Azure certification for beginners, Exams of Programming Paradigms

Azure certificate mainly for freshers, experienced, students

Typology: Exams

2019/2020

Uploaded on 12/24/2020

uma-pl
uma-pl 🇮🇳

5

(1)

1 document

1 / 20

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ActualPDF
http://www.actualpdf.com
Unlimited Lifetime Access to 5000+ Certification Actual Exams PDF
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14

Partial preview of the text

Download Azure certification for beginners and more Exams Programming Paradigms in PDF only on Docsity!

ActualPDF

http://www.actualpdf.com

Unlimited Lifetime Access to 5000+ Certification Actual Exams PDF

Exam : AZ-

Title : Microsoft Azure Security

Technologies

Vendor : Microsoft

Version : DEMO

IT Certification Guaranteed, The Easy Way!

1 Get Latest & Valid az-500 Exam's Question and Answers from Actualpdf.com. 1

https://docs.microsoft.com/en-us/azure/automation/automation-update- management?toc=%2Fazure%2Fautomati

NO.3 You need to deploy an Azure firewall to a virtual network named VNET3.

To complete this task, sign in to the Azure portal and modify the Azure resources. This task might take several minutes to complete. You can perform other tasks while the task completes.

Answer:

See the explanation below. Explanation To add an Azure firewall to a VNET, the VNET must first be configured with a subnet named AzureFirewallSubnet (if it doesn't already exist). Configure VNET3.

  • In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET3. Alternatively, browse to Virtual Networks in the left navigation pane.
  • In the Overview section, note the Location (region) and Resource Group of the virtual network. We'll need these when we add the firewall.
  • Click on Subnets.
  • Click on + Subnet to add a new subnet.
  • Enter AzureFirewallSubnet in the Name box. The subnet must be named AzureFirewallSubnet.
  • Enter an appropriate IP range for the subnet in the Address range box.
  • Click the OK button to create the subnet. Add the Azure Firewall.
  • In the settings of VNET3 click on Firewall.
  • Click the Click here to add a new firewall link.
  • The Resource group will default to the VNET3 resource group. Leave this default.
  • Enter a name for the firewall in the Name box.
  • In the Region box, select the same region as VNET3.
  • In the Public IP address box, select an available public IP address if one exists, or click Add new to add a new public IP address.
  • Click the Review + create button.
  • Review the settings and click the Create button to create the firewall. Reference: https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal

NO.4 You need to create a web app named Intranet11597200 and enable users to authenticate to

the web app by using Azure Active Directory (Azure AD). To complete this task, sign in to the Azure portal.

Answer:

See the explanation below.

  • In the Azure portal, type App services in the search box and select App services from the search results.
  • Click the Create app service button to create a new app service.
  • In the Resource Group section, click the Create new link to create a new resource group.
  • Give the resource group a name such as Intranet11597200RG and click OK.

IT Certification Guaranteed, The Easy Way!

3 Get Latest & Valid az-500 Exam's Question and Answers from Actualpdf.com. 3

  • In the Instance Details section, enter Intranet11597200 in the Name field.
  • In the Runtime stack field, select any runtime stack such as .NET Core 3.1.
  • Click the Review + create button.
  • Click the Create button to create the web app.
  • Click the Go to resource button to open the properties of the new web app.
  • In the Settings section, click on Authentication / Authorization.
  • Click the App Service Authentication slider to set it to On.
  • In the Action to take when request is not authentication box, select Log in with Azure Active Directory.
  • Click Save to save the changes.

NO.5 You need to ensure that the Azure AD application registration and consent configurations meet

the identity and access requirements. What should you use in the Azure portal? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation

IT Certification Guaranteed, The Easy Way!

4 Get Latest & Valid az-500 Exam's Question and Answers from Actualpdf.com. 4

Subnet1 and Subnet2 have a Microsoft.Storage service endpoint configured. You have an Azure Storage account named storageacc1 that is configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

IT Certification Guaranteed, The Easy Way!

6 Get Latest & Valid az-500 Exam's Question and Answers from Actualpdf.com. 6

Answer:

Explanation

Box 1: Yes The public IP of VM1 is allowed through the firewall. Box 2: No The allowed virtual network list is empty so VM2 cannot access storageacc1 directly. The public IP address of VM2 is not in the allowed IP list so VM2 cannot access storageacc1 over the Internet. Box 3: No The allowed virtual network list is empty so VM3 cannot access storageacc1 directly. VM3 does not have a public IP address so it cannot access storageacc1 over the Internet. Reference: https://docs.microsoft.com/en-gb/azure/storage/common/storage-network-security

NO.8 Your network contains an Active Directory forest named contoso.com. You have an Azure

Directory (Azure AD) tenant named contoso.com. You plan to configure synchronization by using the Express Settings installation option in Azure AD Connect. You need to identify which roles and groups are required to perform the planned configurations. The solution must use the principle of least privilege. Which two roles and groups should you identify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A. the Domain Admins group in Active Directory

IT Certification Guaranteed, The Easy Way!

7 Get Latest & Valid az-500 Exam's Question and Answers from Actualpdf.com. 7

Answer:

Explanation

NO.11 You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the

following table.

IT Certification Guaranteed, The Easy Way!

9 Get Latest & Valid az-500 Exam's Question and Answers from Actualpdf.com. 9

You create and enforce an Azure AD Identity Protection sign-in risk policy that has the following settings:

  • Assignments: Include Group1, exclude Group
  • Conditions: Sign-in risk level: Medium and above
  • Access Allow access, Require multi-factor authentication You need to identify what occurs when the users sign in to Azure AD. What should you identify for each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Answer:

Explanation

IT Certification Guaranteed, The Easy Way!

10 Get Latest & Valid az-500 Exam's Question and Answers from Actualpdf.com. 10

IT Certification Guaranteed, The Easy Way!

12 Get Latest & Valid az-500 Exam's Question and Answers from Actualpdf.com. 12

You need to prevent administrative users from accidentally deleting a virtual network named VNET1. The administrative users must be allowed to modify the settings of VNET1. To complete this task, sign in to the Azure portal.

Answer:

See the explanation below. Explanation Locking prevents other users in your organization from accidentally deleting or modifying critical resources, such as Azure subscription, resource group, or resource. Note: In Azure, the term resource refers to an entity managed by Azure. For example, virtual machines, virtual networks, and storage accounts are all referred to as Azure resources.

  1. In the Settings blade for virtual network VNET, select Locks.

IT Certification Guaranteed, The Easy Way!

13 Get Latest & Valid az-500 Exam's Question and Answers from Actualpdf.com. 13

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

NO.13 You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.

The User administrator role is assigned to a user named Admin1. An external partner has a Microsoft account that uses the [email protected] sign in. Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: "Unable to invite user [email protected] Generic authorization exception." You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant. What should you do?

A. From the Organizational relationships blade, add an identity provider.

B. From the Roles and administrators blade, assign the Security administrator role to Admin1.

C. From the Users blade, modify the External collaboration settings.

D. From the Custom domain names blade, add a custom domain.

Answer: C

Explanation You need to allow guest invitations in the External collaboration settings.

NO.14 You have an Azure subscription that contains an Azure key vault named Vault1.

In Vault1, you create a secret named Secret1. An application developer registers an application in Azure Active Directory (Azure AD). You need to ensure that the application can use Secret1. What should you do?

A. In Azure Key Vault, create an access policy.

B. In Azure AD, enable Azure AD Application Proxy.

C. In Azure AD, create a role.

D. In Azure Key Vault, create a key.

Answer: A

Explanation "You may need to configure the target resource to allow access from your application. For example, if you request a token to Key Vault, you need to make sure you have added an access policy that includes your application's identity. Otherwise, your calls to Key Vault will be rejected, even if they include the token" https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet

NO.15 You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container

Registry. You need to use automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry. What should you create?

A. an Azure Active Directory (Azure AD) group

B. a secret in Azure Key Vault

C. a role assignment

D. an Azure Active Directory (Azure AD) user

Answer: C

IT Certification Guaranteed, The Easy Way!

15 Get Latest & Valid az-500 Exam's Question and Answers from Actualpdf.com. 15

Explanation References: https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal

NO.16 You have an Azure Storage account named storage1 that has a container named container1.

You need to prevent the blobs in container1 from being modified. What should you do?

A. From container1, change the access level.

B. From storage1 , enable soft delete for blobs.

C. From container1 add an access policy.

D. From container1, modify the Access Control (1AM) settings.

Answer: C

Explanation References: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage?tabs=azure- portal

NO.17 Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: [email protected] Azure Password: Ag1Bh9!#Bd The following information is for technical support purposes only: Lab Instance: 10598168

IT Certification Guaranteed, The Easy Way!

16 Get Latest & Valid az-500 Exam's Question and Answers from Actualpdf.com. 16

You need to ensure that a user named user21059868 can manage the properties of the virtual machines in the RG1lod10598168 resource group. The solution must use the principle of least privilege. To complete this task, sign in to the Azure portal.

Answer:

See the explanation below. Explanation

  1. In Azure portal, locate and select the RG1lod10598168 resource group.
  2. Click Access control (IAM).
  3. Click the Role assignments tab to view all the role assignments at this scope.

IT Certification Guaranteed, The Easy Way!

18 Get Latest & Valid az-500 Exam's Question and Answers from Actualpdf.com. 18

  1. Click Add > Add role assignment to open the Add role assignment pane.
  2. In the Role drop-down list, select the role Virtual Machine Contributor.Virtual Machine Contributor lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.
  3. In the Select list, select user user
  4. Click Save to assign the role. Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine- contributor

NO.18 You have an Azure Active Directory (Azure AD) tenant named Contoso.com and an Azure

Service (AKS) cluster AKS1. You discover that AKS1 cannot be accessed by using accounts from Contoso.com You need to ensure AKS1 can be accessed by using accounts from Contoso.com The solution must minimize administrative effort. What should you do first?

A. From Azure recreate AKS1,

B. From Azure AD, configure the User settings

C. From AKS1, upgrade the version of Kubermetes.

D. From Azure AD, implement Azure AD Premium.

Answer: A

IT Certification Guaranteed, The Easy Way!

19 Get Latest & Valid az-500 Exam's Question and Answers from Actualpdf.com. 19