Exam AZ-301 topic 17 question 34 discussion

-> If a data center fails, ensure that the payment processing system remains available without any administrative intervention. The middle-tier and the web front end must continue to operate without any additional configurations b) Traffic mannager

Front-End System: - Hosted on servers that run Win2012R2, ISS - Code is written in C# and ASP.NET Requirements: 1. If a data center fails, ensure the front-end reamains available without intervention. 2. Encrypt data in transit (and at rest) 3. Support blocking inbound and outbound traffic based on the source IP address, the destination IP address, and the port number. 4. Ensure compute nodes can increase or decrease automatically based on CPU utilization. 5. Cost must be minimized 6. Front-End tier must provide SLA of 99.99% Possible answers: A. Application Gateway - Supports Availability Zones - Supports Autoscaling - Provides 99.95% SLA B. Traffic Manager - Doesn't provide a way by itself to scale a group of VMs in or out C. Load Balancer (Standard SKU) - Provides 99.99% SLA - Supports Availability Zones - Supports HTTPs health probes (we can assume HTTPs is used as of req. 2) D. Load Balancer (Basic SKU) - Doesn't support Availability Zones and can be ruled out Conclusion: Answer C.

I'd say that the only possible option is the AppGW since it the only one that fulfills all the requirements (asuming the more specific requirement for the payment process availability - Data center level instead of cross-region) 1. SLA - 99,99 --> AppGWv2 supports it 2. Encrypt data in transit and at rest. Only the front-end and middle-tier components must be able to access the encryption keys that protect the data store --> AppGW only 3. Inspect inbound and outbound traffic from the front-end tier by using highly available network appliances.--> AppGW only 4. Ensure compute nodes can increase or decrease automatically based on CPU utilization --> AppGWv2 supports it Please see --> https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-autoscaling-zone-redundant

There is confusing info in the question: 1)" Infrastructure services must remain available if a region or a data center fails. " Multiple regions based HA: if it is needed then TM, it has 99.99% sla 2) If a data center fails, ensure that the payment processing system remains available without any administrative intervention. ie multiple zones based HA: if only requirement is for multiple zones, it Std LB since it has 99.99% and also zone redundant https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-availability-zones App Gateway can be avoided since it does not have 99.99% SLA

C is the right answer. SLA for Traffic Manager is only for the DNS queries, where the SLA for standard LB involved the VMs behind the LB. Both are 99.99%

I failed like all the noobs on traffic manager.. but of course, after reading the discussion, Standard LB is clear.

i think that mmo is right , the requirement "Inspect inbound and outbound traffic from the front-end tier by using highly available network appliances" requires a Application gateway (or frontdoor).

Traffic manager

1. Contoso hosts a business-critical payment processing system in its New York data center. - So, there is no cross- regional availability Requirement 2. If a data center fails, ensure that the payment processing system remains available without any administrative intervention. The middle-tier and the web front end must continue to operate without any additional configurations. - In case of a Datacenter failure, Payment processing systems should be available. No requirement for Regional failure - So, No need of Traffic Manager 3. Ensure that each tier of the payment processing system is subject to a Service Level Agreement (SLA) of 99.99 percent availability - Will Require Standard LB 4. Ensure that the payment processing system preserves its current compliance status. So do not require a Cross-regional availability 5. Infrastructure services must remain available if a region or a data center fails- It is not applicable to Payment processing system, as the requirement is explicitly stated as above.

C is correct and answer is on the revealed section + minimal costs

Answer is B, Traffic Manager the key is : Infrastructure services must remain available if a region or a data center fails Only Traffic Manager can handle multi region

Seems we're going back an forth on region for the infrastructure and zone for the app. There's only 1 way listed that can solve both of these at the same time and that's Traffic Manager. If the app fails in a data center in one region, the health checks will determine this and stop pointing traffic to it. And only point traffic to the other region.

"Infrastructure services must remain available if a region or a data center fails."; as it includes region failure, the answer is Traffic Manager.

Given answer is correct. Layer 4 + SLA + Zone-fail. https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-standard-public-zone-redundant-portal https://azure.microsoft.com/en-us/support/legal/sla/load-balancer/v1_0/ https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

one thing for sure is, it cannot be traffic manager because it cannot perform this: "Inspect inbound and outbound traffic from the front-end tier by using highly available network appliances."

The scenario is a bit confusing. On the one hand it says that the infrastructure, in general, needs to be resilient to datacenter AND region failures. But then it says that the payment processing system needs to be resilient to datacenter failures. To take into account both requirements, I would say Traffic Manager is the answer. But because they strictly mention payment processing, I guess the answer could be standard load balancer, as long as there is already a traffic manager set up to handle region failures.

C. a Standard Load Balancer