DP-420 Practice Test

You have a container named container1 in an Azure Cosmos DB Core (SQL) API account.
You need to provide a user named User1 with the ability to insert items into container1 by
using role-based access control (RBAC). The solution must use the principle of least
privilege.
Which roles should you assign to User1?

A.

CosmosDB Operator only

B.

DocumentDB Account Contributor and Cosmos DB Built-in Data Contributor

C.

DocumentDB Account Contributor only

D.

Cosmos DB Built-in Data Contributor only

You plan to deploy two Azure Cosmos DB Core (SQL) API accounts that will each contain
a single database. The accounts will be configured as shown in the following table.

You have an Azure Cosmos DB Core (SQL) API account named account1.
You have the Azure virtual networks and subnets shown in the following table.

You plan to create an Azure Cosmos DB Core (SQL) API account that will use customermanaged
keys stored in Azure Key Vault.
You need to configure an access policy in Key Vault to allow Azure Cosmos DB access to
the keys.
Which three permissions should you enable in the access policy? Each correct answer
presents part of the solution.
NOTE: Each correct selection is worth one point.

A.

Wrap Key

B.

Get

C.

List

D.

Update

E.

Sign

F.

Verify

G.

Unwrap Key

You have an Azure Cosmos DB Core (SQL) API account.
You configure the diagnostic settings to send all log information to a Log Analytics
workspace.
You need to identify when the provisioned request units per second (RU/s) for resources
within the account were modified.
You write the following query.
AzureDiagnostics
| where Category == "ControlPlaneRequests"
What should you include in the query?

A.

| where OperationName startswith "AccountUpdateStart"

B.

I where OperationName startswith "SqlContainersDelete"

C.

I where OperationName startswith "MongoCollectionsThroughputUpdate"

D.

| where OperationName startswith "SqlContainersThroughputUpdate"