- (Exam Topic 4)
You have the hierarchy of Azure resources shown in the following exhibit.
You create the Azure Blueprints definitions shown in the following table.
To which objects can you assign Blueprint1 and Blueprint2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Blueprints can only be assigned to subscriptions.
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You are configuring network connectivity for two Azure virtual networks named VNET1 and VNET2. You need to implement VPN gateways for the virtual networks to meet the following requirements:
* VNET1 must have six site-to-site connections that use BGP.
* VNET2 must have 12 site-to-site connections that use BGP.
* Costs must be minimized.
Which VPN gateway SKI) should you use for each virtual network? To answer, drag the appropriate SKUs to the correct networks. Each SKU may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point
Solution:
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#gwsku
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have been tasked with configuring an access review, which you plan to assigned to a new collection of reviews. You also have to make sure that the reviews can be reviewed by resource owners.
You start by creating an access review program and an access review control. You now need to configure the Reviewers.
Which of the following should you set Reviewers to?
Correct Answer:
C
In the Reviewers section, select either one or more people to review all the users in scope. Or you can select to have the members review their own access. If the resource is a group, you can ask the group owners to review.
Graphical user interface, application Description automatically generated with medium confidence
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-programs-controls
- (Exam Topic 4)
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: User1-10598168@ExamUsers.com
Azure Password: Ag1Bh9!#Bd
The following information is for technical support purposes only: Lab Instance: 10598168
You need to ensure that the rg1lod10598168n1 Azure Storage account is encrypted by using a key stored in the KeyVault10598168 Azure key vault.
To complete this task, sign in to the Azure portal.
Solution:
Step 1: To enable customer-managed keys in the Azure portal, follow these steps:
* 1. Navigate to your storage account rg1lod10598168n1
* 2. On the Settings blade for the storage account, click Encryption. Select the Use your own key option, as shown in the following figure.
Step 2: Specify a key from a key vault
To specify a key from a key vault, first make sure that you have a key vault that contains a key. To specify a key from a key vault, follow these steps:
* 4. Choose the Select from Key Vault option.
* 5. Choose the key vault KeyVault10598168 containing the key you want to use.
* 6. Choose the key from the key vault.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-encryption-keys-portal
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have an Azure subscription named Sub1 that contains the Azure key vaults shown in the following table:
In Sub1, you create a virtual machine that has the following configurations: 
Name: VM1 Size: DS2v2 Resource group: RG1 Region: West Europe Operating system: Windows Server 2016
You plan to enable Azure Disk Encryption on VM1.
In which key vaults can you store the encryption key for VM1?
Correct Answer:
A
In order to make sure the encryption secrets don’t cross regional boundaries, Azure Disk Encryption needs the Key Vault and the VMs to be co-located in the same region. Create and use a Key Vault that is in the same region as the VM to be encrypted.
Reference:
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-prerequisites
