You plan to deploy an Azure IoT hub. The solution must ensure that when connecting to the IoT hub, IoT devices can only authenticate by presenting a certificate that is encrypted with a 256-bit AES key and uses a SHA384 hash.
You need to configure the Azure Resource Manager (ARM) template to deploy the IoT hub.
Which property should you configure?

A. disableLocalAuth

B. authenticationType

C. minTlsVersion

D. authorizationPolicies

Which query should you use?

A. $event.payload.Status = “Running” AND $event.payload.Alert = “True”

B. $body.event.payload.Status = “Running” AND $body.event.payload.Alert = “True”

C. MessageType.payload.Status = “Running” AND MessageType.event.payload.Alert = “True”

D. $Status = “Running” AND $Alert = “True”

You have a remote network that contains an IoT device named Device1 and a firewall named Firewall1.
You have an Azure subscription that contains an Azure IoT hub named Hub1. Device1 is registered to Hub1. Firewall1 only allows outbound traffic from Hub1 via TCP port 443.
You need to build an app that will connect to Device1 by using SSH on port 22. The solution must minimize costs.
What should you configure to connect to Device1?

A. IoT Hub message routing

B. shared access policies

C. Azure Private Link

D. IoT Hub device streams

HOTSPOT
-
You have an Azure IoT hub.
You have four Azure IoT Edge devices and the device twin code shown in the following table.
 
You have three deployments and the deployment code shown in the following table.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

HOTSPOT -
You create a new IoT device named device1 on iothub1. The primary key value assigned to device1 is Uihuih76hbHb.
How should you complete the device connection string? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have IoT devices that connect to an Azure IoT hub.
From IoT Hub, you create an Event subscription to be notified when devices are registered to IoT Hub. You select webhook endpoint as a handler for the Event subscription.
Which two types of Event Grid messages will be received by the webhook? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Microsoft.Devices.DeviceCreated

B. Microsoft.Resources.ResourceWriteSuccess

C. Microsoft.EventGrid.SubscriptionValidationEvent

D. Microsoft.Devices.DeviceConnected

HOTSPOT -
You need to use message enrichment to add additional device information to messages sent from the IoT gateway devices when the reported temperature exceeds a critical threshold.
How should you configure the enrich message values? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

HOTSPOT -
You are writing code to provision IoT devices by using the Device Provisioning Service.
Which two details from the Overview blade of the Device Provisioning Service are required to provision a new IoT client device? To answer, select the appropriate detail in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

What should you do to identify the cause of the connectivity issues?

A. Send cloud-to-device messages to the IoT devices.

B. Use the heartbeat pattern to send messages from the IoT devices to iothub1.

C. Monitor the connection status of the device twin by using an Azure function.

D. Enable the collection of the Connections diagnostic logs and set up alerts for the connected devices count metric.

DRAG DROP -
You need to add Time Series Insights to the solution to meet the pilot requirements.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
 

How should you complete the GROUP BY clause to meet the Streaming Analytics requirements?

A. GROUP BY HoppingWindow(Second, 60, 30)

B. GROUP BY TumblingWindow(Second, 30)

C. GROUP BY SlidingWindow(Second, 30)

D. GROUP BY SessionWindow(Second, 30, 60)

You need to configure Stream Analytics to meet the POV requirements.
What are two ways to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. From IoT Hub, create a custom event hub endpoint, and then configure the endpoint as an input to Stream Analytics.

B. Create a Stream Analytics module, and then deploy the module to all IoT Edge devices in the fleet.

C. Create an input in Stream Analytics that uses the built-in events endpoint of IoT Hub as the source.

D. Route telemetry to an Azure Blob storage custom endpoint, and then configure the Blob storage as a reference input for Stream Analytics.

You need to store the real-time alerts generated by Stream Analytics to meet the technical requirements.
Which type of Stream Analytics output should you configure?

A. Azure Blob storage

B. Microsoft Power BI

C. Azure Cosmos DB

D. Azure SQL Database

During the POV phase, you connect a device to IoT Hub and start sending telemetry messages.
You need to verify the content of the messages received by IoT Hub during the POV phase.
What should you use?

A. the Monitoring settings of IoT Hub or a Postman call to the IoT Hub REST API

B. Azure Monitor or Azure Log Analytics

C. Microsoft Visual Studio Code that uses the IoT Hub Toolkit or Azure CLI that uses the IoT Hub extension

D. Splunk or Grafana

You have an Azure IoT solution that contains an Azure IoT hub. The IoT hub uses Microsoft Defender for IoT for device builders and an IoT device named ContosoDevice1.
You need to implement the Defender for IoT micro agent.
What should you configure in the IoT hub?

A. a module twin

B. a private endpoint

C. an Azure IoT Edge module

D. the device twin

HOTSPOT
-
You create an Azure IoT hub named Iothub1 as shown in the following exhibit.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

You have an Azure IoT hub.
You need to enable Azure Defender for IoT on the IoT hub.
What should you do?

A. From the Security settings of the IoT hub, select Secure your IoT solution.

B. From the Diagnostics settings of the IoT hub, select Add diagnostic setting.

C. From Defender, add a security policy.

D. From Defender, configure security alerts.

You have an Azure IoT hub that is being taken from prototype to production.
You plan to connect IoT devices to the IoT hub. The devices have hardware security modules (HSMs).
You need to use the most secure authentication method between the devices and the IoT hub. Company policy prohibits the use of internally generated certificates.
Which authentication method should you use?

A. an X.509 self-signed certificate

B. a certificate thumbprint

C. a symmetric key

D. An X.509 certificate signed by a root certification authority (CA).

DRAG DROP -
You have an Azure IoT solution that includes an Azure IoT hub.
You receive a root certification authority (CA) certificate from the security department at your company.
You need to configure the IoT hub to use the root CA certificate.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
 

You have an Azure IoT Edge device.
You need to modify the credentials used to access the container registry.
What should you modify?

A. the $edgeHub module twin

B. the IoT Edge module

C. the $edgeAgent module twin

D. the Azure IoT Hub device twin

You enable Azure Security Center for IoT.
You need to onboard a device to Azure Security Center.
What should you do?

A. Add the azureiotsecurity module identity to the Azure IoT Hub device identity.

B. Open incoming TCP port 8883 on the device.

C. Modify the connection string of the device.

D. Install an X.509 certificate on the hardware security module (HSM) of the device.

HOTSPOT -
You are planning a proof of concept (POC) that will use an Azure IoT hub.
You have two self-signed client authentication certificates named Cert1 and Cert2. Cert1 has a basic constraint that contains Subject Type=CA. Cert2 has a basic constraint that contains Subject Type=End Entity.
You need to identify which certificates to use.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have an Azure IoT hub that has a hostname of contoso-hub.azure-devices.net and an MCU-based IoT device named Device1. Device1 does NOT support
Azure IoT SDKs.
You plan to connect Device1 to the IoT hub by using the Message Queuing Telemetry Transport (MQTT) protocol and to authenticate by using X.509 certificates.
You need to ensure that Device1 can authenticate to the IoT hub.
What should you do?

A. Create an Azure key vault and enable the encryption of data at rest for the IoT hub by using a customer-managed key.

B. Enable a hardware security module (HSM) on Device1.

C. From the Azure portal, create an IoT Hub Device Provisioning Service (DPS) instance and add a certificate enrollment for Device1.

D. Add the DigiCert Baltimore Root Certificate to Device1.

DRAG DROP -
You have an Azure IoT Edge solution.
You plan to deploy an Azure Security Center for IoT security agent. You need to configure the security agent to meet the following requirements:
✑ Connection events must be reported as high priority.
✑ High priority events must be collected every seven minutes.
How should you configure the azureiotsecurity module twin? To answer, drag the appropriate values to the correct locations. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
 

You have an Azure IoT hub that uses a Device Provisioning Service instance.
You have 1,000 legacy IoT devices that only support MAC address or serial number identities. The devices do NOT have a security feature that can be used to securely identify the device or a hardware security module (HSM).
You plan to deploy the devices to a secure environment.
You need to configure the Device Provisioning Service instance to ensure that all the devices are identified securely before they receive updates.
Which attestation mechanism should you choose?

A. Trusted Platform Module (TPM) 1.2 attestation

B. symmetric key attestation

C. X.509 certificates

HOTSPOT
-
You have an Azure IoT solution that uses Azure Digital Twins.
You plan to ingest telemetry from an IoT device into a digital twin.
You need to create an Azure function that will process the telemetry messages received by the Azure IoT hub and update the digital twin of the IoT device with the new values.
How should you complete the code? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

From the Device Provisioning Service, you create an enrollment as shown in the exhibit.
 
You need to deploy a new IoT device.
What should you use as the device identity during attestation?

A. a self-signed X.509 certificate

B. the random string of alphanumeric characters

C. the HMAC-SHA256 hash of the device’s registration ID

D. the endorsement key of the device’s Trusted Platform Module (TPM)

You have an Azure IoT hub and an IoT device that generates the following messages.
 
You need to route the messages to a custom Azure Event Hubs endpoint. The solution must route only messages that have the following values.
"Status": "Running"
"Alert": "True"
Which query should you use?

A. $body.event.payload.Status = “Running” AND $body.event.payload.Alert = “True”

B. MessageType.payload.Status = “Running” AND MessageType.event.payload.Alert = “True”

C. $Status = “Running” AND $Alert = “True”

D. $event.payload.Status = “Running” AND $event.payload.Alert = “True”

You have an Azure IoT solution that contains 20 IoT devices. Each device typically sends five Message Queuing Telemetry Transport (MQTT) messages per minute.
You need to configure an alert to detect which devices have an anomalous MQTT message send rate.
What should you do?

A. Create an Azure IoT hub and an IoT alert that has the following settings:• Condition: C2D message deliveries completed• Threshold: Static• Threshold value: 15• Aggregation granularity: 5 minutes

B. Create an Azure IoT hub and an IoT alert that has the following settings:• Condition: C2D message deliveries completed• Threshold: Static• Operator: Greater than• Aggregation type: Average• Threshold value: 30

C. Enable Azure Defender for IoT and create a custom rule that has the following settings:• Custom Alert: Number of device to cloud messages (MQTT protocol) is not in allowed range• Minimal Threshold: 30• Maximum Threshold: 60• Time Window Size: 00:05:00

D. Enable Azure Defender for IoT and create a custom rule that has the following settings:• Custom Alert: Number of device to cloud messages (MQTT protocol) is not in allowed range• Minimal Threshold: 20• Maximum Threshold: 30• Time Window Size: 00:05:00

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains the resources shown in the following table.
 
You create a group enrollment in DPS1 and enroll 100 IoT devices. Each device is issued a leaf certificate from CA1.
You need to deprovision a single IoT device from the group enrollment. The solution must not affect the other devices.
Solution: You create a disabled symmetric key individual enrollment by using the device ID of the device.
Does this meet the goal?

A. Yes

B. No

HOTSPOT
-
You have an Azure IoT solution that contains an Azure IoT hub and 100 IoT devices.
You deploy Azure Defender for IoT to the devices.
You need to configure alerts for the following events:
•	An X.509 certificate is expired.
•	Potential loss of data is detected.
•	The number of unauthorized operations is outside the allowed range.
The solution must minimize administrative effort.
Which type of alert should you configure for each event? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have 20 IoT devices deployed across two floors of a building. The devices on the first floor must be set to 60 degrees. The devices on the second floor must be set to 80 degrees.
The device twins are configured to use a tag that identifies the floor on which the twins are located.
You create the following automatic configuration for the devices on the first floor.
 
You create the following automatic configuration for the devices on the second floor.
 
The IoT devices on the first floor report that the temperature is set to 80 degrees.
You need to ensure that the first-floor devices are set to the correct temperature.
Solution: In the automatic configuration for the first-floor devices, you set targetCondition to “tags.floor=‘second’”.
Does this meet the goal?

A. Yes

B. No

You have an Azure subscription that contains an Azure IoT hub and two Azure IoT Edge devices named Device1 and Device2.
You need to ensure that the IoT hub only accepts connections from Device1 and Device2.
What should you configure?

A. a private endpoint connection

B. Azure API Management

C. Azure Active Directory (Azure AD) Identity Protection

D. a gateway device

HOTSPOT
-
You are creating an Azure Digital Twins query.
You need to return all the digital twins that have a contains relationship with a digital twin that has an ID of twin1.
How should you complete the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

You have an Azure IoT solution that includes several Azure IoT hubs.
A new alerting feature was recently added to the IoT devices. The feature uses a new device twin reported property named alertCondition.
You need to send alerts to an Azure Service Bus queue named MessageAlerts. The alerts must include alertCondition and the name of the IoT hub.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Configure File upload for each IoT hub. Configure the device to send a file to an Azure Storage container that contains the device name and status message.

B. Add the following message enrichments: Name = iotHubName Value = $twin.tag.location Endpoint = MessageAlerts

C. Create an IoT Hub routing rule that has a data source of Device Twin Change Events and select the endpoint for MessageAlerts.

D. Add the following message enrichments: Name = iotHubName Value = $iothubname Endpoint = MessageAlerts

E. Create an IoT Hub routing rule that has a data source of Device Telemetry Messages and select the endpoint for MessageAlerts.

DRAG DROP -
You have 100 devices that connect to an Azure IoT hub.
You need to be notified about failed local logins to a subset of the devices.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
 

You have 1,000 devices that connect to an Azure IoT hub.
You are performing a scheduled check of deployed IoT devices.
You plan to run the following command from the Azure CLI prompt. az iot hub query --hub-name hub1 --query-command "SELECT * FROM devices WHERE connectionState = 'Disconnected'"
What does the command return?

A. the Device Disconnected events

B. the device twins

C. the Connections logs

D. the device credentials

You have an Azure Stream Analytics job that connects to an Azure IoT hub named Hub1445 as a streaming data source. Hub1445 is configured as shown in the exhibit.
 
The Stream Analytics job fails to receive any messages from the IoT hub.
What should you do to resolve the issue?

A. Disable the Route1 route.

B. Enable the Route3 route.

C. Disable the Route2 route.

D. Enable the fallback route.

You are troubleshooting an Azure IoT hub.
You discover that some telemetry messages are dropped before they reach downstream processing.
You suspect that IoT Hub throttling is the root cause.
Which log in the Diagnostics settings of the IoT hub should you use to capture the throttling error events?

A. Routes

B. DeviceTelemetry

C. Connections

D. C2DCommands

You have 10 IoT devices that connect to an Azure IoT hub named Hub1.
From Azure Cloud Shell, you run az iot hub monitor-events --hub-name Hub1 and receive the following error message: "az iot hub: 'monitor-events' is not in the 'az iot hub' command group. See 'az iot hub --help'."
You need to ensure that you can run the command successfully.
What should you run first?

A. az iot hub monitor-feedback –hub-name Hub1

B. az iot hub generate-sas-token –hub-name Hub1

C. az iot hub configuration list –hub-name Hub1

D. az extension add -name azure-cli-iot-ext

You have an Azure IoT solution.
You need to implement multi-factor device authentication by using custom device authentication.
What should you do first?

A. Create an Azure Policy definition for Azure IoT Hub.

B. Enable multi-factor authentication (MFA) for Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra.

C. Create a service endpoint policy.

D. Deploy a security token service.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have 10 devices that connect to an Azure IoT hub. Each device has a unique public IP address. The devices are not provisioned through DPS.
You discover an anomaly in messages from two devices.
You need to stop all messages from both devices without affecting the other devices.
Solution: You delete the devices from the IoT hub.
Does the solution meet the goal?

A. Yes

B. No

HOTSPOT
-
You are planning a project that will use an Azure IoT hub.
You have two authentication certificates named Cert1 and Cert2. Cert1 is a CA signed certificate and Cert 2 is a leaf certificate.
You need to identify which certificates to use.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

You have an Azure IoT hub.
You need to check whether the IoT hub was affected by an outage.
What should you select in the Azure portal? To answer, select the appropriate option in the answer area.
NOTE: Each correct selection is worth one point.

A. Resource health

B. Metrics

C. Alerts

D. Diagnostic settings

You have an Azure subscription.
You need to deploy an Azure IoT hub by using an Azure Resource Manager (ARM) template. The solution must ensure that the IoT hub rejects connections from devices that only support cipher suites that use SHA1.
What should you include in the template?

A. “authenticationType”:“keyBased”

B. “disableDeviceSAS”:“true”

C. “disableModuleSAS”:“true”

D. “minTlsVersion”:“1.2”

DRAG DROP -
You are troubleshooting device connections to and disconnections from an Azure IoT hub.
You configure diagnostic logging for the IoT hub to send to Log Analytics.
You need to generate a report that displays the device connection and disconnection events.
How should you complete the query? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
 

You have an Azure subscription that contains an Azure IoT hub and two Azure IoT Edge devices named Device1 and Device2.
You need to ensure that the IoT hub only accepts connections from Device1 and Device2.
What should you configure?

A. Azure API Management

B. Identity Protection in Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra

C. a Network Security Group

D. an IP filter

You have an Azure IoT hub that has 1,000 registered devices.
You create an Azure logic app.
You need to send Device Connected and Device Disconnected events in real time to the logic app.
What should you do?

A. From the Message routing blade of the IoT hub, add a route, Route DeviceLifecycleEvents to an Azure Service Bus queue.

B. From the Diagnostic settings blade of the IoT hub, add a diagnostic setting. Route the connection logs to a Log Analytics workspace.

C. From the Events blade of the IoT hub, add an event subscription. Configure the Filter to Event Types setting and route the events to a webhook.

HOTSPOT
-
You have sites that contain industrial control devices as shown in the following table.
 
You have an Azure subscription that contains an Azure IoT hub. The IoT hub has Microsoft Defender for IoT enabled.
You plan to deploy Microsoft Defender for IoT to the devices.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

You have 1,000 devices that connect to an Azure IoT hub.
You discover that some of the devices fail to send data to the IoT hub.
You need to ensure that you can use Azure Monitor to troubleshoot the device connectivity issues.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. From the Diagnostics settings of the IoT hub, select Archive to a storage account.

B. Collect the DeviceTelemetry, Connections, and Routes logs.

C. Collect all metrics.

D. From the Diagnostics settings of the IoT hub, select Send to Log Analytic.

E. Collect the JobsOperations, DeviceStreams, and FileUploadOperations logs.