Connect to Test Flashcards by Marcus Mueller

What types of integration scenarios should you be prepared for under the ‘Connect to and Consume Azure Services and Third-party Services’ domain?

Integration Scenarios:

Azure Services: Event Grid, Service Bus, and Event Hubs for messaging
API Management: Azure API Management for API exposure
Third-party Services: APIs or SDKs for external connections

How well did you know this?

Not at all

Perfectly

How can you subscribe to an Azure Event Grid topic using .NET to handle events?

Event Grid Subscription (.NET):

Use an Azure Function with an Event Grid trigger:

csharp
public static void Run([EventGridTrigger] EventGridEvent eventGridEvent, ILogger log)
{
    log.LogInformation($\"Event received: {eventGridEvent.Data.ToString()}\");
}

Configure subscription via Azure CLI:

bash
az eventgrid event-subscription create \
  --name my-subscription \
  --source-resource-id /subscriptions/<sub-id>/resourceGroups/<rg>/providers/Microsoft.EventGrid/topics/<topic-name> \
  --endpoint <function-endpoint>

This subscribes a function to the topic’s events.

How well did you know this?

Not at all

Perfectly

How do you send a message to an Azure Service Bus queue using .NET?

Service Bus Queue Message (.NET):

Use the Azure.Messaging.ServiceBus library:

```csharp
using Azure.Messaging.ServiceBus;

var client = new ServiceBusClient("your_connection_string");
var sender = client.CreateSender("your_queue_name");
await sender.SendMessageAsync(new ServiceBusMessage(“Hello, Service Bus!”));
await sender.DisposeAsync();
await client.DisposeAsync();
```

This sends a message to the specified queue.

How well did you know this?

Not at all

Perfectly

How can you consume events from an Azure Event Hub using .NET?

Event Hub Consumer (.NET):

Use the Azure.Messaging.EventHubs library with an Event Processor:

```csharp
using Azure.Messaging.EventHubs;
using Azure.Messaging.EventHubs.Consumer;

var connectionString = "your_event_hub_connection_string";
var eventHubName = "your_event_hub_name";
var consumerGroup = "$Default";
var client = new EventHubConsumerClient(consumerGroup, connectionString, eventHubName);

await foreach (PartitionEvent partitionEvent in client.ReadEventsAsync())
{
Console.WriteLine($"Event: {partitionEvent.Data.Body}");
}
```

This reads events from all partitions in the default consumer group.

How well did you know this?

Not at all

Perfectly

How can the Azure Cosmos DB Change Feed Processor be used to send changes to Azure Event Hubs?

Cosmos DB Change Feed to Event Hubs:

Configure the Change Feed Processor to push changes to an Event Hub:

```csharp
using Azure.Messaging.EventHubs;

CosmosClient client = new CosmosClient("your_endpoint", "your_key");
Container monitoredContainer = client.GetContainer("database_name", "monitored_container_name");
Container leaseContainer = client.GetContainer("database_name", "lease_container_name");

var eventHubProducer = new EventHubProducerClient("event_hub_connection_string", "event_hub_name");

ChangeFeedProcessor processor = monitoredContainer
.GetChangeFeedProcessorBuilder<dynamic>(\"changeFeedToEventHub\", async (changes, token) =>
{
foreach (var change in changes)
{
await eventHubProducer.SendAsync(new EventData(System.Text.Json.JsonSerializer.Serialize(change)));
}
})
.WithInstanceName(\"eventHubInstance\")
.WithLeaseContainer(leaseContainer)
.Build();</dynamic>

await processor.StartAsync();
```

This sends Cosmos DB change feed events to an Event Hub.

How well did you know this?

Not at all

Perfectly

How can you import an API into Azure API Management using the Azure CLI?

API Management Import (Azure CLI):

Create an API Management instance and import an OpenAPI spec:

```bash
az apim create \
–name my-apim \
–resource-group myResourceGroup \
–publisher-name MyOrg \
–publisher-email admin@myorg.com \
–sku-name Consumption

az apim api import \
–resource-group myResourceGroup \
–service-name my-apim \
–api-id my-api \
–path /myapi \
–specification-format OpenApi \
–specification-url https://example.com/openapi.json
```

This imports an API from an OpenAPI specification.

How well did you know this?

Not at all

Perfectly

How can you call a third-party REST API from an Azure Function using .NET?

Third-party API Call (Azure Function):

Use HttpClient in an HTTP-triggered function:

```csharp
using System.Net.Http;
using Microsoft.Azure.Functions.Worker;

[Function("CallThirdPartyApi")]
public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, \"get\")] HttpRequestData req,
FunctionContext context)
{
var client = new HttpClient();
var response = await client.GetAsync(\"https://api.example.com/data\");
string result = await response.Content.ReadAsStringAsync();
return new OkObjectResult(result);
}
```</IActionResult>

This calls a third-party API and returns the response.

How well did you know this?

Not at all

Perfectly

How do you create an Azure API Management instance using the Azure CLI?

API Management Instance Creation:

Use the Azure CLI to create an API Management instance:

bash
az apim create \
  --name myapim \
  --resource-group myResourceGroup \
  --location eastus \
  --publisher-name MyOrg \
  --publisher-email admin@myorg.com \
  --sku-name Consumption

This creates a Consumption-tier instance for low-cost, serverless API management.

How well did you know this?

Not at all

Perfectly

What are the subscription key scopes available in Azure API Management (All APIs, Single API, Product), and how do they differ in terms of access control?

API Management Subscription Key Scopes:

All APIs: Applies to every API accessible from the gateway, offering broad access
Single API: Applies to a single imported API and all its endpoints, limiting access to that API
Product: A collection of one or more APIs configured in API Management, with different access rules, usage quotas, and terms of use

Configure via CLI:

bash
az apim subscription create \
  --resource-group myResourceGroup \
  --service-name myapim \
  --name mysubscription \
  --scope \"/products/myproduct\"

This assigns a subscription key to a product scope for controlled access.

How well did you know this?

Not at all

Perfectly

How does Azure API Management secure access to APIs using mechanisms other than subscription keys, such as OAuth 2.0, client certificates, and IP allowlisting?

API Management Security Mechanisms:

OAuth 2.0: Use OAuth for delegated access, configure via policies:
```xml

<inbound>
<validate-jwt header-name=\"Authorization\" failed-validation-httpcode=\"401\" failed-validation-error-message=\"Unauthorized\">
<issuer>https://login.microsoftonline.com/your_tenant_id/v2.0</issuer>
<required-claims>
<claim name=\"aud\" match=\"equals\" value=\"your_api_id\"/>
</required-claims>
</validate-jwt>
</inbound>

```

Client Certificates: Validate client certificates in policies for mutual TLS

IP Allowlisting: Restrict access to specific IP ranges via policy:
```xml

```

These enhance security beyond subscription keys.

How well did you know this?

Not at all

Perfectly

What is the role of policies in Azure API Management, and how are they applied to modify API behavior?

API Management Policies:

Policies allow publishers to change API behavior through configuration:

A collection of statements executed sequentially in response to requests or responses
Applied in the gateway between the API consumer and managed API
Can modify inbound requests and outbound responses

Configure in XML document, divided into sections:
```xml

<policies>
<inbound>
<set-header name=\"x-api-key\" exists-action=\"override\">
<value>mykey</value>
</set-header>
</inbound>
<backend>
<forward-request></forward-request>
</backend>
<outbound>
<set-header name=\"Content-Type\" exists-action=\"override\">
<value>application/json</value>
</set-header>
</outbound>
<on-error>
<return-response>
<set-status code=\"500\" reason=\"Internal Server Error\" />
</return-response>
</on-error>
</policies>

```

If an error occurs, remaining steps are skipped and the on-error section is executed.

How well did you know this?

Not at all

Perfectly

How does performance-based routing in Azure Traffic Manager optimize traffic handling for a global application?

Azure Traffic Manager Performance-Based Routing:

Directs users to the endpoint with the lowest latency for faster responses
Monitors endpoint performance to adapt to changing network conditions
Enhances scalability by routing traffic to the best-performing regions

It’s ideal for minimizing latency in high-demand global applications.

How well did you know this?

Not at all

Perfectly

Which policy should you configure in Azure API Management to cache API responses and improve performance for internal services?

Configure cache-response policy because:

Caches API responses to reduce backend load and improve response times
Allows setting cache duration and conditions for specific endpoints
Optimizes performance for frequently accessed, static data

Other policies like rate-limit, set-variable, or validate-jwt don’t enable caching.

How well did you know this?

Not at all

Perfectly

How does the cache-response policy in Azure API Management enhance performance for API responses?

Cache-Response Policy Benefits:

Stores API responses to serve subsequent requests faster from the cache
Reduces backend load by minimizing repeated calls for static data
Supports configurable cache duration and granular caching strategies

It’s ideal for improving API performance and user experience.

How well did you know this?

Not at all

Perfectly

Which Azure service should you use to ingest and process IoT data from thousands of devices in real-time, with batch processing and storage for future analysis?

Use Azure Event Hub for real-time ingestion and Azure Data Lake for storage because:

Event Hub handles high-throughput ingestion from thousands of devices in real-time
Data Lake stores large volumes of data for batch processing and future analytics
Enables efficient real-time and batch processing workflows

Other options like Service Bus, Cosmos DB, or Logic Apps aren’t optimized for high-throughput ingestion and big data storage.

How well did you know this?

Not at all

Perfectly

How do Azure Event Hub and Azure Data Lake together enable real-time analytics and storage for IoT data from thousands of devices?

Study These Flashcards

Azure Event Hub + Azure Data Lake:

Event Hub ingests millions of events per second for real-time analytics
Data Lake stores large-scale data for batch processing and long-term analysis
Integrates with analytics services for efficient data workflows

They’re ideal for real-time IoT data processing and scalable storage.

What option should you use to configure Azure Cosmos DB to automatically scale based on demand?

Study These Flashcards

Set throughput to automatic scaling based on demand because:

Dynamically adjusts RU/s to match workload, ensuring performance
Reduces costs by scaling down during low demand
Simplifies management with real-time adaptation to traffic

Other options like manual RU/s adjustments or hourly scaling don’t adapt dynamically.

How does setting throughput to automatic scaling based on demand optimize performance in Azure Cosmos DB?

Study These Flashcards

Automatic Scaling Benefits:

Adjusts RU/s in real-time to handle traffic spikes efficiently
Minimizes costs by reducing throughput during low demand
Eliminates manual scaling for seamless performance management

It’s ideal for applications with unpredictable workloads.

Which Azure service should you use to ensure minimal downtime during failover for a scalable application with multi-region deployment on Azure?

Study These Flashcards

Use Azure Front Door with global routing and failover capabilities because:

Automatically reroutes traffic to healthy regions with minimal downtime
Provides global load balancing for low-latency access across regions
Enhances reliability with health probes and WAF for security

Other options like Traffic Manager, Load Balancer, or Application Gateway don’t handle cross-region failover as efficiently.

How does Azure Front Door with global routing and failover capabilities ensure minimal downtime in a multi-region deployment?

Study These Flashcards

Azure Front Door Benefits:

Reroutes traffic to the nearest healthy region during failover, minimizing downtime
Uses health probes to detect failures and ensure high availability
Optimizes performance with global load balancing and edge caching

It’s ideal for disaster recovery and high availability in global apps.

Which Azure service should you use to efficiently handle large volumes of data from multiple clients with asynchronous message processing?

Study These Flashcards

Use Azure Service Bus queues because:

Decouples senders and receivers for asynchronous processing
Handles high throughput with scalability for large message volumes
Ensures reliability with message durability and advanced features like sessions

Other options like Event Grid, Logic Apps, or Storage Queues aren’t designed for heavy message handling.

How do Azure Service Bus queues efficiently handle large volumes of messages from multiple clients with asynchronous processing?

Study These Flashcards

Azure Service Bus Queues Benefits:

Decouple clients and processors for independent scaling and asynchronous handling
Support high throughput with durable, reliable message delivery
Offer features like sessions and dead-lettering for complex scenarios

They’re ideal for large-scale, asynchronous messaging in Azure.

Which Azure service should you configure to automatically scale in response to traffic spikes without manual intervention?

Study These Flashcards

Configure Azure App Service with auto-scaling enabled because:

Automatically scales instances based on metrics like CPU or HTTP queue length
Requires no manual intervention with predefined scaling rules
Supports various app types with flexible scaling configurations

Other options like Azure Functions, Kubernetes, or VMs have limitations or require more management.

How does Azure App Service with auto-scaling enabled ensure automatic scaling in response to traffic spikes?

Study These Flashcards

Azure App Service Auto-scaling:

Scales instances up or down based on metrics like CPU or memory usage
Operates without manual intervention using predefined rules
Optimizes costs by reducing instances during low traffic periods

It’s ideal for apps needing seamless, automatic scaling in Azure.

What Azure service should you use to manage authentication for a multi-tenant SaaS application across different tenants?

**Use Azure Active Directory B2B** because: - Enables **secure guest user access** from other organizations for multi-tenant apps - **Integrates with existing Azure AD identities** for seamless authentication - Provides **robust security** with MFA and conditional access policies Other options like **B2C**, **Managed Identity**, or **app registration** aren't suited for **B2B scenarios**.

How does Azure Active Directory B2B ensure secure authentication for a multi-tenant SaaS application?

**Azure Active Directory B2B Benefits**: - Allows **guest users from different tenants** to authenticate using their existing credentials - Enhances security with features like **MFA**, **conditional access**, and **auditing** - **Customizes sign-in experiences** for different tenants with branding options It's ideal for **secure**, **collaborative multi-tenant authentication**.

Which Azure service should you use to manage secure authentication and authorization for each tenant in a multi-tenant SaaS application on Azure?

**Use Azure Active Directory B2B** because: - Facilitates **secure collaboration** by allowing guest user access across tenants - Ensures **data isolation** and security for each tenant in a shared app - Supports **enterprise-grade authentication** with Azure AD features Other options like **B2C**, **Managed Identity**, or **app registration** don't fit **B2B multi-tenant** needs.

How does Azure Active Directory B2B manage secure authentication and authorization for a multi-tenant SaaS application on Azure?

**Azure Active Directory B2B Management**: - Enables **secure guest user authentication** across different tenant organizations - **Maintains data isolation** while providing access to shared app resources - Leverages **Azure AD security features** like conditional access for tenant-specific policies It's ideal for **secure multi-tenant SaaS** authentication and authorization.

How do you authenticate to Azure services from application code without storing credentials?

**Credential-Free Authentication**: Use a **managed identity** (system- or user-assigned) and **DefaultAzureCredential**. It retrieves tokens from the environment and **eliminates secrets**.

How do you use a managed identity to read a secret from Azure Key Vault in .NET?

**Key Vault Access with Managed Identity**: Grant **Key Vault access policy** or **RBAC** to the managed identity and use: ```csharp using Azure.Identity; using Azure.Security.KeyVault.Secrets; var client = new SecretClient(new Uri(\"https://.vault.azure.net/\"), new DefaultAzureCredential()); KeyVaultSecret secret = await client.GetSecretAsync(\"MySecret\"); string value = secret.Value; ```

When should you choose Event Grid vs Event Hub vs Service Bus?

**Azure Messaging Service Selection**: - **Event Grid**: **Reactive eventing** (lightweight events, fan-out, low latency) - **Event Hub**: **High-throughput telemetry/streaming** (millions of events/sec, partitioned) - **Service Bus**: **Enterprise messaging** (commands, queues, topics, ordering, transactions)

How do you implement retry with exponential backoff for transient HTTP failures in .NET?

**Retry with Exponential Backoff (.NET)**: Use **Polly**: ```csharp var policy = Policy.Handle() .OrResult(r => (int)r.StatusCode >= 500) .WaitAndRetryAsync(5, i => TimeSpan.FromSeconds(Math.Pow(2, i))); await policy.ExecuteAsync(() => httpClient.GetAsync(url)); ```

How do you publish an event to a custom Event Grid topic using Azure CLI?

**Event Grid Event Publishing (Azure CLI)**: Use **az eventgrid event create**: ```bash az eventgrid event create \ --topic-name mytopic \ --resource-group myrg \ --subject \"/app/items/1\" \ --event-type MyApp.ItemCreated \ --data '{\"id\":1,\"name\":\"Item1\"}' \ --data-version 1.0 ```

How do you rewrite a backend URL path in Azure API Management?

**Backend URL Rewrite (API Management)**: Use a **rewrite-uri policy**: ```xml

```

How do you call Microsoft Graph API from an Azure Function securely?

**Secure Microsoft Graph API Call**: Assign a **managed identity**, grant **Graph permissions**, then: ```csharp var tokenCred = new DefaultAzureCredential(); var graphClient = new GraphServiceClient(tokenCred, new[]{\"https://graph.microsoft.com/.default\"}); var me = await graphClient.Me.GetAsync(); ```

How do you send and receive messages with Service Bus topics and subscriptions in .NET?

**Service Bus Topics and Subscriptions (.NET)**: Create **sender on topic** and **processor on subscription**: ```csharp var client = new ServiceBusClient(conn); await client.CreateSender(\"orders\").SendMessageAsync(new ServiceBusMessage(\"hi\")); var proc = client.CreateProcessor(\"orders\",\"region-eu\"); proc.ProcessMessageAsync += async args => Console.WriteLine(args.Message.Body); await proc.StartProcessingAsync(); ```

How do you secure Service Bus access using RBAC instead of connection strings?

**Service Bus RBAC Security**: - Enable **Microsoft Entra auth** - Assign role (e.g., **Azure Service Bus Data Sender/Receiver**) to managed identity - Use **DefaultAzureCredential** in the client constructor

How do you use Azure App Configuration for centralized settings in .NET?

**Azure App Configuration (.NET)**: Add package **Azure.Data.AppConfiguration** and: ```csharp var client = new ConfigurationClient(new Uri(\"https://.azconfig.io\"), new DefaultAzureCredential()); ConfigurationSetting s = await client.GetConfigurationSettingAsync(\"App:Theme\"); string theme = s.Value; ```

Connect to Test Flashcards

(38 cards)