http://https://www.newpassleader.com/Microsoft/70-535-exam-preparation-materials.html (386 Q&As Dumps, 30%OFF Special Discount: 30free )
NEW QUESTION NO: 10
This is case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answer and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Background
You are an architect for Trey Research Inc., a software as a service (SaaS) company. The company is developing a new product named Tailspin for consumer and small business financial monitoring. The product will be offered as an API to banks and financial instructions. Banks and financial institutions will integrate Tailspin into their own online banking offerings.
All employees of Trey Research are members of an Active Directory Domain Services (AD DS) group named TREY.
Technical Requirement
Architecture
All application and customer data will be stored in Azure SQL Database instances.
API calls that modify data will be implemented as queue messages in an Azure Storage Queue. Queue messages must expire after 90 minutes.
Security
The solution has the following security requirements:
Common security issues such as SQL injection and XSS must be prevented.
Database-related security issues must not result in customers' data being exposed.
Exposure of application source code and deployment artifacts must not result in customer data being
exposed.
Every 90 days, all application code must undergo a security review to ensure that new or changed code
does not introduce a security risk.
Remote code execution in the Web App must not result in the loss of security secrets.
Auditing, Monitoring, Alerting
The solution has the following requirements for auditing, monitoring, and alerting:
Changes to administrative group membership must be auditable.
Operations involving encryption keys must be auditable by users in the Azure Key Vault Auditors user
role.
Resources must have monitoring and alerting configured in Azure Security Center.
Authorization, authentication
The solution has the following authentication and authorization requirements:
Azure Active Directory (Azure AD) must be used to authenticate users.
Compromised user accounts should be disabled as quickly as possible.
Only employees of Trey Research Inc. should be able to address automated security
recommendations.
Service Level agreement
Failure of any one Azure region must not impact service availability. Customer data must not be lost once accepted by the application.
Performance, resource utilization
The solution must meet the following performance and resource usage requirements:
Azure costs must be minimized.
Application performance must remain level, regardless of the geographic location of users.
All application diagnostic and activity logs must be captured without loss.
Compute resources must be shared across all databases used by the solution.
You need to ensure that authentication requirements are met.
What should you do?
A. Enable multi-factor authentication.
B. Enable Azure AD Identity Protection.
C. Require users to authenticate by using Windows Hello for Business.
D. Require users to authenticate by using certificate-based authentication.
Answer: A
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication
NEW QUESTION NO: 11
DRAG DROP
This is case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answer and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Background
Security
The security team at Tailspin Toys plans to eliminate legacy authentication methods that are in use, including NTLM and Windows pass-through authentication.
Tailspin Toys needs to share resources with several business partners. You are investigating options to securely share corporate data.
Tailspin Toys has several databases that contain personally identifiable information (PII). User access PII only through the Tailspin Toys e-commerce website.
You secure apps by using on-premises Active Directory Domain Services (AD DS) credentials or Microsoft SQL Server logins.
Apps
The Tailspin Toys e-commerce site is hosted on multiple on-premises virtual machines (VMs). The VM runs either Internet Information Server (IIS) or SQL Server 2012 depending on role. The site is published to the Internet by using a single endpoint that balances the load across web servers. The site does not encrypt traffic between database servers and web servers.
The Tailspin Toys Customer Analyzer app analyzer e-commerce transactions to identify customer buying patterns, and outputs recommended product sale pricing. The app runs large processing jobs that run for
75-120 minutes several times each day. The application development team plans to replace the current solution with a parallel processing solution that scales based on computing demands.
The Tailspin Toys Human Resources (HR) app is an in-house developed app that hosts sensitive employee data. The app uses SQL authentication for Role-Based Access Control (RBAC).
Problem statement
The Tailspin Toys IT Leadership Team plans to address deficiencies in access control, data security, performance, and availability requirements. All applications must be updated to meet any new standards that are defined.
The Tailspin Toys e-commerce site was recently targeted by a cyberattack. In the attack, account information was stolen from the customer database. Transactions that were in progress during the attack were not completed. Forensic investigation of the attack has revealed that the stolen customer data was captured in-transit from the database to a compromised web server.
The HR team reports that unauthorized IT employees can view sensitive employee data by using service or application accounts.
Business Requirements
Tailspin Toys e-commerce site
The business has requested that security and availability of the e-commerce site is improved to meet the following requirements.
Communication between site components must be secured to stop data breaches. If servers are
breached, the data must not be readable.
The site must be highly available at each application tier, as well as the published endpoint.
Customers must be able to authenticate to the e-commerce site with their existing social media
accounts.
Tailspin Toys Customer Analyzer app
The business requires that processing time be reduced from 75-120 minutes to 5-15 minutes.
Tailspin Toys HR app
Only authorized employees and business partners are allowed to view sensitive employee data. HR has requested a mobile experience for end users.
Technical Requirements
Security
The security team has established the following requirements for role-separation and RBAC:
Log on hours defined in AD DS must be enforced for users that access cloud resources.
IT operations team members must be able to deploy and manage all resources in Azure, but must not
be able to grant permissions to others.
Application development team members must be able to deploy and manage Azure Web Apps.
SQL database administrators must be able to deploy and manage SQL databases used by TailSpin
Toys applications.
Application support analysts must be able to manage resources for the application(s) for which they are
responsible.
Service desk analysts must be able to view service status and component settings.
Role assignment should use the principle of least privilege.
Tailspin Toys e-commerce site
The application is currently using a pair of hardware load balancers behind a single published endpoint to load balance traffic. Customer data is hosted in a SQL Server 2012 database. Customer user accounts are stored in an AD DS instance.
The updated application and supporting infrastructure must:
Provide high availability in the event of failure in a single Azure SQL Database instance.
Allow secure web traffic on port 443 only.
Enable customers to authentication with Facebook, Microsoft Live ID or other social media identities.
Encrypt SQL data at-rest.
Encrypt data in motion between back-end SQL database instances and web application instances.
Prevent administrator and service accounts from viewing PII data.
Mask account and PII data presented to end user.
Minimize outage duration in event of an Azure datacenter failure.
The site should scale automatically to meet customer demand.
The site should continue to serve requests, even in the event of failure of an Azure datacenter.
Optimize site response time by auto-directing to the closest datacenter based on customer's
geographic location.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
Tailspin Toys Customer Analyzer app
The app uses several compute-intensive tasks that create long-running requests to the system, processing large amounts of data. The app runs on two large VMs that are scaled to max capacity in the corporate datacenter. The VMs cannot be scaled up or out to meet processing demands.
The new solution must meet the following requirements:
Schedule processing of a large amount of pricing data on an hourly basis.
Provide parallel processing and scale-on-demand computing resources to provide additional capacity
as required.
Processing times must meet the 5-15 minute processing requirement.
Use simultaneous compute nodes to enable high performance computing for analysis.
Minimal administrative efforts and custom development.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
Tailspin Toys HR app
The solution architecture must meet the following requirements:
Integrate with Azure Active Directory (Azure AD).
Encrypt data at rest and in-transit.
Limit access based on location, filtered by IP addresses for corporate sites and authorized business
partners.
Mask data presented to employees.
Must be available on mobile devices.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
You need to recommend a directory service and identity provider for the Tailspin Toys HR app.
What should you do recommend? To answer, drag the appropriate recommendations to the correct requirements. Each recommendation may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Select and Place:
Answer:
NEW QUESTION NO: 12
This is case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answer and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Background
Security
The security team at Tailspin Toys plans to eliminate legacy authentication methods that are in use, including NTLM and Windows pass-through authentication.
Tailspin Toys needs to share resources with several business partners. You are investigating options to securely share corporate data.
Tailspin Toys has several databases that contain personally identifiable information (PII). User access PII only through the Tailspin Toys e-commerce website.
You secure apps by using on-premises Active Directory Domain Services (AD DS) credentials or Microsoft SQL Server logins.
Apps
The Tailspin Toys e-commerce site is hosted on multiple on-premises virtual machines (VMs). The VM runs either Internet Information Server (IIS) or SQL Server 2012 depending on role. The site is published to the Internet by using a single endpoint that balances the load across web servers. The site does not encrypt traffic between database servers and web servers.
The Tailspin Toys Customer Analyzer app analyzer e-commerce transactions to identify customer buying patterns, and outputs recommended product sale pricing. The app runs large processing jobs that run for
75-120 minutes several times each day. The application development team plans to replace the current solution with a parallel processing solution that scales based on computing demands.
The Tailspin Toys Human Resources (HR) app is an in-house developed app that hosts sensitive employee data. The app uses SQL authentication for Role-Based Access Control (RBAC).
Problem statement
The Tailspin Toys IT Leadership Team plans to address deficiencies in access control, data security, performance, and availability requirements. All applications must be updated to meet any new standards that are defined.
The Tailspin Toys e-commerce site was recently targeted by a cyberattack. In the attack, account information was stolen from the customer database. Transactions that were in progress during the attack were not completed. Forensic investigation of the attack has revealed that the stolen customer data was captured in-transit from the database to a compromised web server.
The HR team reports that unauthorized IT employees can view sensitive employee data by using service or application accounts.
Business Requirements
Tailspin Toys e-commerce site
The business has requested that security and availability of the e-commerce site is improved to meet the following requirements.
Communication between site components must be secured to stop data breaches. If servers are
breached, the data must not be readable.
The site must be highly available at each application tier, as well as the published endpoint.
Customers must be able to authenticate to the e-commerce site with their existing social media
accounts.
Tailspin Toys Customer Analyzer app
The business requires that processing time be reduced from 75-120 minutes to 5-15 minutes.
Tailspin Toys HR app
Only authorized employees and business partners are allowed to view sensitive employee data. HR has requested a mobile experience for end users.
Technical Requirements
Security
The security team has established the following requirements for role-separation and RBAC:
Log on hours defined in AD DS must be enforced for users that access cloud resources.
IT operations team members must be able to deploy and manage all resources in Azure, but must not
be able to grant permissions to others.
Application development team members must be able to deploy and manage Azure Web Apps.
SQL database administrators must be able to deploy and manage SQL databases used by TailSpin
Toys applications.
Application support analysts must be able to manage resources for the application(s) for which they are
responsible.
Service desk analysts must be able to view service status and component settings.
Role assignment should use the principle of least privilege.
Tailspin Toys e-commerce site
The application is currently using a pair of hardware load balancers behind a single published endpoint to load balance traffic. Customer data is hosted in a SQL Server 2012 database. Customer user accounts are stored in an AD DS instance.
The updated application and supporting infrastructure must:
Provide high availability in the event of failure in a single Azure SQL Database instance.
Allow secure web traffic on port 443 only.
Enable customers to authentication with Facebook, Microsoft Live ID or other social media identities.
Encrypt SQL data at-rest.
Encrypt data in motion between back-end SQL database instances and web application instances.
Prevent administrator and service accounts from viewing PII data.
Mask account and PII data presented to end user.
Minimize outage duration in event of an Azure datacenter failure.
The site should scale automatically to meet customer demand.
The site should continue to serve requests, even in the event of failure of an Azure datacenter.
Optimize site response time by auto-directing to the closest datacenter based on customer's
geographic location.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
Tailspin Toys Customer Analyzer app
The app uses several compute-intensive tasks that create long-running requests to the system, processing large amounts of data. The app runs on two large VMs that are scaled to max capacity in the corporate datacenter. The VMs cannot be scaled up or out to meet processing demands.
The new solution must meet the following requirements:
Schedule processing of a large amount of pricing data on an hourly basis.
Provide parallel processing and scale-on-demand computing resources to provide additional capacity
as required.
Processing times must meet the 5-15 minute processing requirement.
Use simultaneous compute nodes to enable high performance computing for analysis.
Minimal administrative efforts and custom development.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
Tailspin Toys HR app
The solution architecture must meet the following requirements:
Integrate with Azure Active Directory (Azure AD).
Encrypt data at rest and in-transit.
Limit access based on location, filtered by IP addresses for corporate sites and authorized business
partners.
Mask data presented to employees.
Must be available on mobile devices.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to recommend a solution architecture for the Tailspin Toys e-commerce website for app tier, data tier, and user authentication.
Solution:
Mobile App based on Azure App Service
App data stored in DocumentDB
Authentication provided through Azure AD business-to-business (B2B)
Solution deployed to multiple Azure regional datacenters
Load balancing with virtual appliance
Does the solution meet the goal?
A. Yes
B. No
Answer: B
NEW QUESTION NO: 13
You have business services that run on an on-premises mainframe server.
You must provide an intermediary configuration to support existing business services and Azure. The business services cannot be rewritten. The business services are not exposed externally.
You need to recommend an approach for accessing the business services.
What should you recommend?
A. Connect to the on-premises server by using a custom service in Azure.
B. Expose the business services externally.
C. Expose the business services to the Azure Service Bus by using a custom service that uses relay binding.
D. Move all business service functionality to Azure.
Answer: B
Explanation/Reference:
References:
http://azure.microsoft.com/en-gb/documentation/articles/service-bus-dotnet-how-to-use-relay/
NEW QUESTION NO: 14
DRAG DROP
This is case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answer and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Background
Security
The security team at Tailspin Toys plans to eliminate legacy authentication methods that are in use, including NTLM and Windows pass-through authentication.
Tailspin Toys needs to share resources with several business partners. You are investigating options to securely share corporate data.
Tailspin Toys has several databases that contain personally identifiable information (PII). User access PII only through the Tailspin Toys e-commerce website.
You secure apps by using on-premises Active Directory Domain Services (AD DS) credentials or Microsoft SQL Server logins.
Apps
The Tailspin Toys e-commerce site is hosted on multiple on-premises virtual machines (VMs). The VM runs either Internet Information Server (IIS) or SQL Server 2012 depending on role. The site is published to the Internet by using a single endpoint that balances the load across web servers. The site does not encrypt traffic between database servers and web servers.
The Tailspin Toys Customer Analyzer app analyzer e-commerce transactions to identify customer buying patterns, and outputs recommended product sale pricing. The app runs large processing jobs that run for
75-120 minutes several times each day. The application development team plans to replace the current solution with a parallel processing solution that scales based on computing demands.
The Tailspin Toys Human Resources (HR) app is an in-house developed app that hosts sensitive employee data. The app uses SQL authentication for Role-Based Access Control (RBAC).
Problem statement
The Tailspin Toys IT Leadership Team plans to address deficiencies in access control, data security, performance, and availability requirements. All applications must be updated to meet any new standards that are defined.
The Tailspin Toys e-commerce site was recently targeted by a cyberattack. In the attack, account information was stolen from the customer database. Transactions that were in progress during the attack were not completed. Forensic investigation of the attack has revealed that the stolen customer data was captured in-transit from the database to a compromised web server.
The HR team reports that unauthorized IT employees can view sensitive employee data by using service or application accounts.
Business Requirements
Tailspin Toys e-commerce site
The business has requested that security and availability of the e-commerce site is improved to meet the following requirements.
Communication between site components must be secured to stop data breaches. If servers are
breached, the data must not be readable.
The site must be highly available at each application tier, as well as the published endpoint.
Customers must be able to authenticate to the e-commerce site with their existing social media
accounts.
Tailspin Toys Customer Analyzer app
The business requires that processing time be reduced from 75-120 minutes to 5-15 minutes.
Tailspin Toys HR app
Only authorized employees and business partners are allowed to view sensitive employee data. HR has requested a mobile experience for end users.
Technical Requirements
Security
The security team has established the following requirements for role-separation and RBAC:
Log on hours defined in AD DS must be enforced for users that access cloud resources.
IT operations team members must be able to deploy and manage all resources in Azure, but must not
be able to grant permissions to others.
Application development team members must be able to deploy and manage Azure Web Apps.
SQL database administrators must be able to deploy and manage SQL databases used by TailSpin
Toys applications.
Application support analysts must be able to manage resources for the application(s) for which they are
responsible.
Service desk analysts must be able to view service status and component settings.
Role assignment should use the principle of least privilege.
Tailspin Toys e-commerce site
The application is currently using a pair of hardware load balancers behind a single published endpoint to load balance traffic. Customer data is hosted in a SQL Server 2012 database. Customer user accounts are stored in an AD DS instance.
The updated application and supporting infrastructure must:
Provide high availability in the event of failure in a single Azure SQL Database instance.
Allow secure web traffic on port 443 only.
Enable customers to authentication with Facebook, Microsoft Live ID or other social media identities.
Encrypt SQL data at-rest.
Encrypt data in motion between back-end SQL database instances and web application instances.
Prevent administrator and service accounts from viewing PII data.
Mask account and PII data presented to end user.
Minimize outage duration in event of an Azure datacenter failure.
The site should scale automatically to meet customer demand.
The site should continue to serve requests, even in the event of failure of an Azure datacenter.
Optimize site response time by auto-directing to the closest datacenter based on customer's
geographic location.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
Tailspin Toys Customer Analyzer app
The app uses several compute-intensive tasks that create long-running requests to the system, processing large amounts of data. The app runs on two large VMs that are scaled to max capacity in the corporate datacenter. The VMs cannot be scaled up or out to meet processing demands.
The new solution must meet the following requirements:
Schedule processing of a large amount of pricing data on an hourly basis.
Provide parallel processing and scale-on-demand computing resources to provide additional capacity
as required.
Processing times must meet the 5-15 minute processing requirement.
Use simultaneous compute nodes to enable high performance computing for analysis.
Minimal administrative efforts and custom development.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
Tailspin Toys HR app
The solution architecture must meet the following requirements:
Integrate with Azure Active Directory (Azure AD).
Encrypt data at rest and in-transit.
Limit access based on location, filtered by IP addresses for corporate sites and authorized business
partners.
Mask data presented to employees.
Must be available on mobile devices.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
You need to meet the data requirements for the Tailspin Toys e-commerce website.
What should you do recommend? To answer, drag the appropriate recommendations to the correct requirements. Each recommendation may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Answer:
NEW QUESTION NO: 15
You manage on-premises network and Azure virtual networks.
You need a secure private connection between the on-premises networks and the Azure virtual networks.
The connection must offer a redundant pair of cross connections to provide high availability.
What should you recommend?
A. virtual network peering
B. Azure Load Balancer
C. VPN Gateway
D. ExpressRoute
Answer: B
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
NEW QUESTION NO: 16
A company has a public-facing website that is being monitored using Microsoft Operations Management Suite (OMS). The OMS service map solution is deployed.
Customers report that the website displays error messages and is very slow to load pages each day at
04:00. The company plans to use the OMS Service Map solution to investigate the issues.
You need to recommend actions that the company should perform with OMS Service Map.
Which three actions should you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. View alerts that show critical CPU utilization.
B. Install updates to the device that hosts the website.
C. Create a backup of the web server.
D. View the device that hosts the website.
E. View the process that produced the alert.
Answer: A,D,E
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/operations-management-suite/operations-management-suite- service-map
NEW QUESTION NO: 17
This is case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answer and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Background
Security
The security team at Tailspin Toys plans to eliminate legacy authentication methods that are in use, including NTLM and Windows pass-through authentication.
Tailspin Toys needs to share resources with several business partners. You are investigating options to securely share corporate data.
Tailspin Toys has several databases that contain personally identifiable information (PII). User access PII only through the Tailspin Toys e-commerce website.
You secure apps by using on-premises Active Directory Domain Services (AD DS) credentials or Microsoft SQL Server logins.
Apps
The Tailspin Toys e-commerce site is hosted on multiple on-premises virtual machines (VMs). The VM runs either Internet Information Server (IIS) or SQL Server 2012 depending on role. The site is published to the Internet by using a single endpoint that balances the load across web servers. The site does not encrypt traffic between database servers and web servers.
The Tailspin Toys Customer Analyzer app analyzer e-commerce transactions to identify customer buying patterns, and outputs recommended product sale pricing. The app runs large processing jobs that run for
75-120 minutes several times each day. The application development team plans to replace the current solution with a parallel processing solution that scales based on computing demands.
The Tailspin Toys Human Resources (HR) app is an in-house developed app that hosts sensitive employee data. The app uses SQL authentication for Role-Based Access Control (RBAC).
Problem statement
The Tailspin Toys IT Leadership Team plans to address deficiencies in access control, data security, performance, and availability requirements. All applications must be updated to meet any new standards that are defined.
The Tailspin Toys e-commerce site was recently targeted by a cyberattack. In the attack, account information was stolen from the customer database. Transactions that were in progress during the attack were not completed. Forensic investigation of the attack has revealed that the stolen customer data was captured in-transit from the database to a compromised web server.
The HR team reports that unauthorized IT employees can view sensitive employee data by using service or application accounts.
Business Requirements
Tailspin Toys e-commerce site
The business has requested that security and availability of the e-commerce site is improved to meet the following requirements.
Communication between site components must be secured to stop data breaches. If servers are
breached, the data must not be readable.
The site must be highly available at each application tier, as well as the published endpoint.
Customers must be able to authenticate to the e-commerce site with their existing social media
accounts.
Tailspin Toys Customer Analyzer app
The business requires that processing time be reduced from 75-120 minutes to 5-15 minutes.
Tailspin Toys HR app
Only authorized employees and business partners are allowed to view sensitive employee data. HR has requested a mobile experience for end users.
Technical Requirements
Security
The security team has established the following requirements for role-separation and RBAC:
Log on hours defined in AD DS must be enforced for users that access cloud resources.
IT operations team members must be able to deploy and manage all resources in Azure, but must not
be able to grant permissions to others.
Application development team members must be able to deploy and manage Azure Web Apps.
SQL database administrators must be able to deploy and manage SQL databases used by TailSpin
Toys applications.
Application support analysts must be able to manage resources for the application(s) for which they are
responsible.
Service desk analysts must be able to view service status and component settings.
Role assignment should use the principle of least privilege.
Tailspin Toys e-commerce site
The application is currently using a pair of hardware load balancers behind a single published endpoint to load balance traffic. Customer data is hosted in a SQL Server 2012 database. Customer user accounts are stored in an AD DS instance.
The updated application and supporting infrastructure must:
Provide high availability in the event of failure in a single Azure SQL Database instance.
Allow secure web traffic on port 443 only.
Enable customers to authentication with Facebook, Microsoft Live ID or other social media identities.
Encrypt SQL data at-rest.
Encrypt data in motion between back-end SQL database instances and web application instances.
Prevent administrator and service accounts from viewing PII data.
Mask account and PII data presented to end user.
Minimize outage duration in event of an Azure datacenter failure.
The site should scale automatically to meet customer demand.
The site should continue to serve requests, even in the event of failure of an Azure datacenter.
Optimize site response time by auto-directing to the closest datacenter based on customer's
geographic location.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
Tailspin Toys Customer Analyzer app
The app uses several compute-intensive tasks that create long-running requests to the system, processing large amounts of data. The app runs on two large VMs that are scaled to max capacity in the corporate datacenter. The VMs cannot be scaled up or out to meet processing demands.
The new solution must meet the following requirements:
Schedule processing of a large amount of pricing data on an hourly basis.
Provide parallel processing and scale-on-demand computing resources to provide additional capacity
as required.
Processing times must meet the 5-15 minute processing requirement.
Use simultaneous compute nodes to enable high performance computing for analysis.
Minimal administrative efforts and custom development.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
Tailspin Toys HR app
The solution architecture must meet the following requirements:
Integrate with Azure Active Directory (Azure AD).
Encrypt data at rest and in-transit.
Limit access based on location, filtered by IP addresses for corporate sites and authorized business
partners.
Mask data presented to employees.
Must be available on mobile devices.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
You need to select an Azure compute provider for the Tailspin Toys Customer Analyzer app.
What should you use?
A. Microsoft Flow
B. Azure Logic Apps
C. Azure Web Jobs
D. Azure Batch
Answer: D
NEW QUESTION NO: 18
A company hosts a website and exposes web services on the company intranet. The intranet is secured by using a firewall. Company policies prohibit changes to firewall rules.
Devices outside the firewall must be able to access the web services.
You need to recommend an approach to enable inbound communication.
What should you recommend?
A. the Azure Access Control Service
B. Windows Azure Pack
C. the Azure WCF Relay
D. a web service in an Azure role that relays data to the internal web services
Answer: C
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/service-bus-relay/relay-what-is-it
NEW QUESTION NO: 19
HOTSPOT
You are managing the automation of your company's Azure resources.
You need to choose the appropriate tool to automate specific use cases.
Which tool should you choose for each use case? To answer, select the appropriate tool from each list in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/automation/automation-intro
https://docs.microsoft.com/en-us/azure/virtual-machines/scripts/virtual-machines-windows-powershell- sample-create-iis-using-dsc-auto
https://docs.microsoft.com/en-us/azure/automation/automation-dsc-compile
NEW QUESTION NO: 20
You use a virtual network to extend an on-premises IT environment into the cloud. The virtual network has two virtual machines (VMs) that store sensitive data.
The data must only be available using internal communication channels. Internet access to those VMs is not permitted.
You need to ensure that the VMs cannot access Internet.
Which two options should you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Azure ExpressRoute
B. network interface (NIC)
C. Source Network Address Translation (SNAT)
D. Network Security Groups (NSG)
Answer: A,D
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction
https://reticent.net.nz/prevent-internet-access-from-azure-virtual-machines/