Real Exam Questions AZ-220 Dumps Exam Questions in here [Dec-2021]
Get Latest Dec-2021 Conduct effective penetration tests using AZ-220
Exam Syllabus
This Microsoft exam measures specific technical skills. Therefore, you must develop competence in these technical areas to be able to achieve success in the certification test. The domains covered in the exam are highlighted below:
- Data Processing & Management: 15-20%
This part focuses on the examinees’ skills in configuring routing within Azure Internet of Things Hub. It also covers their ability to configure stream processing, and configure the IoT solution for TSI. The applicants should know how to create stream processing for IoT data and ASA for data. They should also be able to implement solutions for handling time-stamped and telemetry data.
- Implementation of IoT Solution Infrastructures: 15-20%
This topic shows that you are able to create and configure IoT Hub. Besides that, you must also demonstrate competence in registering a device, configuring a device twin, and IoT Hub tier & scaling. It also helps the candidates develop their skills in building communication and device messaging as well as configuring substantial IoT devices.
- Monitoring, Optimization, and Troubleshooting of Internet of Things Solutions: 15-20%
The questions from this area will measure the skills of the test takers in the configuration of health monitoring, troubleshooting of specific device communications, and execution of end-to-end solution diagnostics and testing.
- Security Implementation: 15-20%
This objective requires that the individuals demonstrate their expertise in the implementation of device authentication within IoT Hub, implementation of device security with the use of DPS, as well as implementation of Azure Defender for IoT.
Exam Preparation
The Microsoft Learning Platform has everything that the candidates need to completely prepare for their certification test. You can explore free resources as well as paid training courses. You will also find the exam questions that will help you evaluate your level of preparedness for the actual test. All in all, you can look at the following options:
- Free Resources
These are free online learning paths that are designed to help the students gain the required skills for obtaining the certification. There are four learning paths with different modules for each track and you can explore all of them for free. The paths that are identified for Microsoft AZ-220 include Introduction to Azure IoT, Securely Connecting the IoT Devices to Cloud, Building the Intelligence Edge with the Azure IoT Edge, and Developing the IoT Solutions with the Azure IoT Central.
- Paid Training Course
This is an instructor-led training course that is designed to provide all the learners with the knowledge and skills needed to create and maintain the Cloud and edge portions associated with Azure IoT solutions. The course is not for free, but it focuses on the complete coverage of Azure IoT services, including IoT Hub, Azure Stream Analytics, Device Provisioning Services, and Time Series Insights, among others.
- Practice Test
The applicants can find this option on the official website. This training tool is very useful in evaluating their knowledge before taking the real test. It is recommended to spend ample time going over the questions to understand the patterns of the actual exam questions and how to answer them appropriately to achieve the passing score.
NEW QUESTION 12
From the Device Provisioning Service, you create an enrollment as shown in the exhibit. (Click the Exhibit tab.)
You need to deploy a new IoT device.
What should you use as the device identity during attestation?
- A. the random string of alphanumeric characters
- B. a self-signed X.509 certificate
- C. the endorsement key of the device's Trusted Platform Module (TPM)
- D. the HMACSHA256 hash of the device's registration ID
Answer: D
Explanation:
Each device uses its derived device key with your unique registration ID to perform symmetric key attestation with the enrollment during provisioning. To generate the device key, use the key you copied from your DPS enrollment to compute an HMAC-SHA256 of the unique registration ID for the device and convert the result into Base64 format.
Reference:
https://docs.microsoft.com/en-us/azure/iot-edge/how-to-auto-provision-symmetric-keys
NEW QUESTION 13
You have an Azure IoT hub and 15,000 IoT devices that monitor temperature. The IoT hub has four partitions. Each IoT device sends a 1-KB message every five seconds.
You plan to use Azure Stream Analytics to process the telemetry stream and generate an alert when temperatures exceed a defined threshold.
You need to recommend the minimum number of streaming units to configure for Stream Analytics.
What should you recommend?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/stream-analytics/stream-analytics-parallelization#calculate-the-maximum-streaming-units-of-a-job
NEW QUESTION 14
You have an Azure IoT Central application that has a custom device template.
You need to configure the device template to support the following activities:
Return the reported power consumption.
Configure the desired fan speed.
Run the device reset routine.
Read the fan serial number.
Which option should you use for each activity? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/iot-central/core/howto-set-up-template
NEW QUESTION 15
You need to route events in Azure Digital Twins to a downstream service for additional processing.
Which type of output endpoint can you use?
- A. Azure Table storage
- B. Azure Queue storage
- C. Azure Event Hubs
- D. Microsoft Power Bl
Answer: C
Explanation:
Create an endpoint for Azure Digital Twins.
These are the supported types of endpoints that you can create for your instance:
Event Grid
Event Hubs
Service Bus
Note: In Azure Digital Twins, you can route event notifications to downstream services or connected compute resources. This is done by first setting up endpoints that can receive the events. You can then create event routes that specify which events generated by Azure Digital Twins are delivered to which endpoints.
Reference:
https://docs.microsoft.com/en-us/azure/digital-twins/how-to-manage-routes
NEW QUESTION 16
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this question, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have devices that connect to an Azure IoT hub. Each device has a fixed GPS location that includes latitude and longitude.
You discover that a device entry in the identity registry of the IoT hub is missing the GPS location.
You need to configure the GPS location for the device entry. The solution must prevent the changes from being propagated to the physical device.
Solution: You add tags to the device twin. Does the solution meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
Instead add the desired properties to the device twin.
Note: Device Twins are used to synchronize state between an IoT solution's cloud service and its devices. Each device's twin exposes a set of desired properties and reported properties. The cloud service populates the desired properties with values it wishes to send to the device. When a device connects it requests and/or subscribes for its desired properties and acts on them.
Reference:
https://azure.microsoft.com/sv-se/blog/deep-dive-into-azure-iot-hub-notifications-and-device-twin/
NEW QUESTION 17
HOTSPOT
You have an Azure IoT hub.
You plan to deploy 1,000 IoT devices by using automatic device management.
The device twin is shown below.
You need to configure automatic device management for the deployment.
Which target Condition and Device Twin Path should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Explanation:
Box 1: tags.engine.warpDriveType='VM105a'
Use tags to target twins. Before you create a configuration, you must specify which devices or modules you want to affect. Azure IoT Hub identifies devices and using tags in the device twin, and identifies modules using tags in the module twin.
Box 2: properties.desired.warpOperating
The twin path, which is the path to the JSON section within the twin desired properties that will be set.
For example, you could set the twin path to properties.desired.chiller-water and then provide the following JSON content:
{
"temperature": 66,
"pressure": 28
}
Reference:
https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-automatic-device-management Provision and manage devices Testlet 1 Case Study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other question on this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next sections of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question on this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Existing Environment. Current State of Development
Contoso produces a set of Bluetooth sensors that read the temperature and humidity. The sensors connect to IoT gateway devices that relay the data.
All the IoT gateway devices connect to an Azure IoT hub named iothub1.
Existing Environment. Device Twin
You plan to implement device twins by using the following JSON sample.
Existing Environment. Azure Stream Analytics
Each room will have between three to five sensors that will generate readings that are sent to a single IoT gateway device. The IoT gateway device will forward all the readings to iothub1 at intervals of between 10 and
60 seconds.
You plan to use a gateway pattern so that each IoT gateway device will have its own IoT Hub device identity.
You draft the following query, which is missing the GROUP BYclause.
SELECT
AVG(temperature),
System.TimeStamp() AS AsaTime
FROM
Iothub
You plan to use a 30-second period to calculate the average temperature reading of the sensors.
You plan to minimize latency between the condition reported by the sensors and the corresponding alert issued by the Stream Analytics job.
Existing Environment. Device Messages
The IoT gateway devices will send messages that contain the following JSON data whenever the temperature exceeds a specified threshold.
The levelproperty will be used to route the messages to an Azure Service Bus queue endpoint named criticalep.
Existing Environment. Issues
You discover connectivity issues between the IoT gateway devices and iothub1, which cause IoT devices to lose connectivity and messages.
Requirements. Planning Changes
Contoso plans to make the following changes:
* Use Stream Analytics to process and view data.
* Use Azure Time Series Insights to visualize data.
* Implement a system to sync device statuses and required settings.
* Add extra information to messages by using message enrichment.
* Create a notification system to send an alert if a condition exceeds a specified threshold.
* Implement a system to identify what causes the intermittent connection issues and lost messages.
Requirements. Technical Requirements
Contoso must meet the following requirements:
* Use the built-in functions of IoT Hub whenever possible.
* Minimize hardware and software costs whenever possible.
* Minimize administrative effort to provision devices at scale.
* Implement a system to trace message flow to and from iothub1.
* Minimize the amount of custom coding required to implement the planned changes.
* Prevent read operations from being negatively affected when you implement additional services.
NEW QUESTION 18
You have an Azure IoT solution that includes an Azure IoT hub.
You receive a root certification authority (CA) certificate from the security department at your company.
You need to configure the IoT hub to use the root CA certificate.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/bs-latn-ba/azure/iot-hub/iot-hub-security-x509-get-started
NEW QUESTION 19
From the Device Provisioning Service, you create an enrollment as shown in the exhibit.
You need to deploy a new IoT device.
What should you use as the device identity during attestation?
- A. the random string of alphanumeric characters
- B. a self-signed X.509 certificate
- C. the HMAC-SHA256 hash of the device's registration ID
- D. the endorsement key of the device's Trusted Platform Module (TPM)
Answer: C
Explanation:
Each device uses its derived device key with your unique registration ID to perform symmetric key attestation with the enrollment during provisioning. To generate the device key, use the key you copied from your DPS enrollment to compute an HMAC-SHA256 of the unique registration ID for the device and convert the result into Base64 format.
Reference:
https://docs.microsoft.com/en-us/azure/iot-edge/how-to-auto-provision-symmetric-keys
NEW QUESTION 20
You need to use message enrichment to add additional device information to messages sent from the IoT gateway devices when the reported temperature exceeds a critical threshold.
How should you configure the enrich message values? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/bs-cyrl-ba/azure/iot-hub/iot-hub-message-enrichments-overview
NEW QUESTION 21
You need to install the Azure IoT Edge runtime on a new device that runs Windows 10 IoT Enterprise.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation:
Step 1: From Azure IoT Hub, create an IoT Edge Device
Step 2: Deploy-IoTEdge
The Deploy-IoTEdge command checks that your Windows machine is on a supported version, turns on the containers feature, and then downloads the moby runtime and the IoT Edge runtime. The command defaults to using Windows containers.
{Invoke-WebRequest -useb https://aka.ms/iotedge-win} | Invoke-Expression; ` Deploy-IoTEdge Step 3: Initialize-IoTEdge The Initialize-IoTEdge command configures the IoT Edge runtime on your machine. The command defaults to manual provisioning with Windows containers.
{Invoke-WebRequest -useb https://aka.ms/iotedge
Step 4: Enter the IoT Edge device connection string.
When prompted, provide the device connection string that you retrieved in step 1. The device connection string associates the physical device with a device ID in IoT Hub.
Reference:
https://docs.microsoft.com/en-us/azure/iot-edge/module-composition
NEW QUESTION 22
You have an Azure IoT solution that contains an Azure IoT hub and 100 IoT devices. The devices run Windows Server 2016.
You need to deploy the Azure Defender for IoT C#-based security agent to the devices.
What should you do first?
- A. On the devices, initialize Trusted Platform Module (TPM).
- B. On the devices, set the PowerShell execution policy to Restricted.
- C. From the loT hub. create a security module for the devices.
- D. From the loT hub. create a system-assigned managed identity.
Answer: C
Explanation:
The IoT Edge security manager provides a safe framework for security service extensions through host-level modules. The IoT Edge security manager include Ensure safe operation of client agents for services including Device Update for IoT Hub and Azure Defender for IoT.
Reference:
https://docs.microsoft.com/en-us/azure/iot-edge/iot-edge-security-manager
NEW QUESTION 23
You have the following device twin for the IoT device.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-device-twins
NEW QUESTION 24
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this question, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have devices that connect to an Azure IoT hub. Each device has a fixed GPS location that includes latitude and longitude.
You discover that a device entry in the identity registry of the IoT hub is missing the GPS location.
You need to configure the GPS location for the device entry. The solution must prevent the changes from being propagated to the physical device.
Solution: You add tags to the device twin.
Does the solution meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
Instead add the desired properties to the device twin.
Note: Device Twins are used to synchronize state between an IoT solution's cloud service and its devices.
Each device's twin exposes a set of desired properties and reported properties. The cloud service populates the desired properties with values it wishes to send to the device. When a device connects it requests and/or subscribes for its desired properties and acts on them.
Reference:
https://azure.microsoft.com/sv-se/blog/deep-dive-into-azure-iot-hub-notifications-and-device-twin/
NEW QUESTION 25
You have an Azure IoT solution that includes a basic tier Azure IoT hub named Hub1 and a Raspberry Pi device named Device1. Device1 connects to Hub1.
You back up Device1 and restore the backup to a new Raspberry Pi device.
When you start the new Raspberry Pi device, you receive the following error message in the diagnostic logs of Hub1: "409002 LinkCreationConflict." You need to ensure that Device1 and the new Raspberry Pi device can run simultaneously without error.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. From Hub1, create a new consumer group.
- B. On the new Raspberry Pi device, modify the connection string.
- C. Upgrade Hub1 to the standard tier.
- D. From Hub1, modify the device shared access policy.
- E. From Hub1, create a new IoT device.
Answer: B,E
Explanation:
Explanation/Reference:
Explanation:
Note: Symptoms
You see the error 409002 LinkCreationConflict in logs along with device disconnection or cloud-to-device message failure.
Cause
Generally, this error happens when IoT Hub detects a client has more than one connection. In fact, when a new connection request arrives for a device with an existing connection, IoT Hub closes the existing connection with this error.
Reference:
https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-troubleshoot-error-409002- linkcreationconflict#symptoms
https://devblogs.microsoft.com/iotdev/understand-different-connection-strings-in-azure-iot-hub/
NEW QUESTION 26
You are planning a proof of concept (POC) that will use an Azure IoT hub.
You have two self-signed client authentication certificates named Cert1 and Cert2. Cert1 has a basic constraint that contains Subject Type=C You need to identify which certificates to use.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: Cert2 only
Cert2: The leaf certificate, or end-entity certificate, identifies the certificate holder. It has the root certificate in its certificate chain as well as zero or more intermediate certificates. The leaf certificate is not used to sign any other certificates. It uniquely identifies the device to the provisioning service and is sometimes referred to as the device certificate.
Box 2: Cert1 only
Cert1: A root certificate is a self-signed X.509 certificate representing a certificate authority (CA). It is the terminus, or trust anchor, of the certificate chain. Root certificates can be self-issued by an organization or purchased from a root certificate authority.
Reference:
https://docs.microsoft.com/en-us/azure/iot-dps/concepts-x509-attestation
NEW QUESTION 27
You have an Azure subscription that contains an Azure IoT hub and two Azure IoT Edge devices named Device1 and Device2.
You need to ensure that the IoT hub only accepts connections from Device1 and Device2.
What should you configure?
- A. a private endpoint connection
- B. a gateway device
- C. Azure Active Directory (Azure AD) Identity Protection
- D. Azure API Management
Answer: A
Explanation:
Ingress connectivity to IoT Hub using Azure Private Link.
A private endpoint is a private IP address allocated inside a customer-owned VNet via which an Azure resource is reachable. Through Azure Private Link, you can set up a private endpoint for your IoT hub to allow services inside your VNet to reach IoT Hub without requiring traffic to be sent to IoT Hub's public endpoint. Similarly, your on-premises devices can use Virtual Private Network (VPN) or ExpressRoute peering to gain connectivity to your VNet and your IoT Hub (via its private endpoint). As a result, you can restrict or completely block off connectivity to your IoT hub's public endpoints by using IoT Hub IP filter or the public network access toggle. This approach keeps connectivity to your Hub using the private endpoint for devices.
Reference:
https://docs.microsoft.com/en-us/azure/iot-hub/virtual-network-support
NEW QUESTION 28
You have an Azure IoT solution that includes an Azure IoT hub, 100 Azure IoT Edge devices, and 500 leaf devices.
You need to perform a key rotation across the devices.
Which three types of entities should you update? Each Answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. the iothubowner policy credentials
- B. the $edgeHub module identity
- C. the $edgeAgent module identity
- D. the leaf module identities
- E. the leaf device identities
- F. the IoT Edge device identities
Answer: B,E,F
Explanation:
To get authorization to connect to IoT Hub, devices and services must send security tokens signed with either a shared access or symmetric key. These keys are stored with a device identity in the identity registry.
An IoT Hub identity registry can be accessed like a dictionary, by using the deviceId or moduleId as the key. Reference:
https://docs.microsoft.com/bs-latn-ba/azure/iot-dps/how-to-control-access
https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-identity-registry
NEW QUESTION 29
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure IoT solution that includes an Azure IoT hub, a Device Provisioning Service instance, and 1,000 connected IoT devices.
All the IoT devices are provisioned automatically by using one enrollment group.
You need to temporarily disable the IoT devices from connecting to the IoT hub.
Solution: You disconnect the Device Provisioning Service from the IoT hub.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
Instead, from the Device Provisioning Service, you disable the enrollment group, and you disable device entries in the identity registry of the IoT hub to which the IoT devices are provisioned.
Reference:
https://docs.microsoft.com/bs-latn-ba/azure/iot-dps/how-to-unprovision-devices
NEW QUESTION 30
......
Authentic Best resources for AZ-220 Online Practice Exam: https://www.pdfdumps.com/AZ-220-valid-exam.html
Get the superior quality AZ-220 Dumps with explanations waiting just for you, get it now: https://drive.google.com/open?id=1_LOhbnCj1FOq6_8qsVEgr7BTI4SwLxAQ