최신 070-535 무료덤프 - Microsoft Architecting Microsoft Azure Solutions
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the started goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to design the system that handles uploaded documents.
Solution: Use an Azure Blob Container as the location to upload documents. Use Azure Service Bus for user notification and to start processing.
Does the solution meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to design the system that handles uploaded documents.
Solution: Use an Azure Blob Container as the location to upload documents. Use Azure Service Bus for user notification and to start processing.
Does the solution meet the goal?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
You are designing a Windows Azure application. The application includes two web roles and three instances of a worker role. The web roles will send requests to the worker role through one or more Windows Azure Queues. You have the following requirements:
-Ensure that each request is processed exactly one time.
-Minimize the idle time of each worker role instance.
-Maximize the reliability of request processing.
You need to recommend a queue design for sending requests to the worker role.
What should you recommend?
-Ensure that each request is processed exactly one time.
-Minimize the idle time of each worker role instance.
-Maximize the reliability of request processing.
You need to recommend a queue design for sending requests to the worker role.
What should you recommend?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
A company uses Azure for several virtual machine (VM) and website workloads. The company plans to assign administrative roles to a specific group of users. You have a resource group named GROUP1 and a virtual machine named VM2.
The users have the following responsibilities:
You need to assign the appropriate level of privileges to each of the administrators by using the principle of least privilege.
What should you do? To answer, select the appropriate target objects and permission levels in the answer area.
The users have the following responsibilities:
You need to assign the appropriate level of privileges to each of the administrators by using the principle of least privilege.
What should you do? To answer, select the appropriate target objects and permission levels in the answer area.
정답:
Explanation
* Owner can manage everything, including access.
* Contributors can manage everything except access.
Note: Azure role-based access control allows you to grant appropriate access to Azure AD users, groups, and services, by assigning roles to them on a subscription or resource group or individual resource level.
References:
http://azure.microsoft.com/en-us/documentation/articles/role-based-access-control-configure/
Topic 6, Woodgrove Bank
Background
Overview
Woodgrove Bank has 20 regional offices and operates 1,500 branch office locations. Each regional office hosts the servers, infrastructure, and applications that support that region.
Woodgrove Bank plans to move all of their on-premises resources to Azure, including virtual machine (VM)-based, line-of-business workloads, and SQL databases. You are the owner of the Azure subscription that Woodgrove Bank is using. Your team is using Git repositories hosted on GitHub for source control.
Security
Currently, Woodgrove Bank's Computer Security Incident Response Team (CSIRT) has a problem investigating security issues due to the lack of security intelligence integrated with their current incident response tools. This lack of integration introduces a problem during the detection (too many false positives), assessment, and diagnose stages. You decide to use Azure Security Center to help address this problem.
Woodgrove Bank has several apps with regulated data such as Personally Identifiable Information (PII) that require a higher level of security. All apps are currently secured by using an on-premises Active Directory Domain Services (ADDS). The company depends on the following mission-critical apps: WGBLoanMaster, WGBLeaseLeader, and WGBCreditCruncher apps. You plan to move each of these apps to Azure as part of an app migration project.
Apps
The WGBLoanMaster app has been audited for transaction loss. Many transactions have been lost in processing and monetary write-offs have cost the bank. The app runs on two VMs that include several public endpoints.
The WGBLeaseLeader app has been audited for several data breaches. The app includes a SQL Server database and a web-based portal. The portal uses an ASP.NET Web API function to generate a monthly aggregate report from the database.
The WGBCreditCruncher app runs on a VM and is load balanced at the network level. The app includes several stateless components and must accommodate scaling of increased credit processing. The app runs on a nightly basis to process credit transactions that are batched during the day. The app includes a web-based portal where customers can check their credit information. A mobile version of the app allows users to upload check images.
Business Requirements
WGBLoanMaster app
The app audit revealed a need for zero transaction loss. The business is losing money due to the app losing and not processing loan information. In addition, transactions fail to process after running for a long time. The business has requested the aggregation processing to be scheduled for 01:00 to prevent system slowdown.
WGBLeaseLeader app
The app should be secured to stop data breaches. If the data is breached, it must not be readable. The app is continuing to see increased volume and the business does not want the issues presented in the WGBLoanMaster app. Transaction loss is unacceptable, and although the lease monetary amounts are smaller than loans, they are still an important profit center for Woodgrove Bank. The business would also like the monthly report to be automatically generated on the first of the month. Currently, a user must log in to the portal and click a button to generate the report.
WGBCreditCruncher app
The web-based portal area of the app must allow users to sign in with their Facebook credentials. The bank would like to allow this feature to enable more users to check their credit within the app.
Woodgrove Bank needs to develop a new financial risk modeling feature that they can include in the WGBCreditCruncher app. The financial risk modeling feature has not been developed due to costs associated with processing, transforming, and analyzing the large volumes of data that are collected. You need to find a way to implement parallel processing to ensure that the features run efficiently, reliably, and quickly. The feature must scale based on computing demand to process the large volumes of data and output several financial risk models.
Technical Requirements
WGBLoanMaster app
The app uses several compute-intensive tasks that create long-running requests to the system. The app is critical to the business and must be scalable to increased loan processing demands. The VMs that run the app include a Windows Task Scheduler task that aggregates loan information from the app to send to a third party.
This task runs a console app on the VM.
The app requires a messaging system to handle transaction processing. The messaging system must meet the following requirements:
* Allow messages to reside in the queue for up to a month.
* Be able to publish and consume batches of messages.
* Allow full integration with the Windows Communication Foundation (WCF) communication stack.
* Provide a role-based access model to the queues, including different permissions for senders and receivers.
You develop an Azure Resource Manager (ARM) template to deploy the VMs used to support the app. The template must be deployed to a new resource group and you must validate your deployment settings before creating actual resources.
WGBLeaseLeader app
The app must use Azure SQL Databases as a replacement to the current Microsoft SQL Server environment.
The monthly report must be automatically generated.
The app requires a messaging system to handle transaction processing. The messaging system must meet the following requirements:
* Require server-side logs of all of the transactions run against your queues.
* Track progress of a message within the queue.
* Process the messages within 7 days.
* Provide a differing timeout value per message.
WGBCreditCruncher app
The app must:
* Secure inbound and outbound traffic.
* Analyze inbound network traffic for vulnerabilities.
* Use an instance-level public IP and allow web traffic on port 443 only.
* Upgrade the portal to a Single Page Application (SPA) that uses JavaScript, Azure Active Directory (Azure AD), and the OAuth 2.0 implicit authorization grant to secure the Web API back end.
* Cache authentication and host the Web API back end using the Open Web Interface for .NET (OWIN) middleware.
* Immediately compress check images received from the mobile web app.
* Schedule processing of the batched credit transactions on a nightly basis.
* Provide parallel processing and scalable computing resources to output financial risk models.
* Use simultaneous computer nodes to enable high performance computing and updating of the financial risk models.
Key security area
You are designing a live streaming event by using Azure Media Services. The delivery of the video will use HTTP Live Streaming (HLS) to an azure Content Delivery Network (CDN) streaming endpoint.
Viewers of the content may not be a trusted party and you require the highest level of security.
You must secure the media delivery by using dynamic encryption.
Solution: Use Azure Storage Service Encryption to encrypt all assets with an encryption key and authorization policy. Configure the asset's delivery policy to deliver by using Advanced Encryption Standard (AES).
Does the solution meet the goal?
Viewers of the content may not be a trusted party and you require the highest level of security.
You must secure the media delivery by using dynamic encryption.
Solution: Use Azure Storage Service Encryption to encrypt all assets with an encryption key and authorization policy. Configure the asset's delivery policy to deliver by using Advanced Encryption Standard (AES).
Does the solution meet the goal?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
A company hosts virtual machines (VMs) in an on-Premises datacenter and in Azure. The on-premises and Azure-based VMs communicate using ExpressRoute.
The company wants to be able to continue regular operations if the ExpressRoute connection fails. Failover connections must use the internet and must not require Multiprotocol Label Switching (MPLS) support.
You need to recommend a solution that provides continued operations.
What should you recommend?
The company wants to be able to continue regular operations if the ExpressRoute connection fails. Failover connections must use the internet and must not require Multiprotocol Label Switching (MPLS) support.
You need to recommend a solution that provides continued operations.
What should you recommend?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
You are designing an Azure Web App.
All users must authenticate by using Active Directory Domain Services (AD DS) credentials.
You need to recommend an approach to enable single sign-on to the application for domain-authenticated users.
Which two actions should you recommend? Each correct answer presents part of the solution.
All users must authenticate by using Active Directory Domain Services (AD DS) credentials.
You need to recommend an approach to enable single sign-on to the application for domain-authenticated users.
Which two actions should you recommend? Each correct answer presents part of the solution.
정답: A,D
설명: (DumpTOP 회원만 볼 수 있음)
You administer an Azure Active Directory (Azure AD) tenant. You add a custom application to the tenant.
The application must be able to:
* Read data from the tenant directly.
* Write data to the tenant on behalf of a user.
In the table below, identify the permission that must be granted to the application. Make only one selection in each column.
The application must be able to:
* Read data from the tenant directly.
* Write data to the tenant on behalf of a user.
In the table below, identify the permission that must be granted to the application. Make only one selection in each column.
정답:
Explanation
Application Permission: Read directory data
The application must be able to Read data from the tenant directly.
Delegated Permission: Read and write Directory Data
The application must be able to write data to the tenant on behalf of a user.
As an administrator, you can also consent to an application's delegated permissions on behalf of all the users in your tenant. This will prevent the consent dialog from appearing for every user in the tenant. You can do this from the Azure portal from your application page. From the Settings blade for your application, click Required Permissions and click on the Grant Permissions button.
References:
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications
A company runs Linux and Windows virtual machines (VMs) in a secured virtual network. You deploy Azure ExpressRoute.
You need to recommend a solution that allows the company to investigate unusual network traffic for layer-2 and layer-3 protocols and ports.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to recommend a solution that allows the company to investigate unusual network traffic for layer-2 and layer-3 protocols and ports.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation
Wire data is consolidated network and performance data collected from Windows-connected and Linux-connected computers with the OMS agent, including those monitored by Operations Manager in your environment. Network data is combined with your other log data to help you correlate data.
In addition to the OMS agent, the Wire Data solution uses Microsoft Dependency Agents that you install on computers in your IT infrastructure. Dependency Agents monitor network data sent to and from your computers for network levels 2-3 in the OSI model, including the various protocols and ports used. Data is then sent to Log Analytics using agents.
Box 1: Deploy the Microsoft Dependency Agent to the VMs
Box 2: Use the OMS Wire Data Solution
Not Azure Monitor: Azure Monitor provides base-level infrastructure metrics and logs for most services in Microsoft Azure
You need to recommend the steps required to deploy the Northwind Electric Cars website.
Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
정답:
Explanation
References:
https://docs.microsoft.com/en-us/azure/app-service-web/websites-dotnet-webjobs-sdk-get-started
Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other question on this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next sections of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question on this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Background
General
Trey Research is the global leader in analytical data collection and research. Trey Research houses its servers in a highly secure server environment. The company has continuous monitoring, surveillance, and support to prevent unauthorized access and data security.
The company uses advanced security measures including firewalls, security guards, and surveillance to ensure the continued service and protection of data from natural disaster, intruders, and disruptive events.
Trey Research has recently expanded its operations into the cloud by using Microsoft Azure. The company creates an Azure virtual network and a Virtual Machine (VM) for moving on-premises Subversion repositories to the cloud. Employees access Trey Research applications hosted on-premises and in the cloud by using credentials stored on-premises.
Applications
Trey Research hosts two mobile apps on Azure, DataViewer and DataManager. The company uses Azure-hosted web apps for internal and external users. Federated partners of Trey Research have a single sign-on (SSO) experience with the DataViewer application.
Architecture
You have an Azure Virtual Network (VNET) named TREYRESEARCH_VNET. The VNET includes all hosted VMs. The virtual network includes a subnet Frontend and a subnet named RepoBackend. A resource group has been created to contain the TREYRESEARCH_VNET, DataManager and DataViewer. You manage VMs by using System Center VM Manager (SCVMM). Data for specific high security projects and clients are hosted on-premises. Data for other projects and clients are hosted in the cloud.
Azure Administration
DataManager
The DataManager app connects to a RESTful service. It allows users to retrieve, update, and delete Trey Research data.
Requirements
General
You have the following general requirements:
Disaster recovery
Disaster recovery and business continuity plans must use a single, integrated service that supports the following features:
Security
You identify the following security requirements:
Subversion server
Subversion Server Sheet
You need to enforce the security requirements for all subversion servers.
How should you configure network security? To answer, select the appropriate answer from each list in the answer area.
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other question on this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next sections of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question on this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Background
General
Trey Research is the global leader in analytical data collection and research. Trey Research houses its servers in a highly secure server environment. The company has continuous monitoring, surveillance, and support to prevent unauthorized access and data security.
The company uses advanced security measures including firewalls, security guards, and surveillance to ensure the continued service and protection of data from natural disaster, intruders, and disruptive events.
Trey Research has recently expanded its operations into the cloud by using Microsoft Azure. The company creates an Azure virtual network and a Virtual Machine (VM) for moving on-premises Subversion repositories to the cloud. Employees access Trey Research applications hosted on-premises and in the cloud by using credentials stored on-premises.
Applications
Trey Research hosts two mobile apps on Azure, DataViewer and DataManager. The company uses Azure-hosted web apps for internal and external users. Federated partners of Trey Research have a single sign-on (SSO) experience with the DataViewer application.
Architecture
You have an Azure Virtual Network (VNET) named TREYRESEARCH_VNET. The VNET includes all hosted VMs. The virtual network includes a subnet Frontend and a subnet named RepoBackend. A resource group has been created to contain the TREYRESEARCH_VNET, DataManager and DataViewer. You manage VMs by using System Center VM Manager (SCVMM). Data for specific high security projects and clients are hosted on-premises. Data for other projects and clients are hosted in the cloud.
Azure Administration
DataManager
The DataManager app connects to a RESTful service. It allows users to retrieve, update, and delete Trey Research data.
Requirements
General
You have the following general requirements:
Disaster recovery
Disaster recovery and business continuity plans must use a single, integrated service that supports the following features:
Security
You identify the following security requirements:
Subversion server
Subversion Server Sheet
You need to enforce the security requirements for all subversion servers.
How should you configure network security? To answer, select the appropriate answer from each list in the answer area.
정답:
Explanation
/ You host multiple subversion (SVN) repositories in the RepoBackend subnet. The SVN servers on this subnet must use inbound and outbound TCP at port 8443.
A company uses Azure to host virtual machines (VMS) and web apps. You have an app service named App1 that uses the Basic app service tier.
You need to ensure that diagnostic data for Appl is permanently stored. Solution: You specify a storage account in the Diagnostics,xml file.
Does the solution meet the goal?
You need to ensure that diagnostic data for Appl is permanently stored. Solution: You specify a storage account in the Diagnostics,xml file.
Does the solution meet the goal?
정답: A
You administer an Azure Web Site named contosoweb that is used to sell various products. Contosoweb experiences heavy traffic during weekends.
You need to analyze the response time of the product catalog page during peak times, from different locations.
What should you do?
You need to analyze the response time of the product catalog page during peak times, from different locations.
What should you do?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
You are designing an Azure Web App.
All users must authenticate by using Active Directory Domain Services (AD DS) credentials.
You need to recommend an approach to enable single sign-on to the application for domain-authenticated users.
Which two actions should you recommend? Each correct answer presents part of the solution.
All users must authenticate by using Active Directory Domain Services (AD DS) credentials.
You need to recommend an approach to enable single sign-on to the application for domain-authenticated users.
Which two actions should you recommend? Each correct answer presents part of the solution.
정답: A,D
설명: (DumpTOP 회원만 볼 수 있음)
You need to deploy the WGBLoanMaster app by using Azure PowerShell.
Which four Azure PowerShell cmdlets should you run in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Which four Azure PowerShell cmdlets should you run in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
정답:
Explanation
You manage a cloud service on two instances. The service name is Service1 and the role name is ServiceRole1. Service1 has performance issues during heavy traffic periods.
You need to increase the existing deployment of Service1 to three instances. Which Power Shell cmdlet should you use?
You need to increase the existing deployment of Service1 to three instances. Which Power Shell cmdlet should you use?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)