Microsoft AZ-500 Quiz 25 Topic 4 Questions 121-125

Question: 1

You have an Azure subscription that contains a user named Adminl1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer.

Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center.

You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1.

What should you do?

ACreate and configure an additional public IP address for VM 1.

BReplace the Basic Load Balancer with an Azure Standard Load Balancer.

CAssign an Azure Active Directory Premium Plan 1 license to Admin1.

DCreate and configure a network security group (NSG).

Show Answer

Question: 2

You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.

You need to ensure that User1 can create and manage administrative units. The solution must use the principle of least privilege.

Which role should you assign to User1?

APrivileged role administrator

BHelpdesk administrator

CGlobal administrator

DSecurity administrator

Show Answer

Question: 3

You need to ensure that a user named user2-12345678 can manage the properties of the virtual machines in the RG1lod12345678 resource group. The solution must use the principle of least privilege.

To complete this task, sign in to the Azure portal.

AExplanation:
Sign in to the Azure portal.
Browse to Resource Groups.
Select the RG1lod12345678 resource group.
Select Access control (IAM).
Select Add > role assignment.
Select Virtual Machine Contributor (you can filter the list of available roles by typing 'virtual' in the search box) then click Next.
Select the +Select members option and select user2-12345678 then click the Select button.
Click the Review + assign button twice.

Show Answer

Question: 4

You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.

You need to ensure that User1 can create and manage administrative units. The solution must use the principle of least privilege.

Which role should you assign to User1?

APrivileged role administrator

BHelpdesk administrator

CGlobal administrator

DSecurity administrator

Show Answer

Question: 5

You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.

To complete this task, sign in to the Azure portal.

AExplanation:
You need to configure the Network Security Group that is associated with subnet0.
In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET1. Alternatively, browse to Virtual Networks in the left navigation pane.
In the properties of VNET1, click on Subnets. This will display the subnets in VNET1 and the Network Security Group associated to each subnet. Note the name of the Network Security Group associated to Subnet0.
Type Network Security Groups into the search box and select the Network Security Group associated with Subnet0.
In the properties of the Network Security Group, click on Inbound Security Rules.
Click the Add button to add a new rule.
In the Source field, select Service Tag.
In the Source Service Tag field, select Internet.
Leave the Source port ranges and Destination field as the default values (* and All).
In the Destination port ranges field, enter 7777.
Change the Protocol to TCP.
Leave the Action option as Allow.
Change the Priority to 100.
Change the Name from the default Port_8080 to something more descriptive such as Allow_TCP_7777_from_Internet. The name cannot contain spaces.
Click the Add button to save the new rule.

Show Answer

Microsoft AZ-500 Quiz:25 Topic:4 Questions:121-125