- (Exam Topic 6)
You have an Azure subscription named Subscription1.
In Subscription1, you create an Azure web app named WebApp1. WebApp1 will access an external service that requires certificate authentication.
You plan to require the use of HTTPS to access WebApp1. You need to upload certificates to WebApp1.
In which formats should you upload the certificate? To answer, select the appropriate options in the answer
area.
NOTE: Each correct selection is worth one point.
Solution:
A PFX file contains the public key file (SSL Certificate) and its unique private key file. This is required for HTTPS access. The web app will distribute the public key (in a CER file) to clients that connect to the web app.
The CER file is an SSL Certificate which has the public key of the external service. The external service will have the private key associated with the public key contained in the CER file.
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 6)
You have an Azure subscription.
You need to implement a custom policy that meet the following requirements:
*Ensures that each new resource group in the subscription has a tag named organization set to a value of Contoso.
*Ensures that resource group can be created from the Azure portal.
*Ensures that compliance reports in the Azure portal are accurate.
How should you complete the policy? To answer, select the appropriate options in the answers area.
Solution:
Box 1: "Microsoft.Resources/subscriptions/resourceGroups"
To create a new resource group in a subscription, account have at least the this permission.
Box 2: "Append"
Append adds fields to the resource when the if
condition of the policy rule is met. If the append effect would
override a value in the original request with a different value, then it acts as a deny effect and rejects the
request. To append a new value to an existing array, use the [*]
Reference:
version of the alias
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 6)
You have an Azure subscription
You need to receive an email alert when a resource lock is removed from any resource in the subscription What should you use to create an activity log alert in Azure Monitor?
Correct Answer:
C
- (Exam Topic 6)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You manage a virtual network named VNet1 that is hosted in the West US Azure region. VNet1 hosts two virtual machines named VM1 and VM2 that run Windows Server.
You need to inspect all the network traffic from VM1 to VM2 for a period of three hours. Solution: From Azure Network Watcher, you create a connection monitor.
Does this meet the goal?
Correct Answer:
B
Network Watcher Connection Monitor enables you to configure and track connection reachability, latency, and network topology changes. It helps reduce the amount of time to detect connectivity problems. The returned results can provide insights into whether a connectivity problem is due to a platform or a user configuration problem. This is not used in cases where we need to inspect for all the network traffic from one vm to another vm.
On the other hand Network Watcher packet capture allows you to create capture sessions to track traffic to and from a virtual machine. So in this scenario we need to use Network Watcher packet capture References:
https://azure.microsoft.com/en-in/updates/general-availability-azure-network-watcher-connection-monitor-in-all https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-manage-portal
- (Exam Topic 5)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1. Solution: From the RG1 blade, you click Deployments.
Does this meet the goal?
Correct Answer:
A
* 1. Select the resource group (Here RG1) you want to examine.
* 2. Select the link under Deployments.
* 3. Select one of the deployments from the deployment history.
* 4. You will see a history of deployment for the resource group, including the correlation ID.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deployment-history?tabs=azure-porta