Topic 1, Litware Inc.Overwiew
Background
You are a developer for Litware Inc., a SaaS company that provides a solution for managing employee expenses. The solution consists of an ASP.NET Core Web API project that is deployed as an Azure Web App.
Overall architecture
Employees upload receipts for the system to process. When processing is complete, the employee receives a summary report email that details the processing results. Employees then use a web application to manage their receipts and perform any additional tasks needed for reimbursement
Receipt processing
Employees may upload receipts in two ways:
– Uploading using an Azure Files mounted folder
– Uploading using the web application
Data Storage
Receipt and employee information is stored in an Azure SQL database.
Documentation
Employees are provided with a getting started document when they first use the solution. The documentation includes details on supported operating systems for Azure File upload, and instructions on how to configure the mounted folder.
Solution details
Users table
Web Application
You enable MSI for the Web App and configure the Web App to use the security principal name,
Processing
Processing is performed by an Azure Function that uses version 2 of the Azure Function runtime.
Once processing is completed, results are stored in Azure Blob. Storage and an Azure SQL database. Then, an email summary is sent to the user with a link to the processing report. The link to the report must remain valid if the email is forwarded to another user.
Requirements
Receipt processing
Concurrent processing of a receipt must be prevented.
Logging
Azure Application Insights is used for telemetry and logging in both the processor and the web application. The processor also has Trace Writer logging enabled. Application Insights must always contain all log messages.
Disaster recovery
Regional outage must not impact application availability. All DR operations must not be dependent on application running and must ensure that data in the DR region is up to date.
Security
Users’ SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins.
All certificates and secrets used to secure data must be stored in Azure Key Vault. You must adhere to the Least Privilege Principal. All access to Azure Storage and Azure SQL database must use the application’s Managed Service Identity (MSI).
Receipt data must always be encrypted at rest.
All data must be protected in transit, User’s expense account number must be visible only to logged in users. All other views of the
expense account number should include only the last segment, with the remaining parts obscured. In the case of a security breach, access to all summary reports must be revoked without impacting other parts of the system.
Issues
Upload format issue
Employees occasionally report an issue with uploading a receipt using the web application. They report that when they upload a receipt using the Azure File Share, the receipt does not appear in their profile. When this occurs, they delete the file in the file share and use the web application, which returns a 500 Internal Server error page.
Capacity issue
During busy periods, employees report long delays between the time they upload the receipt and when it appears in the web application.
Log capacity issue
Developers report that the number of log messages in the trace output for the processor is too high, resulting in lost log messages-
Application code
Processing.cs
Database.cs
ReceiptUploader.cs
ConfigureSSE.ps1
DRAG DROP
You need to ensure that the upload format issue is resolved.
What code should you add at line RU14? To answer, drag the appropriate code fragments to the correct locations. Each code fragment may
be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: HttpStatusCode.InternalServerError HttpStatusCode.InternalServerError is equivalent to HTTP status 500. InternalServerError indicates that a generic error has occurred on the server.
Box 2: CannotDeleteFileOrDirectory HttpResponseMessage.ReasonPhrase Property gets or sets the reason phrase which typically is sent by servers together with the status code.
Scenario: Upload format issue Employees occasionally report an issue with uploading a receipt using the web application. They report that when they upload a receipt using the Azure File Share, the receipt does not appear in their profile. When this occurs, they delete the file in the file share and use the web application, which returns a 500 Internal Server error page.
References: https://docs.microsoft.com/enus/dotnet/api/system.net.httpstatuscode?redirectedfrom=MSDN&view=netframework-4.7.2
HOTSPOT
You need to add the Supporting Operating Systems section to the Getting Started document.
How should you complete the section? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:
Scenario: Employees are provided with a getting started document when they first use the solution. The documentation includes details on supported operating systems for Azure File upload, and instructions on how to configure the mounted folder.
You can use Azure file shares on a Windows installation that is running either in an Azure VM or on-premises. The following table illustrates which OS versions support accessing file shares in which environment:
References: https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
HOTSPOT
You need to ensure that security requirements are met.
What value should be used for the ConnectionString field on line DB03 in the Database class? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Integrated Security=SSPI
Integrated security: For all data source types, connect using the current user account. For SqlClient you can use Integrated Security=true; or Integrated Security=SSPI; Scenario: All access to Azure Storage and Azure SQL database must use the application’s
Managed Service Identity (MSI)
Box 2: Encrypt = True Scenario: All data must be protected in transit. References:
https://docs.microsoft.com/en-us/dotnet/framework/data/adonet/connection-string-syntax
HOTSPOT
You need to configure retries in the LoadUserDetails function in the Database class without impacting user experience.
What code should you insert on line DB07? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Policy
RetryPolicy retry = Policy Handle<HttpRequestException>() Retry(3);
The above example will create a retry policy which will retry up to three times if an action fails with an exception handled by the Policy.
Box 2: WaitAndRetryAsync(3,i => TimeSpan.FromMilliseconds(100* Math.Pow(2,i-1))); A common retry strategy is exponential backoff: this allows for retries to be made initially quickly, but then at progressively longer intervals, to avoid hitting a subsystem with repeated frequent calls if the subsystem may be struggling.
Example: Policy Handle<SomeExceptionType>()
WaitAndRetry(3, retryAttempt => TimeSpan.FromSeconds(Math.Pow(2, retryAttempt)) );
References: https://github.com/App-vNext/Polly/wiki/Retry
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution Determine whether the solution meets the stated goals.
You need to ensure that the SecurityPin security requirements are met.
Solution: Enable Always Encrypted for the SecurityPin column using a certificate based on a trusted certificate authority. Update the Getting Started document with instruction to ensure that the certificate is installed on user machines.
Does the solution meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
You need to ensure that the SecurityPin security requirements are met.
Solution: Enable Always Encrypted for the SecurityPin column using a certificate contained in Azure Key Vault and grant the WebAppIdentity service principal access to the certificate.
Does the solution meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
You need to ensure that the SecurityPin security requirements are met. Solution; Using the Azure Portal, add Data Masking to the SecurityPin column, and exclude the dbo user. Add a SQL security policy with a filter predicate based on the user identity.
Does the solution meet the goal?
- A . Yes
- B . No
You need to construct the link to the summary report for the email that is sent to users.
What should you do?
- A . Create a SharedAccessBlobPolicy and add it to the containers SharedAccessPolicies. Call GetSharedAccessSignature on the blob and use the resulting link.
- B . Create a SharedAccessBlobPolicy and set the expiry time to two weeks from today. Call GetSharedAccessSignature on the blob and use the resulting link.
- C . Create a SharedAccessAccountPolicy and call GetsharedAccessSignature on storage account and use the resulting link.
- D . Create a SharedAccessBlobPolicy and set the expiry time to two weeks from today. Call GetSharedAccessSignature on the container and use the resulting link.
DRAG DROP
You need to ensure disaster recovery requirements are met.
What code should you add at line PC16? To answer, drag the appropriate code fragments to the correct locations. Each code fragment may
be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
You need to resolve the log capacity issue.
What should you do?
- A . Implement Application Insights Sampling.
- B . Change the minimum log level in the host.json file for the function.
- C . Create an Application Insights Telemetry Filter.
- D . Set a LogCategoryFilter during startup.
HOTSPOT
You need to ensure that security policies are met.
What code should you add at Line PC26? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You need to ensure the security policies are met.
What code do you add at line CS07?
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
You need to ensure the security policies are met.
What code do you add at line CS07?
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution. Determine whether the solution meets the stated goals. You need to meet the vendor notification requirement.
Solution: Update the Delivery API to send emails by using a cloud -based email service.
Does the solution meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution Determine whether the solution meets the stated goals. You need to meet the vendor notification requirement.
Solution: Configure notifications in the Azure API Management instance.
Does the solution meet the goal?
- A . Yes
- B . No
B
Explanation:
Use a custom outbound Azure API Management policy.
Scenario:
If a vendor is nearing the number of calls or bandwidth limit, the API must trigger email notifications to the vendor. (API usage must not exceed 5,000 calls and 50,000 kilobytes of bandwidth per hour per vendor.)
References: https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-policies
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution.
Determine whether the solution meets the stated goals.
You need to meet the vendor notification requirement.
Solution: Create and apply a custom outbound Azure API Management policy.
Does the solution meet the goal?
- A . Yes
- B . No
A
Explanation:
Scenario: If a vendor is nearing the number of calls or bandwidth limit, the API must trigger email notifications to the vendor. (API usage must not exceed 5,000 calls and 50,000 kilobytes of bandwidth per hour per vendor.)
In Azure API Management (APIM), policies are a powerful capability of the system that allow the publisher to change the behavior of the API through configuration. Policies are a collection of Statements that are executed sequentially on the request or response of an API. Popular Statements include format conversion from XML to JSON and call rate limiting to restrict the amount of incoming calls from a developer. Many more policies are available out of the box.
References: https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-policies
You need to debug the user greeting issue.
What should you use?
- A . Bot Framework Channel Inspector
- B . Bot Connector service
- C . Azure Compute Emulator
- D . Azure Application Insights
- E . Bot Framework Emulator
E
Explanation:
Scenario: The chatbot’s greeting does not show the user’s name. You need to debug the chatbot locally.
Debug your bot using an integrated development environment (IDE) such as Visual Studio or Visual Studio Code and the Bot Framework Emulator. You can use these methods to debug any bot locally.
References: https://docs.microsoft.com/en-us/azure/bot-service/bot-service-debug-bot?view=azure-bot-service
You need to debug the user greeting issue.
What should you use?
- A . Bot Framework Channel Inspector
- B . Bot Connector service
- C . Azure Compute Emulator
- D . Azure Application Insights
- E . Bot Framework Emulator
E
Explanation:
Scenario: The chatbot’s greeting does not show the user’s name. You need to debug the chatbot locally.
Debug your bot using an integrated development environment (IDE) such as Visual Studio or Visual Studio Code and the Bot Framework Emulator. You can use these methods to debug any bot locally.
References: https://docs.microsoft.com/en-us/azure/bot-service/bot-service-debug-bot?view=azure-bot-service
HOTSPOT
You need to update the Inventory API.
Which development tools should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:
Scenario: The Inventory API must be written by using ASP.NET Core and Node.js.
Box 1: Entity Framework Core
Box 2: Code first
References: https://docs.microsoft.com/en-us/aspnet/mvc/overview/getting-started/getting-started-with-efusing-mvc/creating-an-entity-framework-data-model-for-an-asp-net-mvc-application
You need to implement the purchase requirement.
What should you do?
- A . Use the Bot FrameworkREST API attachment operations to send the user’s voice and the Speech Service API to recognize intents.
- B . Use the Direct line REST API to send the user’s voice and the Speech Service API to recognize intents.
- C . Use the Speech Service API to send the user’s voice and the Bot Framework REST API conversation operations to recognize intents.
- D . Use the Bot Framework REST API conversation operations to send the user’s voice and the Speech Service API to recognize intents.
D
Explanation:
Scenario: Enable users to place an order for delivery or pickup by using their voice. You must develop a chatbot by using the Bot Builder SDK and Language Understanding Intelligence Service (LUIS). The chatbot must allow users to order food for pickup or delivery.
The Bot Framework REST APIs enable you to build bots that exchange messages with channels configured in the Bot Framework Portal, store and retrieve state data, and connect your own client applications to your bots. All Bot Framework services use industry-standard REST and JSON over HTTPS.
The Speech Service API is used to recognize intents.
References: https://docs.microsoft.com/en-us/azure/bot-service/rest-api/bot-framework-rest-connectorconcepts?view=azure-bot-service-4.0 https://docs.microsoft.com/en-us/azure/cognitive-services/speech-service/how-to-recognizeintents-from-speech-cpp
You need to update the chatbot to greet the user when they sign in.
Which two rich card formats can you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point
- A . Thumbnail
- B . Adaptive
- C . Sign-in
- D . Hero
- E . Animation
A,C
Explanation:
Scenario: The chatbot greeting interface must match the formatting of the following example: A message exchange between user and bot can contain one or more rich cards rendered as a list or carousel. The Attachments property of the Activity object contains an array of Attachment objects that represent the rich cards and media attachments within the message. The Bot Framework currently supports eight types of rich cards:
You need to resolve the delivery API error.
What should you do?
- A . Implement simple retry by using the EnableRetryOnFailure feature of Entity Framework.
- B . Implement exponential backoff by using the EnableRetryOnFailure feature of Entity Framework.
- C . Implement the Circuit Breaker pattern by using the EnableRetryOnFailure feature of Entity Framework.
- D . Invoke accustom execution strategy in Entity Framework.
A
Explanation:
Scenario: The Delivery API intermittently throws the following exception:
A useful method to get rid of this error is to use RETRY LOGIC of Entity Framework 1.1.0 services. AddDbContext<DbContext>(options => options.UseSqlServer(‘yourconnectionstring’,
…sqlServerOptionsAction: sqlOptions =>
…{
……sqlOptions.EnableRetryOnFailure(
………maxRetryCount: 5,
………maxRetryDelay: TimeSpan.FromSeconds(30),
………errorNumbersToAdd: new List<int>() { 19 });
…}));
In Retry logic, error 19 is not included. So you have to pass the error code 19 to set retry logic for error code 19.
References: https://stackoverflow.com/questions/47558062/error-19-physical-connection-error/47559967
Note: In this section you will see one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem, and you must determine whether the solution meets the stated goals. More than one solution might solve the problem. It is also possible that none of the solutions solve the problem.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
You need to meet the vendor notification requirement.
Solution: Update the Delivery API to send emails by using a Microsoft Office 365 SMTP server.
Does the solution meet the goal?
- A . Yes
- B . No
B
Explanation:
Use a custom outbound Azure API Management policy.
Scenario: If a vendor is nearing the number of calls or bandwidth limit, the API must trigger email notifications to the vendor. (API usage must not exceed 5,000 calls and 50,000 kilobytes of bandwidth per hour per vendor.)
References: https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-policies
Note: In this section you will see one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem, and you must determine whether the solution meets the stated goals. More than one solution might solve the problem. It is also possible that none of the solutions solve the problem.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
You need to meet the vendor notification requirement.
Solution: Update the Delivery API to send emails by using a Microsoft Office 365 SMTP server.
Does the solution meet the goal?
- A . Yes
- B . No
B
Explanation:
Use a custom outbound Azure API Management policy.
Scenario: If a vendor is nearing the number of calls or bandwidth limit, the API must trigger email notifications to the vendor. (API usage must not exceed 5,000 calls and 50,000 kilobytes of bandwidth per hour per vendor.)
References: https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-policies
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
You need to ensure that authentication events are triggered and processed according to the policy.
Solution: Ensure that signout events have a subject prefix. Create an Azure Event Grid subscription that uses the subject Begins With filter.
Does the solution meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
You need to ensure that authentication events are triggered and processed according to the policy.
Solution: Create separate Azure Event Grid topics and subscriptions for sign-in and sign-out events.
Does the solution meet the goal?
- A . Yes
- B . No
A
Explanation:
Scenario: Authentication events are used to monitor users signing in and signing out. All authentication events must be processed by Policy service. Sign outs must be processed as quickly as possible.
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution. Determine whether the solution meets the stated goals. You need to ensure that authentication events are triggered and processed according to the policy.
Solution: Create a new Azure Event Grid topic and add a subscription for the events.
Does the solution meet the goal?
- A . Yes
- B . No
B
Explanation:
Use a separate Azure Event Grid topics and subscriptions for sign-in and sign-out events.
Scenario: Authentication events are used to monitor users signing in and signing out. All authentication events must be processed by Policy service. Sign outs must be processed as quickly as possible.
DRAG DROP
You need to implement the Log policy.
How should you complete the Azure Event Grid subscription? To answer, drag the appropriate JSON segments to the correct locations. Each (SON segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Explanation:
Box 1:WebHook Scenario: If an anomaly is detected, an Azure Function that emails administrators is called by using an HTTP WebHook.
endpointType: The type of endpoint for the subscription (webhook/HTTP, Event Hub, or queue).
Box 2: SubjectBeginsWith
Box 3: Microsoft.Storage.BlobCreated
Scenario: Log Policy All Azure App Service Web Apps must write logs to Azure Blob storage. All log files should be saved to a container named logdrop. Logs must remain in the container for 15 days.
Example subscription schema { "properties": { "destination": { "endpointType": "webhook", "properties": { "endpointUrl": "https://example.azurewebsites.net/api/HttpTriggerCSharp1?code=VXbGWce53l48Mt8wuotr0GP myJ/nDT4hgdFj9DpBiRt38qqnnm5OFg==" } }, "filter": { "includedEventTypes": [ "Microsoft.Storage.BlobCreated", "Microsoft.Storage.BlobDeleted" ], "subjectBeginsWith": "blobServices/default/containers/mycontainer/log", "subjectEndsWith": ".jpg", "isSubjectCaseSensitive ": "true" } } }
References: https://docs.microsoft.com/en-us/azure/event-grid/subscription-creation-schema
DRAG DROP
You need to add code at line EG15 in EventGridController.cs to ensure that the Log policy applies to all services.
How should you complete the code? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Status
Box 2: Succeded
Box 3: operationName
Scenario: Policy service
You develop and deploy a stateful ASP.NET Core 2.1 web application named Policy service to an
Azure App Service Web App. The application reacts to events from Azure Event Grid and
performs policy actions based on those events.
The application must include the Event Grid Event ID field in all Application Insights telemetry.
You need to resolve a notification latency issue.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point
- A . Ensure that the Azure Function is using an App Service plan.
- B . Set Always On to false
- C . Ensure that the Azure Function is set to use a consumption plan.
- D . Set Always On to true.
A,D
Explanation:
Azure Functions can run on either a Consumption Plan or a dedicated App Service Plan. If you run in a dedicated mode, you need to turn on the Always On setting for your Function App to run properly. The Function runtime will go idle after a few minutes of inactivity, so only HTTP triggers will actually "wake up" your functions. This is similar to how WebJobs must have Always On enabled.
Scenario: Notification latency: Users report that anomaly detection emails can sometimes arrive several minutes after an anomaly is detected.
Anomaly detection service: You have an anomaly detection service that analyzes log information for anomalies. It is implemented as an Azure Machine Learning model. The model is deployed as a web service. If an anomaly is detected, an Azure Function that emails administrators is called by using an HTTP WebHook.
References: https://github.com/Azure/Azure-Functions/wiki/Enable-Always-On-when-running-on-dedicatedApp-Service-Plan
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
You need to ensure that authentication events are triggered and processed according to the policy.
Solution: Create a new Azure Event Grid subscription for all authentication that delivers messages to an Azure Event Hub. Use the subscription to process signout events.
Does the solution meet the goal?
- A . Yes
- B . No
B
Explanation:
Use a separate Azure Event Grid topics and subscriptions for sign-in and sign-out events.
Scenario: Authentication events are used to monitor users signing in and signing out. All authentication events must be processed by Policy service. Sign outs must be processed as quickly as possible.
DRAG DROP
You need to ensure that PolicyLib requirements are met.
How should you complete the code segment? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one Point.
You need to ensure that the solution can meet the scaling requirements for Policy Service.
Which Azure Application Insights data model should you use?
- A . an Application Insights metric
- B . an Application Insights dependency
- C . an Application Insights trace
- D . an Application Insights event
You need to meet the scaling requirement for Policy Service.
What should you store in Azure Redis Cache?
- A . HttpContext.Items
- B . ViewState
- C . Session state
- D . TempData
HOTSPOT
You need to tool code at line LE03 of Login Event to ensure that all authentication events are processed correctly.
How should you complete the code? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to resolve the Policy Loss issue.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . Add an Azure Event Hub. Send the policy to the event hub. Configure the Policy service to read actions from the event hub.
- B . Add an Azure Service Bus queue. Send the policy to the queue. Configure the Policy service to read actions from the queue.
- C . Add an Azure Queue storage queue. Send the policy to the queue. Configure the Policy service to read actions from the queue.
- D . Add an Azure Service Bus topic. Send the policy to the topic. Configure the Policy service to read actions from the topic.
Topic 4, Coho WineryLabelMaker app
Coho Winery produces, bottles, and distributes a variety of wines globally. You are a developer implementing highly scalable and resilient applications to support online order processing by using Azure solutions.
Coho Winery has a LabelMaker application that prints labels for wine bottles. The application sends data to several printers. The application consists of five modules that run independently on virtual machines (VMs). Coho Winery plans to move the application to Azure and continue to support label creation.
External partners send data to the LabelMaker application to include artwork and text for custom label designs.
Requirements
Data
You identify the following requirements for data management and manipulation:
– Order data is stored as nonrelational JSON and must be queried using Structured Query Language (SQL).
– Changes to the Order data must reflect immediately across all partitions. All reads to the Order data must fetch the most recent writes.
Security
You have the following security requirements:
– Users of Coho Winery applications must be able to provide access to documents, resources, and applications to external partners.
– External partners must use their own credentials and authenticate with their organization’s identity management solution.
– External partner logins must be audited monthly for application use by a user account administrator to maintain company compliance.
– Storage of e-commerce application settings must be maintained in Azure Key Vault.
– E-commerce application sign-ins must be secured by using Azure App Service authentication and Azure Active Directory (AAD).
– Conditional access policies must be applied at the application level to protect company content.
– The LabelMaker application must be secured by using an AAD account that has full access to all namespaces of the Azure Kubernetes Service (AKS) cluster.
LabelMaker app
Azure Monitor Container Health must be used to monitor the performance of workloads that are deployed to Kubernetes environments and hosted on Azure Kubernetes Service (AKS).
You must use Azure Container Registry to publish images that support the AKS deployment.
Architecture
Issues
Calls to the Printer API App fall periodically due to printer communication timeouts.
Printer communication timeouts occur after 10 seconds. The label printer must only receive up to 5 attempts within one minute
The order workflow fails to run upon initial deployment to Azure.
Order.Json
Relevant portions oi the app files are shown below. Line numbers are included for reference only. The JSON file contains a representation of the data for an order that includes a single item.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution.
Determine whether the solution meets the stated goals.
You need to meet the LabelMaket application
Solution; Create a conditional access policy and assign it to the Azure Kubernetes service cluster.
Does the solution meet the goal?
- A . Yes
- B . No
B
Explanation:
Scenario: The LabelMaker applications must be secured by using an AAD account that has full access to all namespaces of the Azure Kubernetes Service (AKS) cluster.
Before an Azure Active Directory account can be used with the AKS cluster, a role binding or cluster role binding needs to be created.
References: https://docs.microsoft.com/en-us/azure/aks/aad-integration
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
You need to meet the LabelMaker application security requirement.
Solution: Place the Azure Active Directory account into an Azure AD group. Create a ClusterRoleBinding and assign it to the group.
Does the solution meet the goal?
- A . Yes
- B . No
A
Explanation:
Scenario: The LabelMaker applications must be secured by using an AAD account that has full access to all namespaces of the Azure Kubernetes Service (AKS) cluster.
Permissions can be granted within a namespace with a RoleBinding, or cluster-wide with a ClusterRoleBinding.
References: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
You need to meet the LabelMaker application security requirement.
Solution: Create a Microsoft Azure Active Directory service principal and assign it to the Azure Kubernetes Service (AKS) cluster.
Does the solution meet the goal?
- A . Yes
- B . No
HOTSPOT
You need to ensure that you can deploy the LabelMaker application.
How should you complete the CLI commands? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:
Box 1: group Create a resource group with the az group create command. An Azure resource group is a logical group in which Azure resources are deployed and managed.
The following example creates a resource group named myResourceGroup in the westeurope location.
az group create –name myResourceGroup –location westeurope
Box 2: CohoWinterLabelMaker Use the resource group named, which is used in the second command.
Box 3: aks The command az aks create, is used to create a new managed Kubernetes cluster.
Box 4: monitoring Scenario: LabelMaker app Azure Monitor Container Health must be used to monitor the performance of workloads that are deployed to Kubernetes environments and hosted on Azure Kubernetes Service (AKS).
You must use Azure Container Registry to publish images that support the AKS deployment.
DRAG DROP
You need to deploy a new version of the LabelMaker application.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. NOTE: Each correct selection is worth one point.
Explanation:
Step 1: Build a new application image by using dockerfile
Step 2: Create an alias if the image with the fully qualified path to the registry Before you can push the image to a private registry, you’ve to ensure a proper image name. This can be achieved using the docker tag command. For demonstration purpose, we’ll use Docker’s hello world image, rename it and push it to ACR.
# pulls hello-world from the public docker hub
$ docker pull hello-world # tag the image in order to be able to push it to a private registry $ docker tag hello-word <REGISTRY_NAME>/hello-world # push the image $ docker push <REGISTRY_NAME>/hello-world
Step 3: Log in to the registry and push image In order to push images to the newly created ACR instance, you need to login to ACR form the Docker CLI. Once logged in, you can push any existing docker image to your ACR instance.
Scenario: Coho Winery plans to move the application to Azure and continue to support label creation.
LabelMaker app
Azure Monitor Container Health must be used to monitor the performance of workloads that are deployed to Kubernetes environments and hosted on Azure Kubernetes Service (AKS).
You must use Azure Container Registry to publish images that support the AKS deployment.
References: https://thorsten-hans.com/how-to-use-a-private-azure-container-registry-with-kubernetes9b86e67b93b6 https://docs.microsoft.com/en-us/azure/container-registry/container-registry-tutorial-quick-task
You need to troubleshoot the order workflow.
What should you do? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A . Review the run history.
- B . Review the trigger history.
- C . Review the API connections.
- D . Review the activity log.
B,D
Explanation:
Scenario: The order workflow fails to run upon initial deployment to Azure.
Deployment errors arise from conditions that occur during the deployment process. They appear in the activity log.
References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-audit
Note: In this section you will see one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem, and you must determine whether the solution meets the stated goals. More than one solution might solve the problem. It is also possible that none of the solutions solve the problem.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
You need to meet the LabelMaker application security requirement.
Solution: Create a RoleBinding and assign it to the Azure AD account.
Does the solution meet the goal?
- A . Yes
- B . No
B
Explanation:
Scenario: The LabelMaker applications must be secured by using an AAD account that has full access to all namespaces of the Azure Kubernetes Service (AKS) cluster.
Permissions can be granted within a namespace with a RoleBinding, or cluster-wide with a ClusterRoleBinding.
References: https://kubernetes.io/docs/reference/access-authn-authz/rbac/