Microsoft AZ-500 Quiz 25 Topic 4 Questions 121-125

Question: 1

You have an Azure subscription that contains a user named Adminl1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer.

Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center.

You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1.

What should you do?

ACreate and configure an additional public IP address for VM 1.

BReplace the Basic Load Balancer with an Azure Standard Load Balancer.

CAssign an Azure Active Directory Premium Plan 1 license to Admin1.

DCreate and configure a network security group (NSG).

Show Answer

Question: 2

You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.

You need to ensure that User1 can create and manage administrative units. The solution must use the principle of least privilege.

Which role should you assign to User1?

APrivileged role administrator

BHelpdesk administrator

CGlobal administrator

DSecurity administrator

Show Answer

Question: 3

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: User1-10598168@ExamUsers.com

Azure Password: Ag1Bh9!#Bd

The following information is for technical support purposes only:

Lab Instance: 10598168

q3_AZ-500

You need to ensure that only devices connected to a 131.107.0.0/16 subnet can access data in the rg1lod10598168 Azure Storage account.

To complete this task, sign in to the Azure portal.

AExplanation:
Step 1:
1. In Azure portal go to the storage account you want to secure. Here: rg1lod10598168
2. Click on the settings menu called Firewalls and virtual networks.
3. To deny access by default, choose to allow access from Selected networks. To allow traffic from all networks, choose to allow access from All networks.
4. Click Save to apply your changes.
Step 2:
1. Go to the storage account you want to secure. Here: rg1lod10598168
2. Click on the settings menu called Firewalls and virtual networks.
3. Check that you've selected to allow access from Selected networks.
4. To grant access to a virtual network with a new network rule, under Virtual networks, click Add existing virtual network, select Virtual networks and Subnets options. Enter the 131.107.0.0/16 subnet and then click Add.
Note: When network rules are configured, only applications requesting data over the specified set of networks can access a storage account. You can limit access to your storage account to requests originating from specified IP addresses, IP ranges or from a list of subnets in an Azure Virtual Network (VNet).

Show Answer

Question: 4

You need to enable Advanced Data Security for the SQLdb1 Azure SQL database. The solution must ensure that Azure Advanced Threat Protection (ATP) alerts are sent to User1@contoso.com.

To complete this task, sign in to the Azure portal and modify the Azure resources.

AExplanation:
In the Azure portal, type SQL in the search box, select SQL databases from the search results then select SQLdb1. Alternatively, browse to SQL databases in the left navigation pane.
In the properties of SQLdb1, scroll down to the Security section and select Advanced data security.
Click on the Settings icon.
Tick the Enable Advanced Data Security at the database level checkbox.
Click Yes at the confirmation prompt.
In the Storage account select a storage account if one isn't selected by default.
Under Advanced Threat Protection Settings, enter User1@contoso.com in the Send alerts to box.
Click the Save button to save the changes.

Show Answer

Question: 5

You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.

To complete this task, sign in to the Azure portal.

AExplanation:
You need to configure the Network Security Group that is associated with subnet0.
In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET1. Alternatively, browse to Virtual Networks in the left navigation pane.
In the properties of VNET1, click on Subnets. This will display the subnets in VNET1 and the Network Security Group associated to each subnet. Note the name of the Network Security Group associated to Subnet0.
Type Network Security Groups into the search box and select the Network Security Group associated with Subnet0.
In the properties of the Network Security Group, click on Inbound Security Rules.
Click the Add button to add a new rule.
In the Source field, select Service Tag.
In the Source Service Tag field, select Internet.
Leave the Source port ranges and Destination field as the default values (* and All).
In the Destination port ranges field, enter 7777.
Change the Protocol to TCP.
Leave the Action option as Allow.
Change the Priority to 100.
Change the Name from the default Port_8080 to something more descriptive such as Allow_TCP_7777_from_Internet. The name cannot contain spaces.
Click the Add button to save the new rule.

Show Answer

Microsoft AZ-500 Quiz:25 Topic:4 Questions:121-125