| Question 16 You make use of Azure Resource Manager templates to deploy Azure virtual machines. You have been tasked with making sure that Windows features that are not in use, are automatically inactivated when instances of the virtual machines are provisioned. Which of the following actions should you take? A. You should make use of Azure DevOps. B. You should make use of Azure Automation State Configuration. C. You should make use of network security groups (NSG). D. You should make use of Azure Blueprints. |
16. Click here to View Answer
Answer:
B
Explanation:
You can use Azure Automation State Configuration to manage Azure VMs (both Classic and Resource Manager), on-premises VMs, Linux machines, AWS VMs, and on-premises physical machines.
Note: Azure Automation State Configuration provides a DSC pull server similar to the Windows Feature DSC-Service so that target nodes automatically receive configurations, conform to the desired state, and report back on their compliance. The built-in pull server in Azure Automation eliminates the need to set up and maintain your own pull server. Azure Automation can target virtual or physical Windows or Linux machines, in the cloud or on-premises.
Reference:
https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started
| Question 17 Your company’s Azure subscription includes Windows Server 2016 Azure virtual machines. You are informed that every virtual machine must have a custom antimalware virtual machine extension installed. You are writing the necessary code for a policy that will help you achieve this. Which of the following is an effect that must be included in your code? A. Disabled B. Modify C. AuditIfNotExists D. DeployIfNotExists |
17. Click here to View Answer
Answer:
D
Explanation:
DeployIfNotExists executes a template deployment when the condition is met.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects
| Question 18 Your company makes use of Azure Active Directory (Azure AD) in a hybrid configuration. All users are making use of hybrid Azure AD joined Windows 10 computers. You manage an Azure SQL database that allows for Azure AD authentication. You need to make sure that database developers are able to connect to the SQL database via Microsoft SQL Server Management Studio (SSMS). You also need to make sure the developers use their on-premises Active Directory account for authentication. Your strategy should allow for authentication prompts to be kept to a minimum. Which of the following is the authentication method the developers should use? A. Azure AD token. B. Azure Multi-Factor authentication. C. Active Directory integrated authentication. |
18. Click here to View Answer
Answer:
C
Explanation:
Azure AD can be the initial Azure AD managed domain. Azure AD can also be an on-premises Active Directory Domain Services that is federated with the Azure
AD.
Using an Azure AD identity to connect using SSMS or SSDT
The following procedures show you how to connect to a SQL database with an Azure AD identity using SQL Server Management Studio or SQL Server Database
Tools.
Active Directory integrated authentication
Use this method if you are logged in to Windows using your Azure Active Directory credentials from a federated domain.
1. Start Management Studio or Data Tools and in the Connect to Server (or Connect to Database Engine) dialog box, in the Authentication box, select Active
Directory – Integrated. No password is needed or can be entered because your existing credentials will be presented for the connection.
2. Select the Options button, and on the Connection Properties page, in the Connect to database box, type the name of the user database you want to connect to.
(The AD domain name or tenant ID option is only supported for Universal with MFA connection options, otherwise it is greyed out.)
| Question 19 You have been tasked with enabling Advanced Threat Protection for an Azure SQL Database server. Advanced Threat Protection must be configured to identify all types of threat detection. Which of the following will happen if when a faulty SQL statement is generate in the database by an application? A. A Potential SQL injection alert is triggered. B. A Vulnerability to SQL injection alert is triggered. C. An Access from a potentially harmful application alert is triggered. D. A Brute force SQL credentials alert is triggered. |
19. Click here to View Answer
Answer:
B
Explanation:
vulnerability to SQL Injection
(SQL.VM_VulnerabilityToSqlInjection
SQL.DB_VulnerabilityToSqlInjection
SQL.MI_VulnerabilityToSqlInjection
SQL.DW_VulnerabilityToSqlInjection)
An application has generated a faulty SQL statement in the database. This can indicate a possible vulnerability to SQL injection attacks. There are two possible reasons for a faulty statement. A defect in application code might have constructed the faulty SQL statement. Or, application code or stored procedures didn’t sanitize user input when constructing the faulty SQL statement, which can be exploited for SQL injection. )
Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-threat-detection-overview
| Question 20 Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements. You are in the process of creating an Azure Kubernetes Service (AKS) cluster. The Azure Kubernetes Service (AKS) cluster must be able to connect to an Azure Container Registry. You want to make sure that Azure Kubernetes Service (AKS) cluster authenticates to the Azure Container Registry by making use of the auto-generated service principal. Solution: You create an Azure Active Directory (Azure AD) role assignment. Does the solution meet the goal? A. Yes B. No |
20. Click here to View Answer
Answer:
B
Explanation:
In Azure Active Directory (Azure AD), if another administrator or non-administrator needs to manage Azure AD resources, you assign them an Azure AD role that provides the permissions they need. For example, you can assign roles to allow adding or changing users, resetting user passwords, managing user licenses, or managing domain names.
This article lists the Azure AD built-in roles you can assign to allow management of Azure AD resources. For information about how to assign roles, see Assign Azure AD roles to users. If you are looking for roles to manage Azure resources, see Azure built-in roles.