Validated of AZ-220 exam answers materials and faq for Microsoft certification for client, Real Success Guaranteed with Updated AZ-220 pdf dumps vce Materials. 100% PASS Microsoft Azure IoT Developer exam Today!
Online AZ-220 free questions and answers of New Version:
NEW QUESTION 1
You plan to deploy Azure Time Series Insights.
What should you create on iothub1 before you deploy Time Series Insights?
- A. a new message route
- B. a new consumer group
- C. a new shared access policy
- D. an IP filter rule
Answer: B
Explanation:
Create a dedicated consumer group in the IoT hub for the Time Series Insights environment to consume from. Each Time Series Insights event source must have its own dedicated consumer group that isn't shared with any other consumer. If multiple readers consume events from the same consumer group, all readers are likely to exhibit failures.
Reference:
https://docs.microsoft.com/en-us/azure/time-series-insights/time-series-insights-how-to-add-an-event-source- iothub
NEW QUESTION 2
You have 10 IoT devices that connect to an Azure IoT hub named Hub1.
From Azure Cloud Shell, you run az iot hub monitor-events --hub-name Hub1 and receive the following error message: "az iot hub: 'monitor-events' is not in the 'az iot hub' command group. See 'az iot hub
--help'."
You need to ensure that you can run the command successfully. What should you run first?
- A. az iot hub monitor-feedback --hub-name Hub1
- B. az iot hub generate-sas-token --hub-name Hub1
- C. az iot hub configuration list --hub-name Hub1
- D. az extension add -name azure-cli-iot-ext
Answer: D
Explanation:
Execute az extension add --name azure-cli-iot-ext once and try again.
In order to read the telemetry from your hub by CLI, you have to enable IoT Extension with the following commands:
Add: az extension add --name azure-cli-iot-ext Reference:
https://github.com/MicrosoftDocs/azure-docs/issues/20843
NEW QUESTION 3
You use Azure Security Center in an Azure IoT solution.
You need to exclude some security events. The solution must minimize development effort. What should you do?
- A. Create an Azure function to filter security messages.
- B. Add a configuration to the code of the physical IoT device.
- C. Add configuration details to the device twin object.
- D. Create an azureiotsecurity module twin and add configuration details to the module twin object.
Answer: D
Explanation:
Properties related to every Azure Security Center for IoT security agent are located in the agent configuration object, within the desired properties section, of the azureiotsecurity module.
To modify the configuration, create and modify this object inside the azureiotsecurity module twin identity. Note: Azure Security Center for IoT's security agent twin configuration object is a JSON format object. The
configuration object is a set of controllable properties that you can define to control the behavior of the agent. These configurations help you customize the agent for each scenario required. For example, automatically
excluding some events, or keeping power consumption to a minimal level are possible by configuring these
properties.
Reference:
https://docs.microsoft.com/en-us/azure/asc-for-iot/how-to-agent-configuration
NEW QUESTION 4
You need to enable telemetry message tracing through the entire IoT solution. What should you do?
- A. Monitor device lifecycle events.
- B. Upload IoT device logs by using the File upload feature.
- C. Enable the DeviceTelemetry diagnostic log and stream the log data to an Azure event hub.
- D. Implement distributed tracing.
Answer: D
Explanation:
IoT Hub is one of the first Azure services to support distributed tracing. As more Azure services support distributed tracing, you'll be able trace IoT messages throughout the Azure services involved in your solution.
Note:
Enabling distributed tracing for IoT Hub gives you the ability to:
Precisely monitor the flow of each message through IoT Hub using trace context. This trace context includes correlation IDs that allow you to correlate events from one component with events from another component. It can be applied for a subset or all IoT device messages using device twin.
Automatically log the trace context to Azure Monitor diagnostic logs.
Measure and understand message flow and latency from devices to IoT Hub and routing endpoints. Start considering how you want to implement distributed tracing for the non-Azure services in your IoT solution.
Reference:
https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-distributed-tracing
NEW QUESTION 5
You have 100 devices that connect to an Azure IoT hub.
You need to be notified about failed local logins to a subnet of the devices.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
- A. Mastered
- B. Not Mastered
Answer: A
Explanation:
Step 1: Enable Azure Security Center for IoT
Security alerts, such as failed local IoT hub logins, are stored in AzureSecurityOfThings.SecurityAlert table in the Log Analytics workspace configured for the Azure Security Center for IoT solution.
Step 2: Select a device security group Update a device security group..
Step 3: Create a custom alert rule by creating a custom alert rule Reference:
https://docs.microsoft.com/bs-latn-ba/azure/asc-for-iot/how-to-security-data-access https://docs.microsoft.com/en-us/rest/api/securitycenter/devicesecuritygroups/createorupdate
NEW QUESTION 6
You have an Azure IoT solution that includes an Azure IoT hub.
You receive a root certification authority (CA) certificate from the security department at your company. You need to configure the IoT hub to use the root CA certificate.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
- A. Mastered
- B. Not Mastered
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/bs-latn-ba/azure/iot-hub/iot-hub-security-x509-get-started
NEW QUESTION 7
You develop a custom Azure IoT Edge module named temperature-module.
You publish temperature-module to a private container registry named mycr.azurecr.io
You need to build a deployment manifest for the IoT Edge device that will run temperature-module. Which three container images should you define in the manifest? Each correct answer presents part of the
solution.
NOTE: Each correct selection is worth one point.
- A. mcr.microsoft.com/azureiotedge-simulated-temperature-sensor:1.0
- B. mcr.microsoft.com/azureiotedge-agent:1.0
- C. mcr.microsoft.com/iotedgedev:2.0
- D. mycr.azurecr.io/temperature-module:latest
- E. mcr.microsoft.com/azureiotedge-hub:1.0
Answer: BDE
Explanation:
Each IoT Edge device runs at least two modules: $edgeAgent and $edgeHub, which are part of the IoT Edge runtime. IoT Edge device can run multiple additional modules for any number of processes. Use a deployment manifest to tell your device which modules to install and how to configure them to work together.
Reference:
https://docs.microsoft.com/en-us/azure/iot-edge/module-composition
NEW QUESTION 8
You have an Azure IoT hub that uses a Device Provisioning Service instance.
You create a new individual device enrollment that uses symmetric key attestation.
Which detail from the enrollment is required to auto provision the device by using the Device Provisioning Service?
- A. the registration ID of the enrollment
- B. the primary key of the enrollment
- C. the device identity of the IoT hub
- D. the hostname of the IoT hub
Answer: C
Explanation:
An enrollment is the record of devices or groups of devices that may register through auto-provisioning. The enrollment record contains information about the device or group of devices, including:
the attestation mechanism used by the device
the optional initial desired configuration desired IoT hub the desired device ID
Note: Azure IoT auto-provisioning can be broken into three phases:
*1. Service configuration - a one-time configuration of the Azure IoT Hub and IoT Hub Device Provisioning Service instances, establishing them and creating linkage between them.
*2. Device enrollment - the process of making the Device Provisioning Service instance aware of the devices that will attempt to register in the future. Enrollment is accomplished by configuring device identity information in the provisioning service, as either an "individual enrollment" for a single device, or a "group enrollment" for multiple devices.
*3. Device registration and configuration Reference:
https://docs.microsoft.com/en-us/azure/iot-dps/concepts-service#enrollment
NEW QUESTION 9
You have an Azure IoT hub.
You plan to attach three types of IoT devices as shown in the following table.
You need to select the appropriate communication protocol for each device.
What should you select? To answer, drag the appropriate protocols to the correct devices. Each protocol may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
- A. Mastered
- B. Not Mastered
Answer: A
Explanation:
Box 1: AMQP
Use AMQP on field and cloud gateways to take advantage of connection multiplexing across devices. Box 2: MQTT
MQTT is used on all devices that do not require to connect multiple devices (each with its own per-device credentials) over the same TLS connection.
Box 3: HTTPS
Use HTTPS for devices that cannot support other protocols.
https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-protocols
NEW QUESTION 10
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this question, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have devices that connect to an Azure IoT hub. Each device has a fixed GPS location that includes latitude and longitude.
You discover that a device entry in the identity registry of the IoT hub is missing the GPS location.
You need to configure the GPS location for the device entry. The solution must prevent the changes from being propagated to the physical device.
Solution: You add the desired properties to the device twin. Does the solution meet the goal?
- A. Yes
- B. No
Answer: A
Explanation:
Device Twins are used to synchronize state between an IoT solution's cloud service and its devices. Each device's twin exposes a set of desired properties and reported properties. The cloud service populates the desired properties with values it wishes to send to the device. When a device connects it requests and/or subscribes for its desired properties and acts on them.
Reference:
https://azure.microsoft.com/sv-se/blog/deep-dive-into-azure-iot-hub-notifications-and-device-twin/
NEW QUESTION 11
You have three Azure IoT hubs named Hub1, Hub2, and Hub3, a Device Provisioning Service instance, and an IoT device named Device1.
Each IoT hub is deployed to a separate Azure region. Device enrollment uses the Lowest latency allocation policy.
The Device Provisioning Service uses the Lowest latency allocation policy. Device1 is auto-provisioned to
Hub1 by using the Device Provisioning Service. Device1 regularly moves between regions.
You need to ensure that Device1 always connects to the IoT hub that has the lowest latency. What should you do?
- A. Configure device attestation that uses X.509 certificates.
- B. Implement device certificate rolling.
- C. Disenroll and reenroll Device1.
- D. Configure the re-provisioning policy.
Answer: D
Explanation:
Automated re-provisioning support.
Microsoft added first-class support for device re-provisioning which allows devices to be reassigned to a different IoT solution sometime after the initial solution assignment. Re-provisioning support is available in two options:
Factory reset, in which the device twin data for the new IoT hub is populated from the enrollment list instead of the old IoT hub. This is common for factory reset scenarios as well as leased device scenarios. Migration, in which device twin data is moved from the old IoT hub to the new IoT hub. This is common for scenarios in which a device is moving between geographies.
Reference:
https://azure.microsoft.com/en-us/blog/new-year-newly-available-iot-hub-device-provisioning-service-features/
NEW QUESTION 12
You have an Azure IoT solution that includes an Azure IoT hub, 100 Azure IoT Edge devices, and 500 leaf devices.
You need to perform a key rotation across the devices.
Which three types of entities should you update? Each Answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A. the $edgeHub module identity
- B. the $edgeAgent module identity
- C. the leaf module identities
- D. the IoT Edge device identities
- E. the iothubowner policy credentials
- F. the leaf device identities
Answer: ADF
Explanation:
To get authorization to connect to IoT Hub, devices and services must send security tokens signed with either a shared access or symmetric key. These keys are stored with a device identity in the identity registry.
An IoT Hub identity registry can be accessed like a dictionary, by using the deviceId or moduleId as the key. Reference:
https://docs.microsoft.com/bs-latn-ba/azure/iot-dps/how-to-control-access https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-identity-registry
NEW QUESTION 13
You deploy an Azure IoT hub.
You need to demonstrate that the IoT hub can receive messages from a device.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
- A. Mastered
- B. Not Mastered
Answer: A
Explanation:
Step 1: Register a device in IoT Hub
Before you can use your IoT devices with Azure IoT Edge, you must register them with your IoT hub. Once a device is registered, you can retrieve a connection string to set up your device for IoT Edge workloads.
Step 2: Configure the device connection string on a device client.
When you're ready to set up your device, you need the connection string that links your physical device with its identity in the IoT hub.
Step 3: Trigger a new send event from a device client. Reference:
https://docs.microsoft.com/en-us/azure/iot-edge/how-to-register-device
NEW QUESTION 14
You have an Azure IoT solution that includes a standard tier Azure IoT hub and an IoT device. The device sends one 100-KB device-to-cloud message every hour.
You need to calculate the total daily message consumption of the device. What is the total daily message consumption of the device?
- A. 24
- B. 600
- C. 2,400
- D. 4,800
Answer: B
Explanation:
\100 KB * 24 is around 2,400 bytes.
The 100 KB message is divided into 4 KB blocks, and it is billed for 25 messages. 25 times 24 is 600
Note: The maximum message size for messages sent from a device to the cloud is 256 KB. These messages are metered in 4 KB blocks for the paid tiers so for instance if the device sends a 16 KB message via the paid tiers it will be billed as 4 messages.
Reference:
https://azure.microsoft.com/en-us/pricing/details/iot-hub/
NEW QUESTION 15
You have 10,000 IoT devices that connect to an Azure IoT hub. The devices do not support over-the-air (OTA) updates.
You need to decommission 1,000 devices. The solution must prevent connections and autoenrollment for the decommissioned devices.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A. Update the connectionState device twin property on all the devices.
- B. Blacklist the X.509 root certification authority (CA) certificate for the enrollment group.
- C. Delete the enrollment entry for the devices.
- D. Remove the identity certificate from the hardware security module (HSM) of the devices.
- E. Delete the device identity from the device registry of the IoT hub.
Answer: BC
Explanation:
B: X.509 certificates are typically arranged in a certificate chain of trust. If a certificate at any stage in a chain becomes compromised, trust is broken. The certificate must be blacklisted to prevent Device Provisioning Service from provisioning devices downstream in any chain that contains that certificate.
C: Individual enrollments apply to a single device and can use either X.509 certificates or SAS tokens (in a real or virtual TPM) as the attestation mechanism. (Devices that use SAS tokens as their attestation mechanism can be provisioned only through an individual enrollment.) To blacklist a device that has an individual enrollment, you can either disable or delete its enrollment entry.
To blacklist a device that has an individual enrollment, you can either disable or delete its enrollment entry. Reference:
https://docs.microsoft.com/en-us/azure/iot-dps/how-to-revoke-device-access-portal
NEW QUESTION 16
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this question, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have devices that connect to an Azure IoT hub. Each device has a fixed GPS location that includes latitude and longitude.
You discover that a device entry in the identity registry of the IoT hub is missing the GPS location.
You need to configure the GPS location for the device entry. The solution must prevent the changes from being propagated to the physical device.
Solution: You use an Azure policy to apply tags to a resource group. Does the solution meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
Instead add the desired properties to the device twin.
Note: Device Twins are used to synchronize state between an IoT solution's cloud service and its devices. Each device's twin exposes a set of desired properties and reported properties. The cloud service populates the desired properties with values it wishes to send to the device. When a device connects it requests and/or subscribes for its desired properties and acts on them.
Reference:
https://azure.microsoft.com/sv-se/blog/deep-dive-into-azure-iot-hub-notifications-and-device-twin/
NEW QUESTION 17
You have an Azure IoT solution that includes an Azure IoT Hub named Hub1 and an Azure IoT Edge device named Edge1. Edge1 connects to Hub1.
You need to deploy a temperature module to Edge1. What should you do?
- A. From the Azure portal, navigate to Hub1 and select IoT Edg
- B. Select Edge1, and then select Manage Child Device
- C. From a Bash prompt, run the following command:az iot edge set-modules -device-id Edge1 -hub-name Hub1 -content C:deploymentMan1.json
- D. Create an IoT Edge deployment manifest that specifies the temperature module and the route to$upstrea
- E. From a Bush prompt, run the following command: az iot hub monitor-events-device-id Edge1 -hub-name Hub1
- F. From the Azure portal, navigate to Hub1 and select IoT Edg
- G. Select Edge1, select Device Twin, and then set the deployment manifest as a desired propert
- H. From a Bash prompt, run the following commandaz iot hub monitor-events-device-id Edge1 -hub-name Hub1
- I. Create an IoT Edge deployment manifest that specifies the temperature module and the route to$upstrea
- J. From a Bush prompt, run the following command:az iot edge set-modules -device-id Edge1 -hub-name Hub1 -content C:deploymentMan1.json
Answer: D
Explanation:
You deploy modules to your device by applying the deployment manifest that you configured with the module information.
Change directories into the folder where your deployment manifest is saved. If you used one of the VS Code IoT Edge templates, use the deployment.json file in the config folder of your solution directory and not the deployment.template.json file.
Use the following command to apply the configuration to an IoT Edge device:
az iot edge set-modules --device-id [device id] --hub-name [hub name] --content [file path] Reference: https://docs.microsoft.com/en-us/azure/iot-edge/how-to-deploy-modules-cli
NEW QUESTION 18
......
P.S. Certstest now are offering 100% pass ensure AZ-220 dumps! All AZ-220 exam questions have been updated with correct answers: https://www.certstest.com/dumps/AZ-220/ (0 New Questions)