Microsoft AZ-500 Quiz 25 Topic 4 Questions 121-125

Question: 1

You have an Azure subscription that contains a user named Adminl1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer.

Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center.

You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1.

What should you do?

ACreate and configure an additional public IP address for VM 1.

BReplace the Basic Load Balancer with an Azure Standard Load Balancer.

CAssign an Azure Active Directory Premium Plan 1 license to Admin1.

DCreate and configure a network security group (NSG).

Show Answer

Question: 2

You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.

You need to ensure that User1 can create and manage administrative units. The solution must use the principle of least privilege.

Which role should you assign to User1?

APrivileged role administrator

BHelpdesk administrator

CGlobal administrator

DSecurity administrator

Show Answer

Question: 3

You need to deploy an Azure firewall to a virtual network named VNET3.

To complete this task, sign in to the Azure portal and modify the Azure resources.

This task might take several minutes to complete. You can perform other tasks while the task completes.

AExplanation:
To add an Azure firewall to a VNET, the VNET must first be configured with a subnet named AzureFirewallSubnet (if it doesn't already exist).
Configure VNET3.
In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET3. Alternatively, browse to Virtual Networks in the left navigation pane.
In the Overview section, note the Location (region) and Resource Group of the virtual network. We'll need these when we add the firewall.
Click on Subnets.
Click on + Subnet to add a new subnet.
Enter AzureFirewallSubnet in the Name box. The subnet must be named AzureFirewallSubnet.
Enter an appropriate IP range for the subnet in the Address range box.
Click the OK button to create the subnet.
Add the Azure Firewall.
In the settings of VNET3 click on Firewall.
Click the Click here to add a new firewall link.
The Resource group will default to the VNET3 resource group. Leave this default.
Enter a name for the firewall in the Name box.
In the Region box, select the same region as VNET3.
In the Public IP address box, select an available public IP address if one exists, or click Add new to add a new public IP address.
Click the Review + create button.
Review the settings and click the Create button to create the firewall.

Show Answer

Question: 4

You need to create a web app named Intranet11597200 and enable users to authenticate to the web app by using Azure Active Directory (Azure AD).

To complete this task, sign in to the Azure portal.

AExplanation:
In the Azure portal, type App services in the search box and select App services from the search results.
Click the Create app service button to create a new app service.
In the Resource Group section, click the Create new link to create a new resource group.
Give the resource group a name such as Intranet11597200RG and click OK.
In the Instance Details section, enter Intranet11597200 in the Name field.
In the Runtime stack field, select any runtime stack such as .NET Core 3.1.
Click the Review + create button.
Click the Create button to create the web app.
Click the Go to resource button to open the properties of the new web app.
In the Settings section, click on Authentication / Authorization.
Click the App Service Authentication slider to set it to On.
In the Action to take when request is not authentication box, select Log in with Azure Active Directory.
Click Save to save the changes.

Show Answer

Question: 5

SIMULATION

You need to create a web app named Intranet11597200 and enable users to authenticate to the web app by using Azure Active Directory (Azure AD).

To complete this task, sign in to the Azure portal.

AExplanation:
In the Azure portal, type App services in the search box and select App services from the search results.
Click the Create app service button to create a new app service.
In the Resource Group section, click the Create new link to create a new resource group.
Give the resource group a name such as Intranet11597200RG and click OK.
In the Instance Details section, enter Intranet11597200 in the Name field.
In the Runtime stack field, select any runtime stack such as .NET Core 3.1.
Click the Review + create button.
Click the Create button to create the web app.
Click the Go to resource button to open the properties of the new web app.
In the Settings section, click on Authentication / Authorization.
Click the App Service Authentication slider to set it to On.
In the Action to take when request is not authentication box, select Log in with Azure Active Directory.
Click Save to save the changes.

Show Answer

Microsoft AZ-500 Quiz:25 Topic:4 Questions:121-125