| Question.81 Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. What are two possible solutions? (A) Modify an Azure Traffic Manager profile (B) Modify a network security group (NSG) (C) Modify a DDoS protection plan (D) Modify an Azure firewall |
81. Click here to View Answer
Answers are B & D
Modify a network security group (NSG)
Modify an Azure firewall
A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network.
You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
In this question, we need to add a rule to the network security group to allow the connection to the virtual machine on port 80 (HTTP).
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
| Question.82 To complete the sentence, select the appropriate option in the answer area.  |
82. Click here to View Answer
Azure automatically routes traffic between subnets in a virtual network. Therefore, all virtual machines in a virtual network can connect to the other virtual machines in the same virtual network. Even if the virtual machines are on separate subnets within the virtual network, they can still communicate with each other.
To ensure that a virtual machine cannot connect to the other virtual machines, the virtual machine must be deployed to a separate virtual network.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
| Question.83 To complete the sentence, select the appropriate option in the answer area.  |
83. Click here to View Answer
A resource group is a logical container for Azure resources. Resource groups make the management of Azure resources easier.
With a resource group, you can allow a user to manage all resources in the resource group, such as virtual machines, websites, and subnets. The permissions you apply to the resource group apply to all resources contained in the resource group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-groups
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview
| Question.84 Your company has virtual machines (VMs) hosted in Microsoft Azure. The VMs are located in a single Azure virtual network named VNet1. The company has users that work remotely. The remote workers require access to the VMs on VNet1. You need to provide access for the remote workers. What should you (A) Configure a Site-to-Site (S2S) VPN. (B) Configure a VNet-toVNet VPN. (C) Configure a Point-to-Site (P2S) VPN. (D) Configure DirectAccess on a Windows Server 2012 server VM. (E) Configure a Multi-Site VPN |
84. Click here to View Answer
Answer is (C) Configure a Point-to-Site (P2S) VPN.
A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer.
P2S VPN is also a useful solution to use instead of S2S VPN when you have only a few clients that need to connect to a VNet.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/design
| Question.85 How can the IT department ensure that employees at the company’s retail stores can access company applications only from approved tablet devices? (A) SSO (B) Conditional Access (C) Multifactor authentication |
85. Click here to View Answer
Answer is (B) Conditional Access
Conditional Access enables you to require users to access your applications only from approved, or managed, devices.