Topic 5: Mix Questions
You have an Azure Active Directory tenant named Contoso.com that includes following users:
You have two Azure virtual machines named VM1 and VM2 that run Windows Server. The virtual machines are in a subnet named Subnet1. Subnet1 is in a virtual network name VNet1. You need to prevent VM1 from accessing VM2 on port 3389. What should you do?
A.
Create a network security group (NSG) that has an outbound security rule to deny destination port 3389 and apply the NSG to the network interface of VM1.
B.
Create a network security group (NSG) that has an inbound security rule to deny source port 3389 and apply the NSG to Subnet1.
C.
Create a network security group (NSG) that has an outbound security rule to deny source port 3389 and apply the NSG to Subnet1.
D.
Configure Azure Bastion in VNet1.
Create a network security group (NSG) that has an outbound security rule to deny destination port 3389 and apply the NSG to the network interface of VM1.
You have an Azure virtual machine named VM1 that connects to a virtual network named VNet1. VM1 has the following configurations:
Subnet: 10.0.0.0/24
Availability set: AVSet
Network security group (NSG): None
Private IP address: 10.0.0.4 (dynamic)
Public IP address: 40.90.219.6 (dynamic)
You deploy a standard, Internet-facing load balancer named slb1.
You need to configure slb1 to allow connectivity to VM1.
Which changes should you apply to VM1 as you configure slb1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription named Subscription 1 and an on-premises deployment of Microsoft System Center Service Manager Subscription! contains a virtual machine named VM1.
You need to ensure that an alert is set in Service Manager when the amount of available memory on VM1 is below 10 percent. What should you do first?
A.
Create a notification
B.
Create an automation runbook.
C.
Deploy the IT Service Management Connector (ITSM).
D.
Deploy a function app
Deploy the IT Service Management Connector (ITSM).
Explanation: IT Service Management Connector (ITSMC) allows you to connect Azure to a supported IT Service Management (ITSM) product or service. Azure services like Azure Log Analytics and Azure Monitor provide tools to detect, analyze, and troubleshoot problems with your Azure and non-Azure resources. But the work items related to an issue typically reside in an ITSM product or service. ITSMC provides a bi-directional connection between Azure and ITSM tools to help you resolve issues faster. ITSMC supports connections with the following ITSM tools: ServiceNow, System Center Service Manager, Provance, Cherwell.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/itsmc-overview
You have an Azure Active Directory (Azure AD) tenant that contains three global administrators named Admin1, Admin2, and Admin3.
The tenant is associated to an Azure subscription. Access control for the subscription is configured as shown in the Access control exhibit. (Click the Exhibit tab.)
You manage two Azure subscriptions named Subscription 1 and Subscription2.
Subscription! has following virtual networks:
You have an Azure App Services web app named App1.
You plan to deploy App1 by using Web Deploy.
You need to ensure that the developers of App1 can use their Azure Active Directory (Azure AD) credentials to deploy content to App1. The solution must use the principle of least privilege.
What should you do?
A.
Configure app-level credentials for FTPS.
B.
Assign The Website Contributor role to the developers.
C.
Assign the Owner role to the developers.
D.
Configure user-level credentials for FTPS.
Assign The Website Contributor role to the developers.
Explanation:
"To secure app deployment from a local computer, Azure App Service supports two types of credentials for local Git deployment and FTP/S deployment. These credentials are not the same as your Azure subscription credentials." https://learn.microsoft.com/enus/azure/app-service/deploy-configure-credentials?tabs=cli
You have three Azure subscriptions named Sub1, Sub2, and Sub3 that are linked to an Azure AD tenant.
The tenant contains a user named User1, a security group named Group1, and a management group named MG1. User1 is a member of Group1.
Sub1 and Sub2 are members of MG1. Sub1 contains a resource group named RG1. RG1 contains five Azure functions.
You create the following role assignments for MG1:
• Group1: Reader
• User1: User Access Administrator
You assign User1 the Virtual Machine Contributor role for Sub1 and Sub2.
You assign User1 the Contributor role for RG1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the resources shown in the following table.
You need to configure a proximity placement group for VMSS1.
Which proximity placement groups should you use?
A.
Proximity2 only
B.
Proximity 1, Proximity2, and Proximity3
C.
Proximity 1 and Proximity3 only
D.
Proximity1 only
Proximity2 only
Explanation:
Placement Groups is a capability to achieve co-location of your Azure Infrastructure as a Service (IaaS) resources and low network latency among them, for improved application performance.
Azure proximity placement groups represent a new logical grouping capability for your Azure Virtual Machines, which in turn is used as a deployment constraint when selecting where to place your virtual machines. In fact, when you assign your virtual machines to a proximity placement group, the virtual machines are placed in the same data center, resulting in lower and deterministic latency for your applications. The VMSS should share the same region, even it should be the same zone as proximity groups are located in the same data center. Accordingly, it should be proximity 2 only.
Reference:
https://azure.microsoft.com/en-us/blog/introducing-proximity-placement-groups
You have an Azure subscription that contains a storage account named storage1.
You plan to use conditions when assigning role-based access control (RABC) roles to storage1
Which storage1 services support conditions when assigning roles?
A.
containers only
B.
file shares only
C.
tables only
D.
queues only
E.
containers and queues only
F.
files shares and tables only
containers only
Explanation:
"Currently, conditions can be added to built-in or custom role assignments that have blob storage or queue storage data actions. " https://learn.microsoft.com/en-us/azure/rolebased-access-control/conditions-overview#where-can-conditions-be-added
| Page 6 out of 32 Pages |
| Previous |
Copyright © - All Rights Reserved