AZ-204 · Question #161
AZ-204 Question #161: Real Exam Question with Answer & Explanation
The correct answer is D: Create separate Azure Event Grid topics and subscriptions for sign-in and sign-out events.. To process distinct sign-in and sign-out events for policy enforcement, it is best practice to configure separate Azure Event Grid topics and subscriptions. This ensures clear logical separation and allows for independent processing and policy actions tailored to each event type.
Question
Case Study 7 - Proseware, Inc Background You are a developer for Proseware, Inc. You are developing an application that applies a set of governance policies for Proseware's internal services, external services, and applications. The application will also provide a shared library for common functionality. Requirements Policy service You develop and deploy a stateful ASP.NET Core 2.1 web application named Policy service to an Azure App Service Web App. The application reacts to events from Azure Event Grid and performs policy actions based on those events. The application must include the Event Grid Event ID field in all Application Insights telemetry. Policy service must use Application Insights to automatically scale with the number of policy actions that it is performing. Policies Log Policy All Azure App Service Web Apps must write logs to Azure Blob storage. All log files should be saved to a container named logdrop. Logs must remain in the container for 15 days. Authentication events Authentication events are used to monitor users signing in and signing out. All authentication events must be processed by Policy service. Sign outs must be processed as quickly as possible. PolicyLib You have a shared library named PolicyLib that contains functionality common to all ASP.NET Core web services and applications. The PolicyLib library must: Exclude non-user actions from Application Insights telemetry. Provide methods that allow a web service to scale itself Ensure that scaling actions do not disrupt application usage Other Anomaly detection service You have an anomaly detection service that analyzes log information for anomalies. It is implemented as an Azure Machine Learning model. The model is deployed as a web service. If an anomaly is detected, an Azure Function that emails administrators is called by using an HTTP WebHook. Health monitoring All web applications and services have health monitoring at the /health service endpoint. Policy loss When you deploy Policy service, policies may not be applied if they were in the process of being applied during the deployment. Performance issue When under heavy load, the anomaly detection service undergoes slowdowns and rejects connections. Notification latency Users report that anomaly detection emails can sometimes arrive several minutes after an anomaly is detected. Relevant portions of the app files are shown below. Line numbers are included for reference only and include a two-character prefix that denotes the specific file to which they belong. Relevant portions of the app files are shown below. Line numbers are included for reference only and include a two-character prefix that denotes the specific file to which they belong. You need to ensure that authentication events are triggered and processed according to the authentication events policy. What should you do?
Options
- AEnsure that signout events have a subject prefix. Create an Azure Event Grid subscription that
- BCreate a new Azure Event Grid topic and add a subscription for the events.
- CCreate a new Azure Event Grid subscription for all authentication that delivers messages to an
- DCreate separate Azure Event Grid topics and subscriptions for sign-in and sign-out events.
Explanation
To process distinct sign-in and sign-out events for policy enforcement, it is best practice to configure separate Azure Event Grid topics and subscriptions. This ensures clear logical separation and allows for independent processing and policy actions tailored to each event type.
Common mistakes.
- A. Ensuring signout events have a subject prefix is a filtering mechanism but does not inherently provide the same level of architectural separation for distinct event handling as separate topics/subscriptions.
- B. Creating a single new topic and a general subscription does not provide the specific distinction needed to handle sign-in and sign-out events separately for different policy actions.
- C. Creating a single subscription for "all authentication" events would require the consuming application to implement the logic to differentiate and process sign-in and sign-out events, which is less efficient and scalable than using Event Grid's filtering or topic separation.
Concept tested. Azure Event Grid topic and subscription design
Reference. https://learn.microsoft.com/en-us/azure/event-grid/overview
Community Discussion
No community discussion yet for this question.