DRAG DROP

You plan to create a Docker image that runs as ASP.NET Core application named ContosoApp. You have a setup script named setupScript.ps1 and a series of application files including ContosoApp.dll.

You need to create a Dockerfile document that meets the following requirements:

• Call setupScript.ps1 when the container is built.

• Run ContosoApp.dll when the container starts.

The Docker document must be created in the same folder where ContosoApp.dll and setupScript.ps1 are stored.

Which four commands should you use to develop the solution? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

Step 1: WORKDIR /apps/ContosoApp

Step 2: COPY ./-

The Docker document must be created in the same folder where ContosoApp.dll and setupScript.ps1 are stored.

Step 3: EXPOSE ./ContosApp/ /app/ContosoApp

Step 4: CMD powershell ./setupScript.ps1

ENTRYPOINT ["dotnet", "ContosoApp.dll"]

You need to create a Dockerfile document that meets the following requirements:

Call setupScript.ps1 when the container is built.

Run ContosoApp.dll when the container starts.

Reference: https://docs.microsoft.com/en-us/azure/app-service/containers/tutorial-custom-docker-image

HOTSPOT

You need to configure API Management for authentication.

Which policy values should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

Box 1: Validate JWT

The validate-jwt policy enforces existence and validity of a JWT extracted from either a specified HTTP Header or a specified query parameter.

Scenario: User authentication (see step 5 below)

The following steps detail the user authentication process:

✑ The user selects Sign in in the website.

✑ The browser redirects the user to the Azure Active Directory (Azure AD) sign in page.

✑ The user signs in.

✑ Azure AD redirects the user’s session back to the web application. The URL includes an access token.

✑ The web application calls an API and includes the access token in the authentication header. The application ID is sent as the audience (‘aud’) claim in the access token.

✑ The back-end API validates the access token.

Box 2: Outbound

Reference: https://docs.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies

HOTSPOT

You are developing an app that manages users for a video game. You plan to store the region, email address, and phone number for the player. Some players may not have a phone number. The player’s region will be used to load-balance data.

Data for the app must be stored in Azure Table Storage.

You need to develop code to retrieve data for an individual player.

How should you complete the code? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

Box 1: region

The player’s region will be used to load-balance data.

Choosing the PartitionKey.

The core of any table’s design is based on its scalability, the queries used to access it, and storage operation requirements. The PartitionKey values you choose will dictate how a table will be partitioned and the type of queries that can be used. Storage operations, in particular inserts, can also affect your choice of PartitionKey values.

Box 2: email

Not phone number some players may not have a phone number.

Box 3: CloudTable

Box 4 : TableOperation query =..

Box 5: TableResult

Reference: https://docs.microsoft.com/en-us/rest/api/storageservices/designing-a-scalable-partitioning-strategy-for-azure-table-storage

You are developing applications for a company. You plan to host the applications on Azure App Services.

The company has the following requirements:

✑ Every five minutes verify that the websites are responsive.

✑ Verify that the websites respond within a specified time threshold.

Dependent requests such as images and JavaScript files must load properly.

✑ Generate alerts if a website is experiencing issues.

✑ If a website fails to load, the system must attempt to reload the site three more times.

You need to implement this process with the least amount of effort.

What should you do?

Reveal Solution Hide Solution

Topic 8, Munson’s Pickles and Preserves Farm

Overview

Munson’s Pickles and Preserves Farm is an agricultural cooperative corporation based in Washington, US, with farms located across the United States. The company supports agricultural production resources by distributing seeds, fertilizers, chemicals, fuel, and farm machinery to the farms.

The company is migrating all applications from an on-premises datacenter to Microsoft Azure.

Applications support distributors, farmers, and internal company staff.

Corporate website

• The company hosts a public website located at http://www.munsonspicklesandpreservesfarm.com. The site supports farmers and distributors who request agricultural production resources.

Farms

• The company created a new customer tenant in the Microsoft Entra admin center to support authentication and authorization for applications.

Distributors

• Distributors integrate their applications with data that is accessible by using APIs hosted at http://www.munsonspicklesandpreservesfarm com/api to receive and update resource data.

The application components must meet the following requirements:

Corporate website

• The site must be migrated to Azure App Service.

• Costs must be minimized when hosting in Azure.

• Applications must automatically scale independent of the compute resources.

• All code changes must be validated by internal staff before release to production.

• File transfer speeds must improve, and webpage-load performance must increase.

• All site settings must be centrally stored, secured without using secrets, and encrypted at rest and in transit.

• A queue-based load leveling pattern must be implemented by using Azure Service Bus queues to support high volumes of website agricultural production resource requests.

Farms

• Farmers must authenticate to applications by using Microsoft Entra ID.

Distributors

• The company must track a custom telemetry value with each API call and monitor performance of all APIs.

• API telemetry values must be charted to evaluate variations and trends for resource data.

Internal staff

• App and API updates must be validated before release to production.

• Staff must be able to select a link to direct them back to the production app when validating an app or API update.

• Staff profile photos and email must be displayed on the website once they authenticate to applications by using their Microsoft Entra ID.

Security

• All web communications must be secured by using TLS/HTTPS.

• Web content must be restricted by country/region to support corporate compliance standards

• The principle of least privilege must be applied when providing any user rights or process access rights

• Managed identities for Azure resources must be used to authenticate services that support Microsoft Entra ID authentication.

Corporate website

• Farmers report HTTP 503 errors at the same time as internal staff report that CPU and memory usage are high.

• Distributors report HTTP 502 errors at the same time as internal staff report that average response times and networking traffic are high.

• Internal staff report webpage load sizes are large and take a long time to load.

• Developers receive authentication errors to Service Bus when they debug locally.

Distributors

• Many API telemetry values are sent in a short period of time. Telemetry traffic, data costs, and storage costs must be reduced while preserving a statistically correct analysis of the data points sent by the APIs.

HOTSPOT

You need to resolve the authentication errors for developers.

Which Service Bus security configuration should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

Topic 3, City Power & Light

Case study

Overview

This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study

To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

Background

City Power & Light company provides electrical infrastructure monitoring solutions for homes and businesses. The company is migrating solutions to Azure.

Current environment

Architecture overview

The company has a public website located at http://www.cpandl.com/. The site is a single-page web application that runs in Azure App Service on Linux. The website uses files stored in Azure Storage and cached in Azure Content Delivery Network (CDN) to serve static content.

API Management and Azure Function App functions are used to process and store data in Azure Database for PostgreSQL. API Management is used to broker communications to the Azure Function app functions for Logic app integration. Logic apps are used to orchestrate the data processing while Service Bus and Event Grid handle messaging and events.

The solution uses Application Insights, Azure Monitor, and Azure Key Vault.

Architecture diagram

The company has several applications and services that support their business. The company plans to implement serverless computing where possible.

The overall architecture is shown below.

User authentication

The following steps detail the user authentication process:

✑ The user selects Sign in in the website.

✑ The browser redirects the user to the Azure Active Directory (Azure AD) sign in page.

✑ The user signs in.

✑ Azure AD redirects the user’s session back to the web application. The URL includes an access token.

✑ The web application calls an API and includes the access token in the authentication header. The application ID is sent as the audience (‘aud’) claim in the access token.

✑ The back-end API validates the access token.

Requirements

Corporate website

✑ Communications and content must be secured by using SSL.

✑ Communications must use HTTPS.

✑ Data must be replicated to a secondary region and three availability zones.

✑ Data storage costs must be minimized.

Azure Database for PostgreSQL

The database connection string is stored in Azure Key Vault with the following attributes:

✑ Azure Key Vault name: cpandlkeyvault

✑ Secret name: PostgreSQLConn

✑ Id: 80df3e46ffcd4f1cb187f79905e9a1e8

The connection information is updated frequently. The application must always use the latest information to connect to the database.

Azure Service Bus and Azure Event Grid

✑ Azure Event Grid must use Azure Service Bus for queue-based load leveling.

✑ Events in Azure Event Grid must be routed directly to Service Bus queues for use in buffering.

✑ Events from Azure Service Bus and other Azure services must continue to be routed to Azure Event Grid for processing.

Security

✑ All SSL certificates and credentials must be stored in Azure Key Vault.

✑ File access must restrict access by IP, protocol, and Azure AD rights.

✑ All user accounts and processes must receive only those privileges which are essential to perform their intended function.

Compliance

Auditing of the file updates and transfers must be enabled to comply with General Data Protection Regulation (GDPR). The file updates must be read-only, stored in the order in which they occurred, include only create, update, delete, and copy operations, and be retained for compliance reasons.

Issues

Corporate website

While testing the site, the following error message displays:

CryptographicException: The system cannot find the file specified.

Function app

You perform local testing for the RequestUserApproval function. The following error

message displays:

‘Timeout value of 00:10:00 exceeded by function: RequestUserApproval’

The same error message displays when you test the function in an Azure development environment when you run the following Kusto query: FunctionAppLogs

| where FunctionName = = "RequestUserApproval"

Logic app

You test the Logic app in a development environment. The following error message displays:

‘400 Bad Request’

Troubleshooting of the error shows an HttpTrigger action to call the RequestUserApproval function.

Code

Corporate website

Security.cs:

Function app

RequestUserApproval.cs:

You need to correct the RequestUserApproval Function app error.

What should you do?

Reveal Solution Hide Solution

HOTSPOT

You need to configure security and compliance for the corporate website files.

Which Azure Blob storage settings should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

Box 1: role-based access control (RBAC)

Azure Storage supports authentication and authorization with Azure AD for the Blob and Queue services via Azure role-based access control (Azure RBAC).

Scenario: File access must restrict access by IP, protocol, and Azure AD rights.

Box 2: change feed

The purpose of the change feed is to provide transaction logs of all the changes that occur to the blobs and the blob metadata in your storage account.

The file updates must be read-only, stored in the order in which they occurred, include only create, update, delete, and copy operations, and be retained for compliance reasons.

Reference: https://docs.microsoft.com/en-us/azure/cdn/cdn-sas-storage-support

https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-change-feed?tabs=azure-portal

HOTSPOT

You need to implement the delivery service telemetry data

How should you configure the solution? NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

DRAG DROP

An organization plans to deploy Azure storage services.

You need to configure shared access signature (SAS) for granting access to Azure Storage.

Which SAS types should you use? To answer, drag the appropriate SAS types to the correct requirements. Each SAS type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview

HOTSPOT

You are developing an Azure Function App. You develop code by using a language that is not supported by the Azure Function App host. The code language supports HTTP primitives.

You must deploy the code to a production Azure Function App environment.

You need to configure the app for deployment.

Which configuration values should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

Box 1: Docker container

A custom handler can be deployed to every Azure Functions hosting option. If your handler requires operating system or platform dependencies (such as a language runtime), you may need to use a custom container. You can create and deploy your code to Azure Functions as a custom Docker container.

Box 2: PowerShell core

When creating a function app in Azure for custom handlers, we recommend you select .NET Core as the stack. A "Custom" stack for custom handlers will be added in the future.

PowerShell Core (PSC) is based on the new .NET Core runtime.

Box 3: 7.0

On Windows: The Azure Az PowerShell module is also supported for use with PowerShell 5.1 on Windows.

On Linux: PowerShell 7.0.6 LTS, PowerShell 7.1.3, or higher is the recommended version of PowerShell for use with the Azure Az PowerShell module on all platforms.

Reference:

https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-function-linux-custom-image

https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-7.1.0