You have an Azure subscription that contains a storage account named storage1 and two web apps named app1 and app2.
Both apps will write data to storage1.
You need to ensure that each app can read only the data that it has written.
What should you do?
Answer:
C
A user-assigned identity is a standalone Azure resource that can be assigned to your app. An app can have multiple user-assigned identities.
Incorrect:
Not A: A system-assigned identity is tied to your application and is deleted if your app is deleted. An app can only have one system-assigned identity.
Reference:
https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity
You have an Azure subscription that contains an Azure Files share named share1 and a user named User1. Identity-based authentication is configured for share1.
User1 attempts to access share1 from a Windows 10 device by using SMB.
Which type of token will Azure Files use to authorize the request?
Answer:
D
Azure Filesג€‰supports identity-based authentication over Server Message Block (SMB) throughג€‰two types of Domain Services: on-premises Active Directory Domain
Services (AD DS) and Azure Active Directory Domain Services (Azure AD DS).
Supported scenarios and restrictions include:
Supports Kerberos authentication with AD with AES 256 encryption (recommended) and RC4-HMAC.
Note: Kerberos is an authentication protocol that is used to verify the identity of a user or host.
Reference:
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-enable
DRAG DROP
-
You have an Azure subscription.
You plan to create two custom roles named Role1 and Role2.
The custom roles will be used to perform the following tasks:
• Members of Role1 will manage application security groups.
• Members of Role2 will manage Azure Bastion.
You need to add permissions to the custom roles.
Which resource provider should you use for each role? To answer, drag the appropriate resource providers to the correct roles. Each resource provider may be used, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
You have an Azure subscription linked to an Azure Active Directory Premium Plan 1 tenant.
You plan to implement Azure Active Directory (Azure AD) Identity Protection.
You need to ensure that you can configure a user risk policy and a sign-in risk policy.
What should you do first?
Answer:
A
HOTSPOT
-
You have an Azure subscription that contains the resources shown in the following table.
You perform the following tasks:
• Create a managed identity named Managed1.
• Create a Microsoft 365 group named Group1.
• Register an enterprise application named App1.
• Enable a system-assigned managed identity for VM1.
You need to identify which service principals were created and which identities can be assigned the Reader role for RG1.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
HOTSPOT
-
You have an Azure Active directory tenant that syncs with an Active Directory Domain Services (AD DS) domain.
You plan to create an Azure file share that will contain folders and files.
Which identity store can you use to assign permissions to the Azure file share and folders within the share? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
You have an Azure subscription.
You plan to deploy a new Conditional Access policy named CAPolicy1.
You need to use the What if tool to evaluate how CAPolicy1 wall affect users. The solution must minimize the impact of CAPolicy1 on the users.
To what should you set the Enable policy setting for CAPolicy1?
Answer:
C
You have an Azure Active Directory (Azure AD) tenant that contains 500 users and an administrative unit named AU1.
From the Azure Active Directory admin center, you plan to add the users to AU1 by using Bulk add members.
You need to create and upload a file for the bulk add.
What should you include in the file?
Answer:
C
HOTSPOT
-
You have the role assignments shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
You have an Azure subscription that contains a user named User1.
You need to ensure that User1 can create managed identities. The solution must use the principle of least privilege.
What should you do?
Answer:
C
