AI-102 Solution Planning and Operations

I think the it should be:
1. Create a custom docker file
2. Pull the container image (in the dockerfile)
3. Build the image
4 Push to ACR

ChatGPT: To meet the requirements, perform the following actions in sequence:

1. Create a custom Dockerfile: This allows you to define the specific configuration and dependencies for your containerized deployment.

2. Build the image: Use the Dockerfile to build the container image with the necessary components and configurations.

3. Push the image to an Azure container registry: Store the container image in an Azure container registry to control access and ensure secure storage.

4. Distribute a docker run script: Provide a docker run script that can be used to run the containerized deployment on local devices or in on-premises datacenters. This script should include any necessary environment variables or configuration settings.

Note: The actions of pulling the Anomaly Detector container image and pushing the image to Docker Hub are not mentioned in the requirements. Therefore, they are not necessary for meeting the given requirements.

Microsoft Co-Pilot said Pull the Anomaly Detector container image is the starting point. See: https://learn.microsoft.com/en-us/azure/ai-services/anomaly-detector/anomaly-detector-container-howto Then you can Create a custom Dockerfile

Pull the Anomaly Detector container image: first obtain the official base image from the Microsoft Container Registry.
Create a custom Dockerfile: To prevent secrets from appearing in CLI history
Build the image: To processes the Dockerfile and creates "hardened" version of the container locally.
Push the image to an Azure container registry: Azure Container Registry (ACR) supports Azure RBAC.

it should be like this steps?

Create a custom Dockerfile
Pull the Anomaly Detector Container Image
Build the Image
Push the image to an Azure Container registry

Incorrect. Correct answer is:
1. Create custom docker file (as it includes instructions to pull the latest image of anomaly detector)
2. Build the image
3. Push to ACR
4. Distribute Docker Run

Pull the Anomaly Detector container image (b):
Start by retrieving the official Anomaly Detector container image from a registry. You can use the docker pull command to download it.

Create a custom Dockerfile (a):
Next, create a custom Dockerfile that defines the instructions for building your specific image. Customize it to include your requirements, such as preventing sensitive information from being stored in command-line histories.

Build the image (e):
Use the Dockerfile to build your custom image. This step compiles the necessary components and configurations.

Push the image to an Azure container registry (d):
Finally, store your custom image in an Azure container registry. This ensures controlled access and secure storage.

1. Create a custom docker file
2. Pull the container image (in the dockerfile)
3. Build the image
4 Push to ACR
This is highly voted answer. Is it correct?....pls help

This is the right one:

1. Pull the Anomaly Detector container image.
2. Create a custom Dockerfile.
3. Build the image.
4. Push the image to an Azure container registry.

1. Pull the anomaly detector
2. build docker file
3. build image
4. publish to ACR
this now will become source for all devices to pull the image and run from ACR.

1.Create a custom Dockerfile
2.Build the image
3.Push the image to an Azure container registry
4.Distribute a docker run script

From Takedajuku perspective, if you study for 4 days and spend 2 days reviewing, you will have a better chance of passing the exam.

it is important to note NOTE: More than one order of answer choices is correct.

1. Pull the image
2. Create dockerfile
3. Build
4. Run
5. Push to ACR if required

1. Create.
2. Build.
3. Push
4. Run
Instruction example hello-world image
https://learn.microsoft.com/en-us/azure/container-registry/container-registry-quickstart-task-cli

Final Answer:
1.Create a custom Dockerfile
2.Build the image
3.Push the image to an Azure container registry
4.Distribute a docker run script:

I think the it should be:
1. Pull the container image (in the dockerfile)
2. Create a custom docker file
3. Build the image
4 Push to ACR

check Azure official on youtube: https://www.youtube.com/watch?v=XLQLNazid4I
The steps should be
1. Pull the container image (in the dockerfile)
2. Create a custom docker file
3. Build the image
4 Push to ACR

B and C are correct answers.

A and B 100%, key word is to Monitor
Transparency means you should be clear about how the system works and how it makes decisions, so you can monitor the results and ensure that they're not biased against any particular group of users. And fairness means that the system should be designed to treat all users equally, regardless of their location or background. By monitoring the system to ensure that it's transparent and fair, you can help to prevent any unintended biases or discrimination in the results. It's all about being ethical and responsible in the development and use of AI systems.

Nowadays it has to be B and C.

These two principles work together to enable effective monitoring:

Fairness defines what you're monitoring for (equitable treatment)
Transparency enables how you monitor (by making the system's behavior visible and explainable)

B and C are Correct Answer

B - No discrimination based on background, location, gender, ethnicity, etc.
C - The system is usable and effective for all people, including those from different regions, cultures, or backgrounds.

The question is about monitoring a system to ensure equitable results across locations and backgrounds, which directly relates to Fairness (avoiding bias) and Transparency (understanding and explaining system behavior).

Why not following:
C. Inclusiveness – Focuses on accessibility and ensuring people of all abilities can use the system, not on monitoring for fairness.
D. Reliability and Safety – Ensures the system performs consistently and safely, but doesn’t directly address equity or bias.
E. Privacy and Security – Protects user data and system integrity, but is unrelated to monitoring for equitable outcomes.

Inclusiveness helps build the system; fairness and transparency help monitor it.

Fairness Avoiding bias, ensuring equal treatment
Inclusiveness Ensuring access, representation, and equal participation

Why not A&B?
Transparency
Transparency in Azure Machine Learning: The model interpretability and counterfactual what-if components of the Responsible AI dashboard enable data scientists and developers to generate human-understandable descriptions of the predictions of a model

fairness - no comment. it is clear.

It must be B and C.

BC is obviously correct

B. Fairness: This principle is about ensuring that the AI system provides equitable results regardless of a user’s location or background. It involves minimizing bias in the AI system’s outcomes and providing equal opportunities for all users.
C. Inclusiveness: This principle is about designing AI systems that are accessible and usable by the widest possible range of people, regardless of their location or background. It involves considering the diverse characteristics of potential users during the design and deployment of the AI system.

B and C

The requirements to not mention reliability and safety, only that the users are treated equally regardless of their characteristics or background.

En la pregunta claramente hablan sobre Equidad y la inclusión al abordar que debe ser independiente de la ubicación

transparency (A) is important for making the operations of AI systems understandable to users, and reliability and safety (D), along with privacy and security (E), are crucial for ensuring the system's dependable operation, user safety, and data protection, fairness and inclusiveness are specifically targeted towards ensuring equitable results and addressing the monitoring requirements stated in your scenario.

C indeed

Pretty simple

Correct, answer is C, here the chatGPT explanation ->

The correct answer is C. az cognitiveservices account show.

Explanation:

The az cognitiveservices account show command retrieves details about a specified Azure Cognitive Services account, including its properties and settings. By using this command in the Azure DevOps pipeline, you can identify and confirm the details of the Azure AI services account that was created in a previous step.

This is the similar example, I would vote for B.
Use case of Stream Analytics
Query: Alert to trigger a business workflow
Let's make our query more detailed. For every type of sensor, we want to monitor average temperature per 30-second window and display results only if the average temperature is above 100 degrees.

https://learn.microsoft.com/en-us/azure/stream-analytics/stream-analytics-get-started-with-azure-stream-analytics-to-process-data-from-iot-devices

The key requirements here are that you are doing this from a data stream and that you must limit development.
Anomaly detection does not work with datastreams natively, so considerable development work would be required to integrate this functionality. As a result, the correct answer is C and not D.

You’re monitoring temperature data from a data stream, which points to a stream-processing solution.

Azure Stream Analytics (ASA) can ingest streaming data (IoT Hub, Event Hub, etc.) and has built-in anomaly detection functions (spike and dip detection).

This allows you to detect atypical temperature values and trigger alerts with minimal custom code, which matches the requirement to minimize development effort.

You are monitoring temperature data from a single sensor stream (one variable).
Univariate Anomaly Detection is designed for detecting anomalies in a single time-series signal.
It uses Azure Cognitive Services Anomaly Detector API, which minimizes development effort because:

No need to build or train your own ML model.
Simple REST API or SDK integration.


You can set thresholds and generate alerts easily.

B. A and D are deprecated. Starting on the 20th of September, 2023 you won't be able to create new Anomaly Detector resources. The Anomaly Detector service is being retired on the 1st of October, 2026

B. Azure Stream Analytics
While Univariate Anomaly Detection (D) is the concept of detecting anomalies in a single metric like temperature and is simpler than multivariate detection, the best way to minimize development effort in Azure is to use Azure Stream Analytics (B), which provides built-in univariate anomaly detection functions as part of its managed, scalable service. Stream Analytics allows you to process real-time data streams, detect anomalies with simple SQL-like queries, and integrate easily with alerting systems-all without building custom detection logic or managing infrastructure. Therefore, although univariate detection is the right approach conceptually, Azure Stream Analytics is the practical, low-effort solution to implement it end-to-end.
Source: AI

To monitor temperature data from a data stream and generate alerts for atypical values with minimal development effort, you should include:

B. Azure Stream Analytics

Azure Stream Analytics allows you to process and analyze real-time data streams with minimal development effort. You can define query logic to detect anomalies and trigger alerts based on the results. This makes it an ideal solution for generating alerts in response to atypical temperature values from your data stream.

Because you’re dealing with a single time-series (temperature) and you want minimal development overhead for spotting anomalies, the best answer is:

D. Univariate Anomaly Detection.

Confirmed by multiple AI-services

Both ChatGPT and Copilot said.

Azure Stream Analytics offers the most straightforward and efficient solution for real-time temperature monitoring with minimal development effort

he correct answer is:

D. Univariate Anomaly Detection

Explanation:
Since the system is monitoring temperature data from a data stream, and the goal is to generate alerts based on atypical values (likely unusual temperature readings), Univariate Anomaly Detection is the most suitable solution.

Univariate Anomaly Detection focuses on identifying anomalies in a single time-series dataset. In this case, temperature data can be considered a univariate time-series, where the system detects unusual or atypical temperature values based on historical trends or thresholds. This minimizes development effort by using a simple approach to detect outliers in one variable (temperature) without requiring complex multi-variable or machine learning models.

At first read, I felt like "temperature data" refers to the broader category of any variables included to monitor temperature (such as humidity, elevation, etc). This is why I noted Multivariate Anomaly Detection.

Azure Stream Analytics would require more configuration to build an anomaly detector so this doesn't sound like the best solution for "minimal development effort"

D.
Explanation:
The solution involves monitoring temperature data, which is typically a single-variable or univariate data stream. The Univariate Anomaly Detection service is ideal because:

Focuses on Single Variables:

It is optimized to detect anomalies in data streams consisting of a single variable, such as temperature readings.
Minimal Development Effort:

Azure's Anomaly Detector API includes Univariate Anomaly Detection and provides pre-trained models that require minimal customization or configuration.
You only need to feed the data stream into the API and analyze the results.
Efficient for Time Series Data:

It detects sudden spikes, dips, or trends in time series data, which aligns perfectly with monitoring temperature anomalies.

if your primary goal is to detect anomalies and generate alerts with minimal development effort, Anomaly Detection might be the better choice. However, if you need to perform more complex real-time data processing and analytics, Stream Analytics could be more suitable.

Copoilot:
For a solution that monitors temperature data from a data stream and generates alerts in response to atypical values while minimizing development effort, B. Azure Stream Analytics is the most suitable option.

Here's why:

Azure Stream Analytics provides a fully managed service for real-time data stream processing.

It can easily integrate with other Azure services, making it straightforward to set up and scale.

Built-in anomaly detection functions help identify outliers in data without the need for extensive custom development.

I asked Copilot :
Overall, Azure Stream Analytics offers a more comprehensive and integrated solution for your requirements, making it easier to set up, maintain, and scale.

And :
Starting on the 20th of September, 2023 you won’t be able to create new Anomaly Detector resources

Docker - https://learn.microsoft.com/en-us/azure/cognitive-services/cognitive-services-container-support

I might be stupid, but "data stream" and "limited connectivity" rendering out to me any cloud base staff. Which lead to Docker Engine

D. Docker Engine (+ IoT Edge)
You containerize the Cognitive Service model and run it locally using Docker. By integrating with Azure IoT Edge, you can operate in intermittent/offline mode, with occasional connectivity just for billing sync. It meets the limited connectivity requirement and is cost-effective

Docker Engine -->Ideal for lightweight, offline use--> Cost is low
Azure Kubernetes Service-->Requires cloud connectivity--> Cost is high

The correct choice is D. the Docker Engine.
When running in a location with limited connectivity and aiming to minimize costs, Docker Engine is a lightweight and cost-effective option to host the model locally. You can containerize the Azure Cognitive Services model and run it using Docker without needing a cloud connection. This approach allows the app to function offline while minimizing infrastructure costs.
A. Azure Kubernetes Service (AKS) is more complex and typically requires cloud connectivity, making it less suitable for limited connectivity scenarios.
B. Azure Container Instances also requires cloud access and may not work well in offline environments.
C. A Kubernetes cluster in an Azure Stack Hub provides an on-premise cloud environment, but it is more costly and complex compared to running a model in Docker.

Is this an AI question or an z-204 question. They talk about app hosting and then ask about the model. Ambigous. Just trying to make people fall into a trap (if you have to do this certification, you are already in that trap). The answer should not be azure hosting, because that will need connectivity. It has to be container services. I guess the wise-guy who put this excellent question wants Docker engine to be the answer. That's the best guess in this guessing-how-intelligent-microsoft-guys-are game

D is the answer. It must be used Docker.

Copilot Says
C. a Kubernetes cluster hosted in an Azure Stack Hub integrated system

Explanation:

Azure Stack Hub is an extension of Azure that provides a way to run apps in an on-premises environment and deliver Azure services in your datacenter. It's designed for scenarios where you have limited or unreliable connectivity to the public cloud. By hosting the model on a Kubernetes cluster in an Azure Stack Hub integrated system, you can run your app in the location with limited connectivity. This solution also helps to minimize costs as you only pay for the Azure services that you use.

Docker Engine

Docker seems right

D seems most suitable

Says ChatGPT

To host your Azure Cognitive Services model in a location with limited connectivity while minimizing costs, you should use:

D. the Docker Engine

Here's why:

Docker Engine allows you to run containerized applications locally without requiring a full orchestration platform. This can be particularly useful in environments with limited connectivity where you need to run applications in a more lightweight and cost-effective manner.

Unlike Azure Kubernetes Service (AKS) or Azure Container Instances, which typically require internet connectivity to Azure for management and operation, Docker Engine can operate entirely offline once the container images are downloaded.

Using a Kubernetes cluster hosted in an Azure Stack Hub integrated system (Option C) could work but would be significantly more complex and costly compared to simply using Docker Engine.

Minimizing costs is a key consideration, and Docker Engine provides a straightforward, low-overhead solution compared to the other options.

docker engine for the requisite of limited connectivity.... aks and aci must have internet connectivity... Azure Stack Hub is high costly

Azure Kubernetes Service (AKS) and Azure Container Instances both require a consistent and reliable internet connection to Azure, which make them not be suitable for a location with limited connectivity. A Kubernetes cluster hosted in an Azure Stack Hub integrated system could work, but it might be overkill for your needs and potentially more expensive.
Excluding these leaves only D as the correct solution.

I would like to know the basis on which Azure Container Instances is the correct answer.

Docker is the correct response

C is right answer, but now this service name changed "Azure AI".

Deprecated question but might appear on exam in new form. Now bundled in Azure AI services multi-service account. Contains:
- Decision -> Content Moderator
- Language -> Language Understanding, Language, Translator
- Speech -> S2T, T2S, Speech Translation
- Vision -> Computer vision, Custom vision, Face
- Document Intelligence -> Document intelligence (studio)

Answer to Q would be Azure AI (multi) services.
Endpoint still is cognitive services.

This question is depricated. Azure Cognitive services is now Azure AI services. I can't find any info about the Decision API but Language API resides within the new AI Services.

So for the options:
A) Part of Azure AI Services
B) Part of Azure AI Services
C) Renamed to Azure AI Services
D) Part of Azure AI Services, but renamed to Content Safety

I say this answer is C.

C is answer.

The correct answer is C. Azure Cognitive Services.

When you create an Azure Cognitive Services resource, you get access to a suite of services and APIs, including the Decision and Language APIs, under a single endpoint and credential. This simplifies the management of these services and enhances security by reducing the number of credentials you need to manage. Other options like Language, Speech, and Content Moderator are individual services within Azure Cognitive Services. They do not provide a single endpoint and credential for accessing multiple services. Therefore, they do not meet the requirement specified in the question

A Cognitive Services multi-service resource allows you to access multiple Azure AI services with a single key and endpoint.

Answer is correct - Sample response will be,
{
"key1": "KEY1",
"key2": "KEY2"
}
This shows, Key1 is already there and this JSON request will generate Key2.

What a crap question! it's confusing account keys which they are regenerating with the Subscription keys... those are aCcount keys not "query keys"
The only matching option is "A. a key for cognitive services was generated"

But...
... it was RE-generated

the other options are even worse, "a query key was generated" (what this call does is regenerate an account key)
or c or d, they talk about "subscription keys", which there is nothing by that name.

Clearly the goal is to confuse, this question is as bad as it can be.

The regenerateKey API regenerates one of the two access keys (Key1 or Key2) used to authenticate against the Cognitive Services resource. These are subscription keys, not Azure Key Vault keys or query keys.

You can use the REST API to regenerate keys:
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.CognitiveServices/accounts/{accountName}/regenerateKey?api-version=2024-10-01
subscriptionId: Your Azure subscription ID.
resourceGroupName: The name of your resource group.
accountName: The name of your Cognitive Services account.
{
"keyName": "Key1" // or "Key2"
}

make sense if endpoint is regenerate , the action retorned "was reset"

The answer is D. Solution verified in Azure

D is correct. https://learn.microsoft.com/en-us/rest/api/aiservices/accountmanagement/accounts/regenerate-key?view=rest-aiservices-accountmanagement-2023-05-01&tabs=HTTP

solution is d, The regenerateKey operation is used to regenerate either the primary or the secondary key for an Azure Cognitive Services account. You specify which key to regenerate by providing the key name in the request body. Possible values for the key name are 'Key1' for the primary key and 'Key2' for the secondary key.

D is the correct option.
The Api being shared is to regenerate the both primary and secondary keys based on key1 or key2 in the body. Clearly mentioned below:

https://learn.microsoft.com/en-us/rest/api/aiservices/accountmanagement/accounts/regenerate-key?view=rest-aiservices-accountmanagement-2023-05-01&tabs=HTTP

D is right answer.

D is right.

D. The secondary subscription key was reset.

This response is indicated by the "keyName": "Key2" in the request body, specifying that the secondary subscription key (Key2) should be regenerated.

indeed this API call will regenerate the secondary key for the Cognitive Service Account..key1 remains same. could have been clear if it is mentioned as 'account' instead of 'subscription'

The HTTP POST request you mentioned is specifically for regenerating the key of an Azure Cognitive Services account, not the Azure subscription itself. Here’s a breakdown to clarify:

Azure Cognitive Services Key: This is the key you’re regenerating with the request. Cognitive Services keys are used to authenticate API requests for the various cognitive services provided by Azure, like computer vision, language understanding, and more.
Azure Subscription Key: This key is different; it’s associated with your Azure subscription and is used to manage billing and service usage across all services within Azure.
So, in summary, the request regenerates the secondary key (Key2) for the specified Cognitive Services account (contoso1), allowing continued access to Cognitive Services APIs with the new key. It does not affect the Azure subscription key. This is important for security practices, ensuring that if a key is compromised, you can regenerate it without interrupting services or access.

MS Learn video suggest its D

I think answer is B.
on the answer D - I think because it says subscription, I dont think its resetting subscription key as this is more to do with the resource key

D. The secondary subscription key was reset.

The request is to the Azure Management API to regenerate a key for an Azure Cognitive Services account (contoso1). The body of the request specifies {"keyName": "Key2"}, which indicates that the operation is targeted at the secondary subscription key (commonly referred to as Key2 in Azure Cognitive Services management). The regenerateKey action causes the specified key to be reset, generating a new key value for it while invalidating the old one.

The answer is correct. Important

The Eula, Billing, and ApiKey options must be specified to run the container; otherwise, the container won't start. For more information, see Billing. The ApiKey value is the Key from the Keys and Endpoints page in the LUIS portal and is also available on the Azure Cognitive Services resource keys page.
https://learn.microsoft.com/en-us/azure/cognitive-services/luis/luis-container-configuration#example-docker-run-commands

docker run --rm -it -p 5000:5000 --memory 4g --cpus 1 \
mcr.microsoft.com/azure-cognitive-services/decision/anomaly-detector:latest \
Eula=accept \
Billing={ENDPOINT_URI} \
ApiKey={API_KEY}

https://learn.microsoft.com/en-us/azure/ai-services/anomaly-detector/anomaly-detector-container-howto#run-the-container-with-docker-run

B is more relatvent to cost management.

The docker run command has multiple --mount parameters. There is no parameter for Billing. The answer should be D.

The correct choice is B. Billing.
When deploying an instance of the Anomaly Detector service on a Docker host like Server1, you need to specify the Billing parameter to link the on-premises containerized service to your Azure subscription for usage tracking and billing purposes. This ensures that even though the service is running locally, its usage is associated with your Azure subscription.
A. Fluentd is a log collector and isn't relevant for hosting Anomaly Detector.
C. Http Proxy would be used for network routing, but it's not directly related to the Anomaly Detector service setup.
D. Mounts refers to file system mounts in Docker and is not necessary for this type of service deployment.

Billing={ENDPOINT_URI}

Always about the billing with Microsoft! :)

no billing no use

example)
$ docker run --rm -it -p 5000:5000 --memory 4g --cpus 2 --mount type=bind,src=c:\demo\container,target=/input --mount type=bind,src=C:\demo\container,target=/output
mcr.microsoft.com/azure-cognitive-services/luis Eula=accept Billing=https://westus.api.cognitive.microsoft.com/luis/v2.0 ApiKey={___YOUR_API_KEY___}

Answer B is correct
https://learn.microsoft.com/en-us/azure/cognitive-services/luis/luis-container-configuration#configuration-settings

Billing is not a docker run parameter, answer is D

To host an instance of the Anomaly Detector service on Server1 using Docker, you should include the following parameter in the docker run command:

D. Mounts

Mounts allow you to attach a directory or a file from the Docker host server (in this case, Server1) to the container. By including the appropriate mount configuration, you can provide the necessary files or directories required to run the Anomaly Detector service.

It is D.

ChatGPT: Batch detection

A is right answer. From Takedajuku perspective, if you study for 4 days and spend 2 days reviewing, you will have a better chance of passing the exam.

because it needs to process the whole 24 hours data, it has to be a batch

A is correct. see https://learn.microsoft.com/en-us/azure/cognitive-services/anomaly-detector/overview

A.
>solution scans the entire dataset

if there is no metrics advisor, then choose Multivariate Anomaly detection as secondary option, Metrics Advisor is the best answer.

This appeared in exam 28/06

The correct choice is C. Multivariate Anomaly Detection.
In this scenario, multiple engine sensor data points (such as rotation speed, angle, temperature, and pressure) are being monitored together, and they are likely interdependent. Multivariate Anomaly Detection can analyze these related variables simultaneously to detect anomalies that arise from their combined patterns. This makes it well-suited for identifying atypical values in complex systems like engines, where relationships between different variables are critical to detecting anomalies.
A. Application Insights in Azure Monitor is mainly used for monitoring application performance and diagnostics.
B. Metric alerts in Azure Monitor track specific metrics, but they are usually based on single variables rather than multivariate relationships.
D. Univariate Anomaly Detection focuses on detecting anomalies in a single variable, which would not be as effective in this scenario where multiple interdependent variables are involved

"Multivariate Anomaly Detection" is needed.

Correct

C is right anwer.

C is right.

Please do not choose A, this is a machine learning topic and has nothing to do with Azure Monitor

C. Multivariate Anomaly Detection is the most comprehensive solution. It allows for the analysis of complex relationships between multiple metrics, which is crucial for accurately identifying anomalies in a system as intricate as an engine. This approach can help detect situations where the anomaly is not in the individual metrics but in their unexpected patterns or combinations.

Multivariate Anomaly Detection - If your goal is to detect system level anomalies from a group of time series data, use multivariate anomaly detection APIs.

Anomaly detection does not support alerting though

The Multivariate Anomaly Detection APIs further enable developers by easily integrating advanced AI for detecting anomalies from groups of metrics, without the need for machine learning knowledge or labeled data.


https://learn.microsoft.com/en-us/azure/cognitive-services/anomaly-detector/overview#multivariate-anomaly-detection

The correct answer is A, transparency: "When an AI application relies on personal data, such as a facial recognition system that takes images of people to recognize them; you should make it clear to the user how their data is used and retained, and who has access to it." from: https://docs.microsoft.com/en-us/learn/paths/prepare-for-ai-engineering/

"Transparency: AI systems should be understandable."
"Reliability and safety: AI systems should perform reliably and safely."
so the answer is correct, reliability and safety
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/responsible-ai

A seems correct. I just asked from ChatGPT and it says transparency.

A is the correct answer

A is the right answer.

transparency is right answer.

Transparence, because you are informing users that their data is being processed.

Transparency is the right answer.
Transparency: AI systems should be understandable.

Notifying users that their data has been processed by the sales system helps meet the A. transparency principle. Transparency involves informing users about how their data is used, processed, and the purpose behind it, thereby fostering trust and understanding between the technology providers and the users.

Notifying users that their data has been processed by the sales system helps meet the A. transparency principle. Transparency involves informing users about how their data is used, processed, and the purpose behind it, thereby fostering trust and understanding between the technology providers and the users.

Transparency.
AI systems should be understandable. Users should be made fully aware of the purpose of the system, how it works, and what limitations may be expected.
REF: https://learn.microsoft.com/en-us/training/modules/prepare-to-develop-ai-solutions-azure/5-understand-considerations-for-responsible-ai

System should treat eveyone faily

correct for me A

Transparency offcourse. Users should be notified what information will be processed by the ai solution.

A
it's clearly transparency, why this website selects the wrong answer?

ChatGPT answer :
The responsible AI principle that notifying users that their data has been processed by the sales system helps meet is A. transparency.

Transparency is the principle of making AI systems understandable and providing clear explanations of their decisions and actions. By notifying users that their data has been processed by the sales system, you are being transparent about the fact that their data is being used and how it is being used. This helps users understand how their data is being used and can help build trust between users and the sales system.

A is correct

D is right, but i sure hope that nobody uses keys anymore. its considered bad practice, use managed identities, rbac to do this.

It's 100% D. Confirmed by ChatGPT too

I say this answer is D. Please hurry up and transport the meat.

D is answer.

D is right answer.

In general, you always need an endpoint and subscription key.

By providing the endpoint URI and subscription key in your application, you can seamlessly connect to CSAccount1 without additional complexities or setup. This approach minimizes administrative overhead and ensures secure communication between your app and the cognitive services.

Therefore, the correct answer is D. the endpoint URI and subscription key.

A. In VNet1, enable a service endpoint for CSAccount1. This allows you to secure your Azure service resources to the virtual network.

E. In CSAccount1, modify the virtual network settings. This will allow you to configure CSAccount1 to accept connections only from the virtual network VNet1.

Enabling service endpoints and modifying the virtual network settings for the AI Service resource will limit access to the resources within VNet1, effectively fulfilling both requirements.

In VNet1, enable a service endpoint for CSAccount1. This will allow you to connect your virtual network to your Azure AI Service resource securely over the Azure backbone network.

In CSAccount1, modify the virtual network settings. This will allow you to configure virtual network rules that specify which subnets can access your Azure AI Service resource.

ChatGPT confirms A and E

A - creating a service endpoint for csaccount1 on vnet1 ensures that its the only way of accessing the service and it ensures a secure connection
E - adding network settings on service csaccount1 will ensure that the access is restricted to resources within vnet1

To ensure that only specific resources can access CSAccount1 and prevent external access while minimizing administrative effort, you should perform the following actions:

A. In VNet1, enable a service endpoint for CSAccount1.
E. In CSAccount1, modify the virtual network settings.

Explanation:
Enable a Service Endpoint for CSAccount1 (Action A):

Service endpoints provide direct connectivity to Azure services over an optimized route over the Azure backbone network. By enabling a service endpoint for CSAccount1 on VNet1, you ensure that the traffic between VNet1 and CSAccount1 does not go over the internet, enhancing security and meeting the requirement to prevent external access.
Modify the Virtual Network Settings in CSAccount1 (Action E):

Configuring the virtual network settings in CSAccount1 allows you to specify which subnets within VNet1 can access the AI service. This way, you can control access at a more granular level and ensure that only specific resources within those subnets can access CSAccount1.

https://learn.microsoft.com/en-us/azure/ai-services/cognitive-services-virtual-networks?tabs=portal#configure-virtual-network-rules

From copilot :
To achieve the desired requirements of preventing external access to CSAccount1 while minimizing administrative effort, consider the following actions:

Configure network rules for CSAccount1:
Go to the Azure AI services resource you want to secure.
Under Firewalls and virtual networks, select Selected Networks and Private Endpoints.
Deny access by default to all networks, including internet traffic.
Then, configure rules to grant access only to traffic from specific virtual networks1.
Create a virtual subnet in VNet1:
This allows you to isolate resources within a specific subnet, ensuring that only authorized traffic can reach CSAccount1.
Therefore, the correct answers are A. In VNet1, enable a service endpoint for CSAccount1 and D. In VNet1, create a virtual subnet. These actions align with the requirements and minimize administrative overhead.

ChatGPT: A and E

Dervices like Azure AI Search, Video Indexer, and Immersive Reader do not support VNet settings configuration. For such services, E is not a viable response.

A and E.

I will also vote for AE.

AE ...

Do NOT think B is correct: The IAM controls do not necessarily help if the endpont and key are compromised; Have to use VNET controls to gate the service endpoints;

A. In VNet1, enable a service endpoint for CSAccount1.
B. In CSAccount1, configure the Access control (IAM) settings.

Explanation:

A. Enabling a service endpoint for CSAccount1 in VNet1 allows traffic from the virtual network to reach CSAccount1 without traversing the public internet, thus preventing external access.

B. Configuring the Access control (IAM) settings in CSAccount1 allows you to specify which specific resources or identities have access to CSAccount1. By configuring these settings, you can ensure that only specific resources can access CSAccount1, meeting the requirement to restrict access.

AE should be right

A. Enable a service endpoint for Azure AI services within the virtual network. The service endpoint routes traffic from the virtual network through an optimal path to the Azure AI service.
https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/role-based-access-control

B. Has default multiple Role-base access: Cognitive Services OpenAI User, Cognitive Services OpenAI Contributor, Cognitive Services Contributor, Cognitive Services Usages Reader

You can also set up Azure RBAC for whole resource groups, subscriptions, or management groups. Do this by selecting the desired scope level and then navigating to the desired item. For example, selecting Resource groups and then navigating to a specific resource group.

Select Access control (IAM) on the left navigation pane.

https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/role-based-access-control

A. In VNet1, enable a service endpoint for CSAccount1. Enabling a service endpoint for CSAccount1 in VNet1 will allow you to secure the Azure AI Service resource to a specific subset of networks. This means that only the applications requesting data over VNet1 will be able to access CSAccount1. It’s a way to ensure that the resource is only accessible from within the virtual network.

E. In CSAccount1, modify the virtual network settings. By modifying the virtual network settings in CSAccount1, you can configure network rules that limit access to the resource. You would set the default network access rule to deny access to all networks, including the internet. Then, you can specify which virtual networks or subnets are allowed to access CSAccount1.

the correct answers are A (enable a service endpoint for CSAccount1) and B (configure the Access control (IAM) settings). These actions provide a secure and efficient solution for restricting access to CSAccount1 while minimizing administrative overhead.

Cognitive Services Contributor
Lets you create, read, update, delete and manage keys of Cognitive Services.

Simulation questions will not appear on the actual exam as of May 25, 2024; ET should remove this type of question.

https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#cognitive-services-user
Classic Storage Account Key Operator Service Role:
Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts

1. Sign in to the Azure portal (https://portal.azure.com/) using your account credentials. 2. In the left-hand navigation menu, click on "All services" and search for "Subscriptions." Click on the "Subscriptions" service to open the list of your Azure subscriptions. 3. Find the subscription with the ID "AAA12345678" and click on it to open the subscription details page. 4. In the left-hand navigation menu of the subscription details page, click on "Access control (IAM)." 5. Click on the "+ Add" button to add a new role assignment. This will open the "Add role assignment" pane. 6. In the "Role" dropdown menu, search for and select the "User Access Administrator" role. This role allows a user to manage access to Azure resources, including the ability to manage subscription keys, while adhering to the principle of least privilege. 7. In the "Select" field, type "[email protected]" and select the user from the list of suggestions. 8. Click on the "Save" button to complete the role assignment process.