Microsoft AZ-500 Quiz 25 Topic 4 Questions 121-125

Question: 1

You have an Azure subscription that contains a user named Adminl1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer.

Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center.

You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1.

What should you do?

ACreate and configure an additional public IP address for VM 1.

BReplace the Basic Load Balancer with an Azure Standard Load Balancer.

CAssign an Azure Active Directory Premium Plan 1 license to Admin1.

DCreate and configure a network security group (NSG).

Show Answer

Question: 2

You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.

You need to ensure that User1 can create and manage administrative units. The solution must use the principle of least privilege.

Which role should you assign to User1?

APrivileged role administrator

BHelpdesk administrator

CGlobal administrator

DSecurity administrator

Show Answer

Question: 3

You have an Azure subscription named Sub1 that contains an Azure Log Analytics workspace named LAW1.

You have 100 on-premises servers that run Windows Server 2012 R2 and Windows Server 2016. The servers connect to LAW1. LAW1 is configured to collect security-related performance counters from the connected servers.

You need to configure alerts based on the data collected by LAW1. The solution must meet the following

requirements:

* Alert rules must support dimensions.

* The time it takes to generate an alert must be minimized.

* Alert notifications must be generated only once when the alert is generated and once when the alert is

* resolved.

Which signal type should you use when you create the alert rules?A. Log

BLog (Saved Query)

CMetric

DActivity Log

Show Answer

Question: 4

SINGLE CHOICES

You have an azure active Directory (Azure AD) tenant that contains the resources shown in the following table.

q4_AZ-500

User2 is the owner of Group2.

AThe user and group settings for App1 are configured as shown in the following exhibit.

Show Answer

Question: 5

SINGLE CHOICES

You plan to use Azure Disk Encryption for several virtual machine disks.

You need to ensure that Azure Disk Encryption can retrieve secrets from the KeyVault11641655 Azure key vault.

To complete this task, sign in to the Azure portal and modify the Azure resources.

A1. In the Azure portal, type Key Vaults in the search box, select Key Vaults from the search results then select KeyVault11641655. Alternatively, browse to Key Vaults in the left navigation pane.
2. In the Key Vault properties, scroll down to the Settings section and select Access Policies.
3. Select the Azure Disk Encryption for volume encryption

4. Click Save to save the changes.

Show Answer

Microsoft AZ-500 Quiz:25 Topic:4 Questions:121-125