Question 101
Case Study 5
Requirements
Receipt processing
Concurrent processing of a receipt must be prevented.
Logging
Azure Application Insights is used for telemetry and logging in both the processor and the web application. The processor also has TraceWriter logging enabled. Application Insights must always contain all log messages.
Disaster recovery
Regional outage must not impact application availability. All DR operations must not be dependent on application running and must ensure that data in the DR region is up to date.
Security
* Users' SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins.
* All certificates and secrets used to secure data must be stored in Azure Key Vault.
* You must adhere to the principle of least privilege and provide privileges which are essential to perform the intended function.
* All access to Azure Storage and Azure SQL database must use the application's Managed Service Identity (MSI)
* Receipt data must always be encrypted at rest.
* All data must be protected in transit
* User's expense account number must be visible only to logged in users. All other views of the expense account number should include only the last segment, with the remaining parts obscured.
* In the case of a security breach access to all summary reports must be revoked without impacting other parts of the system.
Issues
Upload format issue
Employees occasionally report an issue with uploading a receipt using the web application. They report that when they upload a receipt using the Azure File Share, the receipt does not appear in their profile. When this occurs, they delete the file in the file share and use the web application, which returns a 500 Internal Server error page.
Capacity issue
During busy periods, employees report long delays between the time they upload the receipt and when it appears in the web application.
Log capacity issue
Developers report that the number of log message in the trace output for the processor is too high, resulting in lost log messages.
Application code
Processing.cs
Database.cs
ReceiptUploader.cs
ConfigureSSE.ps1
Hotspot Question
You need to configure retries in the LoadUserDetails function in the Database class without impacting user experience.
What code should you insert on line DB07?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Requirements
Receipt processing
Concurrent processing of a receipt must be prevented.
Logging
Azure Application Insights is used for telemetry and logging in both the processor and the web application. The processor also has TraceWriter logging enabled. Application Insights must always contain all log messages.
Disaster recovery
Regional outage must not impact application availability. All DR operations must not be dependent on application running and must ensure that data in the DR region is up to date.
Security
* Users' SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins.
* All certificates and secrets used to secure data must be stored in Azure Key Vault.
* You must adhere to the principle of least privilege and provide privileges which are essential to perform the intended function.
* All access to Azure Storage and Azure SQL database must use the application's Managed Service Identity (MSI)
* Receipt data must always be encrypted at rest.
* All data must be protected in transit
* User's expense account number must be visible only to logged in users. All other views of the expense account number should include only the last segment, with the remaining parts obscured.
* In the case of a security breach access to all summary reports must be revoked without impacting other parts of the system.
Issues
Upload format issue
Employees occasionally report an issue with uploading a receipt using the web application. They report that when they upload a receipt using the Azure File Share, the receipt does not appear in their profile. When this occurs, they delete the file in the file share and use the web application, which returns a 500 Internal Server error page.
Capacity issue
During busy periods, employees report long delays between the time they upload the receipt and when it appears in the web application.
Log capacity issue
Developers report that the number of log message in the trace output for the processor is too high, resulting in lost log messages.
Application code
Processing.cs
Database.cs
ReceiptUploader.cs
ConfigureSSE.ps1
Hotspot Question
You need to configure retries in the LoadUserDetails function in the Database class without impacting user experience.
What code should you insert on line DB07?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 102
Case Study 2
Requirements
ContentAnalysisService
The company's data science group built ContentAnalysisService which accepts user generated content as a string and returns a probable value for inappropriate content. Any values over a specific threshold must be reviewed by an employee of Contoso, Ltd.
You must create an Azure Function named CheckUserContent to perform the content checks.
Costs
You must minimize costs for all Azure services.
Manual review
To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role. All completed reviews must include the reviewer's email address for auditing purposes.
High availability
All services must run in multiple regions. The failure of any service in a region must not impact overall application availability.
Monitoring
An alert must be raised if the ContentUploadService uses more than 80 percent of available CPU-cores.
Security
You have the following security requirements:
* Any web service accessible over the Internet must be protected from cross site scripting attacks.
* All websites and services must use SSL from a valid root certificate authority.
* Azure Storage access keys must only be stored in memory and must be available only to the service.
* All Internal services must only be accessible from Internal Virtual Networks (VNets)
* All parts of the system must support inbound and outbound traffic restrictions.
* All service calls must be authenticated by using Azure AD.
User agreements
When a user submits content, they must agree to a user agreement. The agreement allows employees of Contoso.Ltd to review content, store cookies on user devices and track user's IP addresses.
Information regarding agreements is used by multiple divisions within Contoso, Ltd.
User responses must not be lost and must be available to all parties regardless of individual service uptime. The volume of agreements is expected to be in the millions per hour.
Validation testing
When a new version of the ContentAnalysisService is available the previous seven days of content must be processed with the new version to verify that the new version does not significantly deviate from the old version.
Issues
Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.
Code
ContentUploadService
You need to configure the ContentUploadService deployment.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Requirements
ContentAnalysisService
The company's data science group built ContentAnalysisService which accepts user generated content as a string and returns a probable value for inappropriate content. Any values over a specific threshold must be reviewed by an employee of Contoso, Ltd.
You must create an Azure Function named CheckUserContent to perform the content checks.
Costs
You must minimize costs for all Azure services.
Manual review
To review content, the user must authenticate to the website portion of the ContentAnalysisService using their Azure AD credentials. The website is built using React and all pages and API endpoints require authentication. In order to review content a user must be part of a ContentReviewer role. All completed reviews must include the reviewer's email address for auditing purposes.
High availability
All services must run in multiple regions. The failure of any service in a region must not impact overall application availability.
Monitoring
An alert must be raised if the ContentUploadService uses more than 80 percent of available CPU-cores.
Security
You have the following security requirements:
* Any web service accessible over the Internet must be protected from cross site scripting attacks.
* All websites and services must use SSL from a valid root certificate authority.
* Azure Storage access keys must only be stored in memory and must be available only to the service.
* All Internal services must only be accessible from Internal Virtual Networks (VNets)
* All parts of the system must support inbound and outbound traffic restrictions.
* All service calls must be authenticated by using Azure AD.
User agreements
When a user submits content, they must agree to a user agreement. The agreement allows employees of Contoso.Ltd to review content, store cookies on user devices and track user's IP addresses.
Information regarding agreements is used by multiple divisions within Contoso, Ltd.
User responses must not be lost and must be available to all parties regardless of individual service uptime. The volume of agreements is expected to be in the millions per hour.
Validation testing
When a new version of the ContentAnalysisService is available the previous seven days of content must be processed with the new version to verify that the new version does not significantly deviate from the old version.
Issues
Users of the ContentUploadService report that they occasionally see HTTP 502 responses on specific pages.
Code
ContentUploadService
You need to configure the ContentUploadService deployment.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Question 103
Hotspot Question
You are developing a ticket reservation system for an airline.
The storage solution for the application must meet the following requirements:
- Ensure at least 99.99% availability and provide low latency.
- Accept reservations event when localized network outages or other
unforeseen failures occur.
- Process reservations in the exact sequence as reservations are
submitted to minimize overbooking or selling the same seat to multiple
travelers.
- Allow simultaneous and out-of-order reservations with a maximum five- second tolerance window.
You provision a resource group named airlineResourceGroup in the Azure South-Central US region.
You need to provision a SQL SPI Cosmos DB account to support the app.
How should you complete the Azure CLI commands? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You are developing a ticket reservation system for an airline.
The storage solution for the application must meet the following requirements:
- Ensure at least 99.99% availability and provide low latency.
- Accept reservations event when localized network outages or other
unforeseen failures occur.
- Process reservations in the exact sequence as reservations are
submitted to minimize overbooking or selling the same seat to multiple
travelers.
- Allow simultaneous and out-of-order reservations with a maximum five- second tolerance window.
You provision a resource group named airlineResourceGroup in the Azure South-Central US region.
You need to provision a SQL SPI Cosmos DB account to support the app.
How should you complete the Azure CLI commands? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 104
You need to resolve the capacity issue.
What should you do?
What should you do?
Question 105
You have an Azure Batch project that processes and converts files and stores the files in Azure storage. You are developing a function to start the batch job.
You add the following parameters to the function.
You must ensure that converted files are placed in the container referenced by the outputContainerSasUrl parameter. Files which fail to convert are places in the container referenced by the failedContainerSasUrl parameter.
You need to ensure the files are correctly processed.
How should you complete the code segment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You add the following parameters to the function.
You must ensure that converted files are placed in the container referenced by the outputContainerSasUrl parameter. Files which fail to convert are places in the container referenced by the failedContainerSasUrl parameter.
You need to ensure the files are correctly processed.
How should you complete the code segment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
