You have an application that is used by 6,000 users to validate their vacation requests. The application manages its own credential
Users must enter a username and password to access the application. The application does NOT support identity providers.
You plan to upgrade the application to use single sign-on (SSO) authentication by using an Azure Active Directory (Azure AD) application registration.
Which SSO method should you use?
You have an Azure App Service web app that uses a system-assigned managed identity.
You need to recommend a solution to store their settings of the web app as secrets in an Azure key vault The solution must meet the following requirements:
• Minimize changes to the app code,
• Use the principle of least privilege.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.
Your company, named Contoso, Ltd., has a Microsoft Entra tenant named contoso.com that uses Privileged Identity Management (PIM) and is linked to an Azure subscription named Sub1.
You use Azure Backup to back up all the resources in Sub1 to a Recovery Services vault named Vault1.
An external company named Fabrikam, Inc. provides security management services to Contoso. Fabrikam has a Microsoft Entra tenant named fabrikam.com and an Azure subscription.
You need to prevent a compromised administrator account in contoso.com from modifying backup policies in and deleting backups from Sub1.
Solution: In Vault 1, you generate a security PIN for critical operations.
Does this meet the goal?
Your company plans to deploy various Azure App Service instances that will use Azure SQL databases. The App Service instances will be deployed at the same time as the Azure SQL
databases.
The company has a regulatory requirement to deploy the App Service instances only to specific Azure regions. The resources for the App Service instances must reside in the same region.
You need to recommend a solution to meet the regulatory requirement.
Solution: You recommend using an Azure policy to enforce the location of resource groups.
Does this meet the goal?
You ate designing a SQL database solution. The solution will include 20 databases that will be 20 GB each and have varying usage patterns. You need to recommend a database platform to host the databases. The solution must meet the following requirements:
• The compute resources allocated to the databases must scale dynamically.
• The solution must meet an SLA of 99.99% uptime.
• The solution must have reserved capacity.
• Compute charges must be minimized.
What should you include in the recommendation?
You have an Azure subscription that contains 50 Azure SQL databases.
You create an Azure Resource Manager (ARM) template named. Template1 that enables Transparent Data Encryption (TDE).
You need to create an Azure Policy definition named Policy1 that will use Template1 to enable IDE for any noncompliant Azure SQL databases.
How should you configure Policy 1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have five .NET Core applications that run on 10 Azure virtual machines in the same subscription.
You need to recommend a solution to ensure that the applications can authenticate by using the same Azure Active Directory (Azure AD) identity. The solution must meet the following requirements:
Ensure that the applications can authenticate only when running on the 10 virtual machines.
Minimize administrative effort.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have 12 on-premises data sources that contain customer information and consist of Microsoft SQL Server, MySQL, and Oracle databases.
You have an Azure subscription.
You plan to create an Azure Data Lake Storage account that will consolidate the customer information for analysis and reporting.
You need to recommend a solution to automatically copy new information from the data sources to the Data Lake Storage account by using extract, transform and load (ETL). The solution must minimize administrative effort.
What should you include in the recommendation?
You have an Azure AD tenant.
You plan to deploy Azure Cosmos DB databases that will use the SQL API.
You need to recommend a solution to provide specific Azure AD user accounts with read access to the Cosmos DB databases.
What should you include in the recommendation?
You need to deploy resources to host a stateless web app in an Azure subscription. The solution must meet the following requirements:
• Provide access to the full .NET framework.
• Provide redundancy if an Azure region fails.
• Grant administrators access to the operating system to install custom application dependencies.
Solution: You deploy an Azure virtual machine to two Azure regions, and you deploy an Azure Application Gateway.
Does this meet the goal?
