- (Exam Topic 2)
You have an Azure subscription that contains a resource group named RG1. You have a group named Group1 that is assigned the Contributor role for RG1.
You need to enhance security for the virtual machines in RG1 to meet the following requirements:
• Prevent Group1 from assigning external IP addresses to the virtual machines.
• Ensure that Group1 can establish an RDP connection to the virtual machines through a shared external IP address.
What should you use to meet each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 2)
You have an Azure Active Directory (Azure AD) tenant that contains the user groups shown in the following table.
You enable self-service password reset (SSPR) for Group1.
You configure the Notifications settings as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Solution:
Box 1: Yes
Notify all admins when other admins reset their passwords: Yes. Box 2: No
Notify users on password resets: No. Box 3: No
Notify users on password resets
If this option is set to Yes, then users resetting their password receive an email notifying them that their password has been changed. The email is sent via the SSPR portal to their primary and alternate email addresses that are on file in Azure AD. No one else is notified of the reset event.
Notify all admins when other admins reset their passwords
If this option is set to Yes, then all administrators receive an email to their primary email address on file in Azure AD. The email notifies them that another administrator has changed their password by using SSPR.
Example: There are four administrators in an environment. Administrator A resets their password by using SSPR. Administrators B, C, and D receive an email alerting them of the password reset.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 2)
You create a new Azure subscription. You create a resource group named RG1. In RG1. you create the resources shown in the following table.
You need to configure an encrypted tunnel between your on-premises network and VNET1.
Which two additional resources should you create in Azure? Each correct answer presents part of the solution.
Correct Answer:
DE
A Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device, a local network gateway, located on-premises that has an externally facing public IP address assigned to it.
Finally, create a Site-to-Site VPN connection between your virtual network gateway and your on-premises VPN device.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
- (Exam Topic 2)
You have an Azure subscription.
You create a custom role in Azure by using the following Azure Resource Manager template.
You assign the role to a user named User1. Which action can User1 perform?
Correct Answer:
D
The "Microsoft.Support/*" operation will allow the user to create support tickets. References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell
- (Exam Topic 2)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company is deploying an on-premises application named Appl. Users will access App1 by using a URL of https://app1.contoso.com. You register App1 in Azure Active Directory (Azure AD) and publish Appl by using the Azure AD Application Proxy. You need to ensure that Appl appears in the My Apps portal for all the users.
Solution: You create an offer for App1 and publish the offer to Azure Marketplace.
Correct Answer:
A
