aiotestking uk

70-534 Exam Questions - Online Test


70-534 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. DRAG DROP - (Topic 6)

Contoso, Ltd., uses Azure websites for their company portal sites.

Admin users need enough access to effectively perform site monitoring or management tasks.

You need to grant admin access to a group of 10 users.

How should you configure the connection? To answer, drag the role or object to the correct connection setting. Each item may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer:

Q2. ic 1, VanArsdel, Ltd

Overview

VanArsdel, Ltd. builds skyscrapers, subways, and bridges. VanArsdel is a leader in using technology to do construction better.

Overview

VanArsdel employees are able to use their own mobile devices for work activities because the company recognizes that this usage enables employee productivity. Employees also access Software as a Service (SaaS) applications, including DocuSign, Dropbox, and Citrix. The company continues to evaluate and adopt more SaaS applications for its business. VanArsdel uses Azure Active Directory (AD) to authenticate its employees, as well as Multi-Factor Authentication (MFA). Management enjoys the ease with which MFA can be enabled and disabled for employees who use cloud-based services. VanArsdel's on-premises directory contains a single forest.

Helpdesk:

VanArsdel creates a helpdesk group to assist its employees. The company sends email messages to all its employees about the helpdesk group and how to contact it. Configuring employee access for SaaS applications is often a time-consuming task. It is not always obvious to the helpdesk group which users should be given access to which SaaS applications. The helpdesk group must respond to many phone calls and email messages to solve this problem, which takes up valuable time. The helpdesk group is unable to meet the needs of VanArsdel's employees.

However, many employees do not work with the helpdesk group to solve their access problems. Instead, these employees contact their co-workers or managers to find someone who can help them. Also, new employees are not always told to contact the helpdesk group for access problems. Some employees report that they cannot see all the applications in the Access Panel that they have access to. Some employees report that they must re-enter their passwords when they access cloud applications, even though they have already authenticated.

Bring your own device (BYOD):

VanArsdel wants to continue to support users and their mobile and personal devices, but the company is concerned about how to protect corporate assets that are stored on these devices. The company does not have a strategy to ensure that its data is removed from the devices when employees leave the company.

Customer Support

VanArsdel wants a mobile app for customer profile registration and feedback. The company would like to keep track of all its previous, current, and future customers worldwide. A profile system using third-party authentication is required as well as feedback and support sections for the mobile app.

Migration:

VanArsdel plans to migrate several virtual machine (VM) workloads into Azure. They also plan to extend their on-premises Active Directory into Azure for mobile app authentication.

Business Requirements Hybrid Solution:

✑ A single account and credentials for both on-premises and cloud applications

✑ Certain applications that are hosted both in Azure and on-site must be accessible to both VanArsdel employees and partners

✑ The service level agreement (SLA) for the solution requires an uptime of 99.9%

✑ The partners all use Hotmail.com email addresses

Mobile App:

VanArsdel requires a mobile app for project managers on construction job sites. The mobile app has the following requirements:

✑ The app must display partner information.

✑ The app must alert project managers when changes to the partner information occur.

✑ The app must display project information including an image gallery to view pictures of construction projects.

✑ Project managers must be able to access the information remotely and securely.

Security:

✑ VanArsdel must control access to its resources to ensure sensitive services and information are accessible only by authorized users and/or managed devices.

✑ Employees must be able to securely share data, based on corporate policies, with other VanArsdel employees and with partners who are located on construction job sites.

✑ VanArsdel management does NOT want to create and manage user accounts for partners.

Technical Requirements Architecture:

✑ VanArsdel requires a non-centralized stateless architecture fonts data and services where application, data, and computing power are at the logical extremes of the network.

✑ VanArsdel requires separation of CPU storage and SQL services

Data Storage:

VanArsdel needs a solution to reduce the number of operations on the contractor information table. Currently, data transfer rates are excessive, and queue length for read/write operations affects performance.

✑ A mobile service that is used to access contractor information must have automatically scalable, structured storage

✑ Images must be stored in an automatically scalable, unstructured form.

Mobile Apps:

✑ VanArsdel mobile app must authenticate employees to the company's Active Directory.

✑ Event-triggered alerts must be pushed to mobile apps by using a custom Node.js script.

✑ The customer support app should use an identity provider that is configured by using the Access Control Service for current profile registration and authentication.

✑ The customer support team will adopt future identity providers that are configured through Access Control Service.

Security:

✑ Active Directory Federated Server (AD FS) will be used to extend AD into Azure.

✑ Helpdesk administrators must have access to only the groups of Azure resources they are responsible for. Azure administration will be performed by a separate group.

✑ IT administrative overhead must be minimized.

✑ Permissions must be assigned by using Role Based Access Control (RBAC).

✑ Line of business applications must be accessed securely.

Answer:

Q3.  - (Topic 6)

You are evaluating an Azure application. The application includes the following elements:

✑ A web role that provides the ASP.NET user interface and business logic

✑ A single SQL database that contains all application data

Each webpage must receive data from the business logic layer before returning results to the client. Traffic has increased significantly. The business logic is causing high CPU usage.

You need to recommend an approach for scaling the application. What should you recommend?

A. Store the business logic results in Azure Table storage.

B. Vertically partition the SQL database.

C. Move the business logic to a worker role.

D. Store the business logic results in Azure local storage.

Answer: C

Explanation: For Cloud Services in Azure applications need both web and worker roles to

scale well.

Reference: Application Patterns and Development Strategies for SQL Server in Azure Virtual Machines

https://msdn.microsoft.com/en-us/library/azure/dn574746.aspx

Topic 7, Woodgrove Bank

Overview

Woodgrove Bank has 20 regional offices and operates 1,500 branch office locations. Each regional office hosts the servers, infrastructure, and applications that support that region. Woodgrove Bank plans to move all of Their on-premises resources to Azure, including virtual machine (VM)-based, line-of-business workloads, and SQL databases. You are the owner of the Azure subscription that Woodgrove Bank is using. Your team is using Git repositories hosted on GitHub for source control.

Security

Currently, Woodgrove Bank's Computer Security Incident Response Team (CSIRT) has a problem investigating security issues due to the lack of security intelligence integrated with their current incident response tools. This lack of integration introduces a problem during the detection (too many false positives), assessment, and diagnose stages. You decide to use Azure Security Center to help address this problem.

Woodgrove Bank has several apps with regulated data such as Personally Identifiable Information (PU) that require a higher level of security. All apps are currently secured by using an on-premises Active Directory Domain Services (AD DS). The company depends on following mission-critical apps: WGBLoanMaster, WGBLeaseLeader, and WGBCreditCruncher apps. You plan to move each of these apps to Azure as part of an app migration project.

Apps

The WGBLoanMaster app has been audited for transaction loss. Many transactions have been lost in processing and monetary write-offs have cost the bank. The app runs on two VMs that include several public end points.

The WGBteaseLeader app has been audited for several data breaches. The app includes a SQL Server database and a web-based portal. The portal uses an ASP.NET Web API function to generate a monthly aggregate report from the database.

The WGBCreditCruncher app runs on a VM and is load balanced at the network level. The app includes several stateless components and must accommodate scaling of increased credit processing. The app runs on a nightly basis to process credit transactions that are batched during the day. The app includes a web-based portal where customers can check their credit information. A mobile version of the app allows users to upload check images.

Business Requirements: WGBLoanMasterApp

The app audit revealed a need for zero transaction loss. The business is losing money due to the app losing and not processing loan information. In addition, transactions fail to process after running for a long time. The business has requested the aggregation processing to be scheduled for 01:00 to prevent system slowdown.

WGBLeaseLeader App

The app should be secured to stop data breaches. It the data is breached, it must not be readable. The app is continuing to see increased volume and the business does not want the issues presented in the WGBLoanMaster app. Transaction loss is unacceptable, and although the lease monetary amounts are smaller than loans, they are still an important profit center for Woodgrove Bank. The business would also like the monthly report to be automatically generated on the first of the month. Currently, a user must log in to the portal and click a button to generate the report.

WGBCreditCruncher app

The web-based portal area of the app must allow users to sign in with their Facebook credentials. The bank would like to allow this feature to enable more users to check their credit within the app.

Woodgrove Bank needs to develop a new financial risk modeling feature that they can include in the WGBCreditCruncher app. The financial risk modeling feature has not been developed due to costs associated with processing, transforming, and analyzing the large volumes of data that are collected. You need to find a way to implement parallel processing to ensure that the features runs efficiently, reliably, and quickly. The feature must scale based on computing demand to process the large volumes of data and output several financial risk models.

Technical Requirements: WGBLoanMaster App

The app uses several compute-intensive tasks that create long-running requests to the system. The app is critical to the business and must be scalable to increased loan processing demands. The VMs that run the app include a Windows Task Scheduler task that aggregates loan information from the app to send to a third party. This task runs a console app on the VM.

The app requires a messaging system to handle transaction processing. The messaging system must meet the following requirements:

*Allow messages to reside in the queue for up to a month

*Be able to publish and consume batches of messages

*Allow full integration with the Windows Communication Foundation (WCF) communication stack

*Provide a role-based access model to the queues, including different permissions for senders and receivers

You develop an Azure Resource Manager (ARM) template to deploy the VMs used to support the app. The template must be deployed to a new resource group and you must validate your deployment settings before creating actual resources.

WGBLeaseLeader App

The app must use Azure SQL Databases as a replacement to the current Microsoft SQL Server environment. The monthly report must be automatically generated.

The app requires a messaging system to handle transaction processing. The messaging system must meet the following requirements:

*Require server-side logs of all of the transactions run against your queues

*Track progress of a message within the queue

*Process the messages within 7 days

*Provide a differing timeout value per message

WGBCreditCruncher app

The app must

*Secure inbound and outbound traffic

*Analyze inbound network traffic for vulnerabilities.

*Use an instance-level public IP and allow web traffic on port 443 only.

*Upgrade the portal to a Single Page Application (SPA) that uses JavaScript Azure Active Directory (Azure AD), and the OAuth 2.0 implicit authorization grant to secure the Web API back end.

*Cache authentication and host the Web API back end using the Open Web Interface for

.NET (OWIN) middleware.

*Immediately compress check images received from the mobile web app.

*Schedule processing of the batched credit transactions on a nightly basis.

*Provide parallel processing and scalable computing resources to output financial risk models.

*Use simultaneous compute nodes to enable high performance computing and updating of the financial risk models.

Key Security Areas

Q4. HOTSPOT - (Topic 6)

Your company plans to migrate its on-premises Microsoft SQL Server databases to Azure.

You are considering using SQL Server 2014 on Azure virtual machines and Azure SQL Database. The planned migration must support the following data security features:

*Database-level firewall rules

*Dynamic Data Masking

*Transparent data encryption (TDE)

You need to identify the data security features supported by each product.

Which features should you identify? To answer, select the appropriate options in the answer area.

Answer:

Q5. DRAG DROP - (Topic 2)

You need to ensure that customer data is secured both in transit and at rest.

Which technologies should you recommend? To answer, drag the appropriate technology to the correct security requirement. Each technology may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer:

Explanation:

* Azure Rights Management service

Azure Rights Management service uses encryption, identity, and authorization policies to help secure your files and email, and it works across multiple devices—phones, tablets, and PCs. Information can be protected both within your organization and outside your organization because that protection remains with the data, even when it leaves your organization’s boundaries.

* Transparent Data Encryption

Transparent Data Encryption (often abbreviated to TDE) is a technology employed by both Microsoft and Oracle to encrypt database files. TDE offers encryption at file level. TDE solves the problem of protecting data at rest, encrypting databases both on the hard drive and consequently on backup media.

* TLS/SSL

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating, and to negotiate a symmetric key.

Q6.  - (Topic 5)

You need to recommend a technology for processing customer pickup requests. Which technology should you recommend?

A. Notification hub

B. Queue messaging

C. Mobile Service with push notifications

D. Service Bus messaging

Answer: D

Explanation: Service Bus queues are part of a broader Azure messaging infrastructure that supports queuing as well as publish/subscribe, Web service remoting, and integration patterns.

Service Bus Queue support Push-style API (while Azure Queue messaging does not).

Incorrect:

Not A: Notification Hub is only used to push notification, not for processing requests. Not B As a solution architect/developer, you should consider using Azure Queues when:

* Your application must store over 80 GB of messages in a queue, where the messages have a lifetime shorter than 7 days.

* Your application wants to track progress for processing a message inside of the queue. This is useful if the worker processing a message crashes. A subsequent worker can then use that information to continue from where the prior worker left off.

You require server side logs of all of the transactions executed against your queues. Not C: To process the messages we do not need push notification.

Reference: Azure Queues and Service Bus Queues - Compared and Contrasted

https://msdn.microsoft.com/en-us/library/azure/hh767287.aspx

Q7. HOTSPOT - (Topic 6)

A company uses Azure for several virtual machine (VM) and website workloads. The company plans to assign administrative roles to a specific group of users. You have a resource group named GROUP1 and a virtual machine named VM2.

The users have the following responsibilities:

You need to assign the appropriate level of privileges to each of the administrators by using the principle of least privilege.

What should you do? To answer, select the appropriate target objects and permission levels in the answer area.

Answer:

Explanation:

* Owner can manage everything, including access.

* Contributors can manage everything except access.

Note: Azure role-based access control allows you to grant appropriate access to Azure AD users, groups, and services, by assigning roles to them on a subscription or resource group or individual resource level.

Q8. - (Topic 1)

You are designing a plan to deploy a new application to Azure. The solution must provide a single sign-on experience for users.

You need to recommend an authentication type. Which authentication type should you recommend?

A. SAML credential tokens

B. Azure managed access keys

C. Windows Authentication

D. MS-CHAP

Answer: A

Explanation: A Microsoft cloud service administrator who wants to provide their Azure Active Directory (AD) users with sign-on validation can use a SAML 2.0 compliant SP-Lite profile based Identity Provider as their preferred Security Token Service (STS) / identity provider. This is useful where the solution implementer already has a user directory and password store on-premises that can be accessed using SAML 2.0. This existing user directory can be used for sign-on to Office 365 and other Azure AD-secured resources.

Reference: Use a SAML 2.0 identity provider to implement single sign-on https://msdn.microsoft.com/en-us/library/azure/dn641269.aspx?f=255&MSPPError=-2147217396

Topic 2, Trey Research

Background Overview

Trey Research conducts agricultural research and sells the results to the agriculture and food industries. The company uses a combination of on-premises and third-party server clusters to meet its storage needs. Trey Research has seasonal demands on its services, with up to 50 percent drops in data capacity and bandwidth demand during low-demand periods. They plan to host their websites in an agile, cloud environment where the company can deploy and remove its websites based on its business requirements rather than the requirements of the hosting company.

A recent fire near the datacenter that Trey Research uses raises the management team's awareness of the vulnerability of hosting all of the company's websites and data at any single location. The management team is concerned about protecting its data from loss as a result of a disaster.

Websites

Trey Research has a portfolio of 300 websites and associated background processes that are currently hosted in a third-party datacenter. All of the websites are written in ASP.NET, and the background processes use Windows Services. The hosting environment costs Trey Research approximately S25 million in hosting and maintenance fees.

Infrastructure

Trey Research also has on-premises servers that run VMs to support line-of-business applications. The company wants to migrate the line-of-business applications to the cloud, one application at a time. The company is migrating most of its production VMs from an aging VMWare ESXi farm to a Hyper-V cluster that runs on Windows Server 2012.

Applications DistributionTracking

Trey Research has a web application named Distributiontracking. This application

constantly collects realtime data that tracks worldwide distribution points to customer retail sites. This data is available to customers at all times.

The company wants to ensure that the distribution tracking data is stored at a location that is geographically close to the customers who will be using the information. The system must continue running in the event of VM failures without corrupting data. The system is processor intensive and should be run in a multithreading environment.

HRApp

The company has a human resources (HR) application named HRApp that stores data in an on-premises SQL Server database. The database must have at least two copies, but data to support backups and business continuity must stay in Trey Research locations only. The data must remain on-premises and cannot be stored in the cloud.

HRApp was written by a third party, and the code cannot be modified. The human resources data is used by all business offices, and each office requires access to the entire database. Users report that HRApp takes all night to generate the required payroll reports, and they would like to reduce this time.

MetricsTracking

Trey Research has an application named MetricsTracking that is used to track analytics for the DistributionTracking web application. The data MetricsTracking collects is not customer-facing. Data is stored on an on-premises SQL Server database, but this data should be moved to the cloud. Employees at other locations access this data by using a remote desktop connection to connect to the application, but latency issues degrade the functionality.

Trey Research wants a solution that allows remote employees to access metrics data without using a remote desktop connection. MetricsTracking was written in-house, and the development team is available to make modifications to the application if necessary. However, the company wants to continue to use SQL Server for MetricsTracking.

Business Requirements

Business Continuity

You have the following requirements:

✑ Move all customer-facing data to the cloud.

✑ Web servers should be backed up to geographically separate locations,

✑ If one website becomes unavailable, customers should automatically be routed to websites that are still operational.

✑ Data must be available regardless of the operational status of any particular website.

✑ The HRApp system must remain on-premises and must be backed up.

✑ The MetricsTracking data must be replicated so that it is locally available to all Trey Research offices.

Auditing and Security

You have the following requirements:

✑ Both internal and external consumers should be able to access research results.

✑ Internal users should be able to access data by using their existing company credentials without requiring multiple logins.

✑ Consumers should be able to access the service by using their Microsoft credentials.

✑ Applications written to access the data must be authenticated.

✑ Access and activity must be monitored and audited.

✑ Ensure the security and integrity of the data collected from the worldwide distribution points for the distribution tracking application.

Storage and Processing

You have the following requirements:

✑ Provide real-time analysis of distribution tracking data by geographic location.

✑ Collect and store large datasets in real-time data for customer use.

✑ Locate the distribution tracking data as close to the central office as possible to improve bandwidth.

✑ Co-locate the distribution tracking data as close to the customer as possible based on the customer's location.

✑ Distribution tracking data must be stored in the JSON format and indexed by metadata that is stored in a SQL Server database.

✑ Data in the cloud must be stored in geographically separate locations, but kept with the same political boundaries.

Technical Requirements Migration

You have the following requirements:

✑ Deploy all websites to Azure.

✑ Replace on-premises and third-party physical server clusters with cloud-based solutions.

✑ Optimize the speed for retrieving exiting JSON objects that contain the distribution

tracking data.

✑ Recommend strategies for partitioning data for load balancing.

Auditing and Security

You have the following requirements:

✑ Use Active Directory for internal and external authentication.

✑ Use OAuth for application authentication.

Business Continuity

You have the following requirements:

✑ Data must be backed up to separate geographic locations.

✑ Web servers must run concurrent versions of all websites in distinct geographic locations.

✑ Use Azure to back up the on-premises MetricsTracking data.

✑ Use Azure virtual machines as a recovery platform for MetricsTracking and HRApp.

✑ Ensure that there is at least one additional on-premises recovery environment for the HRApp.

Q9.  - (Topic 6)

Contoso, Ltd., uses Azure websites for public-facing customer websites. The company has a mobile app that requires customers sign in by using a Contoso customer account.

Customers must be able to sign on to the websites and mobile app by using a Microsoft, Facebook, or Google account. All transactions must be secured in-transit regardless of device.

You need to configure the websites and mobile app to work with external identity providers. Which three actions should you perform? Each correct answer presents part of the

solution.

A. Request a certificate from a domain registrar for the website URL, and enable TLS/SSL.

B. Configure IPsec for the websites and the mobile app.

C. Configure the KerberosTokenProfile 1.1 protocol.

D. Configure OAuth2 to connect to an external authentication provider.

E. Build an app by using MVC 5 that is hosted in Azure to provide a framework for the underlying authentication.

Answer: A,D,E

Explanation: DE: This tutorial shows you how to build an ASP.NET MVC 5 web application that enables users to log in using OAuth 2.0 with credentials from an external authentication provider, such as Facebook, Twitter, LinkedIn, Microsoft, or Google.

A:

* You will now be redirected back to the Register page of the MvcAuth application where you can register your Google account. You have the option of changing the local email registration name used for your Gmail account, but you generally want to keep the default email alias (that is, the one you used for authentication). Click Register.

* To connect to authentication providers like Google and Facebook, you will need to set up IIS-Express to use SSL.

Reference: Code! MVC 5 App with Facebook, Twitter, LinkedIn and Google OAuth2 Sign- on (C#)

http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and- google-oauth2-and-openid-sign-on

Q10.  - (Topic 6)

You are designing an Azure application that provides online backup storage for hundreds of media files. Each file is larger than 1GB.

The data storage solution has the following requirements:

✑ It must be capable of storing an average of 1TB of data for each user.

✑ It must support sharing of data between all Windows Azure instances.

✑ It must provide random read/write access.

You need to recommend a durable data storage solution. What should you recommend?

A. Azure Drive

B. Azure Page Blob service

C. Azure Block Blob service

D. Local storage on an Azure instance

Answer: B

Reference: Understanding Block Blobs and Page Blobs https://msdn.microsoft.com/en-us/library/azure/ee691964.aspx