01. A web developer creates a web application that you plan to deploy as an Azure web app. Users must enter credentials to access the web application. You create a new web app named WebAppl1 and deploy the web application to WebApp1.
You need to disable anonymous access to WebApp1. What should you configure?
a) Advanced Tools
b) Authentication/ Authorization
c) Access control (IAM)
d) Deployment credentials
02. You are building a custom Azure function app to connect to Azure Event Grid. You need to ensure that resources are allocated dynamically to the function app. Billing must be based on the executions of the app.
What should you configure when you create the function app?
a) the Windows operating system and the Consumption plan hosting plan
b) the Windows operating system and the App Service plan hosting plan
c) the Docker container and an App Service plan that uses the Bl1 pricing tier
d) the Docker container and an App Service plan that uses the SI pricing
03. You create an Azure Storage account named contosostorage. You plan to create a file share named data. Users need to map a drive to the data file share from home computers that run Windows 10.
Which outbound port should you open between the home computers and the data file share?
04. You deploy an Azure Application Gateway. You need to ensure that all the traffic requesting https://adatum.com/internal resources is directed to an internal server pool and all the traffic requesting https://adatum.com/external resources is directed to an external server pool.
What should you configure on the Application Gateway?
a) URL path-based routing
b) multi-site listeners
c) basic routing
d) SSL termination
05. Your company has 53 offices distributed across the world. Your company uses Office 365 for all employees and an Active Directory Domain Services (AD DS) domain to manage identity for employees. The Azure AD tenant for Office 365 and the AD DS domain are not connected.
You are asked to implement multi-factor authentication (MFA). You need to ensure that users do not need to provide two-factor authentication when they are connected to the company's network from each of the 53 offices.
What two actions should you perform?
Each correct answer presents part of the solution.
a) Configure federation between your AD DS domain and the Azure AD tenant.
b) Configure a trusted IP address with the value: c:[Type== "http://schemas.microsoft.com/ws/2012/01 /insidecorporatenetwork'] => issue(claim = c);
c) Configure directory synchronization between the Azure AD tenant and the AD DS domain.
d) Configure a trusted IP address with an entry for each subnet in the company's network.
06. The development team asks you to provision an Azure storage account for their use. To remain in compliance with IT security policy, you need to ensure that the new Azure storage account meets the following requirements:
- Data must be encrypted at rest.
- Access keys must facilitate automatic rotation.
- The company must manage the access keys.
What should you do?
a) Configure the storage account to store its keys in Azure Key Vault.
b) Create a service endpoint between the storage account and a virtual network (VNet).
c) Require secure transfer for the storage account.
d) Enable Storage Service Encryption (SSE) on the storage account.
07. You are configuring Azure Active Directory (AD) Privileged Identity Management. You need to provide a user named Admm1 with read access to a resource group named RG1 for only one month. The user role must be assigned immediately.
What should you do?
a) Assign an active role.
b) Assign an eligible role.
c) Assign a permanently active role.
d) Create a custom role and a conditional access policy.
08. You create an Azure subscription that is associated to a basic Azure Active Directory (Azure AD) tenant. You need to receive an email notification when any user activates an administrative role. What should you do?
a) Purchase Azure AD Premium 92 and configure Azure AD Privileged Identity Management.
b) Purchase Enterprise Mobility + Security E3 and configure conditional access policies.
c) Purchase Enterprise Mobility + Security E5 and create a custom alert rule in Azure Security Center.
d) Purchase Azure AD Premium PI and enable Azure AD Identity Protection.
09. You download an Azure Resource Manager template based on an existing virtual machine. The template will be used to deploy 100 virtual machines.
You need to modify the template to reference an administrative password. You must prevent the password from being stored in plain text.
What should you create to store the password?
a) Azure Active Directory (AD) Identity Protection and an Azure policy
b) a Recovery Services vault and a backup policy
c) an Azure Key Vault and an access policy
d) an Azure Storage account and an access policy
10. Your company is developing a line-of-business (LOB) application that uses the Azure loT Hub for gathering information from Internet of things (loT) devices. The LOB application uses the loT Hub Service SDK to read device telemetry from the loT Hub.
You need to monitor device telemetry and be able configure alerts based on device telemetry values. Your solution should require the least administrative effort.
What should you do?
a) Use Azure Activity Logs.
b) Enable Azure Monitor resource diagnostics logs on the loT Hub.
c) Use Azure Resource Health.
d) Use Azure Application Insights with the LOB application.