HOTSPOT
You are designing an Azure App Service web app.
You plan to deploy the web app to the North Europe Azure region and the West Europe Azure region.
You need to recommend a solution for the web app. The solution must meet the following requirements:
Users must always access the web app from the North Europe region, unless the region fails. The web app must be
available to users if an Azure region is unavailable. Deployment costs must be minimized.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
You plan provision a High Performance Computing (HPC) cluster in Azure that will use a third-party scheduler.
You need to recommend a solution to provision and manage the HPC cluster node.
What should you include in the recommendation?
B
Explanation:
You can dynamically provision Azure HPC clusters with Azure CycleCloud. Azure CycleCloud is the simplest way to manage
HPC workloads.
Note: Azure CycleCloud is an enterprise-friendly tool for orchestrating and managing High Performance Computing (HPC)
environments on Azure. With CycleCloud, users can provision infrastructure for HPC systems, deploy familiar HPC
schedulers, and automatically scale the infrastructure to run jobs efficiently at any scale. Through CycleCloud, users can
create different types of file systems and mount them to the compute cluster nodes to support HPC workloads.
Reference:
https://docs.microsoft.com/en-us/azure/cyclecloud/overview
Your company has 300 virtual machines hosted in a VMware environment. The virtual machines vary in size and have
various utilization levels.
You plan to move all the virtual machines to Azure.
You need to recommend how many and what size Azure virtual machines will be required to move the current workloads to
Azure. The solution must minimize administrative effort.
What should you use to make the recommendation?
C
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/migrate/migrate-appliance https://docs.microsoft.com/en-
us/learn/modules/design-your-migration-to-azure/2-plan-your-azure-migration
You are developing a sales application that will contain several Azure cloud services and handle different components of a
transaction. Different cloud services will process customer orders, billing, payment, inventory, and shipping.
You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by
using XML messages.
What should you include in the recommendation?
C
Explanation:
Asynchronous messaging options in Azure include Azure Service Bus, Event Grid, and Event Hubs.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/messaging
Your company has an app named App1 that uses data from the on-premises Microsoft SQL Server databases shown in the
following table.
App1 and the data are used on the first day of the month only. The data is not expected to grow more than 3% each year.
The company is rewriting App1 as an Azure web app and plans to migrate all the data to Azure.
You need to migrate the data to Azure SQL Database. The solution must minimize costs.
Which service tier should you use?
B
Explanation:
DTU-based Standard supports databases up to 1 TB in size.
Incorrect Answers:
A, C: vCore-based service tiers are more costly than DTU-based service tiers.
D: DTU-based Basic only supports a maximum database size of 2 GB.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/service-tiers-dtu
You have the Azure resources shown in the following table.
You need to deploy a new Azure Firewall policy that will contain mandatory rules for all Azure Firewall deployments. The
new policy will be configured as a parent policy for the existing policies.
What is the minimum number of additional Azure Firewall policies you should create?
B
Explanation:
Firewall policies work across regions and subscriptions.
Place all your global configurations in the parent policy.
Note: Policies can be created in a hierarchy. You can create a parent/global policy that will contain configurations and rules
that will apply to all/a number of firewall instances. Then you create a child policy that inherits from the parent; note that rules
changes in the parent instantly appear in the child. The child is associated with a firewall and applies configurations/rules
from the parent policy and the child policy instantly to the firewall.
Reference: https://aidanfinn.com/?p=22006
You have a .NET web service named Service1 that has the following requirements:
Must read and write temporary files to the local file system. Must write to the Application event log.
You need to recommend a solution to host Service1 in Azure. The solution must meet the following requirements:
Minimize maintenance overhead. Minimize costs.
What should you include in the recommendation?
B
You are designing a microservices architecture that will be hosted in an Azure Kubernetes Service (AKS) cluster. Apps that
will consume the microservices will be hosted on Azure virtual machines. The virtual machines and the AKS cluster will
reside on the same virtual network.
You need to design a solution to expose the microservices to the consumer apps. The solution must meet the following
requirements:
Ingress access to the microservices must be restricted to a single private IP address and protected by using mutual TLS
authentication. The number of incoming microservice calls must be rate-limited. Costs must be minimized.
What should you include in the solution?
D
Explanation:
One option is to deploy APIM (API Management) inside the cluster VNet.
The AKS cluster and the applications that consume the microservices might reside within the same VNet, hence there is no
reason to expose the cluster publicly as all API traffic will remain within the VNet.
For these scenarios, you can deploy API Management into the cluster VNet. API Management Premium tier supports VNet
deployment.
Reference: https://docs.microsoft.com/en-us/azure/api-management/api-management-kubernetes
DRAG DROP
Your company has an existing web app that runs on Azure virtual machines.
You need to ensure that the app is protected from SQL injection attempts and uses a layer-7 load balancer. The solution
must minimize disruptions to the code of the app.
What should you recommend? To answer, drag the appropriate services to the correct targets. Each service may be used
once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Explanation:
Box 1: Azure Application Gateway
The Azure Application Gateway Web Application Firewall (WAF) provides protection for web applications. These protections
are provided by the Open Web Application Security Project (OWASP) Core Rule Set (CRS).
Box 2: Web Application Firewall (WAF)
Reference: https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-customize-waf-rules-
portal
HOTSPOT
Your company develops a web service that is deployed to an Azure virtual machine named VM1. The web service allows an
API to access real-time data from VM1.
The current virtual machine deployment is shown in the Deployment exhibit.
The chief technology officer (CTO) sends you the following email message: "Our developers have deployed the web service
to a virtual machine named VM1. Testing has shown that the API is accessible from VM1 and VM2. Our partners must be
able to connect to the API over the Internet. Partners will use this data in applications that they develop." You deploy an
Azure API Management (APIM) service. The relevant API Management configuration is shown in the API exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet