Microsoft AZ-500 Quiz 25 Topic 4 Questions 121-125

Question: 1

You have an Azure subscription that contains a user named Adminl1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer.

Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center.

You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1.

What should you do?

ACreate and configure an additional public IP address for VM 1.

BReplace the Basic Load Balancer with an Azure Standard Load Balancer.

CAssign an Azure Active Directory Premium Plan 1 license to Admin1.

DCreate and configure a network security group (NSG).

Show Answer

Question: 2

You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.

You need to ensure that User1 can create and manage administrative units. The solution must use the principle of least privilege.

Which role should you assign to User1?

APrivileged role administrator

BHelpdesk administrator

CGlobal administrator

DSecurity administrator

Show Answer

Question: 3

SIMULATION

You need to ensure that the events in the NetworkSecurityGroupRuleCounter log of the VNET01-Subnet0-NSG network security group (NSG) are stored in the logs11597200 Azure Storage account for 30 days.

AYou need to configure the diagnostic logging for the NetworkSecurityGroupRuleCounter log.
* In the Azure portal, type Network Security Groups in the search box, select Network Security Groups from the search results then select VNET01-Subnet0-NSG. Alternatively, browse to Network Security Groups in the left navigation pane.
* In the properties of the Network Security Group, click on Diagnostic Settings.
* Click on the Add diagnostic setting link.
* Provide a name in the Diagnostic settings name field. It doesn't matter what name you provide for the exam.
* In the Log section, select NetworkSecurityGroupRuleCounter.
* Click the Save button to save the changes.

BYou need to configure the diagnostic logging for the NetworkSecurityGroupRuleCounter log.
* In the Azure portal, type Network Security Groups in the search box, select Network Security Groups from the search results then select VNET01-Subnet0-NSG. Alternatively, browse to Network Security Groups in the left navigation pane.
* In the properties of the Network Security Group, click on Diagnostic Settings.
* Click on the Add diagnostic setting link.
* Provide a name in the Diagnostic settings name field. It doesn't matter what name you provide for the exam.
* In the Log section, select NetworkSecurityGroupRuleCounter.
* In the Destination details section, select Archive to a storage account.
* In the Storage account field, select the logs11597200 storage account.
* In the Retention (days) field, enter 30.
* Click the Save button to save the changes.

Show Answer

Question: 4

SIMULATION

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: User1-10598168@ExamUsers.com

Azure Password: Ag1Bh9!#Bd

The following information is for technical support purposes only:

Lab Instance: 10598168

q4_AZ-500

You need to ensure that only devices connected to a 131.107.0.0/16 subnet can access data in the rg1lod10598168 Azure Storage account.

To complete this task, sign in to the Azure portal.

AStep 1:
1. In Azure portal go to the storage account you want to secure. Here: rg1lod10598168
2. Click on the settings menu called Firewalls and virtual networks.
3. To deny access by default, choose to allow access from Selected networks. To allow traffic from all networks, choose to allow access from All networks.
4. Click Save to apply your changes.
Step 2:
1. Go to the storage account you want to secure. Here: rg1lod10598168
2. Click on the settings menu called Firewalls and virtual networks.
3. Check that you've selected to allow access from Selected networks.
4. To grant access to a virtual network with a new network rule, under Virtual networks, click Add existing virtual network, select Virtual networks and Subnets options. Enter the 131.107.0.0/16 subnet and then click Add.
Note: When network rules are configured, only applications requesting data over the specified set of networks can access a storage account. You can limit access to your storage account to requests originating from specified IP addresses, IP ranges or from a list of subnets in an Azure Virtual Network (VNet).

BStep 1:
1. In Azure portal go to the storage account you want to secure. Here: rg1lod10598188
2. Click on the settings menu called Firewalls and virtual networks.
3. To deny access by default, choose to allow access from Selected networks. To allow traffic from all networks, choose to allow access from All networks.
4. Click Save to apply your changes.
Step 2:
1. Go to the storage account you want to secure. Here: rg1lod10598188
2. Click on the settings menu called Firewalls and virtual networks.
3. Check that you've selected to allow access from Selected networks.
Note: When network rules are configured, only applications requesting data over the specified set of networks can access a storage account. You can limit access to your storage account to requests originating from specified IP addresses, IP ranges or from a list of subnets in an Azure Virtual Network (VNet).

Show Answer

Question: 5

SIMULATION

You need to create a web app named Intranet11597200 and enable users to authenticate to the web app by using Azure Active Directory (Azure AD).

To complete this task, sign in to the Azure portal.

AExplanation:
In the Azure portal, type App services in the search box and select App services from the search results.
Click the Create app service button to create a new app service.
In the Resource Group section, click the Create new link to create a new resource group.
Give the resource group a name such as Intranet11597200RG and click OK.
In the Instance Details section, enter Intranet11597200 in the Name field.
In the Runtime stack field, select any runtime stack such as .NET Core 3.1.
Click the Review + create button.
Click the Create button to create the web app.
Click the Go to resource button to open the properties of the new web app.
In the Settings section, click on Authentication / Authorization.
Click the App Service Authentication slider to set it to On.
In the Action to take when request is not authentication box, select Log in with Azure Active Directory.
Click Save to save the changes.

Show Answer

Microsoft AZ-500 Quiz:25 Topic:4 Questions:121-125