You need to recommend a solution for configuring the Azure Multi-Factor Authentication (MFA) settings. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You configure OAuth2 authorization in API Management as shown in the exhibit. Use the drop-domain to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
You have an Azure blueprint named BP1. The properties of BP1 are shown in the Properties exhibit. (Click the Properties tab.) The basic configuration of the blueprint is shown in the Basics exhibit. (Click the Basics tab.) The artifacts attached to BP1 are shown in the Artifacts exhibit. (Click the Artifacts tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation: Box 1: No BP1 is in draft mode. When a blueprint is first created, it's considered to be in Draft mode. When it's ready to be assigned, it needs to be Published. Box 2: No The BP1 artifacts include one Policy assignment and a Resource group, but no Role assignments. Note: Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as: Role Assignments Policy Assignments Azure Resource Manager templates (ARM templates) Resource Groups Box 3: Yes Yes, the BP1 artifacts include a Resource group. Reference: https://docs.microsoft.com/en-us/azure/governance/blueprints/overview
Question 34
Your company wants to use an Azure Active Directory (Azure AD) hybrid identity solution. You need to ensure that users can authenticate if the internet connection to the on-premises Active Directory is unavailable. The solution must minimize authentication prompts for the users. What should you include in the solution?
Correct Answer: C
With Password hash synchronization + Seamless SSO the authentication is in the cloud. Incorrect Answers: Pass-through Authentication and federation rely on on-premises infrastructure. Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn
Question 35
You need to recommend a solution to meet the database retention requirement. What should you recommend?
Correct Answer: A
Topic 1, Fabrikam, inc Case Study A Overview: Existing Environment Fabrikam, Inc. is an engineering company that has offices throughout Europe. The company has a main office in London and three branch offices in Amsterdam Berlin, and Rome. Active Directory Environment: The network contains two Active Directory forests named corp.fabnkam.com and rd.fabrikam.com. There are no trust relationships between the forests. Corp.fabrikam.com is a production forest that contains identities used for internal user and computer authentication. Rd.fabrikam.com is used by the research and development (R&D) department only. Network Infrastructure: Each office contains at least one domain controller from the corp.fabrikam.com domain. The main office contains all the domain controllers for the rd.fabrikam.com forest. All the offices have a high-speed connection to the Internet. An existing application named WebApp1 is hosted in the data center of the London office. WebApp1 is used by customers to place and track orders. WebApp1 has a web tier that uses Microsoft Internet Information Services (IIS) and a database tier that runs Microsoft SQL Server 2016. The web tier and the database tier are deployed to virtual machines that run on Hyper-V. The IT department currently uses a separate Hyper-V environment to test updates to WebApp1. Fabrikam purchases all Microsoft licenses through a Microsoft Enterprise Agreement that includes Software Assurance. Problem Statement: The use of Web App1 is unpredictable. At peak times, users often report delays. Al other times, many resources for WebApp1 are underutilized. Requirements: Planned Changes: Fabrikam plans to move most of its production workloads to Azure during the next few years. As one of its first projects, the company plans to establish a hybrid identity model, facilitating an upcoming Microsoft Office 365 deployment All R&D operations will remain on-premises. Fabrikam plans to migrate the production and test instances of WebApp1 to Azure. Technical Requirements: Fabrikam identifies the following technical requirements: * Web site content must be easily updated from a single point. * User input must be minimized when provisioning new app instances. * Whenever possible, existing on premises licenses must be used to reduce cost. * Users must always authenticate by using their corp.fabrikam.com UPN identity. * Any new deployments to Azure must be redundant in case an Azure region fails. * Whenever possible, solutions must be deployed to Azure by using platform as a service (PaaS). * An email distribution group named IT Support must be notified of any issues relating to the directory synchronization services. * Directory synchronization between Azure Active Directory (Azure AD) and corp.fabhkam.com must not be affected by a link failure between Azure and the on premises network. Database Requirements: Fabrikam identifies the following database requirements: * Database metrics for the production instance of WebApp1 must be available for analysis so that database administrators can optimize the performance settings. * To avoid disrupting customer access, database downtime must be minimized when databases are migrated. * Database backups must be retained for a minimum of seven years to meet compliance requirement Security Requirements: Fabrikam identifies the following security requirements: *Company information including policies, templates, and data must be inaccessible to anyone outside the company *Users on the on-premises network must be able to authenticate to corp.fabrikam.com if an Internet link fails. *Administrators must be able authenticate to the Azure portal by using their corp.fabrikam.com credentials. *All administrative access to the Azure portal must be secured by using multi-factor authentication. *The testing of WebApp1 updates must not be visible to anyone outside the company.
