Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You manage a project in Azure DevOps. You need to prevent the configuration of the project from changing over time. Solution: Implement Continuous Assurance for the project. Does this meet the goal?
A. Yes
B. No
The basic idea behind Continuous Assurance (CA) is to setup the ability to check for "drift" from what is considered a secure snapshot of a system. Support for Continuous Assurance lets us treat security truly as a 'state' as opposed to a 'point in time' achievement. This is particularly important in today's context when 'continuous change' has become a norm. There can be two types of drift: - Drift involving 'baseline' configuration: This involves settings that have a fixed number of possible states (often pre-defined/statically determined ones). For instance, a SQL DB can have TDE encryption turned ON or OFF...or a Storage Account may have auditing turned ON however the log retention period may be less than 365 days. - Drift involving 'stateful' configuration: There are settings which cannot be constrained within a finite set of well-known states. For instance, the IP addresses configured to have access to a SQL DB can be any (arbitrary) set of IP addresses. In such scenarios, usually human judgment is initially required to determine whether a particular configuration should be considered 'secure' or not. However, once that is done, it is important to ensure that there is no "stateful drift" from the attested configuration. (E.g., if, in a troubleshooting session, someone adds the IP address of a developer machine to the list, the Continuous Assurance feature should be able to identify the drift and generate notifications/alerts or even trigger 'auto-remediation' depending on the severity of the change). Reference: https://azsk.azurewebsites.net/04-Continous-Assurance/Readme.html
Question 112
You are designing a configuration management solution to support five apps hosted on Azure App Service. Each app is available in the following three environments: development, test, and production. You need to recommend a configuration management solution that meets the following requirements: - Supports feature flags - Tracks configuration changes from the past 30 days - Stores hierarchically structured configuration values - Controls access to the configurations by using role-based access control (RBAC) permissions - Stores shared values as key/value pairs that can be used by all the apps Which Azure service should you recommend as the configuration management solution?
A. Azure Cosmos DB
B. Azure App Service
C. Azure App Configuration
D. Azure Key Vault
The Feature Manager in the Azure portal for App Configuration provides a UI for creating and managing the feature flags that you use in your applications. App Configuration offers the following benefits: - A fully managed service that can be set up in minutes - Flexible key representations and mappings - Tagging with labels - Point-in-time replay of settings - Dedicated UI for feature flag management - Comparison of two sets of configurations on custom-defined dimensions Enhanced security through Azure-managed identities - Encryption of sensitive information at rest and in transit - Native integration with popular frameworks App Configuration complements Azure Key Vault, which is used to store application secrets. Reference: https://docs.microsoft.com/en-us/azure/azure-app-configuration/overview
Question 113
You have a containerized solution that runs in Azure Container Instances. The solution contains a frontend container named App1 and a backend container named DB1. DB1 loads a large amount of data during startup. You need to verify that DB1 can handle incoming requests before users can submit requests to App1. What should you configure?
A. a liveness probe
B. a performance log
C. a readiness probe
D. an Azure Load Balancer health probe
For containerized applications that serve traffic, you might want to verify that your container is ready to handle incoming requests. Azure Container Instances supports readiness probes to include configurations so that your container can't be accessed under certain conditions. Incorrect Answers: A: Containerized applications may run for extended periods of time, resulting in broken states that may need to be repaired by restarting the container. Azure Container Instances supports liveness probes so that you can configure your containers within your container group to restart if critical functionality is not working. Reference: https://docs.microsoft.com/en-us/azure/container-instances/container-instances-readiness-probe
Question 114
You are designing a strategy to monitor the baseline metrics of Azure virtual machines that run Windows Server. You need to collect detailed data about the processes running in the guest operating system. Which two agents should you deploy? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. the Telegraf agent
B. the Azure Log Analytics agent
C. the Azure Network Watcher Agent for Windows
D. the Dependency agent
The following table provide a quick comparison of the Azure Monitor agents for Windows. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agents-overview
Question 115
DRAG DROP - You use Azure Pipelines to automate Continuous Integration/Continuous Deployment (CI/CD) for an Azure web app named WebApp1. You configure an Azure Monitor alert that is triggered when WebApp1 generates an error. You need to configure the alert to forward details of the error to a third-party system. The solution must minimize administrative effort. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
Box 1: Create an Azure logic app. Box 2: Select the HTTP request trigger. Box 3: Updated the action group in Azure Monitor. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/action-groups-logic-app
Question 116
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure DevOps organization named Contoso and an Azure subscription. The subscription contains an Azure virtual machine scale set named VMSS1 that is configured for autoscaling. You have a project in Azure DevOps named Project1. Project1 is used to build a web app named App1 and deploy App1 to VMSS1. You need to ensure that an email alert is generated whenever VMSS1 scales in or out. Solution: From Azure DevOps, configure the Notifications settings for Project1. Does this meet the goal?
A. Yes
B. No
Notifications help you and your team stay informed about activity that occurs within your projects in Azure DevOps. You can get notified when changes occur to the following items: - work items - code reviews - pull requests - source control files builds Reference: https://docs.microsoft.com/en-us/azure/devops/notifications/about-notifications?view=azure-devops
Question 117
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure DevOps organization named Contoso and an Azure subscription. The subscription contains an Azure virtual machine scale set named VMSS1 that is configured for autoscaling. You have a project in Azure DevOps named Project1. Project1 is used to build a web app named App1 and deploy App1 to VMSS1. You need to ensure that an email alert is generated whenever VMSS1 scales in or out. Solution: From Azure DevOps, configure the Service hooks settings for Project1. Does this meet the goal?
A. Yes
B. No
Question 118
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure DevOps organization named Contoso and an Azure subscription. The subscription contains an Azure virtual machine scale set named VMSS1 that is configured for autoscaling. You have a project in Azure DevOps named Project1. Project1 is used to build a web app named App1 and deploy App1 to VMSS1. You need to ensure that an email alert is generated whenever VMSS1 scales in or out. Solution: From Azure Monitor, create an action group. Does this meet the goal?
A. Yes
B. No
An action group is a collection of notification preferences defined by the owner of an Azure subscription. Azure Monitor, Service Health and Azure Advisor alerts use action groups to notify users that an alert has been triggered. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/action-groups
Question 119
DRAG DROP - You are using the Dependency Tracker extension in a project in Azure DevOps. You generate a risk graph for the project. What should you use in the risk graph to identify the number of dependencies and the risk level of the project? To answer, drag the appropriate elements to the correct data points. Each element may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place:
Box 1: Link width - The width of the lines indicates how many dependencies exist in that area, the thicker the link the more dependencies as indicated in the legend. Box 2: Link color - Reference: https://docs.microsoft.com/en-us/azure/devops/boards/extensions/dependency-tracker?view=azure-devops#risk-graph
Question 120
You have an Azure subscription linked to an Azure Active Directory Premium Plan 1 tenant. A security review indicates that too many users have privileged access to resources. You need to deploy a privileged access management solution that meets the following requirements: • Enforces time limits on the use of privileged access • Requires approval to activate privileged access • Minimizes costs What should you do first?
A. Configure notifications when privileged roles are activated.
B. Configure alerts for the activation of privileged roles.
C. Enforce Azure Multi-Factor Authentication (MFA) for role activation.
D. Upgrade the license of the Azure Active Directory (Azure AD) tenant.
