- (Exam Topic 8)
You are a developer for a SaaS company that offers many web services. All web services for the company must meet the following requirements:
Use API Management to access the services Use OpenID Connect for authentication Prevent anonymous usage
A recent security audit found that several web services can be called without any authentication. Which API Management policy should you implement?
Correct Answer:
D
Add the validate-jwt policy to validate the OAuth token for every incoming request. Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad
- (Exam Topic 8)
You are developing an Azure App Service web app.
The web app must securely store session information in Azure Redis Cache. You need to connect the web app to Azure Redis Cache.
Which three Azure Redis Cache properties should you use? Each correct answer presents part of the solution. Each correct selection is worth one point.
Correct Answer:
ACD
https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-web-app-howto
- (Exam Topic 8)
You are developing a web application that uses Azure Cache for Redis. You anticipate that the cache will frequently fill and that you will need to evict keys.
You must configure Azure Cache for Redis based on the following predicted usage pattern: A small subset of elements will be accessed much more often than the rest.
You need to configure the Azure Cache for Redis to optimize performance for the predicted usage pattern.
Which two eviction policies will achieve the goal?
NOTE: Each correct selection is worth one point.
Correct Answer:
BD
B: The allkeys-lru policy evict keys by trying to remove the less recently used (LRU) keys first, in order to make space for the new data added. Use the allkeys-lru policy when you expect a power-law distribution in the popularity of your requests, that is, you expect that a subset of elements will be accessed far more often than the rest.
C: volatile-lru: evict keys by trying to remove the less recently used (LRU) keys first, but only among keys that have an expire set, in order to make space for the new data added.
Note: The allkeys-lru policy is more memory efficient since there is no need to set an expire for the key to be evicted under memory pressure.
Reference: https://redis.io/topics/lru-cache
- (Exam Topic 3)
You need to configure security and compliance for the corporate website files.
Which Azure Blob storage settings should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: role-based access control (RBAC)
Azure Storage supports authentication and authorization with Azure AD for the Blob and Queue services via Azure role-based access control (Azure RBAC).
Scenario: File access must restrict access by IP, protocol, and Azure AD rights. Box 2: change feed
The purpose of the change feed is to provide transaction logs of all the changes that occur to the blobs and the blob metadata in your storage account.
The file updates must be read-only, stored in the order in which they occurred, include only create, update, delete, and copy operations, and be retained for compliance reasons.
Reference:
https://docs.microsoft.com/en-us/azure/cdn/cdn-sas-storage-support https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-change-feed?tabs=azure-portal
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 3)
You need to ensure that all messages from Azure Event Grid are processed. What should you use?
Correct Answer:
B
As a solution architect/developer, you should consider using Service Bus queues when:
Your solution needs to receive messages without having to poll the queue. With Service Bus, you can achieve it by using a long-polling receive operation using the TCP-based protocols that Service Bus
supports. Reference:
https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-azure-and-service-bus-queues-compa
