AZ-220 Exam Dumps - Try Best AZ-220 Exam Questions from Training Expert ActualPDF
Practice Examples and Dumps & Tips for 2022 Latest AZ-220 Valid Tests Dumps
NEW QUESTION 24
You have an Azure IoT solution that includes an Azure IoT hub, a Device Provisioning Service instance, and 1,000 connected IoT devices. The IoT devices are allocated to tour enrollment groups. Each enrollment group is configured to use certificate attestation.
You need to decommission all the devices in a single enrollment group and the enrollment group itself.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation:
To deprovision all of the devices that have been provisioned through an enrollment group:
Disable the enrollment group to disallow its signing certificate.
Use the list of provisioned devices for that enrollment group to disable or delete each device from the identity registry of its respective IoT hub.
After disabling or deleting all devices from their respective IoT hubs, you can optionally delete the enrollment group. Be aware, though, that, if you delete the enrollment group and there is an enabled enrollment group for a signing certificate higher up in the certificate chain of one or more of the devices, those devices can re-enroll.
Reference:
https://docs.microsoft.com/en-us/azure/iot-dps/how-to-unprovision-devices
NEW QUESTION 25
You have 100 devices that connect to an Azure IoT hub.
You need to be notified about failed local logins to a subnet of the devices.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation:
Step 1: Enable Azure Security Center for IoT
Security alerts, such as failed local IoT hub logins, are stored in AzureSecurityOfThings.SecurityAlert table in the Log Analytics workspace configured for the Azure Security Center for IoT solution.
Step 2: Select a device security group
Update a device security group..
Step 3: Create a custom alert rule
..by creating a custom alert rule
Reference:
https://docs.microsoft.com/bs-latn-ba/azure/asc-for-iot/how-to-security-data-access
https://docs.microsoft.com/en-us/rest/api/securitycenter/devicesecuritygroups/createorupdate
NEW QUESTION 26
From the Device Provisioning Service, you create an enrollment as shown in the exhibit. (Click the Exhibit tab.)
You need to deploy a new IoT device.
What should you use as the device identity during attestation?
- A. the HMACSHA256 hash of the device's registration ID
- B. the endorsement key of the device's Trusted Platform Module (TPM)
- C. the random string of alphanumeric characters
- D. a self-signed X.509 certificate
Answer: A
Explanation:
Each device uses its derived device key with your unique registration ID to perform symmetric key attestation with the enrollment during provisioning. To generate the device key, use the key you copied from your DPS enrollment to compute an HMAC-SHA256 of the unique registration ID for the device and convert the result into Base64 format.
Reference:
https://docs.microsoft.com/en-us/azure/iot-edge/how-to-auto-provision-symmetric-keys
NEW QUESTION 27
You have an IoT device that has the following configurations:
Hardware: Raspberry Pi Operating system: Raspbian
You need to deploy Azure IoT Edge to the device.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Run the Deploy-IoTEdge PowerShell cmdlet on the IoT Edge device.
- B. Update the IoT Edge runtime.
- C. Install the container runtime.
- D. Install the IoT Edge security daemon.
Answer: B,D
Explanation:
Explanation
The Azure IoT Edge runtime is what turns a device into an IoT Edge device. The runtime can be deployed on devices as small as a Raspberry Pi or as large as an industrial server.
The IoT Edge security daemon provides and maintains security standards on the IoT Edge device. The daemon starts on every boot and bootstraps the device by starting the rest of the IoT Edge runtime.
Reference:
https://docs.microsoft.com/en-us/azure/iot-edge/how-to-install-iot-edge
NEW QUESTION 28
You have an Azure IoT Central application that has a custom device template.
You need to configure the device template to support the following activities:
* Return the reported power consumption.
* Configure the desired fan speed.
* Run the device reset routine.
* Read the fan serial number.
Which option should you use for each activity? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Measurement
Telemetry/measurement is a stream of values sent from the device, typically from a sensor. For example, a sensor might report the ambient temperature.
Box 2: Property
The template can provide a writeable fan speed property
Properties represent point-in-time values. For example, a device can use a property to report the target temperature it's trying to reach. You can set writeable properties from IoT Central.
Box 3: Settings
Box 4: Command
You can call device commands from IoT Central. Commands optionally pass parameters to the device and receive a response from the device. For example, you can call a command to reboot a device in 10 seconds.
Reference:
https://docs.microsoft.com/en-us/azure/iot-central/core/howto-set-up-template
NEW QUESTION 29
You have an Azure IoT hub.
You plan to implement IoT Hub events by using Azure Event Grid.
You need to send an email when the following events occur:
Device Created
Device Deleted
Device Connected
Device Disconnected
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. From the IoT hub, configure an event subscription that has API management as the Endpoint Type.
- B. From the IoT hub, configure an event subscription that has Web Hook as the Endpoint Type.
- C. From the IoT hub, configure an event subscription that has Service Bus Queue as the Endpoint Type.
- D. Create an Azure logic app that has a Request trigger.
Answer: B,D
Explanation:
For non-telemetry events like DeviceConnected, DeviceDisconnected, DeviceCreated and DeviceDeleted, the Event Grid filtering can be used when creating the subscription.
Azure Event Grid enables you to react to events in IoT Hub by triggering actions in your downstream business applications.
A trigger, such as a Request trigger, is a specific event that starts your logic app.
Reference:
https://docs.microsoft.com/en-us/azure/event-grid/publish-iot-hub-events-to-logic-apps
NEW QUESTION 30
You have an Azure IoT solution that includes an Azure IoT hub.
You receive a root certification authority (CA) certificate from the security department at your company.
You need to configure the IoT hub to use the root CA certificate.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
1 - Upload the root CA certificate to the loT hub.
2 - Generate a varification code.
3 - Generate a varication certificate.
4 - Upload the veratication certificate.
Reference:
https://docs.microsoft.com/bs-latn-ba/azure/iot-hub/iot-hub-security-x509-get-started
NEW QUESTION 31
You have an Azure IoT solution that includes an Azure IoT Hub named Hub1 and an Azure IoT Edge device named Edge1. Edge1 connects to Hub1.
You need to deploy a temperature module to Edge1. What should you do?
- A. From the Azure portal, navigate to Hub1 and select IoT Edge. Select Edge1, and then select Manage Child Devices. From a Bash prompt, run the following command:
aziot edge set-modules -device-id Edge1 -hub-name Hub1 -content C:
\deploymentMan1.json - B. Create an IoT Edge deployment manifest that specifies the temperature module and the route to
$upstream. From a Bush prompt, run the following command:
aziot hub monitor-events-device-id Edge1 -hub-name Hub1 - C. Create an IoT Edge deployment manifest that specifies the temperature module and the route to
$upstream. From a Bush prompt, run the following command:
aziot edge set-modules -device-id Edge1 -hub-name Hub1 -content C:
\deploymentMan1.json - D. From the Azure portal, navigate to Hub1 and select IoT Edge. Select Edge1, select Device Twin, and then set the deployment manifest as a desired property. From a Bash prompt, run the following command aziot hub monitor-events-device-id Edge1 -hub-name Hub1
Answer: C
Explanation:
You deploy modules to your device by applying the deployment manifest that you configured with the module information.
Change directories into the folder where your deployment manifest is saved. If you used one of the VS Code IoT Edge templates, use the deployment.json file in the config folder of your solution directory and not the deployment.template.json file.
Use the following command to apply the configuration to an IoT Edge device:
aziot edge set-modules --device-id [device id] --hub-name [hub name] --content [file path] Reference:
https://docs.microsoft.com/en-us/azure/iot-edge/how-to-deploy-modules-cli
NEW QUESTION 32
You have an Azure IoT solution that includes multiple Azure IoT hubs in different geographic locations and a single Device Provision Service instance.
You need to configure device enrollment to assign devices to the appropriate IoT hub based on the following requirements:
The registration ID of the device
The geographic location of the device
The load between the IoT hubs in the same geographic location must be balanced.
What should you use to assign the devices to the IoT hubs?
- A. Lowest latency
- B. Static configuration (via enrollment list only)
- C. Custom (Use Azure Function)
- D. Evenly weighted distribution
Answer: B
Explanation:
Set the Device Provisioning Service allocation policy
The allocation policy is a Device Provisioning Service setting that determines how devices are assigned to an IoT hub. There are three supported allocation policies:
Lowest latency: Devices are provisioned to an IoT hub based on the hub with the lowest latency to the device.
Evenly weighted distribution (default): Linked IoT hubs are equally likely to have devices provisioned to them. This is the default setting. If you are provisioning devices to only one IoT hub, you can keep this setting.
Static configuration via the enrollment list: Specification of the desired IoT hub in the enrollment list takes priority over the Device Provisioning Service-level allocation policy.
Reference:
https://docs.microsoft.com/en-us/azure/iot-dps/tutorial-provision-multiple-hubs
NEW QUESTION 33
You enable Azure Security Center for IoT.
You need to onboard a device to Azure Security Center.
What should you do?
- A. Install an X.509 certificate on the hardware security module (HSM) of the device.
- B. Open incoming TCP port 8883 on the device.
- C. Modify the connection string of the device.
- D. Add the azureiotsecurity module identity to the Azure IoT Hub device identity.
Answer: D
Explanation:
Use the following workflow to deploy and test your Azure Security Center for IoT security agents:
1. Enable Azure Security Center for IoT service to your IoT Hub
2. If your IoT Hub has no registered devices, Register a new device.
3. Create an azureiotsecurity security module for your devices.
Azure Security Center for IoT makes use of the module twin mechanism and maintains a security module twin named azureiotsecurity for each of your devices.
Note: To manually create a new azureiotsecurity module twin for a device use the following instructions:
1. In your IoT Hub, locate and select the device you wish to create a security module twin for.
2. Click on your device, and then on Add module identity.
3. In the Module Identity Name field, enter azureiotsecurity.
4. Click Save.
Reference:
https://docs.microsoft.com/en-us/azure/asc-for-iot/quickstart-create-security-twin
NEW QUESTION 34
You need to add Time Series Insights to the solution to meet the pilot requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
Step 1: Provision Time Series Insights
Select Provision new IoT Hub to create a new IoT hub.
Step 2: Route telemetry from IoT Hub to a custom event.
Step 3: Add a data access policy to Time Series Insights for the dashboard web app Scenario: Requirements. Pilot Requirements During the pilot phase, devices will be deployed to 10 offices. Each office will have up to 1,000 devices.
During this phase, you will add Azure Time Series Insights in parallel to Stream Analytics to support real-time graphs and queries in a dashboard web app.
The pilot deployment must minimize operating costs.
Reference:
https://docs.microsoft.com/en-us/azure/time-series-insights/time-series-insights-update-create-environment
NEW QUESTION 35
You use Azure Security Center in an Azure IoT solution.
You need to exclude some security events. The solution must minimize development effort.
What should you do?
- A. Add configuration details to the device twin object.
- B. Create an Azure function to filter security messages.
- C. Add a configuration to the code of the physical IoT device.
- D. Create an azureiotsecurity module twin and add configuration details to the module twin object.
Answer: D
Explanation:
Properties related to every Azure Security Center for IoT security agent are located in the agent configuration object, within the desired properties section, of the azureiotsecurity module.
To modify the configuration, create and modify this object inside the azureiotsecurity module twin identity.
Note: Azure Security Center for IoT's security agent twin configuration object is a JSON format object. The configuration object is a set of controllable properties that you can define to control the behavior of the agent.
These configurations help you customize the agent for each scenario required. For example, automatically excluding some events, or keeping power consumption to a minimal level are possible by configuring these properties.
Reference:
https://docs.microsoft.com/en-us/azure/asc-for-iot/how-to-agent-configuration
NEW QUESTION 36
You are configuring a production environment for an Azure IoT solution.
You plan to deploy 1,000 IoT devices. Each device will send one device-to-cloud message every hour. Each message will be 4 KB.
You need to deploy an Azure IoT hub that will support the IoT device deployment. The solution must meet the following requirements:
Perform bulk device operations such as creating multiple device identities.
Minimize costs
What should you deploy?
- A. one unit of the B1 tier
- B. one unit of the S2 tier
- C. one unit of the S1 tier
- D. one unit of the free tier
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-quotas-throttling
NEW QUESTION 37
You have an Azure IoT hub that uses a Device Provision Service instance.
You plan to deploy 100 IoT devices.
You need to confirm the identity of the devices by using the Device Provision Service.
Which three device attestation mechanisms can you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- A. X.509 certificates
- B. Symmetric key
- C. Trusted Platform Module (TPM) 1.2
- D. Trusted Platform Module (TPM) 2.0
- E. Device Identity Composition Engine (DICE)
Answer: A,B,D
Explanation:
The Device Provisioning Service supports the following forms of attestation:
X.509 certificates based on the standard X.509 certificate authentication flow.
Trusted Platform Module (TPM) based on a nonce challenge, using the TPM 2.0 standard for keys to present a signed Shared Access Signature (SAS) token.
This does not require a physical TPM on the device, but the service expects to attest using the endorsement key per the TPM spec.
Symmetric Key based on shared access signature (SAS) Security tokens, which include a hashed signature and an embedded expiration.
Reference:
https://docs.microsoft.com/en-us/azure/iot-dps/concepts-service#attestation-mechanism
NEW QUESTION 38
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are developing a custom Azure IoT Edge module.
The module needs to identify the device ID of the local device.
Solution: You configure the module to read the IOTEDGE_DEVICEID environment variable.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
The Azure ID of the current device is available on the IOTEDGE_DEVICEID environment variable.
Instead read the device ID of the device twin.
Note: Device twins are JSON documents that store device state information including metadata, configurations, and conditions. Azure IoT Hub maintains a device twin for each device that you connect to IoT Hub.
Device identity properties. The root of the device twin JSON document contains the read-only properties from the corresponding device identity stored in the identity registry.
Reference:
https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-device-twins
NEW QUESTION 39
You have an Azure IoT hub that is being taken from prototype to production.
You plan to connect IoT devices to the IoT hub. The devices have hardware security modules (HSMs). You need to use the most secure authentication method between the devices and the IoT hub. Company policy prohibits the use of internally generated certificates.
Which authentication method should you use?
- A. An X.509 certificate signed by a root certification authority (CA).
- B. a symmetric key
- C. an X.509 self-signed certificate
- D. a certificate thumbprint
Answer: A
Explanation:
Purchase X.509 certificates from a root certificate authority (CA). This method is recommended for production environments.
The hardware security module, or HSM, is used for secure, hardware-based storage of device secrets, and is the most secure form of secret storage. Both X.509 certificates and SAS tokens can be stored in the HSM Reference:
https://docs.microsoft.com/en-us/azure/iot-dps/concepts-security
NEW QUESTION 40
You are deploying an Azure IoT Edge solution that includes multiple IoT Edge devices.
You need to configure module-to-module routing.
To which section of the deployment manifest should you add the routes?
- A. storeAndForwardConfiguration
- B. $edgeHub
- C. modules
- D. systemModules
Answer: B
Explanation:
Routes are declared in the $edgeHub desired properties.
Reference:
https://docs.microsoft.com/en-us/azure/iot-edge/module-composition
NEW QUESTION 41
......
Topics of AZ-220:Microsoft Azure IoT Developer Exam
Candidates should apprehend the examination topics before they begin of preparation. because it'll extremely facilitate them in touch the core. Our AZ-220 exam dumps will include the following topics:
1. Implement the IoT solution infrastructure (15-20%)
Create and configure an IoT Hub
- Create an IoT Hub
- Register a device
- Configure IoT Hub tier and scaling
- Configure a device twin
Build device messaging and communication
- Build messaging solutions by using SDKs (device and service)
- Configure file upload for devices
- Implement cloud-to-device communication
- Implement device-to-cloud communication
Configure physical IoT devices
- Configure device networking, topology, and connectivity
- Recommend an appropriate protocol based on device specifications
2. Provision and manage devices (20-25%)
Implement the Device Provisioning Service (DPS)
- Create a new enrollment in DPS
- Create a Device Provisioning Service
- Link an IoT Hub to the DPS
- Manage allocation policies by using Azure Functions
Manage the device lifecycle
- Provision a device by using DPS
- Deprovision an autoenrollment
- Decommission (disenroll) a device
Manage IoT devices by using IoT Hub
- Modify device twin tags and properties
- Trigger an action on a set of devices by using IoT Hub Jobs and Direct Methods
- Set up Automatic Device Management of IoT devices at scale
- Manage devices list in the IoT Hub device registry
Build a solution by using IoT Central
- Monitor devices
- Define a device type in Azure IoT Central
- Configure rules and actions in Azure IoT Central
- Define the operator view
- Add and manage devices from IoT Central
3. Implement Edge (15-20%)
Set up and deploy an IoT Edge device
- Create a device identity in IoT Hub
- Create a deployment for IoT Edge devices
- Deploy a single IoT device to IoT Edge
- Install container runtime on IoT devices
Develop modules
- Deploy a module to an Edge device
- Create and configure an Edge module
- Publish an IoT Edge module to an Azure Container Registry
Configure an IoT Edge device
- Implement module-to-module communication
- Select and deploy an appropriate gateway pattern
- Implement and configure offline support
4.Process and manage data (15-20%)
Configure routing in Azure IoT Hub
- Configure routing of IoT Device messages to endpoints
- Implement message enrichment in IoT Hub
- Define and test routing queries
- Integrate with Event Grid
Configure stream processing
- Process and filter IoT data by using Azure Functions
- Create ASA for data and stream processing of IoT data
- Configure Stream Analytics outputs
Configure an IoT solution for Time Series Insights (TSI)
- Implement solutions to handle telemetry and time-stamped data
- Create an Azure Time Series Insights (TSI) environment
- Connect the IoT Hub and the Time Series Insights (TSI)
5. Monitor, troubleshoot, and optimize IoT solutions (15-20%)
Configure health monitoring
- Query and visualize tracing by using Azure monitor
- Configure metrics in IoT Hub
- Set up diagnostics logs for Azure IoT Hub
Troubleshoot device communication
- Establish maintenance communication
- Troubleshoot device disconnects and connects
- Verify device telemetry is received by IoT Hub
- Validate device twin properties, tags and direct methods
Perform end-to-end solution testing and diagnostics
- Estimate the capacity required for each service in the solution
- Conduct performance and stress testing
- Set up device D2C message tracing by using Azure Distributed Tracing
6. Implement security (15-20%)
Implement device authentication in the IoT Hub
- Choose an appropriate form of authentication
- Manage the X.509 certificates for a device
- Manage the symmetric keys for a device
Implement device security by using DPS
- Configure enrollment with symmetric keys
- Configure enrollment with x.509 certificates
- Configure different attestation mechanisms with DPS
- Generate and manage x.509 certificates for IoT Devices
- Generate a TPM endorsements key for a device
Implement Azure Security Center (ASC) for IoT
- Enable ASC for IoT in Azure IoT Hub
- Configure custom alerts
- Create security modules
Exam AZ-220: Microsoft Azure IoT Developer
Candidates for this exam should have subject matter expertise implementing the configuration and coding tasks required to create and maintain the cloud and edge portions of an IoT solution.
Candidates for this exam should have a general understanding of device types and Azure services, including data storage options, data analysis, data processing, AI, and other platform as a service (PaaS) options. They must be able to program in at least one Azure IoT software development kit–supported (SDK–supported) language.
Part of the requirements for: Microsoft Certified: Azure IoT Developer Specialty
Latest 100% Passing Guarantee - Brilliant AZ-220 Exam Questions PDF: https://testinsides.actualpdf.com/AZ-220-real-questions.html
