You manage an Azure web app in standard service tier at the following address: contoso.azurewebsites.net
Your company has a new domain for the site named www.contoso.com that must be accessible by secure
socket layer(SSL) encryption.
You need to add a custom domain to the Azure web app and assign an SSL certificate.
Which three actions should you perform? Each correct answer presents part of the solution.
A.
Add SSL binding for the www.contosco.com domain with the IP-based SSL option selected.
B.
Create a CNAME record from www.contoso.com to contoso.azurewebsites.net.
C.
Create a new file that will redirect the site to the new URL and upload it to the Azure Web site.
D.
Add SSL binding for the www.contoso.com domain with the server Name indication (SNL)SSL option
selected.
E.
Add www.contoso.com to the list of domain names as a custom domain.
Explanation:
Step 1: When adding a CNAME record, you must set the Host Name field to the sub-domain you wish to use.
For example, www. You must set the Address field to the .azurewebsites.netdomain name of your Azure
Website. For example, contoso.azurwebsites.net.
* Step 2: Modify the service definition and configuration files
Your application must be configured to use the certificate, and an HTTPS endpoint must be added. As a result,
the service definition and service configuration files need to be updated.
* Step 3:
IP based SSL associates a certificate with a domain name by mapping the dedicated public IP address of the
server to the domain name. This requires each domain name (contoso.com,
fabricam.com, etc.) associated with your service to have a dedicated IP address. This is the traditional method
of associating SSL certificates with a web server.
https://docs.microsoft.com/en-us/azure/app-service-web/app-service-web-tutorial-custom-ssl
SNI-based SSL – Multiple SNI-based SSL bindings may be added. This option allows multiple SSL certificates to secure multiple domains on the same IP address. Most modern browsers (including Internet Explorer, Chrome, Firefox, and Opera) support SNI (find more comprehensive browser support information at Server Name Indication).
IP-based SSL – Only one IP-based SSL binding may be added. This option allows only one SSL certificate to secure a dedicated public IP address. To secure multiple domains, you must secure them all using the same SSL certificate. This is the traditional option for SSL binding.
It’s B+D+E right?
I agree Mickey. There’s a simular question where you have to specify the correct order aswell. After a lot of discussion in the comments the community votes on:
B. Create a CNAME record from http://www.contoso.com to contoso.azurewebsites.net.
E. Add http://www.contoso.com to the list of domain names as a custom domain.
D. Add SSL binding for the http://www.contoso.com domain with the server Name indication (SNL)SSL option selected.
Yes im all over B+D+E
done it 100s of time in work
I would go with A+B+E
Me too, there is no reason to use SNI for a single domain.
Free and shared service plans do not support SSL at all.
Basic and greater support two custom SSL options, SNI-based (Server Name Indication) and IP-based (requires dedicated IP address).
If you bind an IP-based cert the App will be assigned a static IP address for SSL termination (I assume Azure does this at the load balancer). If you add a second SSL domain you will get charged for the extra IP with IP-based, for SNI additional domains are free. SNI is not supported by older browers/OSs however.
Update CNAME and add custom domain.
https://docs.microsoft.com/en-us/Azure/app-service/app-service-web-tutorial-custom-domain
Bind IP-based SSL cert.
https://docs.microsoft.com/en-gb/azure/app-service/app-service-web-tutorial-custom-ssl
A+B+E
New 70-533 Exam Questions and Answers Updated Recently (17/Nov/2017):
NEW QUESTION 221
You are an administrator of the Azure subscription for your company. You are updating an Azure Resource Manager (ARM) template. You need to ensure that the JSON file uses the latest version available. Which template element should you modify?
A. parameters
B. resources
C. $schema
D. variables
Answer: A
NEW QUESTION 222
A company uses Azure to host virtual machines (VMs) and web apps. A line of business (LOB) application that runs on a VM uses encrypted storage. You need to ensure that the VMs support the LOB application. What should you do?
A. Run the Set-AzureRmVMDiskEncryptionExtension Azure PowerShell cmdlet.
B. Use a Premium Storage disk for the VM.
C. Run the Add-AzureRmVmssSecret Azure PowerShell cmdlet.
D. Scan the environment from the Azure Security Manager.
Answer: A
NEW QUESTION 223
A company has an existing on-premises Active Directory environment that is synchronized using DirSync. They plan to transition the DirSync deployment to Azure Active Directory (Azure AD) Connect. You need to identify a transition path for the company. What should you do?
A. Install a new on-premises domain controller.
B. Create a new Azure AD instance.
C. Upgrade the on-premises Active Directory Domain Service (AD DS) forest functional level to Windows Server 2016.
D. Deploy Azure AD Connect in parallel.
Answer: D
NEW QUESTION 224
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage an Azure SQL Database. The database has weekly backups that are stored in an Azure Recovery Services vault. You need to maximize the time that previous backup versions are stored.
Solution: You configure a retention policy that is set to 20 years.
Does the solution meet the goal?
A. Yes
B. No
Answer: B
Explanation:
Store Azure SQL Database backups for up to 10 years. Many applications have regulatory, compliance, or other business purposes that require you to retain database backups beyond the 7-35 days provided by Azure SQL Database automatic backups. By using the long-term backup retention feature, you can store your SQL database backups in an Azure Recovery Services vault for up to 10 years.
NEW QUESTION 225
A company deploys Microsoft SQL Server on an Azure Standard_DS3 virtual machine (VM). You need to modify the disk caching policy. Which Azure PowerShell cmdlet should you run?
A. Set-AzureRmVmOperatingSystem
B. Set-AzureRmVmDataDisk
C. Update-Disk
D. Update-AzureDisk
Answer: B
Explanation:
The Set-AzureRmVMDataDisk cmdlet modifies properties of a virtual machine data disk.
Incorrect:
Not A: The Set-AzureRmVMOperatingSystem cmdlet sets operating system properties for a virtual machine. You can specify logon credentials, computer name, and operating system type.
Not C: The Update-Disk cmdlet updates cached information about the specified Disk object only.
Not D: The Update-AzureDisk cmdlet changes the label that is associated with a disk in the disk repository of the current Azure subscription.
NEW QUESTION 226
You create an Azure Recovery Services vault and download the backup agent installation file. You need to complete the installation of the backup agent. What should you do first?
A. Configure network throttling.
B. Set the storage replication option.
C. Download the vault credentials file.
D. Select the data to back up.
Answer: C
Explanation:
After you have created the vault, prepare your infrastructure to back up files and folders by downloading and installing the Microsoft Azure Recovery Services agent, downloading vault credentials, and then using those credentials to register the agent with the vault. You can install the agent after you have downloaded the vault credentials.
Note:
On the Prepare infrastructure blade, click Download.
NEW QUESTION 227
You plan to use Azure Monitor with AutoScale Services. You create a URI to be used with the monitoring service. You need to configure an alert that specifies the URI. Which Azure Command-Line Interface (CLI) command or Azure PowerShell cmdlet should you run?
A. New-AzureRmAlertRuleEmail
B. Azure insights logprofile add
C. New-AzureRmAlertRuleWebhook
D. New-AzureRmAutoscaleRule
Answer: C
Explanation:
The New-AzureRmAlertRuleWebhook cmdlet creates an alert rule webhook.
Incorrect:
Not A: The New-AzureRmAlertRuleEmail cmdlet creates an e-mail action for an alert rule.
Not B: The azure insights logprofile add command adds a log profile.
Not D: The New-AzureRmAutoscaleRule cmdlet creates an Autoscale rule.
NEW QUESTION 228
A company uses Azure to host virtual machines (VMs) and web apps. You need to ensure that you can configure a schedule to scale app services. How should you configure the app service?
A. Set the scale by metric setting to Queue.
B. Set the scale up by instances setting to 5.
C. Set the scale down by instances setting to 5.
D. Ensure that linked resources are also scaled.
E. Set the scale by metric setting to None.
Answer: A
Explanation:
The Automatic scale – Queue mode automatically scales if the number of messages in a queue goes above or below a specified threshold. Role instances are created or deleted when this happens.
Incorrect:
Not B, Not C: To set the scale up/scale down by instances setting you must first set the scale by metric setting to CPU.
Not D: Scale linked resources. Often when you scale a role, it’s beneficial to scale the database that the application is using also. If you link the database to the cloud service, you can access the scaling settings for that resource.
NEW QUESTION 229
You are the Azure administrator for your company. The company has developed a mobile application used to support sales people in the field. The application uses Azure Active Directory (Azure AD) accounts for authentication. The application sends and receives HTTP requests on publicly accessible endpoints. You need to provide the ability to authenticate the application using Azure. Which tool should you use?
A. OAuth 2.0 authorization code grant
B. Azure AD Connect
C. Azure Portal
D. Azure AD Graph API
Answer: A
Explanation:
Azure Active Directory (Azure AD) uses OAuth 2.0 to enable you to authorize access to web applications and web APIs in your Azure AD tenant.
Note:
The authorization code grant type is used to obtain both access tokens and refresh tokens and is optimized for confidential clients. Since this is a redirection-based flow, the client must be capable of interacting with the resource owner’s user-agent (typically a web browser) and capable of receiving incoming requests (via redirection) from the authorization server.
NEW QUESTION 230
A company uses Azure to host virtual machines (VMs) and web apps. You plan to deploy a new web app in the Shared App Service tier. The web app must support running up to 25 instances concurrently. You need to ensure that you can configure HTTPS for the new web app. What should you do?
A. Configure the domain name mapping.
B. Set the deployment credentials for the app service.
C. Create a new app service.
D. Scale up to the Premium App Service tier.
Answer: A
NEW QUESTION 231
……
P.S. These New 70-533 Exam Questions Were Just Updated From The Real 70-533 Exam, You Can Get The Newest 70-533 Dumps In PDF And VCE From — https://www.passleader.com/70-533.html (243q VCE and PDF)
Good Luck!
Besides, SOME new 243Q 70-533 dumps for your reference:
https://drive.google.com/open?id=0B-ob6L_QjGLpfnV3MVl6X3pXOWw1Z3YtQUpJRVRiTkNkbGNFbVBNRXhjSkw3bWk1WHdYcW8
Best Regards!