Your company has an Azure subscription that includes two virtual machines, named VirMac1 and VirMac2, which both have a status of Stopped (Deallocated). The virtual machines belong to different resource groups, named ResGroup1 and ResGroup2. You have also created two Azure policies that are both configured with the virtualMachines resource type. The policy configured for ResGroup1 has a policy definition of Not allowed resource types, while the policy configured for ResGroup2 has a policy definition of Allowed resource types. You then create a Read-only resource lock on VirMac1, as well as a Read-only resource lock on ResGroup2. Which of the following is TRUE with regards to the scenario? (Choose all that apply.)
A. You will be able to start VirMac1.
B. You will NOT be able to start VirMac1.
C. You will be able to create a virtual machine in ResGroup2.
D. You will NOT be able to create a virtual machine in ResGroup2.
You have been tasked with delegate administrative access to your company's Azure key vault. You have to make sure that a specific user can set advanced access policies for the key vault. You also have to make sure that access is assigned based on the principle of least privilege. Which of the following options should you use to achieve your goal?
You have been tasked with delegate administrative access to your company's Azure key vault. You have to make sure that a specific user is able to add and delete certificates in the key vault. You also have to make sure that access is assigned based on the principle of least privilege. Which of the following options should you use to achieve your goal?
You have an Azure virtual machine that runs Windows Server R2. You plan to deploy and configure an Azure Key vault, and enable Azure Disk Encryption for the virtual machine. Which of the following is TRUE with regards to Azure Disk Encryption for a Windows VM?
A. It is supported for basic tier VMs.
B. It is supported for standard tier VMs.
C. It is supported for VMs configured with software-based RAID systems.
D. It is supported for VMs configured with Storage Spaces Direct (S2D).
You have an Azure virtual machine that runs Ubuntu 16.04-DAILY-LTS. You plan to deploy and configure an Azure Key vault, and enable Azure Disk Encryption for the virtual machine. Which of the following is TRUE with regards to Azure Disk Encryption for a Linux VM?
A. It is NOT supported for basic tier VMs.
B. It is NOT supported for standard tier VMs.
C. OS drive encryption for Linux virtual machine scale sets is supported.
You need to consider the underlined segment to establish whether it is accurate. You have configured an Azure Kubernetes Service (AKS) cluster in your testing environment. You are currently preparing to deploy the cluster to the production environment. After disabling HTTP application routing, you want to replace it with an application routing solution that allows for reverse proxy and TLS termination for AKS services via a solitary IP address. You must create an AKS Ingress controller. Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.
A. No adjustment required.
B. a network security group
C. an application security group
D. an Azure Basic Load Balancer
An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and TLS termination for Kubernetes services. Reference: https://docs.microsoft.com/en-us/azure/aks/ingress-tls
Question 27
You want to gather logs from a large number of Windows Server 2016 computers using Azure Log Analytics. You are configuring an Azure Resource Manager template to deploy the Microsoft Monitoring Agent to all the servers automatically. Which of the following should be included in the template? (Choose all that apply.)
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has Azure subscription linked to their Azure Active Directory (Azure AD) tenant. As a Global administrator for the tenant, part of your responsibilities involves managing Azure Security Center settings. You are currently preparing to create a custom sensitivity label. Solution: You start by altering the pricing tier of the Security Center. Does the solution meet the goal?
A. Yes
B. No
Question 29
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has Azure subscription linked to their Azure Active Directory (Azure AD) tenant. As a Global administrator for the tenant, part of your responsibilities involves managing Azure Security Center settings. You are currently preparing to create a custom sensitivity label. Solution: You start by integrating Security Center and Microsoft Cloud App Security. Does the solution meet the goal?
A. Yes
B. No
Question 30
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your company has Azure subscription linked to their Azure Active Directory (Azure AD) tenant. As a Global administrator for the tenant, part of your responsibilities involves managing Azure Security Center settings. You are currently preparing to create a custom sensitivity label. Solution: You start by creating a custom sensitive information type. Does the solution meet the goal?
