👉Get Full PDF
| Question.51 You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager (ARM) resource deployments in your Azure subscription. What should you include in the recommendation? (A) Azure Monitor action groups (B) Azure Arc (C) Azure Monitor metrics (D) Azure Activity Log |
51. Click here to View Answer
Answer: D
Explanation:
Azure Activity Log is a correct answer.
| Question.52 DRAG DROP – You have an Azure AD tenant that contains an administrative unit named MarketingAU. MarketingAU contains 100 users. You create two users named User1 and User2. You need to ensure that the users can perform the following actions in MarketingAU: •User1 must be able to create user accounts. •User2 must be able to reset user passwords. Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.  |
52. Click here to View Answer
Answer:
Explanation:
| Question.53 You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager (ARM) resource deployments in your Azure subscription. What should you include in the recommendation? (A) Azure Arc (B) Azure Log Analytics (C) Application insights (D) Azure Monitor action groups |
53. Click here to View Answer
Answer: B
Explanation:
Azure Log Analytics
| Question.54 HOTSPOT – You are designing an app that will be hosted on Azure virtual machines that run Ubuntu. The app will use a third-party email service to send email messages to users. The third-party email service requires that the app authenticate by using an API key. You need to recommend an Azure Key Vault solution for storing and accessing the API key. The solution must minimize administrative effort. What should you recommend using to store and access the key? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.  |
54. Click here to View Answer
Answer:
Explanation:
1. Storage: c. Secret. API keys are typically stored as secrets in Azure Key Vault. The key vault can store and manage secrets like API keys, passwords, or database connection strings.2. Access: b. A managed service identity (MSI). A managed service identity (MSI) is used to give your VM access to the key vault. The advantage of using MSI is that you do not have to manage credentials yourself. Azure takes care of rolling the credentials and ensuring their lifecycle. The application running on your VM can use its managed service identity to get a token to Azure AD, and then use that token to authenticate to Azure Key Vault.
| Question.55 DRAG DROP – You have two app registrations named App1 and App2 in Azure AD. App1 supports role-based access control (RBAC) and includes a role named Writer. You need to ensure that when App2 authenticates to access App1, the tokens issued by Azure AD include the Writer role claim. Which blade should you use to modify each app registration? To answer, drag the appropriate blades to the correct app registrations. Each blade may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.  |
55. Click here to View Answer
Answer:
Explanation:
App1: App Roleshttps://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-apps#app-roles-uiApp2: Api Permissionshttps://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-apps#assign-app-roles-to-applications