After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure IoT solution.
You plan to register an Azure loT Edge device by using X.509 self-signed certificates.
You need to provide the thumbprint for the primary and secondary certificates.
Solution: You generate a 96-hex character SHA384 hash for the certificates.
Does this meet the goal?

A. Yes

B. No

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Standard tier Azure IoT hub and a fleet of IoT devices.
The devices connect to the IoT hub by using either Message Queuing Telemetry Transport (MQTT) or Advanced Message Queuing Protocol (AMQP).
You need to send data to the IoT devices and each device must respond. Each device will require three minutes to process the data and respond.
Solution: You update the twin desired property and check the corresponding reported property.
Does this meet the goal?

A. Yes

B. No

You have an Azure IoT hub that has 1,000 registered devices.
You create an Azure logic app.
You need to send Device Connected and Device Disconnected events in real time to the logic app.
What should you do?

A. From the Message routing blade of the IoT hub, add a route, Route DeviceLifecycleEvents to an Azure Service Bus queue.

B. From the Diagnostic settings blade of the IoT hub, add a diagnostic setting. Route the connection logs to a Log Analytics workspace.

C. From the Events blade of the IoT hub, add an event subscription. Configure the Filter to Event Types setting and route the events to a webhook.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure IoT solution that includes an Azure IoT hub, a Device Provisioning Service instance, and 1,000 connected IoT devices.
All the IoT devices are provisioned automatically by using one enrollment group.
You need to temporarily disable the IoT devices from the connecting to the IoT hub.
Solution: From the Device Provisioning Service, you disable the enrollment group, and you disable device entries in the identity registry of the IoT hub to which the
IoT devices are provisioned.
Does the solution meet the goal?

A. Yes

B. No

You have an Azure IoT solution that contains 20 IoT devices. Each device typically sends five Message Queuing Telemetry Transport (MQTT) messages per minute.
You need to configure an alert to detect which devices have an anomalous MQTT message send rate.
What should you do?

A. Create an Azure IoT hub and an IoT alert that has the following settings:• Condition: C2D message deliveries completed• Threshold: Static• Threshold value: 15• Aggregation granularity: 5 minutes

B. Create an Azure IoT hub and an IoT alert that has the following settings:• Condition: C2D message deliveries completed• Threshold: Static• Operator: Greater than• Aggregation type: Average• Threshold value: 30

C. Enable Azure Defender for IoT and create a custom rule that has the following settings:• Custom Alert: Number of device to cloud messages (MQTT protocol) is not in allowed range• Minimal Threshold: 30• Maximum Threshold: 60• Time Window Size: 00:05:00

D. Enable Azure Defender for IoT and create a custom rule that has the following settings:• Custom Alert: Number of device to cloud messages (MQTT protocol) is not in allowed range• Minimal Threshold: 20• Maximum Threshold: 30• Time Window Size: 00:05:00

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have devices that connect to an Azure IoT hub. Each device has a fixed GPS location that includes latitude and longitude.
You discover that a device entry in the identity registry of the IoT hub is missing the GPS location.
You need to configure the GPS location for the device entry. The solution must prevent the changes from being propagated to the physical device.
Solution: You add tags to the device twin.
Does the solution meet the goal?

A. Yes

B. No

You have IoT devices that connect to an Azure IoT hub.
From IoT Hub, you create an Event subscription to be notified when devices are registered to IoT Hub. You select webhook endpoint as a handler for the Event subscription.
Which two types of Event Grid messages will be received by the webhook? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Microsoft.Devices.DeviceCreated

B. Microsoft.Resources.ResourceWriteSuccess

C. Microsoft.EventGrid.SubscriptionValidationEvent

D. Microsoft.Devices.DeviceConnected

HOTSPOT -
You have an Azure subscription that contains an Azure IoT hub, an Azure IoT Edge gateway, and 1,000 leaf devices. The leaf devices use a custom communication protocol that is NOT supported by the IoT hub.
You need to configure the gateway to meet the following requirements:
✑ Minimize the number of connections between the gateway and the IoT hub.
✑ Support addressing cloud-to-device messages to individual leaf devices.
How should you configure the gateway? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have an existing Azure IoT hub.
You need to connect physical IoT devices to the IoT hub.
You are connecting the devices through a firewall that allows only port 443 and port 80.
Which three communication protocols can you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. MQTT over WebSocket

B. AMQP

C. AMQP over WebSocket

D. MQTT

E. HTTPS

You have 100 devices that connect to an Azure IoT hub.
You plan to use Azure functions to process all the telemetry messages from the devices before storing the messages.
You need to configure the functions binding for the IoT hub.
Which two configuration details should you use to configure the binding? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. the name of the resource group that contains the IoT hub

B. the IoT hub’s connection string shared access key that has Service connect permissions

C. the connection string of the Azure Event Hub-compatible endpoint from the IoT Hub built-in endpoints

D. the Azure Event-Hub compatible name

You are prototyping an IoT edge solution.
You are creating a deployment manifest for an IoT edge device that will connect to an Azure IoT hub.
Which two modules should you include in the manifest? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. azureiotsecurity

B. edgeHub

C. opc-publisher

D. edgeAgent

E. iotedgeModbus

You have an Azure IoT solution.
You need to implement multi-factor device authentication by using custom device authentication.
What should you do first?

A. Create an Azure Policy definition for Azure IoT Hub.

B. Enable multi-factor authentication (MFA) for Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra.

C. Create a service endpoint policy.

D. Deploy a security token service.

You have a remote network that contains an IoT device named Device1 and a firewall named Firewall1.
You have an Azure subscription that contains an Azure IoT hub named Hub1. Device1 is registered to Hub1. Firewall1 only allows outbound traffic from Hub1 via TCP port 443.
You need to build an app that will connect to Device1 by using SSH on port 22. The solution must minimize costs.
What should you configure to connect to Device1?

A. IoT Hub message routing

B. shared access policies

C. Azure Private Link

D. IoT Hub device streams

HOTSPOT
-
You are creating an Azure Digital Twins query.
You need to return all the digital twins that have a contains relationship with a digital twin that has an ID of twin1.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

You have the devices shown in the following table.
 
You are implementing a proof of concept (POC) for an Azure IoT solution.
You need to deploy an Azure IoT Edge device as part of the POC.
On which two devices can you deploy IoT Edge? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Device1

B. Device2

C. Device3

D. Device4

DRAG DROP -
You have an Azure subscription that contains an Azure IoT hub and 100 IoT devices.
The devices connect to the IoT hub by using the Advanced Message Queuing Protocol (AMQP) protocol and authenticate to the IoT hub by using symmetric keys.
You need to configure the SASL PLAIN username for the AMQP connection.
How should you configure the username? To answer, drag the appropriate options to the correct targets. Each option may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
 

You have an Azure subscription that contains an Azure Time Series Insights environment. The environment has the properties shown in the following table.
 
You need to create a D.
Which two time series expressions can be correctly used as part of the query? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. $event.p1.String = ‘abc’

B. $event.p2 = ‘abc’

C. $event[‘p1’] != NULL

D. $event.p4.p5 = 0.0

You develop a custom Azure IoT Edge module named temperature-module.
You publish temperature-module to a private container registry named mycr.azurecr.io
You need to build a deployment manifest for the IoT Edge device that will run temperature-module.
Which three container images should you define in the manifest? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. mcr.microsoft.com/azureiotedge-simulated-temperature-sensor:1.0

B. mcr.microsoft.com/azureiotedge-agent:1.0

C. mcr.microsoft.com/iotedgedev:2.0

D. mycr.azurecr.io/temperature-module:latest

E. mcr.microsoft.com/azureiotedge-hub:1.0

You have an Azure IoT solution that includes an Azure IoT hub and a Device Provisioning Service instance.
Several enrolled devices are stolen.
You need to prevent the stolen devices from connecting to the IoT solution. The solution must prevent the devices from re-enrollment and must be implemented as soon as possible.
What should you do?

A. Delete the devices from the IoT hub.

B. Delete the device enrollments from the Device Provisioning Service.

C. Disable the devices in the IoT hub and delete from the IoT hub.

D. Disable the device enrollments in the Device Provisioning Service and delete the devices from the IoT hub.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are developing a custom Azure IoT Edge module.
The module needs to identify the device ID of the local device.
Solution: You configure the module to read the device ID of the device twin.
Does this meet the goal?

A. Yes

B. No

DRAG DROP -
You have 100 devices that connect to an Azure IoT hub.
You need to be notified about failed local logins to a subset of the devices.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
 

You need to configure Stream Analytics to meet the POV requirements.
What are two ways to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. From IoT Hub, create a custom event hub endpoint, and then configure the endpoint as an input to Stream Analytics.

B. Create a Stream Analytics module, and then deploy the module to all IoT Edge devices in the fleet.

C. Create an input in Stream Analytics that uses the built-in events endpoint of IoT Hub as the source.

D. Route telemetry to an Azure Blob storage custom endpoint, and then configure the Blob storage as a reference input for Stream Analytics.

During the POV phase, you connect a device to IoT Hub and start sending telemetry messages.
You need to verify the content of the messages received by IoT Hub during the POV phase.
What should you use?

A. the Monitoring settings of IoT Hub or a Postman call to the IoT Hub REST API

B. Azure Monitor or Azure Log Analytics

C. Microsoft Visual Studio Code that uses the IoT Hub Toolkit or Azure CLI that uses the IoT Hub extension

D. Splunk or Grafana

You have an IoT device that gathers data in a CSV file named Sensors.csv.
You deploy an Azure IoT hub that is accessible at ContosoHub.azure-devices.net.
You need to ensure that Sensors.csv is uploaded to the IoT hub.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Upload Sensors.csv by using the IoT Hub REST API.

B. From the Azure subscription, select the IoT hub, select Message routing, and then configure a route to storage.

C. From the Azure subscription, select the IoT hub, select File upload, and then configure a storage container.

D. Configure the device to use a GET request to ContosoHub.azure-devices.net/devices/ContosoDevice1/files/notifications.

DRAG DROP -
You have an Azure IoT Edge device named Edge1.
You need to configure the module container to link the module storage to the host storage.
How should you configure the deployment manifest? To answer, drag the appropriate keys to the correct targets. Each key may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
 

You have an Azure subscription.
You need to deploy an Azure IoT hub by using an Azure Resource Manager (ARM) template. The solution must ensure that the IoT hub rejects connections from devices that only support cipher suites that use SHA1.
What should you include in the template?

A. “authenticationType”:“keyBased”

B. “disableDeviceSAS”:“true”

C. “disableModuleSAS”:“true”

D. “minTlsVersion”:“1.2”

HOTSPOT
-
You have an Azure IoT Central application that has a custom device template.
You need to configure the device template to support the following activities:
•	Return the reported power consumption.
•	Configure the desired fan speed.
•	Run the device reset routine.
•	Read the fan serial number.
Which option should you use for each activity? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
You have sites that contain industrial control devices as shown in the following table.
 
You have an Azure subscription that contains an Azure IoT hub. The IoT hub has Microsoft Defender for IoT enabled.
You plan to deploy Microsoft Defender for IoT to the devices.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

DRAG DROP -
Your company develops a custom module and exports the module as a Linux Dockerfile.
You need to deploy the module to an Azure IoT Edge device that runs Ubuntu Server 18.04.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
 

HOTSPOT
-
You are planning a project that will use an Azure IoT hub.
You have two authentication certificates named Cert1 and Cert2. Cert1 is a CA signed certificate and Cert 2 is a leaf certificate.
You need to identify which certificates to use.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

You need to visualize Azure IoT Hub telemetry data by using Microsoft Power BI.
Which service should you connect to the IoT hub?

A. Azure Event Grid

B. SendGrid

C. Azure Stream Analytics

D. Azure Notification Hubs

You have an existing Azure IoT hub.
You use IoT Hub jobs to schedule long running tasks on connected devices.
Which three operations do the IoT Hub jobs support directly? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Trigger Azure functions.

B. Invoke direct methods.

C. Update desired properties.

D. Send cloud-to-device messages.

E. Disable IoT device registry entries.

F. Update tags.

You have an Azure IoT solution that includes an Azure IoT hub and 100 Azure IoT Edge devices.
You plan to deploy the IoT Edge devices to external networks. The firewalls of the external networks only allow traffic on port 80 and port 443.
You need to ensure that the devices can connect to the IoT hub. The solution must minimize costs.
What should you do?

A. Configure the upstream protocol of the devices to use MQTT over TCP.

B. Configure the upstream protocol of the devices to use MQTT over WebSocket.

C. Connect the external networks to the IoT solution by using ExpressRoute.

D. Integrate cellular communication hardware onto the devices and avoid the use of the external networks.

HOTSPOT
-
You have an Azure IoT Edge automatic deployment named D1 that deploys a temperature module to five IoT Edge devices.
D1 has a deployment priority of 10 and the following module configuration.
 
You need to create a new layered deployment that will add a new twin property named ReportingMode. The new deployment must not overwrite the existing module configurations set by D1.
How should you configure the deployment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

DRAG DROP -
You are troubleshooting device connections to and disconnections from an Azure IoT hub.
You configure diagnostic logging for the IoT hub to send to Log Analytics.
You need to generate a report that displays the device connection and disconnection events.
How should you complete the query? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure IoT solution.
You receive the following error in Azure Monitor "403006 DeviceMaximumActiveFileUploadLimitExceeded."
You need to ensure that the file upload code is configured correctly.
Solution: You limit the maximum concurrent file uploads to 10 and notify an Azure IoT hub that a file upload has completed by using a module twin property.
Does this meet the goal?

A. Yes

B. No

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have 10 devices that connect to an Azure IoT hub. Each device has a unique public IP address. The devices are not provisioned through DPS.
You discover an anomaly in messages from two devices.
You need to stop all messages from both devices without affecting the other devices.
Solution: You delete the devices from the IoT hub.
Does the solution meet the goal?

A. Yes

B. No

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure IoT solution that includes an Azure IoT hub, a Device Provisioning Service instance, and 1,000 connected IoT devices.
All the IoT devices are provisioned automatically by using one enrollment group.
You need to temporarily disable the IoT devices from connecting to the IoT hub.
Solution: You disconnect the Device Provisioning Service from the IoT hub.
Does this meet the goal?

A. Yes

B. No

HOTSPOT
-
You create an Azure IoT hub as shown in the following exhibit.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the resources shown in the following table.
 
You create a group enrollment in DPS1 and enroll 100 IoT devices. Each device is issued a leaf certificate from CA1.
You need to deprovision a single IoT device from the group enrollment. The solution must not affect the other devices.
Solution: You create a disabled symmetric key individual enrollment by using the device ID of the device.
Does this meet the goal?

A. Yes

B. No

You have an Azure IoT solution that contains an Azure IoT hub. The IoT hub uses Microsoft Defender for IoT for device builders and an IoT device named ContosoDevice1.
You need to implement the Defender for IoT micro agent.
What should you configure in the IoT hub?

A. a module twin

B. a private endpoint

C. an Azure IoT Edge module

D. the device twin

You have 1,000 devices that connect to an Azure IoT hub.
You discover that some of the devices fail to send data to the IoT hub.
You need to ensure that you can use Azure Monitor to troubleshoot the device connectivity issues.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. From the Diagnostics settings of the IoT hub, select Archive to a storage account.

B. Collect the DeviceTelemetry, Connections, and Routes logs.

C. Collect all metrics.

D. From the Diagnostics settings of the IoT hub, select Send to Log Analytic.

E. Collect the JobsOperations, DeviceStreams, and FileUploadOperations logs.

You plan to deploy a standard tier Azure IoT hub.
You need to perform an over-the-air (OTA) update on devices that will connect to the IoT hub by using scheduled jobs.
What should you use?

A. a device-to-cloud message

B. the device twin reported properties

C. a cloud-to-device message

D. a direct method

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have devices that connect to an Azure IoT hub. Each device has a fixed GPS location that includes latitude and longitude.
You discover that a device entry in the identity registry of the IoT hub is missing the GPS location.
You need to configure the GPS location for the device entry. The solution must prevent the changes from being propagated to the physical device.
Solution: You use an Azure policy to apply tags to a resource group.
Does the solution meet the goal?

A. Yes

B. No

You have an Azure IoT hub that has a hostname of contoso-hub.azure-devices.net and an MCU-based IoT device named Device1. Device1 does NOT support
Azure IoT SDKs.
You plan to connect Device1 to the IoT hub by using the Message Queuing Telemetry Transport (MQTT) protocol and to authenticate by using X.509 certificates.
You need to ensure that Device1 can authenticate to the IoT hub.
What should you do?

A. Create an Azure key vault and enable the encryption of data at rest for the IoT hub by using a customer-managed key.

B. Enable a hardware security module (HSM) on Device1.

C. From the Azure portal, create an IoT Hub Device Provisioning Service (DPS) instance and add a certificate enrollment for Device1.

D. Add the DigiCert Baltimore Root Certificate to Device1.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are developing a custom Azure IoT Edge module.
The module needs to identify the device ID of the local device.
Solution: You configure the module to read the IOTEDGE_DEVICEID environment variable.
Does this meet the goal?

A. Yes

B. No

You have an Azure IoT hub and an Azure virtual network.
You configure a private endpoint for the IoT hub.
You need to ensure that the IoT hub can send data to downstream services.
What should you create first?

A. a consumer group

B. a managed identity

C. a message route

D. an IP filter rule

HOTSPOT
-
You have an Azure IoT solution that uses Azure Digital Twins.
You plan to ingest telemetry from an IoT device into a digital twin.
You need to create an Azure function that will process the telemetry messages received by the Azure IoT hub and update the digital twin of the IoT device with the new values.
How should you complete the code? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
You have an Azure IoT hub and three Azure IoT Edge devices. The device twin code for each device is shown in the following table.
 
A standard automatic deployment is already applied.
You have three layered deployments. The deployment code for each deployment is shown in the following table.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
You have an Azure IoT solution that contains an Azure IoT hub and 100 IoT devices.
You deploy Azure Defender for IoT to the devices.
You need to configure alerts for the following events:
•	An X.509 certificate is expired.
•	Potential loss of data is detected.
•	The number of unauthorized operations is outside the allowed range.
The solution must minimize administrative effort.
Which type of alert should you configure for each event? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.