Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Network Contributor role at the subscription level to Admin1.
Does this meet the goal? Yes No.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Owner role at the subscription level to Admin1.
Does this meet the goal? Yes No.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Reader role at the subscription level to Admin1.
Does this meet the goal? Yes No.
You have an Azure subscription that contains a user named User1.
You need to ensure that User1 can deploy virtual machines and manage virtual networks. The solution must use the principle of least privilege.
Which role-based access control (RBAC) role should you assign to User1? Owner Virtual Machine Contributor Contributor Virtual Machine Administrator Login.
Admin1 can add Admin2 as an owner of the subscription Admin3 can add Admin2 as an owner of the subscription Admin2 can create a resource group in the subscription.
You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1.
VM1 runs services that will be used to deploy resources to RG1.
You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1.
What should you do first? From the Azure portal, modify the Managed Identity settings of VM1 From the Azure portal, modify the Access control (IAM) settings of RG1 From the Azure portal, modify the Access control (IAM) settings of VM1 From the Azure portal, modify the Policies settings of RG1.
Modify the backup configurations of VM1 and modify the resource lock type of VNET1 Remove the resource lock from VNET1 and delete all data in Vault1 Turn off VM1 and remove the resource lock from VNET1 Turn off VM1 and delete all data in Vault1.
You have an Azure DNS zone named adatum.com.
You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure.
What should you do? Create an NS record named research in the adatum.com zone. Create a PTR record named research in the adatum.com zone. Modify the SOA record of adatum.com. Create an A record named *.research in the adatum.com zone.
You have an Azure Active Directory (Azure AD) tenant that has the contoso.onmicrosoft.com domain name.
You have a domain name of contoso.com registered at a third-party registrar.
You need to ensure that you can create Azure AD users that have names containing a suffix of @contoso.com.
Which three actions should you perform in sequence? First Action Second Action Third Action.
You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.
You need to view the error events from a table named Event.
Which query should you run in Workspace1? Get-Event Event | where {$_.EventType == "error"} Event | search "error" select * from Event where EventType == "error" search in (Event) * | where EventType ג€"eq ג€errorג€.
You have a registered DNS domain named contoso.com.
You create a public Azure DNS zone named contoso.com.
You need to ensure that records created in the contoso.com zone are resolvable from the internet.
What should you do? Create NS records in contoso.com. Modify the SOA record in the DNS domain registrar. Create the SOA record in contoso.com. Modify the NS records in the DNS domain registrar.
You can assign the Storage File Data SMB Share Contributor role to User1 for share1 You can assign the Storage File Data SMB Share Reader role to Computer1 for share1 You can assign the Storage File Data SMB Share Elevated Contributor role to User2 for share1.
Add a subnet to VNet1 Assign a user the Reader role to VNet1.
Locks Tags.
You have an Azure Active Directory (Azure AD) tenant.
You plan to delete multiple users by using Bulk delete in the Azure Active Directory admin center.
You need to create and upload a file for the bulk delete.
Which user attributes should you include in the file? The user principal name and usage location of each user only The user principal name of each user only The display name of each user only The display name and usage location of each user only The display name and user principal name of each user only.
RG1 has the Tag2:IT tag assigned only Storage1 has the Tag1:subscription, Tag2:IT, Tag3:value1, and Tag4:value4 tags assigned VNET1 has the Tag2:IT and Tag3:value2 tags assigned only.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Traffic Manager Contributor role at the subscription level to Admin1.
Does this meet the goal? Yes No.
You have three offices and an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.
You need to grant user management permissions to a local administrator in each office.
What should you use? Azure AD roles administrative units access packages in Azure AD entitlement management Azure roles.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named Developers.
Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Logic App Contributor role to the Developers group.
Does this meet the goal? Yes No.
User1 can [answer choice] LB1 User1 can [answer choice] the resource group.
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
✑ Reader
✑ Security Admin
✑ Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do? Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1. Assign User1 the Owner role for VNet1. Assign User1 the Contributor role for VNet1. Assign User1 the Network Contributor role for VNet1.
To ensure that users can sign in to virtual machines that are assigned role1, modify the [answer choice] section To ensure that role1 can be assigned only to a resource group named RG1, modify the [answer choice] section.
You have an Azure subscription that contains a storage account named storage1. The storage1 account contains a file share named share1.
The subscription is linked to a hybrid Azure Active Directory (Azure AD) tenant that contains a security group named Group1.
You need to grant Group1 the Storage File Data SMB Share Elevated Contributor role for share1.
What should you do first? Enable Active Directory Domain Service (AD DS) authentication for storage1 Grant share-level permissions by using File Explorer Mount share1 by using File Explorer Create a private endpoint.
You have 15 Azure subscriptions.
You have an Azure Active Directory (Azure AD) tenant that contains a security group named Group1.
You plan to purchase additional Azure subscription.
You need to ensure that Group1 can manage role assignments for the existing subscriptions and the planned subscriptions. The solution must meet the following requirements:
✑ Use the principle of least privilege.
✑ Minimize administrative effort.
What should you do? Assign Group1 the Owner role for the root management group Assign Group1 the User Access Administrator role for the root management group Create a new management group and assign Group1 the User Access Administrator role for the group Create a new management group and assign Group1 the Owner role for the group.
You can assign Policy1 to You can exclude Policy1 from.
Yes No.
Yes No.
Yes No.
You have two Azure subscriptions named Sub1 and Sub2.
An administrator creates a custom role that has an assignable scope to a resource group named RG1 in Sub1.
You need to ensure that you can apply the custom role to any resource group in Sub1 and Sub2. The solution must minimize administrative effort.
What should you do? Select the custom role and add Sub1 and Sub2 to the assignable scopes. Remove RG1 from the assignable scopes. Create a new custom role for Sub1. Create a new custom role for Sub2. Remove the role from RG1. Create a new custom role for Sub1 and add Sub2 to the assignable scopes. Remove the role from RG1. Select the custom role and add Sub1 to the assignable scopes. Remove RG1 from the assignable scopes. Create a new custom role for Sub2.
Assign roles to User2 for storageacct1234. Upload blob data to storageacct1234. Modify the firewall of storageacct1234. View blob data in storageacct1234. View file shares in storageacct1234.
You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.
You need to view the error events from a table named Event.
Which query should you run in Workspace1? select * from Event where EventType == "error" Event | search "error" Event | where EventType is "error" Get-Event Event | where {$_.EventType == "error"}.
You have an Azure App Services web app named App1.
You plan to deploy App1 by using Web Deploy.
You need to ensure that the developers of App1 can use their Azure AD credentials to deploy content to App1. The solution must use the principle of least privilege.
What should you do? Assign the Owner role to the developers Configure app-level credentials for FTPS Assign the Website Contributor role to the developers Configure user-level credentials for FTPS.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You have a CSV file that contains the names and email addresses of 500 external users.
You need to create a guest user account in contoso.com for each of the 500 external users.
Solution: From Azure AD in the Azure portal, you use the Bulk invite users operation.
Does this meet the goal? Yes No.
Role3: Role4:.
You have an Azure subscription named Sub1 that contains two users named User1 and User2.
You need to assign role-based access control (RBAC) roles to User1 and User2. The users must be able to perform the following tasks in Sub1:
• User1 must view the data in any storage account.
• User2 must assign users the Contributor role for storage accounts.
The solution must use the principle of least privilege.
Which RBAC role should you assign to each user? User1 User2.
You have an Azure subscription that contains 10 virtual machines, a key vault named Vault1, and a network security group (NSG) named NSG1. All the resources are deployed to the East US Azure region.
The virtual machines are protected by using NSG1. NSG1 is configured to block all outbound traffic to the internet.
You need to ensure that the virtual machines can access Vault1. The solution must use the principle of least privilege and minimize administrative effort
What should you configure as the destination of the outbound security rule for NSG1? an application security group a service tag an IP address range.
User4 only User1 and User4 only User1, User2, and User4 only User1, User2, User3, and User4.
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
• Reader
• Security Admin
• Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do? Assign User1 the Network Contributor role for VNet1. Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1. Assign User1 the Owner role for VNet1. Assign User1 the Network Contributor role for RG1.
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
• Reader
• Security Admin
• Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do? Remove User1 from the Security Reader role for Subscript on 1. Assign User1 the Contributor role for RG1. Assign User1 the Owner role for VNet1. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription 1. Assign User1 the Contributor role for VNet1.
Azure Application Gateway private endpoints a network security group (NSG) Azure Virtual WAN.
User1 can create a storage account in RG1 User1 can modify the DNS settings of networkinterface1 User1 can create an inbound security rule to filter inbound traffic to networkinterface1.
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
• Reader
• Security Admin
• Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do? Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1. Assign User1 the Access Administrator role for VNet1. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1. Assign User1 the Network Contributor role for RG1.
You have three Azure subscriptions named Sub1, Sub2, and Sub3 that are linked to an Azure AD tenant.
The tenant contains a user named User1, a security group named Group1, and a management group named MG1. User is a member of Group1.
Sub1 and Sub2 are members of MG1. Sub1 contains a resource group named RG1. RG1 contains five Azure functions.
You create the following role assignments for MG1:
• Group1: Reader
• User1: User Access Administrator
You assign User the Virtual Machine Contributor role for Sub1 and Sub2.
The Group1 members can view the configurations of the Azure functions User1 can assign the Owner role for RG1 User1 can create a new resource group and deploy a virtual machine to the new group.
Enable identity-based data access for the file shares in storage1. Modify the security profile for the file shares in storage1. Select Default to Azure Active Directory authorization in the Azure portal for storage1. Configure Access control (IAM) for share1.
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
• Reader
• Security Admin
• Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do? Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1. Assign User1 the User Access Administrator role for VNet1. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for VNet1.
You have an Azure AD tenant named adatum.com that contains the groups shown in the following table.
(Image1)
Adatum.com contains the users shown in the following table.
(Image2)
You assign an Azure Active Directory Premium P2 license to Group1 as shown in the following exhibit.
(Image3)
Group2 is NOT directly assigned a license.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. You can assign User1 the Microsoft Defender for Cloud Apps Discovery license You can remove the Azure Active Directory Premium P2 license from User1 User2 is assigned the Azure Active Directory Premium P2.
JobTitle: UsageLocation:.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You have a CSV file that contains the names and email addresses of 500 external users.
You need to create a guest user account in contoso.com for each of the 500 external users.
Solution: You create a PowerShell script that runs the New-MgUser cmdlet for each external user.
Does this meet the goal? Yes No.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You have a CSV file that contains the names and email addresses of 500 external users.
You need to create a guest user account in contoso.com for each of the 500 external users.
Solution: You create a PowerShell script that runs the New-MgInvitation cmdlet for each external user.
Does this meet the goal? Yes No.
You have an Azure subscription named Subscription1 that contains virtual network named VNet1. VNet1 is in a resource group named RG1.
A user named User1 has the following roles for Subscription1:
• Reader
• Security Admin
• Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do? Assign User1 the Contributor role for VNet1. Assign User1 the Network Contributor role for VNet1. Assign User1 the User Access Administrator role for VNet1. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1.
You have an Azure Storage account named storage1 that uses Azure Blob storage and Azure File storage.
You need to use AzCopy to copy data to the blob storage and file storage in storage1.
Which authentication method should you use for each type of storage? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point. Blob storage: File storage:.
Storage Account Contributor Contributor Storage Blob Data Contributor Reader and Data Access.
You have an Azure subscription named Subscription1 that contains virtual network named VNet1. VNet1 is in a resource group named RG1.
A user named User1 has the following roles for Subscription1:
• Reader
• Security Admin
• Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do? Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1. Assign User1 the Contributor role for VNet1. Assign User1 the Owner role for VNet1. Assign User1 the Network Contributor role for RG1.
Group1 only Group1 and Group3 only Group3 and Group4 only Group1, Group2, and Group3 only Group1, Group2, Group3, and Group4.
Box1 Box2 Box3.
You have an Azure subscription named Sub1 that contains the blob containers shown in the following table.
(See Image1)
Sub1 contains two users named User1 and User2. Both users are assigned the Reader role at the Sub1 scope.
(See Image2)
You assign roles to User1 and User2 as shown in the following table.
(See Image3)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. User1 can read blob2 User1 can read blob3 User2 can read blob1.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You have a CSV file that contains the names and email addresses of 500 external users.
You need to create a guest user account in contoso.com for each of the 500 external users.
Solution: You create a PowerShell script that runs the New-MgUser cmdlet for each user.
Does this meet the goal? Yes No.
Azure AD Application Proxy private endpoints a network security group (NSG) Azure Peering Service.
Azure AD Application Proxy service endpoints a network security group (NSG) Azure Firewall.
Azure Application Gateway service endpoints a network security group (NSG) Azure Peering Service.
RG1 MG1 Sub1 VM1.
Users: Groups:.
data protection a private endpoint Public network access in the Firewalls and virtual networks settings a shared access signature (SAS).
storage1 storage2 storage3 storage4.
You can use [answer choice] for Azure Table Storage You can use [answer choice] for Azure Blob Storage.
DB1 container1 share1 Table1.
You have an Azure Storage account named storage1.
You have an Azure App Service app named App1 and an app named App2 that runs in an Azure container instance. Each app uses a managed identity.
You need to ensure that App1 and App2 can read blobs from storage1. The solution must meet the following requirements:
✑ Minimize the number of secrets used.
✑ Ensure that App2 can only read from storage1 for the next 30 days.
What should you configure in storage1 for each app? App1: App2:.
Box1 Box2.
Create a container instance Register Server1 Install the Azure File Sync agent on Server1 Download an automation script Create a sync group.
You have an Azure subscription that contains a storage account.
You have an on-premises server named Server1 that runs Windows Server 2016. Server1 has 2 TB of data.
You need to transfer the data to the storage account by using the Azure Import/Export service.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select. Attach_an_external_disk_to_Server1_and_then_run_waimportexport.exe From_the_Azure_portal,_update_the_import_job From_the_Azure_portal,_create_an_import_job Detach_the_external_disks_from_Server1_and_ship_the_disks_to_an_Azure_data_center.
share2 can be added as a cloud endpoint for Group1 E:\Folder2 on Server1 can be added as a server endpoint for Group1 D:\Data on Server2 can be added as a server endpoint for Group1.
|
