- (Exam Topic 5)
You plan to deploy an application named App1 that will run on five Azure virtual machines. Additional virtual machines will be deployed later to run App1.
You need to recommend a solution to meet the following requirements for the virtual machines that will run App1:
Ensure that the virtual machines can authenticate to Azure Active Directory (Azure AD) to gain access to an Azure key vault, Azure Logic Apps instances, and an Azure SQL database. Avoid assigning new roles and permissions for Azure services when you deploy additional virtual machines. Avoid storing secrets and certificates on the virtual machines.
Which type of identity should you include in the recommendation?
Correct Answer:
D
Managed identities for Azure resources is a feature of Azure Active Directory.
User-assigned managed identity can be shared. The same user-assigned managed identity can be associated with more than one Azure resource.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
- (Exam Topic 5)
You have the resources shown in the following table.
CDB1 hosts a container that stores continuously updated operational data.
You are designing a solution that will use ASI to analyze the operational data daily.
You need to recommend a solution to analyze the data without affecting the performance of the operational data store.
What should you include in the recommendation?
Correct Answer:
D
- (Exam Topic 5)
Your company, named Contoso, Ltd, implements several Azure logic apps that have HTTP triggers: The logic apps provide access to an on-premises web service.
Contoso establishes a partnership with another company named Fabrikam, Inc.
Fabrikam does not have an existing Azure Active Directory (Azure AD) tenant and uses third-party OAuth 2.0 identity management to authenticate its users.
Developers at Fabrikam plan to use a subset of the logics apps to build applications that will integrate with the on-premises web service of Contoso.
You need to design a solution to provide the Fabrikam developers with access to the logic apps. The solution must meet the following requirements:
Requests to the logic apps from the developers must be limited to lower rates than the requests from the users at Contoso. The developers must be able to rely on their existing OAuth 2.0 provider to gain access to the logic apps. The solution must NOT require changes to the logic apps. The solution must NOT use Azure AD guest accounts.
What should you include in the solution?
Correct Answer:
C
API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services.
You can secure API Management using the OAuth 2.0 client credentials flow. Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts https://docs.microsoft.com/en-us/azure/api-management/api-management-features https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#ena
- (Exam Topic 5)
You plan to deploy an Azure SQL database that will store Personally Identifiable Information (Pll). You need to ensure that only privileged users can view the Pll.
What should you include in the solution?
Correct Answer:
D
- (Exam Topic 5)
You have an Azure subscription that is linked to an Azure Active Directory Premium Plan 2 tenant The tenant has multi-factor authentication (MFA) enabled for all users.
You have the named locations shown in the following table.
You have the users shown in the following table.
You plan to deploy the Conditional Access policies shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
A screenshot of a computer Description automatically generated with medium confidence
Does this meet the goal?
Correct Answer:
A
