HOTSPOT - You need to create Role1 to meet the platform protection requirements. How should you complete the role definition of Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Scenario: A new custom RBAC role named Role1 must be used to delegate the administration of the managed disks in RG1. Role1 must be available only for RG1. Azure RBAC template managed disks "Microsoft.Storage/" Reference: https://blogs.msdn.microsoft.com/azureedu/2017/02/11/new-managed-disk-storage-option-for-your-azure-vms/ https://blogs.msdn.microsoft.com/azure4fun/2016/10/21/custom-azure-rbac-roles-and-how-to-extend-existing-role-definitions-scope/
Question 422
DRAG DROP - You need to configure SQLDB1 to meet the data and application requirements. Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:
You need to ensure that User2 can implement PIM. What should you do first?
To start using PIM in your directory, you must first enable PIM. 1. Sign in to the Azure portal as a Global Administrator of your directory. You must be a Global Administrator with an organizational account (for example, @yourdomain.com), not a Microsoft account (for example, @outlook.com), to enable PIM for a directory. Scenario: Technical requirements include: Enable Azure AD Privileged Identity Management (PIM) for contoso.com Reference: https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-getting-started
Question 424
DRAG DROP - You need to perform the planned changes for OU2 and User1. Which tools should you use? To answer, drag the appropriate tools to the correct resources. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place:
Question 425
You need to meet the technical requirements for the finance department users. Which CAPolicy1 settings should you modify?
HOTSPOT - You need to delegate the creation of RG2 and the management of permissions for RG1. Which users can perform each task? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Box 1: Admin3 only - The Contributor role has the necessary write permissions to create the resource group. Box 2: Admin4 only - You need Owner level access to be able to manage permissions. The Contributor role can do most things but cannot modify permissions on existing objects.
Question 427
You plan to configure Azure Disk Encryption for VM4. Which key vault can you use to store the encryption key?
The key vault needs to be in the same subscription and same region as the VM. VM4 is in West US. KeyVault1 is the only key vault in the same region as the VM. Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault
Question 428
You need to encrypt storage1 to meet the technical requirements. Which key vaults can you use?
The storage account and the key vault must be in the same region and in the same Azure Active Directory (Azure AD) tenant, but they can be in different subscriptions. Storage1 is in the West US region. KeyVault1 is the only key vault in the same region. Reference: https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview
Question 429
HOTSPOT - You implement the planned changes for ASG1 and ASG2. In which NSGs can you use ASG1, and the network interfaces of which virtual machines can you assign to ASG2? Hot Area:
Question 430
You plan to implement JIT VM access. Which virtual machines will be supported?
