Question 151
Open question ↗You develop a web app that interacts with Azure Active Directory (Azure AD) groups by using Microsoft Graph.
You build a web page that shows all Azure AD groups that are not of the type 'Unified'.
You need to build the Microsoft Graph query for the page.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 152
Open question ↗You are developing an Azure solution.
You need to develop code to access a secret stored in Azure Key Vault.
How should you complete the code segment? To answer, drag the appropriate code segments to the correct location. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Question 153
Open question ↗You are a developer building a web site using a web app. The web site stores configuration data in Azure App Configuration.
Access to Azure App Configuration has been configured to use the identity of the web app for authentication. Security requirements specify that no other authentication systems must be used.
You need to load configuration data from Azure App Configuration.
How should you complete the code? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 154
Open question ↗You are developing several microservices to deploy to a new Azure Kubernetes Service cluster. The microservices manage data stored in Azure Cosmos DB and Azure Blob storage. The data is secured by using customer-managed keys stored in Azure Key Vault.
You must automate key rotation for all Azure Key Vault keys and allow for manual key rotation. Keys must rotate every three months. Notifications of expiring keys must be sent before key expiry.
You need to configure key rotation and enable key expiry notifications.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Question 155
Open question ↗You are developing several Azure API Management (APIM) hosted APIs.
You must transform the APIs to hide private backend information and obscure the technology stack used to implement the backend processing.
You need to protect all APIs.
What should you do?
Question 156
Open question ↗You develop a containerized application. The application must be deployed to an existing Azure Kubernetes Service (AKS) cluster from an Azure Container Registry (ACR) instance. You use the Azure command-line interface (Azure CLI) to deploy the application image to AKS.
Images must be pulled from the registry. You must be able to view all registries within the current Azure subscription. Authentication must be managed by Microsoft Entra ID and removed when the registry is deleted. The solution must use the principle of least privilege.
You need to configure authentication to the registry.
Which authentication configuration should you use? To answer, select the appropriate configuration values in the answer area,
NOTE: Each correct selection is worth one point.
Question 157
Open question ↗Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Background
Munson’s Pickles and Preserves Farm is an agricultural cooperative corporation based in Washington, US, with farms located across the United States. The company supports agricultural production resources by distributing seeds fertilizers, chemicals, fuel, and farm machinery to the farms.
Current Environment
The company is migrating all applications from an on-premises datacenter to Microsoft Azure. Applications support distributors, farmers, and internal company staff.
Corporate website
• The company hosts a public website located at http://www.munsonspicklesandpreservesfarm.com. The site supports farmers and distributors who request agricultural production resources.
Farms
• The company created a new customer tenant in the Microsoft Entra admin center to support authentication and authorization for applications.
Distributors
• Distributors integrate their applications with data that is accessible by using APIs hosted at http://www.munsonspicklesandpreservesfarm.com/api to receive and update resource data.
Requirements
The application components must meet the following requirements:
Corporate website
• The site must be migrated to Azure App Service.
• Costs must be minimized when hosting in Azure.
• Applications must automatically scale independent of the compute resources.
• All code changes must be validated by internal staff before release to production.
• File transfer speeds must improve, and webpage-load performance must increase.
• All site settings must be centrally stored, secured without using secrets, and encrypted at rest and in transit.
• A queue-based load leveling pattern must be implemented by using Azure Service Bus queues to support high volumes of website agricultural production resource requests.
Farms
• Farmers must authenticate to applications by using Microsoft Entra ID.
Distributors
• The company must track a custom telemetry value with each API call and monitor performance of all APIs.
• API telemetry values must be charted to evaluate variations and trends for resource data.
Internal staff
• App and API updates must be validated before release to production.
• Staff must be able to select a link to direct them back to the production app when validating an app or API update.
• Staff profile photos and email must be displayed on the website once they authenticate to applications by using their Microsoft Entra ID.
Security
• All web communications must be secured by using TLS/HTTPS.
• Web content must be restricted by country/region to support corporate compliance standards.
• The principle of least privilege must be applied when providing any user rights or process access rights.
• Managed identities for Azure resources must be used to authenticate services that support Microsoft Entra ID authentication.
Issues
Corporate website
• Farmers report HTTP 503 errors at the same time as internal staff report that CPU and memory usage are high.
• Distributors report HTTP 502 errors at the same time as internal staff report that average response times and networking traffic are high.
• Internal staff report webpage load sizes are large and take a long time to load.
• Developers receive authentication errors to Service Bus when they debug locally.
Distributors
• Many API telemetry values are sent in a short period of time. Telemetry traffic, data costs, and storage costs must be reduced while preserving a statistically correct analysis of the data points sent by the APIs.
You need to secure the corporate website to meet the security requirements.
What should you do?
Question 158
Open question ↗A company has an Azure storage static website with a custom domain name.
The company informs you that unauthorized users from a different country/region are accessing the website. The company provides the following requirements for the static website:
• Unauthorized users must not be able to access the website.
• Users must be able to access the website using the HTTPS protocol.
You need to implement the changes to the static website.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 159
Open question ↗You are developing a Microsoft Entra ID integrated app that interacts with Microsoft Graph.
You must allow GET operations to receive unknown members that might be defined in the future in Microsoft Graph API. You plan to include support for evolvable enumerations in the app.
You need to specify the HTTP request header that will provide the evolvable enumerations support in the app.
Which header should you specify?
Question 160
Open question ↗Case study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Background
Fourth Coffee is a global coffeehouse chain and coffee company recognized as one of the world’s most influential coffee brands. The company is renowned for its specialty coffee beverages, including a wide range of espresso-based drinks, teas, and other beverages. Fourth Coffee operates thousands of stores worldwide.
Current environment
The company is developing cloud-native applications hosted in Azure.
Corporate website
The company hosts a public website located at http://www.fourthcoffee.com/. The website is used to place orders as well as view and update inventory items.
Inventory items
In addition to its core coffee offerings, Fourth Coffee recently expanded its menu to include inventory items such as lunch items, snacks, and merchandise. Corporate team members constantly update inventory. Users can customize items. Corporate team members configure inventory items and associated images on the website.
Orders
Associates in the store serve customized beverages and items to customers. Orders are placed on the website for pickup.
The application components process data as follows:
1. Azure Traffic Manager routes a user order request to the corporate website hosted in Azure App Service.
2. Azure Content Delivery Network serves static images and content to the user.
3. The user signs in to the application through a Microsoft Entra ID for customers tenant.
4. Users search for items and place an order on the website as item images are pulled from Azure Blob Storage.
5. Item customizations are placed in an Azure Service Bus queue message.
6. Azure Functions processes item customizations and saves the customized items to Azure Cosmos DB.
7. The website saves order details to Azure SQL Database.
8. SQL Database query results are cached in Azure Cache for Redis to improve performance.
The application consists of the following Azure services:
Requirements
The application components must meet the following requirements:
• Azure Cosmos DB development must use a native API that receives the latest updates and stores data in a document format.
• Costs must be minimized for all Azure services.
• Developers must test Azure Blob Storage integrations locally before deployment to Azure. Testing must support the latest versions of the Azure Storage APIs.
Corporate website
• User authentication and authorization must allow one-time passcode sign-in methods and social identity providers (Google or Facebook).
• Static web content must be stored closest to end users to reduce network latency.
Inventory items
• Customized items read from Azure Cosmos DB must maximize throughput while ensuring data is accurate for the current user on the website.
• Processing of inventory item updates must automatically scale and enable updates across an entire Azure Cosmos DB container.
• Inventory items must be processed in the order they were placed in the queue.
• Inventory item images must be stored as JPEG files in their native format to include exchangeable image file format (data) stored with the blob data upon upload of the image file.
• The Inventory Items API must securely access the Azure Cosmos DB data.
Orders
• Orders must receive inventory item changes automatically after inventory items are updated or saved.
Issues
• Developers are storing the Azure Cosmos DB credentials in an insecure clear text manner within the Inventory Items API code.
• Production Azure Cache for Redis maintenance has negatively affected application performance.
You need to securely access inventory items when developing the Inventory Items API.
What are three possible ways to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
