Your company has an on-premises Active Directory Domain Services (AD DS) domain and an established Azure Active Directory (Azure AD) environment Your company would like users to be automatically signed in when they are on their corporate desktops that are connected to the corporate network.
You need to enable single sign-on (SSO) for company users.
Solution: Install and configure an Azure AD Connect server to use password hash synchronization and select the 'Enable single sign-on" option.
Does the solution meet the goal?

You need to secure the network traffic and isolate the Azure SQL Database network traffic.
Which configuration should you use? To answer, select the appropriate options in the answer area.

You are designing an Azure storage solution for a company.
The company has the following storage requirements:
* An app named App1 uses data analytics on stored data.
* App1 must store data on a hierarchical file system that uses Azure Active Directory (Azure AD) access control lists.
* An app named App2 must have access to object-based storage.
* The storage must support role-based access control and use shared access signature keys.
You need to design the storage solution.
Which storage solution should you use for each app? To answer, drag the appropriate storage solutions to the correct apps. Each storage solution may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

You manage a cloud service that utilizes an Azure Service Bus queue. You need to ensure that messages that are never consumed are retained. What should you do?

Your company has a hybrid solution for development and production. You have an Azure virtual network that includes the following subnets:

You synchronize an on-premises Active Directory farm by using Azure Active Directory Connect. Employees sign in to company facing Web Apps with their on-premises active directory passwords.
You need to allow traffic to RESTful services that require it.
Which Azure service should you implement?

A company has a public-facing website that is being monitored using Microsoft Operations Management Suite (OMS). The OMS service map solution is deployed.
Customers report that the website displays error messages and is very slow to load pages each day at 04:00.
The company plans to use the OMS Service Map solution to investigate the issues.
You need to recommend actions that the company should perform with OMS Service Map.
Which three actions should you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

You are designing an Azure application that will use a worker role. The worker role will create temporary files.
You need to minimize storage transaction charges.
Where should you create the files?

Your company hosts multiple website by using Azure virtual machine scale sets (VMSS) that run Internet Information Server (11S).
All network communications must be secured by using to end secure Socket Layer (SSL) encryption. User session must be routed to the server by using cookie-based session affinity.
The image shown depicts the network traffic flow for the web sites to the VMSS.

Use the drop-down menus to select the answer choice that answer each question NOTE: Each correct selection is worth one point.

Your company uses Office 365 for all employees. The company plans to create a website where customers can view and register technical support cases.
The solution must meet the following requirements:
* Provision customer identities by using social media accounts.
* Users must be able to access the website by using social media accounts including Facebook.
* Employees of the customer service department must be able to access the site to read the cases and resolve them.
You need to design an identity solution for the company.
Which two actions should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other question on this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next sections of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question on this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Background
Overview
Woodgrove Bank has 20 regional offices and operates 1,500 branch office locations. Each regional office hosts the servers, infrastructure, and applications that support that region.
Woodgrove Bank plans to move all of their on-premises resources to Azure, including virtual machine (VM)-based, line-of-business workloads, and SQL databases. You are the owner of the Azure subscription that Woodgrove Bank is using. Your team is using Git repositories hosted on GitHub for source control.
Security
Currently, Woodgrove Bank's Computer Security Incident Response Team (CSIRT) has a problem investigating security issues due to the lack of security intelligence integrated with their current incident response tools. This lack of integration introduces a problem during the detection (too many false positives), assessment, and diagnose stages. You decide to use Azure Security Center to help address this problem.
Woodgrove Bank has several apps with regulates data such as Personally Identifiable Information (PII) that require a higher level of security. All apps are currently secured by using an on-premises Active Directory Domain Services (ADDS). The company depends on following mission-critical apps: WGBLoanMaster, WGBLeaseLeader, and WGBCreditCruncher apps. You plan to move each of these apps to Azure as part of an app migration project.
Apps
The WGBLoanMaster app has been audited for transaction loss. Many transactions have been lost is processing and monetary write-offs have cost the bank. The app runs on two VMs that include several public endpoints.
The WGBLeaseLeader app has been audited for several data breaches. The app includes a SQL Server database and a web-based portal. The portal uses an ASP.NET Web API function to generate a monthly aggregate report from the database.
The WGBCreditCruncher app runs on a VM and is load balanced at the network level. The app includes several stateless components and must accommodate scaling of increased credit processing. The app runs on a nightly basis to process credit transactions that are batched during the day. The app includes a web-based portal where customers can check their credit information. A mobile version of the app allows users to upload check images.
Business Requirements
WGBLoanMaster app
The app audit revealed a need for zero transaction loss. The business is losing money due to the app losing and not processing loan information. In addition, transactions fail to process after running for a long time. The business has requested the aggregation processing to be scheduled for 01:00 to prevent system slowdown.
WGBLeaseLeader app
The app should be secured to stop data breaches. If the data is breached, it must not be readable. The app is continuing to see increased volume and the business does not want the issues presented in the WGBLoanMaster app. Transaction loss is unacceptable, and although the lease monetary amounts are smaller than loans, they are still an important profit center for Woodgrove Bank. The business would also like the monthly report to be automatically generated on the first of the month. Currently, a user must log in to the portal and click a button to generate the report.
WGBCreditCruncher app
The web-based portal area of the app must allow users to sign in with their Facebook credentials. The bank would like to allow this feature to enable more users to check their credit within the app.
Woodgrove Bank needs to develop a new financial risk modeling feature that they can include in the WGBCreditCruncher app. The financial risk modeling feature has not been developed due to costs associated with processing, transforming, and analyzing the large volumes of data that are collected. You need to find a way to implement parallel processing to ensure that the features run efficiently, reliably, and quickly. The feature must scale based on computing demand to process the large volumes of data and output several financial risk models.
Technical Requirements
WGBLoanMaster app
The app uses several compute-intensive tasks that create long-running requests to the system. The app is critical to the business and must be scalable to increased loan processing demands. The VMs that run the app include a Windows Task Scheduler task that aggregates loan information from the app to send to a third party.
This task runs a console app on the VM.
The app requires a messaging system to handle transaction processing. The messaging system must meet the following requirements:
* Allow messages to reside in the queue for up to a month.
* Be able to publish and consume batches of messages.
* Allow full integration with the Windows Communication Foundation (WCF) communication stack.
* Provide a role-based access model to the queues, including different permissions for senders and receivers.
You develop an Azure Resource Manager (ARM) template to deploy the VMs used to support the app. The template must be deployed to a new resource group and you must validate your deployment settings before creating actual resources.
WGBLeaseLeader app
The app must use Azure SQL Databases as a replacement to the current Microsoft SQL Server environment.
The monthly report must be automatically generated.
The app requires a messaging system to handle transaction processing. The messaging system must meet the following requirements:
* Require server-side logs of all of the transactions run against your queues.
* Track progress of a message within the queue.
* Process the messages within 7 days.
* Provide a differing timeout value per message.
WGBCreditCruncher app
The app must:
* Secure inbound and outbound traffic.
* Analyze inbound network traffic for vulnerabilities.
* Use an instance-level public IP and allow web traffic on port 443 only.
* Upgrade the portal to a Single Page Application (SPA) that uses JavaScript, Azure Active Directory (Azure AD), and the OAuth 2.0 implicit authorization grant to secure the Web API back end.
* Cache authentication and host the Web API back end using the Open Web Interface for .NET (OWIN) middleware.
* Immediately compress check images received from the mobile web app.
* Schedule processing of the batched credit transactions on a nightly basis.
* Provide parallel processing and scalable computing resources to output financial risk models.
* Use simultaneous computer nodes to enable high performance computing and updating of the financial risk models.
Key security area

You need to secure the Woodgrove Bank apps.
Which prevention policy must you enable for each app? To answer, drag the appropriate policy to the correct app. Each policy may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Your company deploys several Linux and Windows virtual machines (VMs) to Azure. The VMs are deployed with the Microsoft Dependency Agent and the Operations Management Suite (OMS) Agent installed by using Azure VM extensions. On-premises connectivity has been enabled by using Azure ExpressRoute.
You need to design a solution to monitor the VMs.
Which Azure monitoring services should you use? To answer, select the appropriate Azure monitoring services in the answer area NOTE Each correct selection is worth one point.

Marketing is ready to start their web application validations and is excited to be expanding globally.
You need to support the global web application requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.