070-534試験無料問題集「Microsoft Architecting Microsoft Azure Solutions 認定」
Your company plans to migrate from On-Premises Exchange to Exchange Online in Office
365.
You plan to integrate your existing Active Directory Domain Services (AD DS) infrastructure with Azure AD.
You need to ensure that users can log in by using their existing AD DS accounts and passwords. You need to achieve this goal by using minimal additional systems.
Which two actions should you perform? Each answer presents part of the solution.
365.
You plan to integrate your existing Active Directory Domain Services (AD DS) infrastructure with Azure AD.
You need to ensure that users can log in by using their existing AD DS accounts and passwords. You need to achieve this goal by using minimal additional systems.
Which two actions should you perform? Each answer presents part of the solution.
正解:B,D
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
HOTSPOT
You use the Windows PowerShell Desired State Configuration (DSC) feature to configure your company's servers. Line numbers are included for reference only.
For each of the following statements, select Yes if the statement is true. Otherwise, select
No.
You use the Windows PowerShell Desired State Configuration (DSC) feature to configure your company's servers. Line numbers are included for reference only.
For each of the following statements, select Yes if the statement is true. Otherwise, select
No.
正解:
DRAG DROP
You are creating scripts to authenticate Azure monitoring tasks.
You need to authenticate according to the requirements. How should you complete the relevant Azure PowerShell script?
Develop the solution by selecting and arranging the required Azure PowerShell commands in the correct order. NOTE: You will not need all of the Azure PowerShell commands.
You are creating scripts to authenticate Azure monitoring tasks.
You need to authenticate according to the requirements. How should you complete the relevant Azure PowerShell script?
Develop the solution by selecting and arranging the required Azure PowerShell commands in the correct order. NOTE: You will not need all of the Azure PowerShell commands.
正解:
Explanation:
From Scenario: Permissions must be assigned by using Role Based Access Control (RBAC).
The following cmdlet is used to sign-in to Azure: Add-AzureAccount
If necessary, the following Azure cmdlets can be used to select the desired subscription:
Get-AzureSubscription
Select-AzureSubscription -SubscriptionName "SomeSubscription"
Set-AzureSubscription -SubscriptionName "SomeSubscription " `
References: https://blogs.msdn.microsoft.com/cloud_solution_architect/2015/05/14/using-a-service-principal-for-azure-powershell-authentication/
==========================================
Topic 1, VanArsdel, LtdOverview
VanArsdel, Ltd. builds skyscrapers, subways, and bridges. VanArsdel is a leader in using technology to do construction better.
Overview
VanArsdel employees are able to use their own mobile devices for work activities because the company recognizes that this usage enables employee productivity. Employees also access Software as a Service (SaaS) applications, including DocuSign, Dropbox, and
Citrix. The company continues to evaluate and adopt more SaaS applications for its business. VanArsdel uses Azure Active Directory (AD) to authenticate its employees, as well as Multi-Factor Authentication (MFA). Management enjoys the ease with which MFA can be enabled and disabled for employees who use cloud-based services. VanArsdel's on-premises directory contains a single forest.
Helpdesk:
VanArsdel creates a helpdesk group to assist its employees. The company sends email messages to all its employees about the helpdesk group and how to contact it. Configuring employee access for SaaS applications is often a time-consuming task. It is not always obvious to the helpdesk group which users should be given access to which SaaS applications. The helpdesk group must respond to many phone calls and email messages to solve this problem, which takes up valuable time. The helpdesk group is unable to meet the needs of VanArsdel's employees.
However, many employees do not work with the helpdesk group to solve their access problems. Instead, these employees contact their co-workers or managers to find someone who can help them. Also, new employees are not always told to contact the helpdesk group for access problems. Some employees report that they cannot see all the applications in the Access Panel that they have access to. Some employees report that they must re-enter their passwords when they access cloud applications, even though they have already authenticated.
Bring your own device (BYOD):
VanArsdel wants to continue to support users and their mobile and personal devices, but the company is concerned about how to protect corporate assets that are stored on these devices. The company does not have a strategy to ensure that its data is removed from the devices when employees leave the company.
Customer Support
VanArsdel wants a mobile app for customer profile registration and feedback. The company would like to keep track of all its previous, current, and future customers worldwide. A profile system using third-party authentication is required as well as feedback and support sections for the mobile app.
Migration:
VanArsdel plans to migrate several virtual machine (VM) workloads into Azure. They also plan to extend their on-premises Active Directory into Azure for mobile app authentication.
Business Requirements
Hybrid Solution:
* A single account and credentials for both on-premises and cloud applications
* Certain applications that are hosted both in Azure and on-site must be accessible to both VanArsdel employees and partners
* The service level agreement (SLA) for the solution requires an uptime of 99.9%
* The partners all use Hotmail.com email addresses
Mobile App:
VanArsdel requires a mobile app for project managers on construction job sites. The mobile app has the following requirements:
* The app must display partner information.
* The app must alert project managers when changes to the partner information occur.
* The app must display project information including an image gallery to view pictures of construction projects.
* Project managers must be able to access the information remotely and securely.
Security:
* VanArsdel must control access to its resources to ensure sensitive services and information are accessible only by authorized users and/or managed devices.
* Employees must be able to securely share data, based on corporate policies, with other VanArsdel employees and with partners who are located on construction job sites.
* VanArsdel management does NOT want to create and manage user accounts for partners.
Technical Requirements
Architecture:
* VanArsdel requires a non-centralized stateless architecture fonts data and services where application, data, and computing power are at the logical extremes of the network.
* VanArsdel requires separation of CPU storage and SQL services
Data Storage:
VanArsdel needs a solution to reduce the number of operations on the contractor information table. Currently, data transfer rates are excessive, and queue length for read/write operations affects performance.
* A mobile service that is used to access contractor information must have automatically scalable, structured storage
* Images must be stored in an automatically scalable, unstructured form.
Mobile Apps:
* VanArsdel mobile app must authenticate employees to the company's Active
Directory.
* Event-triggered alerts must be pushed to mobile apps by using a custom Node.js script.
* The customer support app should use an identity provider that is configured by using the Access Control Service for current profile registration and authentication.
* The customer support team will adopt future identity providers that are configured through Access Control Service.
Security:
* Active Directory Federated Server (AD FS) will be used to extend AD into Azure.
* Helpdesk administrators must have access to only the groups of Azure resources they are responsible for. Azure administration will be performed by a separate group.
* IT administrative overhead must be minimized.
* Permissions must be assigned by using Role Based Access Control (RBAC).
* Line of business applications must be accessed securely.
==========================================
DRAG DROP
You administer an Azure Virtual Machine (VM) named CON-CL1. CON-CL1 is in a cloud service named ContosoService1. You want to create a new VM named MyApp that will have a fixed IP address and be hosted by an Azure Datacenter in the US West region.
You need to assign a fixed IP address to the MyApp VM. Which Azure Power Shell cmdlets and values should you use? To answer, drag the appropriate cmdlet or value to the correct location in the PowerShell command.
Each cmdlet or value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
You administer an Azure Virtual Machine (VM) named CON-CL1. CON-CL1 is in a cloud service named ContosoService1. You want to create a new VM named MyApp that will have a fixed IP address and be hosted by an Azure Datacenter in the US West region.
You need to assign a fixed IP address to the MyApp VM. Which Azure Power Shell cmdlets and values should you use? To answer, drag the appropriate cmdlet or value to the correct location in the PowerShell command.
Each cmdlet or value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
正解:
Explanation:
Box 1: ReservedIP
Set the variable ReservedIP, which is later used in the third statement.
Box 2:New-AzureReservedIP
The New-AzureReservedIP cmdlet creates a reserved IP address.
You want to create a new VM named MyApp that will have a fixed IP address.
Box 3: West US
You want to create a new VM named MyApp that will have a fixed IP address and be hosted by an Azure Datacenter in the US West region.
Box 4: ReservedIPName
The -ReservedIPName parameter, of the New-AzureVM command, specifies the name of the reserved IP address.
Box 5: West US
The location should West US, just as in Box 3.
References:
You administer an Azure Active Directory (Azure AD) tenant where Box is configured for:
* Application Access
* Password Single Sign-on
An employee moves to an organizational unit that does not require access to Box through the Access Panel. You need to remove only Box from the list of applications only for this user. What should you do?
* Application Access
* Password Single Sign-on
An employee moves to an organizational unit that does not require access to Box through the Access Panel. You need to remove only Box from the list of applications only for this user. What should you do?
正解:C
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
DRAG DROP
You are implementing the new security requirements for the WGBCreditCruncher app.
You need to explain the security process flow to another developer. You start by navigating to the web app as it is presented to the user.
Which five actions must be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You are implementing the new security requirements for the WGBCreditCruncher app.
You need to explain the security process flow to another developer. You start by navigating to the web app as it is presented to the user.
Which five actions must be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory- authentication-scenarios
HOTSPOT
You are reviewing an Azure Resource Manager (ARM) template that is used to deploy a
Web App to multiple regions. The template contains the following JSON code:
How should you implement the deployment configuration? To answer, select the appropriate option in the answer area.
You are reviewing an Azure Resource Manager (ARM) template that is used to deploy a
Web App to multiple regions. The template contains the following JSON code:
How should you implement the deployment configuration? To answer, select the appropriate option in the answer area.
正解:
DRAG DROP
You need to implement testing for the DataManager mobile application.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You need to implement testing for the DataManager mobile application.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
正解:
Explanation:
References:
https://docs.microsoft.com/en-us/azure/application-insights/app-insights-monitor-web-app- availability#multi-step-web-tests
DRAG DROP
You are developing an application that will send push notifications to registered devices.
You perform the following actions:
*set up a notification hub with the correct push credentials
*register the device application with the platform notification system and the hub
*update the back-end to send notifications.
You need to debug push notifications by sending test notifications to registered devices in a controlled way.
For each action, which tool should you implement? To answer, drag the appropriate tool to the correct action. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
You are developing an application that will send push notifications to registered devices.
You perform the following actions:
*set up a notification hub with the correct push credentials
*register the device application with the platform notification system and the hub
*update the back-end to send notifications.
You need to debug push notifications by sending test notifications to registered devices in a controlled way.
For each action, which tool should you implement? To answer, drag the appropriate tool to the correct action. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
正解:
Explanation:
References: https://msdn.microsoft.com/library/dn530751.aspx
HOTSPOT
You are migrating an on-premises application to Azure. The application requires secure storage of database connection strings. When the application is running locally, the connection strings are encrypted with an X509 certificate prior to being stored on disk. The
X509 certificate is part of a trust chain to allow the certificate to be revoked by the
Certificate Authority of a security breech is suspected.
The application must run on Azure. The X509 certificate must never be stored on disk or in
RAM memory. A Certificate Authority must be able to revoke the certificate.
You need to configure Azure Key value.
How should you construct the Azure PowerShell script? To answer, select the appropriate
Azure PowerShell commands in the answer area.
You are migrating an on-premises application to Azure. The application requires secure storage of database connection strings. When the application is running locally, the connection strings are encrypted with an X509 certificate prior to being stored on disk. The
X509 certificate is part of a trust chain to allow the certificate to be revoked by the
Certificate Authority of a security breech is suspected.
The application must run on Azure. The X509 certificate must never be stored on disk or in
RAM memory. A Certificate Authority must be able to revoke the certificate.
You need to configure Azure Key value.
How should you construct the Azure PowerShell script? To answer, select the appropriate
Azure PowerShell commands in the answer area.
正解:
