Implementing Application Infrastructure

  1. You are working on an application that will be deployed in two different Azure Regions to allow for failover scenarios. Which of the following together make a valid solution? [Choose two.]
    1. You create one ARM template with two parameter files. The first parameter file corresponds to the first Azure region, and the second parameter file to the second Azure region. You use the ARM templates to update the infrastructure.
    2. You create an ARM template and parameter file to update the infrastructure in one region only. In the other region, you update the infrastructure manually to prevent configuration drift.
    3. You first update the infrastructure in both regions. Only when the infrastructure is updated successfully do you deploy the application to both regions.
    4. You first update the infrastructure in one region, followed by a deployment of the application. Only when this succeeds do you update the infrastructure in the other region and deploy the application to the other region.
  2. You need to deploy an Azure Resource Manager template to an Azure Resource group using an Azure DevOps pipeline. Some of the parameters that you need to use are stored in Azure Key Vault. Which of the following options combined is not a necessary part of a complete solution?
    1. Create a new Variable Group and link it to the correct Key Vault using a Service Connection.
    2. Give the Azure Active Directory Service Principal a Reader RBAC role on the correct Azure Key Vault.
    3. Configure a new Azure Resource Manager Service Connection in your Azure DevOps Project and create a new Azure Active Directory Service Principal that way.
    4. Give the Azure Active Directory Service Principal the following Access Policies on the correct Key Vault: list and get.
  1. You are tasked with creating and configuring several virtual machines in Azure. Which combination of tools should you use? [Choose two.]
    1. Azure Automation DSC
    2. Azure Runtime Runbooks
    3. ARM templates
  1. You are configuring the Azure resource group where your application will be deployed later. You are provided with a pre-created service principal for doing the deployment from Azure DevOps Pipelines. Which RBAC role assignment should you give to this service principal to deploy resources?
    1. Reader
    2. Contributor
    3. Deployer
    4. Owner
  1. You have to set up the RBAC role assignments for your teams. You want to follow the principle of least privilege. You also need to ensure that access to your team resources is available to whichever needs it. Which of the following solutions is best?
    1. You add the principal used for deployments and all team members to an Azure Active Directory group. You assign this Azure Active Directory group the contributor role on your Azure resource group.
    2. You give the principal that is used for deployment contributor rights on the resource group and all team members the reader role.
    3. You create two new Azure Active Directory groups: reader and writer. You add the service principal used for deployments to writer. You add all team members to reader. You assign the reader role to the reader group and the contributor role to the writer group.
    4. You create a new Azure Active Directory group. You add the service principal used for deployments to this group. You assign the group the contributor role. You create an escalation procedure for team members to be temporarily added to this Azure Active Directory group.
  2. Which of the following tools cannot be used for managing Azure Resources?
    1. Terraform
    2. Azure DevOps CLI
    3. Azure PowerShell
    4. CloudFormation
  1. You are practicing infrastructure as code and want to deploy an ARM template from Azure DevOps as part of your deployment process. Which of the following solutions does this in the simplest way?
    1. You execute an Azure CLI script from a Cmd task in your deployment pipeline.
    2. You execute a PowerShell script from your deployment pipeline.
    3. You use the built-in task for deployment of the ARM template.
    4. You upload the template to an Azure Storage account and use an HTTP REST call to start the deployment of the ARM template.
  2. You are transforming the way your team delivers its application by practicing everything as code. Which of the following cannot be created using Azure Blueprints or ARM templates?
    1. Azure Subscriptions
    2. Azure Active Directory Security Groups
    3. Azure RBAC custom roles
    4. Azure RBAC role assignments
  3. You are working in a team that provides Azure subscriptions and resource groups to other teams. As part of your work, you want to limit the types of Azure resources a team can create. Which of the following do you use?
    1. Azure RBAC roles and role assignments
    2. Azure Policy
    3. OWASP Zed Attack Proxy
    4. Azure Security Center
  4. What is not a benefit of working with infrastructure and configuration as code?
    1. Minimizing configuration drift
    2. Peer-review support
    3. Lower lead time on configuration changes
    4. Source control history of configuration changes
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.116.51.117