You have an on-premises network and an Azure subscription. The on-premises network has several branch offices. A branch office in Toronto contains a virtual machine named VM1 that is configured as a file server. Users access the shared files on VM1 from all the offices. You need to recommend a solution to ensure that the users can access the shared files as quickly as possible if the Toronto branch office is inaccessible. What should you include in the recommendation?
Use Azure File Sync to centralize your organization's file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server. Azure File Sync transforms Windows Server into a quick cache of your Azure file share. Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide
Question 132
HOTSPOT - You have an Azure subscription named Subscription1 that is linked to a hybrid Azure Active Directory (Azure AD) tenant. You have an on-premises datacenter that does NOT have a VPN connection to Subscription1. The datacenter contains a computer named Server1 that has Microsoft SQL Server 2016 installed. Server is prevented from accessing the internet. An Azure logic app resource named LogicApp1 requires write access to a database on Server1. You need to recommend a solution to provide LogicApp1 with the ability to access Server1. What should you recommend deploying on-premises and in Azure? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Box 1: An on-premises data gateway For logic apps in global, multi-tenant Azure that connect to on-premises SQL Server, you need to have the on-premises data gateway installed on a local computer and a data gateway resource that's already created in Azure. Box 2: A connection gateway resource Reference: https://docs.microsoft.com/en-us/azure/connectors/connectors-create-api-sqlazure
Question 133
HOTSPOT - Your company develops a web service that is deployed to an Azure virtual machine named VM1. The web service allows an API to access real-time data from VM1. The current virtual machine deployment is shown in the Deployment exhibit. The chief technology officer (CTO) sends you the following email message: "Our developers have deployed the web service to a virtual machine named VM1. Testing has shown that the API is accessible from VM1 and VM2. Our partners must be able to connect to the API over the Internet. Partners will use this data in applications that they develop." You deploy an Azure API Management (APIM) service. The relevant API Management configuration is shown in the API exhibit. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
DRAG DROP - Your company has an existing web app that runs on Azure virtual machines. You need to ensure that the app is protected from SQL injection attempts and uses a layer-7 load balancer. The solution must minimize disruptions to the code of the app. What should you recommend? To answer, drag the appropriate services to the correct targets. Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place:
Box 1: Azure Application Gateway The Azure Application Gateway Web Application Firewall (WAF) provides protection for web applications. These protections are provided by the Open Web Application Security Project (OWASP) Core Rule Set (CRS). Box 2: Web Application Firewall (WAF) Reference: https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-portal
Question 135
You are designing a microservices architecture that will be hosted in an Azure Kubernetes Service (AKS) cluster. Apps that will consume the microservices will be hosted on Azure virtual machines. The virtual machines and the AKS cluster will reside on the same virtual network. You need to design a solution to expose the microservices to the consumer apps. The solution must meet the following requirements: - Ingress access to the microservices must be restricted to a single private IP address and protected by using mutual TLS authentication. - The number of incoming microservice calls must be rate-limited. - Costs must be minimized. What should you include in the solution?
One option is to deploy APIM (API Management) inside the cluster VNet. The AKS cluster and the applications that consume the microservices might reside within the same VNet, hence there is no reason to expose the cluster publicly as all API traffic will remain within the VNet. For these scenarios, you can deploy API Management into the cluster VNet. API Management Premium tier supports VNet deployment. Reference: https://docs.microsoft.com/en-us/azure/api-management/api-management-kubernetes
Question 136
You have a .NET web service named Service1 that performs the following tasks: - Reads and writes temporary files to the local file system. - Writes to the Application event log. You need to recommend a solution to host Service1 in Azure. The solution must meet the following requirements: - Minimize maintenance overhead. - Minimize costs. What should you include in the recommendation?
Azure Web App meets the requirements and is less expansive compared to VM scale sets. Reference: https://docs.microsoft.com/es-es/azure/app-service/troubleshoot-diagnostic-logs
Question 137
You have the Azure resources shown in the following table. You need to deploy a new Azure Firewall policy that will contain mandatory rules for all Azure Firewall deployments. The new policy will be configured as a parent policy for the existing policies. What is the minimum number of additional Azure Firewall policies you should create?
Firewall policies work across regions and subscriptions. Place all your global configurations in the parent policy. The parent policy is required to be in the same region as the child policy. Each of the three regions must have a new parent policy. Reference: https://docs.microsoft.com/en-us/azure/firewall-manager/overview
Question 138
You have a .NET web service named Service1 that has the following requirements: - Must read and write temporary files to the local file system. - Must write to the Application event log. You need to recommend a solution to host Service1 in Azure. The solution must meet the following requirements: - Minimize maintenance overhead. - Minimize costs. What should you include in the recommendation?
Question 139
Your company has an app named App1 that uses data from the on-premises Microsoft SQL Server databases shown in the following table. App1 and the data are used on the first day of the month only. The data is not expected to grow more than 3 percent each year. The company is rewriting App1 as an Azure web app and plans to migrate all the data to Azure. You need to migrate the data to Azure SQL Database and ensure that the database is only available on the first day of each month. Which service tier should you use?
Note: App1 and the data are used on the first day of the month only. See Serverless compute tier below. The vCore based purchasing model. The term vCore refers to the Virtual Core. In this purchasing model of Azure SQL Database, you can choose from the provisioned compute tier and serverless compute tier. * Provisioned compute tier: You choose the exact compute resources for the workload. * Serverless compute tier: Azure automatically pauses and resumes the database based on workload activity in the serverless tier. During the pause period, Azure does not charge you for the compute resources. Reference: https://www.sqlshack.com/dtu-and-vcore-based-models-for-azure-sql-databases/
Question 140
You are developing a sales application that will contain several Azure cloud services and handle different components of a transaction. Different cloud services will process customer orders, billing, payment, inventory, and shipping. You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using XML messages. What should you include in the recommendation?
Asynchronous messaging options in Azure include Azure Service Bus, Event Grid, and Event Hubs. Reference: https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/messaging
