AZ-204 : Developing Solutions for Microsoft Azure : Part 05

AZ-204 : Developing Solutions for Microsoft Azure : Part 05

1. You are building a website that uses Azure Blob storage for data storage. You configure Azure Blob storage lifecycle to move all blobs to the archive tier after 30 days.

   Customers have requested a service-level agreement (SLA) for viewing data older than 30 days.

   You need to document the minimum SLA for data recovery.

   Which SLA should you use?

   • at least two days
   • between one and 15 hours
   • at least one day
   • between zero and 60 minutes

   Explanation:The archive access tier has the lowest storage cost. But it has higher data retrieval costs compared to the hot and cool tiers. Data in the archive tier can take several hours to retrieve depending on the priority of the rehydration. For small objects, a high priority rehydrate may retrieve the object from archive in under 1 hour.

2. HOTSPOT

   You are developing a ticket reservation system for an airline.

   The storage solution for the application must meet the following requirements:

   Ensure at least 99.99% availability and provide low latency.
   Accept reservations even when localized network outages or other unforeseen failures occur.
   Process reservations in the exact sequence as reservations are submitted to minimize overbooking or selling the same seat to multiple travelers.
   Allow simultaneous and out-of-order reservations with a maximum five-second tolerance window.

   You provision a resource group named airlineResourceGroup in the Azure South-Central US region.

   You need to provision a SQL API Cosmos DB account to support the app.

   How should you complete the Azure CLI commands? To answer, select the appropriate options in the answer area.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1: BoundedStaleness
   Bounded staleness: The reads are guaranteed to honor the consistent-prefix guarantee. The reads might lag behind writes by at most “K” versions (that is, “updates”) of an item or by “T” time interval. In other words, when you choose bounded staleness, the “staleness” can be configured in two ways:

   The number of versions (K) of the item
   The time interval (T) by which the reads might lag behind the writes

   Incorrect Answers:
   Strong
   Strong consistency offers a linearizability guarantee. Linearizability refers to serving requests concurrently. The reads are guaranteed to return the most recent committed version of an item. A client never sees an uncommitted or partial write. Users are always guaranteed to read the latest committed write.

   Box 2: –enable-automatic-failover true\
   For multi-region Cosmos accounts that are configured with a single-write region, enable automatic-failover by using Azure CLI or Azure portal. After you enable automatic failover, whenever there is a regional disaster, Cosmos DB will automatically failover your account.

   Question: Accept reservations event when localized network outages or other unforeseen failures occur.

   Box 3: –locations’southcentralus=0 eastus=1 westus=2
   Need multi-region.

3. HOTSPOT

   You are preparing to deploy a Python website to an Azure Web App using a container. The solution will use multiple containers in the same container group. The Dockerfile that builds the container is as follows:

   

   You build a container by using the following command. The Azure Container Registry instance named images is a private registry.

   

   The user name and password for the registry is admin.

   The Web App must always run the same version of the website regardless of future builds.

   You need to create an Azure Web App to run the website.

   How should you complete the commands? To answer, select the appropriate options in the answer area.

   NOTE: Each correct selection is worth one point.

   

   

4. HOTSPOT

   You are developing a back-end Azure App Service that scales based on the number of messages contained in a Service Bus queue.

   A rule already exists to scale up the App Service when the average queue length of unprocessed and valid queue messages is greater than 1000.

   You need to add a new rule that will continuously scale down the App Service as long as the scale up condition is not met.

   How should you configure the Scale rule? To answer, select the appropriate options in the answer area.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1: Service bus queue
   You are developing a back-end Azure App Service that scales based on the number of messages contained in a Service Bus queue.

   Box 2: ActiveMessage Count
   ActiveMessageCount: Messages in the queue or subscription that are in the active state and ready for delivery.

   Box 3: Count

   Box 4: Less than or equal to
   You need to add a new rule that will continuously scale down the App Service as long as the scale up condition is not met.

   Box 5: Decrease count by

5. DRAG DROP

   You have an application that uses Azure Blob storage.

   You need to update the metadata of the blobs.

   Which three methods should you use to develop the solution? To answer, move the appropriate methods from the list of methods to the answer area and arrange them in the correct order.

   

   

   Explanation:

   Metadata.Add example:
   // Add metadata to the dictionary by calling the Add method
   metadata.Add(“docType”, “textDocuments”);

   SetMetadataAsync example:
   // Set the blob’s metadata.
   await blob.SetMetadataAsync(metadata);

   // Set the blob’s properties.
   await blob.SetPropertiesAsync();

6. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

   After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

   You are developing an Azure solution to collect point-of-sale (POS) device data from 2,000 stores located throughout the world. A single device can produce 2 megabytes (MB) of data every 24 hours. Each store location has one to five devices that send data.

   You must store the device data in Azure Blob storage. Device data must be correlated based on a device identifier. Additional stores are expected to open in the future.

   You need to implement a solution to receive the device data.

   Solution: Provision an Azure Event Grid. Configure the machine identifier as the partition key and enable capture.

   Does the solution meet the goal?

   • Yes
   • No

7. You develop Azure solutions.

   A .NET application needs to receive a message each time an Azure virtual machine finishes processing data. The messages must NOT persist after being processed by the receiving application.

   You need to implement the .NET object that will receive the messages.

   Which object should you use?

   • QueueClient
   • SubscriptionClient
   • TopicClient
   • CloudQueueClient
   Explanation:

   A queue allows processing of a message by a single consumer. Need a CloudQueueClient to access the Azure VM.

   Incorrect Answers:
   B, C: In contrast to queues, topics and subscriptions provide a one-to-many form of communication in a publish and subscribe pattern. It’s useful for scaling to large numbers of recipients.

8. DRAG DROP

   You are maintaining an existing application that uses an Azure Blob GPv1 Premium storage account. Data older than three months is rarely used.

   Data newer than three months must be available immediately. Data older than a year must be saved but does not need to be available immediately.

   You need to configure the account to support a lifecycle management rule that moves blob data to archive storage for data not modified in the last year.

   Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

   

   

   Explanation:

   Step 1: Upgrade the storage account to GPv2
   Object storage data tiering between hot, cool, and archive is supported in Blob Storage and General Purpose v2 (GPv2) accounts. General Purpose v1 (GPv1) accounts don’t support tiering.
   You can easily convert your existing GPv1 or Blob Storage accounts to GPv2 accounts through the Azure portal.

   Step 2: Copy the data to be archived to a Standard GPv2 storage account and then delete the data from the original storage account

   Step 3: Change the storage account access tier from hot to cool

   Note: Hot – Optimized for storing data that is accessed frequently.
   Cool – Optimized for storing data that is infrequently accessed and stored for at least 30 days.
   Archive – Optimized for storing data that is rarely accessed and stored for at least 180 days with flexible latency requirements, on the order of hours.

   Only the hot and cool access tiers can be set at the account level. The archive access tier can only be set at the blob level.

9. You develop Azure solutions.

   You must connect to a No-SQL globally-distributed database by using the .NET API.

   You need to create an object to configure and execute requests in the database.

   Which code segment should you use?

   • new Container(EndpointUri, PrimaryKey);
   • new Database(EndpointUri, PrimaryKey);
   • new CosmosClient(EndpointUri, PrimaryKey);
   Explanation:

   Example:
   // Create a new instance of the Cosmos Client
   this.cosmosClient = new CosmosClient(EndpointUri, PrimaryKey)

   //ADD THIS PART TO YOUR CODE
   await this.CreateDatabaseAsync();

10. You have an existing Azure storage account that stores large volumes of data across multiple containers.

    You need to copy all data from the existing storage account to a new storage account. The copy process must meet the following requirements:

    -Automate data movement.
    -Minimize user input required to perform the operation.
    -Ensure that the data movement process is recoverable.

    What should you use?

    • AzCopy
    • Azure Storage Explorer
    • Azure portal
    • .NET Storage Client Library
    Explanation:

    You can copy blobs, directories, and containers between storage accounts by using the AzCopy v10 command-line utility.

    The copy operation is synchronous so when the command returns, that indicates that all files have been copied.

11. DRAG DROP

    You are developing a web service that will run on Azure virtual machines that use Azure Storage. You configure all virtual machines to use managed identities.

    You have the following requirements:

    Secret-based authentication mechanisms are not permitted for accessing an Azure Storage account.
    Must use only Azure Instance Metadata Service endpoints.

    You need to write code to retrieve an access token to access Azure Storage. To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once or not at all. You may need to drag the split bar between panes or scroll to view content.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Azure Instance Metadata Service endpoints “/oauth2/token”
    Box 1: http://169.254.169.254/metadata/identity/oauth2/token
    Sample request using the Azure Instance Metadata Service (IMDS) endpoint (recommended):
    GET ‘http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/’ HTTP/1.1 Metadata: true

    Box 2: JsonConvert.DeserializeObject<Dictionary<string,string>>(payload);
    Deserialized token response; returning access code.

12. DRAG DROP

    You are developing a new page for a website that uses Azure Cosmos DB for data storage. The feature uses documents that have the following format:

    

    You must display data for the new page in a specific order. You create the following query for the page:

    

    You need to configure a Cosmos DB policy to support the query.

    How should you configure the policy? To answer, drag the appropriate JSON segments to the correct locations. Each JSON segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: compositeIndexes
    You can order by multiple properties. A query that orders by multiple properties requires a composite index.

    Box 2: descending
    Example: Composite index defined for (name ASC, age ASC):
    It is optional to specify the order. If not specified, the order is ascending.
    {
    “automatic”:true,
    “indexingMode”:”Consistent”,
    “includedPaths”:[
    {
    “path”:”/*”
    }
    ],
    “excludedPaths”:[],
    “compositeIndexes”:[
    [
    {
    “path”:”/name”,
    },
    {
    “path”:”/age”,
    }
    ]
    ]
    }

13. HOTSPOT

    You are building a traffic monitoring system that monitors traffic along six highways. The system produces time series analysis-based reports for each highway. Data from traffic sensors are stored in Azure Event Hub.

    Traffic data is consumed by four departments. Each department has an Azure Web App that displays the time series-based reports and contains a WebJob that processes the incoming data from Event Hub. All Web Apps run on App Service Plans with three instances.

    Data throughput must be maximized. Latency must be minimized.

    You need to implement the Azure Event Hub.

    Which settings should you use? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: 6
    The number of partitions is specified at creation and must be between 2 and 32.
    There are 6 highways.

    Box 2: Highway

14. DRAG DROP

    You are developing a microservices solution. You plan to deploy the solution to a multinode Azure Kubernetes Service (AKS) cluster.

    You need to deploy a solution that includes the following features:

    -reverse proxy capabilities
    -configurable traffic routing
    -TLS termination with a custom certificate

    Which components should you use? To answer, drag the appropriate components to the correct requirements. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: Helm
    To create the ingress controller, use Helm to install nginx-ingress.

    Box 2: kubectl
    To find the cluster IP address of a Kubernetes pod, use the kubectl get pod command on your local machine, with the option -o wide .

    Box 3: Ingress Controller
    An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and TLS termination for Kubernetes services. Kubernetes ingress resources are used to configure the ingress rules and routes for individual Kubernetes services.

    Incorrect Answers:
    Virtual Kubelet: Virtual Kubelet is an open-source Kubernetes kubelet implementation that masquerades as a kubelet. This allows Kubernetes nodes to be backed by Virtual Kubelet providers such as serverless cloud container platforms.

    CoreDNS: CoreDNS is a flexible, extensible DNS server that can serve as the Kubernetes cluster DNS. Like Kubernetes, the CoreDNS project is hosted by the CNCF.

15. DRAG DROP

    You are implementing an order processing system. A point of sale application publishes orders to topics in an Azure Service Bus queue. The Label property for the topic includes the following data:

    

    The system has the following requirements for subscriptions:

    

    You need to implement filtering and maximize throughput while evaluating filters.

    Which filter types should you implement? To answer, drag the appropriate filter types to the correct subscriptions. Each filter type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

    NOTE: Each correct selection is worth one point.

    

    

16. DRAG DROP

    Your company has several websites that use a company logo image. You use Azure Content Delivery Network (CDN) to store the static image.

    You need to determine the correct process of how the CDN and the Point of Presence (POP) server will distribute the image and list the items in the correct order.

    In which order do the actions occur? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.

    

    

17. You are developing an Azure Cosmos DB solution by using the Azure Cosmos DB SQL API. The data includes millions of documents. Each document may contain hundreds of properties.

    The properties of the documents do not contain distinct values for partitioning. Azure Cosmos DB must scale individual containers in the database to meet the performance needs of the application by spreading the workload evenly across all partitions over time.

    You need to select a partition key.

    Which two partition keys can you use? Each correct answer presents a complete solution.

    NOTE: Each correct selection is worth one point.

    • a single property value that does not appear frequently in the documents
    • a value containing the collection name
    • a single property value that appears frequently in the documents
    • a concatenation of multiple property values with a random suffix appended
    • a hash suffix appended to a property value
    Explanation:

    You can form a partition key by concatenating multiple property values into a single artificial partitionKey property. These keys are referred to as synthetic keys.

    Another possible strategy to distribute the workload more evenly is to append a random number at the end of the partition key value. When you distribute items in this way, you can perform parallel write operations across partitions.

    Note: It’s the best practice to have a partition key with many distinct values, such as hundreds or thousands. The goal is to distribute your data and workload evenly across the items associated with these partition key values. If such a property doesn’t exist in your data, you can construct a synthetic partition key.

18. HOTSPOT

    You are developing an Azure-hosted e-commerce web application. The application will use Azure Cosmos DB to store sales orders. You are using the latest SDK to manage the sales orders in the database.

    You create a new Azure Cosmos DB instance. You include a valid endpoint and valid authorization key to an appSettings.json file in the code project.

    You are evaluating the following application code: (Line number are included for reference only.)

    

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: Yes
    The createDatabaseIfNotExistsAsync method checks if a database exists, and if it doesn’t, create it.
    The Database.CreateContainerAsync method creates a container as an asynchronous operation in the Azure Cosmos service.

    Box 2: Yes
    The CosmosContainer.CreateItemAsync method creates an item as an asynchronous operation in the Azure Cosmos service.

    Box 3: Yes

19. DRAG DROP

    You develop an Azure solution that uses Cosmos DB.

    The current Cosmos DB container must be replicated and must use a partition key that is optimized for queries.

    You need to implement a change feed processor solution.

    Which change feed processor components should you use? To answer, drag the appropriate components to the correct requirements. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view the content.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: The monitored container
    The monitored container has the data from which the change feed is generated. Any inserts and updates to the monitored container are reflected in the change feed of the container.

    Box 2: The lease container
    The lease container acts as a state storage and coordinates processing the change feed across multiple workers. The lease container can be stored in the same account as the monitored container or in a separate account.

    Box 3: The host: A host is an application instance that uses the change feed processor to listen for changes. Multiple instances with the same lease configuration can run in parallel, but each instance should have a different instance name.

    Box 4: The delegate
    The delegate is the code that defines what you, the developer, want to do with each batch of changes that the change feed processor reads.

20. Case study

    This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.

    To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.

    At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

    To start the case study

    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.

    Background

    Overview

    You are a developer for Contoso, Ltd. The company has a social networking website that is developed as a Single Page Application (SPA). The main web application for the social networking website loads user uploaded content from blob storage.

    You are developing a solution to monitor uploaded data for inappropriate content. The following process occurs when users upload content by using the SPA:

    • Messages are sent to ContentUploadService.
    • Content is processed by ContentAnalysisService.
    • After processing is complete, the content is posted to the social network or a rejection message is posted in its place.

    The ContentAnalysisService is deployed with Azure Container Instances from a private Azure Container Registry named contosoimages.

    The solution will use eight CPU cores.

    Azure Active Directory

    Contoso, Ltd. uses Azure Active Directory (Azure AD) for both internal and guest accounts.

    Requirements

    ContentAnalysisService

    The company’s data science group built ContentAnalysisService which accepts user generated content as a string and returns a probable value for inappropriate content. Any values over a specific threshold must be reviewed by an employee of Contoso, Ltd.

    You must create an Azure Function named CheckUserContent to perform the content checks.

    Costs

    You must minimize costs for all Azure services.

    Manual review

    To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role. All completed reviews must include the reviewer’s email address for auditing purposes.

    High availability

    All services must run in multiple regions. The failure of any service in a region must not impact overall application availability.

    Monitoring

    An alert must be raised if the ContentUploadService uses more than 80 percent of available CPU cores.

    Security

    You have the following security requirements:
    -Any web service accessible over the Internet must be protected from cross site scripting attacks.
    -All websites and services must use SSL from a valid root certificate authority.
    -Azure Storage access keys must only be stored in memory and must be available only to the service.
    -All Internal services must only be accessible from internal Virtual Networks (VNets).
    -All parts of the system must support inbound and outbound traffic restrictions.
    -All service calls must be authenticated by using Azure AD.

    User agreements

    When a user submits content, they must agree to a user agreement. The agreement allows employees of Contoso, Ltd. to review content, store cookies on user devices, and track user’s IP addresses.

    Information regarding agreements is used by multiple divisions within Contoso, Ltd.

    User responses must not be lost and must be available to all parties regardless of individual service uptime. The volume of agreements is expected to be in the millions per hour.

    Validation testing

    When a new version of the ContentAnalysisService is available the previous seven days of content must be processed with the new version to verify that the new version does not significantly deviate from the old version.

    Issues

    Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.

    Code

    ContentUploadService

    

    ApplicationManifest

    

    1. DRAG DROP

       You need to add markup at line AM04 to implement the ContentReview role.

       How should you complete the markup? To answer, drag the appropriate json segments to the correct locations. Each json segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

       NOTE: Each correct selection is worth one point.

       

       

       Explanation:

       Box 1: allowedMemberTypes
       allowedMemberTypes specifies whether this app role definition can be assigned to users and groups by setting to “User”, or to other applications (that are accessing this application in daemon service scenarios) by setting to “Application”, or to both.

       Note: The following example shows the appRoles that you can assign to users.
       “appId”: “8763f1c4-f988-489c-a51e-158e9ef97d6a”,
       “appRoles”: [
       {
       “allowedMemberTypes”: [
       “User”
       ],
       “displayName”: “Writer”,
       “id”: “d1c2ade8-98f8-45fd-aa4a-6d06b947c66f”,
       “isEnabled”: true,
       “description”: “Writers Have the ability to create tasks.”,
       “value”: “Writer”
       }
       ],
       “availableToOtherTenants”: false,

       Box 2: User
       Scenario: In order to review content a user must be part of a ContentReviewer role.

       Box 3: value
       value specifies the value which will be included in the roles claim in authentication and access tokens.

    2. HOTSPOT

       You need to add code at line AM09 to ensure that users can review content using ContentAnalysisService.

       How should you complete the code? To answer, select the appropriate options in the answer area.

       NOTE: Each correct selection is worth one point.

       

       

       Explanation:

       Box 1: “oauth2Permissions”: [“login”]
       oauth2Permissions specifies the collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. These permission scopes may be granted to client apps during consent.

       Box 2: “oauth2AllowImplicitFlow”:true
       For applications (Angular, Ember.js, React.js, and so on), Microsoft identity platform supports the OAuth 2.0 Implicit Grant flow.

    3. HOTSPOT

       You need to ensure that network security policies are met.

       How should you configure network security? To answer, select the appropriate options in the answer area.

       NOTE: Each correct selection is worth one point.

       

       

    4. DRAG DROP

       You need to add YAML markup at line CS17 to ensure that the ContentUploadService can access Azure Storage access keys.

       How should you complete the YAML markup? To answer, drag the appropriate YAML segments to the correct locations. Each YAML segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

       NOTE: Each correct selection is worth one point.

       

       

       Explanation:

       Box 1: volumeMounts
       Example:
       volumeMounts:
       – mountPath: /mnt/secrets
       name: secretvolume1
       volumes:
       – name: secretvolume1
       secret:
       mysecret1: TXkgZmlyc3Qgc2VjcmV0IEZPTwo=

       Box 2: volumes

       Box 3: secret

    5. HOTSPOT

       You need to add code at line AM10 of the application manifest to ensure that the requirement for manually reviewing content can be met.

       How should you complete the code? To answer, select the appropriate options in the answer area.

       NOTE: Each correct selection is worth one point.

       

       

       Explanation:

       Box 1: sid
       Sid: Session ID, used for per-session user sign-out. Personal and Azure AD accounts.

       Scenario: Manual review
       To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role.

       Box 2: email
       Scenario: All completed reviews must include the reviewer’s email address for auditing purposes.