Question 101
You need to configure Azure CDN for the Shipping web site.
Which configuration options should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 102
You are developing an ASP.NET Core app that includes feature flags which are managed by Azure App Configuration. You create an Azure App Configuration store named AppFeatureFlagStore that contains a feature flag named Export.
You need to update the app to meet the following requirements:
* Use the Export feature in the app without requiring a restart of the app.
* Validate users before users are allowed access to secure resources.
* Permit users to access secure resources.
How should you complete the code segment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 103
Drag and Drop Question
You are preparing to deploy an Azure virtual machine (VM)-based application. The VMs that run the application have the following requirements:
- When a VM is provisioned the firewall must be automatically
configured before it can access Azure resources
- Supporting services must be installed by using an Azure PowerShell
script that is stored in Azure Storage
You need to ensure that the requirements are met.
Which features should you use? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Question 104
You are developing an Azure Web App. You configure TLS mutual authentication for the web app.
You need to validate the client certificate in the web app. To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 105
Case study 1 - Litware Inc
Background
You are a developer for Litware Inc., a SaaS company that provides a solution for managing employee expenses. The solution consists of an ASP.NET Core Web API project that is deployed as an Azure Web App.
Overall architecture
Employees upload receipts for the system to process. When processing is complete, the employee receives a summary report email that details the processing results. Employees then use a web application to manager their receipts and perform any additional tasks needed for reimbursement.
Receipt processing
Employees may upload receipts in two ways:
* Uploading using an Azure Files mounted folder
* Uploading using the web application
Data Storage
Receipt and employee information is stored in an Azure SQL database.
Documentation
Employees are provided with a getting started document when they first use the solution. The documentation includes details on supported operating systems for Azure File upload, and instructions on how to configure the mounted folder.
Solution details
Users table
Web Application
You enable MSI for the Web App and configure the Web App to use the security principal name.
Processing
Processing is performed by an Azure Function that uses version 2 of the Azure Function runtime.
Once processing is completed, results are stored in Azure Blob Storage and an Azure SQL database. Then, an email summary is sent to the user with a link to the processing report. The link to the report must remain valid if the email is forwarded to another user.
Requirements
Receipt processing
Concurrent processing of a receipt must be prevented.
Logging
Azure Application Insights is used for telemetry and logging in both the processor and the web application. The processor also has TraceWriter logging enabled. Application Insights must always contain all log messages.
Disaster recovery
Regional outage must not impact application availability. All DR operations must not be dependent on application running and must ensure that data in the DR region is up to date.
Security
* Users' SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins.
* All certificates and secrets used to secure data must be stored in Azure Key Vault.
* You must adhere to the Least Privilege Principal.
* All access to Azure Storage and Azure SQL database must use the application's Managed Service Identity (MSI)
* Receipt data must always be encrypted at rest.
* All data must be protected in transit.
* User's expense account number must be visible only to logged in users. All other views of the expense account number should include only the last segment with the remaining parts obscured.
* In the case of a security breach, access to all summary reports must be revoked without impacting other parts of the system.
Issues
Upload format issue
Employees occasionally report an issue with uploading a receipt using the web application. They report that when they upload a receipt using the Azure File Share, the receipt does not appear in their profile. When this occurs, they delete the file in the file share and use the web application, which returns a 500 Internal Server error page.
Capacity issue
During busy periods, employees report long delays between the time they upload the receipt and when it appears in the web application.
Log capacity issue
Developers report that the number of log messages in the trace output for the processor is too high, resulting in lost log messages.
Processing.cs
Database.cs
ReceiptUploader.cs
ConfigureSSE.ps1
Hotspot Question
You need to add the Supporting Operating Systems section to the Getting Started document.
How should you complete the section? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
