You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM). A user named User1 is eligible for the Billing administrator role. You need to ensure that the role can only be used for a maximum of two hours. What should you do?
A. Create a new access review.
B. Edit the role assignment settings.
C. Update the end date of the user assignment.
D. Edit the role activation settings.
Question 142
HOTSPOT - You have an Azure subscription that contains a user named User1 and a storage account named storage1. The storage1 account contains the resources shown in the following table. User1 is assigned the following roles for storage1: • Storage Blob Data Reader • Storage Table Data Contributor • Storage File Data SMB Share Reader In storage1, you create a shared access signature (SAS) named SAS1 as shown in the following exhibit. For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Question 143
You have an Azure subscription that contains a user named User1 and a storage account that hosts a blob container named blob1. You need to grant User1 access to blob1. The solution must ensure that the access expires after six days. What should you use?
A. a shared access signature (SAS)
B. role-based access control (RBAC)
C. a shared access policy
D. a managed identity
Question 144
You have an Azure subscription linked to an Azure AD tenant named contoso.com. Contoso.com contains a user named User1 and an Azure web app named App1. You plan to enable User1 to perform the following tasks: • Configure contoso.com to use Microsoft Entra Verified ID. • Register App1 in contoso.com. You need to identify which roles to assign to User1. The solution must use the principle of least privilege. Which two roles should you identify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. Authentication Policy Administrator
B. Authentication Administrator
C. Cloud App Security Administrator
D. Application Administrator
E. User Administrator
Question 145
You have an Azure AD tenant. You plan to implement an authentication solution to meet the following requirements: • Require number matching. • Display the geographical location when signing in. Which authentication method should you include in the solution?
A. Microsoft Authenticator
B. FIDO2 security key
C. SMS
D. Temporary Access Pass
Question 146
You have an Azure subscription that contains a user named User1 and an Azure Container Registry named ContReg1. You enable content trust for ContReg1. You need to ensure that User1 can create trusted images in ContReg1. The solution must use the principle of least privilege. Which two roles should you assign to User1? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
You have an Azure Container Registry named ContReg1 that contains a container image named image1. You enable content trust for ContReg1. After content trust is enabled, you push two images to ContReg1 as shown in the following table. Which images are trusted images?
A. image1 and image2 only
B. image2 only
C. image1, image2, and image3
Azure Container Registry implements Docker's content trust model, enabling pushing and pulling of signed images. To push a trusted image tag to your container registry, enable content trust and push the image with docker push. To work with trusted images, both image publishers and consumers need to enable content trust for their Docker clients. As a publisher, you can sign the images you push to a content trust-enabled registry. Reference: https://docs.microsoft.com/en-us/azure/container-registry/container-registry-content-trust
Question 148
SIMULATION - You need to configure Azure to allow RDP connections from the Internet to a virtual machine named VM1. The solution must minimize the attack surface of VM1. To complete this task, sign in to the Azure portal.
To enable the RDP port in an NSG, follow these steps: 1. Sign in to the Azure portal. 2. In Virtual Machines, select VM1 3. In Settings, select Networking. 4. In Inbound port rules, check whether the port for RDP is set correctly. The following is an example of the configuration: Priority: 300 - Name: Port_3389 - Port(Destination): 3389 - Protocol: TCP - Source: Any - Destinations: Any - Action: Allow - Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-nsg-problem
Question 149
SIMULATION - You need to add the network interface of a virtual machine named VM1 to an application security group named ASG1. To complete this task, sign in to the Azure portal.
1. In the Search resources, services, and docs box at the top of the portal, begin typing the name of a virtual machine, VM1 that has a network interface that you want to add to, or remove from, an application security group. 2. When the name of your VM appears in the search results, select it. 3. Under SETTINGS, select Networking. Select Configure the application security groups, select the application security groups that you want to add the network interface to, or unselect the application security groups that you want to remove the network interface from, and then select Save. Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface
Question 150
SIMULATION - You need to perform a full malware scan every Sunday at 02:00 on a virtual machine named VM1 by using Microsoft Antimalware for Virtual Machines. To complete this task, sign in to the Azure portal.
Deploy the Microsoft Antimalware Extension using the Azure Portal for single VM deployment 1. In Azure Portal, go to the Azure VM1's blade, navigate to the Extensions section and press Add. 2. Select the Microsoft Antimalware extension and press Create. 3. Fill the "Install extension" form as desired and press OK. Scheduled: Enable - Scan type: Full - Scan day: Sunday - Reference: https://www.e-apostolidis.gr/microsoft/azure/azure-vm-antimalware-extension-management/
