AZ-220 : Microsoft Azure IoT Developer : Part 01
-
Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.Overview
A company named Contoso, Ltd. is creating a building monitoring system that will monitor the temperature, humidity, and light level at various points in a building’s internal structure.
Contoso will test the system at a single building located in the United Kingdom. The building has 25 floors. Each floor has 15 rooms.
Existing Environment. Current State of Development
Contoso produces a set of Bluetooth sensors that read the temperature and humidity. The sensors connect to IoT gateway devices that relay the data.
All the IoT gateway devices connect to an Azure IoT hub named iothub1.
Existing Environment. Device Twin
You plan to implement device twins by using the following JSON sample.
Existing Environment. Azure Stream Analytics
Each room will have between three to five sensors that will generate readings that are sent to a single IoT gateway device. The IoT gateway device will forward all the readings to iothub1 at intervals of between 10 and 60 seconds.
You plan to use a gateway pattern so that each IoT gateway device will have its own IoT Hub device identity.
You draft the following query, which is missing the GROUP BY clause.
SELECT AVG(temperature), System.TimeStamp() AS AsaTime FROM Iothub
You plan to use a 30-second period to calculate the average temperature reading of the sensors.
You plan to minimize latency between the condition reported by the sensors and the corresponding alert issued by the Stream Analytics job.
Existing Environment. Device Messages
The IoT gateway devices will send messages that contain the following JSON data whenever the temperature exceeds a specified threshold.
The level property will be used to route the messages to an Azure Service Bus queue endpoint named criticalep.
Existing Environment. Issues
You discover connectivity issues between the IoT gateway devices and iothub1, which cause IoT devices to lose connectivity and messages.
Requirements. Planned Changes
Contoso plans to make the following changes:
– Use Stream Analytics to process and view data.
– Use Azure Time Series Insights to visualize data.
– Implement a system to sync device statuses and required settings.
– Add extra information to messages by using message enrichment.
– Create a notification system to send an alert if a condition exceeds a specified threshold.
– Implement a system to identify what causes the intermittent connection issues and lost messages.Requirements. Technical Requirements
Contoso must meet the following technical requirements:
– Use the built-in functions of IoT Hub whenever possible.
– Minimize hardware and software costs whenever possible.
– Minimize administrative effort to provision devices at scale.
– Implement a system to trace message flow to and from iothub1.
– Minimize the amount of custom coding required to implement the planned changes.
– Prevent read operations from being negatively affected when you implement additional services.-
HOTSPOT
You create a new IoT device named device1 on iothub1. The primary key value assigned to device1 is Uihuih76hbHb.
How should you complete the device connection string? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:Box 1: iothub1
The Azure IoT hub is named iothub1.Box 2: azure-devices.net
The format of the device connection string looks like:HostName={YourIoTHubName}.azure-devices.net;DeviceId=MyNodeDevice;SharedAccessKey={YourSharedAccessKey}
Box 1: device1
Device1 has a primary key of Uihuih76hbHb.
-
-
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure IoT solution that includes an Azure IoT hub, a Device Provisioning Service instance, and 1,000 connected IoT devices.
All the IoT devices are provisioned automatically by using one enrollment group.
You need to temporarily disable the IoT devices from the connecting to the IoT hub.
Solution: From the Device Provisioning Service, you disable the enrollment group, and you disable device entries in the identity registry of the IoT hub to which the IoT devices are provisioned.
Does the solution meet the goal?
- Yes
- No
Explanation:You may find it necessary to deprovision devices that were previously auto-provisioned through the Device Provisioning Service.
In general, deprovisioning a device involves two steps:
1. Disenroll the device from your provisioning service, to prevent future auto-provisioning. Depending on whether you want to revoke access temporarily or permanently, you may want to either disable or delete an enrollment entry.2. Deregister the device from your IoT Hub, to prevent future communications and data transfer. Again, you can temporarily disable or permanently delete the device’s entry in the identity registry for the IoT Hub where it was provisioned.
-
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure IoT solution that includes an Azure IoT hub, a Device Provisioning Service instance, and 1,000 connected IoT devices.
All the IoT devices are provisioned automatically by using one enrollment group.
You need to temporarily disable the IoT devices from the connecting to the IoT hub.
Solution: You delete the enrollment group from the Device Provisioning Service.
Does the solution meet the goal?
- Yes
- No
Explanation:
Instead, from the Device Provisioning Service, you disable the enrollment group, and you disable device entries in the identity registry of the IoT hub to which the IoT devices are provisioned. -
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure IoT solution that includes an Azure IoT hub, a Device Provisioning Service instance, and 1,000 connected IoT devices.
All the IoT devices are provisioned automatically by using one enrollment group.
You need to temporarily disable the IoT devices from the connecting to the IoT hub.
Solution: From the IoT hub, you change the credentials for the shared access policy of the IoT devices.
Does the solution meet the goal?
- Yes
- No
-
HOTSPOT
You have an Azure IoT hub.
You plan to deploy 1,000 IoT devices by using automatic device management.
The device twin is shown below.
You need to configure automatic device management for the deployment.
Which target Condition and Device Twin Path should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:Box 1: tags.engine.warpDriveType=’VM105a’
Use tags to target twins. Before you create a configuration, you must specify which devices or modules you want to affect. Azure IoT Hub identifies devices and using tags in the device twin, and identifies modules using tags in the module twin.Box 2: properties.desired.warpOperating
The twin path, which is the path to the JSON section within the twin desired properties that will be set.For example, you could set the twin path to properties.desired.chiller-water and then provide the following JSON content:
{
“temperature”: 66,
“pressure”: 28
} -
You plan to deploy a standard tier Azure IoT hub.
You need to perform an over-the-air (OTA) update on devices that will connect to the IoT hub by using scheduled jobs.
What should you use?
- a device-to-cloud message
- the device twin reported properties
- a cloud-to-device message
- a direct method
Explanation:Releases via the REST API.
All of the operations that can be performed from the Console can also be automated using the REST API. You might do this to automate your build and release process, for example.You can build firmware using the Particle CLI or directly using the compile source code API.
Note: Over-the-air (OTA) firmware updates are a vital component of any IoT system. Over-the-air firmware updates refers to the practice of remotely updating the code on an embedded device.
-
You have an IoT device that gathers data in a CSV file named Sensors.csv.
You deploy an Azure IoT hub that is accessible at ContosoHub.azure-devices.net.
You need to ensure that Sensors.csv is uploaded to the IoT hub.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- Upload Sensors.csv by using the IoT Hub REST API.
- From the Azure subscription, select the IoT hub, select Message routing, and then configure a route to storage.
- From the Azure subscription, select the IoT hub, select File upload, and then configure a storage container.
- Configure the device to use a GET request to ContosoHub.azure-devices.net/devices/ContosoDevice1/files/notifications.
Explanation:C: To use the file upload functionality in IoT Hub, you must first associate an Azure Storage account with your hub. Select File upload to display a list of file upload properties for the IoT hub that is being modified.
For Storage container: Use the Azure portal to select a blob container in an Azure Storage account in your current Azure subscription to associate with your IoT Hub. If necessary, you can create an Azure Storage account on the Storage accounts blade and blob container on the Containers
A: IoT Hub has an endpoint specifically for devices to request a SAS URI for storage to upload a file. To start the file upload process, the device sends a POST request to {iot hub}.azure-devices.net/devices/{deviceId}/files with the following JSON body:
{ "blobName": "{name of the file for which a SAS URI will be generated}" }
Incorrect Answers:
D: Deprecated: initialize a file upload with a GET. Use the POST method instead. -
You plan to deploy an Azure IoT hub.
The IoT hub must support the following:
– Three Azure IoT Edge devices
– 2,500 IoT devicesEach IoT device will spend a 6 KB message every five seconds.
You need to size the IoT hub to support the devices. The solution must minimize costs.
What should you choose?
- one unit of the S1 tier
- one unit of the B2 tier
- one unit of the B1 tier
- one unit of the S3 tier
Explanation:2500* 6 KB * 12 = 180,000 KB/minute = 180 MB/Minute.
B3, S3 can handle up to 814 MB/minute per unit.
Incorrect Answers:
A, C: B1, S1 can only handle up to 1111 KB/minute per unit
B: B2, S2 can only handle up to 16 MB/minute per unit. -
DRAG DROP
You deploy an Azure IoT hub.
You need to demonstrate that the IoT hub can receive messages from a device.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:Step 1: Register a device in IoT Hub
Before you can use your IoT devices with Azure IoT Edge, you must register them with your IoT hub. Once a device is registered, you can retrieve a connection string to set up your device for IoT Edge workloads.Step 2: Configure the device connection string on a device client.
When you’re ready to set up your device, you need the connection string that links your physical device with its identity in the IoT hub.Step 3: Trigger a new send event from a device client.
-
DRAG DROP
You have an Azure IoT hub.
You plan to attach three types of IoT devices as shown in the following table.
You need to select the appropriate communication protocol for each device.
What should you select? To answer, drag the appropriate protocols to the correct devices. Each protocol may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Explanation:Box 1: AMQP
Use AMQP on field and cloud gateways to take advantage of connection multiplexing across devices.Box 2: MQTT
MQTT is used on all devices that do not require to connect multiple devices (each with its own per-device credentials) over the same TLS connection.Box 3: HTTPS
Use HTTPS for devices that cannot support other protocols. -
You create an Azure IoT hub by running the following command.
az iot hub create --resource-group MyResourceGroup --name MyIotHub --sku B1 --location westus --partition-count 4
What does MylotHub support?
- Device Provisioning Service
- cloud-to-device messaging
- Azure IoT Edge
- device twins
Explanation:The Device Provisioning Service is included in the Basic Tiers (such as B1).
Incorrect Answers:
B, C, D: The Standard tier is needed for cloud-to-device messaging, Azure IoT Edge, and device twins. -
You have an existing Azure IoT hub.
You need to connect physical IoT devices to the IoT hub.
You are connecting the devices through a firewall that allows only port 443 and port 80.
Which three communication protocols can you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- MQTT over WebSocket
- AMQP
- AMQP over WebSocket
- MQTT
- HTTPS
Explanation:
MQTT over WebSockets, AMQP over WebSocket, and HTTPS use port 443. -
You have an Azure IoT solution that includes an Azure IoT hub and 100 Azure IoT Edge devices.
You plan to deploy the IoT Edge devices to external networks. The firewalls of the external networks only allow traffic on port 80 and port 443.
You need to ensure that the devices can connect to the IoT hub. The solution must minimize costs.
What should you do?
- Configure the upstream protocol of the devices to use MQTT over TCP.
- Configure the upstream protocol of the devices to use MQTT over WebSocket.
- Connect the external networks to the IoT solution by using ExpressRoute.
- Integrate cellular communication hardware onto the devices and avoid the use of the external networks.
Explanation:MQTT over WebSockets uses port 443.
Note: Devices can communicate with IoT Hub in Azure using various protocols. Typically, the choice of protocol is driven by the specific requirements of the solution. The following table lists the outbound ports that must be open for a device to be able to use a specific protocol:
Incorrect Answers:
A: MQTT over TCP uses port 883.
C: ExpressRoute uses BGP, which uses TCP port 179.
D: HTTPS proxy also uses port 443, but it would be a more expensive solution. -
You have 100 devices that connect to an Azure IoT hub named Hub1. The devices connect by using a symmetric key.
You deploy an IoT hub named Hub2.
You need to migrate 10 devices from Hub1 to Hub2. The solution must ensure that the devices retain the existing symmetric key.
What should you do?
- Add a desired property to the device twin of Hub2. Update the endpoint of the 10 devices to use Hub2.
- Add a desired property to the device twin of Hub1. Recreate the device identity on Hub2.
- Recreate the device identity on Hub2. Update the endpoint of the 10 devices to use Hub2.
- Disable the 10 devices on Hub1. Update the endpoint of the 10 devices to use Hub2.
Explanation:
Desired properties. Used along with reported properties to synchronize device configuration or conditions. The solution back end can set desired properties, and the device app can read them. The device app can also receive notifications of changes in the desired properties. -
Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.Overview
A company named Contoso, Ltd. is creating a building monitoring system that will monitor the temperature, humidity, and light level at various points in a building’s internal structure.
Contoso will test the system at a single building located in the United Kingdom. The building has 25 floors. Each floor has 15 rooms.
Existing Environment. Current State of Development
Contoso produces a set of Bluetooth sensors that read the temperature and humidity. The sensors connect to IoT gateway devices that relay the data.
All the IoT gateway devices connect to an Azure IoT hub named iothub1.
Existing Environment. Device Twin
You plan to implement device twins by using the following JSON sample.
Existing Environment. Azure Stream Analytics
Each room will have between three to five sensors that will generate readings that are sent to a single IoT gateway device. The IoT gateway device will forward all the readings to iothub1 at intervals of between 10 and 60 seconds.
You plan to use a gateway pattern so that each IoT gateway device will have its own IoT Hub device identity.
You draft the following query, which is missing the GROUP BY clause.
SELECT AVG(temperature), System.TimeStamp() AS AsaTime FROM Iothub
You plan to use a 30-second period to calculate the average temperature reading of the sensors.
You plan to minimize latency between the condition reported by the sensors and the corresponding alert issued by the Stream Analytics job.
Existing Environment. Device Messages
The IoT gateway devices will send messages that contain the following JSON data whenever the temperature exceeds a specified threshold.
The level property will be used to route the messages to an Azure Service Bus queue endpoint named criticalep.
Existing Environment. Issues
You discover connectivity issues between the IoT gateway devices and iothub1, which cause IoT devices to lose connectivity and messages.
Requirements. Planned Changes
Contoso plans to make the following changes:
– Use Stream Analytics to process and view data.
– Use Azure Time Series Insights to visualize data.
– Implement a system to sync device statuses and required settings.
– Add extra information to messages by using message enrichment.
– Create a notification system to send an alert if a condition exceeds a specified threshold.
– Implement a system to identify what causes the intermittent connection issues and lost messages.Requirements. Technical Requirements
Contoso must meet the following technical requirements:
– Use the built-in functions of IoT Hub whenever possible.
– Minimize hardware and software costs whenever possible.
– Minimize administrative effort to provision devices at scale.
– Implement a system to trace message flow to and from iothub1.
– Minimize the amount of custom coding required to implement the planned changes.
– Prevent read operations from being negatively affected when you implement additional services.-
What should you do to identify the cause of the connectivity issues?
- Send cloud-to-device messages to the IoT devices.
- Use the heartbeat pattern to send messages from the IoT devices to iothub1.
- Monitor the connection status of the device twin by using an Azure function.
- Enable the collection of the Connections diagnostic logs and set up alerts for the connected devices count metric.
Explanation:Scenario: You discover connectivity issues between the IoT gateway devices and iothub1, which cause IoT devices to lose connectivity and messages.
To log device connection events and errors, turn on diagnostics for IoT Hub. We recommend turning on these logs as early as possible, because if diagnostic logs aren’t enabled, when device disconnects occur, you won’t have any information to troubleshoot the problem with.
Step 1:
1. Sign in to the Azure portal.
2. Browse to your IoT hub.
3. Select Diagnostics settings.
4. Select Turn on diagnostics.
5. Enable Connections logs to be collected.
6. For easier analysis, turn on Send to Log Analytics (see pricing).Step 2:
Set up alerts for device disconnect at scale
To get alerts when devices disconnect, configure alerts on the Connected devices (preview) metric. -
HOTSPOT
You are writing code to provision IoT devices by using the Device Provisioning Service.
Which two details from the Overview blade of the Device Provisioning Service are required to provision a new IoT client device? To answer, select the appropriate detail in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:Box 1: ID Scope
In the Azure portal, select the Overview blade for your Device Provisioning service and copy the ID Scope value. The ID Scope is generated by the service and guarantees uniqueness. It is immutable and used to uniquely identify the registration IDs.Box 2: Global device endpoint
The global_prov_uri variable, which allows the IoT Hub client registration API IoTHubClient_LL_CreateFromDeviceAuth to connect with the designated Device Provisioning Service instance.Example code:
static const char* global_prov_uri = “global.azure-devices-provisioning.net”;
static const char* id_scope = “[ID Scope]”;
-
-
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have devices that connect to an Azure IoT hub. Each device has a fixed GPS location that includes latitude and longitude.
You discover that a device entry in the identity registry of the IoT hub is missing the GPS location.
You need to configure the GPS location for the device entry. The solution must prevent the changes from being propagated to the physical device.
Solution: You add the desired properties to the device twin.
Does the solution meet the goal?
- Yes
- No
Explanation:Instead add tags to the device twin. Desired properties are synced, while tags are not.
Incorrect Answers:
A: Device Twins are used to synchronize state between an IoT solution’s cloud service and its devices. Each device’s twin exposes a set of desired properties and reported properties. The cloud service populates the desired properties with values it wishes to send to the device. When a device connects it requests and/or subscribes for its desired properties and acts on them. -
You have three Azure IoT hubs named Hub1, Hub2, and Hub3, a Device Provisioning Service instance, and an IoT device named Device1.
Each IoT hub is deployed to a separate Azure region.
Device enrollment uses the Lowest latency allocation policy.
The Device Provisioning Service uses the Lowest latency allocation policy.
Device1 is auto-provisioned to Hub1 by using the Device Provisioning Service.
Device1 regularly moves between regions.
You need to ensure that Device1 always connects to the IoT hub that has the lowest latency.
What should you do?
- Configure device attestation that uses X.509 certificates.
- Implement device certificate rolling.
- Disenroll and reenroll Device1.
- Configure the re-provisioning policy.
Explanation:
Automated re-provisioning support.
Microsoft added first-class support for device re-provisioning which allows devices to be reassigned to a different IoT solution sometime after the initial solution assignment. Re-provisioning support is available in two options:
– Factory reset, in which the device twin data for the new IoT hub is populated from the enrollment list instead of the old IoT hub. This is common for factory reset scenarios as well as leased device scenarios.
– Migration, in which device twin data is moved from the old IoT hub to the new IoT hub. This is common for scenarios in which a device is moving between geographies. -
You have an Azure subscription that contains a resource group named RG1.
You need to deploy the Device Provisioning Service. The solution must ensure that the Device Provisioning Service can accept new device enrollments.
You create a Device Provisioning Service instance.
Which two actions should you perform next? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- From the Linked IoT hubs blade of the Device Provisioning Service, link an Azure IoT hub.
- From the Azure portal, create a new Azure IoT hub.
- From the Manage allocation policy blade of the Device Provisioning Service, configure an allocation policy.
- From the Certificates blade of the Device Provisioning Service, upload an X.509 certificate to the Device Provisioning Service.
Explanation:A: The Device Provisioning Service can only provision devices to IoT hubs that have been linked to it.
C: Allocation policy. The service-level setting that determines how Device Provisioning Service assigns devices to an IoT hub. There are three supported allocation policies:
– Lowest latency: devices are provisioned to an IoT hub with the lowest latency to the device.
– Evenly weighted distribution
– Static configuration via the enrollment list -
You have 10,000 IoT devices that connect to an Azure IoT hub. The devices do not support over-the-air (OTA) updates.
You need to decommission 1,000 devices. The solution must prevent connections and autoenrollment for the decommissioned devices.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- Update the connectionState device twin property on all the devices.
- Blacklist the X.509 root certification authority (CA) certificate for the enrollment group.
- Delete the enrollment entry for the devices.
- Remove the identity certificate from the hardware security module (HSM) of the devices.
- Delete the device identity from the device registry of the IoT hub.
Explanation:
In general, deprovisioning a device involves two steps:
– Disenroll the device from your provisioning service, to prevent future auto-provisioning. Depending on whether you want to revoke access temporarily or permanently, you may want to either disable or delete an enrollment entry.
– Deregister the device from your IoT Hub, to prevent future communications and data transfer. Again, you can temporarily disable or permanently delete the device’s entry in the identity registry for the IoT Hub where it was provisioned. -
HOTSPOT
You have an Azure IoT Central application that has a custom device template.
You need to configure the device template to support the following activities:
– Return the reported power consumption.
– Configure the desired fan speed.
– Run the device reset routine.
– Read the fan serial number.Which option should you use for each activity? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Explanation:A device template in Azure IoT Central is a blueprint that defines the:
Telemetry a device sends to IoT Central.
Properties a device synchronizes with IoT Central.
Commands that IoT Central calls on a device.Box 1: Measurement
Telemetry/measurement is a stream of values sent from the device, typically from a sensor. For example, a sensor might report the ambient temperature.Box 2: Properties
The template can provide a writeable fan speed property
Properties represent point-in-time values. For example, a device can use a property to report the target temperature it’s trying to reach. You can set writeable properties from IoT Central.Box 3: Properties
Box 4: Command
You can call device commands from IoT Central. Commands optionally pass parameters to the device and receive a response from the device. For example, you can call a command to reboot a device in 10 seconds.