| Question.71 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You plan to deploy multiple instances of an Azure web app across several Azure regions. You need to design an access solution for the app. The solution must meet the following replication requirements: Support rate limiting. Balance requests between all instances. Ensure that users can access the app in the event of a regional outage. Solution: You use Azure Load Balancer to provide access to the app. Does this meet the goal? (A) Yes (B) No |
71. Click here to View Answer
Answer: B
Azure Application Gateway and Azure Load Balancer do not support rate or connection limits.
Note: Azure Front Door would meet the requirements. The Azure Web Application Firewall (WAF) rate limit rule for Azure Front Door controls the number of requests allowed from clients during a one-minute duration.
Reference:
https://www.nginx.com/blog/nginx-plus-and-azure-load-balancers-on-microsoft-azure/ https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-rate-limit-powershell
| Question.72 You are developing a sales application that will contain several Azure cloud services and handle different components of a transaction. Different cloud services will process customer orders, billing, payment, inventory, and shipping. You need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using XML messages. What should you include in the recommendation? (A) Azure Service Bus (B) Azure Blob Storage (C) Azure Notification Hubs (D) Azure Application Gateway |
72. Click here to View Answer
Answer: A
| Question.73 HOTSPOT You have several Azure App Service web apps that use Azure Key Vault to store data encryption keys. Several departments have the following requests to support the web app:  Which service should you recommend for each department’s request? To answer, configure the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:  |
73. Click here to View Answer
Answer:
Box 1: Azure AD Privileged Identity Management
Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Here are some of the key features of Privileged Identity Management:
Provide just-in-time privileged access to Azure AD and Azure resources
Assign time-bound access to resources using start and end dates
Require approval to activate privileged roles
Enforce multi-factor authentication to activate any role
Use justification to understand why users activate
Get notifications when privileged roles are activated
Conduct access reviews to ensure users still need roles
Download audit history for internal or external audit
Prevents removal of the last active Global Administrator role assignment
Box 2: Azure Managed Identity –
Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication.
Applications may use the managed identity to obtain Azure AD tokens. With Azure Key Vault, developers can use managed identities to access resources. Key
Vault stores credentials in a secure manner and gives access to storage accounts.
Box 3: Azure AD Privileged Identity Management
Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Here are some of the key features of Privileged Identity Management:
Provide just-in-time privileged access to Azure AD and Azure resources
Assign time-bound access to resources using start and end dates
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
| Question.74 You need to design a solution that will execute custom C# code in response to an event routed to Azure Event Grid. The solution must meet the following requirements: The executed code must be able to access the private IP address of a Microsoft SQL Server instance that runs on an Azure virtual machine. Costs must be minimized. What should you include in the solution? (A) Azure Logic Apps in the Consumption plan (B) Azure Functions in the Premium plan (C) Azure Functions in the Consumption plan (D) Azure Logic Apps in the integrated service environment |
74. Click here to View Answer
Answer: B
Virtual connectivity is included in the Premium plan.
Reference:
https://docs.microsoft.com/en-us/azure/azure-functions/functions-scale#hosting-plans-comparison
| Question.75 You have an Azure subscription. The subscription contains a tiered app named App1 that is distributed across multiple containers hosted in Azure Container Instances. You need to deploy an Azure Monitor monitoring solution for App. The solution must meet the following requirements: Support using synthetic transaction monitoring to monitor traffic between the App1 components. Minimize development effort. What should you include in the solution? (A) Network insights (B) Application Insights (C) Container insights (D) Log Analytics Workspace insights |
75. Click here to View Answer
Answer: B