FREE Microsoft Azure Security Technologies Questions and Answers

Question 1

You cannot go back to a question you've already answered in this section. As a result, the review screen will not display these questions.
You've set up Azure Active Directory (Azure AD) in a hybrid setup.
On a virtual network, you have an Azure HDInsight cluster.
Users will be able to log into the cluster using their on-premises Active Directory credentials, according to your plan.
The environment needs to be set up to accommodate the intended authentication.
You set up an Azure AD Application Proxy as a solution.
Is the objective being met?

Accepted Answer

No

Answer

Azure AD Application Proxy is designed to provide secure remote access to on-premises web applications, not to enable direct login to an Azure HDInsight cluster using on-premises Active Directory credentials. For HDInsight clusters integrated with Enterprise Security Package (ESP), Azure AD Domain Services (Azure AD DS) is used to provide domain services for on-premises AD users, facilitating authentication.

Question 2

These questions will not appear in the review screen because you will not be able to return to them after responding to a question in this section.
You have a subscription to Azure with the name Sub1.
You belong to a resource group called RG1 with the name sa1 for your Azure Storage account.
Several shared access signatures (SASs) and stored access policies are used by users and apps to access the blob service and the file service in sa1.
You learn that both the file service and the blob service were accessed by unauthorized individuals. You must terminate all user access to SA1.
Regenerating the Azure storage account access keys is the solution.
Is the objective being achieved?

Accepted Answer

Yes

Answer

Regenerating the storage account access keys effectively invalidates all existing Shared Access Signatures (SASs) and stored access policies that were created using the old keys. Since SASs are cryptographically signed with these keys, changing the keys immediately revokes all current access granted through them. This action ensures that all unauthorized access to the storage account is terminated.

Question 3

Single Sign-On (SSO) is enabled in your hybrid configuration of Azure Active Directory (Azure AD). You have an Azure SQL Database instance with Azure AD authentication functionality enabled.
The domain-joined device must be used to establish a connection to the database instance, and database developers must authenticate using their local Active Directory accounts.
Use Microsoft SQL Server Management Studio to check if developers can connect to the instance. The issue must be solved by reducing authentication requests.
Which authentication technique ought to you suggest?

Accepted Answer

Active Directory - Integrated

Answer

For domain-joined devices and users leveraging their on-premises Active Directory accounts to connect to Azure SQL Database via SSMS, 'Active Directory - Integrated' authentication is the optimal choice. This method uses Windows authentication, allowing for a seamless single sign-on experience where users are authenticated automatically based on their current Windows login, minimizing authentication prompts.

Question 4

The password for the administrator account of each deployment is kept a secret in a different Azure key vault, and you want to use Azure Resource Manager templates to make several deployments of identically configured Azure virtual machines.
You must find a way to dynamically create a resource ID that, during each deployment, will identify the key vault holding the necessary secret.
The secret's name as well as the key vault's name will be provided as inline arguments.
What should you put together the resource ID with?

Accepted Answer

a parameters file

Answer

To dynamically construct a resource ID for a Key Vault during an Azure Resource Manager (ARM) template deployment, you would typically pass the Key Vault name and other relevant details (like resource group or subscription ID) as parameters. A parameters file is used to provide these input values to the ARM template, allowing the template to construct the full resource ID using functions like `resourceId()` based on the provided parameters for each deployment.

Question 5

Your organization has an Azure Active Directory (Azure AD) tenant with the same name as their Active Directory forest, which is weylandindustries.com.
You are informed that users with a givenName attribute commencing with LAB should not be permitted to sync to Azure AD once all on-premises identities have been synced to it.
AD Azure.
Which of the subsequent steps ought you to take?

Accepted Answer

You should make use of the Synchronization Rules Editor to create an attribute-based filtering rule.

Answer

To control which objects synchronize from on-premises Active Directory to Azure AD based on specific attributes like 'givenName', you must configure filtering within Azure AD Connect. The Synchronization Rules Editor is the dedicated tool for creating or modifying synchronization rules, allowing you to define custom attribute-based filtering criteria to prevent unwanted objects from syncing.

Microsoft Azure Security Engineer Certification Practice Test

Microsoft Azure Security Engineer Certification Practice Test

FREE Microsoft Azure Security Technologies Questions and Answers