HOTSPOT - (Topic 8)
A company is developing a Node.js web app. The web app code is hosted in a GitHub repository located at https://github.com/TailSpinToys/weapp.
The web app must be reviewed before it is moved to production. You must deploy the initial
code release to a deployment slot named review. You need to create the web app and deploy the code.
How should you complete the commands? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
The New-AzResourceGroup cmdlet creates an Azure resource group.
The New-AzAppServicePlan cmdlet creates an Azure App Service plan in a given location The New-AzWebApp cmdlet creates an Azure Web App in a given a resource group
The New-AzWebAppSlot cmdlet creates an Azure Web App slot.
References:
https://docs.microsoft.com/en-us/powershell/module/az.resources/new- azresourcegroup?view=azps-2.3.2
https://docs.microsoft.com/en-us/powershell/module/az.websites/new- azappserviceplan?view=azps-2.3.2
https://docs.microsoft.com/en-us/powershell/module/az.websites/new- azwebapp?view=azps-2.3.2
https://docs.microsoft.com/en-us/powershell/module/az.websites/new- azwebappslot?view=azps-2.3.2
Does this meet the goal?
Correct Answer:
A
HOTSPOT - (Topic 8)
You plan to deploy a new application to a Linux virtual machine (VM) that is hosted in Azure.
The entire VM must be secured at rest by using industry-standard encryption technology to address organizational security and compliance requirements.
You need to configure Azure Disk Encryption for the VM.
How should you complete the Azure Cli commands? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: keyvault
Create an Azure Key Vault with az keyvault create and enable the Key Vault for use with disk encryption. Specify a unique Key Vault name for keyvault_name as follows:
keyvault_name=myvaultname$RANDOM az keyvault create
--name $keyvault_name
--resource-group $resourcegroup
--location eastus
--enabled-for-disk-encryption True
Box 2: keyvault key
The Azure platform needs to be granted access to request the cryptographic keys when the VM boots to decrypt the virtual disks. Create a cryptographic key in your Key Vault with az keyvault key create. The following example creates a key named myKey:
az keyvault key create
--vault-name $keyvault_name
--name myKey
--protection software
Box 3: vm
Create a VM with az vm create. Only certain marketplace images support disk encryption. The following example creates a VM named myVM using an Ubuntu 16.04 LTS image:
az vm create
--resource-group $resourcegroup
--name myVM
--image Canonical:UbuntuServer:16.04-LTS:latest
--admin-username azureuser
--generate-ssh-keys
Box 4: vm encryption
Encrypt your VM with az vm encryption enable:
az vm encryption enable
--resource-group $resourcegroup
--name myVM
--disk-encryption-keyvault $keyvault_name
--key-encryption-key myKey
--volume-type all
Note: seems to an error in the question. Should have enable instead of create. Box 5: all
Encrypt both data and operating system.
References:
https://docs.microsoft.com/bs-latn-ba/azure/virtual-machines/linux/encrypt-disks
Does this meet the goal?
Correct Answer:
A
HOTSPOT - (Topic 8)
You are developing a service where customers can report news events from a browser using Azure Web PubSub. The service is implemented as an Azure App that the JSON WebSocket suprotocol to receive news events.
You need to implement the bindings for the Azure Function App.
How should you configure the binding? To answer, select the appropriate options in the answer area.
Note: Each Correct Selection in worth one point.
Solution:
Does this meet the goal?
Correct Answer:
A
- (Topic 8)
You are a developer for a SaaS company that offers many web services. All web services for the company must meet the following requirements:
✑ Use API Management to access the services
✑ Use OpenID Connect for authentication
✑ Prevent anonymous usage
A recent security audit found that several web services can be called without any authentication.
Which API Management policy should you implement?
Correct Answer:
D
Add the validate-jwt policy to validate the OAuth token for every incoming request. Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad
HOTSPOT - (Topic 8)
You develop and deploy the following staticwebapp.config.json file to the app_location value specified in the workflow file of an Azure Static Web app.
Solution:
Does this meet the goal?
Correct Answer:
A
