- (Exam Topic 1)
How should the migrated databases DB1 and DB2 be implemented in Azure?
Solution:
Table Description automatically generated
Box 1: SQL Managed Instance
Scenario: Once migrated to Azure, DB1 and DB2 must meet the following requirements:
Maintain availability if two availability zones in the local Azure region fail.
Fail over automatically.
Minimize I/O latency.
The auto-failover groups feature allows you to manage the replication and failover of a group of databases on a server or all databases in a managed instance to another region. It is a declarative abstraction on top of the existing active geo-replication feature, designed to simplify deployment and management of geo-replicated databases at scale. You can initiate a geo-failover manually or you can delegate it to the Azure service based on a user-defined policy. The latter option allows you to automatically recover multiple related databases in a secondary region after a catastrophic failure or other unplanned event that results in full or partial loss of the SQL Database or SQL Managed Instance availability in the primary region.
Box 2: Business critical
SQL Managed Instance is available in two service tiers:
General purpose: Designed for applications with typical performance and I/O latency requirements. Business critical: Designed for applications with low I/O latency requirements and minimal impact of
underlying maintenance operations on the workload.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/auto-failover-group-overview https://docs.microsoft.com/en-us/azure/azure-sql/managed-instance/sql-managed-instance-paas-overview
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 5)
You have an Azure Active Directory (Azure AD) tenant that syncs with an on-premises Active Directory domain.
You have an internal web app named WebApp1 that is hosted on-premises. WebApp1 uses Integrated Windows authentication.
Some users work remotely and do NOT have VPN access to the on-premises network.
You need to provide the remote users with single sign-on (SSO) access to WebApp1.
Which two features should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Correct Answer:
AC
A: Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Application Proxy includes both the Application Proxy service which runs in the cloud, and the Application Proxy connector which runs on an on-premises server.
You can configure single sign-on to an Application Proxy application.
C: Microsoft recommends using Application Proxy with pre-authentication and Conditional Access policies for remote access from the internet. An approach to provide Conditional Access for intranet use is to
modernize applications so they can directly authenticate with AAD. Reference:
https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-config-sso-how-to https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-deployment-plan
- (Exam Topic 5)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has deployed several virtual machines (VMs) on-premises and to Azure. Azure ExpressRoute has been deployed and configured for on-premises to Azure connectivity.
Several VMs are exhibiting network connectivity issues.
You need to analyze the network traffic to determine whether packets are being allowed or denied to the VMs. Solution: Use the Azure Traffic Analytics solution in Azure Log Analytics to analyze the network traffic. Does the solution meet the goal?
Correct Answer:
B
Instead use Azure Network Watcher to run IP flow verify to analyze the network traffic. Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview
- (Exam Topic 5)
Your company has an app named App1 that uses data from the on-premises Microsoft SQL Server databases shown in the following table.
App1 and the data are used on the first day of the month only. The data is not expected to grow more than 3% each year.
The company is rewriting App1 as an Azure web app and plans to migrate all the data to Azure. You need to migrate the data to Azure SQL Database. The solution must minimize costs. Which service tier should you use?
Correct Answer:
C
DTU-based Standard supports databases up to 1 TB in size. Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/service-tiers-dtu
- (Exam Topic 5)
Your company, named Contoso, Ltd., implements several Azure logic apps that have HTTP triggers. The logic apps provide access to an on-premises web service.
Contoso establishes a partnership with another company named Fabrikam. IncL
Fabrikam does not have an existing Azure Active Directory (Azure AD) tenant and uses third-party OAuth 2.0 identity management to authenticate its users.
I Developers at Fabrikam plan to use a subset of the logic apps to build applications that will integrate with the on-premises web service of Contoso.
You need to design a solution to provide the Fabrikam developers with access to the logic apps. The solution must meet the following requirements:
• Requests to the logic apps from the developers must be limited to lower rates than the requests from the users at Contoso.
• The developers must be able to rely on their existing OAuth 2.0 provider to gain access to the logic apps.
• The solution must NOT require changes to the logic apps.
• The solution must NOT use Azure AD guest accounts. What should you include in the solution?
Correct Answer:
D
API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services.
You can secure API Management using the OAuth 2.0 client credentials flow. Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts https://docs.microsoft.com/en-us/azure/api-management/api-management-features https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#ena