- (Topic 8)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are developing an Azure solution to collect point-of-sale (POS) device data from 2,000 stores located throughout the world. A single device can produce 2 megabytes (MB) of data every 24 hours. Each store location has one to five devices that send data.
You must store the device data in Azure Blob storage. Device data must be correlated based on a device identifier. Additional stores are expected to open in the future.
You need to implement a solution to receive the device data.
Solution: Provision an Azure Notification Hub. Register all devices with the hub. Does the solution meet the goal?

1. A. Yes
2. B. No

Correct Answer: B
Instead use an Azure Service Bus, which is used order processing and financial transactions.
Reference:
https://docs.microsoft.com/en-us/azure/event-grid/compare-messaging-services

- (Topic 8)
You develop and deploy an ASP.NET Core application that connects o an Azure Database for MySQL instance.
Connections to the database appear to drop intermittently and the application code does not handle the connection failure.
You need to handle the transient connection errors in code by implementing retries. What are three possible ways to achieve this goal? Each correct answer presents part of
the solution.
NOTE: Each correct selection is worth one point.

1. A. Increase connection repeat attempts exponentially up to 120 seconds.
2. B. Close the database connection and immediately report an error.
3. C. Wait five seconds before repeating the connection attempt to the database.
4. D. Disable connection pooling and configure a second Azure Database for MySQL instance.
5. E. Set a maximum number of connection attempts to 10 and report an error on subsequent connections.

Correct Answer: BCE

- (Topic 8)
You are developing an application to manage shipping information for cargo ships. The application will use Azure Cosmos D8 for storage.
The application must run offline when ships are at sea The application must be connected to Azure when ships are in port.
Which Azure Cosmos D8 API should you use for the application?

1. A. Core
2. B. MongoDe
3. C. Cassandra
4. D. Gremlin

Correct Answer: C

- (Topic 7)
You need to secure the Azure Functions to meet the security requirements.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

1. A. Store the RSA-HSM key in Azure Cosmos D
2. B. Apery the built-in policies for customer-managed keys and allowed locations.
3. C. Create a free tier Azure App Configuration instance with a new Azure AD service principal.
4. D. Store the RSA-HSM key in Azure Key Vault with soft-delete and purge-protection features enabled.
5. E. Store the RSA-HSM key in Azure Blob storage with an Immutability policy applied to the container.
6. F. Create a standard tier Azure App Configuration instance with an assigned Azure AD managed identity.

Correct Answer: CE
Scenario: All Azure Functions must centralize management and distribution of configuration data for different environments and geographies, encrypted by using a company-provided RSA-HSM key.
Microsoft Azure Key Vault is a cloud-hosted management service that allows users to encrypt keys and small secrets by using keys that are protected by hardware security modules (HSMs).
You need to create a managed identity for your application. Reference:
https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references

DRAG DROP - (Topic 8)
You are preparing to deploy a medical records application to an Azure virtual machine (VM). The application will be deployed by using a VHD produced by an on-premises build server.
You need to ensure that both the application and related data are encrypted during and after deployment to Azure.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Solution:
Step 1: Encrypt the on-premises VHD by using BitLocker without a TPM. Upload the VM to Azure Storage
Step 2: Run the Azure PowerShell command Set-AzureRMVMOSDisk
To use an existing disk instead of creating a new disk you can use the Set- AzureRMVMOSDisk command.
Example:
$osDiskName = $vmname+'_osDisk'
$osDiskCaching = 'ReadWrite'
$osDiskVhdUri = "https://$stoname.blob.core.windows.net/vhds/"+$vmname+"_os.vhd"
$vm = Set-AzureRmVMOSDisk -VM $vm -VhdUri $osDiskVhdUri -name $osDiskName - Create
Step 3: Run the Azure PowerShell command Set-AzureRmVMDiskEncryptionExtension Use the Set-AzVMDiskEncryptionExtension cmdlet to enable encryption on a running IaaS virtual machine in Azure.
Incorrect:
Not TPM: BitLocker can work with or without a TPM. A TPM is a tamper resistant security chip on the system board that will hold the keys for encryption and check the integrity of the boot sequence and allows the most secure BitLocker implementation. A VM does not have a TPM.
References:
https://www.itprotoday.com/iaaspaas/use-existing-vhd-azurerm-vm

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A