Microsoft AZ-500 Quiz 25 Topic 4 Questions 121-125

Question: 1

You have an Azure subscription that contains a user named Adminl1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer.

Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center.

You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1.

What should you do?

ACreate and configure an additional public IP address for VM 1.

BReplace the Basic Load Balancer with an Azure Standard Load Balancer.

CAssign an Azure Active Directory Premium Plan 1 license to Admin1.

DCreate and configure a network security group (NSG).

Show Answer

Question: 2

You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.

You need to ensure that User1 can create and manage administrative units. The solution must use the principle of least privilege.

Which role should you assign to User1?

APrivileged role administrator

BHelpdesk administrator

CGlobal administrator

DSecurity administrator

Show Answer

Question: 3

SIMULATION

You need to ensure that the events in the NetworkSecurityGroupRuleCounter log of the VNET01-Subnet0-NSG network security group (NSG) are stored in the logs11597200 Azure Storage account for 30 days.

To complete this task, sign in to the Azure portal.

AExplanation:
You need to configure the diagnostic logging for the NetworkSecurityGroupRuleCounter log.
In the Azure portal, type Network Security Groups in the search box, select Network Security Groups from the search results then select VNET01-Subnet0-NSG. Alternatively, browse to Network Security Groups in the left navigation pane.
In the properties of the Network Security Group, click on Diagnostic Settings.
Click on the Add diagnostic setting link.
Provide a name in the Diagnostic settings name field. It doesn't matter what name you provide for the exam.
In the Log section, select NetworkSecurityGroupRuleCounter.
In the Destination details section, select Archive to a storage account.
In the Storage account field, select the logs11597200 storage account.
In the Retention (days) field, enter 30.
Click the Save button to save the changes.

Show Answer

Question: 4

SIMULATION

Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.

q4_AZ-500

When you are finished performing all the tasks, click the 'Next' button.

Note that you cannot return to the lab once you click the 'Next' button. Scoring occur in the background while you complete the rest of the exam.

Overview

The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

To start the lab

You may start the lab by clicking the Next button.

You need to deploy an Azure virtual machine named VM1004a based on an Ubuntu Server image, and then to configure VM1004a to meet the following requirements:

- The virtual machines must contain data disks that can store at least 15 TB of data

- The data disk must be able to provide at least 2,000 IOPS

- Storage costs must be minimized

What should you do from the Azure portal?

AStep 1: Open the Azure portal.
Step 2: On the left menu, select All resources. You can sort the resources by Type to easily find your images.
Step 3: Select the image you want to use from the list. The image Overview page opens.
Step 4: Select Create VM from the menu.
Step 5: Enter the virtual machine information. Select VM1006a as the name for the first Virtual machine.The user name and password entered here will be used to log in to the virtual machine. When complete, select OK. You can create the new VM in an existing resource group, or choose Create new to create a new resource group to store the VM.
Step 6: Select a size for the VM. To see more sizes, select View all or change the Supported disk type filter.To support 16 TB of data you would need a Premium disk.
Step 7: Under Settings, make changes as necessary and select OK.
Step 8: On the summary page, you should see your image name listed as a Private image. Select Ok to start the virtual machine deployment.

BStep 1: Open the Azure portal.
Step 2: On the left menu, select All resources. You can sort the resources by Type to easily find your images.
Step 3: Select the image you want to use from the list. The image Overview page opens.
Step 4: Select Create VM from the menu.
Step 5: Enter the virtual machine information. Select VM1004a as the name for the first Virtual machine.The user name and password entered here will be used to log in to the virtual machine. When complete, select OK. You can create the new VM in an existing resource group, or choose Create new to create a new resource group to store the VM.
Step 6: Select a size for the VM. To see more sizes, select View all or change the Supported disk type filter.To support 15 TB of data you would need a Premium disk.
Step 7: Under Settings, make changes as necessary and select OK.
Step 8: On the summary page, you should see your image name listed as a Private image. Select Ok to start the virtual machine deployment.

Show Answer

Question: 5

A user named Debbie has the Azure app installed on her mobile device.

You need to ensure that debbie@contoso.com is alerted when a resource lock is deleted.

To complete this task, sign in to the Azure portal.

AExplanation:
You need to configure an alert rule in Azure Monitor.
Type Monitor into the search box and select Monitor from the search results.
Click on Alerts.
Click on +New Alert Rule.
In the Scope section, click on the Select resource link.
In the Filter by resource type box, type locks and select Management locks (locks) from the filtered results.
Select the subscription then click the Done button.
In the Condition section, click on the Select condition link.
Select the Delete management locks condition the click the Done button.
In the Action group section, click on the Select action group link.
Click the Create action group button to create a new action group.
Give the group a name such as Debbie Mobile App (it doesn't matter what name you enter for the exam) then click the Next: Notifications > button.
In the Notification type box, select the Email/SMS message/Push/Voice option.
In the Email/SMS message/Push/Voice window, tick the Azure app Push Notifications checkbox and enter debbie@contoso.com in the Azure account email field.
Click the OK button to close the window.
Enter a name such as Debbie Mobile App in the notification name box.
Click the Review & Create button then click the Create button to create the action group.
Back in the Create alert rule window, in the Alert rule details section, enter a name such as Management lock deletion in the Alert rule name field.
Click the Create alert rule button to create the alert rule.

Show Answer

Microsoft AZ-500 Quiz:25 Topic:4 Questions:121-125