| Question.46 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You develop a software as a service (SaaS) offering to manage photographs. Users upload photos to a web service which then stores the photos in Azure Storage Blob storage. The storage account type is General-purpose V2. When photos are uploaded, they must be processed to produce and save a mobile-friendly version of the image. The process to produce a mobile-friendly version of the image must start in less than one minute. You need to design the process that starts the photo processing. Solution: Convert the Azure Storage account to a BlockBlobStorage storage account. Does the solution meet the goal? (A) Yes (B) No |
46. Click here to View Answer
Answer: B
Explanation:
Not necessary to convert the account, instead move photo processing to an Azure Function triggered from the blob upload..
Azure Storage events allow applications to react to events. Common Blob storage event scenarios include image or video processing, search indexing, or any file- oriented workflow.
Note: Only storage accounts of kind StorageV2 (general purpose v2) and BlobStorage support event integration. Storage (general purpose v1) does not support integration with Event Grid.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-event-overview
| Question.47 HOTSPOT – You are developing an Azure Web App. You configure TLS mutual authentication for the web app. You need to validate the client certificate in the web app. To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:  |
47. Click here to View Answer
Answer:
Explanation:
Accessing the client certificate from App Service.
If you are using ASP.NET and configure your app to use client certificate authentication, the certificate will be available through the HttpRequest.ClientCertificate property. For other application stacks, the client cert will be available in your app through a base64 encoded value in the “X-ARR-ClientCert” request header. Your application can create a certificate from this value and then use it for authentication and authorization purposes in your application.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth
| Question.48 DRAG DROP – You are developing a Docker/Go using Azure App Service Web App for Containers. You plan to run the container in an App Service on Linux. You identify a Docker container image to use. None of your current resource groups reside in a location that supports Linux. You must minimize the number of resource groups required. You need to create the application and perform an initial deployment. Which three Azure CLI commands should you use to develop the solution? To answer, move the appropriate commands from the list of commands to the answer area and arrange them in the correct order. Select and Place:  |
48. Click here to View Answer
Answer:
Explanation:
You can host native Linux applications in the cloud by using Azure Web Apps. To create a Web App for Containers, you must run Azure CLI commands that create a group, then a service plan, and finally the web app itself.
Step 1: az group create –
In the Cloud Shell, create a resource group with the az group create command.
Step 2: az appservice plan create
In the Cloud Shell, create an App Service plan in the resource group with the az appservice plan create command.
Step 3: az webapp create –
In the Cloud Shell, create a web app in the myAppServicePlan App Service plan with the az webapp create command. Don’t forget to replace with a unique app name, and <docker-ID> with your Docker ID.
Reference:
| Question.49 DRAG DROP – Fourth Coffee has an ASP.NET Core web app that runs in Docker. The app is mapped to the www.fourthcoffee.com domain. Fourth Coffee is migrating this application to Azure. You need to provision an App Service Web App to host this docker image and map the custom domain to the App Service web app. A resource group named FourthCoffeePublicWebResourceGroup has been created in the WestUS region that contains an App Service Plan named AppServiceLinuxDockerPlan. Which order should the CLI commands be used to develop the solution? To answer, move all of the Azure CLI commands from the list of commands to the answer area and arrange them in the correct order. Select and Place:  |
49. Click here to View Answer
Answer:
Explanation:
Step 1: #bin/bash –
The appName is used when the webapp-name is created in step 2.
Step 2: az webapp create –
Create a web app. In the Cloud Shell, create a web app in the myAppServicePlan App Service plan with the az webapp create command.
Step 3: az webapp config container set
In Create a web app, you specified an image on Docker Hub in the az webapp create command. This is good enough for a public image. To use a private image, you need to configure your Docker account ID and password in your Azure web app.
Step 4: az webapp config hostname add
The webapp-name is used when the webapp is created in step 2.
In the Cloud Shell, follow the az webapp create command with az webapp config container set.
| Question.50 You are developing a serverless Java application on Azure. You create a new Azure Key Vault to work with secrets from a new Azure Functions application. The application must meet the following requirements: ✑ Reference the Azure Key Vault without requiring any changes to the Java code. ✑ Dynamically add and remove instances of the Azure Functions host based on the number of incoming application events. ✑ Ensure that instances are perpetually warm to avoid any cold starts. ✑ Connect to a VNet. ✑ Authentication to the Azure Key Vault instance must be removed if the Azure Function application is deleted. You need to grant the Azure Functions application access to the Azure Key Vault. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:  |
50. Click here to View Answer
Answer:
Explanation:
1. Create the Azure Functions app with a Premium plan type.
The Premium plan for Azure Functions provides features such as scalability, improved performance, and VNET integration.
It supports always-on instances, which is beneficial for applications that need continuous availability.
It also supports Managed Identities, which are necessary for secure authentication with other Azure resources.
2. Create a system-assigned managed identity for the application.
A system-assigned managed identity allows the Azure Functions app to securely authenticate to Azure services (like Key Vault) without needing to store credentials.
This identity is tied to the function app and automatically managed by Azure AD (Azure Active Directory).
System-assigned identities are ideal for security best practices, reducing the risk of credential exposure.
3. Create an access policy in Azure Key Vault for the application identity.
Azure Key Vault stores and protects sensitive data such as secrets, certificates, and encryption keys.
To allow the Azure Function app to access secrets (e.g., database credentials, API keys), we must create an access policy that grants the managed identity the required permissions.
The access policy ensures secure retrieval of secrets without exposing them in the function code.