AZ-220 : Microsoft Azure IoT Developer : Part 02
-
DRAG DROP
You have an Azure IoT Central application that includes a Device Provisioning Service instance.
You need to connect IoT devices to the application without first registering the devices.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:Step 1: Obtain the credential
Obtain the group primary key from the IoT Central enrollment group.Step 2: Generate device credentials
The group primary key used to generate device credentialsStep 3: Flash unique credentials to the devices
The OEM flashes each device with a device ID, a generated device SAS key, and the application ID scope value.Step 4: Connect the devices to IoT Central
Step 5: Associate the devices to a template and approve the connections
-
You have an Azure IoT Central application.
You need to connect an IoT device to the application.
Which two settings do you require in IoT Central to configure the device? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- Group SAS Primary Key
- the IoT hub name
- Scope ID
- Application Name
- Device ID
Explanation:
Required connection information:
– Group primary key: In your IoT Central application, navigate to Administration > Device Connection > SAS-IoT-Devices. Make a note of the shared access signature Primary key value.
– ID scope: In your IoT Central application, navigate to Administration > Device Connection. Make a note of the ID scope value. -
You have an existing Azure IoT hub.
You use IoT Hub jobs to schedule long running tasks on connected devices.
Which three operations do the IoT Hub jobs support directly? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- Trigger Azure functions.
- Invoke direct methods.
- Update desired properties.
- Send cloud-to-device messages.
- Disable IoT device registry entries.
- Update tags.
Explanation:
Consider using jobs when you need to schedule and track progress any of the following activities on a set of devices:
– Invoke direct methods
– Update desired properties
– Update tags -
You have an Azure IoT hub.
You need to recommend a solution to scale the IoT hub automatically.
What should you include in the recommendation?
- Create an SMS alert in IoT Hub for the Total number of messages used metric.
- Create an Azure function that retrieves the quota metrics of the IoT hub.
- Configure autoscaling in Azure Monitor.
- Emit custom metrics from the IoT device code and create an Azure Automation runbook alert.
Explanation:Note: IoT Hub is scaled and priced based on an allowed number of messages per day across all devices connected to that IoT Hub. If you exceed the allowed message threshold for your chosen tier and number of units, IoT Hub will begin rejecting new messages. To date, there is no built-in mechanism for automatically scaling an IoT Hub to the next level of capacity if you approach or exceed that threshold.
-
You have an Azure IoT hub that uses a Device Provisioning Service instance.
You create a new individual device enrollment that uses symmetric key attestation.
Which detail from the enrollment is required to auto provision the device by using the Device Provisioning Service?
- the registration ID of the enrollment
- the primary key of the enrollment
- the device identity of the IoT hub
- the hostname of the IoT hub
Explanation:The registration ID is used to uniquely identify a device registration with the Device Provisioning Service. The device ID must be unique in the provisioning service ID scope. Each device must have a registration ID.
Note: An individual enrollment is an entry for a single device that may register. Individual enrollments may use either X.509 leaf certificates or SAS tokens (from a physical or virtual TPM) as attestation mechanisms. The registration ID in an individual enrollment is alphanumeric, lowercase, and may contain hyphens.
-
You have an Azure IoT hub that uses a Device Provisioning Service instance to automate the deployment of Azure IoT Edge devices.
The IoT Edge devices have a Trusted Platform Module (TPM) 2.0 chip.
From the Azure portal, you plan to add an individual enrollment to the Device Provisioning Service that will use the TPM of the IoT Edge devices as the attestation mechanism.
Which detail should you obtain before you can create the enrollment?
- the scope ID and the Device Provisioning Service endpoint
- the primary key of the Device Provisioning Service shared access policy and the global device endpoint
- the X.509 device certificate and the certificate chain
- the endorsement key and the registration ID
Explanation:
The TPM simulator’s Registration ID and the Endorsement key, are used when you create an individual enrollment for your device. -
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have devices that connect to an Azure IoT hub. Each device has a fixed GPS location that includes latitude and longitude.
You discover that a device entry in the identity registry of the IoT hub is missing the GPS location.
You need to configure the GPS location for the device entry. The solution must prevent the changes from being propagated to the physical device.
Solution: You use an Azure policy to apply tags to a resource group.
Does the solution meet the goal?
- Yes
- No
Explanation:Instead tags should be added to the Device twin.
Tags: A section of the JSON document that the solution back end can read from and write to. Tags are not visible to device apps.
-
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have devices that connect to an Azure IoT hub. Each device has a fixed GPS location that includes latitude and longitude.
You discover that a device entry in the identity registry of the IoT hub is missing the GPS location.
You need to configure the GPS location for the device entry. The solution must prevent the changes from being propagated to the physical device.
Solution: You add tags to the device twin.
Does the solution meet the goal?
- Yes
- No
Explanation:Tags are not synced.
Tags: A section of the JSON document that the solution back end can read from and write to. Tags are not visible to device apps.
-
You have an existing Azure IoT hub.
You use IoT Hub jobs to schedule long running tasks on connected devices.
Which two operations do the IoT Hub jobs support directly? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- Trigger Azure functions.
- Invoke direct methods.
- Update desired properties.
- Send cloud-to-device messages.
- Disable IoT device registry entries.
Explanation:
Consider using jobs when you need to schedule and track progress any of the following activities on a set of devices:
– Invoke direct methods
– Update desired properties
– Update tags -
You have 1,000 IoT devices that connect to an Azure IoT hub.
Each device has a property tag named city that is used to store the location of the device.
You need to update the properties on all the devices located at an office in the city of Seattle as quickly as possible. Any new devices in the Seattle office that are added to the IoT hub must receive the updated properties also.
What should you do?
- From Automatic Device Management, create an IoT device configuration.
- From the IoT hub, generate a query for the target devices.
- Create a scheduled job by using the IoT Hub service SDKs.
- Deploy an Azure IoT Edge transparent gateway to the Seattle office and deploy an Azure Stream Analytics edge job.
Explanation:
Automatic device management in Azure IoT Hub automates many of the repetitive and complex tasks of managing large device fleets. With automatic device management, you can target a set of devices based on their properties, define a desired configuration, and then let IoT Hub update the devices when they come into scope. This update is done using an automatic device configuration or automatic module configuration, which lets you summarize completion and compliance, handle merging and conflicts, and roll out configurations in a phased approach. -
You have an Azure IoT Central application.
You add an IoT device named Oven1 to the application. Oven1 uses an IoT Central template for industrial ovens.
You need to send an email to the managers group at your company as soon as the oven temperature falls below 400 degrees.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- Create a SendGrid account in the same resource group as the IoT Central application.
- Add a condition that has Time Aggregation set to Off.
- Add a condition that has Aggregation set to Minimum.
- Add the Manager role to the IoT Central application.
- From IoT Central, create a telemetry rule for the template.
Explanation:Devices use telemetry to send numerical data from the device. A rule triggers when the selected telemetry crosses a specified threshold.
E: To create a telemetry rule, the device template must include at least one telemetry value. The rule monitors the temperature reported by the device and sends an email when it falls below 400 degrees.
B: Configure the rule conditions.
Conditions define the criteria that the rule monitors. In this tutorial, you configure the rule to fire when the temperature exceeds 70° F.
1. Select Temperature in the Telemetry dropdown.
2. Next, choose Is less than as the Operator and enter 400 as the Value.3. Optionally, you can set a Time aggregation. When you select a time aggregation, you must also select an aggregation type, such as average or sum from the aggregation drop-down.
Without aggregation, the rule triggers for each telemetry data point that meets the condition.
With aggregation, the rule triggers if the aggregate value of the telemetry data points in the time window meets the condition. -
You have an Azure IoT solution that includes multiple Azure IoT hubs in different geographic locations and a single Device Provision Service instance.
You need to configure device enrollment to assign devices to the appropriate IoT hub based on the following requirements:
– The registration ID of the device
– The geographic location of the deviceThe load between the IoT hubs in the same geographic location must be balanced.
What should you use to assign the devices to the IoT hubs?
- Static configuration (via enrollment list only)
- Lowest latency
- Evenly weighted distribution
- Custom (Use Azure Function)
Explanation:
Set the Device Provisioning Service allocation policy
The allocation policy is a Device Provisioning Service setting that determines how devices are assigned to an IoT hub. There are three supported allocation policies:
– Lowest latency: Devices are provisioned to an IoT hub based on the hub with the lowest latency to the device.
– Evenly weighted distribution (default): Linked IoT hubs are equally likely to have devices provisioned to them. This is the default setting. If you are provisioning devices to only one IoT hub, you can keep this setting.
– Static configuration via the enrollment list: Specification of the desired IoT hub in the enrollment list takes priority over the Device Provisioning Service-level allocation policy. -
You are developing an Azure IoT Central application.
You add a new custom device template to the application.
You need to add a fixed location value to the device template. The value must be updated by the physical IoT device, read-only to device operators, and not graphed by IoT Central.
What should you add to the device template?
- a Location property
- a Location telemetry
- a Cloud property
Explanation:
For example, a builder can create a device template for a connected fan that has the following characteristics:
– Sends temperature telemetry
– Sends location property -
DRAG DROP
You have an Azure IoT solution that includes an Azure IoT hub, a Device Provisioning Service instance, and 1,000 connected IoT devices. The IoT devices are allocated to tour enrollment groups. Each enrollment group is configured to use certificate attestation.
You need to decommission all the devices in a single enrollment group and the enrollment group itself.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:To deprovision all of the devices that have been provisioned through an enrollment group:
1. Disable the enrollment group to disallow its signing certificate.
2. Use the list of provisioned devices for that enrollment group to disable or delete each device from the identity registry of its respective IoT hub.
3. After disabling or deleting all devices from their respective IoT hubs, you can optionally delete the enrollment group. Be aware, though, that, if you delete the enrollment group and there is an enabled enrollment group for a signing certificate higher up in the certificate chain of one or more of the devices, those devices can re-enroll. -
You have an Azure IoT hub that uses a Device Provision Service instance.
You plan to deploy 100 IoT devices.
You need to confirm the identity of the devices by using the Device Provision Service.
Which three device attestation mechanisms can you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- X.509 certificates
- Trusted Platform Module (TPM) 2.0
- Trusted Platform Module (TPM) 1.2
- Symmetric key
- Device Identity Composition Engine (DICE)
Explanation:
The Device Provisioning Service supports the following forms of attestation:
– X.509 certificates based on the standard X.509 certificate authentication flow.
– Trusted Platform Module (TPM) based on a nonce challenge, using the TPM 2.0 standard for keys to present a signed Shared Access Signature (SAS) token. This does not require a physical TPM on the device, but the service expects to attest using the endorsement key per the TPM spec.
– Symmetric Key based on shared access signature (SAS) Security tokens, which include a hashed signature and an embedded expiration. -
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Standard tier Azure IoT hub and a fleet of IoT devices.
The devices connect to the IoT hub by using either Message Queuing Telemetry Transport (MQTT) or Advanced Message Queuing Protocol (AMQP).
You need to send data to the IoT devices and each device must respond. Each device will require three minutes to process the data and respond.
Solution: You update the twin desired property and check the corresponding reported property.
Does this meet the goal?
- Yes
- No
Explanation:
IoT Hub provides three options for device apps to expose functionality to a back-end app:
– Twin’s desired properties for long-running commands intended to put the device into a certain desired state. For example, set the telemetry send interval to 30 minutes.
– Direct methods for communications that require immediate confirmation of the result. Direct methods are often used for interactive control of devices such as turning on a fan.
– Cloud-to-device messages for one-way notifications to the device app. -
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Standard tier Azure IoT hub and a fleet of IoT devices.
The devices connect to the IoT hub by using either Message Queuing Telemetry Transport (MQTT) or Advanced Message Queuing Protocol (AMQP).
You need to send data to the IoT devices and each device must respond. Each device will require three minutes to process the data and respond.
Solution: You use direct methods and check the response.
Does this meet the goal?
- Yes
- No
Explanation:
IoT Hub provides three options for device apps to expose functionality to a back-end app:
– Twin’s desired properties for long-running commands intended to put the device into a certain desired state. For example, set the telemetry send interval to 30 minutes.
– Direct methods for communications that require immediate confirmation of the result. Direct methods are often used for interactive control of devices such as turning on a fan.
– Cloud-to-device messages for one-way notifications to the device app. -
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Standard tier Azure IoT hub and a fleet of IoT devices.
The devices connect to the IoT hub by using either Message Queuing Telemetry Transport (MQTT) or Advanced Message Queuing Protocol (AMQP).
You need to send data to the IoT devices and each device must respond. Each device will require three minutes to process the data and respond.
Solution: You use cloud-to-device messages and watch the cloud-to-device feedback endpoint for successful acknowledgement.
Does this meet the goal?
- Yes
- No
Explanation:
IoT Hub provides three options for device apps to expose functionality to a back-end app:
– Twin’s desired properties for long-running commands intended to put the device into a certain desired state. For example, set the telemetry send interval to 30 minutes.
– Direct methods for communications that require immediate confirmation of the result. Direct methods are often used for interactive control of devices such as turning on a fan.
– Cloud-to-device messages for one-way notifications to the device app. -
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure IoT solution that includes an Azure IoT hub, a Device Provisioning Service instance, and 1,000 connected IoT devices.
All the IoT devices are provisioned automatically by using one enrollment group.
You need to temporarily disable the IoT devices from connecting to the IoT hub.
Solution: You disconnect the Device Provisioning Service from the IoT hub.
Does this meet the goal?
- Yes
- No
Explanation:
Instead, from the Device Provisioning Service, you disable the enrollment group, and you disable device entries in the identity registry of the IoT hub to which the IoT devices are provisioned. -
DRAG DROP
You need to install the Azure IoT Edge runtime on a new device that runs Windows 10 IoT Enterprise.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:Step 1: From Azure IoT Hub, create an IoT Edge Device
Step 2: Deploy-IoTEdge
The Deploy-IoTEdge command checks that your Windows machine is on a supported version, turns on the containers feature, and then downloads the moby runtime and the IoT Edge runtime. The command defaults to using Windows containers.{Invoke-WebRequest -useb https://aka.ms/iotedge-win} | Invoke-Expression; ` Deploy-IoTEdge
Step 3: Initialize-IoTEdge
The Initialize-IoTEdge command configures the IoT Edge runtime on your machine. The command defaults to manual provisioning with Windows containers.{Invoke-WebRequest -useb https://aka.ms/iotedge
Step 4: Enter the IoT Edge device connection string.
When prompted, provide the device connection string that you retrieved in step 1. The device connection string associates the physical device with a device ID in IoT Hub.