You need to recommend a compute solution for the middle tier of the payment processing system.
What should you include in the recommendation?
A
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in
the review screen.
Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service
instances will be deployed at the same time as the Azure SQL databases.
The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The
resources for the App Service instances must reside in the same region.
You need to recommend a solution to meet the regulatory requirement.
Solution: You recommend using an Azure policy initiative to enforce the location.
Does this meet the goal?
A
Explanation:
Azure Resource Policy Definitions can be used which can be applied to a specific Resource Group with the App Service
instances.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview
HOTSPOT
You plan to deploy a custom database solution that will have multiple instances as shown in the following table.
Client applications will access database servers by using db.contoso.com.
You need to recommend load balancing services for the planned deployment. The solution must meet the following
requirements:
Access to at least one database server must be maintained in the event of a regional outage. The virtual machines must
not connect to the internet directly.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Explanation:
Box 1: Azure Traffic Manager
Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global
Azure regions, while providing high availability and responsiveness. Because Traffic Manager is a DNS-based load-
balancing service, it load balances only at the domain level. For that reason, it can't fail over as quickly as Front Door,
because of common challenges around DNS caching and systems not honoring DNS TTLs.
Incorrect Answers:
Front Door is an application delivery network that provides global load balancing and site acceleration service for web
applications.
Box 2: Azure Load Balancer
Azure Load Balancer is a high-performance, ultra low-latency Layer 4 load-balancing service (inbound and outbound) for all
UDP and TCP protocols. It is built to handle millions of requests per second while ensuring your solution is highly available.
Azure Load Balancer is zone-redundant, ensuring high availability across Availability Zones.
Incorrect Answers:
Front Door is an application delivery network that provides global load balancing and site acceleration service for web
applications. Reference:
https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview
Your company develops Azure applications.
You need to recommend a solution for the deployment of Azure subscriptions. The solution must meet the following
requirements:
Provision resource groups.
Support deployments across all Azure regions.
Create custom role-based access control (RBAC) roles.
Provide consistent virtual machine and virtual network configurations.
What should you include in the recommendation?
D
Explanation:
Resource groups: You can scope your deployment to a resource group. You use an Azure Resource Manager template
(ARM template) for the deployment.
Regions: If you have a template spec in one region and want to move it to new region, you can export the template spec
and redeploy it.
RBAC: Azure role-based access control (Azure RBAC) is the authorization system you use to manage access to Azure
resources. To grant access, you assign roles to users, groups, service principals, or managed identities at a particular scope.
In addition to using Azure PowerShell or the Azure CLI, you can assign roles using Azure Resource Manager templates.
Templates can be helpful if you need to deploy resources consistently and repeatedly
You can setup Virtual machines and virtual network configurations in an Azure Resource Manager template. Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/overview https://docs.microsoft.com/en-us/azure/azure-
resource-manager/management/microsoft-resources-move-regions https://docs.microsoft.com/en-us/azure/role-based-
access-control/role-assignments-template https://docs.microsoft.com/en-us/azure/virtual-machines/windows/template-
description
DRAG DROP
You need to design an architecture to capture the creation of users and the assignment of roles. The captured data must be
stored in Azure Cosmos DB.
Which Azure services should you include in the design? To answer, drag the appropriate services to the correct targets.
Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to
view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Explanation:
Note: You can select Logs from either the Azure Monitor menu or the Log Analytics workspaces menu. Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/log-query-overview
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in
the review screen.
You plan to deploy multiple instances of an Azure web app across several Azure regions.
You need to design an access solution for the app. The solution must meet the following replication requirements:
Support rate limiting.
Balance requests between all instances.
Ensure that users can access the app in the event of a regional outage.
Solution: You use Azure Application Gateway to provide access to the app.
Does this meet the goal?
B
You have 100 Standard_F2s_v2 Azure virtual machines. Each virtual machine has two network adapters.
You need to increase the network performance of the workloads running on the virtual machines. The solution must meet the
following requirements:
The CPU-to-memory ratio must remain the same. The solution must minimize costs.
What should you do?
B
Explanation:
Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking
performance. This high-performance path bypasses the host from the datapath, reducing latency, jitter, and CPU utilization,
for use with the most demanding network workloads on supported VM types. Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/create-vm-accelerated-networking-cli https://docs.microsoft.com/en-
us/azure/site-recovery/azure-vm-disaster-recovery-with-accelerated-networking
You plan to deploy an API by using Azure API Management.
You need to recommend a solution to protect the API from a distributed denial of service (DDoS) attack.
What should you recommend?
B
You have an Azure subscription that contains a Basic Azure virtual WAN named VirtualWAN1 and the virtual hubs shown in
the following table.
You have an ExpressRoute circuit in the US East region.
You need to create an ExpressRoute association to VirtualWAN1.
What should you do first?
D
Explanation:
Connectivity across geopolitical regions is not supported on the standard ExpressRoute SKU. You will need to enable the
ExpressRoute premium add-on to support global connectivity. Reference:
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-locations
You have an Azure subscription that contains two applications named App1 and App2. App1 is a sales processing
application. When a transaction in App1 requires shipping, a message is added to an Azure Storage account queue, and
then App2 listens to the queue for relevant transactions.
In the future, additional applications will be added that will process some of the shipping requests based on the specific
details of the transactions.
You need to recommend a replacement for the storage account queue to ensure that each additional application will be able
to read the relevant transactions.
What should you recommend?
A
Explanation:
A queue allows processing of a message by a single consumer. In contrast to queues, topics and subscriptions provide a
one-to-many form of communication in a publish and subscribe pattern. It's useful for scaling to large numbers of recipients.
Each published message is made available to each subscription registered with the topic. Publisher sends a message to a
topic and one or more subscribers receive a copy of the message, depending on filter rules set on these subscriptions.
Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-queues-topics-subscriptions
You have an on-premises Active Directory forest and an Azure Active Directory (Azure AD) tenant. All Azure AD users are
assigned an Azure AD Premium P1 license.
You deploy Azure AD Connect.
Which two features are available in this environment that can reduce operational overhead for your companys help desk?
Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
C E
You have an Azure subscription.
You need to deploy an Azure Kubernetes Service (AKS) solution that will use Linux nodes. The solution must meet the
following requirements:
Minimize the time it takes to provision compute resources during scale-out operations. Support autoscaling of Linux
containers. Minimize administrative effort.
Which scaling option should you recommend?
B
Explanation:
About the cluster autoscaler.
AKS clusters can scale in one of two ways:
The cluster autoscaler watches for pods that can't be scheduled on nodes because of resource constraints. The cluster
then automatically increases the number of nodes. The horizontal pod autoscaler uses the Metrics Server in a Kubernetes
cluster to monitor the resource demand of pods. Reference:
https://docs.microsoft.com/en-us/azure/aks/cluster-autoscaler
You have an Azure subscription that contains an Azure Blob storage account named store1.
You have an on-premises file server named Server1 that runs Windows Server 2016. Server1 stores 500 GB of company
files.
You need to store a copy of the company files from Server 1 in store1.
Which two possible Azure services achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
D E
You manage an on-premises network and Azure virtual networks.
You need to create a secure connection over a private network between the on-premises network and the Azure virtual
networks. The connection must offer a redundant pair of cross connections to provide high availability.
What should you recommend?
B
Explanation:
Every Azure VPN gateway consists of two instances in an active-standby configuration. For any planned maintenance or
unplanned disruption that happens to the active instance, the standby instance would take over (failover) automatically.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-highlyavailable
You manage an application instance. The application consumes data from multiple databases. Application code references
database tables using a combination of the server, database, and table name.
You need to migrate the application data to Azure.
To which two Azure services could you migrate the application to achieve the goal? Each correct answer presents a
complete solution.
NOTE: Each correct selection is worth one point.
A D
Explanation:
A: The managed instance deployment model is designed for customers looking to migrate a large number of apps from on-
premises or IaaS, self-built, or ISV provided environment to fully managed PaaS cloud environment, with as low migration
effort as possible. Using the fully automated Data Migration Service (DMS) in Azure, customers can lift and shift their on-
premises SQL Server to a managed instance that offers compatibility with SQL Server on-premises and complete isolation of
customer instances with native VNet support.
D: Access your SQL Server data seamlessly regardless of whether it's on-premises or stretched to the cloud. You set the
policy that determines where data is stored, and SQL Server handles the data movement in the background. The entire table
is always online and queryable. And, Stretch Database doesn't require any changes to existing queries or applications - the
location of the data is completely transparent to the application. Reference:
https://docs.microsoft.com/en-us/sql/sql-server/stretch-database/stretch-database https://docs.microsoft.com/en-
us/azure/sql-database/sql-database-managed-instance