AZ-500 Part 4

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a hybrid configuration of Azure Active Directory (Azure AD). You have an Azure HDInsight cluster on a virtual network. You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials. You need to configure the environment to support the planned authentication. Solution: You deploy the On-premises data gateway to the on-premises network. Does this meet the goal?. Yes. No.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a hybrid configuration of Azure Active Directory (Azure AD). You have an Azure HDInsight cluster on a virtual network. You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials. You need to configure the environment to support the planned authentication. Solution: You create a site-to-site VPN between the virtual network and the on-premises network. Does this meet the goal?. Yes. No.

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to deploy Azure AD Connect and to integrate Active Directory and the Azure AD tenant. You need to recommend an integration solution that meets the following requirements: ✑ Ensures that password policies and user logon restrictions apply to user accounts that are synced to the tenant ✑ Minimizes the number of servers required for the solution. Which authentication method should you include in the recommendation?. federated identity with Active Directory Federation Services (AD FS). password hash synchronization with seamless single sign-on (SSO). pass-through authentication with seamless single sign-on (SSO).

Your network contains an on-premises Active Directory domain named corp.contoso.com. You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. You sync all on-premises identities to Azure AD. You need to prevent users who have a givenName attribute that starts with TEST from being synced to Azure AD. The solution must minimize administrative effort. What should you use?. Synchronization Rules Editor. Web Service Configuration Tool. the Azure AD Connect wizard. Active Directory Users and Computers.

You are implementing conditional access policies. You must evaluate the existing Azure Active Directory (Azure AD) risk events and risk levels to configure and implement the policies. You need to identify the risk level of the following risk events: ✑ Users with leaked credentials ✑ Impossible travel to atypical locations ✑ Sign-ins from IP addresses with suspicious activity Which level should you identify for each risk event? To answer, drag the appropriate levels to the correct risk events. Each level may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. High. Medium. Low.

HOTSPOT - You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table. You create and enforce an Azure AD Identity Protection user risk policy that has the following settings: ✑ Assignment: Include Group1, Exclude Group2 ✑ Conditions: Sign-in risk of Medium and above ✑ Access: Allow access, Require password change For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: If user1 signs in from an unfamiliar location, he must change password. If user2 signs in from an anonymous ip address , she must change her password. If user3 signs in from a computer containing malware that is communicating with know bot servers , he must change his password.

You have an Azure Active Directory (Azure AD) tenant named contoso.com. You need to configure diagnostic settings for contoso.com. The solution must meet the following requirements: -> Retain logs for two years. -> Query logs by using the Kusto query language. -> Minimize administrative effort. Where should you store the logs?. an Azure event hub. an Azure Log Analytics workspace. an Azure Storage account.

You are troubleshooting a security issue for an Azure Storage account. You enable the diagnostic logs for the storage account. What should you use to retrieve the diagnostics logs?. the Security & Compliance admin center. Azure Security Center. Azure Cosmos DB explorer. AzCopy.

You have an Azure subscription that contains the virtual machines shown in the following table. From Azure Security Center, you turn on Auto Provisioning. You deploy the virtual machines shown in the following table. On which virtual machines is the Microsoft Monitoring Agent installed?. VM3 only. VM1 and VM3 only. VM3 and VM4 only. VM1, VM2, VM3, and VM4.

You have 10 virtual machines on a single subnet that has a single network security group (NSG). You need to log the network traffic to an Azure Storage account. What should you do?. Install the Network Performance Monitor solution. Create an Azure Log Analytics workspace. Enable diagnostic logging for the NSG. Enable NSG flow logs.

You have an Azure subscription that contains the virtual machines shown in the following table. From Azure Security Center, you turn on Auto Provisioning. You deploy the virtual machines shown in the following table. On which virtual machines is the Log Analytics Agent installed?. VM3 only. VM1 and VM3 only. VM3 and VM4 only. VM1, VM2, VM3, and VM4.

HOTSPOT - You have an Azure subscription that contains the alerts shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Hot Area: The state of alert that was fired at 11.23.52. The state of alert that was fired at 11.23.24.

HOTSPOT - You have the hierarchy of Azure resources shown in the following exhibit. You create the Azure Blueprints definitions shown in the following table. Name published at Blueprint1 Tenant root group Blueprint2 Subscription1 To which objects can you assign Blueprint1 and Blueprint2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Blueprint1. Blueprint2.

You have an Azure subscription that contains the Azure Log Analytics workspaces shown in the following table. You create the virtual machines shown in the following table. You plan to use Azure Sentinel to monitor Windows Defender Firewall on the virtual machines. Which virtual machines you can connect to Azure Sentinel?. VM1 only. VM1 and VM3 only. VM1, VM2, VM3, and VM4. VM1 and VM2 only.

HOTSPOT - You have an Azure subscription that contains a user named Admin1 and a resource group named RG1. In Azure Monitor, you create the alert rules shown in the following table. Admin1 performs the following actions on RG1: -> Adds a virtual network named VNET1 -> Adds a Delete lock named Lock1 Which rules will trigger an alert as a result of the actions of Admin1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Adding VNET1. Adding lock1.

You have an Azure subscription that contains 100 virtual machines and has Azure Security Center Standard tier enabled. You plan to perform a vulnerability scan of each virtual machine. You need to deploy the vulnerability scanner extension to the virtual machines by using an Azure Resource Manager template. Which two values should you specify in the code to automate the deployment of the extension to the virtual machines? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. the user-assigned managed identity. the workspace ID. the Azure Active Directory (Azure AD) ID. the Key Vault managed storage account key. the system-assigned managed identity. the primary shared key.

You have an Azure subscription that contains a user named Admin1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer. Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center. You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1. What should you do?. Create and configure a network security group (NSG). Create and configure an additional public IP address for VM1. Replace the Basic Load Balancer with an Azure Standard Load Balancer. Assign an Azure Active Directory Premium Plan 1 license to Admin1.

HOTSPOT - You have an Azure Sentinel workspace that contains an Azure Active Directory (Azure AD) connector, an Azure Log Analytics query named Query1, and a playbook named Playbook1. Query1 returns a subset of security events generated by Azure AD. You plan to create an Azure Sentinel analytic rule based on Query1 that will trigger Playbook1. You need to ensure that you can add Playbook1 to the new rule. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Create the rule and set the type to. Configure the playbook to include.

HOTSPOT - You have an Azure subscription that contains the resources shown in the following table. Name type An IP address of 10.1.0.4 is assigned to VM5. VM5 does not have a public IP address. VM5 has just in time (JIT) VM access configured as shown in the following exhibit. a. a.