DRAG DROP
You have an Azure subscription that contains a Microsoft SQL server named Server1 and an Azure key vault named vault1. Server1 hosts a database named DB1. Vault1 contains an encryption key named key1.
You need to ensure that you can enable Transparent Data Encryption (TDE) on DB1 by using key1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
From Azure AD Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as shown in the following exhibit.
From PIM, you assign the Security Administrator role to the following groups:
1.
Group1: Active assignment type, permanently assigned
2.
Group2: Eligible assignment type, permanently eligible
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
Contoso.com contains a group naming policy. The policy has a custom blocked word list rule that includes the word Contoso.
Which users can create a group named Contoso Sales in contoso.com? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
HOTSPOT
Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure Active Directory (Azure AD).
The Azure AD tenant contains the users shown in the following table.
You configure the Authentication methods – Password Protection settings for adatum.com as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
HOTSPOT
Your company has an Azure subscription named Subscription1. Subscription1 is associated with the Azure Active Directory tenant that includes the users shown in the following table.
The company is sold to a new owner.
The company needs to transfer ownership of Subscription1.
Which user can transfer the ownership and which tool should the user use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
HOTSPOT
You have an Azure subscription that contains the following Azure firewall:
Name: Fw1
Azure region: UK West
Private IP address: 10.1.3.4
Public IP address: 23.236.62.147
The subscription contains the virtual networks shown in the following table.
The subscription contains the subnets shown in the following table.
The subscription contains the routes shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Hot Area:
SIMULATION
You need to prevent HTTP connections to the rg1lod10598168n1 Azure Storage account.
To complete this task, sign in to the Azure portal.
A. See the explanation below.
SIMULATION
You need to configure network connectivity between a virtual network named VNET1 and a virtual network named VNET2. The solution must ensure that virtual machines connected to VNET1 can communicate with virtual machines connected to VNET2.
To complete this task, sign in to the Azure portal and modify the Azure resources.
A. See the explanation below.
You have an Azure subscription named Sub1 that contains the Azure key vaults shown in the following table:
In Sub1, you create a virtual machine that has the following configurations:
1.
Name: VM1
2.
Size: DS2v2
3.
Resource group: RG1
4.
Region: West Europe
5.
Operating system: Windows Server 2016
You plan to enable Azure Disk Encryption on VM1.
In which key vaults can you store the encryption key for VM1?
A. Vault1 or Vault3 only
B. Vault1, Vault2, Vault3, or Vault4
C. Vault1 only
D. Vault1 or Vault2 only
You have an Azure subscription that contains the resources shown in the following table.
You plan to enable Azure Defender for the subscription. Which resources can be protected by using Azure Defender?
A. VM1, VNET1, storage1, and Vault1
B. VM1, VNET1, and storage1 only
C. VM1, storage1, and Vault1 only
D. VM1 and VNET1 only
E. VM1 and storage1 only
You need to consider the underlined segment to establish whether it is accurate.
You have configured an Azure Kubernetes Service (AKS) cluster in your testing environment. You are currently preparing to deploy the cluster to the production environment.
After disabling HTTP application routing, you want to replace it with an application routing solution that allows for reverse proxy and TLS termination for AKS services via a solitary IP address.
You must create an AKS Ingress controller.
Select “No adjustment required” if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.
A. No adjustment required.
B. a network security group
C. an application security group
D. an Azure Basic Load Balancer
You have been tasked with creating an Azure key vault using PowerShell. You have been informed that objects deleted from the key vault must be kept for a set period of 90 days. Which two of the following parameters must be used in conjunction to meet the requirement? (Choose two.)
A. EnabledForDeployment
B. EnablePurgeProtection
C. EnabledForTemplateDeployment
D. EnableSoftDelete
You are troubleshooting a security issue for an Azure Storage account.
You enable Azure Storage Analytics logs and archive it to a storage account.
What should you use to retrieve the diagnostics logs?
A. Azure Monitor
B. SQL query editor in Azure
C. File Explorer in Windows
D. Azure Storage Explorer
You have an Azure subscription that contains an Azure key vault.
You need to configure the maximum number of days for which new keys are valid. The solution must minimize administrative effort.
What should you use?
A. Azure Purview
B. Key Vault properties
C. Azure Blueprints
D. Azure Policy
You have an Azure subscription that uses Microsoft Defender for Cloud.
You need to use Defender for Cloud to review regulatory compliance with the Azure CIS 1.4,0 standard. The solution must minimize administrative effort.
What should you do first?
A. Assign an Azure policy.
B. Manually add the Azure CIS 1.4.0 standard.
C. Disable one of the Out of the box standards.
D. Add a custom initiative.