Microsoft 070-535日本語 Actual Free Exam Questions & Community Discussion

Explanation

Box 1: Azure Application Gateway
Application gateway supports SSL termination at the gateway, after which traffic typically flows unencrypted to the backend servers. This feature allows web servers to be unburdened from costly encryption and decryption overhead. However, sometimes unencrypted communication to the servers is not an acceptable option. This could be due to security requirements, compliance requirements, or the application may only accept a secure connection. For such applications, application gateway supports end to end SSL encryption.
Box 2: Azure Security Center
Azure Security Center provides unified security management and advanced threat protection across hybrid cloud workloads. With Security Center, you can apply security policies across your workloads, limit your exposure to threats, and detect and respond to attacks.
Box 3: Azure Traffic Manager
Microsoft Azure Traffic Manager allows you to control the distribution of user traffic for service endpoints in different datacenters. Service endpoints supported by Traffic Manager include Azure VMs, Web Apps, and cloud services.

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Explanation

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Explanation

Box 1: Azure IoT Hub
IoT Hub is a managed service, hosted in the cloud, that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages. You can use Azure IoT Hub to build IoT solutions with reliable and secure communications between millions of IoT devices and a cloud-hosted solution backend. You can connect virtually any device to IoT Hub.
Box 2: Not Azure IoT Hub Device Provisioning Service
The IoT Hub Device Provisioning Service is a helper service for IoT Hub that enables zero-touch, just-in-time provisioning to the right IoT hub without requiring human intervention, enabling customers to provision millions of devices in a secure and scalable manner.
Device Provisioning Service contains all the information needed to provision a device, and the information can easily be updated later in the supply chain without having to unbox and re-flash the device.
Here are some of the provisioning scenarios the Device Provisioning Service enables:
Zero-touch provisioning to a single IoT solution without requiring hardcoded IoT Hub connection information in the factory (initial setup).
Automatically configuring devices based on solution-specific needs.
Etc.
Reference:
https://docs.microsoft.com/en-us/azure/iot-hub/about-iot-hub
https://azure.microsoft.com/es-es/blog/azure-iot-hub-device-provisioning-service-preview-automates-device-con

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Explanation

Topic 2, Tailspin Toys (NEW)
Background
Security
The security team at Tailspin Toys plans to eliminate legacy authentication methods that are in use, including NTLM and Windows pass-through authentication.
Tailspin Toys needs to share resources with several business partners. You are investigating options to securely share corporate data.
Tailspin Toys has several databases that contain personally identifiable information (PII). User access PII only through the Tailspin Toys e-commerce website.
You secure apps by using on-premises Active Directory Domain Services (AD DS) credentials or Microsoft SQL Server logins.
Apps
The Tailspin Toys e-commerce site is hosted on multiple on-premises virtual machines (VMs). The VM runs either Internet Information Server (IIS) or SQL Server 2012 depending on role. The site is published to the Internet by using a single endpoint that balances the load across web servers. The site does not encrypt traffic between database servers and web servers.
The Tailspin Toys Customer Analyzer app analyzer e-commerce transactions to identify customer buying patterns, and outputs recommended product sale pricing. The app runs large processing jobs that run for
75-120 minutes several times each day. The application development team plans to replace the current solution with a parallel processing solution that scales based on computing demands.
The Tailspin Toys Human Resources (HR) app is an in-house developed app that hosts sensitive employee data. The app uses SQL authentication for Role-Based Access Control (RBAC).
Problem statement
The Tailspin Toys IT Leadership Team plans to address deficiencies in access control, data security, performance, and availability requirements. All applications must be updated to meet any new standards that are defined.
The Tailspin Toys e-commerce site was recently targeted by a cyberattack. In the attack, account information was stolen from the customer database. Transactions that were in progress during the attack were not completed. Forensic investigation of the attack has revealed that the stolen customer data was captured in transit from the database to a compromised web server.
The HR team reports that unauthorized IT employees can view sensitive employee data by using service or application accounts.
Business Requirements
Tailspin Toys e-commerce site
The business has requested that security and availability of the e-commerce site is improved to meet thefollowing requirements.
* Communication between site components must be secured to stop data breaches. If servers are breached, the data must not be readable.
* The site must be highly available at each application tier, as well as the published endpoint.
* Customers must be able to authenticate to the e-commerce site with their existing social media accounts.
Tailspin Toys Customer Analyzer app
The business requires that processing time be reduced from 75-120 minutes to 5-15 minutes.
Tailspin Toys HR app
Only authorized employees and business partners are allowed to view sensitive employee data. HR has requested a mobile experience for end users.
Technical Requirements
Security
The security team has established the following requirements for role-separation and RBAC:
* Log on hours defined in AD DS must be enforced for users that access cloud resources.
* IT operations team members must be able to deploy and manage all resources in Azure, but must not be able to grant permissions to others.
* Application development team members must be able to deploy and manage Azure Web Apps.
* SQL database administrators must be able to deploy and manage SQL databases used by TailSpin Toys application.
* Application support analysts must be able to manage resources for the application(s) for which they are
* responsible.
* Service desk analysts must be able to view service status and component settings.
* Role assignment should use the principle of least privilege.
Tailspin Toys e-commerce site
The application is currently using a pair of hardware load balancers behind a single published endpoint to load balance traffic. Customer data is hosted in a SQL Server 2012 database. Customer user accounts are stored in an AD DS instance.
The updated application and supporting infrastructure must:
* Provide high availability in the event of failure in a single Azure SQL Database instance.
* Allow secure web traffic on port 443 only.
* Enable customers to authentication with Facebook, Microsoft Live ID or other social media identities.
* Encrypt SQL data at-rest.
* Encrypt data in motion between back-end SQL database instances and web application instances.
* Prevent administrator and service accounts from viewing PII data.
* Mask account and PII data presented to end user.
* Minimize outage duration in event of an Azure datacenter failure.
* The site should scale automatically to meet customer demand.
* The site should continue to serve requests, even in the event of failure of an Azure datacenter.
* Optimize site response time by auto-directing to the closest datacenter based on customer's geographic location.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
Tailspin Toys Customer Analyzer app
The app uses several compute-intensive tasks that create long-running requests to the system, processing large amounts of data. The app runs on two large VMs that are scaled to max capacity in the corporate datacenter.
The VMs cannot be scaled up or out to meet processing demands.
The new solution must meet the following requirements:
* Schedule processing of a large amount of pricing data on an hourly basis.
* Provide parallel processing and scale-on-demand computing resources to provide additional capacity as required.
* Processing times must meet the 5-15 minute processing requirement.
* Use simultaneous compute nodes to enable high performance computing for analysis.
* Minimal administrative efforts and custom development.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.
Tailspin Toys HR app
The solution architecture must meet the following requirements:
* Integrate with Azure Active Directory (Azure AD).
* Encrypt data at rest and in-transit.
* Limit access based on location, filtered by IP addresses for corporate sites and authorized business partners.
* Mask data presented to employees.
* Must be available on mobile devices.
Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.

Explanation

From Scenario: Permissions must be assigned by using Role Based Access Control (RBAC).
The following cmdlet is used to sign-in to Azure: Add-AzureAccount
If necessary, the following Azure cmdlets can be used to select the desired subscription:
Get-AzureSubscription
Select-AzureSubscription -SubscriptionName "SomeSubscription"
Set-AzureSubscription -SubscriptionName "SomeSubscription " `
References:
https://blogs.msdn.microsoft.com/cloud_solution_architect/2015/05/14/using-a-service-principal-for-azure-powe