AZ-204 : Developing Solutions for Microsoft Azure : Part 04

AZ-204 : Developing Solutions for Microsoft Azure : Part 04

1. DRAG DROP

   You are developing a solution for a hospital to support the following use cases:

   The most recent patient status details must be retrieved even if multiple users in different locations have updated the patient record.
   Patient health monitoring data retrieved must be the current version or the prior version.
   After a patient is discharged and all charges have been assessed, the patient billing record contains the final charges.

   You provision a Cosmos DB NoSQL database and set the default consistency level for the database account to Strong. You set the value for Indexing Mode to Consistent.

   You need to minimize latency and any impact to the availability of the solution. You must override the default consistency level at the query level to meet the required consistency guarantees for the scenarios.

   Which consistency levels should you implement? To answer, drag the appropriate consistency levels to the correct requirements. Each consistency level may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1: Strong
   Strong: Strong consistency offers a linearizability guarantee. The reads are guaranteed to return the most recent committed version of an item. A client never sees an uncommitted or partial write. Users are always guaranteed to read the latest committed write.

   Box 2: Bounded staleness
   Bounded staleness: The reads are guaranteed to honor the consistent-prefix guarantee. The reads might lag behind writes by at most “K” versions (that is “updates”) of an item or by “t” time interval. When you choose bounded staleness, the “staleness” can be configured in two ways:

   The number of versions (K) of the item
   The time interval (t) by which the reads might lag behind the writes

   Box 3: Eventual
   Eventual: There’s no ordering guarantee for reads. In the absence of any further writes, the replicas eventually converge.

   Incorrect Answers:
   Consistent prefix: Updates that are returned contain some prefix of all the updates, with no gaps. Consistent prefix guarantees that reads never see out-of-order writes.

2. HOTSPOT

   You are configuring a development environment for your team. You deploy the latest Visual Studio image from the Azure Marketplace to your Azure subscription.

   The development environment requires several software development kits (SDKs) and third-party components to support application development across the organization. You install and customize the deployed virtual machine (VM) for your development team. The customized VM must be saved to allow provisioning of a new team member development environment.

   You need to save the customized VM for future provisioning.

   Which tools or services should you use? To answer, select the appropriate options in the answer area.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1: Azure Powershell
   Creating an image directly from the VM ensures that the image includes all of the disks associated with the VM, including the OS disk and any data disks.
   Before you begin, make sure that you have the latest version of the Azure PowerShell module.

   You use Sysprep to generalize the virtual machine, then use Azure PowerShell to create the image.

   Box 2: Azure Blob Storage
   You can store images in Azure Blob Storage.

3. You are preparing to deploy a website to an Azure Web App from a GitHub repository. The website includes static content generated by a script.

   You plan to use the Azure Web App continuous deployment feature.

   You need to run the static generation script before the website starts serving traffic.

   What are two possible ways to achieve this goal? Each correct answer presents a complete solution.

   NOTE: Each correct selection is worth one point.

   • Add the path to the static content generation tool to WEBSITE_RUN_FROM_PACKAGE setting in the host.json file.
   • Add a PreBuild target in the websites csproj project file that runs the static content generation script.
   • Create a file named run.cmd in the folder /run that calls a script which generates the static content and deploys the website.
   • Create a file named .deployment in the root of the repository that calls a script which generates the static content and deploys the website.
   Explanation:

   A: In Azure, you can run your functions directly from a deployment package file in your function app. The other option is to deploy your files in the d:\home\site\wwwroot directory of your function app (see A above).

   To enable your function app to run from a package, you just add a WEBSITE_RUN_FROM_PACKAGE setting to your function app settings.

   Note: The host.json metadata file contains global configuration options that affect all functions for a function app.

   D: To customize your deployment, include a .deployment file in the repository root.
   You just need to add a file to the root of your repository with the name .deployment and the content:

   [config]
   command = YOUR COMMAND TO RUN FOR DEPLOYMENT
   this command can be just running a script (batch file) that has all that is required for your deployment, like copying files from the repository to the web root directory for example.

4. DRAG DROP

   You are developing an application to use Azure Blob storage. You have configured Azure Blob storage to include change feeds.

   A copy of your storage account must be created in another region. Data must be copied from the current storage account to the new storage account directly between the storage servers.

   You need to create a copy of the storage account in another region and copy the data.

   In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.

   

   

   Explanation:

   To move a storage account, create a copy of your storage account in another region. Then, move your data to that account by using AzCopy, or another tool of your choice.

   The steps are:
   Export a template.
   Modify the template by adding the target region and storage account name.
   Deploy the template to create the new storage account.
   Configure the new storage account.
   Move data to the new storage account.
   Delete the resources in the source region.

   Note: You must enable the change feed on your storage account to begin capturing and recording changes. You can enable and disable changes by using Azure Resource Manager templates on Portal or Powershell.

5. DRAG DROP

   You are preparing to deploy an Azure virtual machine (VM)-based application.

   The VMs that run the application have the following requirements:

   When a VM is provisioned the firewall must be automatically configured before it can access Azure resources.
   Supporting services must be installed by using an Azure PowerShell script that is stored in Azure Storage.

   You need to ensure that the requirements are met.

   Which features should you use? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

   NOTE: Each correct selection is worth one point.

   

   

6. HOTSPOT

   A company is developing a Node.js web app. The web app code is hosted in a GitHub repository located at https://github.com/TailSpinToys/webapp.

   The web app must be reviewed before it is moved to production. You must deploy the initial code release to a deployment slot named review.

   You need to create the web app and deploy the code.

   How should you complete the commands? To answer, select the appropriate options in the answer area.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1: New-AzResourceGroup
   The New-AzResourceGroup cmdlet creates an Azure resource group.

   Box 2: New-AzAppServicePlan
   The New-AzAppServicePlan cmdlet creates an Azure App Service plan in a given location

   Box 3: New-AzWebApp
   The New-AzWebApp cmdlet creates an Azure Web App in a given a resource group

   Box 4: New-AzWebAppSlot
   The New-AzWebAppSlot cmdlet creates an Azure Web App slot.

7. HOTSPOT

   You are developing an application that needs access to an Azure virtual machine (VM).

   The access lifecycle for the application must be associated with the VM service instance.

   You need to enable managed identity for the VM.

   How should you complete the PowerShell segment? To answer, select the appropriate options in the answer area.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1: -IdentityType
   Enable system-assigned managed identity on an existing Azure VM:
   To enable a system-assigned managed identity, use the -IdentityType switch on the Update-AzVM cmdlet (see below).

   Box 2: $SystemAssigned
   $vm = Get-AzVM -ResourceGroupName myResourceGroup -Name myVM
   Update-AzVM -ResourceGroupName myResourceGroup -VM $vm -IdentityType SystemAssigned

8. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

   After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

   You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2.

   When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute.

   You need to design the process that starts the photo processing.

   Solution: Create an Azure Function app that uses the Consumption hosting model and that is triggered from the blob upload.

   Does the solution meet the goal?

   • Yes
   • No
   Explanation:

   In the Consumption hosting plan, resources are added dynamically as required by your functions.

9. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

   After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

   You develop and deploy an Azure App Service API app to a Windows-hosted deployment slot named Development. You create additional deployment slots named Testing and Production. You enable auto swap on the Production deployment slot.

   You need to ensure that scripts run and resources are available before a swap operation occurs.

   Solution: Update the app with a method named statuscheck to run the scripts. Update the app settings for the app. Set the WEBSITE_SWAP_WARMUP_PING_PATH and WEBSITE_SWAP_WARMUP_PING_STATUSES with a path to the new method and appropriate response codes.

   Does the solution meet the goal?

   • Yes
   • No
   Explanation:

   These are valid warm-up behavior options, but are not helpful in fixing swap problems.

   Instead update the web.config file to include the applicationInitialization configuration element. Specify custom initialization actions to run the scripts.

   Note: Some apps might require custom warm-up actions before the swap. The applicationInitialization configuration element in web.config lets you specify custom initialization actions. The swap operation waits for this custom warm-up to finish before swapping with the target slot. Here’s a sample web.config fragment.

   <system.webServer>
   <applicationInitialization>
   <add initializationPage=”/” hostName=”[app hostname]” />
   <add initializationPage=”/Home/About” hostName=”[app hostname]” />
   </applicationInitialization>
   </system.webServer>

10. HOTSPOT

    You create the following PowerShell script:

    

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: No
    The AzScheduledQueryRuleSource is Heartbeat, not CPU.

    Box 2: Yes
    The AzScheduledQueryRuleSource is Heartbeat!

    Note: New-AzScheduledQueryRuleTriggerCondition creates an object of type Trigger Condition. This object is to be passed to the command that creates Alerting Action object.

    Box 3: No
    The schedule is 60 minutes, not two hours.
    -FrequencyInMinutes: The alert frequency.
    -TimeWindowInMinutes: The alert time window

    The New-AzAscheduledQueryRuleSchedule command creates an object of type Schedule. This object is to be passed to the command that creates Log Alert Rule.

11. DRAG DROP

    You are developing an Azure Function app.

    The app must meet the following requirements:

    -Enable developers to write the functions by using the Rust language.
    -Declaratively connect to an Azure Blob Storage account.

    You need to implement the app.

    Which Azure Function app features should you use? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: Custom handler
    Custom handlers can be used to create functions in any language or runtime by running an HTTP server process, for example Go or Rust.

    Box 2: Trigger
    Functions are invoked by a trigger and can have exactly one. In addition to invoking the function, certain triggers also serve as bindings. You may also define multiple bindings in addition to the trigger. Bindings provide a declarative way to connect data to your code.

12. HOTSPOT

    You are developing an ASP.NET Core web application. You plan to deploy the application to Azure Web App for Containers.

    The application needs to store runtime diagnostic data that must be persisted across application restarts. You have the following code:

    

    You need to configure the application settings so that diagnostic data is stored as required.

    How should you configure the web app’s settings? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: If WEBSITES_ENABLE_APP_SERVICE_STORAGE
    If WEBSITES_ENABLE_APP_SERVICE_STORAGE setting is unspecified or set to true, the /home/ directory will be shared across scale instances, and files written will persist across restarts

    Box 2: /home

13. You are developing a web app that is protected by Azure Web Application Firewall (WAF). All traffic to the web app is routed through an Azure Application Gateway instance that is used by multiple web apps. The web app address is contoso.azurewebsites.net.

    All traffic must be secured with SSL. The Azure Application Gateway instance is used by multiple web apps.

    You need to configure the Azure Application Gateway for the web app.

    Which two actions should you perform? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    • In the Azure Application Gateway’s HTTP setting, enable the Use for App service setting.
    • Convert the web app to run in an Azure App service environment (ASE).
    • Add an authentication certificate for contoso.azurewebsites.net to the Azure Application Gateway.
    • In the Azure Application Gateway’s HTTP setting, set the value of the Override backend path option to contoso22.azurewebsites.net.
    Explanation:

    D: The ability to specify a host override is defined in the HTTP settings and can be applied to any back-end pool during rule creation.
    The ability to derive the host name from the IP or FQDN of the back-end pool members. HTTP settings also provide an option to dynamically pick the host name from a back-end pool member’s FQDN if configured with the option to derive host name from an individual back-end pool member.

    A (not C): SSL termination and end to end SSL with multi-tenant services.
    In case of end to end SSL, trusted Azure services such as Azure App service web apps do not require whitelisting the backends in the application gateway. Therefore, there is no need to add any authentication certificates.

    

14. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2.

    When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute.

    You need to design the process that starts the photo processing.

    Solution: Use the Azure Blob Storage change feed to trigger photo processing.

    Does the solution meet the goal?

    • Yes
    • No
    Explanation:

    The change feed is a log of changes that are organized into hourly segments but appended to and updated every few minutes. These segments are created only when there are blob change events that occur in that hour.

    Instead catch the triggered event, so move the photo processing to an Azure Function triggered from the blob upload.

15. Case study

    This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

    To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

    At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

    To start the case study

    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

    Background

    Overview

    You are a developer for Contoso, Ltd. The company has a social networking website that is developed as a Single Page Application (SPA). The main web application for the social networking website loads user uploaded content from blob storage.

    You are developing a solution to monitor uploaded data for inappropriate content. The following process occurs when users upload content by using the SPA:

    • Messages are sent to ContentUploadService.
    • Content is processed by ContentAnalysisService.
    • After processing is complete, the content is posted to the social network or a rejection message is posted in its place.

    The ContentAnalysisService is deployed with Azure Container Instances from a private Azure Container Registry named contosoimages.

    The solution will use eight CPU cores.

    Azure Active Directory

    Contoso, Ltd. uses Azure Active Directory (Azure AD) for both internal and guest accounts.

    Requirements

    ContentAnalysisService

    The company’s data science group built ContentAnalysisService which accepts user generated content as a string and returns a probable value for inappropriate content. Any values over a specific threshold must be reviewed by an employee of Contoso, Ltd.

    You must create an Azure Function named CheckUserContent to perform the content checks.

    Costs

    You must minimize costs for all Azure services.

    Manual review

    To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role. All completed reviews must include the reviewer’s email address for auditing purposes.

    High availability

    All services must run in multiple regions. The failure of any service in a region must not impact overall application availability.

    Monitoring

    An alert must be raised if the ContentUploadService uses more than 80 percent of available CPU cores.

    Security

    You have the following security requirements:
    -Any web service accessible over the Internet must be protected from cross site scripting attacks.
    -All websites and services must use SSL from a valid root certificate authority.
    -Azure Storage access keys must only be stored in memory and must be available only to the service.
    -All Internal services must only be accessible from internal Virtual Networks (VNets).
    -All parts of the system must support inbound and outbound traffic restrictions.
    -All service calls must be authenticated by using Azure AD.

    User agreements

    When a user submits content, they must agree to a user agreement. The agreement allows employees of Contoso, Ltd. to review content, store cookies on user devices, and track user’s IP addresses.

    Information regarding agreements is used by multiple divisions within Contoso, Ltd.

    User responses must not be lost and must be available to all parties regardless of individual service uptime. The volume of agreements is expected to be in the millions per hour.

    Validation testing

    When a new version of the ContentAnalysisService is available the previous seven days of content must be processed with the new version to verify that the new version does not significantly deviate from the old version.

    Issues

    Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.

    Code

    ContentUploadService

    

    ApplicationManifest

    

    1. You need to configure the ContentUploadService deployment.

       Which two actions should you perform? Each correct answer presents part of the solution.

       NOTE: Each correct selection is worth one point.

       • Add the following markup to line CS23:
         type: Private
       • Add the following markup to line CS24:
         osType: Windows
       • Add the following markup to line CS24:
         osType: Linux
       • Add the following markup to line CS23:
         type: Public
       Explanation:

       Scenario: All Internal services must only be accessible from Internal Virtual Networks (VNets)

       There are three Network Location types – Private, Public and Domain

    2. You need to store the user agreements.

       Where should you store the agreement after it is completed?

       • Azure Storage queue
       • Azure Event Hub
       • Azure Service Bus topic
       • Azure Event Grid topic
       Explanation:

       Azure Event Hub is used for telemetry and distributed data streaming.

       This service provides a single solution that enables rapid data retrieval for real-time processing as well as repeated replay of stored raw data. It can capture the streaming data into a file for processing and analysis.

       It has the following characteristics:
       -low latency
       -capable of receiving and processing millions of events per second
       -at least once delivery

    3. HOTSPOT

       You need to implement the bindings for the CheckUserContent function.

       How should you complete the code segment? To answer, select the appropriate options in the answer area.

       NOTE: Each correct selection is worth one point.

       

       

       Explanation:

       Box 1: [BlobTrigger(..)]

       Box 2: [Blob(..)]
       Azure Blob storage output binding for Azure Functions. The output binding allows you to modify and delete blob storage data in an Azure Function.

       The attribute’s constructor takes the path to the blob and a FileAccess parameter indicating read or write, as shown in the following example:

       [FunctionName(“ResizeImage”)]
       public static void Run(
       [BlobTrigger(“sample-images/{name}”)] Stream image,
       [Blob(“sample-images-md/{name}”, FileAccess.Write)] Stream imageSmall)
       {
       …
       }

       Scenario: You must create an Azure Function named CheckUserContent to perform the content checks.
       The company’s data science group built ContentAnalysisService which accepts user generated content as a string and returns a probable value for inappropriate content. Any values over a specific threshold must be reviewed by an employee of Contoso, Ltd.

16. Case study

    This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

    To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

    At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

    To start the case study
    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

    Background

    City Power & Light company provides electrical infrastructure monitoring solutions for homes and businesses. The company is migrating solutions to Azure.

    Current environment

    Architecture overview

    The company has a public website located at http://www.cpandl.com/. The site is a single-page web application that runs in Azure App Service on Linux. The website uses files stored in Azure Storage and cached in Azure Content Delivery Network (CDN) to serve static content.

    API Management and Azure Function App functions are used to process and store data in Azure Database for PostgreSQL. API Management is used to broker communications to the Azure Function app functions for Logic app integration. Logic apps are used to orchestrate the data processing while Service Bus and Event Grid handle messaging and events.

    The solution uses Application Insights, Azure Monitor, and Azure Key Vault.

    Architecture diagram

    The company has several applications and services that support their business. The company plans to implement serverless computing where possible. The overall architecture is shown below.

    

    User authentication

    The following steps detail the user authentication process:

    1.The user selects Sign in in the website.
    2.The browser redirects the user to the Azure Active Directory (Azure AD) sign in page.
    3.The user signs in.
    4.Azure AD redirects the user’s session back to the web application. The URL includes an access token.
    5.The web application calls an API and includes the access token in the authentication header. The application ID is sent as the audience (‘aud’) claim in the access token.
    6.The back-end API validates the access token.

    Requirements

    Corporate website

    -Communications and content must be secured by using SSL.
    -Communications must use HTTPS.
    -Data must be replicated to a secondary region and three availability zones.
    -Data storage costs must be minimized.

    Azure Database for PostgreSQL

    The database connection string is stored in Azure Key Vault with the following attributes:

    -Azure Key Vault name: cpandlkeyvault
    -Secret name: PostgreSQLConn
    -Id: 80df3e46ffcd4f1cb187f79905e9a1e8

    The connection information is updated frequently. The application must always use the latest information to connect to the database.

    Azure Service Bus and Azure Event Grid

    -Azure Event Grid must use Azure Service Bus for queue-based load leveling.
    -Events in Azure Event Grid must be routed directly to Service Bus queues for use in buffering.
    -Events from Azure Service Bus and other Azure services must continue to be routed to Azure Event Grid for processing.

    Security

    -All SSL certificates and credentials must be stored in Azure Key Vault.
    -File access must restrict access by IP, protocol, and Azure AD rights.
    -All user accounts and processes must receive only those privileges which are essential to perform their intended function.

    Compliance

    Auditing of the file updates and transfers must be enabled to comply with General Data Protection Regulation (GDPR). The file updates must be read-only, stored in the order in which they occurred, include only create, update, delete, and copy operations, and be retained for compliance reasons.

    Issues

    Corporate website

    While testing the site, the following error message displays:
    CryptographicException: The system cannot find the file specified.

    Function app

    You perform local testing for the RequestUserApproval function. The following error message displays:
    ‘Timeout value of 00:10:00 exceeded by function: RequestUserApproval’

    The same error message displays when you test the function in an Azure development environment when you run the following Kusto query:
    FunctionAppLogs
    | where FunctionName = = “RequestUserApproval”

    Logic app

    You test the Logic app in a development environment. The following error message displays:
    ‘400 Bad Request’
    Troubleshooting of the error shows an HttpTrigger action to call the RequestUserApproval function.

    Code

    Corporate website

    Security.cs:

    

    Function app

    RequestUserApproval.cs:

    

    1. HOTSPOT

       You need to configure the Account Kind, Replication, and Access tier options for the corporate website’s Azure Storage account.

       How should you complete the configuration? To answer, select the appropriate options in the dialog box in the answer area.

       NOTE: Each correct selection is worth one point.

       

       

       Explanation:

       Account Kind: StorageV2 (general-purpose v2)
       Scenario: Azure Storage blob will be used (refer to the exhibit). Data storage costs must be minimized.

       General-purpose v2 accounts: Basic storage account type for blobs, files, queues, and tables. Recommended for most scenarios using Azure Storage.

       Incorrect Answers:
       -BlockBlobStorage accounts: Storage accounts with premium performance characteristics for block blobs and append blobs. Recommended for scenarios with high transactions rates, or scenarios that use smaller objects or require consistently low storage latency.

       -General-purpose v1 accounts: Legacy account type for blobs, files, queues, and tables. Use general-purpose v2 accounts instead when possible.

       Replication: Geo-redundant Storage
       Scenario: Data must be replicated to a secondary region and three availability zones.

       Geo-redundant storage (GRS) copies your data synchronously three times within a single physical location in the primary region using LRS. It then copies your data asynchronously to a single physical location in the secondary region.

       Incorrect Answers:
       Geo-zone-redundant storage (GZRS), but it would be more costly.

       Access tier: Cool
       Data storage costs must be minimized.

       Note: Azure storage offers different access tiers, which allow you to store blob object data in the most cost-effective manner. The available access tiers include:

       Hot – Optimized for storing data that is accessed frequently.
       Cool – Optimized for storing data that is infrequently accessed and stored for at least 30 days.

17. Case study

    This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

    To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

    At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

    To start the case study
    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

    Background

    You are a developer for Litware Inc., a SaaS company that provides a solution for managing employee expenses. The solution consists of an ASP.NET Core Web API project that is deployed as an Azure Web App.

    Overall architecture

    Employees upload receipts for the system to process. When processing is complete, the employee receives a summary report email that details the processing results. Employees then use a web application to manage their receipts and perform any additional tasks needed for reimbursement.

    Receipt processing
    Employees may upload receipts in two ways:

    Uploading using an Azure Files mounted folder
    Uploading using the web application

    Data Storage
    Receipt and employee information is stored in an Azure SQL database.

    Documentation

    Employees are provided with a getting started document when they first use the solution. The documentation includes details on supported operating systems for Azure File upload, and instructions on how to configure the mounted folder.

    Solution details

    Users table

    

    Web Application

    You enable MSI for the Web App and configure the Web App to use the security principal name WebAppIdentity.

    Processing

    Processing is performed by an Azure Function that uses version 2 of the Azure Function runtime. Once processing is completed, results are stored in Azure Blob Storage and an Azure SQL database. Then, an email summary is sent to the user with a link to the processing report. The link to the report must remain valid if the email is forwarded to another user.

    Logging

    Azure Application Insights is used for telemetry and logging in both the processor and the web application. The processor also has TraceWriter logging enabled. Application Insights must always contain all log messages.

    Requirements

    Receipt processing

    Concurrent processing of a receipt must be prevented.

    Disaster recovery

    Regional outage must not impact application availability. All DR operations must not be dependent on application running and must ensure that data in the DR region is up to date.

    Security

    -User’s SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins.
    -All certificates and secrets used to secure data must be stored in Azure Key Vault.
    -You must adhere to the principle of least privilege and provide privileges which are essential to perform the intended function.
    -All access to Azure Storage and Azure SQL database must use the application’s Managed Service Identity (MSI).
    -Receipt data must always be encrypted at rest.
    -All data must be protected in transit.
    -User’s expense account number must be visible only to logged in users. All other views of the expense account number should include only the last segment, with the remaining parts obscured.
    -In the case of a security breach, access to all summary reports must be revoked without impacting other parts of the system.

    Issues

    Upload format issue

    Employees occasionally report an issue with uploading a receipt using the web application. They report that when they upload a receipt using the Azure File Share, the receipt does not appear in their profile. When this occurs, they delete the file in the file share and use the web application, which returns a 500 Internal Server error page.

    Capacity issue

    During busy periods, employees report long delays between the time they upload the receipt and when it appears in the web application.

    Log capacity issue

    Developers report that the number of log messages in the trace output for the processor is too high, resulting in lost log messages.

    Application code

    Processing.cs

    

    Database.cs

    

    ReceiptUploader.cs

    

    ConfigureSSE.ps1

    

    1. DRAG DROP

       You need to add code at line PC32 in Processing.cs to implement the GetCredentials method in the Processing class.

       How should you complete the code? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

       NOTE: Each correct selection is worth one point.

       

       

       Explanation:

       Box 1: AzureServiceTokenProvider()

       Box 2: tp.GetAccessTokenAsync(“..”)

       Acquiring an access token is then quite easy. Example code:

       private async Task<string> GetAccessTokenAsync()
       {
       var tokenProvider = new AzureServiceTokenProvider();
       return await tokenProvider.GetAccessTokenAsync(“https://storage.azure.com/”);
       }

    2. DRAG DROP

       You need to ensure disaster recovery requirements are met.

       What code should you add at line PC16?

       To answer, drag the appropriate code fragments to the correct locations. Each code fragment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

       NOTE: Each correct selection is worth one point.

       

       

       Explanation:

       Scenario: Disaster recovery. Regional outage must not impact application availability. All DR operations must not be dependent on application running and must ensure that data in the DR region is up to date.

       Box 1: DirectoryTransferContext
       We transfer all files in the directory.

       Note: The TransferContext object comes in two forms: SingleTransferContext and DirectoryTransferContext. The former is for transferring a single file and the latter is for transferring a directory of files.

       Box 2: ShouldTransferCallbackAsync
       The DirectoryTransferContext.ShouldTransferCallbackAsync delegate callback is invoked to tell whether a transfer should be done.

       Box 3: False
       If you want to use the retry policy in Copy, and want the copy can be resume if break in the middle, you can use SyncCopy (isServiceCopy = false).

       Note that if you choose to use service side copy (‘isServiceCopy’ set to true), Azure (currently) doesn’t provide SLA for that. Setting ‘isServiceCopy’ to false will download the source blob local

18. Case study

    This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

    To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

    At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

    To start the case study
    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

    LabelMaker app

    Coho Winery produces, bottles, and distributes a variety of wines globally. You are a developer implementing highly scalable and resilient applications to support online order processing by using Azure solutions.

    Coho Winery has a LabelMaker application that prints labels for wine bottles. The application sends data to several printers. The application consists of five modules that run independently on virtual machines (VMs). Coho Winery plans to move the application to Azure and continue to support label creation.

    External partners send data to the LabelMaker application to include artwork and text for custom label designs.

    Requirements. Data

    You identify the following requirements for data management and manipulation:

    -Order data is stored as nonrelational JSON and must be queried using SQL.
    -Changes to the Order data must reflect immediately across all partitions. All reads to the Order data must fetch the most recent writes.

    Requirements. Security

    You have the following security requirements:

    -Users of Coho Winery applications must be able to provide access to documents, resources, and applications to external partners.
    -External partners must use their own credentials and authenticate with their organization’s identity management solution.
    -External partner logins must be audited monthly for application use by a user account administrator to maintain company compliance.
    -Storage of e-commerce application settings must be maintained in Azure Key Vault.
    -E-commerce application sign-ins must be secured by using Azure App Service authentication and Azure Active Directory (AAD).
    -Conditional access policies must be applied at the application level to protect company content.
    -The LabelMaker application must be secured by using an AAD account that has full access to all namespaces of the Azure Kubernetes Service (AKS) cluster.

    Requirements. LabelMaker app

    Azure Monitor Container Health must be used to monitor the performance of workloads that are deployed to Kubernetes environments and hosted on Azure Kubernetes Service (AKS).

    You must use Azure Container Registry to publish images that support the AKS deployment.

    Architecture

    

    Issues

    Calls to the Printer API App fail periodically due to printer communication timeouts.

    Printer communication timeouts occur after 10 seconds. The label printer must only receive up to 5 attempts within one minute.

    The order workflow fails to run upon initial deployment to Azure.

    Order.json

    Relevant portions of the app files are shown below. Line numbers are included for reference only.

    This JSON file contains a representation of the data for an order that includes a single item.

    Order.json

    

    1. HOTSPOT

       You need to configure Azure Cosmos DB.

       Which settings should you use? To answer, select the appropriate options in the answer area.

       NOTE: Each correct selection is worth one point.

       

       

       Explanation:

       Box 1: Strong
       When the consistency level is set to strong, the staleness window is equivalent to zero, and the clients are guaranteed to read the latest committed value of the write operation.
       Scenario: Changes to the Order data must reflect immediately across all partitions. All reads to the Order data must fetch the most recent writes.

       Note: You can choose from five well-defined models on the consistency spectrum. From strongest to weakest, the models are: Strong, Bounded staleness, Session, Consistent prefix, Eventual

       Box 2: SQL
       Scenario: You identify the following requirements for data management and manipulation:
       Order data is stored as nonrelational JSON and must be queried using Structured Query Language (SQL).

    2. HOTSPOT

       You need to retrieve all order line items from Order.json and sort the data alphabetically by the city.

       How should you complete the code? To answer, select the appropriate options in the answer area.

       NOTE: Each correct selection is worth one point.

       

       

       Explanation:

       Box 1: orders o
       Scenario: Order data is stored as nonrelational JSON and must be queried using SQL.

       Box 2:li

       Box 3: o.line_items

       Box 4: o.city
       The city field is in Order, not in the 2s.

19. HOTSPOT

    A company develops a series of mobile games. All games use a single leaderboard service.

    You have the following requirements:

    -Code must be scalable and allow for growth.
    -Each record must consist of a playerId, gameId, score, and time played.
    -When users reach a new high score, the system will save the new score using the SaveScore function below.
    -Each game is assigned an Id based on the series title.

    You plan to store customer information in Azure Cosmos DB. The following data already exists in the database:

    

    You develop the following code to save scores in the data store. (Line numbers are included for reference only.)

    

    You develop the following code to query the database. (Line numbers are included for reference only.)

    

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: Yes
    Create a table.
    A CloudTableClient object lets you get reference objects for tables and entities. The following code creates a CloudTableClient object and uses it to create a new CloudTable object, which represents a table
    // Retrieve storage account from connection-string.
    CloudStorageAccount storageAccount =
    CloudStorageAccount.parse(storageConnectionString);

    // Create the table client.
    CloudTableClient tableClient = storageAccount.createCloudTableClient();

    // Create the table if it doesn’t exist.
    String tableName = “people”;
    CloudTable cloudTable = tableClient.getTableReference(tableName);
    cloudTable.createIfNotExists();

    Box 2: No
    New records are inserted with TableOperation.insert. Old records are not updated.

    To update old records TableOperation.insertOrReplace should be used instead.

    Box 3: No

    Box 4: Yes

20. HOTSPOT

    You are developing a solution that uses the Azure Storage Client library for .NET. You have the following code: (Line numbers are included for reference only.)

    

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: Yes
    AcquireLeaseAsync does not specify leaseTime.
    leaseTime is a TimeSpan representing the span of time for which to acquire the lease, which will be rounded down to seconds. If null, an infinite lease will be acquired. If not null, this must be 15 to 60 seconds.
    Box 2: No
    The GetBlockBlobReference method just gets a reference to a block blob in this container.

    Box 3: Yes
    The BreakLeaseAsync method initiates an asynchronous operation that breaks the current lease on this container.