70-354 Exam
Tips to Pass 70-354 Exam (11 to 20)
Guaranteed of 70-354 free question materials and pack for Microsoft certification for IT candidates, Real Success Guaranteed with Updated 70-354 pdf dumps vce Materials. 100% PASS Universal Windows Platform – App Architecture and UX/UI exam Today!
2021 Jan 70-354 test question
Q11. - (Topic 6)
You are the administrator for a company named Contoso, Ltd.
Contoso also has an Azure subscription and uses many on-premises Active Directory products as roles in Windows Server including the following:
Active Directory Domain Services (AD DS)
Active Directory Certificate Services (AD CS)
Active Directory Rights Management Services (AD RMS)
Active Directory Lightweight Directory Services (AD LDS)
Active Directory Federation Services (AD FS).
Contoso must use the directory management services available in Azure Active Directory.
You need to provide information to Contoso on the similarities and differences between Azure Active Directory and the Windows Server Active Directory family of services.
Which feature does Azure Active Directory and on-premises Active Directory both support?
A. Using the GraphAPI to query the directory
B. Issuing user certificates
C. Supporting single sign-on (SSO)
D. Querying the directory with LDAP
Answer: C
Explanation: AD FS supports Web single-sign-on (SSO) technologies, and so does Azure
Active Directory.
If you want single sign on we usually suggest using ADFS if you’re a Windows shop. Going
forward though, Azure Active Directory is another alternative you can use.
Reference: Using Azure Active Directory for Single Sign On with Yammer
https://samlman.wordpress.com/2015/03/02/using-azure-active-directory-for-single-sign-on-with-yammer/
Q12. DRAG DROP - (Topic 3)
You need to recommend network connectivity solutions for the experimental applications.
What should you recommend? To answer, drag the appropriate solution to the correct network connection requirements. Each solution may be used once, more than once, or not
at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Topic 4, Lucerne Publishing
Background
Overview
Lucerne Publishing creates, stores, and delivers online media for advertising companies.
This media is streamed to computers by using the web, and to mobile devices around the world by using native applications. The company currently supports the iOS, Android, and Windows Phone 8.1 platform.
Lucerne Publishing uses proprietary software to manage its media workflow. This software has reached the end of its lifecycle. The company plans to move its media workflows to the cloud. Lucerne Publishing provides access to its customers, who are third-party companies, so that they can download, upload, search, and index media that is stored on
Lucerne Publishing servers.
Apps and Applications
Lucerne Publishing develops the applications that customers use to deliver media. The company currently provides the following media delivery applications:
Lucerne Media W - a web application that delivers media by using any browser
Lucerne Media M - a mobile app that delivers media by using Windows Phone 8.1
Lucerne Media A - a mobile app that delivers media by using an iOS device
Lucerne Media N - a mobile app that delivers media by using an Android device
Lucerne Media D - a desktop client application that customer's install on their local computer
Business Requirements
Lucerne Publishing's customers and their consumers have the following requirements:
Access to media must be time-constricted once media is delivered to a consumer.
The time required to download media to mobile devices must be minimized.
Customers must have 24-hour access to media downloads regardless of their location or time zone.
Lucerne Publishing must be able to monitor the performance and usage of its customer-facing app.
Lucerne Publishing wants to make its asset catalog searchable without requiring a database redesign.
Customers must be able to access all data by using a web application. They must also be able to access data by using a mobile app that is provided by Lucerne
Publishing.
Customers must be able to search for media assets by key words and media type.
Lucerne Publishing wants to move the asset catalog database to the cloud without formatting the source data.
Other Requirements
Development
Code and current development documents must be backed up at all times. All solutions must be automatically built and deployed to Azure when code is checked in to source control.
Network Optimization
Lucerne Publishing has a .NET web application that runs on Azure. The web application analyzes storage and the distribution of its media assets. It needs to monitor the utilization of the web application. Ultimately, Lucerne Publishing hopes to cut its costs by reducing data replication without sacrificing its quality of service to its customers. The solution has the following requirements:
Optimize the storage location and amount of duplication of media.
Vary several parameters including the number of data nodes and the distance from node to customers.
Minimize network bandwidth.
Lucerne Publishing wants be notified of exceptions in the web application.
Technical Requirements
Data Mining
Lucerne Publishing constantly mines its data to identify customer patterns. The company plans to replace the existing on-premises cluster with a cloud-based solution. Lucerne Publishing has the following requirements:
Virtual machines:
The data mining solution must support the use of hundreds to thousands of processing cores.
Minimize the number of virtual machines by using more powerful virtual machines.
Each virtual machine must always have eight or more processor cores available.
Allow the number of processor cores dedicated to an analysis to grow and shrink automatically based on the demand of the analysis.
Virtual machines must use remote memory direct access to improve performance.
Task scheduling:
The solution must automatically schedule jobs. The scheduler must distribute the jobs based on the demand and available resources.
Data analysis results:
The solution must provide a web service that allows applications to access the results of analyses.
Other Requirements
Feature Support
Ad copy data must be searchable in full text.
Ad copy data must indexed to optimize search speed.
Media metadata must be stored in Azure Table storage.
Media files must be stored in Azure BLOB storage.
The customer-facing website must have access to all ad copy and media.
The customer-facing website must automatically scale and replicate to locations around the world.
Media and data must be replicated around the world to decrease the latency of data transfers.
Media uploads must have fast data transfer rates (low latency) without the need to upload the data offline.
Security
Customer access must be managed by using Active Directory.
Media files must be encrypted by using the PlayReady encryption method.
Customers must be able to upload media quickly and securely over a private connection with no opportunity for internet snooping.
19. HOTSPOT - (Topic 4)
The company has two corporate offices. Customers will access the websites from datacenters around the world.
You need to architect the global website strategy to meet the business requirements. Use the drop-down menus to select the answer choice that answers each question.
Answer:
Q13. - (Topic 6)
You are designing an Azure web application that includes many static content files.
The application is accessed from locations all over the world by using a custom domain name.
You need to recommend an approach for providing access to the static content with the least amount of latency.
Which two actions should you recommend? Each correct answer presents part of the solution.
A. Place the static content in Azure Table storage.
B. Configure a CNAME DNS record for the Azure Content Delivery Network (CDN) domain.
C. Place the static content in Azure Blob storage.
D. Configure a custom domain name that is an alias for the Azure Storage domain.
Answer: B,C
Explanation: B: There are two ways to map your custom domain to a CDN endpoint.
1.
Create a CNAME record with your domain registrar and map your custom domain and subdomain to the CDN endpoint
2.
Add an intermediate registration step with Azure cdnverify
C: The Azure Content Delivery Network (CDN) offers developers a global solution for delivering high-bandwidth content by caching blobs and static content of compute instances at physical nodes in the United States, Europe, Asia, Australia and South America. The benefits of using CDN to cache Azure data include: / Better performance and user experience for end users who are far from a content source, and are using applications where many 'internet trips' are required to load content / Large distributed scale to better handle instantaneous high load, say, at the start of an event such as a product launch
Reference: Using CDN for Azure https://azure.microsoft.com/en-gb/documentation/articles/cdn-how-to-use/
Reference: How to map Custom Domain to Content Delivery Network (CDN) endpoint
https://github.com/Azure/azure-content/blob/master/articles/cdn-map-content-to-custom-domain.md
https://github.com/Azure/azure-content/blob/master/articles/cdn-map-content-to-custom-domain.md
Q14. - (Topic 6)
You are designing a solution that will interact with non-Windows applications over unreliable network connections. You have a security token for each non-Windows application.
You need to ensure that non-Windows applications retrieve messages from the solution.
Where should you retrieve messages?
A. An Azure Queue
B. The Azure Service Bus Queue
C. An Azure blob storage container that has a private access policy
D. Azure Table storage
Answer: B
Explanation: Any Microsoft or non-Microsoft applications can use a Service Bus REST
API to manage and access messaging entities over HTTPS.
By using REST applications based on non-Microsoft technologies (e.g. Java, Ruby, etc.)
are allowed not only to send and receive messages from the Service Bus, but also to
create or delete queues, topics and subscription in a given namespace.
: Service Bus Explorer
https://code.msdn.microsoft.com/windowsazure/service-bus-explorer-f2abca5a
Q15. - (Topic 6)
You are designing a distributed application for Azure.
The application must securely integrate with on-premises servers.
You need to recommend a method of enabling Internet Protocol security (IPsec)-protected
connections between on-premises servers and the distributed application.
What should you recommend?
A. Azure Access Control
B. Azure Content Delivery Network (CDN)
C. Azure Service Bus
D. Azure Site-to-Site VPN
Answer: D
Explanation: IPsec can be used on Azure Site-to-Site VPN connections. Distributed applications can used the IPSec VPN connections to communicate.
Reference: About Virtual Network Secure Cross-Premises Connectivity
https://msdn.microsoft.com/en-us/library/azure/dn133798.aspx
Updated 70-354 practice test:
Q16. DRAG DROP - (Topic 6)
You have a website that displays text, pictures, video files, and audio files. The website processes requests from countries and regions all over the world. You plan to migrate the website to the Azure platform.
The website has the following requirements:
. Encode, store, and stream audio and video at scale. . Load-balance communications with the website instance that is closest to the user's location. . Deliver content with high-bandwidth and low latency.
You need to recommend the technologies to implement the solution.
Which technologies should you recommend? To answer, drag the appropriate technology to the correct requirement. Each technology may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q17. - (Topic 1)
You need to assign permissions for the Virtual Machine workloads that you migrate to Azure.
The solution must use the principal of least privileges.
What should you do?
A. Create all VMs in the cloud service named Groupl and then connect to the Azure
subscription. Run the following Windows PowerShell command:
New-AzureRoleAssignment -Mail user1@vanarsdelltd.com -RoleDefinitionName
Contributor -ResourceGroupName group1
B. In the Azure portal, select an individual virtual machine and add an owner.
C. In the Azure portal, assign read permission to the user at the subscription level.
D. Create each VM in a separate cloud service and then connect to the Azure subscription.
Run the following Windows PowerShell command:
Get-AzureVM | New-AzureRoleAssignment -Mail userl@vanarsdelltd.com -
RoleDefinitionName Contributor
Answer: A
Explanation: * Scenario: Permissions must be assigned by using Role Based Access Control (RBAC).
* Role-Based access control (RBAC) in the Azure Portal and Azure Resource Management API allows you to manage access to your subscription at a fine-grained level. With this feature, you can grant access for Active Directory users, groups, or service principals by assigning some roles to them at a particular scope.
Create a role assignment
Use New-AzureRoleAssignment to create a role assignment.
Example: This will create a role assignment for a group at a resource group level.
PS C:\> New-AzureRoleAssignment -ObjectID <group object ID> -RoleDefinitionName
Reader -ResourceGroupName group1
Reference: Managing Role-Based Access Control with Windows PowerShell
https://azure.microsoft.com/en-gb/documentation/articles/role-based-access-control-powershell/
Q18. DRAG DROP - (Topic 5)
You need to provide a data access solution for the NorthRide app.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Q19. - (Topic 1)
You need to recommend a solution that allows partners to authenticate.
Which solution should you recommend?
A. Configure the federation provider to trust social identity providers.
B. Configure the federation provider to use the Azure Access Control service.
C. Create a new directory in Azure Active Directory and create a user account for the partner.
D. Create an account on the VanArsdel domain for the partner and send an email message that contains the password to the partner.
Answer: B
Explanation: * Scenario: The partners all use Hotmail.com email addresses.
* In Microsoft Azure Active Directory Access Control (also known as Access Control Service or ACS), an identity provider is a service that authenticates user or client identities and issues security tokens that ACS consumes. The ACS Management Portal provides built-in support for configuring Windows Live ID as an ACS Identity Provider.
Incorrect:
Not C, not D: Scenario: VanArsdel management does NOT want to create and manage
user accounts for partners.
Reference: Identity Providers
https://msdn.microsoft.com/en-us/library/azure/gg185971.aspx
Topic 2, Trey Research
Background
Overview
Trey Research conducts agricultural research and sells the results to the agriculture and food industries. The company uses a combination of on-premises and third-party server clusters to meet its storage needs. Trey Research has seasonal demands on its services, with up to 50 percent drops in data capacity and bandwidth demand during low-demand periods. They plan to host their websites in an agile, cloud environment where the company can deploy and remove its websites based on its business requirements rather than the requirements of the hosting company.
A recent fire near the datacenter that Trey Research uses raises the management team's awareness of the vulnerability of hosting all of the company's websites and data at any single location. The management team is concerned about protecting its data from loss as a result of a disaster.
Websites
Trey Research has a portfolio of 300 websites and associated background processes that are currently hosted in a third-party datacenter. All of the websites are written in ASP.NET, and the background processes use Windows Services. The hosting environment costs Trey Research approximately S25 million in hosting and maintenance fees.
Infrastructure
Trey Research also has on-premises servers that run VMs to support line-of-business applications. The company wants to migrate the line-of-business applications to the cloud, one application at a time. The company is migrating most of its production VMs from an aging VMWare ESXi farm to a Hyper-V cluster that runs on Windows Server 2012.
Applications
DistributionTracking
Trey Research has a web application named Distributiontracking. This application constantly collects realtime data that tracks worldwide distribution points to customer retail sites. This data is available to customers at all times.
The company wants to ensure that the distribution tracking data is stored at a location that is geographically close to the customers who will be using the information. The system must continue running in the event of VM failures without corrupting data. The system is processor intensive and should be run in a multithreading environment.
HRApp
The company has a human resources (HR) application named HRApp that stores data in an on-premises SQL Server database. The database must have at least two copies, but data to support backups and business continuity must stay in Trey Research locations only.
The data must remain on-premises and cannot be stored in the cloud.
HRApp was written by a third party, and the code cannot be modified. The human resources data is used by all business offices, and each office requires access to the entire database. Users report that HRApp takes all night to generate the required payroll reports, and they would like to reduce this time.
MetricsTracking
Trey Research has an application named MetricsTracking that is used to track analytics for the DistributionTracking web application. The data MetricsTracking collects is not customer-facing. Data is stored on an on-premises SQL Server database, but this data should be moved to the cloud. Employees at other locations access this data by using a remote desktop connection to connect to the application, but latency issues degrade the functionality.
Trey Research wants a solution that allows remote employees to access metrics data without using a remote desktop connection. MetricsTracking was written in-house, and the development team is available to make modifications to the application if necessary.
However, the company wants to continue to use SQL Server for MetricsTracking.
Business Requirements
Business Continuity
You have the following requirements:
Move all customer-facing data to the cloud.
Web servers should be backed up to geographically separate locations,
If one website becomes unavailable, customers should automatically be routed to websites that are still operational.
Data must be available regardless of the operational status of any particular website.
The HRApp system must remain on-premises and must be backed up.
The MetricsTracking data must be replicated so that it is locally available to all Trey Research offices.
Auditing and Security
You have the following requirements:
Both internal and external consumers should be able to access research results.
Internal users should be able to access data by using their existing company credentials without requiring multiple logins.
Consumers should be able to access the service by using their Microsoft credentials.
Applications written to access the data must be authenticated.
Access and activity must be monitored and audited.
Ensure the security and integrity of the data collected from the worldwide distribution points for the distribution tracking application.
Storage and Processing
You have the following requirements:
Provide real-time analysis of distribution tracking data by geographic location.
Collect and store large datasets in real-time data for customer use.
Locate the distribution tracking data as close to the central office as possible to improve bandwidth.
Co-locate the distribution tracking data as close to the customer as possible based on the customer's location.
Distribution tracking data must be stored in the JSON format and indexed by metadata that is stored in a SQL Server database.
Data in the cloud must be stored in geographically separate locations, but kept with the same political boundaries.
Technical Requirements
Migration
You have the following requirements:
Deploy all websites to Azure.
Replace on-premises and third-party physical server clusters with cloud-based solutions.
Optimize the speed for retrieving exiting JSON objects that contain the distribution tracking data.
Recommend strategies for partitioning data for load balancing.
Auditing and Security
You have the following requirements:
Use Active Directory for internal and external authentication.
Use OAuth for application authentication.
Business Continuity
You have the following requirements:
Data must be backed up to separate geographic locations.
Web servers must run concurrent versions of all websites in distinct geographic locations.
Use Azure to back up the on-premises MetricsTracking data.
Use Azure virtual machines as a recovery platform for MetricsTracking and HRApp.
Ensure that there is at least one additional on-premises recovery environment for the HRApp.
9. DRAG DROP - (Topic 2)
You need to ensure that customer data is secured both in transit and at rest.
Which technologies should you recommend? To answer, drag the appropriate technology to the correct security requirement. Each technology may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q20. - (Topic 5)
You need to recommend a technology for processing customer pickup requests.
Which technology should you recommend?
A. Notification hub
B. Queue messaging
C. Mobile Service with push notifications
D. Service Bus messaging
Answer: D
Explanation: Service Bus queues are part of a broader Azure messaging infrastructure
that supports queuing as well as publish/subscribe, Web service remoting, and integration
patterns.
Service Bus Queue support Push-style API (while Azure Queue messaging does not).
Incorrect:
Not A: Notification Hub is only used to push notification, not for processing requests.
Not B As a solution architect/developer, you should consider using Azure Queues when:
*
Your application must store over 80 GB of messages in a queue, where the messages have a lifetime shorter than 7 days.
*
Your application wants to track progress for processing a message inside of the queue. This is useful if the worker processing a message crashes. A subsequent worker can then use that information to continue from where the prior worker left off.
You require server side logs of all of the transactions executed against your queues.
Not C: To process the messages we do not need push notification.
Reference: Azure Queues and Service Bus Queues - Compared and Contrasted
https://msdn.microsoft.com/en-us/library/azure/hh767287.aspx
Topic 6, Mix Questions
31. - (Topic 6)
Contoso, Ltd., uses Azure websites for public-facing customer websites. The company has a mobile app that requires customers sign in by using a Contoso customer account.
Customers must be able to sign on to the websites and mobile app by using a Microsoft, Facebook, or Google account. All transactions must be secured in-transit regardless of device.
You need to configure the websites and mobile app to work with external identity providers.
Which three actions should you perform? Each correct answer presents part of the solution.
A. Request a certificate from a domain registrar for the website URL, and enable TLS/SSL.
B. Configure IPsec for the websites and the mobile app.
C. Configure the KerberosTokenProfile 1.1 protocol.
D. Configure OAuth2 to connect to an external authentication provider.
E. Build an app by using MVC 5 that is hosted in Azure to provide a framework for the underlying authentication.
Answer: A,D,E
Explanation: DE: This tutorial shows you how to build an ASP.NET MVC 5 web application that enables users to log in using OAuth 2.0 with credentials from an external authentication provider, such as Facebook, Twitter, LinkedIn, Microsoft, or Google.
A:
*
You will now be redirected back to the Register page of the MvcAuth application where you can register your Google account. You have the option of changing the local email registration name used for your Gmail account, but you generally want to keep the default email alias (that is, the one you used for authentication). Click Register.
*
To connect to authentication providers like Google and Facebook, you will need to set up IIS-Express to use SSL.
Reference: Code! MVC 5 App with Facebook, Twitter, LinkedIn and Google OAuth2 Sign-on (C#)
http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on