SIMULATION - You need to ensure that web1234578 is protected from malware by using Microsoft Antimalware for Virtual Machines and is scanned every Friday at 01:00. To complete this task, sign in to the Azure portal.
You need to install and configure the Microsoft Antimalware extension on the virtual machine named web1234578. 1. In the Azure portal, type Virtual Machines in the search box, select Virtual Machines from the search results then select web1234578. Alternatively, browse to Virtual Machines in the left navigation pane. 2. In the properties of web11597200, click on Extensions. 3. Click the Add button to add an Extension. 4. Scroll down the list of extensions and select Microsoft Antimalware. 5. Click the Create button. This will open the settings pane for the Microsoft Antimalware Extension. 6. In the Scan day field, select Friday. 7. In the Scan time field, enter 60. The scan time is measured in minutes after midnight so 60 would be 01:00, 120 would be 02:00 etc. 8. Click the OK button to save the configuration and install the extension.
Question 262
SIMULATION - You need to ensure that the events in the NetworkSecurityGroupRuleCounter log of the VNET01-Subnet0-NSG network security group (NSG) are stored in the logs1234578 Azure Storage account for 30 days. To complete this task, sign in to the Azure portal.
You need to configure the diagnostic logging for the NetworkSecurityGroupRuleCounter log. 1. In the Azure portal, type Network Security Groups in the search box, select Network Security Groups from the search results then select VNET01- Subnet0-NSG. Alternatively, browse to Network Security Groups in the left navigation pane. 2. In the properties of the Network Security Group, click on Diagnostic Settings. 3. Click on the Add diagnostic setting link. 4. Provide a name in the Diagnostic settings name field. It doesn't matter what name you provide for the exam. 5. In the Log section, select NetworkSecurityGroupRuleCounter. 6. In the Destination details section, select Archive to a storage account. 7. In the Storage account field, select the logs1234578 storage account. 8. In the Retention (days) field, enter 30. 9. Click the Save button to save the changes.
Question 263
You are troubleshooting a security issue for an Azure Storage account. You enable the diagnostic logs for the storage account. What should you use to retrieve the diagnostics logs?
You have an Azure subscription that contains the resources shown in the following table. You plan to enable Azure Defender for the subscription. Which resources can be protected by using Azure Defender?
DRAG DROP - You have an Azure subscription that contains the following resources: - A network virtual appliance (NVA) that runs non-Microsoft firewall software and routes all outbound traffic from the virtual machines to the internet - An Azure function that contains a script to manage the firewall rules of the NVA - Azure Security Center standard tier enabled for all virtual machines - An Azure Sentinel workspace - 30 virtual machines You need to ensure that when a high-priority alert is generated in Security Center for a virtual machine, an incident is created in Azure Sentinel and then a script is initiated to configure a firewall rule for the NVA. How should you configure Azure Sentinel to meet the requirements? To answer, drag the appropriate components to the correct requirements. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place:
You have an Azure subscription that contains a resource group named RG1 and a security group named ServerAdmins. RG1 contains 10 virtual machines, a virtual network named VNET1, and a network security group (NSG) named NSG1. ServerAdmins can access the virtual machines by using RDP. You need to ensure that NSG1 only allows RDP connections to the virtual machines for a maximum of 60 minutes when a member of ServerAdmins requests access. What should you configure?
HOTSPOT - You have an Azure subscription named Subscription1 that contains the resources shown in the following table. You have an Azure subscription named Subscription2 that contains the following resources: - An Azure Sentinel workspace - An Azure Event Grid instance You need to ingest the CEF messages from the NVA1 to Azure Sentinel. What should you configure for each subscription? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Question 268
HOTSPOT - You have an Azure subscription named Subscription1 that contains a resource group named RG1 and a user named User1. User1 is assigned the Owner role for RG1. You create an Azure Blueprints definition named Blueprint1 that includes a resource group named RG2 as shown in the following exhibit. You assign Blueprint1 to Subscription1 by using the following settings: - Lock assignment: Read Only - Managed Identity: System assigned For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
You have an Azure Sentinel deployment. You need to create a scheduled query rule named Rule1. What should you use to define the query rule logic for Rule1?
You have an Azure subscription named Subscription1 that contains a resource group named RG1 and the users shown in the following table. You perform the following tasks: - Assign User1 the Network Contributor role for Subscription1. - Assign User2 the Contributor role for RG1. To Subscription1 and RG1, you assign the following policy definition: External accounts with write permissions should be removed from your subscription. What is the Compliance State of the policy assignments?
