| Question.11 Your company’s Azure subscription includes a hundred virtual machines that have Azure Diagnostics enabled. You have been tasked with retrieving the identity of the user that removed a virtual machine fifteen days ago. You have already accessed Azure Monitor. Which of the following options should you use? (A) Application Log (B) Metrics (C) Activity Log (D) Logs |
11. Click here to View Answer
Correct Answer : C
Exaplanation : Azure activity logs provide insight into the operations that were performed on resources in your subscription. Activity logs were previously known as audit logs or operational logs, because they report control-plane events for your subscriptions. Reference: https://docs.microsoft.com/en-us/azure/security/azure-log-audit
| Question.12 You have an Azure Container Registry named ContReg1 that contains a container image named image1. You enable content trust for ContReg1. Which images are trusted images? (A) image1 and image2 only (B) image2 only (C) image1, image2, and image3 |
12. Click here to View Answer
Correct Answer : B
Exaplanation : Azure Container Registry implements Docker’s content trust model, enabling pushing and pulling of signed images. To push a trusted image tag to your container registry, enable content trust and push the image with docker push. To work with trusted images, both image publishers and consumers need to enable content trust for their Docker clients. As a publisher, you can sign the images you push to a content trust-enabled registry. Reference: https://docs.microsoft.com/en-us/azure/container-registry/container-registry-content-trust
| Question.13 After creating a new Azure subscription, you are tasked with making sure that custom alert rules can be created in Azure Security Center. You have created an Azure Storage account. Which of the following is the action you should take? A. You should make sure that Azure Active Directory (Azure AD) Identity Protection is removed. B. You should create a DLP policy. C. You should create an Azure Log Analytics workspace. D. You should make sure that Security Center has the necessary tier configured. |
13. Click here to View Answer
Answer: C
Explanation:
C: You need write permission in the workspace that you select to store your custom alert.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-custom-alert
| Question.14 Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your Company’s Azure subscription includes a virtual network that has a single subnet configured. You have created a service endpoint for the subnet, which includes an Azure virtual machine that has Ubuntu Server 18.04 installed. You are preparing to deploy Docker containers to the virtual machine. You need to make sure that the containers can access Azure Storage resources and Azure SQL databases via the service endpoint. You need to perform a task on the virtual machine prior to deploying containers. Solution: You create an AKS Ingress controller. Does the solution meet the goal? A. Yes B. No |
14. Click here to View Answer
Answer:
B
Verified Answer
Explanation:
Ingress Controller is used to establish a reverse proxy, so obviously answer is No
| Question.15 Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. Your Company’s Azure subscription includes a virtual network that has a single subnet configured. You have created a service endpoint for the subnet, which includes an Azure virtual machine that has Ubuntu Server 18.04 installed. You are preparing to deploy Docker containers to the virtual machine. You need to make sure that the containers can access Azure Storage resources and Azure SQL databases via the service endpoint. You need to perform a task on the virtual machine prior to deploying containers. Solution: You install the container network interface (CNI) plug-in. Does the solution meet the goal? A. Yes B. No |
15. Click here to View Answer
Answer:
A
Verified Answer
Explanation:
The Azure Virtual Network container network interface (CNI) plug-in installs in an Azure Virtual Machine. The plug-in supports both Linux and Windows platform.
The plug-in assigns IP addresses from a virtual network to containers brought up in the virtual machine, attaching them to the virtual network, and connecting them directly to other containers and virtual network resources. The plug-in doesn’t rely on overlay networks, or routes, for connectivity, and provides the same performance as virtual machines.
The following picture shows how the plug-in provides Azure Virtual Network capabilities to Pods:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/container-networking-overview