You are developing a sales application that will contain several Azure cloud services and handle different components of a transaction. Different cloud services will process customer orders, billing, payment, inventory, and shipping. You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using XML messages. What should you include in the recommendation?
Question 232
You are developing a sales application that will contain several Azure cloud services and handle different components of a transaction. Different cloud services will process customer orders, billing, payment, inventory, and shipping. You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using XML messages. What should you include in the recommendation?
Question 233
You need to design a highly available Azure SQL database that meets the following requirements: • Failover between replicas of the database must occur without any data loss. • The database must remain available in the event of a zone outage. • Costs must be minimized. Which deployment option should you use?
Question 234
DRAG DROP - You plan to deploy an infrastructure solution that will contain the following configurations: • External users will access the infrastructure by using Azure Front Door. • External user access to the backend APIs hosted in Azure Kubernetes Service (AKS) will be controlled by using Azure API Management. • External users will be authenticated by an Azure AD B2C tenant that uses OpenID Connect-based federation with a third-party identity provider. Which function does each service provide? To answer, drag the appropriate functions to the correct services. Each function may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Question 235
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service instances will be deployed at the same time as the Azure SQL databases. The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region. You need to recommend a solution to meet the regulatory requirement. Solution: You recommend using an Azure Policy initiative to enforce the location of resource groups. Does this meet the goal?
Question 236
Your on-premises datacenter contains a server that runs Linux and hosts a Java app named App1. App1 has the following characteristics: • App1 is an interactive app that users access by using HTTPS connections. • The number of connections to App1 changes significantly throughout the day. • App1 runs multiple concurrent instances. • App1 requires major changes to run in a container. You plan to migrate App1 to Azure. You need to recommend a compute solution for App1. The solution must meet the following requirements: • The solution must run multiple instances of App1. • The number of instances must be managed automatically depending on the load. • Administrative effort must be minimized. What should you include in the recommendation?
Question 237
HOTSPOT - You have an Azure App Service web app named Webapp1 that connects to an Azure SQL database named DB1. Webapp1 and DB1 are deployed to the East US Azure region. You need to ensure that all the traffic between Webapp1 and DB1 is sent via a private connection. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Question 238
HOTSPOT - Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains a server named Server1. Server1 contains an app named App1 that uses AD DS authentication. Remote users access App1 by using a VPN connection to the on-premises network. You have an Azure AD tenant that syncs with the AD DS domain by using Azure AD Connect. You need to ensure that the remote users can access App1 without using a VPN. The solution must meet the following requirements: • Ensure that the users authenticate by using Azure Multi-Factor Authentication (MFA). • Minimize administrative effort. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Question 239
HOTSPOT - You need to ensure that users managing the production environment are registered for Azure MFA and must authenticate by using Azure MFA when they sign in to the Azure portal. The solution must meet the authentication and authorization requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Box 1: Azure AD Identity Protection Only users that manage the production environment by using the Azure portal must connect from a hybrid Azure AD-joined device and authenticate by using Azure Multi-Factor Authentication (MFA). Note: Policy configuration - 1. Navigate to the Azure portal. 2. Browse to Azure Active Directory > Security > Identity Protection > MFA registration policy. 3. Under Assignments 4. Users - Choose All users or Select individuals and groups if limiting your rollout. 5. Optionally you can choose to exclude users from the policy. 6. Enforce Policy - On 7. Save Box 2: Grant control in capolicy1 The litware.com tenant has a Conditional Access policy named Capolicy1. Capolicy1 requires that when users manage the Azure subscription for a production environment by using the Azure portal, they must connect from a hybrid Azure AD-joined device. Note: We need to configure the policy conditions for capolicy1 that prompt for MFA. Reference: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa
Question 240
After you migrate App1 to Azure, you need to enforce the data modification requirements to meet the security and compliance requirements. What should you do?
Scenario: Once App1 is migrated to Azure, you must ensure that new data can be written to the app, and the modification of new and existing data is prevented for a period of three years. As an administrator, you can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. The lock overrides any permissions the user might have. Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
