Answer:

Answer:

Answer: C

Explanation: For Cloud Services in Azure applications need both web and worker roles to

scale well.

Reference: Application Patterns and Development Strategies for SQL Server in Azure Virtual Machines

https://msdn.microsoft.com/en-us/library/azure/dn574746.aspx

Topic 7, Woodgrove Bank

Overview

Woodgrove Bank has 20 regional offices and operates 1,500 branch office locations. Each regional office hosts the servers, infrastructure, and applications that support that region. Woodgrove Bank plans to move all of Their on-premises resources to Azure, including virtual machine (VM)-based, line-of-business workloads, and SQL databases. You are the owner of the Azure subscription that Woodgrove Bank is using. Your team is using Git repositories hosted on GitHub for source control.

Security

Currently, Woodgrove Bank's Computer Security Incident Response Team (CSIRT) has a problem investigating security issues due to the lack of security intelligence integrated with their current incident response tools. This lack of integration introduces a problem during the detection (too many false positives), assessment, and diagnose stages. You decide to use Azure Security Center to help address this problem.

Woodgrove Bank has several apps with regulated data such as Personally Identifiable Information (PU) that require a higher level of security. All apps are currently secured by using an on-premises Active Directory Domain Services (AD DS). The company depends on following mission-critical apps: WGBLoanMaster, WGBLeaseLeader, and WGBCreditCruncher apps. You plan to move each of these apps to Azure as part of an app migration project.

Apps

The WGBLoanMaster app has been audited for transaction loss. Many transactions have been lost in processing and monetary write-offs have cost the bank. The app runs on two VMs that include several public end points.

The WGBteaseLeader app has been audited for several data breaches. The app includes a SQL Server database and a web-based portal. The portal uses an ASP.NET Web API function to generate a monthly aggregate report from the database.

The WGBCreditCruncher app runs on a VM and is load balanced at the network level. The app includes several stateless components and must accommodate scaling of increased credit processing. The app runs on a nightly basis to process credit transactions that are batched during the day. The app includes a web-based portal where customers can check their credit information. A mobile version of the app allows users to upload check images.

Business Requirements: WGBLoanMasterApp

The app audit revealed a need for zero transaction loss. The business is losing money due to the app losing and not processing loan information. In addition, transactions fail to process after running for a long time. The business has requested the aggregation processing to be scheduled for 01:00 to prevent system slowdown.

WGBLeaseLeader App

The app should be secured to stop data breaches. It the data is breached, it must not be readable. The app is continuing to see increased volume and the business does not want the issues presented in the WGBLoanMaster app. Transaction loss is unacceptable, and although the lease monetary amounts are smaller than loans, they are still an important profit center for Woodgrove Bank. The business would also like the monthly report to be automatically generated on the first of the month. Currently, a user must log in to the portal and click a button to generate the report.

WGBCreditCruncher app

The web-based portal area of the app must allow users to sign in with their Facebook credentials. The bank would like to allow this feature to enable more users to check their credit within the app.

Woodgrove Bank needs to develop a new financial risk modeling feature that they can include in the WGBCreditCruncher app. The financial risk modeling feature has not been developed due to costs associated with processing, transforming, and analyzing the large volumes of data that are collected. You need to find a way to implement parallel processing to ensure that the features runs efficiently, reliably, and quickly. The feature must scale based on computing demand to process the large volumes of data and output several financial risk models.

Technical Requirements: WGBLoanMaster App

The app uses several compute-intensive tasks that create long-running requests to the system. The app is critical to the business and must be scalable to increased loan processing demands. The VMs that run the app include a Windows Task Scheduler task that aggregates loan information from the app to send to a third party. This task runs a console app on the VM.

The app requires a messaging system to handle transaction processing. The messaging system must meet the following requirements:

*Allow messages to reside in the queue for up to a month

*Be able to publish and consume batches of messages

*Allow full integration with the Windows Communication Foundation (WCF) communication stack

*Provide a role-based access model to the queues, including different permissions for senders and receivers

You develop an Azure Resource Manager (ARM) template to deploy the VMs used to support the app. The template must be deployed to a new resource group and you must validate your deployment settings before creating actual resources.

WGBLeaseLeader App

The app must use Azure SQL Databases as a replacement to the current Microsoft SQL Server environment. The monthly report must be automatically generated.

The app requires a messaging system to handle transaction processing. The messaging system must meet the following requirements:

*Require server-side logs of all of the transactions run against your queues

*Track progress of a message within the queue

*Process the messages within 7 days

*Provide a differing timeout value per message

WGBCreditCruncher app

The app must

*Secure inbound and outbound traffic

*Analyze inbound network traffic for vulnerabilities.

*Use an instance-level public IP and allow web traffic on port 443 only.

*Upgrade the portal to a Single Page Application (SPA) that uses JavaScript Azure Active Directory (Azure AD), and the OAuth 2.0 implicit authorization grant to secure the Web API back end.

*Cache authentication and host the Web API back end using the Open Web Interface for

.NET (OWIN) middleware.

*Immediately compress check images received from the mobile web app.

*Schedule processing of the batched credit transactions on a nightly basis.

*Provide parallel processing and scalable computing resources to output financial risk models.

*Use simultaneous compute nodes to enable high performance computing and updating of the financial risk models.

Key Security Areas

Answer:

Answer:

Explanation:

* Azure Rights Management service

Azure Rights Management service uses encryption, identity, and authorization policies to help secure your files and email, and it works across multiple devices—phones, tablets, and PCs. Information can be protected both within your organization and outside your organization because that protection remains with the data, even when it leaves your organization’s boundaries.

* Transparent Data Encryption

Transparent Data Encryption (often abbreviated to TDE) is a technology employed by both Microsoft and Oracle to encrypt database files. TDE offers encryption at file level. TDE solves the problem of protecting data at rest, encrypting databases both on the hard drive and consequently on backup media.

* TLS/SSL

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating, and to negotiate a symmetric key.

Answer: D

Explanation: Service Bus queues are part of a broader Azure messaging infrastructure that supports queuing as well as publish/subscribe, Web service remoting, and integration patterns.

Service Bus Queue support Push-style API (while Azure Queue messaging does not).

Incorrect:

Not A: Notification Hub is only used to push notification, not for processing requests. Not B As a solution architect/developer, you should consider using Azure Queues when:

* Your application must store over 80 GB of messages in a queue, where the messages have a lifetime shorter than 7 days.

* Your application wants to track progress for processing a message inside of the queue. This is useful if the worker processing a message crashes. A subsequent worker can then use that information to continue from where the prior worker left off.

You require server side logs of all of the transactions executed against your queues. Not C: To process the messages we do not need push notification.

Reference: Azure Queues and Service Bus Queues - Compared and Contrasted

https://msdn.microsoft.com/en-us/library/azure/hh767287.aspx

Answer:

Explanation:

* Owner can manage everything, including access.

* Contributors can manage everything except access.

Note: Azure role-based access control allows you to grant appropriate access to Azure AD users, groups, and services, by assigning roles to them on a subscription or resource group or individual resource level.

Answer: A

Explanation: A Microsoft cloud service administrator who wants to provide their Azure Active Directory (AD) users with sign-on validation can use a SAML 2.0 compliant SP-Lite profile based Identity Provider as their preferred Security Token Service (STS) / identity provider. This is useful where the solution implementer already has a user directory and password store on-premises that can be accessed using SAML 2.0. This existing user directory can be used for sign-on to Office 365 and other Azure AD-secured resources.

Reference: Use a SAML 2.0 identity provider to implement single sign-on https://msdn.microsoft.com/en-us/library/azure/dn641269.aspx?f=255&MSPPError=-2147217396

Topic 2, Trey Research

Background Overview

Trey Research conducts agricultural research and sells the results to the agriculture and food industries. The company uses a combination of on-premises and third-party server clusters to meet its storage needs. Trey Research has seasonal demands on its services, with up to 50 percent drops in data capacity and bandwidth demand during low-demand periods. They plan to host their websites in an agile, cloud environment where the company can deploy and remove its websites based on its business requirements rather than the requirements of the hosting company.

A recent fire near the datacenter that Trey Research uses raises the management team's awareness of the vulnerability of hosting all of the company's websites and data at any single location. The management team is concerned about protecting its data from loss as a result of a disaster.

Websites

Trey Research has a portfolio of 300 websites and associated background processes that are currently hosted in a third-party datacenter. All of the websites are written in ASP.NET, and the background processes use Windows Services. The hosting environment costs Trey Research approximately S25 million in hosting and maintenance fees.

Infrastructure

Trey Research also has on-premises servers that run VMs to support line-of-business applications. The company wants to migrate the line-of-business applications to the cloud, one application at a time. The company is migrating most of its production VMs from an aging VMWare ESXi farm to a Hyper-V cluster that runs on Windows Server 2012.

Applications DistributionTracking

Trey Research has a web application named Distributiontracking. This application

constantly collects realtime data that tracks worldwide distribution points to customer retail sites. This data is available to customers at all times.

The company wants to ensure that the distribution tracking data is stored at a location that is geographically close to the customers who will be using the information. The system must continue running in the event of VM failures without corrupting data. The system is processor intensive and should be run in a multithreading environment.

HRApp

The company has a human resources (HR) application named HRApp that stores data in an on-premises SQL Server database. The database must have at least two copies, but data to support backups and business continuity must stay in Trey Research locations only. The data must remain on-premises and cannot be stored in the cloud.

HRApp was written by a third party, and the code cannot be modified. The human resources data is used by all business offices, and each office requires access to the entire database. Users report that HRApp takes all night to generate the required payroll reports, and they would like to reduce this time.

MetricsTracking

Trey Research has an application named MetricsTracking that is used to track analytics for the DistributionTracking web application. The data MetricsTracking collects is not customer-facing. Data is stored on an on-premises SQL Server database, but this data should be moved to the cloud. Employees at other locations access this data by using a remote desktop connection to connect to the application, but latency issues degrade the functionality.

Trey Research wants a solution that allows remote employees to access metrics data without using a remote desktop connection. MetricsTracking was written in-house, and the development team is available to make modifications to the application if necessary. However, the company wants to continue to use SQL Server for MetricsTracking.

Business Requirements

Business Continuity

You have the following requirements:

✑ Move all customer-facing data to the cloud.

✑ Web servers should be backed up to geographically separate locations,

✑ If one website becomes unavailable, customers should automatically be routed to websites that are still operational.

✑ Data must be available regardless of the operational status of any particular website.

✑ The HRApp system must remain on-premises and must be backed up.

✑ The MetricsTracking data must be replicated so that it is locally available to all Trey Research offices.

Auditing and Security

You have the following requirements:

✑ Both internal and external consumers should be able to access research results.

✑ Internal users should be able to access data by using their existing company credentials without requiring multiple logins.

✑ Consumers should be able to access the service by using their Microsoft credentials.

✑ Applications written to access the data must be authenticated.

✑ Access and activity must be monitored and audited.

✑ Ensure the security and integrity of the data collected from the worldwide distribution points for the distribution tracking application.

Storage and Processing

You have the following requirements:

✑ Provide real-time analysis of distribution tracking data by geographic location.

✑ Collect and store large datasets in real-time data for customer use.

✑ Locate the distribution tracking data as close to the central office as possible to improve bandwidth.

✑ Co-locate the distribution tracking data as close to the customer as possible based on the customer's location.

✑ Distribution tracking data must be stored in the JSON format and indexed by metadata that is stored in a SQL Server database.

✑ Data in the cloud must be stored in geographically separate locations, but kept with the same political boundaries.

Technical Requirements Migration

You have the following requirements:

✑ Deploy all websites to Azure.

✑ Replace on-premises and third-party physical server clusters with cloud-based solutions.

✑ Optimize the speed for retrieving exiting JSON objects that contain the distribution

tracking data.

✑ Recommend strategies for partitioning data for load balancing.

Auditing and Security

You have the following requirements:

✑ Use Active Directory for internal and external authentication.

✑ Use OAuth for application authentication.

Business Continuity

You have the following requirements:

✑ Data must be backed up to separate geographic locations.

✑ Web servers must run concurrent versions of all websites in distinct geographic locations.

✑ Use Azure to back up the on-premises MetricsTracking data.

✑ Use Azure virtual machines as a recovery platform for MetricsTracking and HRApp.

✑ Ensure that there is at least one additional on-premises recovery environment for the HRApp.

Answer: A,D,E

Explanation: DE: This tutorial shows you how to build an ASP.NET MVC 5 web application that enables users to log in using OAuth 2.0 with credentials from an external authentication provider, such as Facebook, Twitter, LinkedIn, Microsoft, or Google.

A:

* You will now be redirected back to the Register page of the MvcAuth application where you can register your Google account. You have the option of changing the local email registration name used for your Gmail account, but you generally want to keep the default email alias (that is, the one you used for authentication). Click Register.

* To connect to authentication providers like Google and Facebook, you will need to set up IIS-Express to use SSL.

Reference: Code! MVC 5 App with Facebook, Twitter, LinkedIn and Google OAuth2 Sign- on (C#)

http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and- google-oauth2-and-openid-sign-on

Answer: B

Reference: Understanding Block Blobs and Page Blobs https://msdn.microsoft.com/en-us/library/azure/ee691964.aspx