You are developing an ASP.NET Core website that can be used to manage photographs which are stored in Azure Blob Storage containers.
Users of the website authenticate by using their Azure Active Directory (Azure AD) credentials.
You implement role-based access control (RBAC) role permission on the containers that store photographs.
You assign users to RBAC role.
You need to configure the website's Azure AD Application so that user's permissions can be used with the Azure Blob containers.
How should you configure the application? To answer, drag the appropriate setting to the correct location.
Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation

Box 1: user_impersonation
Box 2: delegated
Example:
1.Select the API permissions section
2.Click the Add a permission button and then:
Ensure that the My APIs tab is selected
3.In the list of APIs, select the API TodoListService-aspnetcore.
4.In the Delegated permissions section, ensure that the right permissions are checked: user_impersonation.
5.Select the Add permissions button.
Box 3: delegated
Example
1.Select the API permissions section
2.Click the Add a permission button and then,
Ensure that the Microsoft APIs tab is selected
3.In the Commonly used Microsoft APIs section, click on Microsoft Graph
4.In the Delegated permissions section, ensure that the right permissions are checked: User.Read. Use the search box if necessary.
5.Select the Add permissions button
References:
https://docs.microsoft.com/en-us/samples/azure-samples/active-directory-dotnet-webapp-webapi-openidconnect-

Comment: *

Name: *

Email: *

Verification: *

ASP.NET Core API app by using C#. The API app will allow users to authenticate by using Twitter and Azure Active Directory (Azure AD).
Users must be authenticated before calling API methods. You must log the user's name for each method call.
You need to configure the API method calls.
Which values should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Reference:
https://docs.microsoft.com/en-us/azure/app-service/app-service-authentication-how-to

Comment: *

Name: *

Email: *

Verification: *

You need to ensure that network security policies are met.
How should you configure network security? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Reference:
https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview
https://www.upguard.com/articles/10-tips-for-securing-your-nginx-deployment

Comment: *

Name: *

Email: *

Verification: *

Case Study 2
Requirements
ContentAnalysisService
The company's data science group built ContentAnalysisService which accepts user generated content as a string and returns a probable value for inappropriate content. Any values over a specific threshold must be reviewed by an employee of Contoso, Ltd.
You must create an Azure Function named CheckUserContent to perform the content checks.
Costs
You must minimize costs for all Azure services.
Manual review
To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role. All completed reviews must include the reviewer's email address for auditing purposes.
High availability
All services must run in multiple regions. The failure of any service in a region must not impact overall application availability.
Monitoring
An alert must be raised if the ContentUploadService uses more than 80 percent of available CPU-cores.
Security
You have the following security requirements:
* Any web service accessible over the Internet must be protected from cross site scripting attacks.
* All websites and services must use SSL from a valid root certificate authority.
* Azure Storage access keys must only be stored in memory and must be available only to the service.
* All Internal services must only be accessible from Internal Virtual Networks (VNets)
* All parts of the system must support inbound and outbound traffic restrictions.
* All service calls must be authenticated by using Azure AD.
User agreements
When a user submits content, they must agree to a user agreement. The agreement allows employees of Contoso.Ltd to review content, store cookies on user devices and track user's IP addresses.
Information regarding agreements is used by multiple divisions within Contoso, Ltd.
User responses must not be lost and must be available to all parties regardless of individual service uptime. The volume of agreements is expected to be in the millions per hour.
Validation testing
When a new version of the ContentAnalysisService is available the previous seven days of content must be processed with the new version to verify that the new version does not significantly deviate from the old version.
Issues
Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.
Code
ContentUploadService


You need to configure the ContentUploadService deployment.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A.Add the following markup to line CS23:
  types: Private
• B.Add the following markup to line CS24:
  osType: Windows
• C.Add the following markup to line CS24:
  osType: Linux
• D.Add the following markup to line CS23:
  types: Public

Comment: *

Name: *

Email: *

Verification: *

You need to implement telemetry for non-user actions.
How should you complete the Filter class? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation

Scenario: Exclude non-user actions from Application Insights telemetry.
Box 1: ITelemetryProcessor
To create a filter, implement ITelemetryProcessor. This technique gives you more direct control over what is included or excluded from the telemetry stream.
Box 2: ITelemetryProcessor
Box 3: ITelemetryProcessor
Box 4: RequestTelemetry
Box 5: /health
To filter out an item, just terminate the chain.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/app/api-filtering-sampling

Comment: *

Name: *

Email: *

Verification: *