AZ-204 : Developing Solutions for Microsoft Azure : Part 02

AZ-204 : Developing Solutions for Microsoft Azure : Part 02

1. Your company’s Azure subscription includes an Azure Log Analytics workspace.

   Your company has a hundred on-premises servers that run either Windows Server 2012 R2 or Windows Server 2016, and is linked to the Azure Log Analytics workspace. The Azure Log Analytics workspace is set up to gather performance counters associated with security from these linked servers.

   You must configure alerts based on the information gathered by the Azure Log Analytics workspace.

   You have to make sure that alert rules allow for dimensions, and that alert creation time should be kept to a minimum. Furthermore, a single alert notification must be created when the alert is created and when the alert is resolved.

   You need to make use of the necessary signal type when creating the alert rules.

   Which of the following is the option you should use?

   • The Activity log signal type.
   • The Application Log signal type.
   • The Metric signal type.
   • The Audit Log signal type.

   Explanation:
   Metric alerts in Azure Monitor provide a way to get notified when one of your metrics cross a threshold. Metric alerts work on a range of multi-dimensional platform metrics, custom metrics, Application Insights standard and custom metrics.

   Note: Signals are emitted by the target resource and can be of several types. Metric, Activity log, Application Insights, and Log.

2. You are developing a .NET Core MVC application that allows customers to research independent holiday accommodation providers.

   You want to implement Azure Search to allow the application to search the index by using various criteria to locate documents related to accommodation.

   You want the application to allow customers to search the index by using regular expressions.

   What should you do?

   • Configure the SearchMode property of the SearchParameters class.
   • Configure the QueryType property of the SearchParameters class.
   • Configure the Facets property of the SearchParameters class.
   • Configure the Filter property of the SearchParameters class.

   Explanation:
   The SearchParameters.QueryType Property gets or sets a value that specifies the syntax of the search query. The default is ‘simple’. Use ‘full’ if your query uses the Lucene query syntax.

   You can write queries against Azure Search based on the rich Lucene Query Parser syntax for specialized query forms: wildcard, fuzzy search, proximity search, regular expressions are a few examples.

3. You are a developer at your company.

   You need to update the definitions for an existing Logic App.

   What should you use?

   • the Enterprise Integration Pack (EIP)
   • the Logic App Code View
   • the API Connections
   • the Logic Apps Designer

   Explanation:
   Edit JSON – Azure portal
   Sign in to the Azure portal.
   From the left menu, choose All services. In the search box, find “logic apps”, and then from the results, select your logic app.
   On your logic app’s menu, under Development Tools, select Logic App Code View.
   The Code View editor opens and shows your logic app definition in JSON format.

4. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

   You are developing a solution for a public facing API.

   The API back end is hosted in an Azure App Service instance. You have implemented a RESTful service for the API back end.

   You must configure back-end authentication for the API Management service instance.

   Solution: You configure Basic gateway credentials for the Azure resource.

   Does the solution meet the goal?

   • Yes 
   • No

   Explanation:
   API Management allows to secure access to the back-end service of an API using client certificates.

5. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

   You are developing a solution for a public facing API.

   The API back end is hosted in an Azure App Service instance. You have implemented a RESTful service for the API back end.

   You must configure back-end authentication for the API Management service instance.

   Solution: You configure Client cert gateway credentials for the HTTP(s) endpoint.

   Does the solution meet the goal?

   • Yes
   • No

   Explanation:
   The API back end is hosted in an Azure App Service instance. It is an Azure resource and not an HTTP(s) endpoint.

6. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

   You are developing a solution for a public facing API.

   The API back end is hosted in an Azure App Service instance. You have implemented a RESTful service for the API back end.

   You must configure back-end authentication for the API Management service instance.

   Solution: You configure Basic gateway credentials for the HTTP(s) endpoint.

   Does the solution meet the goal?

   • Yes
   • No

   Explanation:
   API Management allows to secure access to the back-end service of an API using client certificates. Furthermore, the API back end is hosted in an Azure App Service instance. It is an Azure resource and not an HTTP(s) endpoint.

7. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

   You are developing a solution for a public facing API.

   The API back end is hosted in an Azure App Service instance. You have implemented a RESTful service for the API back end.

   You must configure back-end authentication for the API Management service instance.

   Solution: You configure Client cert gateway credentials for the Azure resource.

   Does the solution meet the goal?

   • Yes
   • No

   Explanation:
   API Management allows to secure access to the back-end service of an API using client certificates.

8. You are developing a .NET Core MVC application that allows customers to research independent holiday accommodation providers.

   You want to implement Azure Search to allow the application to search the index by using various criteria to locate documents related to accommodation venues.

   You want the application to list holiday accommodation venues that fall within a specific price range and are within a specified distance to an airport.

   What should you do?

   • Configure the SearchMode property of the SearchParameters class.
   • Configure the QueryType property of the SearchParameters class.
   • Configure the Facets property of the SearchParameters class.
   • Configure the Filter property of the SearchParameters class.

   Explanation:
   The Filter property gets or sets the OData $filter expression to apply to the search query.

9. You are a developer at your company.

   You need to edit the workflows for an existing Logic App.

   What should you use?

   • the Enterprise Integration Pack (EIP)
   • the Logic App Code View
   • the API Connections
   • the Logic Apps Designer

   Explanation:
   For business-to-business (B2B) solutions and seamless communication between organizations, you can build automated scalable enterprise integration workflows by using the Enterprise Integration Pack (EIP) with Azure Logic Apps.

10. DRAG DROP

    You are a developer for a company that provides a bookings management service in the tourism industry. You are implementing Azure Search for the tour agencies listed in your company’s solution.

    You create the index in Azure Search. You now need to use the Azure Search .NET SDK to import the relevant data into the Azure Search service.

    Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions from left to right and arrange them in the correct order.

    

    

11. You are developing an application that applies a set of governance policies for internal and external services, as well as for applications.

    You develop a stateful ASP.NET Core 2.1 web application named PolicyApp and deploy it to an Azure App Service Web App. The PolicyApp reacts to events from Azure Event Grid and performs policy actions based on those events.

    You have the following requirements:

    -Authentication events must be used to monitor users when they sign in and sign out.
    -All authentication events must be processed by PolicyApp.
    -Sign outs must be processed as fast as possible.

    What should you do?

    • Create a new Azure Event Grid subscription for all authentication events. Use the subscription to process sign-out events.
    • Create a separate Azure Event Grid handler for sign-in and sign-out events.
    • Create separate Azure Event Grid topics and subscriptions for sign-in and sign-out events.
    • Add a subject prefix to sign-out events. Create an Azure Event Grid subscription. Configure the subscription to use the subjectBeginsWith filter.

12. Case study

    This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

    To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

    At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

    To start the case study

    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

    Background

    Wide World Importers is moving all their datacenters to Azure. The company has developed several applications and services to support supply chain operations and would like to leverage serverless computing where possible.

    Current environment

    Windows Server 2016 virtual machine

    This virtual machine (VM) runs BizTalk Server 2016. The VM runs the following workflows:

    -Ocean Transport – This workflow gathers and validates container information including container contents and arrival notices at various shipping ports.
    -Inland Transport – This workflow gathers and validates trucking information including fuel usage, number of stops, and routes.

    The VM supports the following REST API calls:

    -Container API – This API provides container information including weight, contents, and other attributes.
    -Location API – This API provides location information regarding shipping ports of call and trucking stops.
    -Shipping REST API – This API provides shipping information for use and display on the shipping website.

    Shipping Data

    The application uses MongoDB JSON document storage database for all container and transport information.

    Shipping Web Site

    The site displays shipping container tracking information and container contents. The site is located at http://shipping.wideworldimporters.com/

    Proposed solution

    The on-premises shipping application must be moved to Azure. The VM has been migrated to a new Standard_D16s_v3 Azure VM by using Azure Site Recovery and must remain running in Azure to complete the BizTalk component migrations. You create a Standard_D16s_v3 Azure VM to host BizTalk Server. The Azure architecture diagram for the proposed solution is shown below:

    

    Requirements

    Shipping Logic app

    The Shipping Logic app must meet the following requirements:

    -Support the ocean transport and inland transport workflows by using a Logic App.
    -Support industry-standard protocol X12 message format for various messages including vessel content details and arrival notices.
    -Secure resources to the corporate VNet and use dedicated storage resources with a fixed costing model.
    -Maintain on-premises connectivity to support legacy applications and final BizTalk migrations.

    Shipping Function app

    Implement secure function endpoints by using app-level security and include Azure Active Directory (Azure AD).

    REST APIs

    The REST API’s that support the solution must meet the following requirements:

    -Secure resources to the corporate VNet.
    -Allow deployment to a testing location within Azure while not incurring additional costs.
    -Automatically scale to double capacity during peak shipping times while not causing application downtime.
    -Minimize costs when selecting an Azure payment model.

    Shipping data

    Data migration from on-premises to Azure must minimize costs and downtime.

    Shipping website

    Use Azure Content Delivery Network (CDN) and ensure maximum performance for dynamic content while minimizing latency and costs.

    Issues

    Windows Server 2016 VM

    The VM shows high network latency, jitter, and high CPU utilization. The VM is critical and has not been backed up in the past. The VM must enable a quick restore from a 7-day snapshot to include in-place restore of disks in case of failure.

    Shipping website and REST APIs

    The following error message displays while you are testing the website:

    Failed to load http://test-shippingapi.wideworldimporters.com/: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://test.wideworldimporters.com/’ is therefore not allowed access.

    1. HOTSPOT

       You need to configure Azure CDN for the Shipping web site.

       Which configuration options should you use? To answer, select the appropriate options in the answer area.

       NOTE: Each correct selection is worth one point.

       

       

    2. HOTSPOT

       You need to correct the VM issues.

       Which tools should you use? To answer, select the appropriate options in the answer area.

       NOTE: Each correct selection is worth one point.

       

       

13. Case study

    This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

    To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

    At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

    To start the case study

    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

    Background

    City Power & Light company provides electrical infrastructure monitoring solutions for homes and businesses. The company is migrating solutions to Azure.

    Current environment

    Architecture overview

    The company has a public website located at http://www.cpandl.com/. The site is a single-page web application that runs in Azure App Service on Linux. The website uses files stored in Azure Storage and cached in Azure Content Delivery Network (CDN) to serve static content.

    API Management and Azure Function App functions are used to process and store data in Azure Database for PostgreSQL. API Management is used to broker communications to the Azure Function app functions for Logic app integration. Logic apps are used to orchestrate the data processing while Service Bus and Event Grid handle messaging and events.

    The solution uses Application Insights, Azure Monitor, and Azure Key Vault.

    Architecture diagram

    The company has several applications and services that support their business. The company plans to implement serverless computing where possible. The overall architecture is shown below.

    

    User authentication

    The following steps detail the user authentication process:

    1.The user selects Sign in in the website.
    2.The browser redirects the user to the Azure Active Directory (Azure AD) sign in page.
    3.The user signs in.
    4.Azure AD redirects the user’s session back to the web application. The URL includes an access token.
    5.The web application calls an API and includes the access token in the authentication header. The application ID is sent as the audience (‘aud’) claim in the access token.
    6.The back-end API validates the access token.

    Requirements

    Corporate website

    -Communications and content must be secured by using SSL.
    -Communications must use HTTPS.
    -Data must be replicated to a secondary region and three availability zones.
    -Data storage costs must be minimized.

    Azure Database for PostgreSQL

    The database connection string is stored in Azure Key Vault with the following attributes:

    -Azure Key Vault name: cpandlkeyvault
    -Secret name: PostgreSQLConn
    -Id: 80df3e46ffcd4f1cb187f79905e9a1e8

    The connection information is updated frequently. The application must always use the latest information to connect to the database.

    Azure Service Bus and Azure Event Grid

    -Azure Event Grid must use Azure Service Bus for queue-based load leveling.
    -Events in Azure Event Grid must be routed directly to Service Bus queues for use in buffering.
    -Events from Azure Service Bus and other Azure services must continue to be routed to Azure Event Grid for processing.

    Security

    -All SSL certificates and credentials must be stored in Azure Key Vault.
    -File access must restrict access by IP, protocol, and Azure AD rights.
    -All user accounts and processes must receive only those privileges which are essential to perform their intended function.

    Compliance

    Auditing of the file updates and transfers must be enabled to comply with General Data Protection Regulation (GDPR). The file updates must be read-only, stored in the order in which they occurred, include only create, update, delete, and copy operations, and be retained for compliance reasons.

    Issues

    Corporate website

    While testing the site, the following error message displays:
    CryptographicException: The system cannot find the file specified.

    Function app

    You perform local testing for the RequestUserApproval function. The following error message displays:
    ‘Timeout value of 00:10:00 exceeded by function: RequestUserApproval’

    The same error message displays when you test the function in an Azure development environment when you run the following Kusto query:
    FunctionAppLogs
    | where FunctionName = = “RequestUserApproval”

    Logic app

    You test the Logic app in a development environment. The following error message displays:
    ‘400 Bad Request’
    Troubleshooting of the error shows an HttpTrigger action to call the RequestUserApproval function.

    Code

    Corporate website

    Security.cs:

    

    Function app

    RequestUserApproval.cs:

    

    1. You need to correct the RequestUserApproval Function app error.

       What should you do?

       • Update line RA13 to use the async keyword and return an HttpRequest object value.
       • Configure the Function app to use an App Service hosting plan. Enable the Always On setting of the hosting plan.
       • Update the function to be stateful by using Durable Functions to process the request payload.
       • Update the functionTimeout property of the host.json project file to 15 minutes.

       Explanation:
       Async operation tracking
       The HTTP response mentioned previously is designed to help implement long-running HTTP async APIs with Durable Functions. This pattern is sometimes referred to as the polling consumer pattern.
       Both the client and server implementations of this pattern are built into the Durable Functions HTTP APIs.

       Function app

       You perform local testing for the RequestUserApproval function. The following error message displays:
       ‘Timeout value of 00:10:00 exceeded by function: RequestUserApproval’

       The same error message displays when you test the function in an Azure development environment when you run the following Kusto query:
       FunctionAppLogs
       | where FunctionName = = “RequestUserApproval”

14. Case study

    This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

    To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

    At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

    To start the case study
    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

    Background

    You are a developer for Proseware, Inc. You are developing an application that applies a set of governance policies for Proseware’s internal services, external services, and applications. The application will also provide a shared library for common functionality.

    Requirements

    Policy service

    You develop and deploy a stateful ASP.NET Core 2.1 web application named Policy service to an Azure App Service Web App. The application reacts to events from Azure Event Grid and performs policy actions based on those events.

    The application must include the Event Grid Event ID field in all Application Insights telemetry.

    Policy service must use Application Insights to automatically scale with the number of policy actions that it is performing.

    Policies

    Log policy

    All Azure App Service Web Apps must write logs to Azure Blob storage. All log files should be saved to a container named logdrop. Logs must remain in the container for 15 days.

    Authentication events

    Authentication events are used to monitor users signing in and signing out. All authentication events must be processed by Policy service. Sign outs must be processed as quickly as possible.

    PolicyLib

    You have a shared library named PolicyLib that contains functionality common to all ASP.NET Core web services and applications. The PolicyLib library must:

    -Exclude non-user actions from Application Insights telemetry.
    -Provide methods that allow a web service to scale itself.
    -Ensure that scaling actions do not disrupt application usage.

    Other

    Anomaly detection service

    You have an anomaly detection service that analyzes log information for anomalies. It is implemented as an Azure Machine Learning model. The model is deployed as a web service. If an anomaly is detected, an Azure Function that emails administrators is called by using an HTTP WebHook.

    Health monitoring

    All web applications and services have health monitoring at the /health service endpoint.

    Issues

    Policy loss

    When you deploy Policy service, policies may not be applied if they were in the process of being applied during the deployment.

    Performance issue

    When under heavy load, the anomaly detection service undergoes slowdowns and rejects connections.

    Notification latency

    Users report that anomaly detection emails can sometimes arrive several minutes after an anomaly is detected.

    App code

    EventGridController.cs

    Relevant portions of the app files are shown below. Line numbers are included for reference only and include a two-character prefix that denotes the specific file to which they belong.

    

    LoginEvent.cs

    Relevant portions of the app files are shown below. Line numbers are included for reference only and include a two-character prefix that denotes the specific file to which they belong.

    

    1. You need to resolve a notification latency issue.

       Which two actions should you perform? Each correct answer presents part of the solution.

       NOTE: Each correct selection is worth one point.

       • Set Always On to true.
       • Ensure that the Azure Function is using an App Service plan.
       • Set Always On to false.
       • Ensure that the Azure Function is set to use a consumption plan.

       Explanation:
       Azure Functions can run on either a Consumption Plan or a dedicated App Service Plan. If you run in a dedicated mode, you need to turn on the Always On setting for your Function App to run properly. The Function runtime will go idle after a few minutes of inactivity, so only HTTP triggers will actually “wake up” your functions. This is similar to how WebJobs must have Always On enabled.

       Scenario: Notification latency: Users report that anomaly detection emails can sometimes arrive several minutes after an anomaly is detected.

       Anomaly detection service: You have an anomaly detection service that analyzes log information for anomalies. It is implemented as an Azure Machine Learning model. The model is deployed as a web service.
       If an anomaly is detected, an Azure Function that emails administrators is called by using an HTTP WebHook.

15. Case study

    This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

    To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

    At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

    To start the case study
    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

    Background

    Overview

    You are a developer for Contoso, Ltd. The company has a social networking website that is developed as a Single Page Application (SPA). The main web application for the social networking website loads user uploaded content from blob storage.

    You are developing a solution to monitor uploaded data for inappropriate content. The following process occurs when users upload content by using the SPA:

    -Messages are sent to ContentUploadService.
    -Content is processed by ContentAnalysisService.
    -After processing is complete, the content is posted to the social network or a rejection message is posted in its place.

    The ContentAnalysisService is deployed with Azure Container Instances from a private Azure Container Registry named contosoimages.

    The solution will use eight CPU cores.

    Azure Active Directory

    Contoso, Ltd. uses Azure Active Directory (Azure AD) for both internal and guest accounts.

    Requirements

    ContentAnalysisService

    The company’s data science group built ContentAnalysisService which accepts user generated content as a string and returns a probable value for inappropriate content. Any values over a specific threshold must be reviewed by an employee of Contoso, Ltd.

    You must create an Azure Function named CheckUserContent to perform the content checks.

    Costs

    You must minimize costs for all Azure services.

    Manual review

    To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role. All completed reviews must include the reviewer’s email address for auditing purposes.

    High availability

    All services must run in multiple regions. The failure of any service in a region must not impact overall application availability.

    Monitoring

    An alert must be raised if the ContentUploadService uses more than 80 percent of available CPU cores.

    Security

    You have the following security requirements:

    -Any web service accessible over the Internet must be protected from cross site scripting attacks.
    -All websites and services must use SSL from a valid root certificate authority.
    -Azure Storage access keys must only be stored in memory and must be available only to the service.
    -All Internal services must only be accessible from internal Virtual Networks (VNets).
    -All parts of the system must support inbound and outbound traffic restrictions.
    -All service calls must be authenticated by using Azure AD.

    User agreements

    When a user submits content, they must agree to a user agreement. The agreement allows employees of Contoso, Ltd. to review content, store cookies on user devices, and track user’s IP addresses.

    Information regarding agreements is used by multiple divisions within Contoso, Ltd.

    User responses must not be lost and must be available to all parties regardless of individual service uptime. The volume of agreements is expected to be in the millions per hour.

    Validation testing

    When a new version of the ContentAnalysisService is available the previous seven days of content must be processed with the new version to verify that the new version does not significantly deviate from the old version.

    Issues

    Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.

    Code

    ContentUploadService

    

    ApplicationManifest

    

    1. HOTSPOT

       You need to ensure that validation testing is triggered per the requirements.

       How should you complete the code segment? To answer, select the appropriate values in the answer area.

       NOTE: Each correct selection is worth one point.

       

       

    2. You need to deploy the CheckUserContent Azure Function. The solution must meet the security and cost requirements.

       Which hosting model should you use?

       • Premium plan
       • App Service plan
       • Consumption plan

       Explanation:
       Scenario:
       You must minimize costs for all Azure services.
       All Internal services must only be accessible from internal Virtual Networks (VNets).

       Best for long-running scenarios where Durable Functions can’t be used. Consider an App Service plan in the following situations:
       -You have existing, underutilized VMs that are already running other App Service instances.
       -You want to provide a custom image on which to run your functions.
       Predictive scaling and costs are required.

       Note: When you create a function app in Azure, you must choose a hosting plan for your app. There are three basic hosting plans available for Azure Functions: Consumption plan, Premium plan, and Dedicated (App Service) plan.

       Incorrect Answers:
       A: A Premium plan would be more costly.
       C: Need the VNET functionality.

16. Case study

    This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

    To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

    At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

    To start the case study
    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

    LabelMaker app

    Coho Winery produces, bottles, and distributes a variety of wines globally. You are a developer implementing highly scalable and resilient applications to support online order processing by using Azure solutions.

    Coho Winery has a LabelMaker application that prints labels for wine bottles. The application sends data to several printers. The application consists of five modules that run independently on virtual machines (VMs). Coho Winery plans to move the application to Azure and continue to support label creation.

    External partners send data to the LabelMaker application to include artwork and text for custom label designs.

    Requirements. Data

    You identify the following requirements for data management and manipulation:

    -Order data is stored as nonrelational JSON and must be queried using SQL.
    -Changes to the Order data must reflect immediately across all partitions. All reads to the Order data must fetch the most recent writes.

    Requirements. Security

    You have the following security requirements:

    -Users of Coho Winery applications must be able to provide access to documents, resources, and applications to external partners.
    -External partners must use their own credentials and authenticate with their organization’s identity management solution.
    -External partner logins must be audited monthly for application use by a user account administrator to maintain company compliance.
    -Storage of e-commerce application settings must be maintained in Azure Key Vault.
    -E-commerce application sign-ins must be secured by using Azure App Service authentication and Azure Active Directory (AAD).
    -Conditional access policies must be applied at the application level to protect company content.
    -The LabelMaker application must be secured by using an AAD account that has full access to all namespaces of the Azure Kubernetes Service (AKS) cluster.

    Requirements. LabelMaker app

    Azure Monitor Container Health must be used to monitor the performance of workloads that are deployed to Kubernetes environments and hosted on Azure Kubernetes Service (AKS).

    You must use Azure Container Registry to publish images that support the AKS deployment.

    Architecture

    

    Issues

    Calls to the Printer API App fail periodically due to printer communication timeouts.

    Printer communication timeouts occur after 10 seconds. The label printer must only receive up to 5 attempts within one minute.

    The order workflow fails to run upon initial deployment to Azure.

    Order.json

    Relevant portions of the app files are shown below. Line numbers are included for reference only.

    This JSON file contains a representation of the data for an order that includes a single item.

    Order.json

    

    1. DRAG DROP

       You need to deploy a new version of the LabelMaker application to ACR.

       Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

       

       

       Explanation:

       Step 1: Build a new application image by using dockerfile

       Step 2: Create an alias if the image with the fully qualified path to the registry
       Before you can push the image to a private registry, you’ve to ensure a proper image name. This can be achieved using the docker tag command. For demonstration purpose, we’ll use Docker’s hello world image, rename it and push it to ACR.

       # pulls hello-world from the public docker hub
       $ docker pull hello-world
       # tag the image in order to be able to push it to a private registry
       $ docker tag hello-word <REGISTRY_NAME>/hello-world
       # push the image
       $ docker push <REGISTRY_NAME>/hello-world

       Step 3: Log in to the registry and push image
       In order to push images to the newly created ACR instance, you need to login to ACR form the Docker CLI. Once logged in, you can push any existing docker image to your ACR instance.

       Scenario:
       Coho Winery plans to move the application to Azure and continue to support label creation.

       LabelMaker app

       Azure Monitor Container Health must be used to monitor the performance of workloads that are deployed to Kubernetes environments and hosted on Azure Kubernetes Service (AKS).

       You must use Azure Container Registry to publish images that support the AKS deployment.

    2. You need to access data from the user claim object in the e-commerce web app.

       What should you do first?

       • Write custom code to make a Microsoft Graph API call from the e-commerce web app.
       • Assign the Contributor RBAC role to the e-commerce web app by using the Resource Manager create role assignment API.
       • Update the e-commerce web app to read the HTTP request header values.
       • Using the Azure CLI, enable Cross-origin resource sharing (CORS) from the e-commerce checkout API to the e-commerce web app.
       Explanation:
       Methods to Get User Identity and Claims in a .NET Azure Functions App include:
       ClaimsPrincipal from the Request Context
       The ClaimsPrincipal object is also available as part of the request context and can be extracted from the HttpRequest.HttpContext.
       User Claims from the Request Headers.
       App Service passes user claims to the app by using special request headers.

17. HOTSPOT

    You are implementing a software as a service (SaaS) ASP.NET Core web service that will run as an Azure Web App. The web service will use an on-premises SQL Server database for storage. The web service also includes a WebJob that processes data updates. Four customers will use the web service.

    -Each instance of the WebJob processes data for a single customer and must run as a singleton instance.
    -Each deployment must be tested by using deployment slots prior to serving production data.
    -Azure costs must be minimized.
    -Azure resources must be located in an isolated network.

    You need to configure the App Service plan for the Web App.

    How should you configure the App Service plan? To answer, select the appropriate settings in the answer area.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Number of VM instances: 4
    You are not charged extra for deployment slots.

    Pricing tier: Isolated
    The App Service Environment (ASE) is a powerful feature offering of the Azure App Service that gives network isolation and improved scale capabilities. It is essentially a deployment of the Azure App Service into a subnet of a customer’s Azure Virtual Network (VNet).

18. DRAG DROP

    You are a developer for a software as a service (SaaS) company that uses an Azure Function to process orders. The Azure Function currently runs on an Azure Function app that is triggered by an Azure Storage queue.

    You are preparing to migrate the Azure Function to Kubernetes using Kubernetes-based Event Driven Autoscaling (KEDA).

    You need to configure Kubernetes Custom Resource Definitions (CRD) for the Azure Function.

    Which CRDs should you configure? To answer, drag the appropriate CRD types to the correct locations. Each CRD type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: Deployment
    To deploy Azure Functions to Kubernetes use the func kubernetes deploy command has several attributes that directly control how our app scales, once it is deployed to Kubernetes.

    Box 2: ScaledObject
    With –polling-interval, we can control the interval used by KEDA to check Azure Service Bus Queue for messages.
    Example of ScaledObject with polling interval
    apiVersion: keda.k8s.io/v1alpha1
    kind: ScaledObject
    metadata:
    name: transformer-fn
    namespace: tt
    labels:
    deploymentName: transformer-fn
    spec:
    scaleTargetRef:
    deploymentName: transformer-fn
    pollingInterval: 5
    minReplicaCount: 0
    maxReplicaCount: 100

    Box 3: Secret
    Store connection strings in Kubernetes Secrets.

    Example: to create the Secret in our demo Namespace:

    # create the k8s demo namespace
    kubectl create namespace tt

    # grab connection string from Azure Service Bus
    KEDA_SCALER_CONNECTION_STRING=$(az servicebus queue authorization-rule keys list \
    -g $RG_NAME \
    –namespace-name $SBN_NAME \
    –queue-name inbound \
    -n keda-scaler \
    –query “primaryConnectionString” \
    -o tsv)

    # create the kubernetes secret
    kubectl create secret generic tt-keda-auth \
    –from-literal KedaScaler=$KEDA_SCALER_CONNECTION_STRING \
    –namespace tt

19. HOTSPOT

    You are creating a CLI script that creates an Azure web app and related services in Azure App Service. The web app uses the following variables:

    

    You need to automatically deploy code from GitHub to the newly created web app.

    How should you complete the script? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: az appservice plan create
    The azure group creates command successfully returns JSON result. Now we can use resource group to create a azure app service plan

    Box 2: az webapp create
    Create a new web app..

    Box 3: –plan $webappname
    ..with the serviceplan we created in step 1.

    Box 4: az webapp deployment
    Continuous Delivery with GitHub. Example:
    az webapp deployment source config –name firstsamplewebsite1 –resource-group websites–repo-url $gitrepo –branch master –git-token $token

    Box 5: –repo-url $gitrepo –branch master –manual-integration

20. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2.

    When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute.

    You need to design the process that starts the photo processing.

    Solution: Trigger the photo processing from Blob storage events.

    Does the solution meet the goal?

    • Yes
    • No

    Explanation:
    You need to catch the triggered event, so move the photo processing to an Azure Function triggered from the blob upload.

    Note: Azure Storage events allow applications to react to events. Common Blob storage event scenarios include image or video processing, search indexing, or any file-oriented workflow.

    Events are pushed using Azure Event Grid to subscribers such as Azure Functions, Azure Logic Apps, or even to your own http listener.

    However, the processing must start in less than one minute.

    Note: Only storage accounts of kind StorageV2 (general purpose v2) and BlobStorage support event integration. Storage (general purpose v1) does not support integration with Event Grid.