Pass Microsoft Certified: Azure AI Engineer Associate Certification Exams in First Attempt Easily

Microsoft Certified: Azure AI Engineer Associate Certification Practice Test Questions, Microsoft Certified: Azure AI Engineer Associate Exam Practice Test Questions

Want to prepare by using Microsoft Certified: Azure AI Engineer Associate certification exam practice test questions efficiently. 100% actual Microsoft Certified: Azure AI Engineer Associate practice test questions and answers, study guide and training course from Exam-Labs provide a complete solution to pass. Microsoft Certified: Azure AI Engineer Associate exam practice test questions and answers in VCE Format make it convenient to experience the actual test before you take the real exam. Pass with Microsoft Certified: Azure AI Engineer Associate certification practice test questions and answers with Exam-Labs VCE files.

Create a Cognitive Services resource

3. Cognitive Service Endpoint and Keys

Alright, so let's switch into our Cognitive Services account. I didn't click this "go to resource" button, or there are other ways to navigate in there. So I'm taken straight to the quick start, but we can skip right into the key endpoint section. Now, these keys are the key to our cognitive service. As soon as you share the key, that means other people are able to grab the key and use it, and you're going to get charged. So rest assured that this Cognitive Services account will get deleted before this course is published. But we can see a couple of key pieces of information. The first one is the endpoint. So I named this Azcogsvcs, and that became part of the URL. Anytime I call the Cognitive Services, then we're going to have to use this URL. Now, I do want to pause here and just drive home the point of the endpoints. Now, I'm not trying to give anything away here, but it was my observation on the exam that knowing what the endpoint format is would have helped in a few situations. So always remember that whatever name you give your cognitive service is part of the URL, and then it's Cognitiveservices Azure.com.There is no region, so it's not the West Coast. Nothing else is part of this URL, just the name "CognitiveServices." And whether you use the umbrella service, the cognitive services, or the computer vision service, the format is the same: face API, same format. And so this format is actually quite important to know. As a result, you'll need this for any API calls you make when working with cognitive services. The other thing is this key concept. So Azure in some of these services, such as storage and now machine learning, and Cognitive Services take a key-based approach, which means you can use the Cognitive Service if you have the secret key. So I can click the "Show keys" button, I can see my secret key, you can copy the key, and then use that in my code. Now, this is not something you want to store on GitHub and have published for the public to see. So keep an eye on who's sharing your keys. Put this into a key vault and keep it separate from prying eyes, for instance. Now, if this key ever does get out or you suspect that it may have been shared by too many people, you can always click the button that says "Regenerate Key." Regenerating the key will instantly invalidate the previous key, and all those applications will start to fail. And that's why there are two keys. So you are supposed to switch from Key One to Quick Key Two, deploy those applications with a new key, which is Key Two, and then regenerate Key One when nobody is currently using it. So that's why there are two keys being given. Now, that being said, the Content Services tab within the Microsoft Azure Portal is fairly simplistic. You see, the overview screen really doesn't have any graphs or any links to anything. This is just the basics of what you've already created. There is the quick start that it took us to that contains links to documentation, specifically to documentation about specific APIs. If you're wanting to use this with the Cognitive Services SDK, the pricing right now means we don't have a choice. There's only the S-Zero plan. this is going to be based on. I believe we're going to have some location-specific issues here. So when we get into the security, which we will do in a second, you'll see that we cannot add cognitive services to a particular virtual network. These are all disabled because of the location of our cognitive service. We could move this to a system-managed identity, and then we can start to assign specific role-based authentication to it. And we can obviously get links to the billing section where we can see how much this is all costing us and set up monitoring and alerts if we want to set up alerts for certain things.So, yeah, cognitive services are pretty straightforward when it comes to creating them within the portal. Of course, the real fun comes when you're using the cognitive services, of course.And so, you'll see that in the rest of the course.

4. Create Alerts for Cognitive Services

So let's create ourselves an alert. I'm in the cognitive services area here, and I'm going to go down under monitoring and say alerts. Now I don't have any current alert rules, so we're going to click on a new alert rule. We want the alert to be affecting the cognitive services resource, so make sure the scope points to the right resource under the condition we want to create a type of alert. Let's do the alert based on the listing of the keys. So if I say under the "activity log," I want to be alerted whenever somebody wants my cognitive services keys. That's a security alert. So I can click that. And we're going to look at the last 6 hours to see if there are any of these events according to the activity log listing the keys. So we'll leave that to load. Now, over the past 6 hours, nobody has requested these keys, but I changed it to the last 12 hours and I can see a couple of instances of the keys being requested. So that's my intention. It's only been a couple times. Right now I can say "done." So whenever there's a list key event, I want to be notified. What do I want to happen? If I wanted some kind of SMS or logic app function, I could certainly create an action group. Let's give it a name. I'm going to say this is the keysalert list, and then I'm going to say create alert rule. So what we're going to have to do iswe're going to have to list the keys forthe account in order to trigger this alert. I can see I have no alerts. I have an alert rule. So I have this command that is going to be in the CLI. It's going to do an account key list command against this cognitive service. So I'm going to open up the shell so I can get a shell terminal. I don't need to log in with Cloud Shell. If you're doing this on your own, do it now Even though this is PowerShell, PowerShell does support CLI commands, and so I just pasted it; it's kind of broken the way it's pasted, but you can see I did a list of keys, and so now we can see the keys for this. Now what we're expecting, of course, is that we would have generated an alert for this. So if I refresh this page, don't havean alert yet, let's wait for a minute. So I waited a few minutes and hit refresh, and we can see that we did have severity-four alerts now showing up under the alerts. So, if we want to monitor what's going on with this particular cognitive service, whether it's generating keys or some of the metrics, etcetera, we can set up this alert, and it'll show up on a dashboard, and we can even have it message us or SMS us, text us, or even run functions and logic apps. But in this case, we didn't set that up. But we can see the alerts are there. So that's how you configure alerts in cognitive services.

5. Monitor Metrics for Cognitive Services

So besides alerts, we can look at this tab called Metrics. Now, metrics are going to allow us to see in real time what's happening inside the cognitive service. We can see we've got the scope chosen, we can see there's a standard metric, which is the one that we're interested in, and we've got the list of possible metrics. And there are probably about a dozen metrics here: client errors, data in and data out, latency server errors, total calls, successful calls, how many characters are trained in the translation, text records, etc. For now, let's look at total calls. And what this is going to do is since it'sa sum, it's just going to keep going up. I also have the time associated with this report, so this is a 24 hour period. I can actually reduce this to 4 hours. That gives us a little bit; we can sort of see more detail on the graph now. Right now it's zero. We haven't used this cognitive service. So what I can do is call Curl again, and we can get some activities from this cognitive service. So here is a current call that we can make to this cognitive service, and we're getting it to detect the language for the word hello. Now, I could run this since this is open. I should be able to run this in PowerShell. I could use the cloud shell. Again, I'll do PowerShell this time. There's no login required, but I do have to pass in not only the endpoint, but a subscription key for the service. So it's secure, but it is open to the Internet, so I'll be able to do that. And then it comes back and says "detected language: English, Confidence Score 1.0." So as you can see, we're able to call it. Now, what we wanted was for the metric to kick in. So we want to this isautomatically going to refresh every minute. Or I guess I could hit the refresh button. Actual Fact: Just to get some activity, I'm just going to run this a few times, and it takes about 60 seconds. But I hit refresh, and I can see my first call. So the ones I've done subsequently haven't shown up yet. Actual Fact: I can change this to say, 30 minutes, get even more granularity, and pretty soon we can see the first call, then three subsequent calls, then the very next minute. So as you can see, you can look at things that are happening inside your product or service by generating one of these charts. One of the cool things is that if you really like this chart and it is really relevant to you for a period of time, you can pin it to your dashboard. Or if you do want to get alerted based on the total calls in this instance, then we can generate an alert rule that takes us back to the alert section. So this monitoring thing isn't exactly simple, but we can generate real-time charts on the fly, pin them to the dashboard, and then turn those charts into alerts. Now, what doesn't happen is that this chart leaves the screen. It goes away. We're not saving the chart unless we pin the chart. So, anyway, that is the metrics tab within monitoring.

6. Configure Diagnostics for Cognitive Services

So the last monitoring step that we'll talk about is the diagnostic settings. Now, this is the same as it is with other resources within Azure. If you're familiar with other resources, you have the ability to pull out the diagnostics from the cognitive service and place them into another resource, such as a storage account, an event hub, or even a Log Analytics workspace. And by doing this, you're able to then download it and do other analysis on it if that's what's important to you, or run log queries against it within Azure Monitor. So you can see that you're getting the audit, which is why we saw that in some of the alerts, you're getting the metrics, which we also saw in the metrics tab, and you're also getting request response information and some kind of tracing. So we don't currently have diagnostics turned on. We can turn that on. And this on the left here is what we want to pull out of it, so we can actually pull out all available diagnostics. Every resource in Azure would have a different set of diagnostics. What cognitive services are these? A storage account would be different, a virtual machine would be different, et cetera. Give it a name. And here's the idea of sending it somewhere: So it's going to grab these log files and metrics, and it can push them into what's called a Log Analytics workspace. And this is like I said: you can go into Azure Monitor and run queries against it. So say you want to find all the times in the past six months where the keys have been listed, or they've been regenerated, et cetera. There's a query you can create for that. If you don't want to do that, you can archive it to a storage account. Then you can go ahead and download it to your computer or a server. There might be some use for having this as a log file, maybe even just the audit. One in a log file is probably something that you'd like for governance purposes. Again, we got the Event Hub option, or—this is relatively new—the ability to send it to what is called a partner integration. I believe it will go beyond the scope of this exam and of this course. But Microsoft is starting to allow third parties to have this type of log analysis tool. So, let me open this link, and we can see right away that it has Elastic Datastore and Apache Kafka for Confluent Cloud. And so these are the three partners currently available. I'm sure they'll add to that. So, if I add this to logging Linux Workspace, as I mentioned, you could start querying these within Azure Monitor. It does take several hours for this information to start showing up. So if you're having a real-time problem and you're like, "Oh, we've got to figure this out quickly," then this is not the real-time solution. But you can turn this on, leave it running for 24 hours or 48 hours, and then go and see what's been happening, how these requests have been coming in, et cetera, and which is the most popular API or whatever the query that you have. I'm not going to enable this right now because we're not even going to be able to demonstrate this in Azure Monitor. But Diagnostics is basically getting that information out of the Cognitive Services Portal and into another place.

Plan and configure security for a Cognitive Services

1. Cognitive Services Security

So now we're going to dig a little bit deeper into security for Azure Cognitive Services. Now, you'll notice that when we created this cognitive service, the umbrella service, we specified a name for the service, and that name is part of the endpoint. Now they do provide this concept of networking, which in theory means that our cognitive service could exist on a virtual network that can be protected by network security groups or could be put behind a firewall. You could do a custom routing for that. But at the cognitive services level, at the umbrella service, it's not supported. There are only a subset of the cognitive services that support this level of security. So the screen is here, but we can't do much about it if we were to go into a specific service, like, let's say in the case of a speech service, I created a brand new speech service for this. And we can see here, first of all, the endpoint is quite different. So the end point is the region. API, Cognitive, Microsoft.com: everyone's endpoint is the exact same, and it just has a different path depending on the service. So, when it comes to the keys and endpoint, our endpoint differs. When we come down to the networking section, it says a custom domain name is required to support this. So this standard endpoint name, because it's not specific to me, cannot work in this networking world. We do need to generate our own custom domain name. It's a subdomain, effectively. So if I said Azschd speech, it's going to see that that's available, and that is available the moment I click this. I'm now forever, permanently assigning a new endpoint URL to the service, and you can't change it. This is a one-time action. Okay? So, once I've effectively assigned a custom domainname or subdomain to Azure CognitiveService, I've effectively locked that in. So if I go into the overview again, now I'll see my domain name, my subdomain, as part of the API instead of being East U.S., and it's now my own. And now I can attach this to a virtual network instead of having it publicly accessible. The security is still fairly tight, even if you have a publicly accessible URL. The key is what is required. So it's like having a door, but you don't have the key to the lock. But if you were to put this onto a specific network, then you are effectively moving your door into a secure neighbourhood where you have to pass through a security gate just to get into the neighborhood. So if I selected this, then I would be able to select an existing virtual network or create a new virtual network. And then this speech service would be part of that virtual network. We can then use the Cider notation to implement a firewall that says you must have a specific IP address or range to access this type of service. The other thing of course, is you can justdisable all access and then it becomes effectively you'reunable to access it from any network. Now, within the overall concept of Azure, there's also this concept of the private endpoint. And so this means you're going to be creating a private endpoint between two services. And those are the only two services that can communicate. So it's basically a tunnel from one service to another. So say you have a web app and this speech service, and you can set up a private endpoint, which is a private connection between them. So there is this additional layer of security that, if it's protecting your account, something like the speech service, is not a model that you developed; it's the Azure model. So really, what you're doing is protecting your billing. You're not protecting specific individual data points or private information. You're protecting this account from being used by someone else. Now other services like Custom Vision and things like that might be proprietary, but there are some services that are just public models, and then you're really just stopping other people from accessing them using your account. Now another method for protecting your account, which I'm going to discard, is by using this managed identity, where you can basically restrict the access to this account to various other things using Azure authentication. So this service will run under a system-managed identity. Okay? And so if you can access the identity, thenyou don't need to be accessing the keys. You can just access it through Azure Active Directory, essentially through authentication. So those are the various ways that we do security within Azure in terms of protecting access through keys, through networking, or even through turning on our backs and Azure Active Directory authentication.

2. Responsible AI Principles

Now, when it comes to artificial intelligence, machine learning, and Azure content of services, we do have to be very careful about some ethics and morality considerations when it comes to who is using these services. Now we've already seen when we went to create Azure cognitive services that we were forced to certify that we were not using these services for any police-related activities. And in fact, Microsoft has a whole section of its website called the Microsoft AI Principles, and I'll put a link to this in the resource for this particular lesson. But there are six overall principles that Microsoft suggests that people should consider when building and using AI services. They are the principles of fairness, reliability, and safety; privacy and security; inclusiveness; transparency; and accountability. Now, this is a lot bigger in the AI 900 exam. There's a whole section of the exam devoted to the principals, and a whole section on that particular course. But I'm going to try to summarise those principles in this video because it is part of this exam, albeit to a lesser degree. So the basic principle here is that AI systems are enticing for developers and companies to implement. But you really should think about the implications not only for the individuals that are being subjected to these systems but even for society as a whole. We can look at different examples from companies such as Amazon that were using an AI system to filter resumes, for example, and had determined through a machine learning model that women were less desirable candidates. And so those resumes were starting to get filtered out, and so Amazon quickly had to go and stop that machine learning algorithm from basically pre-screening the resumes that were submitted to it. So it's kind of dangerous to just allow a machine-learning system to work in areas that are particularly critical to humans when it comes to employment, bank loans and finances, policing, and things like that. So when we have our computer algorithms making decisions—whether to grant somebody a loan or not, increase their credit limit on their credit card or not—these things need to be applied fairly. You shouldn't be making decisions based on the colour of your skin or your gender or sexual orientation. All of these things are not necessarily likely factors in making good decisions, and we should keep an eye out for that. Now, when it comes to cognitive services, you're not necessarily selecting the algorithm to the same degree you are when you're building your own machine learning models. So that's why it applies a little bit less. But for instance, if you're building a database of customers based on their photos, you're able to acquire the photos of your customers, and then you're able to build machine-learning cognitive services that recognise your customers based on their photos, and then you can make certain decisions based on that. There'd be a lot of implications; you'd need to be transparent about that. You need to protect the privacy of your customers like that. If computers are making decisions based on this, sometimes you have to accept that they're not making the correct decision. And so you can't just shrug your shoulders and say, "Oh well, 10% of the population is not getting treated fairly when it comes to financial lending, that's 90% pretty good." And you can't just say that you have to be accountable for these. So I would recommend that you go and check out the Microsoft website for AI principles. You can click through each of these principles and understand them. Again, a lot of this does not apply to cognitive services because Microsoft is in charge of the model while making sure that your applications handle people with certain disabilities. The text-to-speech example is a great example where, if you're blind but you can then get your content spoken to you, that would be a great way to do inclusiveness, or the opposite, being able to speak to your systems and not just rely on somebody. being able to see and type and things like that So there are lots of interesting things in here. I would definitely recommend going through this. And, once again, this is a major feature of the AI900 course and exam.

3. Implement a Privacy Policy with Azure Policy

So one of the requirements of cognitive services is to implement a privacy policy and cognitive services. So let's talk about the Azure Policy Service. Now, you might not know this. There is an Azure Policy service where you can basically implement certain restrictions across your subscription, specific to a resource group, et cetera. And among these are some cognitive-services-related restrictions. So if you as an administrator wanted to force all your cognitive service accounts to disable public network access, then you could implement this policy again, either across your subscription or focused on a particular resource group. You can also force data encryption using a customer-managed key. There's also Azure Search, cognitive search-related things, private DNS for cognitive services, et cetera. Okay? forcing them to use Manage Identity, which we just saw. So you have the ability to basically go under assignment. We can say that we assign policies, and we pick our subscription. If we want to exclude certain things from the policy, you can pick the definition. So I'm going to go to SearchCognitive and start with services. And we can see that for instance, cognitive services should restrict network access and configure network rules. So only applications from allowed networks can access cognitive services. So if I were to select this and then enable this and say "create," then we're going to prevent any cognitive service accounts from being created that do not have restricted network access. Optionally, we could create a rule that doesn't restrict it but in fact just reports it. So if we go under the policy definition, we can see the code, the JSON that creates it, and either restrict it or just report it to an administrator, and you can deal with that on a case-by-case basis. So this is how we could use the Azure Policy Service to restrict cognitive services and enforce, basically, a property-wide privacy policy on the use of cognitive services.

So when looking for preparing, you need Microsoft Certified: Azure AI Engineer Associate certification practice test questions and answers, study guide and complete training course to study. Open in Avanset VCE Player & study in real exam environment. However, Microsoft Certified: Azure AI Engineer Associate exam practice test questions in VCE format are updated and checked by experts so that you can download Microsoft Certified: Azure AI Engineer Associate certification exam practice test questions and answers files in VCE format.