- (Exam Topic 6)
You plan to deploy route-based Site-to-Site VPN connections between several on-premises locations and an Azure virtual network. Which tunneling protocol should you use?
Correct Answer:
B
- (Exam Topic 6)
You have an Azure Storage account named storage1.
You have an Azure App Service app named app1 and an app named App2 that runs in an Azure container instance. Each app uses a managed identity.
You need to ensure that App1 and App2 can read blobs from storage1 for the next 30 days. What should you configure in storage1 for each app?
Solution:
With Shared access signature you can limit the resources for access and at the same time can control the duration of the access.
A shared access signature (SAS) provides secure delegated access to resources in your storage account without compromising the security of your data. With a SAS, you have granular control over how a client can access your data. You can control what resources the client may access, what permissions they have on those resources, and how long the SAS is valid, among other parameters.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 6)
You have an Azure subscription named Subscription1.
In Subscription1, you create an Azure web app named WebApp1. WebApp1 will access an external service that requires certificate authentication.
You plan to require the use of HTTPS to access WebApp1. You need to upload certificates to WebApp1.
In which formats should you upload the certificate? To answer, select the appropriate options in the answer
area.
NOTE: Each correct selection is worth one point.
Solution:
A PFX file contains the public key file (SSL Certificate) and its unique private key file. This is required for HTTPS access. The web app will distribute the public key (in a CER file) to clients that connect to the web app.
The CER file is an SSL Certificate which has the public key of the external service. The external service will have the private key associated with the public key contained in the CER file.
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 6)
You have an Azure subscription.
You need to implement a custom policy that meet the following requirements:
*Ensures that each new resource group in the subscription has a tag named organization set to a value of Contoso.
*Ensures that resource group can be created from the Azure portal.
*Ensures that compliance reports in the Azure portal are accurate.
How should you complete the policy? To answer, select the appropriate options in the answers area.
Solution:
Box 1: "Microsoft.Resources/subscriptions/resourceGroups"
To create a new resource group in a subscription, account have at least the this permission.
Box 2: "Append"
Append adds fields to the resource when the if
condition of the policy rule is met. If the append effect would
override a value in the original request with a different value, then it acts as a deny effect and rejects the
request. To append a new value to an existing array, use the [*]
Reference:
version of the alias
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 6)
You have an Azure subscription
You need to receive an email alert when a resource lock is removed from any resource in the subscription What should you use to create an activity log alert in Azure Monitor?
Correct Answer:
C
