIIText (Path. Combine (path, “data”) , data) ;
You need to configure the application settings so that diagnostic data is stored as required.
How should you configure the web app’s settings? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
App setting: Value:
{dropdown 1} true
DIAGDATA {dropdown 2}
dropdown 1:
LOCALAPPDATA
WEBSITE_LOCALCACHE_ENABLED
DOTNET_HOSTlNG_OPTIMIZATION_CACHE
WEBSITES_ENABLE_APP_SERVICE_STORAGE
dropdown 2:
/home
/local
D:\home
D:\local
App setting: Value:
WEBSITES_ENABLE_APP_SERVICE_STORAGE true
DIAGDATA /home
Correct Answer:
Box 1:
If WEBSITES_ENABLE_APP_SERVICE_STORAGE setting is unspecified or set to true, the /home/ directory will be shared across scale instances,
and files written will persist across restarts
Box 2: /home -
Reference:
https://docs.microsoft.com/en-us/azure/app-service/containers/app-service-linux-faq
You have two Hyper-V hosts named Hostl and Host2_ Hostl has an Azure virtual machine named VMI that was deployed by using a custom
Azure Resource
Manager template.
You need to move ‘VMI to Host2.
What should you do?
A. From the Update management blade, click Enable.
B. From the Overview blade, move VMI to a different subscription.
C. From the Redeploy blade, click Redeploy.
D. From the Profile blade, modify the usage location.
Correct Answer: C
When you redeploy a VM, it moves the VM to a new node within the Azure infrastructure and then powers it back on, retaining all your
configuration options and associated resources.
Reference:
Community vote distribution
You have downloaded an Azure Resource Manager template to deploy numerous virtual machines. The template is based on a current virtual
machine, but must be adapted to reference an administrative password.
You need to make sure that the password is not stored in plain text.
You are preparing to create the necessary components to achieve your goal.
Which Of the following should you create to achieve your goal? Answer by dragging the correct option from the list to the answer area.
Select and Place:
Options
An Azure Key Vault
An Azure Storage account
Azure Active Directory (AD)
Identity Protection
An access policy
An Azure policy
A backup policy
Answer
An Azure Key Vault
An access policy
Your company has an Azure Kubernetes Service (AKS) cluster that you manage from an Azure AD-joined device. The cluster is located in a
resource group.
Developers have created an application named MyApp. MyApp was packaged into a container image.
You need to deploy the YAML manifest file for the application.
Solution: You install the Azure CLI on the device and run the kubectl apply ‘“f myapp.yaml command.
Does this meet the goal?
A. yes
B. No
Correct Answer: A
kubectl apply -f myapp.yaml applies a configuration change to a resource from a file or stdin.
Reference:
https://kubernetes.io/docs/reference/kubectl/overview/
https//docs.microsoft.com/en-us/cli/azure/aks
Community vote distribution
Your company has a web app named WebApp1.
You use the WebJobs SDK to design a triggered App Service background task that automatically invokes a function in the code every time new
data is received in a queue.
You are preparing to configure the service processes a queue data item.
Which of the following is the service you should use?
A. Logic Apps
B. WebJobs
C. Flow
D. Functions
Correct Answer: B
Your company has an Azure Kubernetes Service (AKS) cluster that you manage from an Azure AD-joined device. The cluster is located in a
resource group.
Developers have created an application named MyApp. MyApp was packaged into a container image.
You need to deploy the YAML manifest file for the application.
Solution: You install the docker client on the device and run the docker run -it microsoft/azure-cli:0.10.17 command.
Does this meet the goal?
A. yes
B. No
Correct Answer: B
Your company has an Azure subscription.
You need to deploy a number of Azure virtual machines to the subscription by using Azure Resource Manager (ARM) templates. The virtual
machines will be included in a single availability set.
You need to ensure that the ARM template allows for as many virtual machines as possible to remain accessible in the event of fabric failure or
maintenance.
Which Of the following is the value that you should configure for the platformFaultDomainCount property?
A. 10
B. 30
C. Min value
D. Max Value
Correct Answer: D
The number Of fault domains for managed availability sets varies by region * either two or three per region.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability
Your company has an Azure subscription.
You need to deploy a number of Azure virtual machines to the subscription by using Azure Resource Manager (ARM) templates. The virtual
machines will be included in a single availability set.
You need to ensure that the ARM template allows for as many virtual machines as possible to remain accessible in the event of fabric failure or
maintenance.
Which Of the following is the value that you should configure for the platformlJpdateDomainCount property?
A. 10
B. 20
c. 30
D. 40
Correct Answer: D
Each virtual machine in your availability set is assigned an update domain and a fault domain by the underlying Azure platform. For a given
availability set, five non-user-configurable update domains are assigned by default (Resource Manager deployments can then be increased to
provide up to 20 update domains) to indicate groups of virtual machines and underlying physical hardware that can be rebooted at the same
time.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability
You are creating an Azure Cosmos DB account that makes use of the SQL API. Data will be added to the account every day by a web application.
You need to ensure that an email notification is sent when information is received from IOT devices, and that compute cost is reduced.
You decide to deploy a function app.
Which of the following should you configure the function app to use? Answer by dragging the correct options from the list to the answer area.
Select and place:
Options
Azure Cosmos DB
connector
SendGrid action
consumption plan
Azure Event Hubs
binding
SendGrid binding
Answer
consumption plan
SendGrid binding
This question requires that you evaluate the underlined text to determine if it is correct.
You company has an on-premises deployment of MongoDB, and an Azure Cosmos DB account that makes use of the MongoDB API.
You need to devise a strategy to migrate MongoDB to the Azure Cosmos DB account.
You include the Data Management Gateway tool in your migration strategy.
Instructions: Review the underlined text. If it makes the statement correct, select ‘No change required.’ If the statement is incorrect, select the
answer choice that makes the statement correct.
A. NO change required
B. mongorestore
C. Azure Storage Explorer
D. AzCopy
Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/mongodb-migrate https://docs.mongodb.com/manual/reference/program/mongorestore/
You are developing an e-Commerce Web App.
You want to use Azure Key Vault to ensure that sign-ins to the e-Commerce Web App are secured by using Azure App Service authentication and
Azure Active
Directory (AAD).
What should you do on the e-Commerce Web App?
A. Run the az keyvault secret command.
B. Enable Azure AD Connect.
C. Enable Managed Service Identity (MSI).
D. Create an Azure AD service principal.
Correct Answer: C
A managed identity from Azure Active Directory allows your app to easily access other AAD-protected resources such as Azure Key Vault.
Reference:
https://docs-microsoft.com/en-us/azure/app-service/overview-managed-identity https://docs.microsoft.com/en-us/samples/azu re-
samples/app-service-msi-keyvault-dotnet/keyvault-msi-appservice-sample/
This question requires that you evaluate the underlined text to determine if it is correct.
Your Azure Active Directory Azure (Azure AD) tenant has an Azure subscription linked to it.
Your developer has created a mobile application that obtains Azure AD access tokens using the OAuth 2 implicit grant type.
The mobile application must be registered in Azure AD.
You require a redirect URI from the developer for registration purposes.
Instructions: Review the underlined text. If it makes the statement correct, select *NO change is needed. * If the statement is incorrect, select the
answer choice that makes the statement correct
A. No change required.
B. a secret
C. a login hint
D. a client ID
Correct Answer: A
For Native Applications you need to provide a Redirect URI, which Azure AD will use to return token responses.
Reference:
You are creating an Azure key vault using PowerShell. Objects deleted from the key vault must be kept for a set period of 90 days.
Which two of the following parameters must be used in conjunction to meet the requirement? (Choose two.)
A. EnabledForDepIoyment
B. EnablePurgeProtection
C. EnabledForTempIateDepIoyment
D. EnableSoftDeIete
Correct Answer: BD
Reference:
https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/new-azurermkeyvault https://docs.microsoft.com/en-us/azure/key-
vault/key-vault-ovw-soft-delete
You have an Azure Active Directory (Azure AD) tenant.
You want to implement multi-factor authentication by making use of a conditional access policy. The conditional access policy must be applied to
all users when they access the Azure portal.
Which three settings should you configure? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area
Users and groups
O users selected
Cloud apps
O apps selected
Conditions
O conditions selected
Access controls
O Grant controls selected
O Session controls selected
Correct Answer:
Users and groups
O users selected
Cloud apps
O apps selected
Access controls
O Grant controls selected
You manage an Azure SQL database that allows for Azure AD authentication.
You need to make sure that database developers can connect to the SQL database via Microsoft SQL Server Management Studio (SSMS). You
also need to make sure the developers use their on-premises Active Directory account for authentication. Your strategy should allow for
authentication prompts to be kept to a minimum.
Which of the following should you implement?
A. Azure AD token.
B. Azure Multi-Factor authentication.
C. Active Directory integrated authentication.
D. OATH software tokens.
Correct Answer: C
Azure AD can be the initial Azure AD managed domain. Azure AD can also be an on-premises Active Directory Domain Services that is federatec
with the Azure
AD.
Using an Azure AD identity to connect using SSMS or SSDT
The following procedures show you how to connect to a SQL database with an Azure AD identity using SQL Server Management Studio or SQL
Server Database
Tools.
Active Directory integrated authentication
Use this method if you are logged in to Windows using your Azure Active Directory credentials from a federated domain.
I. Start Management Studio or Data Tools and in the Connect to Server (or Connect to Database Engine) dialog box, in the Authentication box,
select Active
Directory - Inteqrated. No password is needed or can be entered because your existinq credentials will be presented for the connection.
