Question 1: Correct
You are planning to develop a mobile application named MobileApp1.
MobileApp1 uses the OAuth 2 implicit grant type to acquire Azure AD access tokens.
What information should you obtain to register MobileApp1 in Azure AD?
Explanation
Register your application with your Azure Active Directory (Azure AD) tenant. This will give you an Application ID for your application, as well as enable it to receive tokens.
At the time of registration, Provide the Redirect URI. For web applications, this is the base URL of your app where users can sign in. For example, http://localhost:12345. For public client (mobile & desktop), Azure AD uses it to return token responses. Enter a value specific to your application. For example, http://MyFirstAADApp
https://docs.microsoft.com/en-us/azure/active-directory/azuread-dev/v1-protocols-oauth-code#register-your-application-with-your-ad-tenant
Question 2: Correct
You are developing an application that uses Azure storage account.
You need to recommend a solution to recover blob data that is deleted accidentally from the storage account for 14 days after the deletion occurred.
What should you recommend?
Explanation
Soft delete protects blob data from being accidentally or erroneously modified or deleted. When soft delete is enabled for a storage account, blobs, blob versions (preview), and snapshots in that storage account may be recovered after they are deleted, within a retention period that you specify.
https://docs.microsoft.com/en-us/azure/storage/blobs/soft-delete-overview
Question 3: Correct
You have deployed an application in Azure and configured below rules in auto scaling
If CPU < 30%, scale-in by 1
If Memory < 50%, scale-in by 1
If CPU > 75%, scale-out by 1
If Memory > 75%, scale-out by 1
Then the follow occurs:
If CPU is 50% and Memory is 76%
What happens to instance count?
Explanation
There are cases where you may have to set multiple rules in a profile. The following autoscale rules are used by the autoscale engine when multiple rules are set.
On scale-out, autoscale runs if any rule is met. On scale-in, autoscale require all rules to be met.
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/autoscale-best-practices
Question 4: Correct
You have deployed a web application into an Azure App Service that uses the D1 pricing tier.
You need to configure that all connections to web application use HTTPS and custom domain.
What should you do first?
Explanation
Secure Sockets Layer (SSL) Certificates for custom domains is available on Basic, Standard and Premium service plans. SSL Certificates enables secure connections (https://) to your custom domain website.
The D1 (Shared) pricing tier does not support HTTPS on custom domains.
https://azure.microsoft.com/en-au/pricing/details/app-service/windows/
Question 5: Correct
You are developing a social networking application using Azure Cosmos DB. You need to record/save the likes and replies for the posts in the social networking application.
The order of replies and likes are not a priority.
Which consistency level is most appropriate?
Explanation
Eventual: There's no ordering guarantee for reads. In the absence of any further writes, the replicas eventually converge.
Eventual consistency is the weakest form of consistency because a client may read the values that are older than the ones it had read before. Eventual consistency is ideal where the application does not require any ordering guarantees. Examples include count of Retweets, Likes, or non-threaded comments. The following graphic illustrates the eventual consistency with musical notes.
https://docs.microsoft.com/en-us/azure/cosmos-db/consistency-levels
Question 6: Correct
You have developed an application using Azure Cosmos DB. The application is used by users across the globe. Some of the users have raised a concern on latency issues.
You have reviewed the logs and enabled Multi-write feature in Azure Cosmos DB to fix latency issues.
What changes should you make in your application code?
Explanation
Once an account has been created with multiple write regions enabled, you must make two changes in your application to the ConnectionPolicy for the DocumentClient to enable the multi-master and multi-homing capabilities in Azure Cosmos DB. Within the ConnectionPolicy, set UseMultipleWriteLocations to true and pass the name of the region where the application is deployed to the SetCurrentLocation. This will populate the PreferredLocations property based on the geo-proximity from location passed in. If a new region is later added to the account, the application does not have to be updated or redeployed, it will automatically detect the closer region and will auto-home on to it should a regional event occur.
https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-multi-master?tabs=api-async
Question 7: Correct
You plan to develop a web application using Azure App Service and Azure Cosmos DB. The web application will send data to the database daily. You need to send an email notification when data is received.
What solution should you recommend keeping compute costs minimal?
Explanation
The Azure Cosmos DB change feed enables efficient processing of large datasets with a high volume of writes. Change feed also offers an alternative to querying an entire dataset to identify what has changed.
Azure Cosmos DB is well-suited for IoT, gaming, retail, and operational logging applications. A common design pattern in these applications is to use changes to the data to trigger additional actions. Examples of additional actions include:
• Triggering a notification or a call to an API, when an item is inserted or updated.
• Real-time stream processing for IoT or real-time analytics processing on operational data.
• Data movement such as synchronizing with a cache, a search engine, a data warehouse, or cold storage.
https://docs.microsoft.com/en-us/azure/cosmos-db/change-feed-design-patterns
Question 8: Correct
You have an application that uses Azure Front Door Service.
You expect that inbound files to be compressed by using Brotli compression.
You discover that inbound XML files are not compressed. The files are 10 megabytes (MB) in size.
You need to find the root cause for the issue.
Select the option as Yes if the option helps you to find root cause, otherwise select No.
1.The file MIME type is supported by the service
2.Edge nodes must be purged of all cache assets
3.The compression type is supported
Explanation
1. The file MIME type is supported by the service. So, this option does not help you to determine the root cause.
2. Edge nodes are not required to be purged. So, this option does not help you to determine the root cause.
3. The compression type is not supported due to size limits. This options provides root cause for not compression.
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-caching#file-compression
Question 9: Correct
You have an ASP.NET Core web app that runs in Docker. The app is mapped to the www. WebApplication.com domain. You are migrating this application to Azure.
You plan to create Azure resources. The application will use an App Service Web App to host the docker image. You need to map a custom domain to the App Service web app.
A resource group named RG1 has been created in the WestUS region.
RG1 contains an App Service Plan named ASP1.
Select the order in which should you use the below CLI commands to create the Azure resources.
1. az webapp config container set
--docker-custom-image-name
$dockerHubContainerPath
--name $appName
--resource-group RG1
2. az webapp config hostname add
--webapp-name $appName
--resource-group RG1 \
--hostname $fqdn
3. az webapp create
--name $appName
--plan ASP1
--resource-group RG1
4. #/bin/bash
appName = “WebApplication$random”
location= “WestUS”
dockerHubContainerPath = “WebApplication/publicweb.v1”
fqdn = “www.WebApplication.com”
Explanation
The order in which commands must be executed are
1. Prepare data or declare variables.
2. Create the web app
3. Set the container
4. Configure custom domain.
https://docs.microsoft.com/en-us/azure/app-service/tutorial-custom-container?pivots=container-linux#push-the-image-to-azure-container-registry
https://docs.microsoft.com/en-us/azure/app-service/scripts/cli-configure-custom-domain
Question 10: Correct
You are developing a server less application on Azure. You created a key vault named KV1 to store and read secrets from an Azure Function.
You need to reference KV1 without making any changes to the application source code.
The identity used to connect to KV1 must be deleted if the Azure function is deleted.
The Azure Function must scale based on the number of incoming requests.
Avoid any cold starts.
Azure Function must be able to connect to a virtual network.
You need to implement the Azure Functions application access to the Azure Key Vault.
Which three actions should you perform in sequence?
Explanation
The Azure Functions Premium plan (sometimes referred to as Elastic Premium plan) is a hosting option for function apps. The Premium plan provides features like VNet connectivity, no cold start, and premium hardware.
A managed identity from Azure Active Directory (Azure AD) allows your app to easily access other Azure AD-protected resources such as Azure Key Vault. The identity is managed by the Azure platform and does not require you to provision or rotate any secrets.
Your application can be granted two types of identities:
A system-assigned identity is tied to your application and is deleted if your app is deleted. An app can only have one system-assigned identity.
A user-assigned identity is a standalone Azure resource that can be assigned to your app. An app can have multiple user-assigned identities.
https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet
https://docs.microsoft.com/en-us/azure/azure-functions/functions-premium-plan
Question 11: Incorrect
You are developing a web app that will use an App Service on Linux.
You create and push a Docker image that contains the web app to Azure Container Registry.
You should be able to access the console logs in real-time generated from inside the container.
Which Azure CLI commands should you use?
Explanation
To access the console logs generated from inside the container, first, turn on container logging by running the following command:
az webapp log config --name <app-name> --resource-group <resource-group-name> --docker-container-logging filesystem
Replace <app-name> and <resource-group-name> with the names appropriate for your web app.
Once container logging is turned on, run the following command to see the log stream:
az webapp log tail --name <app-name> --resource-group <resource-group-name>
If you don't see console logs immediately, check again in 30 seconds.
To stop log streaming at any time, type Ctrl+C.
https://docs.microsoft.com/en-us/azure/app-service/configure-custom-container?pivots=container-linux#access-diagnostic-logs-1
Question 12: Correct
You plan to use Azure messaging solution in an application.
The messaging solution must meet the below requirements:
It must provide transactional support.
It must provide duplicate detection.
Able to store the messages for an unlimited period of time.
Select the two solutions that will meet these requirements.
Explanation
Azure event hub does not support duplicate detection and Azure storage queue does not provide transactional support.
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-azure-and-service-bus-queues-compared-contrasted
Question 13: Correct
You are developing a website that will store the scanned copies of patient health records. If the health records are downloaded from storage by a third party, the contents of the forms must not be compromised.
To achieve the requirement, you plan to store the health records in an Azure Key Vault as secrets.
Did you achieve the requirement?
Explanation
Instead, encrypt the forms and Store the encrypted from in Azure Storage Blob storage.
Question 14: Correct
You are developing a website that will store the scanned copies of patient health records. If the health records are downloaded from storage by a third party, the contents of the forms must not be compromised.
To achieve the requirement, you plan to create an Azure Cosmos DB database with Storage service encryption enabled and store the health records in the database.
Did you achieve the requirement?
Explanation
This approach will encrypt the data at rest. However, once data is read by a 3d party, it is not guaranteed that forms are not compromised.
Question 15: Correct
You are developing a website that will store the scanned copies of patient health records. If the health records are downloaded from storage by a third party, the contents of the forms must not be compromised.
To achieve the requirement, you plan to create an Azure Key Vault key, use the key to encrypt the health records and store the encrypted health records in an Azure Blob storage.
Did you achieve the requirement?
Explanation
Since health records are encrypted with a key, 3rd party cannot modify the forms.
Question 16: Correct
You develop an Azure Function app that uses HTTP trigger. The Azure Function app process data stored in an Azure blob storage. The Azure Function app is triggered using an output binding on the blob.
The Function app continues to time out after four minutes. The Function app must process the blob data.
You need to implement a solution so that the Function app does not time out and processes the blob data.
To achieve the requirement, you plan to use the Durable Function async pattern to process the blob data.
Did you achieve the requirement?
Explanation
The maximum amount of time that an HTTP triggered function can take to respond to a request is 230 seconds. This is because of the default idle timeout of Azure Load Balancer. For longer processing times, consider using the Durable Functions async pattern.
https://docs.microsoft.com/en-us/azure/azure-functions/functions-scale#timeout
Question 17: Correct
You develop an Azure Function app that uses HTTP trigger. The Azure Function app process data stored in an Azure blob storage. The Azure Function app is triggered using an output binding on the blob.
The Function app continues to time out after four minutes. The Function app must process the blob data.
You need to implement a solution so that the Function app does not time out and processes the blob data.
To achieve the requirement, you plan to pass the HTTP trigger payload into an Azure Service Bus queue to be processed by a queue trigger function and return an immediate HTTP success response.
Did you achieve the requirement?
Explanation
Large, long-running functions can cause unexpected timeout issues. Whenever possible, refactor large functions into smaller function sets that work together and return responses fast. For example, a webhook or HTTP trigger function might require an acknowledgment response within a certain time limit; it's common for webhooks to require an immediate response. You can pass the HTTP trigger payload into a queue to be processed by a queue trigger function. This approach lets you defer the actual work and return an immediate response.
https://docs.microsoft.com/en-us/azure/azure-functions/functions-best-practices
Question 18: Correct
You develop an Azure Function app that uses HTTP trigger. The Azure Function app process data stored in an Azure blob storage. The Azure Function app is triggered using an output binding on the blob.
The Function app continues to time out after four minutes. The Function app must process the blob data.
You need to implement a solution so that the Function app does not time out and processes the blob data.
To achieve the requirement, you plan to the app to use an App Service hosting plan and enable the Always On setting.
Did you achieve the requirement?
Explanation
Instead use Durable functions or use a queue/ event hub to pass the payload and trigger function from queue.
https://docs.microsoft.com/en-us/azure/azure-functions/functions-best-practices
Question 19: Correct
You are developing and deploying several ASP.NET web applications to Azure App Service. You plan to use sessions to store user information. You have configure auto-scaling in the Azure App Service.
You need to ensure that session information is not lost when application scales out.
What should you implement?
Explanation
ARR affinity: In a multi-instance deployment, ensure that the client is routed to the same instance for the life of the session. You can set this option to Off for stateless applications. If client is routed to different instances, then session data will be lost.
https://docs.microsoft.com/en-us/azure/app-service/configure-common#configure-connection-strings
Question 20: Correct
You plan to deploy an application into an Azure virtual machine.
Just in time (JIT) access has been enabled on the virtual machine.
What should be your first step to connect to the virtual machine using remote desktop?
Explanation
You can request access to a JIT-enabled VM from the Azure portal (in Security Center or Azure Virtual machines) or programmatically. When a VM has a JIT enabled, you have to request access to connect to it. You can request access in any of the supported ways, regardless of how you enabled JIT.
To request access from Azure virtual machines:
1. In the Azure portal, open the virtual machines pages.
2. Select the VM to which you want to connect, and open the Connect page.
Azure checks to see if JIT is enabled on that VM.
a. If JIT isn't enabled for the VM, you'll be prompted to enable it.
b. If JIT's enabled, select Request access to pass an access request with the requesting IP, time range, and ports that were configured for that VM.
https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-config-asc%2Cjit-request-avm#request-access-to-a-jit-enabled-vm
Question 21: Correct
Which of the following are valid sections in an Azure Resource Manager (ARM) template?
Explanation
The ARM template has the following sections:
Parameters - Provide values during deployment that allow the same template to be used with different environments.
Variables - Define values that are reused in your templates. They can be constructed from parameter values.
User-defined functions - Create customized functions that simplify your template.
Resources - Specify the resources to deploy.
Outputs - Return values from the deployed resources.
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview#template-design
Question 22: Correct
Which Azure RBAC roles allows you to download images from an Azure Container Registry?
Explanation
The Azure Container Registry service supports a set of built-in Azure roles that provide different levels of permissions to an Azure container registry. Use Azure role-based access control (Azure RBAC) to assign specific permissions to users, service principals, or other identities that need to interact with a registry.
https://docs.microsoft.com/bs-latn-ba/azure/container-registry/container-registry-roles
Question 23: Correct
You create a container image named Image1.
The Image1 processes long running tasks.
Which restart policy should you consider for Image1?
Explanation
The restart policy Always will ensure needed processes continue to be available even if a restart is required.
https://docs.microsoft.com/en-us/azure/container-instances/container-instances-restart-policy
Question 24: Correct
You have an Azure Container Registry named Registry1.
You need to publish an image named Image1 to Finance namespace.
Select the command should you use.
Explanation
docker push is the command to push an image to Azure Container registry. The correct format is docker push <registryname>.azureacr.io/<namespace>/<imagename>
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-docker-cli
Question 25: Correct
You plan to deploy a web application in an Azure App Service.
The application logs must be captured and retained for long-term.
Which three actions should you perform in sequence?
Explanation
To enable application logging for Windows apps in the Azure portal, navigate to your app and select App Service logs.
Select On for either Application Logging (Filesystem) or Application Logging (Blob), or both.
The Filesystem option is for temporary debugging purposes, and turns itself off in 12 hours. The Blob option is for long-term logging, and needs a blob storage container to write logs to.
https://docs.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs
