- (Exam Topic 4)
You have an Azure subscription.
You need to create and deploy an Azure policy that meets the following requirements:
When a new virtual machine is deployed, automatically install a custom security extension.
Trigger an autogenerated remediation task for non-compliant virtual machines to install the extension. What should you include in the policy? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 1)
You need to deploy Microsoft Antimalware to meet the platform protection requirements. What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
* 1. DeployifNotExists
* 2. Scope
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have the Azure virtual networks shown in the following table.
You have the Azure virtual machines shown in the following table.
The firewalls on all the virtual machines allow ping traffic. NSG1 is configured as shown in the following exhibit. Inbound security rules
Outbound security rules
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: Yes
VM1 and VM3 are on peered VNets. The firewall rules with a source of ASG1 and ASG2 allow ‘any’ traffic on ‘any’ protocol so pings are allowed between VM1 and VM3.
Box 2: No
VM2 and VM4 are on separate VNets and the VNets are not peered. Therefore, the pings would have to go over the Internet. VM4 does have a public IP and the firewall allows pings. However, for VM2 to be able to ping VM4, VM2 would also need a public IP address. In Azure, pings don’t go out through the default gateway as they would in a physical network. For an Azure VM to ping external IPs, the VM must have a public IP address assigned to it.
Box 3: Yes
VM3 has a public IP address and the firewall allows traffic on port 3389.
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have an Azure subscription named Subscription1.
You deploy a Linux virtual machine named VM1 to Subscription1. You need to monitor the metrics and the logs of VM1. D18912E1457D5D1DDCBD40AB3BF70D5D
What should you use?
Correct Answer:
A
- (Exam Topic 4)
You network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. The tenant contains the users shown in the following table.
The tenant contains the groups shown in the following table.
You configure a multi-factor authentication (MFA) registration policy that and the following settings: Assignments:
Include: Group1 Exclude Group2
Controls: Require Azure MFA registration Enforce Policy: On
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Solution:
Does this meet the goal?
Correct Answer:
A
