Architecting Microsoft Azure Solutions 試験
Question No : 1
You need to ensure that users do not need to re-enter their passwords after they authenticate to cloud applications for the first time.
What should you do?
Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them.
Question No : 2
You need to prepare the implementation of data storage for the contractor information app.
What should you?
/ VanArsdel needs a solution to reduce the number of operations on the contractor information table. Currently, data transfer rates are excessive, and queue length for read/write operations affects performance.
/ A mobile service that is used to access contractor information must have automatically scalable, structured storage
* The basic unit of deployment and scale in Azure is the Cloud Service.
Question No : 3
You are designing a plan to deploy a new application to Azure.
The solution must provide a single sign-on experience for users.
You need to recommend an authentication type.
Which authentication type should you recommend?
A Microsoft cloud service administrator who wants to provide their Azure Active Directory (AD) users with sign-on validation can use a SAML 2.0 compliant SP-Lite profile based Identity Provider as their preferred Security Token Service (STS) / identity provider. This is useful where the solution implementer already has a user directory and password store on-premises that can be accessed using SAML 2.0. This existing user directory can be used for sign-on to Office 365 and other Azure AD-secured resources.
Question No : 4
You need to design the contractor information app.
What should you recommend? To answer, select the appropriate options in the answer area.
/ They also plan to extend their on-premises Active Directory into Azure for mobile app authentication
/ VanArsdel mobile app must authenticate employees to the company's Active Directory.
Question No : 5
You need to recommend a solution that allows partners to authenticate.
Which solution should you recommend?
* Scenario: The partners all use Hotmail.com email addresses.
* In Microsoft Azure Active Directory Access Control (also known as Access Control Service or ACS), an identity provider is a service that authenticates user or client identities and issues security tokens that ACS consumes.
The ACS Management Portal provides built-in support for configuring Windows Live ID as an ACS Identity Provider.
Not C, not D: Scenario: VanArsdel management does NOT want to create and manage user accounts for partners.
Question No : 6
You need to design the system that alerts project managers to data changes in the contractor information app.
Which service should you use?
/ Mobile Apps: Event-triggered alerts must be pushed to mobile apps by using a custom Node.js script.
/ The service level agreement (SLA) for the solution requires an uptime of 99.9%
* If you are already using Azure Storage Blobs or Tables and you start using queues, you are guaranteed 99.9% availability. If you use Blobs or Tables with Service Bus queues, you will have lower availability.
Note: Microsoft Azure supports two types of queue mechanisms: Azure Queues and Service Bus Queues.
/ Azure Queues, which are part of the Azure storage infrastructure, feature a simple REST-based Get/Put/Peek interface, providing reliable, persistent messaging within and between services.
/ Service Bus queues are part of a broader Azure messaging infrastructure that supports queuing as well as publish/subscribe, Web service remoting, and integration patterns.
Question No : 7
You need to recommend data storage mechanisms for the solution.
What should you recommend? To answer, drag the appropriate data storage mechanism to the correct information type. Each data storage mechanism may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
* Use Table storage for Contractor information
* Use Blob for Project Images
* Scenario: VanArsdel needs a solution to reduce the number of operations on the contractor information table. Currently, data transfer rates are excessive, and queue length for read/write operations affects performance.
/ A mobile service that is used to access contractor information must have automatically scalable, structured storage
/ Images must be stored in an automatically scalable, unstructured form.
Note: Blob is an acronym for Binary Large object. Basically Blob is a sequence of bytes C just what an application needs. Blob can hold audio, video, email messages, archived files, zip files or a word processing document in a very general way.
Question No : 8
Topic 11, VanArsdel, Ltd
VanArsdel, Ltd. builds skyscrapers, subways, and bridges. VanArsdel is a leader in using technology to do construction better.
VanArsdel employees are able to use their own mobile devices for work activities because the company recognizes that this usage enables employee productivity. Employees also access Software as a Service (SaaS) applications, including DocuSign, Dropbox, and Citrix. The company continues to evaluate and adopt more SaaS applications for its business. VanArsdel uses Azure Active Directory (AD) to authenticate its employees, as well as Multi-Factor Authentication (MFA). Management enjoys the ease with which MFA can be enabled and disabled for employees who use cloud-based services. VanArsdel's on-premises directory contains a single forest.
VanArsdel creates a helpdesk group to assist its employees. The company sends email messages to all its employees about the helpdesk group and how to contact it. Configuring employee access for SaaS applications is often a time-consuming task. It is not always obvious to the helpdesk group which users should be given access to which SaaS applications. The helpdesk group must respond to many phone calls and email messages to solve this problem, which takes up valuable time. The helpdesk group is unable to meet the needs of VanArsdel's employees.
However, many employees do not work with the helpdesk group to solve their access problems. Instead, these employees contact their co-workers or managers to find someone who can help them. Also, new employees are not always told to contact the helpdesk group for access problems. Some employees report that they cannot see all the applications in the Access Panel that they have access to. Some employees report that they must re-enter their passwords when they access cloud applications, even though they have already authenticated.
Bring your own device (BYOD):
VanArsdel wants to continue to support users and their mobile and personal devices, but the company is concerned about how to protect corporate assets that are stored on these devices. The company does not have a strategy to ensure that its data is removed from the devices when employees leave the company.
VanArsdel wants a mobile app for customer profile registration and feedback. The company would like to keep track of all its previous, current, and future customers worldwide. A profile system using third-party authentication is required as well as feedback and support sections for the mobile app.
VanArsdel plans to migrate several virtual machine (VM) workloads into Azure. They also plan to extend their on-premises Active Directory into Azure for mobile app authentication.
• A single account and credentials for both on-premises and cloud applications
• Certain applications that are hosted both in Azure and on-site must be accessible to both VanArsdel employees and partners
• The service level agreement (SLA) for the solution requires an uptime of 99.9%
• The partners all use Hotmail.com email addresses
VanArsdel requires a mobile app for project managers on construction job sites. The mobile app has the following requirements:
• The app must display partner information.
• The app must alert project managers when changes to the partner information occur.
• The app must display project information including an image gallery to view pictures of construction projects.
• Project managers must be able to access the information remotely and securely.
• VanArsdel must control access to its resources to ensure sensitive services and information are accessible only by authorized users and/or managed devices.
• Employees must be able to securely share data, based on corporate policies, with other VanArsdel employees and with partners who are located on construction job sites.
• VanArsdel management does NOT want to create and manage user accounts for partners.
• VanArsdel requires a non-centralized stateless architecture fonts data and services where application, data, and computing power are at the logical extremes of the network.
• VanArsdel requires separation of CPU storage and SQL services
VanArsdel needs a solution to reduce the number of operations on the contractor information table. Currently, data transfer rates are excessive, and queue length for read/write operations affects performance.
• A mobile service that is used to access contractor information must have automatically scalable, structured storage
• Images must be stored in an automatically scalable, unstructured form.
• VanArsdel mobile app must authenticate employees to the company's Active Directory.
• Event-triggered alerts must be pushed to mobile apps by using a custom Node.js script.
• The customer support app should use an identity provider that is configured by using the Access Control Service for current profile registration and authentication.
• The customer support team will adopt future identity providers that are configured through Access Control Service.
• Active Directory Federated Server (AD FS) will be used to extend AD into Azure.
• Helpdesk administrators must have access to only the groups of Azure resources they are responsible for. Azure administration will be performed by a separate group.
• IT administrative overhead must be minimized.
• Permissions must be assigned by using Role Based Access Control (RBAC).
• Line of business applications must be accessed securely.
You need to assign permissions for the Virtual Machine (VM) workloads that you migrate to Azure.
The solution must use the principal of least privileges.
What should you do?
* Scenario: Permissions must be assigned by using Role Based Access Control (RBAC).
* Role-Based access control (RBAC) in the Azure Portal and Azure Resource Management API allows you to manage access to your subscription at a fine-grained level. With this feature, you can grant access for Active Directory users, groups, or service principals by assigning some roles to them at a particular scope.
Create a role assignment
Use New-AzureRoleAssignment to create a role assignment.
Example: This will create a role assignment for a group at a resource group level.
PS C:\> New-AzureRoleAssignment -ObjectID <group object ID> -RoleDefinitionName Reader -ResourceGroupName group1
Question No : 9
You manage an Azure Web Site named contosoweb.
Some users report that they receive the following error when they access contosoweb:
“http Status 500.0 - Internal Server Error.”
You need to view detailed diagnostic information in XML format.
Which option should you enable? To answer, select the appropriate option in the answer area.
Failed Request Tracing is the only option that produces its output in XML files as specified in the question.
Question No : 10
You manage a solution deployed in two Azure subscriptions for testing and production. Both subscriptions have virtual networks named fabVNet.
You plan to add two new virtual machines (VMs) in a new subnet.
You have the following requirements:
- Deploy the new VMs to the virtual network in the testing subscription.
- Minimize any errors in defining the network changes.
- Minimize the work that will be required when the change is made to the production virtual network.
Which three steps should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Create a subnet in the Testing subnet, Deploy the VMs to this new subnet, and Export the network configuration for later importing it to Production.
Question No : 11
You need to design the role-based access control strategy for the company. What should you do? To answer, drag the appropriate role to the correct user tier. Each role may be used one, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
Azure platform roles include:
Azure also provides several resource-specific roles. Some common ones are:
Question No : 12
You have an Azure subscription named Subscription1. You create several Azure VMs in Subscription1. All of the VMs belong to the same virtual network.
You have an on-premises Hyper-V server named Server1. Server1 hosts a virtual machine named VM1. You plan to replicate VM1 to Azure.
You need to create additional objects in Subscription1 to support the planned deployment. Which three objects should you create? Each correct answer presents part of the solution.
You need to set up a Recovery Services vault to orchestrate and manage replication.
Make sure Hyper-V hosts are prepared for Site Recovery deployment.
You need a Microsoft Azure account, Azure networks, and storage accounts.
Question No : 13
You deploy an application as a cloud service in Azure. The application consists of five instances of a web role. You need to move the web role instances to a different subnet. Which file should you update?
The service configuration file specifies the number of role instances to deploy for each role in the service, the values of any configuration settings, and the thumbprints for any certificates associated with a role. If the service is part of a Virtual Network, configuration information for the network must be provided in the service configuration file, as well as in the virtual networking configuration file. The default extension for the service configuration file is .cscfg.
Question No : 14
You administer a cloud service. You plan to host two web applications named contosoweb and contosowebsupport. You need to ensure that you can host both applications and qualify for the Azure Service Level Agreement.
You want to achieve this goal while minimizing costs. How should you host both applications?
For Cloud Services, we guarantee that when you deploy two or more role instances in different fault and upgrade domains, your Internet facing roles will have external connectivity at least 99.95% of the time.
Question No : 15
You need to architect a solution for the client's core business objectives. Which services should you recommend? To answer, drag the appropriate service to the correct business objective.
Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content
Box 1: Azure Media Services
Azure Media Services gives you broadcast-quality video streaming services to reach larger audiences on today’s most popular mobile devices. Media Services enhances accessibility, distribution, and scalability, and makes it easy and cost-effective to stream content to your local and worldwide audiences
Box 2: Mobile Services
Microsoft today announced upcoming changes for its cloud services intended for use in mobile apps. The Azure Mobile Services suite ― which offers push notification capability, authentication, and data storage ― will be discontinued in December 2016. Microsoft is encouraging people to move sites from Mobile Services to the Azure App Service, which offers similar functionality and will begin automatically migrating sites to App Service on Sept. 1.
Box 3: Azure Batch