01. From the Azure portal, you are configuring an Azure policy. You plan to assign policies that use the DeployIfNotExist, AuditIfNotExist, Append, and Deny effects.
Which effect requires a managed identity for the assignment?
02. You are securing access to the resources in an Azure subscription. A new company policy states that all the Azure virtual machines in the subscription must use managed disks.
You need to prevent users from creating virtual machines that use unmanaged disks. What should you do?
a) Azure Monitor
b) Azure Policy
c) Azure Security Center
d) Azure Service Health
03. You create an Azure Log Analytics workspace named Analytics1 in RG1 in the East US region. Which virtual machines can be enrolled in Analytics1?
a) VM1 only
b) VM1, VM2, and VM3 only
c) VM1, VM2, VM3, and VM4
d) VM1 and VM4 only
04. You have an Azure subscription named Sub1. In Azure Security Center, you have a security playbook named Play1. Play1 is configured to send an email message to a user named User1.
You need to modify Play1 to send email messages to a distribution group named Alerts. What should you use to modify Play1?
a) Azure DevOps
b) Azure Application Insights
c) Azure Monitor
d) Azure Logic Apps Designer
05. Your company uses Azure DevOps. You need to recommend a method to validate whether the code meets the company’s quality standards and code review standards.
What should you recommend implementing in Azure DevOps?
a) branch folders
b) branch permissions
c) branch policies
d) branch locking
06. From Azure Security Center, you create a custom alert rule. You need to configure which users will receive an email message when the alert is triggered. What should you do?
a) From Azure Monitor, create an action group
b) From Security Center, modify the Security policy settings of the Azure subscription
c) From Azure Active Directory (Azure AD), modify the members of the Security Reader role group
d) From Security Center, modify the alert rule
07. You are configuring and securing a network environment. You deploy an Azure virtual machine named VM1 that is configured to analyze network traffic. You need to ensure that all network traffic is routed through VM1.
What should you configure?
a) a system route
b) a network security group (NSG)
c) a user-defined route
d) a security center
08. You company has an Azure subscription named Sub1. Sub1 contains an Azure web app named WebApp1 that uses Azure Application Insights. WebApp1 requires users to authenticate by using OAuth 2.0 client secrets.
Developers at the company plan to create a multi-step web test app that preforms synthetic transactions emulating user traffic to Web App1. You need to ensure that web tests can run unattended.
What should you do first?
a) Register the web test app in Azure AD
b) Upload the .webtest file to Application Insights
c) In Microsoft Visual Studio, modify the .webtest file
d) Add a plug-in to the web test app
09. You have an Azure subscription named Sub1 that contains an Azure Log Analytics workspace named LAW1. You have 100 on-premises servers that run Windows Server 2012 R2 and Windows Server 2016.
The servers connect to LAW1. LAW1 is configured to collect security-related performance counters from the connected servers. You need to configure alerts based on the data collected by LAW1.
The solution must meet the following requirements:
- Alert rules must support dimensions.
- The time it takes to generate an alert must be minimized.
- Alert notifications must be generated only once when the alert is generated and once when the alert is resolved.
Which signal type should you use when you create the alert rules?
b) Log (Saved Query)
d) Activity Log
10. You manage an Azure subscription named Sub1 that is currently associated with an Azure AD tenant named company1.com. Sub1 contains a key vault named kv1 and four system-assigned managed identities named m1, m2, m3, and m4.
The subscription's billing administrator is kent@companylcom. You need to migrate Sub1 and the key vault to a new Azure AD tenant named company2.com. You start by transferring Sub1 to company2.com.
What should you do next?
a) Change the tenant ID of kv1.
b) Update the billing administrator.
c) Recreate the system-assigned managed identities.
d) Re-register all resource providers.