DRAG DROP
Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like
to complete each case. However, there may be additional case studies and sections on this exam. You must
manage your time to ensure that you are able to complete all questions included on this exam in the time
provided.
To answer the questions included in a case study, you will need to reference information that is provided in the
case study. Case studies might contain exhibits and other resources that provide more information about the
scenario that is described in the case study. Each question is independent of the other question on this case
study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to
make changes before you move to the next sections of the exam. After you begin a new section, you cannot
return to this section.
To start the case study
To display the first question on this case study, click the Next button. Use the buttons in the left pane to explore
the content of the case study before you answer the questions. Clicking these buttons displays information such
as business requirements, existing environment, and problem statements. If the case study has an All
Information tab, note that the information displayed is identical to the information displayed on the subsequent
tabs. When you are ready to answer a question, click the Question button to return to the question.Background
Overview
Woodgrove Bank has 20 regional offices and operates 1,500 branch office locations. Each regional office hosts
the servers, infrastructure, and applications that support that region.
Woodgrove Bank plans to move all of their on-premises resources to Azure, including virtual machine (VM)-
based, line-of-business workloads, and SQL databases. You are the owner of the Azure subscription that
Woodgrove Bank is using. Your team is using Git repositories hosted on GitHub for source control.
Security
Currently, Woodgrove Bank’s Computer Security Incident Response Team (CSIRT) has a problem
investigating security issues due to the lack of security intelligence integrated with their current incident
response tools. This lack of integration introduces a problem during the detection (too many false positives),
assessment, and diagnose stages. You decide to use Azure Security Center to help address this problem.
Woodgrove Bank has several apps with regulated data such as Personally Identifiable Information (PII) that
require a higher level of security. All apps are currently secured by using an on-premises Active Directory
Domain Services (ADDS). The company depends on the following mission-critical apps: WGBLoanMaster,
WGBLeaseLeader, and WGBCreditCruncher apps. You plan to move each of these apps to Azure as part of an
app migration project.
Apps
The WGBLoanMaster app has been audited for transaction loss. Many transactions have been lost in
processing and monetary write-offs have cost the bank. The app runs on two VMs that include several public
endpoints.
The WGBLeaseLeader app has been audited for several data breaches. The app includes a SQL Server
database and a web-based portal. The portal uses an ASP.NET Web API function to generate a monthly
aggregate report from the database.
The WGBCreditCruncher app runs on a VM and is load balanced at the network level. The app includes
several stateless components and must accommodate scaling of increased credit processing. The app runs on
a nightly basis to process credit transactions that are batched during the day. The app includes a web-based
portal where customers can check their credit information. A mobile version of the app allows users to upload
check images.
Business Requirements
WGBLoanMaster app
The app audit revealed a need for zero transaction loss. The business is losing money due to the app losing
and not processing loan information. In addition, transactions fail to process after running for a long time. The
business has requested the aggregation processing to be scheduled for 01:00 to prevent system slowdown.
WGBLeaseLeader app
The app should be secured to stop data breaches. If the data is breached, it must not be readable. The app is
continuing to see increased volume and the business does not want the issues presented in the
WGBLoanMaster app. Transaction loss is unacceptable, and although the lease monetary amounts are smaller
than loans, they are still an important profit center for Woodgrove Bank. The business would also like the
monthly report to be automatically generated on the first of the month. Currently, a user must log in to the portal
and click a button to generate the report.
WGBCreditCruncher appThe web-based portal area of the app must allow users to sign in with their Facebook credentials. The bank
would like to allow this feature to enable more users to check their credit within the app.
Woodgrove Bank needs to develop a new financial risk modeling feature that they can include in the
WGBCreditCruncher app. The financial risk modeling feature has not been developed due to costs associated
with processing, transforming, and analyzing the large volumes of data that are collected. You need to find a
way to implement parallel processing to ensure that the features run efficiently, reliably, and quickly. The
feature must scale based on computing demand to process the large volumes of data and output several
financial risk models.
Technical Requirements
WGBLoanMaster app
The app uses several compute-intensive tasks that create long-running requests to the system. The app is
critical to the business and must be scalable to increased loan processing demands. The VMs that run the app
include a Windows Task Scheduler task that aggregates loan information from the app to send to a third party.
This task runs a console app on the VM.
The app requires a messaging system to handle transaction processing. The messaging system must meet the
following requirements:
Allow messages to reside in the queue for up to a month.
Be able to publish and consume batches of messages.
Allow full integration with the Windows Communication Foundation (WCF) communication stack.
Provide a role-based access model to the queues, including different permissions for senders and
receivers.
You develop an Azure Resource Manager (ARM) template to deploy the VMs used to support the app. The
template must be deployed to a new resource group and you must validate your deployment settings before
creating actual resources.
WGBLeaseLeader app
The app must use Azure SQL Databases as a replacement to the current Microsoft SQL Server environment.
The monthly report must be automatically generated.
The app requires a messaging system to handle transaction processing. The messaging system must meet the
following requirements:
Require server-side logs of all of the transactions run against your queues.
Track progress of a message within the queue.
Process the messages within 7 days.
Provide a differing timeout value per message.
WGBCreditCruncher app
The app must:
Secure inbound and outbound traffic.
Analyze inbound network traffic for vulnerabilities.
Use an instance-level public IP and allow web traffic on port 443 only.
Upgrade the portal to a Single Page Application (SPA) that uses JavaScript, Azure Active Directory (Azure
AD), and the OAuth 2.0 implicit authorization grant to secure the Web API back end.
Cache authentication and host the Web API back end using the Open Web Interface for .NET (OWIN)
middleware.
Immediately compress check images received from the mobile web app.
Schedule processing of the batched credit transactions on a nightly basis.
Provide parallel processing and scalable computing resources to output financial risk models.
Use simultaneous computer nodes to enable high performance computing and updating of the financial risk
models.
Key security area
You need to configure Azure Security Center to assist the CSIRT team.
Which services should you implement? To answer, drag the appropriate Azure Security Center services to the
correct key security area. Each service may be used once, more than once, or not at all. You may need to drag
the split bar between panes or scroll to view content.
Select and Place:
The answer is wrong, here is the correct order:
https://docs.microsoft.com/en-us/azure/security-center/security-center-planning-and-operations-guide
area 1 – Uses RBAC – Security Roles and Access Controls
area 2 – Uses Microsoft Monitoring Agent – Data Collection and Storage
area 3 – Customizes your company’s security requirements and the type of apps of sensitivity of the data – Security Policies and Recommendations
area 4 – Allows you to detect, assess, and diagnose attacks – Incident Response
area 5 – Prevents and detects future security changes – Ongoing Security Monitoring
agree
I agree with spguru
I agree too.