- (Exam Topic 4)
You are troubleshooting a security issue for an Azure Storage account.
You enable the diagnostic logs for the storage account. What should you use to retrieve the diagnostics logs?
Correct Answer:
D
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-analytics-logging?toc=/azure/storage%2
- (Exam Topic 4)
You have an Azure subscription that contains the storage accounts shown in the following, table.
You enable Microsoft Defender for Storage.
Which storage services of storages are monitored by Microsoft Defender for Storage, and which storage accounts are protected by Microsoft Defender for Storage? To answer, select the appropriate options in the answer area.
Solution:
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions. You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create a policy initiative and assignments that are scoped to resource groups. Does this meet the goal?
Correct Answer:
B
- (Exam Topic 4)
You need to ensure that when administrators deploy resources by using an Azure Resource Manager template, the deployment can access secrets in an Azure key vault named KV11597200.
To complete this task, sign in to the Azure portal.
Solution:
You need to configure an option in the Advanced Access Policy of the key vault.
In the Azure portal, type Azure Key Vault in the search box, select Azure Key Vault from the search results then select the key vault named KV11597200. Alternatively, browse to Azure Key Vault in the left navigation pane. In the properties of the key vault, click on Advanced Access Policies. Tick the checkbox labelled Enable access to Azure Resource Manager for template deployment. Click Save to save the changes.
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You plan to use Azure Disk Encryption for several virtual machine disks.
You need to ensure that Azure Disk Encryption can retrieve secrets from the KeyVault11641655 Azure key vault.
To complete this task, sign in to the Azure portal and modify the Azure resources.
Solution:
* 1. In the Azure portal, type Key Vaults in the search box, select Key Vaults from the search results then select KeyVault11641655. Alternatively, browse to Key Vaults in the left navigation pane.
* 2. In the Key Vault properties, scroll down to the Settings section and select Access Policies.
* 3. Select the Azure Disk Encryption for volume encryption
* 4. Click Save to save the changes.
Does this meet the goal?
Correct Answer:
A
