- (Exam Topic 5)
You have an Azure subscription. The subscription has a blob container that contains multiple blobs. Ten users in the finance department of your company plan to access the blobs during the month of April. You need to recommend a solution to enable access to the blobs during the month of April only. Which security solution should you include in the recommendation?
Correct Answer:
A
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview
This allows for limited-time fine grained access control to resources. So you can generate URL, specify duration (for month of April) and disseminate URL to 10 team members. On May 1, the SAS token is automatically invalidated, denying team members continued access.
- (Exam Topic 5)
You plan to deploy an Azure App Service web app that will have multiple instances across multiple Azure regions.
You need to recommend a load balancing service for the planned deployment. The solution must meet the following requirements:
Maintain access to the app in the event of a regional outage. Support Azure Web Application Firewall (WAF). Support cookie-based affinity. Support URL routing.
What should you include in the recommendation?
Correct Answer:
B
Azure Traffic Manager performs the global load balancing of web traffic across Azure regions, which have a regional load balancer based on Azure Application Gateway. This combination gets you the benefits of Traffic Manager many routing rules and Application Gateway’s capabilities such as WAF, TLS termination,
path-based routing, cookie-based session affinity among others.
Reference:
https://docs.microsoft.com/en-us/azure/application-gateway/features
- (Exam Topic 5)
You need to recommend an Azure Storage Account configuration for two applications named Application1 and Applications. The configuration must meet the following requirements:
• Storage for Application1 must provide the highest possible transaction rates and the lowest possible latency.
• Storage for Application2 must provide the lowest possible storage costs per GB.
• Storage for both applications must be optimized for uploads and downloads.
• Storage for both applications must be available in an event of datacenter failure.
What should you recommend ? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point
Solution:
Graphical user interface, text, application Description automatically generated
Box 1: BloblBlobStorage with Premium performance and Zone-redundant storage (ZRS) replication.
BlockBlobStorage accounts: Storage accounts with premium performance characteristics for block blobs and append blobs. Recommended for scenarios with high transactions rates, or scenarios that use smaller objects or require consistently low storage latency.
Premium: optimized for high transaction rates and single-digit consistent storage latency. Box 2: General purpose v2 with Standard performance..
General-purpose v2 accounts: Basic storage account type for blobs, files, queues, and tables. Recommended for most scenarios using Azure Storage.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 1)
You plan to migrate App1 to Azure.
You need to recommend a network connectivity solution for the Azure Storage account that will host the App1 data. The solution must meet the security and compliance requirements.
What should you include in the recommendation?
Correct Answer:
A
Private Endpoint securely connect to storage accounts from on-premises networks that connect to the VNet using VPN or ExpressRoutes with private-peering.
Private Endpoint also secure your storage account by configuring the storage firewall to block all connections on the public endpoint for the storage service.
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-faqs#microsoft-peering
- (Exam Topic 5)
You have an Azure Active Directory (Azure AD) tenant.
You plan to use Azure Monitor to monitor user sign-ins and generate alerts based on specific user sign-in events.
You need to recommend a solution to trigger the alerts based on the events.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Graphical user interface, text, application Description automatically generated
Box 1: An Azure Log Analytics workspace
To be able to create an alert we send the Azure AD logs to An Azure Log Analytics workspace.
Note: You can forward your AAD logs and events to either an Azure Storage Account, an Azure Event Hub, Log Analytics, or a combination of all of these.
Box 2: Log
Ensure Resource Type is an analytics source like Log Analytics or Application Insights and signal type as Log.
Reference:
https://4sysops.com/archives/how-to-create-an-azure-ad-admin-login-alert/ https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-log
Does this meet the goal?
Correct Answer:
A
