PrepAway - Latest Free Exam Questions & Answers

Which three steps should you perform in sequence?

DRAG DROP
You manage an application deployed to a cloud service that utilizes an Azure Storage account.
The cloud service currently uses the primary access key.
Security policy requires that all shared access keys are changed without causing application downtime.
Which three steps should you perform in sequence? To answer, move the appropriate
actions from the list of actions to the answer area and arrange them in the correct order.

PrepAway - Latest Free Exam Questions & Answers

Answer:

Explanation:

33 Comments on “Which three steps should you perform in sequence?

    2. an says:

      But as per policy the keys need to be regenerated, so if we do 4,2, 1 and if the secondary key has been compromised then there is no point of regenerating the Primary Key every month.
      Its as if you change the combination of your main door every month but keep your garage door unlocked.
      So I think above answer is correct. If we do 3,4,2 we are regenerating both keys monthly as required by security policy and in next month we can swap it with Primary key and use same logic.




      0



      0
  3. Aurimas says:

    Applications – If you have web applications or cloud services using the storage account, you will lose the connections if you regenerate keys, unless you roll your keys. Here is the process:

    Update the connection strings in your application code to reference the secondary access key of the storage account.

    Regenerate the primary access key for your storage account. In the Management Portal, from the dashboard or the Configure page, click Manage Keys. Click Regenerate under the primary access key, and then click Yes to confirm you want to generate a new key.

    Update the connection strings in your code to reference the new primary access key.

    Regenerate the secondary access key.




    0



    0
  6. Arie says:

    The supplied answer is correct. The requirement is that ALL shared access keys need to be changed. To minimize downtime, you would first regenerate the second shared access key and use that and then regenerate the first shared access key, so that both are changed.




    0



    0
  10. abovethelimit says:

    Answer provided here and Samji’s answer are both correct. It depends on how you want to proceed with it. MS recommends that we use the existing secondary key to update the connection strings first, then regenerate Primary key and update the connection strings. Then they recommend to generate the secondary key. This is what I have seen on technet and many forums as the “recommended” process. So I am going to go with Samji’s answer.




    0



    0
  11. Twix says:

    Samji’s answer and abovethelimit comment are great, but you have to keep in mind that you have to provide 3 steps, instead of 4!! So, if we want to regenerate ALL keys, answer is correct.




    0



    0
  12. Harish Suhanda says:

    Since the goal is to change the primary key
    1. Regenerate the primary access key.
    2. Update cloud service with secondary access key.
    3. Regenerate the secondary access key.




    0



    0
  13. Sandeep says:

    Ref: -http://blogs.msdn.com/b/mast/archive/2013/11/07/why-does-a-storage-account-have-two-access-keys.aspx

    1> Update cloud service configuration with the Secondary access key.
    2> Regenerate the primary access key
    3> Update cloud service configuration with the Primary access key.




    0



    0
    1. David says:

      I also think that the correct answer should be 4,2,1 (plus 3 as a 4th step),
      but since the questions only asks for 3 steps and NO downtime, I have to agree with Sandeep and that the given answer is correct.

      Any thoughts?




      0



      0
  16. Ultragc says:

    According to the requirement:

    “Security policy requires that all shared access keys are changed without causing application downtime.”

    This tells me that “both” keys needs to change. It appears 3,4,2 will accomplish this.




    0



    0
  17. challenge says:

    Original answer is correct

    Goal to regenerate ALL keys – you do this by updating the Cloud Service with the newly generated SECONDARY key – then you can regenerate the PRIMARY key.




    0



    0
    1. Ayub Hayra says:

      That is a nice way of making good use of your secondary key, but the question seems to be asking for both keys to be regenerated as the policy states “Security policy requires that ALL shared access keys are changed”




      0



      0
  19. MARQUIS BONNER says:

    New 70-533 Exam Questions and Answers Updated Recently (19/May/2016):

    NEW QUESTION 117
    Drag and Drop Question
    You are the server administrator for several on-premises systems. You need to back up all the systems to the cloud by using Azure Backup. In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
    IMAGE — examgod.com/plimages/ee0bc1d53d4f_13E8D/1171_thumb.jpg

    Answer:
    IMAGE — examgod.com/plimages/ee0bc1d53d4f_13E8D/1172_thumb.jpg
    Explanation:
    azure.microsoft.com/en-gb/documentation/articles/backup-configure-vault/

    NEW QUESTION 118
    For development purposes, you deploy several virtual machines in an Azure subscription. Developers report that the virtual machines fail to access each other. You export the virtual network configuration for the subscription as shown in the following output.
    IMAGE — examgod.com/plimages/ee0bc1d53d4f_13E8D/1181_thumb.jpg
    You need to modify the network configuration to resolve the connection issue. What should you modify?

    A. the IP address range of Subnet-1
    B. the IP address range of the gateway subnet.
    C. the IP address of the DNS server
    D. the site of the virtual network

    Answer: C

    NEW QUESTION 119
    You have an Azure subscription. You create an Azure Active Directory (Azure AD) tenant named Tenant1 that has a domain name of tenant1.onmicrosoft.com. You need to add the contoso.com domain name to Tenant1. Which DNS record should you add to the contoso.com zone to be able to verify from Azure whether you own the contoso.com domain?

    A. standard alias (CNAME)
    B. mail exchanger (MX)
    C. host (AAAA)
    D. signature (SIG)

    Answer: A

    NEW QUESTION 120
    You purchase an Azure subscription. You plan to deploy an application that requires four Azure virtual machines (VMs). All VMs use Azure Resource Management (ARM) mode. You need to minimize the time that it takes for VMs to communicate with each other. What should you do?

    A. Create a multi-site virtual network.
    B. Create a regional virtual network.
    C. Create a site-to-site virtual network.
    D. Add the VMs to the same affinity group.

    Answer: D

    NEW QUESTION 121
    You have an Azure subscription. In Azure, you create two virtual machines named VM1 and VM2. Both virtual machines are instances in a cloud service named Cloud1. You need to ensure that the virtual machines only replicate within the data center in which they were created. Which settings should you modify?

    A. virtual machine
    B. storage account
    C. cloud services
    D. Azure subscription

    Answer: B

    NEW QUESTION 122
    You are the global administrator for a company’s Azure subscription. The company uses Azure Active Directory Premium and the Application Access Panel. You are configuring access to a Software as a Service (SaaS) application. You need to ensure that the sales team lead is able to manage user access to the application but is unable to modify administrative access to the application. In the Azure portal, what should you do?

    A. Create an Azure group and assign it to the SaaS application.
    Create an Azure user with the User Admin role, and assign the user as the owner of the new group.
    B. Create an Azure group and assign it to the SaaS application.
    Create an Azure user with the Service Admin role, and assign the user as the owner of the new group.
    C. Set the values of the Delegated group management and Users can create groups settings to Enabled.
    D. Create an Azure group and assign it to the SaaS application.
    Create an Azure user with the Global Admin role, and assign the user as the owner of the new group.

    Answer: A

    NEW QUESTION 123
    Drag and Drop Question
    Fourth Coffee has an on-premises, multiple-forest Activity Directory (AD) domain. The company hosts web applications and mobile application services. Fourth Coffee uses Microsoft Office 365 and uses Azure Active Directory (Azure AD). You have the following requirements. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
    IMAGE — examgod.com/plimages/ee0bc1d53d4f_13E8D/1231_thumb.jpg

    Answer:
    IMAGE — examgod.com/plimages/ee0bc1d53d4f_13E8D/1232_thumb.jpg
    Explanation:
    azure.microsoft.com/en-gb/documentation/articles/active-directory-passwords-getting-started/#writeback-prerequisites
    azure.microsoft.com/en-gb/documentation/articles/active-directory-aadconnect-get-started-custom/

    NEW QUESTION 124
    A company has an Azure subscription with four virtual machines (VM) that are provisioned in an availability set. The VMs support an existing web service. The company expects additional demand for the web service. You add 10 new VMs to the environment. You need to configure the environment. How many Update Domains (UDs) and Fault Domains (FDs) should you create?

    A. 2 UDs and 5 FDs
    B. 5 UDs and 2 FDs
    C. 14 UDs and 2 FDs
    D. 14 UDs and 14 FDs

    Answer: B

    NEW QUESTION 125
    ……

    P.S. These New 70-533 Exam Questions Were Just Updated From The Real 70-533 Exam, You Can Get The Newest 70-533 Dumps In PDF And VCE From — http://bitly.com/70-533-dumps-vce-pdf (145q)

    Good Luck !!!




    0



    0
  21. Prady says:

    Read it again-
    “Security policy requires that all shared access keys are changed without causing application downtime”

    It can also be read as “Security policy requires that (all/any) shared access keys are changed *without causing application downtime*”

    The “all” word is causing the confusion. It is a security policy. The emphasis is that whenever anyone is changing any access key, it should not cause downtime.

    Point the app to the 2nd key; regen primary key; repoint to primary key.

    It doesn’t state that secondary key was compromised. Even if it was, since primary key was anyway compromised, we are working on a compromised key in either case. Once the app is repointed to the newly generated primary key (without disruption), feel free to regen the 2nd key 🙂




    0



    0
    1. recall says:

      “Point the app to the 2nd key; regen primary key; repoint to primary key.”
      That doesn’t regenerate the secondary key.

      The ONLY way to do this in 3 steps (from the list) is 3,4,2. That way there is no downtime and all keys are regenerated. Personally in real life I’d switch back to the primary key as a 4th step, but that’s not part of the answer 🙂




      0



      0
      1. Prady says:

        You are right. I got this mixed up with another question that states that the primary key is compromised, so list the steps to change the key without downtime. Now since this question simply asks to regenerate (all) keys without downtime, I fully agree.




        0



        0
  22. vikram says:

    There were questions related ,
    1) Options for Migrating Azure VMs from ASM (v1) to ARM (v2)
    2) How to set up the p2site VPN, how would you setup the root certificate on computers and Azure




    0



    0
    1. Prady says:

      Vikram- thanks for the posts. Can you please list more if you can recall? Also, some of the above can’t be understood. For instance, what was the question on Elastic DB, Classic to ARM migration etc. Can you please elaborate if you remember the question and the options?




      0



      0

Leave a Reply