Get Full Version of the Exam
You administer an Azure Active Directory (Azure AD) tenant that has a SharePoint web application named TeamSite1. TeamSite1 accesses your Azure AD tenant for user information.
The application access key for TeamSite1 has been compromised.
You need to ensure that users can continue to use TeamSite1 and that the compromised key does not allow access to the data in your Azure AD tenant.
Which two actions should you perform? Each correct answer presents part of the solution.
Remove the compromised key from the application definition for TeamSite1.
Delete the application definition for TeamSite1.
Generate a new application key for TeamSite1.
Generate a new application definition for TeamSite1.
Update the existing application key.
Correct Answer: AC
One of the security aspects of Windows Azure storage is that all access is protected by access keys.
It is possible to change the access keys (e.g. if the keys become compromised), and if changed, we#39;d need to update the application to have the new key.
You manage an Azure Web Site in Standard mode at the following address: contoso.azurevvebsites.net.
Your company has a new domain for the site that needs to be accessible by Secure Socket Layer (SSL) encryption.
You need to be able to add a custom domain to the Azure Web Site and assign an SSL certificate. Which three steps should you perform next in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. More than one order of answer choices may be correct You will receive credit for any of the correct orders you select
You manage an Azure Web Site named contosoweb.
Some users report that they receive the following error when they access contosoweb: quot;http Status 500.0 – Internal Server Error.quot;
You need to view detailed diagnostic information in XML format. Which option should you enable?
To answer, select the appropriate option in the answer area.
You are the administrator for three Azure subscriptions named Dev, Test, and Prod. Your Azure Power Shell profile is configured with the Dev subscription as the default.
You need to create a new virtual machine in the Test subscription by using the least administrative effort.
Which Power Shell command should you use?
Correct Answer: A Explanation: Example:
Set the current subscription This command makes quot;ContosoEngineeringquot; the current subscription.
C:\PSgt; Select-AzureSubscription -SubscriptionName ContosoEngineering -Current Reference: Select-AzureSubscription
Your company has a subscription to Azure.
You configure your contoso.com domain to use a private Certificate Authority. You deploy a web site named MyApp by using the Shared (Preview) web hosting plan.
You need to ensure that clients are able to access the MyApp website by using https. What should you do?
Back up the Site and import into a new website.
Use the internal Certificate Authority and ensure that clients download the certificate chain.
Add custom domain SSL support to your current web hosting plan.
Change the web hosting plan to Standard.
Correct Answer: D
Enabling HTTPS for a custom domain is only available for the Standard web hosting plan mode of Azure websites.
Your company is launching a public website that allows users to stream videos. You upload multiple video files to an Azure storage container.
You need to give anonymous users read access to all of the video files in the storage container. What should you do?
Edit each blob#39;s metadata and set the access policy to Public Blob.
Edit the container metadata and set the access policy to Public Container.
Move the files into a container sub-directory and set the directory access level to Public Blob.
Edit the container metadata and set the access policy to Public Blob.
Correct Answer: D
By default, the container is private and can be accessed only by the account owner. To allow public read access to the blobs in the container, but not the container properties and metadata, use the quot;Public Blobquot; option. To allow full public read access for the container and blobs, use the quot;Public Containerquot; option.
You manage a set of virtual machines (VMs) deployed to the cloud service named fabrikamVM. You configure auto scaling according to the following parameters:
With an instance range of two to six instances
To maintain CPU usage between 70 and 80 percent To scale up one instance at a time
With a scale up wait time of 30 minutes To scale down one instance at a time With a scale down wait time of 30 minutes
You discover the following usage pattern of a specific application:
The application peaks very quickly, and the peak lasts for several hours.
CPU usage stays above 90 percent for the first 1 to 1.5 hours after usage increases.
After 1.5 hours, the CPU usage falls to about 75 percent until application usage begins to decline.
You need to modify the auto scaling configuration to scale up faster when usage peaks.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
Decrease the scale down wait time.
Decrease the scale up wait time.
Increase the number of scale up instances.
Increase the scale up wait time.
Increase the maximum number of instances.
Correct Answer: BC
You administer a cloud service.
You plan to host two web applications named contosoweb and contosowebsupport.
You need to ensure that you can host both applications and qualify for the Azure Service Level Agreement. You want to achieve this goal while minimizing costs.
How should you host both applications?
in different web roles with two instances in each web role
in the same web role with two instances
in different web roles with one instance in each web role
in the same web role with one instance
Correct Answer: B
A cloud service must have at least two instances of every role to qualify for the Azure Service Level Agreement, which guarantees external connectivity to your Internet-facing roles at least
99.95 percent of the time.
Azure, What is a cloud service?
You manage a software-as-a-service application named SaasApp1 that provides user management features in a multi-directory environment.
You plan to offer SaasApp1 to other organizations that use Azure Active Directory. You need to ensure that SaasApp1 can access directory objects.
What should you do?
Configure the Federation Metadata URL
Register SaasApp1 as a native client application.
Register SaasApp1 as a web application.
Configure the Graph API.
Correct Answer: D
The Azure Active Directory Graph API provides programmatic access to Azure AD through REST
API endpoints. Applications can use the Graph API to perform create, read, update, and delete (CRUD) operations on directory data and objects. For example, the Graph API supports the following common operations for a user object:
Create a new user in a directory
Get a user#39;s detailed properties, such as their groups
Update a user#39;s properties, such as their location and phone number, or change their password Check a user#39;s group membership for role-based access
Disable a user#39;s account or delete it entirely
Reference: Azure AD Graph API
You plan to deploy a cloud service named contosoapp. The service includes a web role named contosowebrole. The web role has an endpoint named restrictedEndpoint.
You need to allow access to restricted Endpoint only from your office machine using the IP address 22.214.171.124.
Which values should you use within the service configuration file?
To answer, drag the appropriate value to the correct location in the service configuration file. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.