최신 070-535 무료덤프 - Microsoft Architecting Microsoft Azure Solutions
You plan to implement Multi-Factor Authentication (MFA).
Administrators must be able to protect user accounts with MFA. You must implement text messages or telephone calls as a second factor.
You need to recommend a MFA solution that minimize costs.
What should you recommend?
Administrators must be able to protect user accounts with MFA. You must implement text messages or telephone calls as a second factor.
You need to recommend a MFA solution that minimize costs.
What should you recommend?
정답: C
You manage a network that includes an on-premises Active Directory Domain Services domain and an Azure Active Directory (Azure AD).
Employees are required to use different accounts when using on-premises or cloud resources. You must recommend a solution that lets employees sign in to all company resources by using a single account. The solution must implement an identity provider.
You need provide guidance on the different identity providers.
How should you describe each identity provider? To answer, select the appropriate description from each list in the answer area.
NOTE: Each correct selection is worth one point.
Employees are required to use different accounts when using on-premises or cloud resources. You must recommend a solution that lets employees sign in to all company resources by using a single account. The solution must implement an identity provider.
You need provide guidance on the different identity providers.
How should you describe each identity provider? To answer, select the appropriate description from each list in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation
Synchronized identity is the simplest way to synchronize on-premises directory objects (users and groups) with Azure AD.
While synchronized identity is the easiest and quickest method, your users still need to maintain a separate password for cloud-based resources. To avoid this, you can also (optionally) synchronize a hash of user passwords to your Azure AD directory. Synchronizing password hashes enables users to log in to cloud-based organizational resources with the same user name and password that they use on-premises. Azure AD Connect periodically checks your on-premises directory for changes and keeps your Azure AD directory synchronized.
When a user attribute or password is changed on-premises Active Directory, it is automatically updated in Azure AD.
Federated identity:
For more control over how users access Office 365 and other cloud services, you can set up directory synchronization with single sign-on (SSO) using Active Directory Federation Services (AD FS). Federating your user's sign-ins with AD FS delegates authentication to an on-premises server that validates user credentials. In this model, on-premises Active Directory credentials are never passed to Azure AD.
A company requires secure communication between virtual machines (VMs) without exposing credentials.
The security officer wants to perform proof-of-concept testing using managed service identities.
You need to recommend a solution for performing proof-of-concept testing.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
The security officer wants to perform proof-of-concept testing using managed service identities.
You need to recommend a solution for performing proof-of-concept testing.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation
Here's an example of how System Assigned Identities work with Azure Virtual Machines:
References: https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/overview
You need to recommend network connectivity solutions for the experimental applications.
What should you recommend? To answer, drag the appropriate solution to the correct network connection requirements. Each solution may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
What should you recommend? To answer, drag the appropriate solution to the correct network connection requirements. Each solution may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
정답:
Explanation
Box 1: ExpressRoute
ExpressRoute gives you a fast and reliable connection to Azure making it suitable for scenarios like periodic data migration, replication for business continuity, disaster recovery and other high availability strategies. It can also be a cost-effective option for transferring large amounts of data such as datasets for high performance computing applications or moving large VMs between your dev/test environment in Azure and on-premises production environment.
Box 2: point-to-site VPN
Box 3: point-to-site VPN
A point-to-site VPN also allows you to create a secure connection to your virtual network. In a point-to-site configuration, the connection is configured individually on each client computer that you want to connect to the virtual network Box 4: site-to-site VPN A site-to-site VPN allows you to create a secure connection between your on-premises site and your virtual network. To create a site-to-site connection, a VPN device that is located on your on-premises network is configured to create a secure connection with the Azure Virtual Network Gateway. Once the connection is created, resources on your local network and resources located in your virtual network can communicate directly and securely. Site-to-site connections do not require you to establish a separate connection for each client computer on your local network to access resources in the virtual network.
* Scenario: Support building experimental applications by using data from the Azure deployment and on-premises data sources.
References:
http://azure.microsoft.com/en-us/services/expressroute/
https://msdn.microsoft.com/en-us/library/azure/dn133798.aspx
You need to recommend the steps required to deploy the Northwind Electric Cars website.
Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Which three actions should you recommend performing in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
정답:
Explanation
References:
https://docs.microsoft.com/en-us/azure/app-service-web/websites-dotnet-webjobs-sdk-get-started
You deploy Azure App Service Web Apps that connect to on-premises Microsoft SQK Server instances by using Azure ExpressRoute. You plan to migrate the SQL Server instances to Azure.
Migration of the SQL Server instances to Azure must:
* Support automatic patching and version updates to SQL server.
* Provide automatic backup services
* Allow for high-availability of the instances.
* Provide a native VNET with private IP addressing.
* Encrypt all data in transit.
* Be in a single-tenant environment with dedicated underlying infrastructure (Compute storage) You need to migrate the SQL Server instances to Azure.
Which Azure service should you use?
Migration of the SQL Server instances to Azure must:
* Support automatic patching and version updates to SQL server.
* Provide automatic backup services
* Allow for high-availability of the instances.
* Provide a native VNET with private IP addressing.
* Encrypt all data in transit.
* Be in a single-tenant environment with dedicated underlying infrastructure (Compute storage) You need to migrate the SQL Server instances to Azure.
Which Azure service should you use?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
You need to automate tasks with Azure by using Azure PowerShell workflows.
How should you complete the Azure PowerShell script? To answer, drag the appropriate cmdlet to the correct location. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
How should you complete the Azure PowerShell script? To answer, drag the appropriate cmdlet to the correct location. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
정답:
Explanation
workflow Use-WorkflowCheckpointSample
{
# An exception occurs if 'HasBeenSuspended' does not already exist.
# Exceptions that are not caught with a try/catch will cause the runbook to suspend.
Set-AutomationVariable -Name 'HasBeenSuspended' -Value $False
# This line occurs before the checkpoint. When the runbook is resumed after
# suspension, 'Before Checkpoint' will not be output a second time.
Write-Output "Before Checkpoint"
# A checkpoint is created.
Checkpoint-Workflow
# This line occurs after the checkpoint. The runbook will start here on resume.
Write-Output "After Checkpoint"
$HasBeenSuspended = Get-AutomationVariable -Name 'HasBeenSuspended'
# If branch only executes if the runbook has not previously suspended.
if (!$HasBeenSuspended) {
Set-AutomationVariable -Name 'HasBeenSuspended' -Value $True
# This will cause a runtime exception. Any runtime exception in a runbook
# will cause the runbook to suspend.
1 + "abc"
}
Write-Output "Runbook Complete"
}
References: https://gallery.technet.microsoft.com/scriptcenter/How-to-use-workflow-cd57324f
You are an administrator of an Azure subscription for your company.
Management asks you to assign the user [email protected] to a role that can create and manage virtual machines (VMs). The user must not be able to manage storage or virtual networks for the MarketingGroupResources resource group. User1 must have no other permissions.
You need to implement the requirements.
How should you complete the Azure PowerShell command? To answer, select the appropriate Azure PowerShell segments in the answer area.
NOTE: Each correct selection is worth one point.
Management asks you to assign the user [email protected] to a role that can create and manage virtual machines (VMs). The user must not be able to manage storage or virtual networks for the MarketingGroupResources resource group. User1 must have no other permissions.
You need to implement the requirements.
How should you complete the Azure PowerShell command? To answer, select the appropriate Azure PowerShell segments in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation
You administer an Azure subscription for your company. You plan to deploy a virtual machine (VM) to Azure.
The VM environment must provide 99.95% uptime. A single switch outage must not cause the VM environment to be unavailable. The VM must not be offline due to installation of an update that requires a reboot.
You need to configure the environment.
Solution: Create an availability set and deploy two VMs. Place the VMs in the same fault domain.
Does the solution meet the goal?
The VM environment must provide 99.95% uptime. A single switch outage must not cause the VM environment to be unavailable. The VM must not be offline due to installation of an update that requires a reboot.
You need to configure the environment.
Solution: Create an availability set and deploy two VMs. Place the VMs in the same fault domain.
Does the solution meet the goal?
정답: A
Contoso, Ltd., uses Azure web apps for their company portal sites.
Admin users need enough access to effectively perform site monitoring or management tasks. Management tasks do not include assigning permissions to other users.
You need to grant admin access to a group of 10 users.
How should you configure the connection? To answer, drag the role or object to the correct connection setting.
Each item may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Admin users need enough access to effectively perform site monitoring or management tasks. Management tasks do not include assigning permissions to other users.
You need to grant admin access to a group of 10 users.
How should you configure the connection? To answer, drag the role or object to the correct connection setting.
Each item may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
정답:
Explanation
You are deploying an e-commerce solution to Azure App Service. The solution consists of the following components:
* Web App developed using Node.js and AngularJS to support customer order entry and product presentation.
* Inventory REST API developed using Nodejs Express to support the Web App and Mobile App.
* Mobile App developed using Xamarin and Node.js to support customer order entry and product presentation.
You have the following requirements:
* All components must support zero downtime deployments allowing seamless traffic redirection.
* All components must integrate with a database on a separate VNET.
* All components must support geoscaling using Azure Traffic Manager.
* Web App and REST API must auto-scale to 15 instances to support customer load. Mobile App must auto-scale to five instances to support customer load.
* Mobile App must secure all communications using SSL
* Minimize costs where applicable.
You need to determine the Azure App Service plan tier for each component.
What should you do? To answer, drag the appropriate App Service plan tiers to the correct components. Each App Service plan tier may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content NOTE: Each correct selection is worth one point.
* Web App developed using Node.js and AngularJS to support customer order entry and product presentation.
* Inventory REST API developed using Nodejs Express to support the Web App and Mobile App.
* Mobile App developed using Xamarin and Node.js to support customer order entry and product presentation.
You have the following requirements:
* All components must support zero downtime deployments allowing seamless traffic redirection.
* All components must integrate with a database on a separate VNET.
* All components must support geoscaling using Azure Traffic Manager.
* Web App and REST API must auto-scale to 15 instances to support customer load. Mobile App must auto-scale to five instances to support customer load.
* Mobile App must secure all communications using SSL
* Minimize costs where applicable.
You need to determine the Azure App Service plan tier for each component.
What should you do? To answer, drag the appropriate App Service plan tiers to the correct components. Each App Service plan tier may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content NOTE: Each correct selection is worth one point.
정답:
Explanation
Box 1: Premium
Scenario: Web App and REST API must auto-scale to 15 instances to support customer load.
Box 2: Premium
Scenario: Web App and REST API must auto-scale to 15 instances to support customer load.
Box 3: Standard
The Standard plan supports auto-scale
From scenario:
Mobile App must auto-scale to five instances to support customer load.
Mobile App must secure all communication using SSL.
Scenario: You have the following requirements:
All components must support zero downtime deployments allowing seamless traffic redirection.
All components must integrate with a database on a separate VNET.
All components must support geoscaling using Azure Traffic Manager.
Minimize costs where applicable.
References:
https://azure.microsoft.com/en-us/pricing/details/app-service/windows/
You manage an on-premises SQL Server database.
You need to regularly move data from the database to a data store in Azure to perform data analysis.
How should you design the solution?
Use the drop-down menus to select the technology for each flowchart shape.
NOTE: Each correct selection is worth one point.
You need to regularly move data from the database to a data store in Azure to perform data analysis.
How should you design the solution?
Use the drop-down menus to select the technology for each flowchart shape.
NOTE: Each correct selection is worth one point.
정답:
Explanation
A Azure Data Factory
Azure Data Factory is a managed service that you can use to produce trusted information from raw data in cloud or on-premises data sources. It allows developers to build data-driven workflows (pipelines) that join, aggregate and transform data sourced from their local, cloud-based and internet services, and set up complex data processing logic with little programming.
B Azure Credentials data store
You can store credentials for data stores and computes in an Azure Key Vault. Azure Data Factory retrieves the credentials when executing an activity that uses the data store/compute.
C Microsoft SQL Server
D Azure data Management Gateway
Microsoft Data Management Gateway connects on-premises data sources to cloud services for consumption.
Reference:
https://msdn.microsoft.com/en-us/library/dn879362.aspx
https://docs.microsoft.com/en-us/azure/data-factory/store-credentials-in-key-vault
Your company network includes two branch offices. Users at the company access internal virtual machines (VMs). You want to ensure secure communications between the branch offices and the internal VMs and network.
You need to create a site-to-site VPN connection. What are two possible ways to achieve this goal? Each correct answer presents a complete solution
You need to create a site-to-site VPN connection. What are two possible ways to achieve this goal? Each correct answer presents a complete solution
정답: B,D
설명: (DumpTOP 회원만 볼 수 있음)
Your company network includes a single forest with multiple domains. You plan to migrate from On-Premises Exchange to Exchange Online.
You want to provision the On-Premises Windows Active Directory (AD) and Azure Active Directory (Azure AD) service accounts.
You need to set the required permissions for the Azure AD service account. Which settings should you use?
To answer, drag the appropriate permission to the service account.
Each permission may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
You want to provision the On-Premises Windows Active Directory (AD) and Azure Active Directory (Azure AD) service accounts.
You need to set the required permissions for the Azure AD service account. Which settings should you use?
To answer, drag the appropriate permission to the service account.
Each permission may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
정답:
Explanation
When you run the Directory Sync tool Configuration Wizard, you must provide the following information:
Enterprise admin credentials for the on-premises Active Directory schema Global admin credentials for the Microsoft cloud service References:
https://support.microsoft.com/en-us/help/2684395/how-to-troubleshoot-azure-active-directory-sync-tool-installat
Your company has two physical locations configured in a geo-clustered environment that includes:
* System Center Virtual Machine Manager 2012 R2
* System Center Data Protection Manager 2012 R2
* SQL Server 2012
* Windows Server 2012 R2 Hyper-V
* Over 100 virtual machines (VMs) in each physical location
Your company has recently signed up for Azure. You plan to leverage your current network environment to provide a backup solution for your VMs. You need to recommend a solution that ensures all VMs are redundant and deployable between locations.
You also want the solution to minimize downtime in the event of an outage at either physical location. Which solution should you recommend?
* System Center Virtual Machine Manager 2012 R2
* System Center Data Protection Manager 2012 R2
* SQL Server 2012
* Windows Server 2012 R2 Hyper-V
* Over 100 virtual machines (VMs) in each physical location
Your company has recently signed up for Azure. You plan to leverage your current network environment to provide a backup solution for your VMs. You need to recommend a solution that ensures all VMs are redundant and deployable between locations.
You also want the solution to minimize downtime in the event of an outage at either physical location. Which solution should you recommend?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
You need to design a data storage strategy for each application.
In the table below, identify the strategy that you should use for each application. Make only one selection in each column.
In the table below, identify the strategy that you should use for each application. Make only one selection in each column.
정답:
Explanation
* Scenario:
/ HRApp
The company has a human resources (HR) application named HRApp that stores data in an on-premises SQL Server database.
The data must remain on-premises and cannot be stored in the cloud.
The human resources data is used by all business offices, and each office requires access to the entire database.
/ Metrics application
Data is stored on an on-premises SQL Server database, but this data should be moved to the cloud.
You need to implement testing for the DataManager mobile application.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
정답:
Explanation
References:
https://docs.microsoft.com/en-us/azure/application-insights/app-insights-monitor-web-app-availability#multi-ste