Microsoft AZ-500 Quiz 14 Topic 10 Questions 66-70

Question: 1

SIMULATION

You need to ensure that the events in the NetworkSecurityGroupRuleCounter log of the VNET01-Subnet0-NSG network security group (NSG) are stored in the logs11597200 Azure Storage account for 30 days.

To complete this task, sign in to the Azure portal.

AExplanation:
You need to configure the diagnostic logging for the NetworkSecurityGroupRuleCounter log.
In the Azure portal, type Network Security Groups in the search box, select Network Security Groups from the search results then select VNET01-Subnet0-NSG. Alternatively, browse to Network Security Groups in the left navigation pane.
In the properties of the Network Security Group, click on Diagnostic Settings.
Click on the Add diagnostic setting link.
Provide a name in the Diagnostic settings name field. It doesn't matter what name you provide for the exam.
In the Log section, select NetworkSecurityGroupRuleCounter.
In the Destination details section, select Archive to a storage account.
In the Storage account field, select the logs11597200 storage account.
In the Retention (days) field, enter 30.
Click the Save button to save the changes.

Show Answer

Question: 2

SIMULATION

A user named Debbie has the Azure app installed on her mobile device.

You need to ensure that debbie@contoso.com is alerted when a resource lock is deleted.

To complete this task, sign in to the Azure portal.

AExplanation:
You need to configure an alert rule in Azure Monitor.
Type Monitor into the search box and select Monitor from the search results.
Click on Alerts.
Click on +New Alert Rule.
In the Scope section, click on the Select resource link.
In the Filter by resource type box, type locks and select Management locks (locks) from the filtered results.
Select the subscription then click the Done button.
In the Condition section, click on the Select condition link.
Select the Delete management locks condition the click the Done button.
In the Action group section, click on the Select action group link.
Click the Create action group button to create a new action group.
Give the group a name such as Debbie Mobile App (it doesn't matter what name you enter for the exam) then click the Next: Notifications > button.
In the Notification type box, select the Email/SMS message/Push/Voice option.
In the Email/SMS message/Push/Voice window, tick the Azure app Push Notifications checkbox and enter debbie@contoso.com in the Azure account email field.
Click the OK button to close the window.
Enter a name such as Debbie Mobile App in the notification name box.
Click the Review & Create button then click the Create button to create the action group.
Back in the Create alert rule window, in the Alert rule details section, enter a name such as Management lock deletion in the Alert rule name field.
Click the Create alert rule button to create the alert rule.

Show Answer

Question: 3

SIMULATION

You need to configure a weekly backup of an Azure SQL database named Homepage. The backup must be retained for eight weeks.

To complete this task, sign in to the Azure portal.

AExplanation:
You need to configure the backup policy for the Azure SQL database.
In the Azure portal, type Azure SQL Database in the search box, select Azure SQL Database from the search results then select Homepage. Alternatively, browse to Azure SQL Database in the left navigation pane.
Select the server hosting the Homepage database and click on Manage backups.
Click on Configure policies.
Ensure that the Weekly Backups option is ticked.
Configure the How long would you like weekly backups to be retained option to 8 weeks.
Click Apply to save the changes.

Show Answer

Question: 4

SIMULATION

You need to ensure that when administrators deploy resources by using an Azure Resource Manager template, the deployment can access secrets in an Azure key vault named KV11597200.

To complete this task, sign in to the Azure portal.

AExplanation:
You need to configure an option in the Advanced Access Policy of the key vault.
In the Azure portal, type Azure Key Vault in the search box, select Azure Key Vault from the search results then select the key vault named KV11597200. Alternatively, browse to Azure Key Vault in the left navigation pane.
In the properties of the key vault, click on Advanced Access Policies.
Tick the checkbox labelled Enable access to Azure Resource Manager for template deployment.
Click Save to save the changes.

Show Answer

Question: 5

SIMULATION

You need to ensure that connections through an Azure Application Gateway named Homepage-AGW are inspected for malicious requests.

To complete this task, sign in to the Azure portal.

You do not need to wait for the task to complete.

AExplanation:
You need to enable the Web Application Firewall on the Application Gateway.
In the Azure portal, type Application gateways in the search box, select Application gateways from the search results then select the gateway named Homepage-AGW. Alternatively, browse to Application Gateways in the left navigation pane.
In the properties of the application gateway, click on Web application firewall.
For the Tier setting, select WAF V2.
In the Firewall status section, click the slider to switch to Enabled.
In the Firewall mode section, click the slider to switch to Prevention.
Click Save to save the changes.

Show Answer

Microsoft AZ-500 Quiz:14 Topic:10 Questions:66-70