DRAG DROP
You have an Azure subscription that contains the virtual networks shown in the following table.
The Azure virtual machines on SpokeVNetSubnet0 can communicate with the computers on the on-premises network.
You plan to deploy an Azure firewall to HubVNet.
You create the following two routing tables:
1.
RT1: Includes a user-defined route that points to the private IP address of the Azure firewall as a next hop address
2.
RT2: Disables BGP route propagation and defines the private IP address of the Azure firewall as the default gateway
You need to ensure that traffic between SpokeVNetSubnet0 and the on-premises network flows through the Azure firewall.
To which subnet should you associate each route table? To answer, drag the appropriate subnets to the correct route tables. Each subnet may be used once, more than once, or not at all. You may need to drag the split bar between panes or
scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Which can each secret be used by an application? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
Azure AD Privileged Identity Management (PIM) is enabled for the tenant.
In PIM, the Password Administrator role has the following settings:
1.
Maximum activation duration (hours): 2
2.
Send email notifying admins of activation: Disable
3.
Require incident/request ticket number during activation: Disable
4.
Require Azure Multi-Factor Authentication for activation: Enable
5.
Require approval to activate this role: Enable
6.
Selected approver: Group1
You assign users the Password Administrator role as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
HOTSPOT
You have an Azure subscription named Sub1. Sub1 has an Azure Storage account named storage1 that contains the resources shown in the following table.
You generate a shared access signature (SAS) to connect to the blob service and the file service.
Which tool can you use to access the contents in Container1 and Share1 by using the SAS? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
HOTSPOT
You have an Azure subscription that is linked to an Azure AD tenant and contains the virtual machines shown in the following table.
The subnets of the virtual networks have the service endpoints shown in the following table.
You create the resources shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Hot Area:
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named User1.
You plan to publish several apps in the tenant.
You need to ensure that User1 can grant admin consent for the published apps.
Which two possible user roles can you assign to User1 to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Security administrator
B. Cloud application administrator
C. Application administrator
D. User administrator
E. Application developer
You have an Azure resource group that contains 100 virtual machines.
You have an initiative named Initiative1 that contains multiple policy definitions. Initiative1 is assigned to the resource group.
You need to identify which resources do NOT match the policy definitions.
What should you do?
A. From Azure Security Center, view the Regulatory compliance assessment.
B. From the Policy blade of the Azure Active Directory admin center, select Compliance.
C. From Azure Security Center, view the Secure Score.
D. From the Policy blade of the Azure Active Directory admin center, select Assignments.
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has Azure subscription linked to their Azure Active Directory (Azure AD) tenant.
As a Global administrator for the tenant, part of your responsibilities involves managing Azure Security Center settings.
You are currently preparing to create a custom sensitivity label.
Solution: You start by creating a custom sensitive information type.
Does the solution meet the goal?
A. Yes
B. No
You have been tasked with altering a current security playbook via Azure Security Center.
You want make sure that the playbook sends email messages to a distribution group, instead of a user.
Which of the following options should you use to achieve your goal?
A. Azure Blueprints
B. Activity Log
C. Azure Log Analytics
D. Azure Logic Apps Designer
You have an Azure AD tenant that contains a user named User1.
You purchase an app named App1.
User1 needs to publish App1 by using Azure AD Application Proxy.
Which role should you assign to User1?
A. Cloud application administrator
B. Application administrator
C. Hybrid identity administrator
D. Cloud App Security Administrator