DRAG DROP - (Topic 8)
You develop a gateway solution for a public facing news API.
The news API back end is implemented as a RESTful service and hosted in an Azure App Service instance.
You need to configure back-end authentication for the API Management service instance. Which target and gateway credential type should you use? To answer, drag the appropriate
values to the correct parameters. Each value may be used once, more than once, or not at
all. You may need to drag the split bar between panes or scroll to view content.
NOTE:Each correct selection is worth one point.

Solution:
Box 1: Azure Resource Box 2: Client cert
API Management allows to secure access to the back-end service of an API using client certificates.

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Topic 8)
You develop and deploy an Azure Logic app that calls an Azure Function app. The Azure Function app includes an OpenAPl (Swagger) definition and uses an Azure Blob storage account. All resources are secured by using Azure Active Directory (Azure AD).
The Azure Logic app must securely access the Azure Blob storage account. Azure AD resources must remain if the Azure Logic app is deleted.
You need to secure the Azure Logic app. What should you do?

1. A. Create an Azure AD custom role and assign role-based access controls.
2. B. Create an Azure AD custom role and assign the role to the Azure Blob storage account.
3. C. Create an Azure Key Vault and issue a client certificate.
4. D. Create a user-assigned managed identity and assign role-based access controls.
5. E. Create a system-assigned managed identity and issue a client certificate.

Correct Answer: D
To give a managed identity access to an Azure resource, you need to add a role to the target resource for that identity.
Note: To easily authenticate access to other resources that are protected by Azure Active Directory (Azure AD) without having to sign in and provide credentials or secrets, your logic app can use a managed identity (formerly known as Managed Service Identity or MSI). Azure manages this identity for you and helps secure your credentials because you don't have to provide or rotate secrets.
If you set up your logic app to use the system-assigned identity or a manually created, user-assigned identity, the function in your logic app can also use that same identity for authentication.
Reference:
https://docs.microsoft.com/en-us/azure/logic-apps/create-managed-service-identity
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates-for-clients

- (Topic 8)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
You are developing and deploying several ASP.Net web applications to Azure App Service. You plan to save session state information and HTML output. You must use a storage mechanism with the following requirements:
•Share session state across all ASP.NET web applications
•Support controlled, concurrent access to the same session state data for multiple readers and a single writer
•Save full HTTP responses for concurrent requests You need to store the information.
Proposed Solution: Deploy and configure Azure Cache for Redis. Update the web applications.
Does the solution meet the goal?

1. A. Yes
2. B. No

Correct Answer: A
The session state provider for Azure Cache for Redis enables you to share session information between different instances of an ASP.NET web application.
The same connection can be used by multiple concurrent threads. Redis supports both read and write operations.
The output cache provider for Azure Cache for Redis enables you to save the HTTP responses generated by an ASP.NET web application.
Note: Using the Azure portal, you can also configure the eviction policy of the cache, and control access to the cache by adding users to the roles provided. These roles, which define the operations that members can perform, include Owner, Contributor, and Reader. For example, members of the Owner role have complete control over the cache (including security) and its contents, members of the Contributor role can read and write information
in the cache, and members of the Reader role can only retrieve data from the cache.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/best-practices/caching

HOTSPOT - (Topic 8)
You are authoring a set of nested Azure Resource Manager templates to deploy Azure resources. You author an Azure Resource Manager template named mainTempIate.json that contains the following linked templates: linkedTemplatel.json, linkedTemplate2json.
You add parameters to a parameters template file named mainTemplate.parameters.json. You save all templates on a local device in the C:templates folder.
You have the following requirements:
• Store the templates in Azure for later deployment.
• Enable versioning of the templates.
• Manage access to the templates by using Azure RBAC
You need to store the templates in Azure.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Topic 8)
You are developing a medical records document management website. The website is used to store scanned copies of patient intake forms. If the stored intake forms are downloaded from storage by a third party, the content of the forms must not be compromised.
You need to store the intake forms according to the requirements. Solution:
✑ uk.co.certification.simulator.questionpool.PList@2ffbc590 Does the solution meet the goal?

1. A. Yes
2. B. No

Correct Answer: B
Instead use an Azure Key vault and public key encryption. Store the encrypted from in Azure Storage Blob storage.