- (Exam Topic 4)
You need to ensure that when administrators deploy resources by using an Azure Resource Manager template, the deployment can access secrets in an Azure key vault named KV11597200.
To complete this task, sign in to the Azure portal.
Solution:
You need to configure an option in the Advanced Access Policy of the key vault.
In the Azure portal, type Azure Key Vault in the search box, select Azure Key Vault from the search results then select the key vault named KV11597200. Alternatively, browse to Azure Key Vault in the left navigation pane. In the properties of the key vault, click on Advanced Access Policies. Tick the checkbox labelled Enable access to Azure Resource Manager for template deployment. Click Save to save the changes.
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You plan to use Azure Disk Encryption for several virtual machine disks.
You need to ensure that Azure Disk Encryption can retrieve secrets from the KeyVault11641655 Azure key vault.
To complete this task, sign in to the Azure portal and modify the Azure resources.
Solution:
* 1. In the Azure portal, type Key Vaults in the search box, select Key Vaults from the search results then select KeyVault11641655. Alternatively, browse to Key Vaults in the left navigation pane.
* 2. In the Key Vault properties, scroll down to the Settings section and select Access Policies.
* 3. Select the Azure Disk Encryption for volume encryption
* 4. Click Save to save the changes.
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 1)
You need to configure SQLDB1 to meet the data and application requirements.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Solution:
From the Azure portal, create an Azure AD administrator for LitwareSQLServer1 Connect to SQLDB1 by using SSMS
In SQLDB1, create contained database users https://www.youtube.com/watch?v=pEPyPsGEevw
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
From the Azure portal, you are configuring an Azure policy.
You plan to assign policies that use the DeployIfNotExist, AuditIfNotExist, Append, and Deny effects.
Which effect requires a managed identity for the assignment?
Correct Answer:
C
When Azure Policy runs the template in the deployIfNotExists policy definition, it does so using a managed identity.
References:
https://docs.microsoft.com/bs-latn-ba/azure/governance/policy/how-to/remediate-resources
- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains three security groups named Group1, Group2, and Group3 and the users shown in the following table.
Group3 is a member of Group2.
In contoso.com, you register an enterprise application named App1 that has the following settings: 
Owners: User1 Users and groups: Group2
You configure the properties of App1 as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select no.
NOTE: Each correct selection is worth one point.
Solution:
Text Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/assign-user-or-group-access-portal
Does this meet the goal?
Correct Answer:
A
