70-535日本語 無料問題集「Microsoft Architecting Microsoft Azure Solutions (70-535日本語版)」
正解:
Explanation
References: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-service-tiers
正解:
Explanation
Box 1: Create a resource group containing the critical resources
In Azure, you logically group related resources such as storage accounts, virtual networks, and virtual machines (VMs) to deploy, manage, and maintain them as a single entity.
Box 2: Create an action group for alerts to email addresses
An action group is a collection of notification preferences defined by the user. Azure Monitor and Service Health alerts are configured to use a specific action group when the alert is triggered. Various alerts may use the same action group or different action groups depending on the user's requirements.
Box 3: Create an activity log alert for service health
Create an alert on a service health notification for a new action group.
References:
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-action-groups
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-activity-log-alerts-on-service-not
正解:
Explanation
Step 1 - Plan your IP address ranges
* Step 2 - Create the virtual networks
Step 3 - Configure the local site
* Step 4 - Create the virtual network gateway
Step 5 - Configure TestVNet4 settings
Step 6 - Update the local sites
Step 7 - Retrieve values from the network configuration file
* Step 8 - Create the VPN gateway connections
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-portal-classic#create-the-dyn
正解:
Explanation
Automatic access expiration: Privileged Identity Management (PIM)
To protect privileged accounts from malicious cyber-attacks, you can use Azure Active Directory Privileged Identity Management (PIM) to lower the exposure time of privileges and increase your visibility into their use through reports and alerts.
You can now use PIM with Azure Role-Based Access Control (RBAC) to manage, control, and monitor access to Azure resources. PIM can manage the membership of built-in and custom roles to help you:
Enable on-demand, "just in time" access to Azure resources
Expire resource access automatically for assigned users and groups
Assign temporary access to Azure resources for quick tasks or on-call schedules Get alerts when new users or groups are assigned resource access, and when they activate eligible assignments Time-based access restrictions: Conditional Access Conditional access is a capability of Azure Active Directory that enables you to enforce controls on the access to apps in your environment based on specific conditions from a central location.
Conditional Access App Control enables user app access and sessions to be monitored and controlled in real time based on access and session policies.
Access to Azure Management endpoints: Conditional Access
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/pim-azure-resource
https://docs.microsoft.com/en-us/cloud-app-security/proxy-intro-aad
https://docs.microsoft.com/en-us/azure/role-based-access-control/conditional-access-azure-management
正解:
Explanation
Box 1: Create a service namespace under Service Bus
Box 2: Obtain the default management credentials for the namespace.
Box 3: Configure the application to use Service Bus Relay
Box 4: Configure Service Bus Queue
Note:
Box 1: Create a service namespace under Service Bus
To begin using Service Bus queues in Azure, you must first create a service namespace. A namespace provides a scoping container for addressing Service Bus resources within your application.
Box 2: Obtain the default management credentials for the namespace.
In order to perform management operations, such as creating a queue on the new namespace, you must obtain the management credentials for the namespace.
Box 3: Configure the application to use Service Bus Relay
When you create an application that uses Service Bus, you must add a reference to the Service Bus assembly and include the corresponding namespaces.
The Service Bus NuGet package is the easiest way to get the Service Bus API and to configure your application with all of the Service Bus dependencies.
After installing this package you are now ready to write code for Service Bus.
Box 4: Configure Service Bus Queue
This would include:
* set up a Service Bus connection string
* create a queue
* provide code to send/receive messages from the queue
References: https://azure.microsoft.com/en-gb/documentation/articles/service-bus-dotnet-how-to-use-queues/
Topic 5, Fourth CoffeeBackground
You are the new cloud architect for Fourth Coffee. I he company hosts an on-premises ASP.NET MVC web application to allow online purchases and to support their retail store operations.
The new chief information officer (CIO) has announced several initiatives for the new year, including a new mobile application, online training for retail store employees, and moving the current web application and other services to the cloud.
The marketing team hopes to see an increase in the up-time for the web application. The team would also like to allow users to use social-Nogms in addition to the current username and password system.
Fourth Coffee has chosen Microsoft Azure to support their initiatives.
Current environment
In the Azure portal, you create an Azure Mobile App for the API. You create a Service Bus queue in Azure and install the Azure Storage SDK for Nodejs.
Problem statements
The mobile team attempts to use continuous deployment with the Azure App Service and the new API project.
They receive the following error message: "Unable to access
'http://fourthcoffeeapi.azurewebsites.net/': Failed to connect to
https://fourthcoffeeapi.scm.azurewebsites.net/"
Business requirement
Web Application
*You must increase up-time for the application.
*The application must support additional regions and languages.
*Marketing must be able to validate the web application before updates to the application are published to the production environment.
Mobile
*The marketing team must be able to send frequent and timely updates to specific users and devices including Apple iPad. iPhone, Android. Windows, and Windows Phone devices.
*Users must be able to use their social accounts to sign in to the application. You must support Linkedln, Facebook and Google logons.
*The application must remain responsive, even during peak periods.
Training
Video streaming content must be made available and streamed to employee's browsers. Training content must only include on-demand streaming. There will be no live content.
Technical requirement
Web Application
*You must update the deployment process to support cloud deployments.
*All data must be formatted as JSON during transport.
*You must implement Team Foundation Version Control (TFVC) as the version control system for the web application.
*Incoming messages to the API must be persisted to queue storage to ensure they are delivered and processed.
You must restrict the size of messages between the mobile app and the API to no more than 5 gigabytes (GB).
*The web application must use geo-redundant replication.
Mobile
*You must use Node.js as a technology platform. You must support all mobile initiatives when possible.
*You must implement Git as the version control system for the mobile app.
*You must develop a REST API by using Node.js. Express, and MongoDB. You must use the Mobile Apps feature of the Azure App Service to host the API in Standard mode.
*You must implement the following Push Notification Services by using Azure Media Services:
*Apple Push Notification Service (APNS) for iPad and iPhone devices
*Google Cloud Messaging service (GCM) for Android devices
*Windows Notification Service (WNS) for Windows devices
*Microsoft Push Notification Service (MPNS) for Windows Phone devices
Security and Disaster Recovery
*You must integrate the on-premises Active Directory Domain Services with Azure Active Directory (Azure AD).
*You must implement the latest federated identity standards to provide authentication and authorization to applications.
*You must implement Multi-Factor Authentication.
*The web application and the API must be able to recover from a disaster.
Scaling
The web application and API must auto-scale according to the following rules:
*Scale up by one instance if CPU is above 70%.
*Scale down by one instance if CPU is below 50%.
Training
*Streaming must include Content Delivery Network (CDN) capabilities to support global locations.
*Content must be encrypted and protected by using AES and PlayReady.
*Streaming must include one gigabit (GB) per second of dedicated egress capacity.
*All videos must use adaptive bitrate MP4 encoded content and include a streaming manifest file (.ism).
*You must support the following streaming formats for video files: MPEG DASH, HI_S, Smooth Streaming, HDS. You must not need to re-encode the content.
正解:
Explanation
Box 1: Cookbooks
A Cookbook is used by Chef to define a set of commands that you wish to execute on your managed client.
Box 2: Azure Automation
The Start/Stop VMs during off-hours solution starts and stops your Azure Resource Manager virtual machines on a user-defined schedule and provides insight into the success of the Automation jobs that start and stop your virtual machines with OMS Log Analytics.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/chef-automation
https://docs.microsoft.com/en-us/azure/automation/automation-solution-vm-management
正解:
Explanation
1.Delegated Permission (Native client app can't be configured with Application Permission)
2.Delegated Permission (to have authenticated access)
3.Application Permission.
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications