Topic 4: Mix Questions
You have an Azure Container Registry named ContReg1 that contains a container image
named image1.
You enable content trust for ContReg1.
After content trust is enabled, you push two images to ContReg1 as shown in the following
table.
A. image1 and image2 only
B. image2 only
C. image1, image2, and image3
You have an Azure subscription.
You plan to implement Azure DDoS Protection. The solution must meet the following
requirement:
* Provide access to DDoS rapid response support during active attacks.
* Project Basic SKU public IP addresses.
You need to recommend which type of DDoS projection to use for each requirement.
What should you recommend? To answer, drag the appropriate DDoS projection types to
the correct requirements. Each DDoS Projection type may be used once, or not at all. You
may need to drag the split bar between panes or scroll to view connect.
NOTE: Each correct selection is worth one point.
Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure Active Directory (Azure AD). The Azure AD tenant contains the users shown in the following table.
Lab Task
use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username
below.
To enter your password. place your cursor in the Enter password box and click on the
password below.
Azure Username: Userl -28681041@ExamUsers.com
Azure Password: GpOAe4@lDg
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the
portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 28681041
Task 4
You need to ensure that a user named user2-28681041 can manage the properties of the
virtual machines in the RG1lod28681041 resource group. The solution must use the
principle of least privilege.
Answer: Check below steps in explanation for Task.
You have an Azure subscription that contains the following resources:
A virtual network named VNET1 that contains two subnets named Subnet1 and
Subnet2.
A virtual machine named VM1 that has only a private IP address and connects to
Subnet1.
You need to ensure that Remote Desktop connections can be established to VM1 from the
internet.
Which three actions should you perform in sequence? To answer, move the appropriate
actions from the list of actions to the answer area and arrange then in the correct order.
You have an Azure subscription that contains the storage accounts shown in the following,
table.
You enable Microsoft Defender for Storage.
Which storage services of storages are monitored by Microsoft Defender for Storage, and
which storage accounts are protected by Microsoft Defender for Storage? To answer,
select the appropriate options in the answer area.
Explanation:
Microsoft Defender for Storage monitors Blob Storage and Azure Files services in storage5 (a StorageV2 account with Azure Data Lake Storage Gen2 enabled) and protects storage1 (a BlobStorage account with ADLS Gen2 enabled) and storage5. Other accounts (storage2, storage3, storage4) are unprotected because they either use unsupported account types (BlockBlobStorage, FileStorage, or StorageV1) or have ADLS Gen2 disabled, which is required for Defender for Storage protection.
Lab Task
Task 2
You need to ensure that the events in the NetworkSecurityGroupRuleCounter log of the
VNETOI-Subnet0-NSG network security group (NSG) are stored in the Iogs31330471
Azure Storage account for 30 days.
Answer: see the task answer with step by step below:
You have an Azure subscription that contains a Microsoft Defender External Attack Surface Management (Defender EASM) resource named EASM1. EASM1 has discovery enabled and contains several inventory assets. You need to identify which inventory assets are vulnerable to the most critical web app security risks. Which Defender EASM dashboard should you use?
A. Attack Surface Summary
B. GDPR Compliance
C. Security Posture
D. OWASP Top 1O
You create a new Azure subscription that is associated to a new Azure Active Directory
(Azure AD) tenant.
You create one active conditional access policy named Portal Policy. Portal Policy is used
to provide access to the Microsoft Azure Management cloud app.
The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit.
(Click the Conditions tab.)
You have a Azure subscription that contains an Azure Container Registry named
Registry1. The subscription uses the Standard use tier of Azure Security Center.
You upload several container images to Register1.
You discover that vulnerability security scans were not performed
You need to ensured that the images are scanned for vulnerabilities when they are
uploaded to Registry1.
What should you do?
A. From the Azure portal modify the Pricing tier settings.
B. From Azure CLI, lock the container images.
C. Upload the container images by using AzCopy
D. Push the container images to Registry1 by using Docker
You have an Azure subscription that contains the Azure virtual machines shown in the
following table.
You create an MDM Security Baseline profile named Profile1.
You need to identify to which virtual machines Profile1 can be applied.
Which virtual machines should you identify?
A. VM1 only
B. VM1, VM2, and VM3 only
C. VM1 and VM3 only
D. VM1, VM2, VM3, and VM4
You have an Azure subscription that contains the storage accounts shown in the following table.
| Page 2 out of 22 Pages |
| Previous |