Question 1 π₯
This is case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answer and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an AllInformation tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.Background -Security -The security team at Tailspin Toys plans to eliminate legacy authentication methods that are in use, including NTLM and Windows pass-through authentication.Tailspin Toys needs to share resources with several business partners. You are investigating options to securely share corporate data.Tailspin Toys has several databases that contain personally identifiable information (PII). User access PII only through the Tailspin Toys e-commerce website.You secure apps by using on-premises Active Directory Domain Services (AD DS) credentials or Microsoft SQL Server logins.Apps -The Tailspin Toys e-commerce site is hosted on multiple on-premises virtual machines (VMs). The VM runs either Internet Information Server (IIS) or SQL Server2012 depending on role. The site is published to the Internet by using a single endpoint that balances the load across web servers. The site does not encrypt traffic between database servers and web servers.The Tailspin Toys Customer Analyzer app analyzer e-commerce transactions to identify customer buying patterns, and outputs recommended product sale pricing. The app runs large processing jobs that run for 75-120 minutes several times each day. The application development team plans to replace the current solution with a parallel processing solution that scales based on computing demands.The Tailspin Toys Human Resources (HR) app is an in-house developed app that hosts sensitive employee data. The app uses SQL authentication for Role-Based Access Control (RBAC).Problem statement -The Tailspin Toys IT Leadership Team plans to address deficiencies in access control, data security, performance, and availability requirements. All applications must be updated to meet any new standards that are defined.The Tailspin Toys e-commerce site was recently targeted by a cyberattack. In the attack, account information was stolen from the customer database.Transactions that were in progress during the attack were not completed. Forensic investigation of the attack has revealed that the stolen customer data was captured in-transit from the database to a compromised web server.The HR team reports that unauthorized IT employees can view sensitive employee data by using service or application accounts.Business Requirements -Tailspin Toys e-commerce site -The business has requested that security and availability of the e-commerce site is improved to meet the following requirements.β Communication between site components must be secured to stop data breaches. If servers are breached, the data must not be readable.β The site must be highly available at each application tier, as well as the published endpoint.β Customers must be able to authenticate to the e-commerce site with their existing social media accounts.Tailspin Toys Customer Analyzer appThe business requires that processing time be reduced from 75-120 minutes to 5-15 minutes.Tailspin Toys HR app -Only authorized employees and business partners are allowed to view sensitive employee data. HR has requested a mobile experience for end users.Technical Requirements -Security -The security team has established the following requirements for role-separation and RBAC:β Log on hours defined in AD DS must be enforced for users that access cloud resources.β IT operations team members must be able to deploy and manage all resources in Azure, but must not be able to grant permissions to others.β Application development team members must be able to deploy and manage Azure Web Apps.β SQL database administrators must be able to deploy and manage SQL databases used by TailSpin Toys applications.β Application support analysts must be able to manage resources for the application(s) for which they are responsible.β Service desk analysts must be able to view service status and component settings.Role assignment should use the principle of least privilege.Tailspin Toys e-commerce site -The application is currently using a pair of hardware load balancers behind a single published endpoint to load balance traffic. Customer data is hosted in a SQLServer 2012 database. Customer user accounts are stored in an AD DS instance.The updated application and supporting infrastructure must:β Provide high availability in the event of failure in a single Azure SQL Database instance.β Allow secure web traffic on port 443 only.β Enable customers to authentication with Facebook, Microsoft Live ID or other social media identities.β Encrypt SQL data at-rest.β Encrypt data in motion between back-end SQL database instances and web application instances.β Prevent administrator and service accounts from viewing PII data.β Mask account and PII data presented to end user.β Minimize outage duration in event of an Azure datacenter failure.β The site should scale automatically to meet customer demand.β The site should continue to serve requests, even in the event of failure of an Azure datacenter.β Optimize site response time by auto-directing to the closest datacenter based on customer's geographic location.Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.Tailspin Toys Customer Analyzer appThe app uses several compute-intensive tasks that create long-running requests to the system, processing large amounts of data. The app runs on two large VMs that are scaled to max capacity in the corporate datacenter. The VMs cannot be scaled up or out to meet processing demands.The new solution must meet the following requirements:β Schedule processing of a large amount of pricing data on an hourly basis.β Provide parallel processing and scale-on-demand computing resources to provide additional capacity as required.β Processing times must meet the 5-15 minute processing requirement.β Use simultaneous compute nodes to enable high performance computing for analysis.β Minimal administrative efforts and custom development.Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.Tailspin Toys HR app -The solution architecture must meet the following requirements:β Integrate with Azure Active Directory (Azure AD).β Encrypt data at rest and in-transit.β Limit access based on location, filtered by IP addresses for corporate sites and authorized business partners.β Mask data presented to employees.β Must be available on mobile devices.Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You need to recommend a solution architecture for the Tailspin Toys e-commerce website for app tier, data tier, and user authentication.Solution:β Web App hosted in Azure virtual machinesβ App data stored in Azure SQL Server 2016, hosted in Azure virtual machinesβ Authentication provided through Azure AD business-to-consumer (B2C)β Solution deployed to multiple Azure regional datacentersβ Load balancing with Azure Traffic ManagerDoes the solution meet the goal?
Question 2 π₯
This is case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answer and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an AllInformation tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.Background -Security -The security team at Tailspin Toys plans to eliminate legacy authentication methods that are in use, including NTLM and Windows pass-through authentication.Tailspin Toys needs to share resources with several business partners. You are investigating options to securely share corporate data.Tailspin Toys has several databases that contain personally identifiable information (PII). User access PII only through the Tailspin Toys e-commerce website.You secure apps by using on-premises Active Directory Domain Services (AD DS) credentials or Microsoft SQL Server logins.Apps -The Tailspin Toys e-commerce site is hosted on multiple on-premises virtual machines (VMs). The VM runs either Internet Information Server (IIS) or SQL Server2012 depending on role. The site is published to the Internet by using a single endpoint that balances the load across web servers. The site does not encrypt traffic between database servers and web servers.The Tailspin Toys Customer Analyzer app analyzer e-commerce transactions to identify customer buying patterns, and outputs recommended product sale pricing. The app runs large processing jobs that run for 75-120 minutes several times each day. The application development team plans to replace the current solution with a parallel processing solution that scales based on computing demands.The Tailspin Toys Human Resources (HR) app is an in-house developed app that hosts sensitive employee data. The app uses SQL authentication for Role-Based Access Control (RBAC).Problem statement -The Tailspin Toys IT Leadership Team plans to address deficiencies in access control, data security, performance, and availability requirements. All applications must be updated to meet any new standards that are defined.The Tailspin Toys e-commerce site was recently targeted by a cyberattack. In the attack, account information was stolen from the customer database.Transactions that were in progress during the attack were not completed. Forensic investigation of the attack has revealed that the stolen customer data was captured in-transit from the database to a compromised web server.The HR team reports that unauthorized IT employees can view sensitive employee data by using service or application accounts.Business Requirements -Tailspin Toys e-commerce site -The business has requested that security and availability of the e-commerce site is improved to meet the following requirements.β Communication between site components must be secured to stop data breaches. If servers are breached, the data must not be readable.The site must be highly available at each application tier, as well as the published endpoint.β Customers must be able to authenticate to the e-commerce site with their existing social media accounts.Tailspin Toys Customer Analyzer appThe business requires that processing time be reduced from 75-120 minutes to 5-15 minutes.Tailspin Toys HR app -Only authorized employees and business partners are allowed to view sensitive employee data. HR has requested a mobile experience for end users.Technical Requirements -Security -The security team has established the following requirements for role-separation and RBAC:β Log on hours defined in AD DS must be enforced for users that access cloud resources.β IT operations team members must be able to deploy and manage all resources in Azure, but must not be able to grant permissions to others.β Application development team members must be able to deploy and manage Azure Web Apps.β SQL database administrators must be able to deploy and manage SQL databases used by TailSpin Toys applications.β Application support analysts must be able to manage resources for the application(s) for which they are responsible.β Service desk analysts must be able to view service status and component settings.β Role assignment should use the principle of least privilege.Tailspin Toys e-commerce site -The application is currently using a pair of hardware load balancers behind a single published endpoint to load balance traffic. Customer data is hosted in a SQLServer 2012 database. Customer user accounts are stored in an AD DS instance.The updated application and supporting infrastructure must:β Provide high availability in the event of failure in a single Azure SQL Database instance.β Allow secure web traffic on port 443 only.β Enable customers to authentication with Facebook, Microsoft Live ID or other social media identities.β Encrypt SQL data at-rest.β Encrypt data in motion between back-end SQL database instances and web application instances.β Prevent administrator and service accounts from viewing PII data.β Mask account and PII data presented to end user.β Minimize outage duration in event of an Azure datacenter failure.β The site should scale automatically to meet customer demand.β The site should continue to serve requests, even in the event of failure of an Azure datacenter.β Optimize site response time by auto-directing to the closest datacenter based on customer's geographic location.Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.Tailspin Toys Customer Analyzer appThe app uses several compute-intensive tasks that create long-running requests to the system, processing large amounts of data. The app runs on two large VMs that are scaled to max capacity in the corporate datacenter. The VMs cannot be scaled up or out to meet processing demands.The new solution must meet the following requirements:β Schedule processing of a large amount of pricing data on an hourly basis.β Provide parallel processing and scale-on-demand computing resources to provide additional capacity as required.β Processing times must meet the 5-15 minute processing requirement.β Use simultaneous compute nodes to enable high performance computing for analysis.β Minimal administrative efforts and custom development.Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.Tailspin Toys HR app -The solution architecture must meet the following requirements:β Integrate with Azure Active Directory (Azure AD).β Encrypt data at rest and in-transit.β Limit access based on location, filtered by IP addresses for corporate sites and authorized business partners.β Mask data presented to employees.β Must be available on mobile devices.Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You need to recommend a solution architecture for the Tailspin Toys e-commerce website for app tier, data tier, and user authentication.Solution:β Mobile App based on Azure App Serviceβ App data stored in DocumentDBβ Authentication provided through Azure AD business-to-business (B2B)β Solution deployed to multiple Azure regional datacentersβ Load balancing with virtual applianceDoes the solution meet the goal?
Question 3 π₯
DRAG DROP -This is case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answer and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an AllInformation tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.Background -Security -The security team at Tailspin Toys plans to eliminate legacy authentication methods that are in use, including NTLM and Windows pass-through authentication.Tailspin Toys needs to share resources with several business partners. You are investigating options to securely share corporate data.Tailspin Toys has several databases that contain personally identifiable information (PII). User access PII only through the Tailspin Toys e-commerce website.You secure apps by using on-premises Active Directory Domain Services (AD DS) credentials or Microsoft SQL Server logins.Apps -The Tailspin Toys e-commerce site is hosted on multiple on-premises virtual machines (VMs). The VM runs either Internet Information Server (IIS) or SQL Server2012 depending on role. The site is published to the Internet by using a single endpoint that balances the load across web servers. The site does not encrypt traffic between database servers and web servers.The Tailspin Toys Customer Analyzer app analyzer e-commerce transactions to identify customer buying patterns, and outputs recommended product sale pricing. The app runs large processing jobs that run for 75-120 minutes several times each day. The application development team plans to replace the current solution with a parallel processing solution that scales based on computing demands.The Tailspin Toys Human Resources (HR) app is an in-house developed app that hosts sensitive employee data. The app uses SQL authentication for Role-Based Access Control (RBAC).Problem statement -The Tailspin Toys IT Leadership Team plans to address deficiencies in access control, data security, performance, and availability requirements. All applications must be updated to meet any new standards that are defined.The Tailspin Toys e-commerce site was recently targeted by a cyberattack. In the attack, account information was stolen from the customer database.Transactions that were in progress during the attack were not completed. Forensic investigation of the attack has revealed that the stolen customer data was captured in-transit from the database to a compromised web server.The HR team reports that unauthorized IT employees can view sensitive employee data by using service or application accounts.Business Requirements -Tailspin Toys e-commerce site -The business has requested that security and availability of the e-commerce site is improved to meet the following requirements.β Communication between site components must be secured to stop data breaches. If servers are breached, the data must not be readable.β The site must be highly available at each application tier, as well as the published endpoint.β Customers must be able to authenticate to the e-commerce site with their existing social media accounts.Tailspin Toys Customer Analyzer appThe business requires that processing time be reduced from 75-120 minutes to 5-15 minutes.Tailspin Toys HR app -Only authorized employees and business partners are allowed to view sensitive employee data. HR has requested a mobile experience for end users.Technical Requirements -Security -The security team has established the following requirements for role-separation and RBAC:β Log on hours defined in AD DS must be enforced for users that access cloud resources.β IT operations team members must be able to deploy and manage all resources in Azure, but must not be able to grant permissions to others.β Application development team members must be able to deploy and manage Azure Web Apps.β SQL database administrators must be able to deploy and manage SQL databases used by TailSpin Toys applications.β Application support analysts must be able to manage resources for the application(s) for which they are responsible.β Service desk analysts must be able to view service status and component settings.Role assignment should use the principle of least privilege.Tailspin Toys e-commerce site -The application is currently using a pair of hardware load balancers behind a single published endpoint to load balance traffic. Customer data is hosted in a SQLServer 2012 database. Customer user accounts are stored in an AD DS instance.The updated application and supporting infrastructure must:β Provide high availability in the event of failure in a single Azure SQL Database instance.β Allow secure web traffic on port 443 only.β Enable customers to authentication with Facebook, Microsoft Live ID or other social media identities.β Encrypt SQL data at-rest.β Encrypt data in motion between back-end SQL database instances and web application instances.β Prevent administrator and service accounts from viewing PII data.β Mask account and PII data presented to end user.β Minimize outage duration in event of an Azure datacenter failure.β The site should scale automatically to meet customer demand.β The site should continue to serve requests, even in the event of failure of an Azure datacenter.β Optimize site response time by auto-directing to the closest datacenter based on customer's geographic location.Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.Tailspin Toys Customer Analyzer appThe app uses several compute-intensive tasks that create long-running requests to the system, processing large amounts of data. The app runs on two large VMs that are scaled to max capacity in the corporate datacenter. The VMs cannot be scaled up or out to meet processing demands.The new solution must meet the following requirements:β Schedule processing of a large amount of pricing data on an hourly basis.β Provide parallel processing and scale-on-demand computing resources to provide additional capacity as required.β Processing times must meet the 5-15 minute processing requirement.β Use simultaneous compute nodes to enable high performance computing for analysis.β Minimal administrative efforts and custom development.Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.Tailspin Toys HR app -The solution architecture must meet the following requirements:β Integrate with Azure Active Directory (Azure AD).β Encrypt data at rest and in-transit.β Limit access based on location, filtered by IP addresses for corporate sites and authorized business partners.β Mask data presented to employees.β Must be available on mobile devices.Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.You need to meet the data requirements for the Tailspin Toys e-commerce website.What should you do recommend? To answer, drag the appropriate recommendations to the correct requirements. Each recommendation may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point.Select and Place:
Question 4 π₯
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You are designing a storage solution to support on-premises resources and Azure-hosted resources.You need to provide on-premises storage that has built-in replication to Azure.Solution: You include Azure Table storage in the design.Does this solution meet the goal?
Question 5 π₯
DRAG DROP -This is case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answer and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an AllInformation tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.Background -Security -The security team at Tailspin Toys plans to eliminate legacy authentication methods that are in use, including NTLM and Windows pass-through authentication.Tailspin Toys needs to share resources with several business partners. You are investigating options to securely share corporate data.Tailspin Toys has several databases that contain personally identifiable information (PII). User access PII only through the Tailspin Toys e-commerce website.You secure apps by using on-premises Active Directory Domain Services (AD DS) credentials or Microsoft SQL Server logins.Apps -The Tailspin Toys e-commerce site is hosted on multiple on-premises virtual machines (VMs). The VM runs either Internet Information Server (IIS) or SQL Server2012 depending on role. The site is published to the Internet by using a single endpoint that balances the load across web servers. The site does not encrypt traffic between database servers and web servers.The Tailspin Toys Customer Analyzer app analyzer e-commerce transactions to identify customer buying patterns, and outputs recommended product sale pricing. The app runs large processing jobs that run for 75-120 minutes several times each day. The application development team plans to replace the current solution with a parallel processing solution that scales based on computing demands.The Tailspin Toys Human Resources (HR) app is an in-house developed app that hosts sensitive employee data. The app uses SQL authentication for Role-Based Access Control (RBAC).Problem statement -The Tailspin Toys IT Leadership Team plans to address deficiencies in access control, data security, performance, and availability requirements. All applications must be updated to meet any new standards that are defined.The Tailspin Toys e-commerce site was recently targeted by a cyberattack. In the attack, account information was stolen from the customer database.Transactions that were in progress during the attack were not completed. Forensic investigation of the attack has revealed that the stolen customer data was captured in-transit from the database to a compromised web server.The HR team reports that unauthorized IT employees can view sensitive employee data by using service or application accounts.Business Requirements -Tailspin Toys e-commerce site -The business has requested that security and availability of the e-commerce site is improved to meet the following requirements.β Communication between site components must be secured to stop data breaches. If servers are breached, the data must not be readable.β The site must be highly available at each application tier, as well as the published endpoint.Customers must be able to authenticate to the e-commerce site with their existing social media accounts.Tailspin Toys Customer Analyzer appThe business requires that processing time be reduced from 75-120 minutes to 5-15 minutes.Tailspin Toys HR app -Only authorized employees and business partners are allowed to view sensitive employee data. HR has requested a mobile experience for end users.Technical Requirements -Security -The security team has established the following requirements for role-separation and RBAC:β Log on hours defined in AD DS must be enforced for users that access cloud resources.β IT operations team members must be able to deploy and manage all resources in Azure, but must not be able to grant permissions to others.β Application development team members must be able to deploy and manage Azure Web Apps.β SQL database administrators must be able to deploy and manage SQL databases used by TailSpin Toys applications.β Application support analysts must be able to manage resources for the application(s) for which they are responsible.β Service desk analysts must be able to view service status and component settings.β Role assignment should use the principle of least privilege.Tailspin Toys e-commerce site -The application is currently using a pair of hardware load balancers behind a single published endpoint to load balance traffic. Customer data is hosted in a SQLServer 2012 database. Customer user accounts are stored in an AD DS instance.The updated application and supporting infrastructure must:β Provide high availability in the event of failure in a single Azure SQL Database instance.β Allow secure web traffic on port 443 only.β Enable customers to authentication with Facebook, Microsoft Live ID or other social media identities.β Encrypt SQL data at-rest.β Encrypt data in motion between back-end SQL database instances and web application instances.β Prevent administrator and service accounts from viewing PII data.β Mask account and PII data presented to end user.β Minimize outage duration in event of an Azure datacenter failure.β The site should scale automatically to meet customer demand.β The site should continue to serve requests, even in the event of failure of an Azure datacenter.β Optimize site response time by auto-directing to the closest datacenter based on customer's geographic location.Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.Tailspin Toys Customer Analyzer appThe app uses several compute-intensive tasks that create long-running requests to the system, processing large amounts of data. The app runs on two large VMs that are scaled to max capacity in the corporate datacenter. The VMs cannot be scaled up or out to meet processing demands.The new solution must meet the following requirements:β Schedule processing of a large amount of pricing data on an hourly basis.β Provide parallel processing and scale-on-demand computing resources to provide additional capacity as required.β Processing times must meet the 5-15 minute processing requirement.β Use simultaneous compute nodes to enable high performance computing for analysis.β Minimal administrative efforts and custom development.Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.Tailspin Toys HR app -The solution architecture must meet the following requirements:β Integrate with Azure Active Directory (Azure AD).β Encrypt data at rest and in-transit.β Limit access based on location, filtered by IP addresses for corporate sites and authorized business partners.β Mask data presented to employees.β Must be available on mobile devices.Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.You need to recommend a directory service and identity provider for the Tailspin Toys HR app.What should you do recommend? To answer, drag the appropriate recommendations to the correct requirements. Each recommendation may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.Select and Place:
Question 6 π₯
This is case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answer and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an AllInformation tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.Background -Security -The security team at Tailspin Toys plans to eliminate legacy authentication methods that are in use, including NTLM and Windows pass-through authentication.Tailspin Toys needs to share resources with several business partners. You are investigating options to securely share corporate data.Tailspin Toys has several databases that contain personally identifiable information (PII). User access PII only through the Tailspin Toys e-commerce website.You secure apps by using on-premises Active Directory Domain Services (AD DS) credentials or Microsoft SQL Server logins.Apps -The Tailspin Toys e-commerce site is hosted on multiple on-premises virtual machines (VMs). The VM runs either Internet Information Server (IIS) or SQL Server2012 depending on role. The site is published to the Internet by using a single endpoint that balances the load across web servers. The site does not encrypt traffic between database servers and web servers.The Tailspin Toys Customer Analyzer app analyzer e-commerce transactions to identify customer buying patterns, and outputs recommended product sale pricing. The app runs large processing jobs that run for 75-120 minutes several times each day. The application development team plans to replace the current solution with a parallel processing solution that scales based on computing demands.The Tailspin Toys Human Resources (HR) app is an in-house developed app that hosts sensitive employee data. The app uses SQL authentication for Role-Based Access Control (RBAC).Problem statement -The Tailspin Toys IT Leadership Team plans to address deficiencies in access control, data security, performance, and availability requirements. All applications must be updated to meet any new standards that are defined.The Tailspin Toys e-commerce site was recently targeted by a cyberattack. In the attack, account information was stolen from the customer database.Transactions that were in progress during the attack were not completed. Forensic investigation of the attack has revealed that the stolen customer data was captured in-transit from the database to a compromised web server.The HR team reports that unauthorized IT employees can view sensitive employee data by using service or application accounts.Business Requirements -Tailspin Toys e-commerce site -The business has requested that security and availability of the e-commerce site is improved to meet the following requirements.Communication between site components must be secured to stop data breaches. If servers are breached, the data must not be readable.β The site must be highly available at each application tier, as well as the published endpoint.β Customers must be able to authenticate to the e-commerce site with their existing social media accounts.Tailspin Toys Customer Analyzer appThe business requires that processing time be reduced from 75-120 minutes to 5-15 minutes.Tailspin Toys HR app -Only authorized employees and business partners are allowed to view sensitive employee data. HR has requested a mobile experience for end users.Technical Requirements -Security -The security team has established the following requirements for role-separation and RBAC:β Log on hours defined in AD DS must be enforced for users that access cloud resources.β IT operations team members must be able to deploy and manage all resources in Azure, but must not be able to grant permissions to others.β Application development team members must be able to deploy and manage Azure Web Apps.β SQL database administrators must be able to deploy and manage SQL databases used by TailSpin Toys applications.β Application support analysts must be able to manage resources for the application(s) for which they are responsible.β Service desk analysts must be able to view service status and component settings.β Role assignment should use the principle of least privilege.Tailspin Toys e-commerce site -The application is currently using a pair of hardware load balancers behind a single published endpoint to load balance traffic. Customer data is hosted in a SQLServer 2012 database. Customer user accounts are stored in an AD DS instance.The updated application and supporting infrastructure must:β Provide high availability in the event of failure in a single Azure SQL Database instance.β Allow secure web traffic on port 443 only.β Enable customers to authentication with Facebook, Microsoft Live ID or other social media identities.β Encrypt SQL data at-rest.β Encrypt data in motion between back-end SQL database instances and web application instances.β Prevent administrator and service accounts from viewing PII data.β Mask account and PII data presented to end user.β Minimize outage duration in event of an Azure datacenter failure.β The site should scale automatically to meet customer demand.β The site should continue to serve requests, even in the event of failure of an Azure datacenter.β Optimize site response time by auto-directing to the closest datacenter based on customer's geographic location.Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.Tailspin Toys Customer Analyzer appThe app uses several compute-intensive tasks that create long-running requests to the system, processing large amounts of data. The app runs on two large VMs that are scaled to max capacity in the corporate datacenter. The VMs cannot be scaled up or out to meet processing demands.The new solution must meet the following requirements:β Schedule processing of a large amount of pricing data on an hourly basis.β Provide parallel processing and scale-on-demand computing resources to provide additional capacity as required.β Processing times must meet the 5-15 minute processing requirement.β Use simultaneous compute nodes to enable high performance computing for analysis.β Minimal administrative efforts and custom development.Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.Tailspin Toys HR app -The solution architecture must meet the following requirements:β Integrate with Azure Active Directory (Azure AD).β Encrypt data at rest and in-transit.β Limit access based on location, filtered by IP addresses for corporate sites and authorized business partners.β Mask data presented to employees.β Must be available on mobile devices.Operations must be able to deploy the solution using an Azure Resource Manager (ARM) template.Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You need to recommend a solution architecture for the Tailspin Toys e-commerce website for app tier, data tier, and user authentication.Solution:β Web site based on Azure App Serviceβ App data stored in Azure SQL Databaseβ Authentication provided through Azure AD business-to-consumer (B2C)β Solution deployed to multiple Azure regional datacentersβ Load balancing with Azure Traffic ManagerDoes the solution meet the goal?
