DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Efficient Microsoft AZ-500 Exam Preparation with Updated Practice Questions

Enhance your prospects of acing the challenging Microsoft Azure Security Engineer Associate certification with SPOTO's invaluable AZ-500 exam questions and answers. Their exhaustive study materials, including exam questions that accurately simulate the real test environment, provide comprehensive exam preparation resources. Leverage SPOTO's mock exams to identify areas requiring further study across managing identity/access, implementing platform protection, securing data/applications, and handling security operations. With detailed explanations and a realistic testing experience, SPOTO's exam questions equip you with the knowledge and confidence needed to pass successfully on your first attempt. Don't compromise your Azure Security Engineer aspirations - harness SPOTO's exceptional exam resources to validate your expertise in implementing security controls and threat protection using Microsoft Azure.
Take other online exams
Question #1
You need to ensure that you can meet the security operations requirements. What should you do first?
A. urn on Auto Provisioning in Security Center
B. ntegrate Security Center and Microsoft Cloud App Security
C. pgrade the pricing tier of Security Center to Standard
D. odify the Security Center workspace configuration
View answer
Correct Answer: C
Question #2
HOTSPOT (Drag and Drop is not supported)You assign User8 the Owner role for RG4, RG5, and RG6.In which resource groups can User8 create virtual networks and NSGs? You must be able to connect virtual machines to deployed virtual networks. To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #3
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named User1. You plan to publish several apps in the tenant.You need to ensure that User1 can grant admin consent for the published apps.Which two possible user roles can you assign to User1 to achieve this goal? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.
A. odify the Directory properties
B. et Enable Security defaults to Yes
C. onfigure the Consent and permissions settings for enterprise applications
D. odify the User settings
View answer
Correct Answer: BC
Question #4
SIMULATIONYou need to add the network interface of a virtual machine named VM1 to an application security group named ASG1.To complete this task, sign in to the Azure portal.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #5
HOTSPOT (Drag and Drop is not supported)You have a file named File1.yaml that contains the following contents. You create an Azure container instance named container1 by using File1.yaml.You need to identify where you can access the values of Variable1 and Variable2. What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #6
SIMULATIONYou need to perform a full malware scan every Sunday at 02:00 on a virtual machine named VM1 by using Microsoft Antimalware for Virtual Machines.To complete this task, sign in to the Azure portal.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #7
DRAG DROP (Drag and Drop is not supported)You create an Azure subscription with Azure AD Premium P2.You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure roles.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #8
You company has an Azure subscription named Sub1. Sub1 contains an Azure web app named WebApp1 that uses Azure Application Insights. WebApp1 requires users to authenticate by using OAuth 2.0 client secrets.Developers at the company plan to create a multi-step web test app that preforms synthetic transactions emulating user traffic to Web App1.You need to ensure that web tests can run unattended.What should you do first?
A. n Microsoft Visual Studio, modify the
B. pload the
C. egister the web test app in Azure AD
D. dd a plug-in to the web test app
View answer
Correct Answer: B
Question #9
SIMULATIONYou need to configure a Microsoft SQL server named Web11597200 only to accept connections from the Subnet0 subnet on the VNET01 virtual network.To complete this task, sign in to the Azure portal.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #10
You have an Azure subscription.You create an Azure web app named Contoso1812 that uses an S1 App service plan.You create a DNS record for www.contoso.com that points to the IP address of Contoso1812.You need to ensure that users can access Contoso1812 by using the https://www.contoso.com URL. Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
A. es
B. o
View answer
Correct Answer: BF
Question #11
You need to encrypt storage1 to meet the technical requirements. Which key vaults can you use?
A. eyVault2 and KeyVault3 only
B. eyVault1 only
C. eyVault1 and KeyVault3 only
D. eyVault1, KeyVault2, and KeyVault3
View answer
Correct Answer: B
Question #12
You have an Azure subscription that contains a user named User1.You need to ensure that User1 can perform the following tasks:-Create groups.-Create access reviews for role-assignable groups.-Assign Azure AD roles to groups.The solution must use the principle of least privilege.Which role should you assign to User1?
A. roups administrator
B. uthentication administrator
C. dentity Governance Administrator
D. rivileged role administrator
View answer
Correct Answer: D
Question #13
You are configuring an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry. You need to use the auto-generated service principal to authenticate to the Azure Container Registry.What should you create?
A. n Azure Active Directory (Azure AD) group
B. n Azure Active Directory (Azure AD) role assignment
C. n Azure Active Directory (Azure AD) user
D. secret in Azure Key Vault
View answer
Correct Answer: B
Question #14
HOTSPOT (Drag and Drop is not supported)Which virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #15
You have an Azure subscription.You configure the subscription to use a different Azure Active Directory (Azure AD) tenant.What are two possible effects of the change? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.
A. es
B. o
View answer
Correct Answer: AB
Question #16
DRAG DROP (Drag and Drop is not supported)You have an Azure AD tenant and an application named App1.You need to ensure that App1 can use Microsoft Entra Verified ID to verify credentials.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #17
HOTSPOT (Drag and Drop is not supported)What is the membership of Group1 and Group2? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #18
You have an Azure AD tenant that contains three users named User1, User2, and User3.You configure Azure AD Password Protection as shown in the following exhibit. The users perform the following tasks:-User1 attempts to reset her password to C0nt0s0.-User2 attempts to reset her password to F@brikamHQ.-User3 attempts to reset her password to Pr0duct123.Which password reset attempts fail?
A. ser1 only
B. ser2 only
C. ser3 only
D. ser1 and User 3 only
E. ser1, User2, and User3
View answer
Correct Answer: E
Question #19
You have an Azure virtual machine named VM1.From Azure Security Center, you get the following high-severity recommendation: “Install endpoint protection solutions on virtual machine”.You need to resolve the issue causing the high-severity recommendation. What should you do?
A. dd the Microsoft Antimalware extension to VM1
B. nstall Microsoft System Center Security Management Pack for Endpoint Protection on VM1
C. dd the Network Watcher Agent for Windows extension to VM1
D. nboard VM1 to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)
View answer
Correct Answer: A
Question #20
You need to consider the underlined segment to establish whether it is accurate.You have been tasked with creating a different subscription for each of your company’s divisions. However, the subscriptions will be linked to a single Azure Active Directory (Azure AD) tenant.You want to make sure that each subscription has identical role assignments. You make use of Azure AD Privileged Identity Management (PIM).Select “No adjustment required” if the underlined segment is accurate. If the underlined segment is
A. o adjustment required
B. zure Blueprints
C. onditional access policies
D. zure DevOps
View answer
Correct Answer: A
Question #21
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant. From the Azure portal, you register an enterprise application.Which additional resource will be created in Azure AD?
A. service principal
B. n X
C. managed identity
D. user account
View answer
Correct Answer: A
Question #22
You have an Azure subscription that contains the resources shown in the following table.You need to ensure that ServerAdmins can perform the following tasks:Create virtual machines in RG1 only.Connect the virtual machines to the existing virtual networks in RG2 only. The solution must use the principle of least privilege.Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: AF
Question #23
HOTSPOT (Drag and Drop is not supported)You are evaluating the effect of the application security groups on the network communication between the virtual machines in Sub2.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #24
SIMULATIONYou need to prevent administrative users from accidentally deleting a virtual network named VNET1. The administrative users must be allowed to modify the settings of VNET1.To complete this task, sign in to the Azure portal.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #25
You have an Azure subscription named Subscription1.You deploy a Linux virtual machine named VM1 to Subscription1. You need to monitor the metrics and the logs of VM1. What should you use?
A. he AzurePerformanceDiagnostics extension
B. zure HDInsight
C. inux Diagnostic Extension (LAD) 3
D. zure Analysis Services
View answer
Correct Answer: C
Question #26
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.You create a resource group named RG1.Which users can modify the permissions for RG1 and which users can create virtual networks in RG1? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #27
You need to meet the identity and access requirements for Group1.What should you do?
A. dd a membership rule to Group1
B. elete Group1
C. odify the membership rule of Group1
D. hange the membership type of Group1 to Assigned
View answer
Correct Answer: D
Question #28
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your Company’s Azure subscription includes a virtual network that has a single subnet configured.You have created a service endpoint for the subnet, which includes an Azure virtual machine that has Ubuntu Server 18.04 installed.You are preparing to deploy Docker containers to the virtual machine. You need to make sur
A. es
B. o
View answer
Correct Answer: A
Question #29
Your company plans to create separate subscriptions for each department. Each subscription will be associated to the same Azure Active Directory (Azure AD) tenant.You need to configure each subscription to have the same role assignments.What should you use?
A. zure Security Center
B. zure Policy
C. zure AD Privileged Identity Management (PIM)
D. zure Blueprints
View answer
Correct Answer: D
Question #30
SIMULATIONYou need to create a new Azure Active Directory (Azure AD) directory named 12345678.onmicrosoft.com. The new directory must contain a new user named user1@12345678.onmicrosoft.com.To complete this task, sign in to the Azure portal.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #31
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription that contains a resource group named RG1. RG1 contains a storage account named storage1.You have two custom Azure roles named Role1 and Role2 that are scoped to RG1.The permissions for Role1 are shown in the following JSON code. The permissions for Role2 are shown in the following JSON code. You assign the roles to the users shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #32
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.Your strategy for the integ
A. es
B. o
View answer
Correct Answer: A
Question #33
You are testing an Azure Kubernetes Service (AKS) cluster. The cluster is configured as shown in the exhibit. (Click the Exhibit tab.)You plan to deploy the cluster to production. You disable HTTP application routing.You need to implement application routing that will provide reverse proxy and TLS termination for AKS services by using a single IP address. What should you do?
A. reate an AKS Ingress controller
B. nstall the container network interface (CNI) plug-in
C. reate an Azure Standard Load Balancer
D. reate an Azure Basic Load Balancer
View answer
Correct Answer: A
Question #34
HOTSPOT (Drag and Drop is not supported)You need to configure support for Microsoft Sentinel notebooks to meet the technical requirements. What is the minimum number of Azure container registries and Azure Machine Learning workspaces required? Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #35
Lab TaskTask 4You need to ensure that when administrators deploy resources by using an Azure Resource Manager template, the deployment can access secrets in an Azure key vault named KV31330471.
A. ee the task answer with step by step below
.
View answer
Correct Answer: A
Question #36
You have 15 Azure virtual machines in a resource group named RG1.All virtual machines run identical applications.You need to prevent unauthorized applications and malware from running on the virtual machines.What should you do?
A. pply an Azure policy to RG1
B. rom Azure Security Center, configure adaptive application controls
C. onfigure Azure Active Directory (Azure AD) Identity Protection
D. pply a resource lock to RG1
View answer
Correct Answer: B
Question #37
SIMULATIONYou need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources. To complete this task, sign in to the Azure portal.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #38
You have an Azure subscription that contains 100 virtual machines and has Azure Security Center Standard tier enabled.You plan to perform a vulnerability scan of each virtual machine.You need to deploy the vulnerability scanner extension to the virtual machines by using an Azure Resource Manager template.Which two values should you specify in the code to automate the deployment of the extension to the virtual machines? Each correct answer presents part of the solution.NOTE: Each correct selection is worth o
A. reate and configure a network security group (NSG)
B. reate and configure an additional public IP address for VM1
C. eplace the Basic Load Balancer with an Azure Standard Load Balancer
D. ssign an Azure Active Directory Premium Plan 1 license to Admin1
View answer
Correct Answer: AC
Question #39
You have been tasked with making sure that you are able to modify the operating system security configurations via Azure Security Center.To achieve your goal, you need to have the correct pricing tier for Azure Security Center in place. Which of the following is the pricing tier required?
A. dvanced
B. remium
C. tandard
D. ree
View answer
Correct Answer: C
Question #40
You have 10 virtual machines on a single subnet that has a single network security group (NSG). You need to log the network traffic to an Azure Storage account.What should you do?
A. nstall the Network Performance Monitor solution
B. reate an Azure Log Analytics workspace
C. nable diagnostic logging for the NSG
D. nable NSG flow logs
View answer
Correct Answer: D
Question #41
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.After syncing all on-premises identities to Azure AD, you are informed that users with a givenName attribute starting with LAB should not be allowed to sync to Azure AD.Which of the following actions should you take?
A. ou should make use of the Synchronization Rules Editor to create an attribute-based filtering rule
B. ou should configure a DNAT rule on the Firewall
C.
D. ou should make use of Active Directory Users and Computers to create an attribute-based filtering rule
View answer
Correct Answer: A
Question #42
Your company recently created an Azure subscription. You have, subsequently, been tasked with making sure that you are able to secure Azure AD roles by making use of Azure Active Directory (Azure AD) Privileged Identity Management (PIM).Which of the following actions should you take FIRST?
A. ou should sign up Azure Active Directory (Azure AD) Privileged Identity Management (PIM) for Azure AD roles
B. ou should consent to Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
C. ou should discover privileged roles
D. ou should discover resources
View answer
Correct Answer: B
Question #43
DRAG DROP (Drag and Drop is not supported)You need to deploy AKS1 to meet the platform protection requirements.Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.Select and Place:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #44
You need to consider the underlined segment to establish whether it is accurate.You have been tasked with creating a different subscription for each of your company's divisions. However, the subscriptions will be linked to a single Azure ActiveDirectory (Azure AD) tenant.You want to make sure that each subscription has identical role assignments.You make use of Azure AD Privileged Identity Management (PIM).Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is in
A. o adjustment required
B. zure Blueprints
C. onditional access policies
D. zure DevOps
View answer
Correct Answer: A
Question #45
You have an Azure subscription that contains an Azure Container Registry named Registry1. Microsoft Defender for Cloud is enabled in the subscription.You upload several container images to Registry1.You discover that vulnerability security scans were not performed.You need to ensure that the container images are scanned for vulnerabilities when they are uploaded to Registry1.What should you do?
A. rom the Azure portal, modify the Defender plans settings
B. rom Azure CLI, lock the container images
C. pload the container images by using AzCopy
D. ush the container images to Registry1 by using Docker
View answer
Correct Answer: A
Question #46
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server 2016.You need to implement a policy to ensure that each virtual machine has a custom antimalware virtual machine extension installed. How should you complete the policy? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #47
You make use of Azure Resource Manager templates to deploy Azure virtual machines.You have been tasked with making sure that Windows features that are not in use, are automatically inactivated when instances of the virtual machines are provisioned.Which of the following actions should you take?
A. ou should make use of Azure DevOps
B. ou should make use of Azure Automation State Configuration
C. ou should make use of network security groups (NSG)
D. ou should make use of Azure Blueprints
View answer
Correct Answer: B
Question #48
You have an Azure subscription that contains the users shown in the following table.Which users can enable Azure AD Privileged Identity Management (PIM)?
A. ser2 and User3 only
B. ser1 and User2 only
C. ser2 only
D. ser1 only
View answer
Correct Answer: D
Question #49
You plan to use Azure Resource Manager templates to perform multiple deployments of identically configured Azure virtual machines. The password for the administrator account of each deployment is stored as a secret in different Azure key vaults.You need to identify a method to dynamically construct a resource ID that will designate the key vault containing the appropriate secret during each deployment.The name of the key vault and the name of the secret will be provided as inline parameters.What should you
A. a key vault access policy
B. a linked template
C. a parameters file
D. an automation account
View answer
Correct Answer: C
Question #50
Your company’s Azure subscription includes a hundred virtual machines that have Azure Diagnostics enabled.You have been tasked with analyzing the security events of a Windows Server 2016 virtual machine. You have already accessed Azure Monitor.Which of the following options should you use?
A. pplication Log
B. etrics
C. ctivity Log
D. ogs
View answer
Correct Answer: D
Question #51
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.Your strategy for the integ
A. es
B. o
View answer
Correct Answer: A
Question #52
SIMULATIONYou need to create a new Azure Active Directory (Azure AD) directory named 10317806.onmicrosoft.com. The new directory must contain a user named user10317806 who is configured to sign in by using Azure Multi- Factor Authentication (MFA).
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #53
DRAG DROP (Drag and Drop is not supported)You are configuring network connectivity for two Azure virtual networks named VNET1 and VNET2.You need to implement VPN gateways for the virtual networks to meet the following requirements:-VNET1 must have six site-to-site connections that use BGP.-VNET2 must have 12 site-to-site connections that use BGP. -Costs must be minimized.Which VPN gateway SKU should you use for each virtual network? To answer, drag the appropriate SKUs to the correct networks. Each SKU may
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #54
You have an Azure subscription that contains a user named Admin1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer.Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center.You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1. What should you do?
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #55
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription that contains a user named User1 and a storage account named storage1. The storage1 account contains the resources shown in the following table. User1 is assigned the following roles for storage1: Storage Blob Data Reader Storage Table Data Contributor Storage File Data SMB Share ReaderIn storage1, you create a shared access signature (SAS) named SAS1 as shown in the following exhibit. For each of the following statements, select Yes if
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #56
HOTSPOT (Drag and Drop is not supported)You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.You create and enforce an Azure AD Identity Protection sign-in risk policy that has the following settings:-Assignments: Include Group1, exclude Group2-Conditions: Sign-in risk level: Medium and above-Access: Allow access, Require multi-factor authenticationYou need to identify what occurs when the users sign in to Azure AD.What should you identify for each user?
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #57
You have been tasked with applying conditional access policies for your company’s current Azure Active Directory (Azure AD).The process involves assessing the risk events and risk levels.Which of the following is the risk level that should be configured for users that have leaked credentials?
A. one
B. ow
C. edium
D. igh
View answer
Correct Answer: D
Question #58
You have an Azure subscription that contains a user named User1 and an Azure Container Registry named ConReg1.You enable content trust for ContReg1.You need to ensure that User1 can create trusted images in ContReg1. The solution must use the principle of least privilege.Which two roles should you assign to User1? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
A. mage1 and image2 only
B. mage2 only
C. mage1, image2, and image3
View answer
Correct Answer: CD
Question #59
From Azure Security, you create a custom alert rule.You need to configure which users will receive an email message when the alert is triggered.What should you do?
A. rom Azure Monitor, create an action group
B. rom Security Center, modify the Security policy settings of the Azure subscription
C. rom Azure Active Directory (Azure AD)
D. rom Security Center, modify the alert rule
View answer
Correct Answer: A
Question #60
You have an Azure subscription that contains the virtual networks shown in the following table.The subscription contains the virtual machines shown in the following table.On NIC1, you configure an application security group named ASG1.On which other network interfaces can you configure ASG1?
A. IC2 only
B. IC2, NIC3, NIC4, and NIC5
C. IC2 and NIC3 only
D. IC2, NIC3, and NIC4 only
View answer
Correct Answer: C
Question #61
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a hybrid configuration of Azure Active Directory (AzureAD). You have an
A. es
B. o
View answer
Correct Answer: B
Question #62
From Azure Security Center, you need to deploy SecPol1. What should you do first?
A. nable Azure Defender
B. reate an Azure Management group
C. reate an initiative
D. onfigure continuous export
View answer
Correct Answer: C
Question #63
HOTSPOT (Drag and Drop is not supported)You have the Azure virtual networks shown in the following table.You have the Azure virtual machines shown in the following table.The firewalls on all the virtual machines allow ping traffic. NSG1 is configured as shown in the following exhibit.Inbound security rulesOutbound security rulesFor each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #64
You have an Azure subscription that contains the resources shown in the following table. You plan to deploy the virtual machines shown in the following table. You need to assign managed identities to the virtual machines. The solution must meet the following requirements:-Assign each virtual machine the required roles.-Use the principle of least privilege.What is the minimum number of managed identities required?
A.
B.
C.
D.
View answer
Correct Answer: B
Question #65
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain.You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to deploy Azure AD Connect and to integrate Active Directory and the Azure AD tenant.You need to recommend an integration solution that meets the following requirements:-Ensures that password policies and user logon restrictions apply to user accounts that are synced to t
A. ederated identity with Active Directory Federation Services (AD FS)
B. assword hash synchronization with seamless single sign-on (SSO)
C. ass-through authentication with seamless single sign-on (SSO)
View answer
Correct Answer: B
Question #66
You need to meet the technical requirements for VNetwork1.What should you do first?
A. reate a new subnet on VNetwork1
B. emove the NSGs from Subnet11 and Subnet13
C. ssociate an NSG to Subnet12
D. onfigure DDoS protection for VNetwork1
View answer
Correct Answer: A
Question #67
SIMULATIONYou need to prevent administrators from performing accidental changes to the Homepage app service plan.To complete this task, sign in to the Azure portal.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #68
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription named Sub1.You create a virtual network that contains one subnet. On the subnet, you provision the virtual machines shown in the following table.Currently, you have not provisioned any network security groups (NSGs). You need to implement network security to meet the following requirements: -Allow traffic to VM4 from VM3 only.-Allow traffic from the Internet to VM1 and VM2 only. -Minimize the number of NSGs and network security rules.How
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #69
You have been tasked with enabling Advanced Threat Protection for an Azure SQL Database server. Advanced Threat Protection must be configured to identify all types of threat detection.Which of the following will happen if when a faulty SQL statement is generate in the database by an application?
A. Potential SQL injection alert is triggered
B. Vulnerability to SQL injection alert is triggered
C. n Access from a potentially harmful application alert is triggered
D. Brute force SQL credentials alert is triggered
View answer
Correct Answer: B
Question #70
You plan to implement JIT VM access. Which virtual machines will be supported?
A. M2, VM3, and VM4 only
B. M1, VM2, VM3, and VM4
C. M1 and VM3 only
D. M1 only
View answer
Correct Answer: C
Question #71
You company has an Azure Active Directory (Azure AD) tenant named contoso.com.You plan to create several security alerts by using Azure Monitor.You need to prepare the Azure subscription for the alerts.What should you create first?
A. n Azure Storage account
B. n Azure Log Analytics workspace
C. n Azure event hub
D. n Azure Automation account
View answer
Correct Answer: B
Question #72
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription that contains a user named Admin1 and a resource group named RG1. In Azure Monitor, you create the alert rules shown in the following table.Admin1 performs the following actions on RG1:-Adds a virtual network named VNET1 -Adds a Delete lock named Lock1Which rules will trigger an alert as a result of the actions of Admin1? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #73
DRAG DROP (Drag and Drop is not supported)You have an Azure subscription that contains the virtual networks shown in the following table.The Azure virtual machines on SpokeVNetSubnet0 can communicate with the computers on the on-premises network. You plan to deploy an Azure firewall to HubVNet.You create the following two routing tables:-RT1: Includes a user-defined route that points to the private IP address of the Azure firewall as a next hop address -RT2: Disables BGP route propagation and defines the pr
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #74
You need to ensure that users can access VM0. The solution must meet the platform protection requirements. What should you do?
A. ove VM0 to Subnet1
B. n Firewall, configure a network traffic filtering rule
C. ssign RT1 to AzureFirewallSubnet
D. n Firewall, configure a DNAT rule
View answer
Correct Answer: A
Question #75
SIMULATIONYou need to deploy an Azure firewall to a virtual network named VNET3.To complete this task, sign in to the Azure portal and modify the Azure resources.This task might take several minutes to complete. You can perform other tasks while the task completes.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #76
You have an Azure AD tenant that contains the identities shown in the following table. You plan to implement Azure AD Identity Protection.What is the maximum number of user risk policies you can configure?
A.
B. 0
C. 00
D. 65
E. 000
View answer
Correct Answer: D
Question #77
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure subscription named Sub1.You have an Azure Storage account name
A. es
B. o
View answer
Correct Answer: A
Question #78
Your company recently created an Azure subscription. You have, subsequently, been tasked with making sure that you are able to secure Azure AD roles by making use of Azure Active Directory (Azure AD) Privileged Identity Management (PIM).Which of the following actions should you take FIRST?
A. ou should sign up Azure Active Directory (Azure AD) Privileged Identity Management (PIM) for Azure AD roles
B. ou should consent to Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
C. ou should discover privileged roles
D. ou should discover resources
View answer
Correct Answer: B
Question #79
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a hybrid configuration of Azure Active Directory (Azure AD).You have an
A. es
B. o
View answer
Correct Answer: B
Question #80
You have an Azure virtual machines shown in the following table.You create an Azure Log Analytics workspace named Analytics1 in RG1 in the East US region. Which virtual machines can be enrolled in Analytics1?
A. M1 only
B. M1, VM2, and VM3 only
C. M1, VM2, VM3, and VM4
D. M1 and VM4 only
View answer
Correct Answer: A
Question #81
You have Azure Resource Manager templates that you use to deploy Azure virtual machines.You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.What should you use?
A. evice configuration policies in Microsoft Intune
B. n Azure Desired State Configuration (DSC) virtual machine extension
C. ecurity policies in Azure Security Center
D. zure Logic Apps
View answer
Correct Answer: B
Question #82
You have a hybrid configuration of Azure Active Directory (Azure AD). You have an Azure SQL Database instance that is configured to support Azure AD authentication.Database developers must connect to the database instance and authenticate by using their on-premises Active Directory account.You need to ensure that developers can connect to the instance by using Microsoft SQL Server Management Studio. The solution must minimize authenticationprompts.Which authentication method should you recommend?
A. ctive Directory - Password
B. ctive Directory - Universal with MFA support
C. QL Server Authentication
D. ctive Directory – Integrated
View answer
Correct Answer: D
Question #83
From Azure Security Center, you enable Azure Container Registry vulnerability scanning of the images in Registry1. You perform the following actions:-Push a Windows image named Image1 to Registry1. -Push a Linux image named Image2 to Registry1.-Push a Windows image named Image3 to Registry1.-Modify Image1 and push the new image as Image4 to Registry1. -Modify Image2 and push the new image as Image5 to Registry1.Which two images will be scanned for vulnerabilities? Each correct answer presents a complete sol
A. ee Explanation section for answer
View answer
Correct Answer: BE
Question #84
You have an Azure subscription that contains an Azure key vault.You need to configure the maximum number of days for which new keys are valid. The solution must minimize administrative effort.What should you use?
A. zure Purview
B. ey Vault properties
C. zure Blueprints
D. zure Policy
View answer
Correct Answer: D
Question #85
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription that is linked to an Azure Active Directory (Azure AD). The tenant contains the users shown in the following table.You have an Azure key vault named Vault1 that has Purge protection set to Disable. Vault1 contains the access policies shown in the following table.You create role assignments for Vault1 as shown in the following table.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #86
You have Azure Resource Manager templates that you use to deploy Azure virtual machines.You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.What should you use?
A. evice compliance policies in Microsoft Intune
B. zure Automation State Configuration
C. pplication security groups
D. zure Advisor
View answer
Correct Answer: B
Question #87
You have the Azure virtual machines shown in the following table.For which virtual machine can you enable Update Management?
A. M2 and VM3 only
B. M2, VM3, and VM4 only
C. M1, VM2, and VM4 only
D. M1, VM2, VM3, and VM4
E. M1, VM2, and VM3 only
View answer
Correct Answer: C
Question #88
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription that contains a storage account named storage1 and several virtual machines. The storage account and virtual machines are in the same Azure region. The network configurations of the virtual machines are shown in the following table.The virtual network subnets have service endpoints defined as shown in the following table.You configure the following Firewall and virtual networks settings for storage1: -Allow access from: Selected networks
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #89
You have an Azure AD tenant. The tenant contains users that are assigned Azure AD Premium P2 licenses.You have a partner company that has a domain named fabrikam.com. The fabrikam.com domain contains a user named User1. User1 has an email address of user1@fabrikam.comYou need to provide User1 with access to the resources in the tenant. The solution must meet the following requirements:-User1 must be able to sign in by using the user1@fabrikam.com credentials.-You must be able to grant User1 access to the re
A. reate a user account for User1
B. o the tenant, add fabrikam
C. reate an invite for User1
D. et Enable guest self-service sign up via user flows to Yes for the tenant
View answer
Correct Answer: C
Question #90
SIMULATIONYou need to create a new Azure Active Directory (Azure AD) directory named 11641655.onmicrosoft.com and a user named User1 in the new directory. The solution must ensure that User1 is enabled for Azure Multi-Factor Authentication (MFA).To complete this task, sign in to the Azure portal.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #91
SIMULATIONYou need to ensure that only devices connected to a 131.107.0.0/16 subnet can access data in the rg1lod10598168 Azure Storage account.To complete this task, sign in to the Azure portal.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #92
You have been tasked with creating an Azure key vault using PowerShell. You have been informed that objects deleted from the key vault must be kept for a set period of 90 days.Which two of the following parameters must be used in conjunction to meet the requirement? (Choose two.)
A. ee Explanation section for answer
View answer
Correct Answer: BD
Question #93
You have an Azure subscription.You plan to deploy a new Conditional Access policy named CAPolicy1.You need to use the What if tool to evaluate how CAPolicy1 wall affect users. The solution must minimize the impact of CAPolicy1 on the users.To what should you set the Enable policy setting for CAPolicy1?
A. ff
B. n
C. eport only
View answer
Correct Answer: C
Question #94
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.You are in the process of creating an Azure Kubernetes Service (AKS) cluster. The Azure Kubernetes Service (AKS) cluster must be able to connect to an Azure Container Registry.You want to make sure that Azure Kubernetes Service (AKS) cluster authenticates to the Azure Container Registry by making use of the auto-gene
A. es
B. o
View answer
Correct Answer: A
Question #95
HOTSPOT (Drag and Drop is not supported)You plan to use Azure Log Analytics to collect logs from 200 servers that run Windows Server 2016.You need to automate the deployment of the Microsoft Monitoring Agent to all the servers by using an Azure Resource Manager template. How should you complete the template? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #96
You have been tasked with delegate administrative access to your company’s Azure key vault.You have to make sure that a specific user can set advanced access policies for the key vault. You also have to make sure that access is assigned based on the principle of least privilege.Which of the following options should you use to achieve your goal?
A. key vault access policy
B. zure policy
C. zure AD Privileged Identity Management (PIM)
D. zure DevOps
View answer
Correct Answer: B
Question #97
You have a sneaking suspicion that there are users trying to sign in to resources which are inaccessible to them.You decide to create an Azure Log Analytics query to confirm your suspicions. The query will detect unsuccessful user sign-in attempts from the last few days. You want to make sure that the results only show users who had failed to sign-in more than five times.Which of the following should be included in your query?
A. he EventID and CountIf() parameters
B. he ActivityID and CountIf() parameters
C. he EventID and Count() parameters
D. he ActivityID and Count() parameters
View answer
Correct Answer: C
Question #98
DRAG DROP (Drag and Drop is not supported)You have an Azure subscription.You plan to create two custom roles named Role1 and Role2.The custom roles will be used to perform the following tasks:-Members of Role1 will manage application security groups.-Members of Role2 will manage Azure Bastion.You need to add permissions to the custom roles.Which resource provider should you use for each role? To answer, drag the appropriate resource providers to the correct roles. Each resource provider may be used, more th
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #99
HOTSPOT (Drag and Drop is not supported)You have the role assignments shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #100
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company’s Azure subscription is linked to their Azure Active Directory (Azure AD) tenant.After an internally developed application is registered in Azure AD, you are tasked with making sure that the application has the ability to access Azure Key Vault secrets on application the users’ behalf.Solution: You confi
A. es
B. o
View answer
Correct Answer: B
Question #101
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure Subscription. The subscription contains 50 virtual machines th
A. es
B. o
View answer
Correct Answer: A
Question #102
You have an Azure AD tenant.You plan to implement an authentication solution to meet the following requirements:-Require number matching.-Display the geographical location when signing in.Which authentication method should you include in the solution?
A. icrosoft Authenticator
B. IDO2 security key
C. MS
D. emporary Access Pass
View answer
Correct Answer: A
Question #103
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.Your strategy for the integ
A. es
B. o
View answer
Correct Answer: B
Question #104
You have an Azure subscription.You plan to create a custom role-based access control (RBAC) role that will provide permission to read the Azure Storage account.Which property of the RBAC role definition should you configure?
A. otActions []
B. ataActions []
C. ssignableScopes []
D. ctions []
View answer
Correct Answer: D
Question #105
HOTSPOT (Drag and Drop is not supported)Your company has an Azure subscription named Subscription1 that contains the users shown in the following table.The company is sold to a new owner.The company needs to transfer ownership of Subscription1.Which user can transfer the ownership and which tool should the user use? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #106
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.After syncing all on-premises identities to Azure AD, you are informed that users with a givenName attribute starting with LAB should not be allowed to sync toAzure AD.Which of the following actions should you take?
A. ou should make use of the Synchronization Rules Editor to create an attribute-based filtering rule
B. ou should configure a DNAT rule on the Firewall
C. ou should configure a network traffic filtering rule on the Firewall
D. ou should make use of Active Directory Users and Computers to create an attribute-based filtering rule
View answer
Correct Answer: A
Question #107
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription that contains the resources shown in the following table.The subscription is linked to an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.You create the groups shown in the following table.The membership rules for Group1 and Group2 are configured as shown in the following exhibit.For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correc
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #108
HOTSPOT (Drag and Drop is not supported)You need to ensure that the Azure AD application registration and consent configurations meet the identity and access requirements.What should you use in the Azure portal? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #109
You have a Microsoft 365 tenant that uses an Azure Active Directory (Azure AD) tenant. The Azure AD tenant syncs to an on-premises Active Directory domain by using an instance of Azure AD Connect.You create a new Azure subscription.You discover that the synced on-premises user accounts cannot be assigned roles in the new subscription. You need to ensure that you can assign Azure and Microsoft 365 roles to the synced Azure AD user accounts. What should you do fist?
A. onfigure the Azure AD tenant used by the new subscription to use pass-through authentication
B. onfigure the Azure AD tenant used by the new subscription to use federated authentication
C. hange the Azure AD tenant used by the new subscription
D. onfigure a second instance of Azure AD Connect
View answer
Correct Answer: C
Question #110
You have an Azure virtual machine that runs Ubuntu 16.04-DAILY-LTS.You plan to deploy and configure an Azure Key vault, and enable Azure Disk Encryption for the virtual machine. Which of the following is TRUE with regards to Azure Disk Encryption for a Linux VM?
A. t is NOT supported for basic tier VMs
B. t is NOT supported for standard tier VMs
C. S drive encryption for Linux virtual machine scale sets is supported
D. ustom image encryption is supported
View answer
Correct Answer: A
Question #111
You have an Azure Active Directory (Azure AD) tenant that contains a user named Admin1. Admin1 is assigned the Application developer role.You purchase a cloud app named App1 and register App1 in Azure AD.Admin1 reports that the option to enable token encryption for App1 is unavailable.You need to ensure that Admin1 can enable token encryption for App1 in the Azure portal. What should you do?
A. pload a certificate for App1
B. odify the API permissions of App1
C. dd App1 as an enterprise application
D. ssign Admin1 the Cloud application administrator role
View answer
Correct Answer: C
Question #112
Lab TaskTask 1You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.
A. ee the task answer with step by step below
.
View answer
Correct Answer: A
Question #113
You have an Azure subscription linked to an Azure Active Directory Premium Plan 1 tenant.You plan to implement Azure Active Directory (Azure AD) Identity Protection.You need to ensure that you can configure a user risk policy and a sign-in risk policy.What should you do first?
A. urchase Azure Active Directory Premium Plan 2 licenses for all users
B. egister all users for Azure Multi-Factor Authentication (MFA)
C. nable security defaults for Azure Active Directory
D. nable enhanced security features in Microsoft Defender for Cloud
View answer
Correct Answer: A
Question #114
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company’s Azure subscription is linked to their Azure Active Directory (Azure AD) tenant.After an internally developed application is registered in Azure AD, you are tasked with making sure that the application has the ability to access Azure Key Vault secrets on application the users’ behalf.Solution: You confi
A. es
B. o
View answer
Correct Answer: A
Question #115
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription that contains the alerts shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #116
You need to meet the identity and access requirements for Group1.What should you do?
A. dd a membership rule to Group1
B. elete Group1
C. odify the membership rule of Group1
D. hange the membership type of Group1 to Assigned
View answer
Correct Answer: D
Question #117
You have an Azure Active Directory (Azure AD) tenant. You have the deleted objects shown in the following table.On May 4, 2020, you attempt to restore the deleted objects by using the Azure Active Directory admin center. Which two objects can you restore? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.
A. ee Explanation section for answer
View answer
Correct Answer: BC
Question #118
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription that contains the virtual machines shown in the following table.Subnet1 and Subnet2 have a Microsoft.Storage service endpoint configured.You have an Azure Storage account named storageacc1 that is configured as shown in the following exhibit.For each of the following statements, select Yes if the statement is true. Otherwise, select No.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #119
SIMULATIONThe developers at your company plan to create a web app named App10598168 and to publish the app to https://www.contoso.com.You need to perform the following tasks:-Ensure that App10598168 is registered to Azure Active Directory (Azure AD). -Generate a password for App10598168.To complete this task, sign in to the Azure portal.
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #120
Your company’s Azure subscription includes an Azure Log Analytics workspace.Your company has a hundred on-premises servers that run either Windows Server 2012 R2 or Windows Server 2016, and is linked to the Azure Log Analytics workspace. The Azure Log Analytics workspace is set up to gather performance counters associated with security from these linked servers.You have been tasked with configuring alerts according to the information gathered by the Azure Log Analytics workspace.You have to make sure that a
A. ou should make use of the Activity log signal type
B. ou should make use of the Application Log signal type
C. ou should make use of the Metric signal type
D. ou should make use of the Audit Log signal type
View answer
Correct Answer: C
Question #121
HOTSPOT (Drag and Drop is not supported)You have an Azure Container Registry named Registry1. You add role assignment for Registry1 as shown in the following table.Which users can upload images to Registry1 and download images from Registry1? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #122
DRAG DROP (Drag and Drop is not supported)You have an Azure subscription that contains an Azure web app named App1.You plan to configure a Conditional Access policy for App1. The solution must meet the following requirements:-Only allow access to App1 from Windows devices.-Only allow devices that are marked as compliant to access App1.Which Conditional Access policy settings should you configure? To answer, drag the appropriate settings to the correct requirements. Each setting may be used once, more than o
A. ee Explanation section for answer
View answer
Correct Answer: A
Question #123
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your Company’s Azure subscription includes a virtual network that has a single subnet configured.You have created a service endpoint for the subnet, which includes an Azure virtual machine that has Ubuntu Server 18.04 installed.You are preparing to deploy Docker containers to the virtual machine. You need to make sur
A. es
B. o
View answer
Correct Answer: B
Question #124
You have an Azure subscription that contains virtual machines. You enable just in time (JIT) VM access to all the virtual machines.You need to connect to a virtual machine by using Remote Desktop. What should you do first?
A. ee Explanation section for answer
View answer
Correct Answer: C
Question #125
You have been tasked with delegate administrative access to your company’s Azure key vault.You have to make sure that a specific user is able to add and delete certificates in the key vault. You also have to make sure that access is assigned based on the principle of least privilege.Which of the following options should you use to achieve your goal?
A. t is supported for basic tier VMs
B. t is supported for standard tier VMs
C. t is supported for VMs configured with software-based RAID systems
D. t is supported for VMs configured with Storage Spaces Direct (S2D)
View answer
Correct Answer: A
Question #126
You have a web app hosted on an on-premises server that is accessed by using a URL of https:// www.contoso.com.You plan to migrate the web app to Azure. You will continue to use https://www.contoso.com. You need to enable HTTPS for the Azure web app.What should you do first?
A. xport the public key from the on-premises server and save the key as a P7b file
B. xport the private key from the on-premises server and save the key as a PFX file that is encrypted by using TripleDES
C. xport the public key from the on-premises server and save the key as a CER file
D. xport the private key from the on-premises server and save the key as a PFX file that is encrypted by using AES256
View answer
Correct Answer: B
Question #127
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have an Azure Subscription named Sub1.You have an Azure Storage account name
A. rom Azure Directory (Azure AD) Privileged Identity Management (PIM), activate the Security administrator user role
B. rom Azure Active Directory (Azure AD) Privileged Identity Management (PIM), activate the Owner role for the virtual machine
C. rom the Azure portal, select the virtual machine, select Connect, and then select Request access
D. rom the Azure portal, select the virtual machine and add the Network Watcher Agent virtual machine extension
View answer
Correct Answer: B
Question #128
You plan to deploy Azure container instances.You have a containerized application that validates credit cards. The application is comprised of two containers: an application container and a validation container.The application container is monitored by the validation container. The validation container performs security checks by making requests to the application container andwaiting for responses after every transaction.You need to ensure that the application container and the validation container are sch
A. pplication security groups
B. etwork security groups (NSGs)
C. anagement groups
D. ontainer groups
View answer
Correct Answer: D
Question #129
Lab TaskTask 5A user named Debbie has the Azure app installed on her mobile device.You need to ensure that debbie@contoso.com is alerted when a resource lock is deleted.
A. ee the task answer with step by step below
.
View answer
Correct Answer: A
Question #130
HOTSPOT (Drag and Drop is not supported)You have an Azure subscription that contains the custom roles shown in the following table.In the Azure portal, you plan to create new custom roles by cloning existing roles. The new roles will be configured as shown in the following table.Which roles can you clone to create each new role? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
A. ee Explanation section for answer
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.