Skip Navigation Links
 

Archive - 70-533: Implementing Microsoft Azure Infrastructure Solutions

Sample Questions

Question: 307
Measured Skill: Manage Azure Identities

A company plans to use Facebook to integrate authentication.

You need to configure the business-to-consumer (B2C) connection.

Which two security settings must you obtain?

(To answer, configure the appropriate options in the dialog box in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AIdentity: App ID
Security credential: Web oAuth Token
B Identity: App ID
Security credential: App Secret
C Identity: URI
Security credential: Client oAuth Token
D Identity: URI
Security credential: Web oAuth Token
E Identity: Namespace
Security credential: App Secret
F Identity: Namespace
Security credential: Client oAuth Token

Correct answer: B

Explanation:

To use a Facebook account as an identity provider in Azure Active Directory (Azure AD) B2C, you need to create an application in your tenant that represents it.

  1. Sign in to Facebook for developers with your Facebook account credentials.

  2. If you have not already done so, you need to register as a Facebook developer. To do this, select Register on the upper-right corner of the page, accept Facebook's policies, and complete the registration steps.

  3. Select My Apps and then click Add a New App.

  4. Enter a Display Name and a valid Contact Email.

  5. Click Create App ID. This may require you to accept Facebook platform policies and complete an online security check.

  6. Select Settings > Basic.

  7. Choose a Category, for example Business and Pages. This value is required by Facebook, but not used for Azure AD B2C.

  8. At the bottom of the page, select Add Platform, and then select Website.

  9. In Site URL, enter https://your-tenant-name.b2clogin.com/ replacing your-tenant-name with the name of your tenant. Enter a URL for the Privacy Policy URL, for example http://www.contoso.com. The policy URL is a page you maintain to provide privacy information for your application.

  10. Select Save Changes.

  11. At the top of the page, copy the value of App ID.

  12. Click Show and copy the value of App Secret. You use both of them to configure Facebook as an identity provider in your tenant. App Secret is an important security credential.

  13. Select Products, and then select Set up under Facebook Login.

  14. Select Settings under Facebook Login.

  15. In Valid OAuth redirect URIs, enter https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp. Replace your-tenant-name with the name of your tenant. Click Save Changes at the bottom of the page.

  16. To make your Facebook application available to Azure AD B2C, select App Review, set Make My Application public? to YES, and then click Confirm.


Question: 308
Measured Skill: Design and implement Azure App Service apps (15–20%)

You manage a web app named App1 in Azure App Service. App1 is a member of resource group RG1.

You plan to use a custom domain name with the web app.

The web app must have a Secure Sockets Layer (SSL) certificate associated with the custom domain name. You upload the SSL certificate to Azure and set the thumbprint to a variable named $thumbprint.

You need to use the Azure Command-Line Interface (Azure CLI) to bind the SSL certificate with the web app.

How should you complete the command?

(To answer, drag the appropriate parameters to the correct locations. Each parameter may be used once, more than once, or not at all. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

Aaz update config ssl bind --certificate-thumbprint $thumbprint --ssl-type SNI --name App1 --resource-group RG1
B az webapp ssl update bind --certificate-thumbprint $thumbprint --ssl-type SNI --name App1 --resource-group RG1
C az config deployment update bind --certificate-thumbprint $thumbprint --ssl-type SNI --name App1 --resource-group RG1
D az webapp config ssl bind --certificate-thumbprint $thumbprint --ssl-type SNI --name App1 --resource-group RG1

Correct answer: D

Explanation:

Bind an SSL certificate to a web app using Azure CLI.

az webapp config ssl bind --certificate-thumbprint
                          --name
                          --resource-group
                          --ssl-type {IP, SNI}
                          [--slot]

Required Parameters

--certificate-thumbprint

The ssl cert thumbprint.

--name -n

Name of the webapp. You can configure the default using 'az configure --defaults web='.

 

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--ssl-type

The ssl cert type.

accepted values: IP, SNI

Optional Parameters

--slot -s

The name of the slot. Default to the productions slot if not specified.

Reference: Bind an SSL certificate to a web app



Question: 309
Measured Skill: Create and Manage Compute Resources (20-25%)

You manage virtual machines (VMs) that are members of a VM scale set. You notice high memory utilization of the VMs during peak times.

You create an Azure Automation account with run-as capabilities.

You need to scale the VMs only during peak times.

Which three actions should you perform in sequence?

(To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)

www.cert2brain.com

ASequence: 2, 1, 3
B Sequence: 4, 1, 2
C Sequence: 4, 3, 2
D Sequence: 2, 1, 4

Correct answer: A

Explanation:

Vertical scaling, also known as scale up and scale down, means increasing or decreasing virtual machine (VM) sizes in response to a workload. Compare this behavior with horizontal scaling, also referred to as scale out and scale in, where the number of VMs is altered depending on the workload.

Reprovisioning means removing an existing VM and replacing it with a new one. When you increase or decrease the size of VMs in a virtual machine scale set, in some cases you want to resize existing VMs and retain your data, while in other cases you need to deploy new VMs of the new size. This document covers both cases.

Vertical scaling can be useful when:

  • A service built on virtual machines is under-utilized (for example at weekends). Reducing the VM size can reduce monthly costs.
  • Increasing VM size to cope with larger demand without creating additional VMs.

You can set up vertical scaling to be triggered based on metric based alerts from your virtual machine scale set. When the alert is activated, it fires a webhook that triggers a runbook that can scale your scale set up or down. Vertical scaling can be configured by following these steps:

  1. Create an Azure Automation account with run-as capability.
  2. Import Azure Automation Vertical Scale runbooks for virtual machine scale sets into your subscription.
  3. Add a webhook to your runbook.
  4. Add an alert to your virtual machine scale set using a webhook notification.
Reference: Vertical autoscale with virtual machine scale sets

Question: 310
Measured Skill: Create and Manage Compute Resources (20-25%)

You manage a Kubernetes cluster in Azure Container Service. You run the kubectl get pods Windows PowerShell command and receive the following output.



You need to use kubectl to set the number of virtual machines (VMs) available in the azure-vm-back deployment to five.

How should you complete the command?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

Akubectl autoscale --replicas = 1 deployment/azure-vm-back
B kubectl autoscale --replicas = 3 deployment/azure-vm-back
C kubectl get --replicas = 2 deployment/azure-vm-back
D kubectl scale --replicas = 5 deployment/azure-vm-back
E kubectl scale --replicas = 1 deployment/azure-vm-back
F kubectl deployment --replicas = 4 deployment/azure-vm-back

Correct answer: D

Explanation:

kubectl is a command line interface for running commands against Kubernetes clusters.

See the following page for an overview of the kubectl command.

kubectl Cheat Sheet

Question: 311
Measured Skill: Implement virtual networks (15–20%)

Your company has a hybrid environment. You plan to create routes to connect the Azure and on-premises resources.

Your environment uses the following IP addresses:



You need to use the Azure CLI to create the route for a front-end subnet.

How should you complete the Azure CLI command?

(To answer, drag the appropriate IP addresses or subnets to the correct locations. Each IP address or subnet may be used once, more than once, or not at all. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

APosition 1: 172.16.10.0/24
Position 2: 192.168.0.1
B Position 1: 10.0.0.0/20
Position 2: 192.168.0.1
C Position 1: 10.0.0.0/20
Position 2: 10.0.0.1
D Position 1: 192.168.0.0/24
Position 2: 10.0.0.1

Correct answer: C

Explanation:

To create a route in a route table use az network route-table route create

az network route-table route create --address-prefix
                  --name
                  --next-hop-type {Internet, None, VirtualAppliance, 
				  VirtualNetworkGateway, VnetLocal}
                  --resource-group
                  --route-table-name
                  [--next-hop-ip-address]

Examples

Create a route that forces all inbound traffic to a Network Virtual Appliance.

az network route-table route create -g MyResourceGroup --route-table-name MyRouteTable -n MyRoute \
            --next-hop-type VirtualAppliance --address-prefix 10.0.0.0/16 \
			--next-hop-ip-address 10.0.100.4

Required Parameters

--address-prefix

The destination CIDR to which the route applies.

Route name.

--next-hop-type

The type of Azure hop the packet should be sent to.

accepted values: Internet, None, VirtualAppliance, VirtualNetworkGateway, VnetLocal
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--route-table-name

Route table name.

Optional Parameters

--next-hop-ip-address

The IP address packets should be forwarded to when using the VirtualAppliance hop type.

Reference: az network route-table route





 
 
 

© Copyright 2014 - 2019 by cert2brain.com