Refresh AZ-203 Bundle 2021

NEW QUESTION 1
HOTSPOT
Your company is migrating applications to Azure. The IT department must allow internal developers to communicate with Microsoft support.
The service agents of the IT department must only have view resources and create support ticket permissions to all subscriptions. A new custom role must be created by reusing a default role definition and changing the permissions.
You need to create the custom role.
To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

Case Study: 1
Coho Winery
Overview
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference infonnation that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, dick the Next button Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
LabelMaker app
Coho Winery produces, bottles, and distributes a variety of wines globally. You are a developer implementing highly scalable and resilient applications to support online order processing by using Azure solutions.
Coho Winery has a LabelMaker application that prints labels for wine bottles. The application sends data to several printers. The application consists of five modules that run independently on virtual machines (VMs). Coho Winery plans to move the application to Azure and continue to support label creation.
External partners send data to the LabelMaker application to include artwork and text for custom label designs.
Requirements
Data
You identify the following requirements for data management and manipulation:
• Order data is stored as nonrelational JSON and must be queried using Structured Query Language (SQL).
• Changes to the Order data must reflect immediately across all partitions. All reads to the Order data must fetch the most recent writes.
Security
You have the following security requirements:
• Users of Coho Winery applications must be able to provide access to documents, resources, and applications to external partners.
• External partners must use their own credentials and authenticate with their organization's identity management solution.
• External partner logins must be audited monthly for application use by a user account administrator to maintain company compliance.
• Storage of e-commerce application settings must be maintained in Azure Key Vault.
• E-commerce application sign-ins must be secured by using Azure App Service authentication and Azure Active Directory (AAD).
• Conditional access policies must be applied at the application level to protect company content.
• The LabelMaker application must be secured by using an AAD account that has full access to all namespaces of the Azure Kubernetes Service (AKS) cluster.
LabelMaker app
Azure Monitor Container Health must be used to monitor the performance of workloads that are deployed to Kubernetes environments and hosted on Azure Kubernetes Service (AKS).
You must use Azure Container Registry to publish images that support the AKS deployment.
Architecture

Issues
Calls to the Printer API App fall periodically due to printer communication timeouts. Printer communication timeouts occur after 10 seconds. The label printer must only
receive up to 5 attempts within one minute
The order workflow fails to run upon initial deployment to Azure.
Order.Json
Relevant portions oi the app files are shown below. Line numbers are included for reference only. The JSON file contains a representation of the data for an order that includes a single item.

NEW QUESTION 2
HOTSPOT
You are creating an app that uses Event Grid to connect with other services. Your app's event data will be sent to a serverless function that checks compliance. This function is maintained by your company.
You write a new event subscription at the scope of your resource. The event must be invalidated after 3 specific period of time. You need to configure Event Grid to ensure security.
What should you implement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: SAS tokens
Custom topics use either Shared Access Signature (SAS) or key authentication. Microsoft recommends SAS, but key authentication provides simple programming, and is compatible with many existing webhook publishers.
In this case we need the expiration time provided by SAS tokens. Box 2: ValidationCode handshake
Event Grid supports two ways of validating the subscription:
ValidationCode handshake (programmatic) and ValidationURL handshake (manual).
If you control the source code for your endpoint, this method is recommended. Incorrect Answers:
ValidationURL handshake (manual): In certain cases, you can't access the source code of the endpoint to implement the ValidationCode handshake. For example, if you use a third-party service (like Zapier or IFTTT), you can't programmatically respond with the validation code.
References:
https://docs.microsoft.com/en-us/azure/event-grid/security-authentication

NEW QUESTION 3
HOTSPOT
You are developing an app that manages users for a video game. You plan to store the region, email address, and phone number for the player. Some players may not have a phone number. The player's region will be used to load-balance data.
Data foe the app must be stored in Azure Table Storage.
You need to develop code to retrieve data for an individual player.
How should you complete the code? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 4
HOTSPOT
You have an app that stores player scores for an online game. The app stores data in Azure tables using a class named PlayerScore as the table entity. The table is populated with 100,000 records.
You are reviewing the following section of code that is intended to retrieve 20 records where the player score exceeds 15,000. (Line numbers are included for reference only.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 5
DRAG DROP
You need to add code at line PC32 in Processing.es to implement the GetCredentials method in the Processing class.
How should you complete the code? To answer, drag the appropriate code segments to the correct locations. Each code segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 6
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Margie's Travel is an international travel and bookings management service. The company is expanding into restaurant bookings. You are tasked with implementing Azure Search tor the restaurants listed in their solution.
You create the index in Azure Search.
You need to import the restaurant data into the Azure Search service by using the Azure Search NET SDK.
Solution:
1. Create a SearchServiceClient object to connect to the search index.

• A. Mastered
• B. Not Mastered

Answer: A

NEW QUESTION 7
DRAG DROP
You need to deploy a new version of the LabelMaker application.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Step 1: Build a new application image by using dockerfile
Step 2: Create an alias if the image with the fully qualified path to the registry
Before you can push the image to a private registry, you’ve to ensure a proper image name. This can be achieved using the docker tag command. For demonstration purpose, we’ll use Docker’s hello world image, rename it and push it
to ACR.
# pulls hello-world from the public docker hub
$ docker pull hello-world
# tag the image in order to be able to push it to a private registry
$ docker tag hello-word <REGISTRY_NAME>/hello-world
# push the image
$ docker push <REGISTRY_NAME>/hello-world Step 3: Log in to the registry and push image
In order to push images to the newly created ACR instance, you need to login to ACR form the Docker CLI. Once logged in, you can push any existing docker image to your ACR instance.
Scenario:
Coho Winery plans to move the application to Azure and continue to support label creation.
LabelMaker app
Azure Monitor Container Health must be used to monitor the performance of workloads that are deployed to Kubernetes environments and hosted on Azure Kubernetes Service (AKS).
You must use Azure Container Registry to publish images that support the AKS deployment.
References:
https://thorsten-hans.com/how-to-use-a-private-azure-container-registry-with- kubernetes-9b86e67b93b6
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-tutorial- quick-task

NEW QUESTION 8
HOTSPOT
You have an Azure Batch project that processes and converts files and stores the
files in Azure storage. You are developing a function to start the batch job. You add the following parameters to the function:

You must ensure that converted files are placed in the container referenced by the outputContainerSasUrl parameter. Files which fail to convert are placed in the container referenced by the failedContainerSasUrt parameter.
You need to ensure the files are correctly processed.
How should you complete the code segment? To answer, select the appropriate options in the answer area.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
EnableJob
TaskFailure
Taskcompletion
ResourceFiles

NEW QUESTION 9
You develop a serverless application using several Azure Functions. These functions connect to data from within the code.
You want to configure tracing for an Azure Function App project. You need to change configuration settings in the hostjson file. Which tool should you use?

• A. Azure portal
• B. Azure PowerShell
• C. Azure Functions Core Tools (Azure CLI)
• D. Visual Studio

Answer: C

NEW QUESTION 10
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that the SecurityPin security requirements are met.
Solution: Using the Azure Portal, add Data Masking to the SecurityPin column, and exclude the dbo user. Add a SQL security policy with a filter predicate based on the user identity.
Does the solution meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 11
HOTSPOT
You need to tool code at line LE03 of Login Event to ensure that all authentication events are processed correctly. How should you complete the code? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 12
You need to resolve a notification latency issue.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point

• A. Ensure that the Azure Function is using an App Service plan.
• B. Set Always On to false
• C. Ensure that the Azure Function is set to use a consumption plan.
• D. Set Always On to true.

Answer: AD

Explanation:
Azure Functions can run on either a Consumption Plan or a dedicated App Service Plan. If you run in a dedicated mode, you need to turn on the Always On setting for your Function App to run properly. The Function runtime will go idle after a few minutes of inactivity, so only HTTP triggers will actually "wake up" your functions. This is similar to how WebJobs must have Always On enabled.
Scenario: Notification latency: Users report that anomaly detection emails can sometimes arrive several minutes after an anomaly is detected.
Anomaly detection service: You have an anomaly detection service that analyzes log information for anomalies. It is implemented as an Azure Machine Learning model. The model is deployed as a web service.
If an anomaly is detected, an Azure Function that emails administrators is called by using an HTTP WebHook.
References:
https://github.com/Azure/Azure-Functions/wiki/Enable-Always-On-when-running-on-dedicated-App-Service-Plan

NEW QUESTION 13
You need to access user claims in the e-commerce web app* What should you do first?

• A. Update the e-commerce web app to read the HTTP request header values.
• B. Assign the Contributor RBAC role to the e-commerce web app by using the Resource Manager create role assignment API.
• C. Write custom code to make a Microsoft Graph API call from the e-commerce web app.
• D. Using the Azure CU enable Cross-origin resource sharing (CORS) from the e- commerce checkout API to the e-commerce web app

Answer: C

NEW QUESTION 14
HOTSPOT
You are creating a CU script that creates an Azure web app and related services m Azure App Service. The web app uses the following variables:

You need to automatically deploy code from GitHub to the newly created web app. How should you complete the script? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 15
You develop a gateway solution for a public facing news API. The news API back end is implemented as a RESTfuI service and uses an OpenAPI specification. You need to ensure that you can access the news API by using an Azure API Management service instance.
Which Azure PowerShell command should you run?
A)

B)

C)

D)

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: D

NEW QUESTION 16
You need to implement the e-commerce checkout API.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. In the Azure Function App, enable Manger Service Identity (MSI).
• B. Set the function template's Mode property to Webhook and the Webhook type property to Generic JSON
• C. Set the function template's Mode property to Webhook and the Webhook type property to GitHub.
• D. Create an Azure Function using the HTTP POST function template.
• E. In the Azure Function App, enable Cross-Origin Resource Sharing (CORS) with all origins permitted.
• F. Create an Azure Function using the Generic webhook function template.

Answer: CDF

Explanation:
Case Study: 2
Litware Inc
Overview
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference infonnation that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, dick the Next button Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overwiew Background
You are a developer for Litware Inc., a SaaS company that provides a solution for managing employee expenses. The solution consists of an ASP.NET Core Web API project that is deployed as an Azure Web App.
Overall architecture
Employees upload receipts for the system to process. When processing is complete, the employee receives a summary report email that details the processing results. Employees then use a web application to manage their receipts and perform any additional tasks needed for reimbursement
Receipt processing
Employees may upload receipts in two ways:
• Uploading using an Azure Files mounted folder
• Uploading using the web application Data Storage
Receipt and employee information is stored in an Azure SQL database.
Documentation
Employees are provided with a getting started document when they first use the solution. The documentation includes details on supported operating systems for Azure File upload, and instructions on how to configure the mounted folder.
Solution details Users table

Web Application
You enable MSI for the Web App and configure the Web App to use the security principal name,
Processing
Processing is performed by an Azure Function that uses version 2 of the Azure Function runtime. Once processing is completed, results are stored in Azure Blob. Storage and an Azure SQL database. Then, an email summary is sent to the user with a link to the processing report. The link to the report must remain valid if the email is forwarded to another user.
Requirements Receipt processing
Concurrent processing of a receipt must be prevented.
Logging
Azure Application Insights is used for telemetry and logging in both the processor and the web application. The processor also has Trace Writer logging enabled. Application Insights must always contain all log messages.
Disaster recovery
Regional outage must not impact application availability. All DR operations must not be dependent on application running and must ensure that data in the DR region is up to date.
Security
Users' SecurityPin must be stored in such a way that access to the database does not allow the viewing of SecurityPins. The web application is the only system that should have access to SecurityPins.
All certificates and secrets used to secure data must be stored in Azure Key Vault. You must adhere to the Least Privilege Principal.
All access to Azure Storage and Azure SQL database must use the application's Managed Service Identity (MSI).
Receipt data must always be encrypted at rest. All data must be protected in transit,
User's expense account number must be visible only to logged in users. All other views of the expense account number should include only the last segment, with the remaining parts obscured.
In the case of a security breach, access to all summary reports must be revoked without impacting other parts of the system.
Issues
Upload format issue
Employees occasionally report an issue with uploading a receipt using the web application. They report that when they upload a receipt using the Azure File Share,
the receipt does not appear in their profile. When this occurs, they delete the file in the file share and use the web application, which returns a 500 Internal Server error page.
Capacity issue
During busy periods, employees report long delays between the time they upload the receipt and when it appears in the web application.
Log capacity issue
Developers report that the number of log messages in the trace output for the processor is too high, resulting in lost log messages-
Application code Processing.cs


Database.cs

ReceiptUploader.cs

ConfigureSSE.ps1

NEW QUESTION 17
DRAG DROP
You develop a gateway solution for a public facing news API.
The news API back end is implemented as a RESTful sen/ice and hosted in an Azure App Service instance.
You need to configure back-end authentication for the API Management service instance.
Which target and gateway credential type should you use? To answer, drag the appropriate values to the correct parameters. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 18
You need to resolve the Policy Loss issue.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

• A. Add an Azure Event Hu
• B. Send the policy to the event hu
• C. Configure the Policy service to read actions from the event hub.
• D. Add an Azure Service Bus queu
• E. Send the policy to the queu
• F. Configure the Policy service to read actions from the queue.
• G. Add an Azure Queue storage queu
• H. Send the policy to the queu
• I. Configure the Policy service to read actions from the queue.
• J. Add an Azure Service Bus topi
• K. Send the policy to the topi
• L. Configure the Policy service to read actions from the topic.

Answer: BD

NEW QUESTION 19
You need to troubleshoot the order workflow.
What should you do? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. Review the run history.
• B. Review the trigger history.
• C. Review the API connections.
• D. Review the activity log.

Answer: BD

Explanation:
Scenario: The order workflow fails to run upon initial deployment to Azure. Deployment errors arise from conditions that occur during the deployment process. They appear in the activity log.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group- audit

NEW QUESTION 20
You are developing a project management service by using ASP.NET. The service hosts conversations, files, to-do lists, and a calendar that users can interact with at any time.
The application uses Azure Search for allowing users to search for keywords in the project data.
You need to implement code that creates the object which is used to create indexes in the Azure Search service.
Which two objects should you use? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. SearchService
• B. SearchlndexCIient
• C. SearchServiceClient
• D. SearchCredentials

Answer: CD

NEW QUESTION 21
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it As a result these questions will not appear in the review screen.
You need to ensure that authentication events are triggered and processed according to the policy.
Solution: Create a new Azure Event Grid topic and add a subscription for the events. Does the solution meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Use a separate Azure Event Grid topics and subscriptions for sign-in and sign-out events.
Scenario: Authentication events are used to monitor users signing in and signing out. All authentication events must be processed by Policy service. Sign outs must be processed as quickly as possible.

NEW QUESTION 22
You need to meet the LabelMaker security requirement. What should you do?

• A. Create a conditional access policy and assign it to the Azure Kubernetes Service duster
• B. Place the Azure Active Directory account into an Azure AD grou
• C. Create a ClusterRoleBinding and assign it to the group.
• D. Create a Microsoft Azure Active Directory service principal and assign it to the Azure Kubernetes Service (AKS) duster.
• E. Create a RoleBinding and assign it to the Azure AD account.

Answer: D

NEW QUESTION 23
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
You need to meet the LabelMaker application security requirement.
Solution: Place the Azure Active Directory account into an Azure AD group. Create a ClusterRoleBinding and assign it to the group.
Does the solution meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
Scenario: The LabelMaker applications must be secured by using an AAD account that has full access to all namespaces of the Azure Kubernetes Service (AKS) cluster.
Permissions can be granted within a namespace with a RoleBinding, or cluster-wide with a ClusterRoleBinding.
References:
https://kubernetes.io/docs/reference/access-authn-authz/rbac/

NEW QUESTION 24
Note: This question is part of a series of questions that present the same scenario.
Each question in the series contains a unique solution. Determine whether the solution meets the stated goals. You need to meet the LabelMaket application
Solution; Create a conditional access policy and assign it to the Azure Kubernetes service cluster.
Does the solution meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Scenario: The LabelMaker applications must be secured by using an AAD account that has full access to all namespaces of the Azure Kubernetes Service (AKS) cluster.
Before an Azure Active Directory account can be used with the AKS cluster, a role binding or cluster role binding needs to be created.
References:
https://docs.microsoft.com/en-us/azure/aks/aad-integration

NEW QUESTION 25
You develop a website. You plan to host the website in Azure. You expect the website to experience high traffic volumes after it is published. You must ensure that the website remains available and responsive while minimizing cost. You need to deploy the website. What should you do?

• A. Deploy the website to an App Service that uses the Shared service tie
• B. Configure the App Service plan to automatically scale when the CPU load is high.
• C. Deploy the website to a virtual machin
• D. Configure the virtual machine to automatically scale when the CPU load is high.
• E. Deploy the website to an App Service that uses the Standard service tie
• F. Configure the App Service plan to automatically scale when the CPU load is high.
• G. Deploy the website to a virtual machin
• H. Configure a Scale Set to increase the virtual machine instance count when the CPU load

Answer: C

NEW QUESTION 26
......