This is a case study. Case studies are not timed separately. You can use as much exam time
as you would like to complete each case. However, there may be additional case studies and
sections on this exam. You must manage your time to ensure that you are able to complete all
question included on this exam in the time provided.
To answer the question included in a case study, you wil need to reference information that is
provided in the case study. Case studies might contain exhibits and other resources that provide
more information about the scenario that is described in the case study. Each question is
independent of the other question in this case study.
At the end of this case study, a review screen wil appear. This screen allows you to review your
answers and to make changes before you move to the next section of the exam. After you begin
a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left
pane to explore the content of the case study before you answer the questions. Clicking these
buttons displays information such as business requirement, existing environment, and problem
statements. If the case study has an Al Information tab, note that the information displayed is
identical to the information displayed on the subsequent tabs. When you are ready to answer a
question, click the Question button to return to the question.
Contoso, Ltd. is a US-based financial services company that has a main office in New York and
a branch office in San Francisco.
Payment Processing System
Contoso hosts a business-critical payment processing system in its New York data center. The
system has three tiers: a front-end web app, a middle-tier web API, and a back-end data store
implemented as a Microsoft SQL Server 2014 database. Al servers run Windows Server 2012
The front-end and middle-tier components are hosted by using Microsoft Internet Information
Services (IIS). The application code is written in C# and ASP.NET. The middle-tier API uses the
Entity Framework to communicate to the SQL Server database. Maintenance of the database is
performed by using SQL Server Agent jobs.
The database is currently 2 TB and is not expected to grow beyond 3 TB.
The payment processing system has the following compliance-related requirements:
? Encrypt data in transit and at rest. Only the front-end and middle-tier components must be
able to access the encryption keys that protect the data store.
? Keep backups of the data in two separate physical locations that are at least 200 miles apart
and can be restored for up to seven years.
? Support blocking inbound and outbound traffic based on the source IP address, the
destination IP address, and the port number.