Question 26: Correct
You are developing an application that uploads videos to an Azure storage container named Container1.
The upload method uses Storage REST APIs.
You need to copy specific blobs from Container1 to Container2 in real time when specific business requirements are met. The copies must exclude backup blobs.
What should you do?
The Start-AzureStorageBlobCopy cmdlet starts to copy a blob
https://docs.microsoft.com/en-us/powershell/module/azure.storage/start-azurestorageblobcopy?view=azurermps-6.13.0
The Put Blob operation creates a new block, page, or append blob, or updates the content of an existing block blob. So in the given options, only Start-AzureStorageBlobCopy cmdlet copies the blob
Question 26: Correct
You are developing an application that uploads videos to an Azure storage container named Container1.
The upload method uses Storage REST APIs.
You need to copy specific blobs from Container1 to Container2 in real time when specific business requirements are met. The copies must exclude backup blobs.
What should you do?
Explanation
The Start-AzureStorageBlobCopy cmdlet starts to copy a blob
https://docs.microsoft.com/en-us/powershell/module/azure.storage/start-azurestorageblobcopy?view=azurermps-6.13.0
The Put Blob operation creates a new block, page, or append blob, or updates the content of an existing block blob. So in the given options, only Start-AzureStorageBlobCopy cmdlet copies the blob
Question 27: Correct
You plan to develop an application that will be deployed to an Azure virtual machine.
The application connects to external services that are authenticated using a secret key.
You plan to store secret keys in an Azure Key Vault.
Select the authentication method you must consider to read secrets from Key Vault.
Explanation
Managed identities for Azure resources: When you deploy an app on a virtual machine in Azure, you can assign an identity to your virtual machine that has access to Key Vault. You can also assign identities to other Azure resources. The benefit of this approach is that the app or service isn't managing the rotation of the first secret. Azure automatically rotates the identity. We recommend this approach as a best practice.
https://docs.microsoft.com/en-us/azure/key-vault/general/basic-concepts#authentication
Question 28: Correct
You are developing a web application that will be accessible using application1.azurewebsites.net. The traffic to the web application must be secured with SSL and routed through an Azure Application Gateway.
The Azure application gateway instance is used by multiple applications.
Select the two actions should you perform to configure Azure Application Gateway.
Explanation
In multi-tenant architectural designs in web servers, multiple websites are running on the same web server instance. Hostnames are used to differentiate between the different applications which are hosted. Application gateway provides a capability which allows users to override the HTTP host header in the request based on the host name of the back-end. This capability enables support for multi-tenant back ends such as Azure App service web apps and API management.
The ability to specify a host override is defined in the HTTP settings and can be applied to any back-end pool during rule creation. The following two ways of overriding host header and SNI extension for multi-tenant back ends is supported:
The ability to set the host name to a fixed value explicitly entered in the HTTP settings. This capability ensures that the host header is overridden to this value for all traffic to the back-end pool where the particular HTTP settings are applied. When using end to end TLS, this overridden host name is used in the SNI extension. This capability enables scenarios where a back-end pool farm expects a host header that is different from the incoming customer host header.
The ability to derive the host name from the IP or FQDN of the back-end pool members. HTTP settings also provide an option to dynamically pick the host name from a back-end pool member's FQDN if configured with the option to derive host name from an individual back-end pool member. When using end to end TLS, this host name is derived from the FQDN and is used in the SNI extension. This capability enables scenarios where a back-end pool can have two or more multi-tenant PaaS services like Azure web apps and the request's host header to each member contains the host name derived from its FQDN. For implementing this scenario, we use a switch in the HTTP Settings called Pick hostname from backend address which will dynamically override the host header in the original request to the one mentioned in the backend pool
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-web-app-overview#tls-termination-and-end-to-end-tls-with-multi-tenant-services
Question 29: Correct
You plan to publish an API for your customers by using Azure API Management. The API uses JWT token for user authorization.
You need to implement response caching for the APIM gateway. The caching mechanism must detect the user ID of the client that accesses data for a given location and cache the response for that user ID.
You need to add a set-variable policy to store the detected user identity to the policies file.
To which section of the policy should you add?
Explanation
Set-variable is part of Inbound section.
https://docs.microsoft.com/en-us/azure/api-management/api-management-sample-cache-by-key#fragment-caching
Question 30: Correct
You plan to publish an API for your customers by using Azure API Management. The API uses JWT token for user authorization.
You need to implement response caching for the APIM gateway. The caching mechanism must detect the user ID of the client that accesses data for a given location and cache the response for that user ID.
You need to add a cache-lookup-value policy to the policies file.
To which section of the policy should you add?
Explanation
Cache-lookup-value is part of Inbound section.
https://docs.microsoft.com/en-us/azure/api-management/api-management-sample-cache-by-key#fragment-caching
Question 31: Correct
You plan to publish an API for your customers by using Azure API Management. The API uses JWT token for user authorization.
You need to implement response caching for the APIM gateway. The caching mechanism must detect the user ID of the client that accesses data for a given location and cache the response for that user ID.
You need to add a cache-store-value policy to the policies file.
To which section of the policy should you add?
Explanation
We need to cache the response. So, Cache-store-value should be part of outbound section.
https://docs.microsoft.com/en-us/azure/api-management/api-management-sample-cache-by-key#fragment-caching
https://docs.microsoft.com/en-us/azure/api-management/api-management-caching-policies#StoreToCacheByKey
Question 32: Correct
You plan to publish an API for your customers by using Azure API Management. The API uses JWT token for user authorization.
You need to implement response caching for the APIM gateway. The caching mechanism must detect the user ID of the client that accesses data for a given location and cache the response for that user ID.
You need to add a find-and-replace policy to the policies file to update the response body with the user profile information.
To which section of the policy should you add?
Explanation
Find-and-replace is part of outbound section.
https://docs.microsoft.com/en-us/azure/api-management/api-management-sample-cache-by-key#fragment-caching
Question 33: Correct
You have developed several web APIs. The web APIs are published by using Azure API Management.
You are developing several web apps that will use the Web APIs.
Both web apps and web APIs are registered with your Azure Active Directory (Azure AD) tenant.
You need to implement a solution to block unauthorized requests originating from the web apps from reaching the web APIs.
The solution must use Azure AD generated claims and minimize the configuration effort.
What should you implement?
Explanation
Validate JWT - Enforces existence and validity of a JWT extracted from either a specified HTTP Header or a specified query parameter.
https://docs.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies#ValidateJWT
Question 34: Correct
You plan to create a virtual machine in your Azure subscription using PowerShell.
Which two parameters should you add to complete below command?
New-AzVm -Name "myVM" -Location "East US" -SubnetName "mySubnet" -SecurityGroupName "myNetworkSecurityGroup" -PublicIpAddressName "myPublicIpAddress" -OpenPorts 80,3389
Explanation
Below is the sample complete command.
New-AzVm `
-ResourceGroupName "myResourceGroup" `
-Name "myVM" `
-Location "East US" `
-VirtualNetworkName "myVnet" `
-SubnetName "mySubnet" `
-SecurityGroupName "myNetworkSecurityGroup" `
-PublicIpAddressName "myPublicIpAddress" `
-OpenPorts 80,3389
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/quick-create-powershell
Question 35: Correct
You have a Resource Group named RG1 in an Azure subscription named Subscription1.
You have created an Azure virtual machine in RG1 using Azure Portal.
You need to download the Azure Resource Manager (ARM) template of the newly created VM to re-use in your next deployments.
Select the steps should you follow in sequence.
Explanation
When you create a VM in Azure using the portal or PowerShell, a Resource Manager template is automatically created for you. You can use this template to quickly duplicate a deployment. The template contains information about all of the resources in a resource group. For a virtual machine, this means the template contains everything that is created in support of the VM in that resource group, including the networking resources.
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/download-template
Question 36: Correct
You plan to develop an application using Azure App Service and Azure Cosmos DB.
You need to collect detailed resource logs for monitoring health and availability of Azure resources.
Which of the following actions you should perform to send logs to Log Analytics workspace?
Explanation
Resource logs provide insight into the detailed operation of an Azure resource and are useful for monitoring their health and availability. Azure resources generate resource logs automatically, but you must configure where they should be collected.
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/tutorial-resource-logs
Question 37: Correct
You plan to develop an application using Azure Functions.
You need to use the Azure Function triggers that have built-in retry support.
Which triggers should you use?
Explanation
The following triggers have built-in retry support:
Azure Blob storage
Azure Queue storage
Azure Service Bus (queue/topic)
By default, these triggers retry requests up to five times. After the fifth retry, both the Azure Queue storage and Azure Service Bus triggers write a message to a poison queue.
https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-errors
Question 38: Correct
You are developing an application that must execute a sequence of activities in a specific order.
You plan to deploy the application in a server less compute environment.
Which of the below service should you create to deploy the application?
Explanation
Durable Functions is an extension of Azure Functions that lets you write stateful functions in a serverless compute environment. The primary use case for Durable Functions is simplifying complex, stateful coordination requirements in serverless applications. In the function chaining pattern, a sequence of functions executes in a specific order. In this pattern, the output of one function is applied to the input of another function. You can use Durable Functions to implement the function chaining pattern.
https://docs.microsoft.com/en-us/azure/azure-functions/durable/durable-functions-overview?tabs=csharp
Question 39: Correct
You have an Azure Cosmos DB. You need to configure consistency level that consumes the least amount of request units per operation.
Which consistency level should you configure?
Explanation
The cost of a read operation (in terms of RUs consumed) with the eventual consistency level is the lowest of all the Azure Cosmos DB consistency levels.
https://docs.microsoft.com/en-us/learn/modules/distribute-data-globally-with-cosmos-db/5-data-consistency-levels
Question 40: Correct
You are developing an application that uses Azure Cosmos DB for a hospital.
You have configured the default consistency level for the database to Strong and Indexing mode to Consistent.
If multiple users in different locations have updated a patient record, the application must return latest patient status details.
You need to override the default consistency level at the query level.
Which consistency level should you implement to return patient status?
Explanation
Strong consistency offers a linearizability guarantee. The reads are guaranteed to return the most recent committed version of an item. A client never sees an uncommitted or partial write. Users are always guaranteed to read the latest committed write.
Question 41: Correct
You are developing an application that uses Azure Cosmos DB for a hospital.
You have configured the default consistency level for the database to Strong and Indexing mode to Consistent.
The application must return the health monitoring data of a patent in the current version or the prior version.
You need to override the default consistency level at the query level.
Which consistency level should you implement to return health monitoring data?
Explanation
Bounded staleness: The reads are guaranteed to honor the consistent-prefix guarantee. The reads might lag behind writes by at most "K" versions (that is, "updates") of an item or by "T" time interval, whichever is reached first. In other words, when you choose bounded staleness, the "staleness" can be configured in two ways:
The number of versions (K) of the item
The time interval (T) reads might lag behind the writes
https://docs.microsoft.com/en-us/azure/cosmos-db/consistency-levels
No comments:
Post a Comment