Azure AZ-500 Security Technologies Practice Test Set 7

True of false: Azure firewall supports inbound and outbound filtering.


Options are :

  • FALSE
  • TRUE

Answer : TRUE

You are the administrator of all resources in Azure. You need to enforce all new resources created to a specific region. Solution: You create an Azure policy Does this meet the requirements?


Options are :

  • TRUE
  • FALSE

Answer : TRUE

Which of the following Azure tools can help mature the security baseline specific to detecting malicious activity? Select all that apply.


Options are :

  • Azure Security Center
  • Azure policy
  • Azure portal
  • Azure AD
  • Azure Key Vault
  • Azure Monitor

Answer : Azure Security Center Azure Monitor

AZ-300 Microsoft Azure Architect Technologies Prc. Tests Set 5

What is the default retention period for Azure Monitor logs?


Options are :

  • 90 days
  • 60 days
  • 3 years
  • 1 year
  • 30 days
  • Indefinite

Answer : 90 days

Your organization is planning on synchronizing their on premises identities to Azure via the AD Connect tool. You need to ensure that all domain user identities are properly formatted before they are synchronized as to not cause synchronization errors. What should you do?


Options are :

  • Run the IdFix tool
  • Re-run the AD Connect application
  • Run synchronization service manager
  • Run synchronization rules editor

Answer : Run the IdFix tool

You need to configure secure access to one of your production VMs. You are planning to enable secure remote access via Just-In-Time VM access. Which of the following settings can you configure? Select all that apply.


Options are :

  • IP range
  • IP address
  • Port numbers
  • Time range
  • Virtual network
  • Protocol type

Answer : IP range IP address Port numbers Time range Protocol type

Azure AZ-500 Security Technologies Practice Test Set 6

Azure backup can be configured to Azure VMs. What is used to ensure data is encrypted at rest?


Options are :

  • Azure Recovery Services
  • Transparent Data Encryption
  • Azure Storage Service Encryption
  • Azure Recovery Vault
  • Passphrase

Answer : Azure Storage Service Encryption

When securing Azure Key Vault one has to secure the management plane and the data plane. Which of these options is relevant when securing the management plane?


Options are :

  • Set key vault secrets
  • Create, read, update, delete key vaults
  • Set key vault access policies
  • Set key vault tags
  • Create RBAC roles
  • Create key vault keys

Answer : Create, read, update, delete key vaults Set key vault access policies Set key vault tags

You are the administrator for the Contoso financial group. You are responsible for managing the key vault in Azure. You need to recover a certificate that has been deleted in the CONTOSOvault which is called “FinanceAdmin” via an API call to the Key Vault. Which statement below is correct?


Options are :

  • POST http://CONTOSOvault.vault.azure.net/deletedsecrets/FinanceAdmin/recover?api-version=7.0
  • POST https://CONTOSOvault.vault.azure.net/deletedsecrets/FinanceAdmin/recover?api-version=7.0
  • GET https://CONTOSOvault.vault.azure.net/deletedsecrets/FinanceAdmin/recover?api-version=7.0
  • GET http://CONTOSOvault.vault.azure.net/deletedsecrets/FinanceAdmin/recover?api-version=7.0

Answer : POST https://CONTOSOvault.vault.azure.net/deletedsecrets/FinanceAdmin/recover?api-version=7.0

Azure AZ-500 Security Technologies Practice Test Set 2

What PowerShell cmdlet is used to initiate Azure Disk Encryption for a Windows-based VM on Azure?


Options are :

  • Set-AzVMDiskEncryptionWindows
  • Disable-AzVMDiskEncryption
  • Get-AzVmDiskEncryptionStatus
  • Set-AzVMDiskEncryptionExtension
  • Set-AzVMDiskEncryptionLinux
  • Set-AzVMDiskEncryption

Answer : Set-AzVMDiskEncryptionExtension

Select all the answers that specify the technology and Azure resource prerequisites for Azure Disk Encryption.


Options are :

  • Transparent Data Encryption
  • Azure Key Vault
  • DM-Crypt
  • BitLocker
  • Azure Storage Service Encryption
  • SSL/TLS 1.2

Answer : Azure Key Vault DM-Crypt BitLocker

Which of the following Azure tools can help mature the security baseline specific to securing virtual networks? Select all that apply.


Options are :

  • Azure AD
  • Azure Monitor
  • Azure Key Vault
  • Azure Security Center
  • Azure portal
  • Azure policy

Answer : Azure portal Azure policy

AZ-104 Real Azure Administrator Practice Test Set 7

Which of the following roles can make use of Azure Identity Protection in the portal?


Options are :

  • Owner role
  • Contributor role
  • Security Administrator
  • Security reader
  • Global administrator

Answer : Security Administrator Security reader Global administrator

What PowerShell cmdlet is used to initiate Azure Disk Encryption for a Linux-based VM on Azure?


Options are :

  • Set-AzVMDiskEncryptionWindows
  • Get-AzVmDiskEncryptionStatus
  • Set-AzVMDiskEncryptionLinux
  • Set-AzVMDiskEncryptionExtension
  • Disable-AzVMDiskEncryption
  • Set-AzVMDiskEncryption

Answer : Set-AzVMDiskEncryptionExtension

True or false: you can configure multiple AD Connect connectors for the same Active Directory domain.


Options are :

  • FALSE
  • TRUE

Answer : FALSE

AZ-104 Real Azure Administrator Practice Test Set 8

You have to follow the principle of least privilege.  What role do you need to enable PIM for your organisation?


Options are :

  • Global Administrator
  • User Administrator
  • Security Administrator
  • User Access Administrator
  • Owner (Subscription)

Answer : Global Administrator

Azure AZ-500 Security Technologies Practice Test Set 5

You have resources configured as in the exhibit.

You assign an Azure Policy to ITSub. Which of the following options are invalid for policy scope exclusions?


Options are :

  • LabServer1
  • MarketingServer1
  • ITServersRg
  • DefaultRg
  • ITSub
  • MarketingSub
  • DefaultMg1

Answer : MarketingServer1 DefaultRg ITSub MarketingSub DefaultMg1

What Azure resource is used when creating a security playbook?


Options are :

  • Azure Function
  • Azure Container Instance
  • Azure Log Analytics
  • Azure Security Center
  • Azure Logic App

Answer : Azure Logic App

Check out the exhibit.

You have configured an AKV and have created a secret containing a SQL connection string for use by an application. You have registered your application with AAD and need to give the application permissions to use the configured secret. Which option should you choose to accomplish your goal?


Options are :

  • Access control (IAM)
  • Keys
  • Secrets
  • Certificates
  • Access policies
  • Firewalls and virtual networks

Answer : Access policies

AZ-300 Microsoft Azure Architect Practice Exam Questions NEW Set 2

Match the Azure capability with the encryption of data at rest requirement below.


Options are :

  • Encryption of BLOB storage: Azure Disk Encryption (ADE)
  • Encryption of BLOB storage: Transparent Data Encryption (TDE)
  • Encryption of BLOB storage: AlwaysEncrypted
  • Encryption of BLOB storage: Storage System Encryption (SSE)
  • Encryption of file storage: Azure Disk Encryption (ADE)
  • Encryption of file storage: Transparent Data Encryption (TDE)
  • Encryption of file storage: AlwaysEncrypted
  • Encryption of file storage: Storage System Encryption (SSE)

Answer : Encryption of BLOB storage: Storage System Encryption (SSE) Encryption of file storage: Storage System Encryption (SSE)

Match the Azure capability with the encryption of data at rest requirement below.


Options are :

  • Encryption of SQL database: Azure Disk Encryption (ADE)
  • Encryption of SQL database: Transparent Data Encryption (TDE)
  • Encryption of SQL database: AlwaysEncrypted
  • Encryption of SQL database: Storage System Encryption (SSE)
  • Encryption of SQL database columns: Azure Disk Encryption (ADE)
  • Encryption of SQL database columns: Transparent Data Encryption (TDE)
  • Encryption of SQL database columns: AlwaysEncrypted
  • Encryption of SQL database columns: Storage System Encryption (SSE)

Answer : Encryption of SQL database: Transparent Data Encryption (TDE) Encryption of SQL database columns: AlwaysEncrypted

Match the Azure capability with the encryption of data at rest requirement below.


Options are :

  • Encryption of virtual hard disks: Azure Disk Encryption (ADE)
  • Encryption of virtual hard disks: Transparent Disk Encryption (TDE)
  • Encryption of virtual hard disks: AlwaysEncrypted
  • Encryption of virtual hard disks: Storage System Encryption (SSE)
  • Encryption of Windows OS disk: Azure Disk Encryption (ADE)
  • Encryption of Windows OS disk: Transparent Disk Encryption (TDE)
  • Encryption of Windows OS disk: AlwaysEncrypted
  • Encryption of Windows OS disk: Storage System Encryption (SSE)

Answer : Encryption of virtual hard disks: Storage System Encryption (SSE) Encryption of Windows OS disk: Azure Disk Encryption (ADE)

Ms Azure Administrator - Mock Test Set 8

In Azure Information Protection, how many levels of sublabels are supported?


Options are :

  • 1
  • 2
  • 3
  • 4
  • Unlimited

Answer : 1

You have a hybrid Azure AD deployment and have just deployed an Azure SQL Database. You want selected users to use Azure AD credentials to access your Azure SQL Database. What steps do you perform to accomplish your goal?


Options are :

  • Create a Azure AD user account that will serve as the SQL server administrator and assign user privileges
  • Create a Azure AD user account that will serve as the SQL server administrator and assign limited administrator privileges
  • Create a Azure AD user account that will serve as the SQL server administrator and assign global administrator privileges
  • Provision the user account on the Access control (IAM) blade on SQL server
  • Provision the user account on the Active Directory Admin blade on SQL server
  • Configure the client computers with ADALSQL.DLL
  • Configure the client computers with Visual Studio Core
  • Create a group (SQL Group) in Azure AD that contains the SQL server administrator account
  • Create a group (SQL Group) in Azure AD that contains the users that will need to access SQL
  • Create a contained database users specifying the user group created earlier in the database using CREATE USER [SQL Group] FROM EXTERNAL PROVIDER
  • Create a contained database users specifying the user group created earlier in the database using CREATE USER [SQL Group] FROM EXTERNAL AZURE
  • Connect to SQL using Azure Active Directory - Universal with MFA authentication
  • Connect to SQL using Azure SQL Server authentication

Answer : Create a Azure AD user account that will serve as the SQL server administrator and assign user privileges Provision the user account on the Active Directory Admin blade on SQL server Configure the client computers with ADALSQL.DLL Create a group (SQL Group) in Azure AD that contains the users that will need to access SQL Create a contained database users specifying the user group created earlier in the database using CREATE USER [SQL Group] FROM EXTERNAL PROVIDER Connect to SQL using Azure Active Directory - Universal with MFA authentication

View the exhibit.

You have a regulatory requirement to manage your own encryption keys for data at rest for all SQL databases. What option do you select to enable the BYOK scenario?


Options are :

  • Active Directory admin
  • SQL databases
  • Locks
  • Advanced Data Security
  • Transparent data encryption

Answer : Transparent data encryption

AZ-203 Microsoft Certified Azure Developer practice exams Set 13

You are investigating and responding to incidents in Azure Security Center. You routinely use a playbook as part of the response procedure that sends an email to the security operations manager. The company has recently appointed an assistant security operations manager and she needs to be included as an email recipient when the playbook is fired. What tool would you use to make the change?


Options are :

  • Azure Monitor Action Group
  • Azure Logic Apps Designer
  • Azure Log Analytics Workspace
  • Azure Subscription

Answer : Azure Logic Apps Designer

What is used to secure access to resource groups?


Options are :

  • Azure Active Directory
  • Azure Role Based Access Control
  • Azure Security Center
  • Azure Policy

Answer : Azure Role Based Access Control

See the exhibit.

Which of the following is the correct route in the route table associated with Web Subnet?


Options are :

  • Prefix: 10.0.1.4/24; Next Hop: 0.0.0.0
  • Prefix: 10.0.2.0/24; Next Hop: 10.0.1.4
  • Prefix: 10.0.1.0/24; Next Hop: 192.168.1.1
  • Prefix: 0.0.0.0/0; Next Hop: 10.0.1.4

Answer : Prefix: 0.0.0.0/0; Next Hop: 10.0.1.4

Ms Azure Administrator - Mock Test Set 4

You deploy a VM on a VNet and plan to use it to host Docker containers. You have service endpoints on the VNet for Azure PaaS resources. You want the Docker containers to have access to the PaaS resources, what must you deploy?


Options are :

  • Azure Firewall
  • Network Security Groups
  • Azure Virtual Network container network interface (CNI) plug-in
  • Azure container registry
  • AppArmor

Answer : Azure Virtual Network container network interface (CNI) plug-in

Which of the following will you create and configure if you want to connect an individual workstation directly to an Azure VNET? Each option represents part of the solution.


Options are :

  • Virtual Network Gateway
  • Gateway Subnet
  • Self-signed certificate
  • Local Network Gateway
  • Client configuration package
  • VPN connection

Answer : Virtual Network Gateway Gateway Subnet Self-signed certificate Client configuration package

You have assigned Azure AD P1 licenses and have enabled MFA for all your users. Your corporate security policy requires you to ensure that users get prompted for MFA when they access any Microsoft cloud app. How do you configure Azure AD conditional access to achieve your objective?


Options are :

  • Create a conditional access policy, choose all users, choose all cloud apps, choose grant access and require MFA, enable policy
  • Don't create a conditional access policy
  • Create a conditional access policy, choose all users, select all Microsoft apps, choose grant access and require MFA, enable policy
  • Choose the end-user protection baseline policy, choose all cloud apps, choose grant access and require MFA, enable policy

Answer : Don't create a conditional access policy

AZ-203 Microsoft Certified Azure Developer practice exams Set 15

You have a legacy on-premises web application that isn't integrated with Azure AD. The on-premises environment is connected to the internet and your users want to use the application when they're away from the office. You must ensure the identities of users of the application are secured using MFA. You have to minimise costs and administrative effort. Each of the following options provide part of the solution and are not presented in order. Choose the best option in each of the listed items:


Options are :

  • Migration: Migrate the application to Azure IaaS
  • Migration: Migrate the application to Azure PaaS
  • Migration: Don't migrate the solution to Azure
  • Connectivity: Deploy an end-user VPN solution
  • Connectivity: Deploy Azure Application Gateway (with WAF)
  • Connectivity: Deploy Azure AD Application Proxy
  • Security: Deploy the Azure AD on premises MFA server
  • Security: Deploy an on-premises RADIUS server
  • Security: Don't deploy an on-premises security solution
  • Configuration: Configure Azure AD MFA
  • Configuration: Configure Azure AD MFA and conditional access
  • Configuration: Configure Azure AD MFA, conditional access and the VPN connector

Answer : Migration: Don't migrate the solution to Azure Connectivity: Deploy Azure AD Application Proxy Security: Don't deploy an on-premises security solution Configuration: Configure Azure AD MFA

You are configuring AAD conditional access and want to ensure that you don't lock out everyone in your organisation. You notice an empty group named "MFA bypass" with a description "Place users into this group temporarily if they need to bypass MFA". Which of the following do you need to do to ensure that users that are placed in that group effectively bypasses MFA.


Options are :

  • Nothing; the MFA bypass group is a built-in MFA lock-out failsafe
  • Create a AAD conditional access policy that grants access to the "MFA bypass" group for all applications
  • Add the "MFA bypass" group to the exclude section of the users and groups assignment
  • Add the AAD Global administrator's account to the "MFA bypass" group
  • There is no way to bypass an AAD conditional access policy

Answer : Add the "MFA bypass" group to the exclude section of the users and groups assignment

When doing an app registration in Azure AD, what option in the exhibit allows configuration of the services the application has access to?


Options are :

  • Authentication
  • Certificates & secrets
  • API permissions
  • Expose an API
  • Roles and administrators

Answer : API permissions

70-533 Implementing Microsoft Azure Infrastructure Solution Set 6

You can create custom RBAC roles for which of the following?


Options are :

  • Azure AD permissions
  • Azure Resource permissions

Answer : Azure Resource permissions

User1 is member of Group1

User2 is member of Group1 and Group2

An AAD Identity Protection user risk policy is configured to include Group1 and exclude Group2.

Is the policy applied to User2?


Options are :

  • Yes
  • No
  • I don't know
  • Maybe

Answer : Yes

You are configuring application security groups as in the exhibit.

Match the below Azure resources with their associations.


Options are :

  • NSG: VM
  • NSG: Subnet
  • NSG: VNet
  • NSG: ASG
  • ASG: VM
  • ASG: Subnet
  • ASG: VNet
  • ASG: NSG

Answer : NSG: Subnet ASG: VM

AZ-203 Microsoft Certified Azure Developer practice exams Set 2

You are configuring application security groups as in the exhibit.

Match the below Azure resources with their associations.


Options are :

  • Traffic filtering rule: VM
  • Traffic filtering rule: Subnet
  • Traffic filtering rule: NSG
  • Traffic filtering rule: ASG
  • Subnet: VM
  • Subnet: VNet
  • Subnet: NSG
  • Subnet: ASG

Answer : Traffic filtering rule: NSG Subnet: VNet

See the exhibit.

Which of the following do you configure to ensure that internet-connected browsers can access the web application (www.contoso.com) on Web Subnet via HTTPS?


Options are :

  • Route: Prefix: 0.0.0.0/0; Next Hop: 10.1.1.1
  • Network rule; Protocol: TCP; Source: *; Destination: 10.1.1.1
  • DNAT rule; Protocol: TCP; Source: *; Translated Addr: 10.1.1.1
  • Application rule; Source: *; Target: www.contoso.com

Answer : DNAT rule; Protocol: TCP; Source: *; Translated Addr: 10.1.1.1

Which of the following would you implement to comply with restrictive geo-location compliance requirements in your Azure subscription?


Options are :

  • Azure Policy
  • Microsoft Compliance Manager
  • Azure Subscription
  • Azure Active Directory
  • Azure Security Center

Answer : Azure Policy

AZ-900 Microsoft Azure Fundamentals Original Practice Tests Set 1

You have an NSG as in the exhibit and it is the only NSG configured in the environment.

T/F: The virtual machines in the AZ-500-rg resource group are blocked from communicating outbound to the internet.


Options are :

  • True
  • False
  • Falrue

Answer : False

Infrastructure

- VM1 is part of RG1 and is in a stopped state.

- VM2 is part of RG2 and is in a stopped state.

- VM3 is part of RG3 and is in a stopped state.

Policies

-RG1 has a not allowed virtual machines policy applied.

-RG2 has an allowed virtual machines policy applied.

Locks

-VM1 has a read-only lock applied.

-RG2 has a read-only lock applied.

-RG3 has a delete-lock applied.

Superfluous information

You've got to love combining policies and locks; inheritance and permissions. 

Question

Select all the actions that can be performed. 



Options are :

  • You can start VM1
  • You can start VM2
  • You can create a new VM in RG1
  • You can create a new VM in RG2
  • You can start VM3

Answer : You can start VM3

Which Azure resource should you use to safeguard container access?


Options are :

  • Azure Active Directory
  • Azure RBAC
  • Azure Key Vault
  • Azure Security Center

Answer : Azure Key Vault

AZ-300 Microsoft Azure Architect Technologies Prc. Tests Set 3

You have a VNet named VNet1 containing a subnet named Sn1 containing a VM named VM1. You have another subnet in VNet1 named AzureFirewallSubnet containing an Azure Firewall. In order to ensure that all network traffic from Sn1 is routed through the Azure Firewall, what must you configure?


Options are :

  • NSG associated with Sn1 containing a outgoing rule allowing any source to any destination
  • Route Table associated with Sn1 containing a route with address prefix of 0.0.0.0/0 and next hop with the private IP of the Azure Firewall
  • NSG associated with AzureFirewallSubnet containing a outgoing rule allowing any source to any destination
  • Route Table associated with AzureFirewallSubnet containing a route with address prefix of 0.0.0.0/0 and next hop with the private IP of the Azure Firewall

Answer : Route Table associated with Sn1 containing a route with address prefix of 0.0.0.0/0 and next hop with the private IP of the Azure Firewall

In OAuth 2.0 / OpenID Connect, what action does the browser take after receiving a successful ID token?


Options are :

  • Redirects to sign-in URI
  • Returns to the previous page
  • Launches the application
  • Connects to the database

Answer : Redirects to sign-in URI

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions