Case study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview -
Contoso, Ltd. is a manufacturing company that has offices worldwide. Contoso works with partner organizations to bring products to market.
Contoso products are manufactured by using blueprint files that the company authors and maintains.
Existing Environment -
Currently, Contoso uses multiple types of servers for business operations, including the following:
File servers
Domain controllers
Microsoft SQL Server servers
Your network contains an Active Directory forest named contoso.com. All servers and client computers are joined to Active Directory.
You have a public-facing application named App1. App1 is comprised of the following three tiers:
A SQL database
A web front end
A processing middle tier
Each tier is comprised of five virtual machines. Users access the web front end by using HTTPS only.
Requirements -
Planned Changes -
Contoso plans to implement the following changes to the infrastructure:
Move all the tiers of App1 to Azure.
Move the existing product blueprint files to Azure Blob storage.
Create a hybrid directory to support an upcoming Microsoft Office 365 migration project.
Technical Requirements -
Contoso must meet the following technical requirements:
Move all the virtual machines for App1 to Azure.
Minimize the number of open ports between the App1 tiers.
Ensure that all the virtual machines for App1 are protected by backups.
Copy the blueprint files to Azure over the Internet.
Ensure that the blueprint files are stored in the archive storage tier.
Ensure that partner access to the blueprint files is secured and temporary.
Prevent user passwords or hashes of passwords from being stored in Azure.
Use unmanaged standard storage for the hard disks of the virtual machines.
Ensure that when users join devices to Azure Active Directory (Azure AD), the users use a mobile phone to verify their identity.
Minimize administrative effort whenever possible.
User Requirements -
Contoso identifies the following requirements for users:
Ensure that only users who are part of a group named Pilot can join devices to Azure AD.
Designate a new user named Admin1 as the service admin for the Azure subscription.
Admin1 must receive email alerts regarding service outages.
Ensure that a new user named User3 can create network objects for the Azure subscription.
You need to move the blueprint files to Azure.
What should you do?
Introductory Info
Question
Click on the arrows to vote for the correct answer
A. B. C. D.D
Scenario: Copy the blueprint files to Azure over the Internet.
To mount an Azure file share, you will need the primary (or secondary) storage key. SAS keys are not currently supported for mounting.
Incorrect Answers:
A: Azure Import/Export service is used to securely import large amounts of data to Azure Blob storage and Azure Files by shipping disk drives to an Azure datacenter.
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windowsTo move the existing product blueprint files to Azure Blob storage, there are several options available. However, the best approach depends on several factors such as the size and number of files, available bandwidth, security requirements, and administrative overhead.
Option A: Use the Azure Import/Export service The Azure Import/Export service allows you to transfer large amounts of data to and from Azure Blob storage by shipping physical hard drives. This option is suitable if you have a large amount of data that cannot be uploaded over the internet due to limited bandwidth or high latency. You can use the Azure Import/Export tool to create an import job that includes a list of files and folders to be transferred, specify the target container in Azure Blob storage, and create an encrypted hard drive to ship to Microsoft. Once the drive is received and processed, the data will be copied to the specified container. This option may incur additional charges for shipping, data transfer, and storage.
Option B: Use Azure Storage Explorer to copy the files Azure Storage Explorer is a free, standalone tool that enables you to manage Azure storage resources, including Blob storage, from a Windows, macOS, or Linux computer. You can use Azure Storage Explorer to create a connection to your Azure subscription, navigate to the source files on your local computer, and drag and drop them to the target container in Azure Blob storage. This option is suitable if you have a moderate amount of data that can be uploaded over the internet, and you want to use a graphical interface instead of command-line tools.
Option C: Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer. A shared access signature (SAS) is a URI that grants restricted access to a resource in Azure Blob storage, such as a container or a blob. You can create a SAS token that includes the required permissions, such as read or write access, and an expiration time. You can then use the SAS token to map a network drive to the target container in Azure Blob storage, which appears as a local drive in File Explorer. Once the drive is mapped, you can copy or move the files between the local and remote drives. This option is suitable if you want to use a familiar interface, such as File Explorer, and want to restrict access to the target container to a specific period and set of permissions. However, this option requires you to generate a SAS token, which may require additional administrative effort.
Option D: Generate an access key. Map a drive, and then copy the files by using File Explorer. An access key is a long, randomly generated string that provides full access to a storage account in Azure Blob storage. You can create an access key for the target container in Azure Blob storage and use it to map a network drive to the container, which appears as a local drive in File Explorer. Once the drive is mapped, you can copy or move the files between the local and remote drives. This option is suitable if you want to use a familiar interface, such as File Explorer, and have full control over the target container. However, this option requires you to store the access key securely and may expose the container to unauthorized access if the key is compromised.
Based on the technical requirements, options A, B, and C are all viable options. However, option C is the most secure option as it provides temporary and restricted access to the target container using a SAS token, which can be revoked after the data transfer is complete. Option D is not recommended as it exposes the container to potential security breaches by using a permanent and powerful access key. Therefore, the best answer is Option C: Generate a shared access signature (SAS). Map a drive, and then copy the files by using File Explorer.