HOTSPOT

Which virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Lösung einblenden Lösung ausblenden

Richtige Antwort:

Explanation:

Box 1: VNET4 and VNET1 only

RG1 has only Delete lock, while there are no locks on RG4.

RG2 and RG3 both have Read-only locks.

Box 2: VNET4 only

There are no locks on RG4, while the other resource groups have either Delete or Read-only locks.

Note: As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.

• CanNotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.

• ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.

Scenario:

User2 is a Security administrator.

Sub1 contains six resource groups named RG1, RG2, RG3, RG4, RG5, and RG6.

User2 creates the virtual networks shown in the following table.

Sub1 contains the locks shown in the following table.

Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

You have Azure Resource Manager templates that you use to deploy Azure virtual machines.

You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.

What should you use?

Lösung einblenden Lösung ausblenden

You have an Azure subscription.

You plan to deploy a new Conditional Access policy named CAPolicy1.

You need to use the What If tool to evaluate how CAPolicy1 will affect uter1. The solution must minimize the impact of CAPolicy1 on the users.

To what should you set the Enable policy setting for CAPolicy1?

Lösung einblenden Lösung ausblenden

HOTSPOT

You have an Azure subscription that contains a blob container named cont1.

Cont1 has the access policies shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

Lösung einblenden Lösung ausblenden

Richtige Antwort:

HOTSPOT

You have an Azure subscription named Sub1 that contains the resource groups shown in the following table.

You create the Azure Policy definition shown in the following exhibit.

You assign the policy to Sub1.

You plan to create the resources shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Lösung einblenden Lösung ausblenden

Richtige Antwort:

HOTSPOT

You have an Azure subscription named Sub1 that contains the resource groups shown in the following table.

You create the Azure Policy definition shown in the following exhibit.

You assign the policy to Sub1.

You plan to create the resources shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Lösung einblenden Lösung ausblenden

Richtige Antwort:

From Azure Security Center, you enable Azure Container Registry vulnerability scanning of the images in Registry1.

You perform the following actions:

– Push a Windows image named Image1 to Registry1.

– Push a Linux image named Image2 to Registry1.

– Push a Windows image named Image3 to Registry1.

– Modify Image1 and push the new image as Image4 to Registry1.

– Modify Image2 and push the new image as Image5 to Registry1.

Which two images will be scanned for vulnerabilities? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Lösung einblenden Lösung ausblenden

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.

You use several policy definitions to manage the security of the subscriptions.

You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create a policy definition and assignments that are scoped to resource groups.

Does this meet the goal?

Lösung einblenden Lösung ausblenden

You have an Azure subscription that contains an Azure web app named 1 and a virtual machine named VM1. VM1 runs Microsoft SQL Server and is connected to a virtual network named VNet1. App1, VM1, and Vent are in the US Central Azure region.

You need to ensure that App1 can connect to VM1. The solution must minimize costs.

Lösung einblenden Lösung ausblenden

You have an Azure subscription that contains the resources shown in the following table.

You need to configure storage1 to regenerate keys automatically every 90 days.

Which cmdlet should you run?

Lösung einblenden Lösung ausblenden