FREE Microsoft Azure Security Engineer Certification Questions and Answers
Azure Active Directory (Azure AD) is used by your organisation in a hybrid configuration. All users use hybrid Windows 10 devices that are connected to Azure AD.
You are in charge of a SQL Azure database that supports Azure AD authentication.
You must ensure that Microsoft SQL Server Management Studio (SSMS) can connect to the SQL database for database developers. Additionally, you must ensure that the developers authenticate using their on-premises Active Directory accounts. Your plan should provide for a minimal amount of authentication prompts.
Which of the following authentication techniques ought to be employed by developers?
The first managed domain for Azure AD may be Azure AD. Additionally, Azure AD may be a federated version of an on-premises Active Directory Domain Services.
AD.
utilizing SSMS or SSDT to connect with an Azure AD identity
The steps in the following tutorial demonstrate how to use SQL Server Management Studio or SQL Server Database to connect to a SQL database with an Azure AD identity.
Tools.
Integrated Active Directory authentication
Use this method if you are logged in to Windows using your Azure Active Directory credentials from a federated domain.
1. Start Management Studio or Data Tools and in the Connect to Server (or Connect to Database Engine) dialog box, in the Authentication box, select Active
Directory - Integrated. No password is needed or can be entered because your existing credentials will be presented for the connection.
2. Select the Options button, and on the Connection Properties page, in the Connect to database box, type the name of the user database you want to connect to.
(The AD domain name or tenant IDג€ option is only supported for Universal with MFA connection options, otherwise it is greyed out.)
To install Azure virtual machines, you use Azure Resource Manager templates.
You are responsible for making sure that when instances of the virtual machines are provisioned, Windows features that are not in use are immediately deactivated.
Which of the subsequent actions ought you to perform?
Manage Linux computers, AWS VMs, Azure VMs (Classic and Resource Manager), on-premises VMs, and on-premises physical machines with Azure Automation State Configuration.
Azure virtual machines running Windows Server 2016 are part of your company's Azure subscription. You are advised that a specific antimalware virtual machine extension must be deployed on every virtual machine. To accomplish this, you are creating the essential code for a policy. Which of the following effects is a need for your code?
When the requirement is met, DeployIfNotExists deploys a template.
To determine whether it is accurate, you must take into account the underlined portion.
You are in charge of making a unique subscription for every section of your business. The subscriptions will, however, all be connected to a single Azure Active tenant for Azure Active Directory.
Make sure that the roles assigned to each subscription are the same.
You use Privileged Identity Management (PIM) for Azure AD.
In the event that the underlined part is accurate, choose ""No adjustment required."" Choose the accurate answer if the underlined portion is accurate.
Additionally, Privileged Role Administrators have the ability to assign admin roles permanently via the Azure AD Privileged Identity Management (PIM) service.
A cluster for the Azure Kubernetes Service (AKS) is being created by you. An Azure resource must be reachable by the Azure Kubernetes Service (AKS) cluster.
Registry for containers.
The auto-generated service principal should be used to ensure that the Azure Kubernetes Service (AKS) cluster authenticates to the Azure Container Registry.
Solution: You establish a role assignment in Azure Active Directory (Azure AD).
Is the aim being met by the solution?
Azure also establishes a service principle to allow cluster operability with other Azure resources when you create an AKS cluster. This automatically produced service principal is usable for ACR registry authentication. You must first create an Azure AD role assignment that gives the cluster's service principal access to the container registry in order to accomplish this.
To determine whether it is accurate, you must take into account the underlined portion.
In your testing environment, you've set up an Azure Kubernetes Service (AKS) cluster.
The cluster is now being deployed to the production environment as you speak.
You should replace HTTP application routing after stopping it with an application routing solution that enables TLS termination and reverse proxy for AKS services via a single IP address.
An AKS Ingress controller must be made.
In the event that the underlined part is accurate, choose "No adjustment required." Choose the accurate answer if the underlined portion is accurate.
For Kubernetes services, an ingress controller is a piece of software that offers reverse proxy, programmable traffic routing, and TLS termination.
The Azure subscription for your business includes a virtual network with a single subnet set up.
For the subnet, which has an Azure virtual machine with Ubuntu Server 18.04 installed, you have defined a service endpoint.
To install Docker containers on the virtual computer, you are getting ready. The containers must be able to use Azure Storage resources and Azure via the service endpoint, SQL databases.
Before deploying containers, a task must be completed on the virtual machine.
Installing the container network interface (CNI) plug-in is the solution.
Is the aim being met by the solution?
An Azure Virtual Machine can be installed with the container network interface (CNI) plug-in for Azure Virtual Network. Both the Linux and Windows platforms are supported by the plug-in.
The plug-in establishes direct connections between newly created containers and virtual network resources by assigning IP addresses from a virtual network to the containers, attaching them to the virtual network, and starting them up in the virtual machine. The plug-in offers the same performance as virtual machines and doesn't rely on overlay networks or routes for communication.