HOTSPOT
-
You have an Azure subscription that contains a resource group named RG1. RG1 contains a virtual machine named VM1 that uses Azure Active Directory (Azure AD) authentication.
You have two custom Azure roles named Role1 and Role2 that are scoped to RG1.
The permissions for Role1 are shown in the following JSON code.
The permissions for Role2 are shown in the following JSON code.
You assign the roles to the users shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
DRAG DROP
-
You have an Azure subscription that contains the resources shown in the following table.
You plan to perform the following actions:
• Deploy a new app named App1 that will require access to Vault1.
• Configure a shared identity for VM1 and VM2 to access st1.
You need to configure identities for each requirement. The solution must minimize administrative effort.
Which type of identity should you configure for each requirement? To answer, drag the appropriate identity types to the correct requirements. Each identity type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
You have an Azure AD tenant. The tenant contains users that are assigned Azure AD Premium P2 licenses.
You have a partner company that has a domain named fabrikam.com. The fabrikam.com domain contains a user named User1. User1 has an email address of [email protected]
You need to provide User1 with access to the resources in the tenant. The solution must meet the following requirements:
• User1 must be able to sign in by using the [email protected] credentials.
• You must be able to grant User1 access to the resources in the tenant.
• Administrative effort must be minimized.
What should you do?
Answer:
C
You have an Azure AD tenant that contains the identities shown in the following table.
You plan to implement Azure AD Identity Protection.
What is the maximum number of user risk policies you can configure?
Answer:
D
You have an Azure subscription that contains a resource group named RG1 and the identities shown in the following table.
You assign Group4 the Contributor role for RG1.
Which identities can you add to Group4 as members?
Answer:
B
HOTSPOT
-
You have an Azure subscription that contains a storage account named contoso2023.
You need to perform the following tasks:
• Verify that identity-based authentication over SMB is enabled.
• Only grant users access to contoso2023 in the year 2023.
Which two settings should you use? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
You have an Azure subscription that contains a user named User1 and an Azure Container Registry named ContReg1.
You enable content trust for ContReg1.
You need to ensure that User1 can create trusted images in ContReg1. The solution must use the principle of least privilege.
Which two roles should you assign to User1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer:
CD
Reference:
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-content-trust https://docs.microsoft.com/en-us/azure/container-registry/container-registry-roles
You have an Azure Container Registry named ContReg1 that contains a container image named image1.
You enable content trust for ContReg1.
After content trust is enabled, you push two images to ContReg1 as shown in the following table.
Which images are trusted images?
Answer:
B
Azure Container Registry implements Docker's content trust model, enabling pushing and pulling of signed images.
To push a trusted image tag to your container registry, enable content trust and push the image with docker push.
To work with trusted images, both image publishers and consumers need to enable content trust for their Docker clients. As a publisher, you can sign the images you push to a content trust-enabled registry.
Reference:
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-content-trust
SIMULATION -
You need to configure Azure to allow RDP connections from the Internet to a virtual machine named VM1. The solution must minimize the attack surface of VM1.
To complete this task, sign in to the Azure portal.
Answer:
See the explanation below.
To enable the RDP port in an NSG, follow these steps:
1. Sign in to the Azure portal.
2. In Virtual Machines, select VM1
3. In Settings, select Networking.
4. In Inbound port rules, check whether the port for RDP is set correctly. The following is an example of the configuration:
Priority: 300 -
Name: Port_3389 -
Port(Destination): 3389 -
Protocol: TCP -
Source: Any -
Destinations: Any -
Action: Allow -
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-nsg-problem
SIMULATION -
You need to add the network interface of a virtual machine named VM1 to an application security group named ASG1.
To complete this task, sign in to the Azure portal.
Answer:
See the explanation below.
1. In the Search resources, services, and docs box at the top of the portal, begin typing the name of a virtual machine, VM1 that has a network interface that you want to add to, or remove from, an application security group.
2. When the name of your VM appears in the search results, select it.
3. Under SETTINGS, select Networking. Select Configure the application security groups, select the application security groups that you want to add the network interface to, or unselect the application security groups that you want to remove the network interface from, and then select Save.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface