Q1. DRAG DROP - (Topic 7)
You need to configure Azure Security Center to assist the CSIRT team.
Which services should you implement? To answer, drag the appropriate Azure Security Center services to the correct key security areas. Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q2. - (Topic 5)
You need to recommend a solution that meets the requirements for data storage for the NorthRide app.
What should you include in the recommendation?
A. Azure Remote App
B. Azure Service Bus
C. Azure Connect
D. Azure SQL Database
Answer: B
Explanation: Service Bus queues are part of a broader Azure messaging infrastructure that supports queuing as well as publish/subscribe, Web service remoting, and integration patterns.
Service Bus Queue support Push-style API (while Azure Queue messaging does not).
Reference: Azure Queues and Service Bus Queues - Compared and Contrasted https://msdn.microsoft.com/en-us/library/azure/hh767287.aspx
Q3. - (Topic 6)
You are designing an Azure web application.
All users must authenticate by using Active Directory Domain Services (AD DS) credentials.
You need to recommend an approach to enable single sign-on to the application for domain-authenticated users.
Which two actions should you recommend? Each correct answer presents part of the solution.
A. Use Forms authentication to generate claims.
B. Use the SQL membership provider in the web application.
C. Use Windows Identity Foundation in the web application.
D. Use Active Directory Federation Services (AD FS) to generate claims.
Answer: C,D
Explanation:
Reference: What is Windows Identity Foundation? https://msdn.microsoft.com/en-us/library/ee748475.aspx
Reference: DirSync with Single Sign-On https://msdn.microsoft.com/en-us/library/azure/dn441213.aspx
Q4. - (Topic 6)
Contoso, Ltd., uses Azure websites for public-facing customer websites. The company has a mobile app that requires customers sign in by using a Contoso customer account.
Customers must be able to sign on to the websites and mobile app by using a Microsoft, Facebook, or Google account. All transactions must be secured in-transit regardless of device.
You need to configure the websites and mobile app to work with external identity providers. Which three actions should you perform? Each correct answer presents part of the
solution.
A. Request a certificate from a domain registrar for the website URL, and enable TLS/SSL.
B. Configure IPsec for the websites and the mobile app.
C. Configure the KerberosTokenProfile 1.1 protocol.
D. Configure OAuth2 to connect to an external authentication provider.
E. Build an app by using MVC 5 that is hosted in Azure to provide a framework for the underlying authentication.
Answer: A,D,E
Explanation: DE: This tutorial shows you how to build an ASP.NET MVC 5 web application that enables users to log in using OAuth 2.0 with credentials from an external authentication provider, such as Facebook, Twitter, LinkedIn, Microsoft, or Google.
A:
* You will now be redirected back to the Register page of the MvcAuth application where you can register your Google account. You have the option of changing the local email registration name used for your Gmail account, but you generally want to keep the default email alias (that is, the one you used for authentication). Click Register.
* To connect to authentication providers like Google and Facebook, you will need to set up IIS-Express to use SSL.
Reference: Code! MVC 5 App with Facebook, Twitter, LinkedIn and Google OAuth2 Sign- on (C#)
http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and- google-oauth2-and-openid-sign-on
Q5. - (Topic 6)
You have business services that run on an on-premises mainframe server.
You must provide an intermediary configuration to support existing business services and
Azure. The business services cannot be rewritten. The business services are not exposed externally.
You need to recommend an approach for accessing the business services. What should you recommend?
A. Connect to the on-premises server by using a custom service in Azure.
B. Expose the business services to the Azure Service Bus by using a custom service that uses relay binding.
C. Expose the business services externally.
D. Move all business service functionality to Azure.
Answer: B
Explanation: The Service Bus relay service enables you to build hybrid applications that run in both an Azure datacenter and your own on-premises enterprise environment. The Service Bus relay facilitates this by enabling you to securely expose Windows Communication Foundation (WCF) services that reside within a corporate enterprise network to the public cloud, without having to open a firewall connection, or require intrusive changes to a corporate network infrastructure.
Reference: How to Use the Service Bus Relay Service
http://azure.microsoft.com/en-gb/documentation/articles/service-bus-dotnet-how-to-use- relay/
Q6. HOTSPOT - (Topic 3)
You need implement tools at the client's location for monitoring and deploying Azure resources.
Which tools should you use? To answer, select the appropriate on-premises tool for each task in the answer area.
Answer:
Explanation:
* System Center Virtual Machine Manager (SCVMM) enables rapid provisioning of new virtual machines by the administrator and end users using a self-service provisioning tool.
* System Center Operations Manager (SCOM) is a cross-platform data center management system for operating systems and hypervisors. It uses a single interface that shows state, health and performance information of computer systems. It also provides alerts generated according to some availability, performance, configuration or security situation being identified.
The basic idea is to place a piece of software, an agent, on the computer to be monitored. The agent watches several sources on that computer, including the Windows Event Log, for specific events or alerts generated by the applications executing on the monitored computer.
* Scenario:
Leverage familiarity with Microsoft server management tools. Manage hosted resources by using on-premises tools.
Mitigate the need to purchase additional tools for monitoring and debugging.
Use advanced monitoring features and reports of workloads in Azure by using existing Microsoft tools.
Q7. - (Topic 7)
You need to implement the loan aggregation process for the WGBLoanMaster app.
Which technology should you use?
A. Azure virtual machine
B. Azure Cloud Service worker role
C. Azure Batch
D. Azure WebJob
Answer: C
Q8. - (Topic 4)
You need to ensure that the website scales. What should you do?
A. Deploy Traffic Manager and configure it to route user traffic to specified endpoints to other Azure datacenters.
B. Enter multiple DNS entries in each virtual network to route requests to other Azure datacenters.
C. Set up a new Azure datacenter to Azure datacenter VPN to enable the solution to communicate across regions.
D. Use a virtual network to route network traffic in a single Azure datacenter.
Answer: C
Explanation: Scenario: The customer-facing website must automatically scale and replicate to locations around the world.
Azure ExpressRoute enables you to create private connections between Azure datacenters and infrastructure that’s on your premises or in a colocation environment. ExpressRoute connections do not go over the public Internet, and offer more reliability, faster speeds, lower latencies and higher security than typical connections over the Internet. In some cases, using ExpressRoute connections to transfer data between on-premises and Azure can also yield significant cost benefits.
Reference: ExpressRoute, Experience a faster, private connection to Azure http://azure.microsoft.com/en-us/services/expressroute/
Q9. - (Topic 5)
You need to design the authentication solution for the NorthRide app. Which solution should you use?
A. Azure Active Directory Basic with multi-factor authentication for the cloud and on- premises users.
B. Active Directory Domain Services with mutual authentication
C. Azure Active Directory Premium and add multi-factor authentication the for cloud users
D. Active Directory Domain Services with multi-factor authentication
Answer: C
Explanation: * Scenario: The NorthRide app must use an additional level of authentication other than the employee's password.
* Azure Multi-Factor Authentication is the multi-factor authentication service that requires users to also verify sign-ins using a mobile app, phone call or text message. It is available to use with Azure Active Directory, to secure on-premise resources with the Azure Multi- Factor Authentication Server, and with custom applications and directories using the SDK.
Reference: What is Azure Multi-Factor Authentication? https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication/
Reference: Azure Active Directory Pricing http://azure.microsoft.com/en-gb/pricing/details/active-directory/
Q10. DRAG DROP - (Topic 6)
You have a web application on Azure.
The web application does not employ Secure Sockets Layer (SSL).
You need to enable SSL for your production deployment web application on Azure. Which four actions should you perform in sequence? To answer, move the appropriate
actions from the list of actions to the answer area and arrange them in the correct order.
Answer: