- (Exam Topic 5)
You need to design a highly available Azure SQL database that meets the following requirements:
* Failover between replicas of the database must occur without any data loss.
* The database must remain available in the event of a zone outage.
* Costs must be minimized.
Which deployment option should you use?
Correct Answer:
D
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/service-tier-business-critical
- (Exam Topic 5)
Your company, named Contoso, Ltd., implements several Azure logic apps that have HTTP triggers. The logic apps provide access to an on-premises web service.
Contoso establishes a partnership with another company named Fabrikam. IncL
Fabrikam does not have an existing Azure Active Directory (Azure AD) tenant and uses third-party OAuth 2.0 identity management to authenticate its users.
I Developers at Fabrikam plan to use a subset of the logic apps to build applications that will integrate with the on-premises web service of Contoso.
You need to design a solution to provide the Fabrikam developers with access to the logic apps. The solution must meet the following requirements:
• Requests to the logic apps from the developers must be limited to lower rates than the requests from the users at Contoso.
• The developers must be able to rely on their existing OAuth 2.0 provider to gain access to the logic apps.
• The solution must NOT require changes to the logic apps.
• The solution must NOT use Azure AD guest accounts. What should you include in the solution?
Correct Answer:
D
API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services.
You can secure API Management using the OAuth 2.0 client credentials flow. Reference:
https://docs.microsoft.com/en-us/azure/api-management/api-management-key-concepts https://docs.microsoft.com/en-us/azure/api-management/api-management-features https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#ena
- (Exam Topic 5)
A company named Contoso, Ltd. has an Azure Active Directory (Azure AD) tenant that is integrated with Microsoft Office 365 and an Azure subscription.
Contoso has an on-premises identity infrastructure. The infrastructure includes servers that run Active Directory Domain Services (AD DS), and Azure AD Connect
Contoso has a partnership with a company named Fabrikam, Inc. Fabrikam has an Active Directory forest and an Office 365 tenant. Fabrikam has the same on-premises identity infrastructure as Contoso.
A team of 10 developers from Fabrikam will work on an Azure solution that will be hosted in the Azure subscription of Contoso. The developers must be added to the Contributor role for a resource in the Contoso subscription.
You need to recommend a solution to ensure that Contoso can assign the role to the 10 Fabrikam developers. The solution must ensure that the Fabrikam developers use their existing credentials to access resources.
What should you recommend?
Correct Answer:
A
Trust configurations - Configure trust from managed forests(s) or domain(s) to the administrative forest
A one-way trust is required from production environment to the admin forest.
Selective authentication should be used to restrict accounts in the admin forest to only logging on to the appropriate production hosts.
References:
https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access
- (Exam Topic 3)
You need to recommend an App Service architecture that meets the requirements for Appl. The solution must minimize costs.
What should few recommend?
Correct Answer:
A
- (Exam Topic 5)
You have to deploy an Azure SQL database named db1 for your company. The databases must meet the following security requirements
When IT help desk supervisors query a database table named customers, they must be able to see the full number of each credit card
When IT help desk operators query a database table named customers, they must only see the last four digits of each credit card number
A column named Credit Card rating in the customers table must never appear in plain text in the database system. Only client applications must be able to decrypt the information that is stored in this column
Which of the following can be implemented for the Credit Card rating column security requirement?
Correct Answer:
A
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine