Microsoft AZ-220 Certification Exam Practice Questions- Part 2

Posted on By DesiBanjara No Comments on Microsoft AZ-220 Certification Exam Practice Questions- Part 2

Microsoft AZ-220 Certification: Microsoft Azure IoT Developer Certification Exam Practice Questions and Answers

Question #7

You have an existing Azure IoT hub.
You need to connect physical IoT devices to the IoT hub.
You are connecting the devices through a firewall that allows only port 443 and port 80.
Which three communication protocols can you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • MQTT over WebSocket
  • AMQP
  • AMQP over WebSocket
  • MQTT
  • HTTPS

Correct Answer: ACE
MQTT over WebSockets, AMQP over WebSocket, and HTTPS use port 443.
Reference:
https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-protocols


Question #8

You have an Azure IoT solution that includes an Azure IoT hub and 100 Azure IoT Edge devices.
You plan to deploy the IoT Edge devices to external networks. The firewalls of the external networks only allow traffic on port 80 and port 443.
You need to ensure that the devices can connect to the IoT hub. The solution must minimize costs.
What should you do?

  • Configure the devices for extended offline operations.
  • Configure the upstream protocol of the devices to use MQTT over WebSocket.
  • Connect the external networks to the IoT solution by using ExpressRoute.
  • Configure the devices to use an HTTPS proxy.

Correct Answer: B
MQTT over WebSockets uses port 443.
Reference:
https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-protocols


Question #9

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this question, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have devices that connect to an Azure IoT hub. Each device has a fixed GPS location that includes latitude and longitude.
You discover that a device entry in the identity registry of the IoT hub is missing the GPS location.
You need to configure the GPS location for the device entry. The solution must prevent the changes from being propagated to the physical device.
Solution: You use an Azure policy to apply tags to a resource group.
Does the solution meet the goal?

  • Yes
  • No

Correct Answer: B
Instead You add tags to the device twin
Reference:
https://azure.microsoft.com/sv-se/blog/deep-dive-into-azure-iot-hub-notifications-and-device-twin/


Question #10

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this question, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have devices that connect to an Azure IoT hub. Each device has a fixed GPS location that includes latitude and longitude.
You discover that a device entry in the identity registry of the IoT hub is missing the GPS location.
You need to configure the GPS location for the device entry. The solution must prevent the changes from being propagated to the physical device.
Solution: You add tags to the device twin.
Does the solution meet the goal?

  • Yes
  • No

Correct Answer: Yes

Reference:
https://azure.microsoft.com/sv-se/blog/deep-dive-into-azure-iot-hub-notifications-and-device-twin/


Question #11

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this question, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have devices that connect to an Azure IoT hub. Each device has a fixed GPS location that includes latitude and longitude.
You discover that a device entry in the identity registry of the IoT hub is missing the GPS location.
You need to configure the GPS location for the device entry. The solution must prevent the changes from being propagated to the physical device.
Solution: You add the desired properties to the device twin.
Does the solution meet the goal?

  • Yes
  • No

Correct Answer: B

Instead add tags to the device twin

Reference:
https://azure.microsoft.com/sv-se/blog/deep-dive-into-azure-iot-hub-notifications-and-device-twin/


Question #12

You have three Azure IoT hubs named Hub1, Hub2, and Hub3, a Device Provisioning Service instance, and an IoT device named Device1.
Each IoT hub is deployed to a separate Azure region.
Device enrollment uses the Lowest latency allocation policy.
The Device Provisioning Service uses the Lowest latency allocation policy.
Device1 is auto-provisioned to Hub1 by using the Device Provisioning Service.
Device1 regularly moves between regions.
You need to ensure that Device1 always connects to the IoT hub that has the lowest latency.
What should you do?

  • Configure device attestation that uses X.509 certificates.
  • Implement device certificate rolling.
  • Disenroll and reenroll Device1.
  • Configure the re-provisioning policy.

Correct Answer: D
Automated re-provisioning support.
Microsoft added first-class support for device re-provisioning which allows devices to be reassigned to a different IoT solution sometime after the initial solution assignment. Re-provisioning support is available in two options:
✑ Factory reset, in which the device twin data for the new IoT hub is populated from the enrolment list instead of the old IoT hub. This is common for factory reset scenarios as well as leased device scenarios.
✑ Migration, in which device twin data is moved from the old IoT hub to the new IoT hub. This is common for scenarios in which a device is moving between geographies.
Reference:
https://azure.microsoft.com/en-us/blog/new-year-newly-available-iot-hub-device-provisioning-service-features/



Question #13

You have an Azure subscription that contains a resource group named RG1.
You need to deploy the Device Provisioning Service. The solution must ensure that the Device Provisioning Service can accept new device enrollments.
You create a Device Provisioning Service instance.
Which two actions should you perform next? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • From the Linked IoT hubs blade of the Device Provisioning Service, link an Azure IoT hub.
  • From the Azure portal, create a new Azure IoT hub.
  • From the Manage allocation policy blade of the Device Provisioning Service, configure an allocation policy.
  • From the Certificates blade of the Device Provisioning Service, upload an X.509 certificate to the Device Provisioning Service.

Correct Answer: A, C
A: The Device Provisioning Service can only provision devices to IoT hubs that have been linked to it.
C: Allocation policy. The service-level setting that determines how Device Provisioning Service assigns devices to an IoT hub. There are three supported allocation policies:
✑ Lowest latency: devices are provisioned to an IoT hub with the lowest latency to the device.
✑ Evenly weighted distribution
✑ Static configuration via the enrollment list
Reference:
https://docs.microsoft.com/bs-latn-ba/azure/iot-dps/concepts-service


Question #14

You have 10,000 IoT devices that connect to an Azure IoT hub. The devices do not support over-the-air (OTA) updates.
You need to decommission 1,000 devices. The solution must prevent connections and autoenrollment for the decommissioned devices.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • Update the connectionState device twin property on all the devices.
  • Blacklist the X.509 root certification authority (CA) certificate for the enrollment group.
  • Delete the enrollment entry for the devices.
  • Remove the identity certificate from the hardware security module (HSM) of the devices.
  • Delete the device identity from the device registry of the IoT hub.

Correct Answer: BC
B: X.509 certificates are typically arranged in a certificate chain of trust. If a certificate at any stage in a chain becomes compromised, trust is broken. The certificate must be blacklisted to prevent Device Provisioning Service from provisioning devices downstream in any chain that contains that certificate.
C: Individual enrollments apply to a single device and can use either X.509 certificates or SAS tokens (in a real or virtual TPM) as the attestation mechanism.
(Devices that use SAS tokens as their attestation mechanism can be provisioned only through an individual enrollment.) To blacklist a device that has an individual enrollment, you can either disable or delete its enrollment entry.
To blacklist a device that has an individual enrollment, you can either disable or delete its enrollment entry.
Reference:
https://docs.microsoft.com/en-us/azure/iot-dps/how-to-revoke-device-access-portal


Previous-> Microsoft AZ-220 Certification Exam Practice Questions – Part 1

Next->Microsoft AZ-220 Certification Exam Practice Questions – Part 3

More Exam Questions:

Sample Exam Questions 6: AZ-300: Microsoft Azure Architect Technologies

Sample Exam Questions 5: AZ-300: Microsoft Azure Architect Technologies


Microsoft Exam AZ-220 Tags:, , , , , ,

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.