Microsoft AZ-500 Quiz 4 Topic 9 Questions 16-20

Question: 1

You need to ensure that the events in the NetworkSecurityGroupRuleCounter log of the VNET01-Subnet0-NSG network security group (NSG) are stored in the logs11597200 Azure Storage account for 30 days.

To complete this task, sign in to the Azure portal.

AExplanation:
You need to configure the diagnostic logging for the NetworkSecurityGroupRuleCounter log.
In the Azure portal, type Network Security Groups in the search box, select Network Security Groups from the search results then select VNET01-Subnet0-NSG. Alternatively, browse to Network Security Groups in the left navigation pane.
In the properties of the Network Security Group, click on Diagnostic Settings.
Click on the Add diagnostic setting link.
Provide a name in the Diagnostic settings name field. It doesn't matter what name you provide for the exam.
In the Log section, select NetworkSecurityGroupRuleCounter.
In the Destination details section, select Archive to a storage account.
In the Storage account field, select the logs11597200 storage account.
In the Retention (days) field, enter 30.
Click the Save button to save the changes.

Show Answer

Question: 2

A user named Debbie has the Azure app installed on her mobile device.

You need to ensure that debbie@contoso.com is alerted when a resource lock is deleted.

To complete this task, sign in to the Azure portal.

AExplanation:
You need to configure an alert rule in Azure Monitor.
Type Monitor into the search box and select Monitor from the search results.
Click on Alerts.
Click on +New Alert Rule.
In the Scope section, click on the Select resource link.
In the Filter by resource type box, type locks and select Management locks (locks) from the filtered results.
Select the subscription then click the Done button.
In the Condition section, click on the Select condition link.
Select the Delete management locks condition the click the Done button.
In the Action group section, click on the Select action group link.
Click the Create action group button to create a new action group.
Give the group a name such as Debbie Mobile App (it doesn't matter what name you enter for the exam) then click the Next: Notifications > button.
In the Notification type box, select the Email/SMS message/Push/Voice option.
In the Email/SMS message/Push/Voice window, tick the Azure app Push Notifications checkbox and enter debbie@contoso.com in the Azure account email field.
Click the OK button to close the window.
Enter a name such as Debbie Mobile App in the notification name box.
Click the Review & Create button then click the Create button to create the action group.
Back in the Create alert rule window, in the Alert rule details section, enter a name such as Management lock deletion in the Alert rule name field.
Click the Create alert rule button to create the alert rule.

Show Answer

Question: 3

You need to configure a weekly backup of an Azure SQL database named Homepage. The backup must be retained for eight weeks.

To complete this task, sign in to the Azure portal.

AExplanation:
You need to configure the backup policy for the Azure SQL database.
In the Azure portal, type Azure SQL Database in the search box, select Azure SQL Database from the search results then select Homepage. Alternatively, browse to Azure SQL Database in the left navigation pane.
Select the server hosting the Homepage database and click on Manage backups.
Click on Configure policies.
Ensure that the Weekly Backups option is ticked.
Configure the How long would you like weekly backups to be retained option to 8 weeks.
Click Apply to save the changes.

Show Answer

Question: 4

You need to ensure that when administrators deploy resources by using an Azure Resource Manager template, the deployment can access secrets in an Azure key vault named KV11597200.

To complete this task, sign in to the Azure portal.

AExplanation:
You need to configure an option in the Advanced Access Policy of the key vault.
In the Azure portal, type Azure Key Vault in the search box, select Azure Key Vault from the search results then select the key vault named KV11597200. Alternatively, browse to Azure Key Vault in the left navigation pane.
In the properties of the key vault, click on Advanced Access Policies.
Tick the checkbox labelled Enable access to Azure Resource Manager for template deployment.
Click Save to save the changes.

Show Answer

Question: 5

You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.

To complete this task, sign in to the Azure portal.

AExplanation:
You need to configure the Network Security Group that is associated with subnet0.
In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET1. Alternatively, browse to Virtual Networks in the left navigation pane.
In the properties of VNET1, click on Subnets. This will display the subnets in VNET1 and the Network Security Group associated to each subnet. Note the name of the Network Security Group associated to Subnet0.
Type Network Security Groups into the search box and select the Network Security Group associated with Subnet0.
In the properties of the Network Security Group, click on Inbound Security Rules.
Click the Add button to add a new rule.
In the Source field, select Service Tag.
In the Source Service Tag field, select Internet.
Leave the Source port ranges and Destination field as the default values (* and All).
In the Destination port ranges field, enter 7777.
Change the Protocol to TCP.
Leave the Action option as Allow.
Change the Priority to 100.
Change the Name from the default Port_8080 to something more descriptive such as Allow_TCP_7777_from_Internet. The name cannot contain spaces.
Click the Add button to save the new rule.

Show Answer

Microsoft AZ-500 Quiz:4 Topic:9 Questions:16-20