AZ-500 : Microsoft Azure Security Technologies : Part 13

AZ-500 : Microsoft Azure Security Technologies : Part 13

1. HOTSPOT

   You have an Azure subscription that contains the resources shown in the following table.

   

   User1 is a member of Group1. Group1 and User2 are assigned the Key Vault Contributor role for Vault1.

   On January 1, 2019, you create a secret in Vault1. The secret is configured as shown in the exhibit. The date format YYYY-MM-DD is used on the exhibit. (Click the Exhibit tab.)

   

   User2 is assigned an access policy to Vault1. The policy has the following configurations:

   – ​​Key Management Operations: Get, List, and Restore
   – Cryptographic Operations: Decrypt and Unwrap Key
   – Secret Management Operations: Get, List, and Restore

   Group1 is assigned an access policy to Vault1. The policy has the following configurations:

   – Key Management Operations: Get and Recover
   – Secret Management Operations: List, Backup, and Recover

   For each of the following statements, select Yes if the statement is true. Otherwise, select No.

   NOTE: Each correct selection is worth one point.

   

   

    

2. HOTSPOT

   You have an Azure Active Directory (Azure AD) tenant named contoso1812.onmicrosoft.com that contains the users shown in the following table.

   

   You create an Azure Information Protection label named Label1. The Protection settings for Label1 are configured as shown in the exhibit. (Click the Exhibit tab.)

   

   Label1 is applied to a file named File1.

   For each of the following statements, select Yes if the statement is true, Otherwise, select No.

   NOTE: Each correct selection is worth one point.

   

   

3. SIMULATION

   You need to prevent HTTP connections to the rg1lod10598168n1 Azure Storage account.

   To complete this task, sign in to the Azure portal.

   • See the explanation below.
   Explanation:

   The “Secure transfer required” feature is now supported in Azure Storage account. This feature enhances the security of your storage account by enforcing all requests to your account through a secure connection. This feature is disabled by default.

   1. In Azure Portal select you Azure Storage account rg1lod10598168n1.

   2. Select Configuration, and Secure Transfer required.

   

4. DRAG DROP

   Your network contains an on-premises Active Directory domain named contoso.com. The domain contains a user named User1.

   You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains an Azure Storage account named storage1. Storage1 contains an Azure file share named share1.

   Currently, the domain and the tenant are not integrated.

   You need to ensure that User1 can access share1 by using his domain credentials.

   Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

   

   

5. SIMULATION

   You need to ensure that the rg1lod10598168n1 Azure Storage account is encrypted by using a key stored in the KeyVault10598168 Azure key vault.

   To complete this task, sign in to the Azure portal.

   • See the explanation below.
   Explanation:

   Step 1: To enable customer-managed keys in the Azure portal, follow these steps:

   1. Navigate to your storage account rg1lod10598168n1

   2. On the Settings blade for the storage account, click Encryption. Select the Use your own key option, as shown in the following figure.

   

   Step 2: Specify a key from a key vault
   To specify a key from a key vault, first make sure that you have a key vault that contains a key. To specify a key from a key vault, follow these steps:

   4. Choose the Select from Key Vault option.

   5. Choose the key vault KeyVault10598168 containing the key you want to use.

   6. Choose the key from the key vault.

   

6. You have a web app named WebApp1.

   You create a web application firewall (WAF) policy named WAF1.

   You need to protect WebApp1 by using WAF1.

   What should you do first?

   • Deploy an Azure Front Door.
   • Add an extension to WebApp1.
   • Deploy Azure Firewall.

7. You have an Azure subscription that contains an Azure SQL database named sql1.

   You plan to audit sql1.

   You need to configure the audit log destination. The solution must meet the following requirements:

   -​​ Support querying events by using the Kusto query language.
   – Minimize administrative effort.

   What should you configure?

   • an event hub
   • a storage account
   • a Log Analytics workspace

8. DRAG DROP

   You have an Azure subscription.

   You plan to create a storage account.

   You need to use customer-managed keys to encrypt the tables in the storage account.

   From Azure Cloud Shell, which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.