Question 211
You have an Azure subscription that contains resources in three Azure regions.
You need to implement Azure Key Vault to meet the following requirements:
D18912E1457D5D1DDCBD40AB3BF70D5D
In the event of a regional outage, all keys must be readable.
All the resources in the subscription must be able to access Key Vault.
The number of Key Vault resources to be deployed and managed must be minimized.
How many instances of Key Vault should you implement?
You need to implement Azure Key Vault to meet the following requirements:
D18912E1457D5D1DDCBD40AB3BF70D5D
In the event of a regional outage, all keys must be readable.
All the resources in the subscription must be able to access Key Vault.
The number of Key Vault resources to be deployed and managed must be minimized.
How many instances of Key Vault should you implement?
Question 212
Your company develops a web service that is deployed to an Azure virtual machine named VM1. The web service allows an API to access real-time data from VM1.
The current virtual machine deployment is shown in the Deployment exhibit. (Click the Deployment tab).
The chief technology officer (CTO) sends you the following email message: "Our developers have deployed the web service to a virtual machine named VM1. Testing has shown that the API is accessible from VM1 and VM2. Our partners must be able to connect to the API over the Internet. Partners will use this data in applications that they develop." You deploy an Azure API Management (APIM) service. The relevant API Management configuration is shown in the API exhibit. (Click the API tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
The current virtual machine deployment is shown in the Deployment exhibit. (Click the Deployment tab).
The chief technology officer (CTO) sends you the following email message: "Our developers have deployed the web service to a virtual machine named VM1. Testing has shown that the API is accessible from VM1 and VM2. Our partners must be able to connect to the API over the Internet. Partners will use this data in applications that they develop." You deploy an Azure API Management (APIM) service. The relevant API Management configuration is shown in the API exhibit. (Click the API tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Question 213
You are designing a microservices architecture that will be hosted in an Azure Kubernetes Service (AKS) cluster. Apps that will consume the microservices will be hosted on Azure virtual machines. The virtual machines and the AKS cluster will reside on the same virtual network.
You need to design a solution to expose the microservices to the consumer apps. The solution must meet the following requirements:
* Ingress access to the microservices must be restricted to a single private IP address and protected by using mutual TLS authentication.
* The number of incoming microservice calls must be rate-limited.
* Costs must be minimized.
What should you include in the solution?
You need to design a solution to expose the microservices to the consumer apps. The solution must meet the following requirements:
* Ingress access to the microservices must be restricted to a single private IP address and protected by using mutual TLS authentication.
* The number of incoming microservice calls must be rate-limited.
* Costs must be minimized.
What should you include in the solution?
Question 214
You have an Azure web app named App1 and an Azure key vault named KV1.
App1 stores database connection strings in KV1.
App1 performs the following types of requests to KV1:
Get
List
Wrap
Delete
Unwrap
Backup
Decrypt
Encrypt
You are evaluating the continuity of service for App1.
You need to identify the following if the Azure region that hosts KV1 becomes unavailable:
To where will KV1 fail over?
During the failover, which request type will be unavailable?
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
App1 stores database connection strings in KV1.
App1 performs the following types of requests to KV1:
Get
List
Wrap
Delete
Unwrap
Backup
Decrypt
Encrypt
You are evaluating the continuity of service for App1.
You need to identify the following if the Azure region that hosts KV1 becomes unavailable:
To where will KV1 fail over?
During the failover, which request type will be unavailable?
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 215
You need to configure an Azure policy to ensure that the Azure SQL databases have TDE enabled. The solution must meet the security and compliance requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
