Microsoft Azure Security Engineer Certification

FREE Microsoft Azure Security Technologies Questions and Answers

0%

You are responsible for ensuring that custom alert rules can be created in Azure Security Center after creating a new Azure subscription.
An Azure Storage account has been made by you.
What should you do, out of the options below?

Correct! Wrong!

To store your custom alert, you must have write access to the workspace you choose.

These questions will not appear in the review screen because you will not be able to return to them after responding to a question in this section.
You have a subscription to Azure with the name Sub1.
You belong to a resource group called RG1 with the name sa1 for your Azure Storage account.
Several shared access signatures (SASs) and stored access policies are used by users and apps to access the blob service and the file service in sa1.
You learn that both the file service and the blob service were accessed by unauthorized individuals. You must terminate all user access to SA1.
Regenerating the Azure storage account access keys is the solution.
Is the objective being achieved?

Correct! Wrong!

All SASs that were based on the old storage account keys will become invalid when new ones are generated.

The password for the administrator account of each deployment is kept a secret in a different Azure key vault, and you want to use Azure Resource Manager templates to make several deployments of identically configured Azure virtual machines.
You must find a way to dynamically create a resource ID that, during each deployment, will identify the key vault holding the necessary secret.
The secret's name as well as the key vault's name will be provided as inline arguments.
What should you put together the resource ID with?

Correct! Wrong!

The parameter file, not the template, contains a reference to the key vault. The secret is referenced in the parameter file and passed to the template as seen in the following illustration.

Azure Diagnostics is enabled on 100 virtual machines that are part of your company's Azure subscription.
You've been given the assignment of finding out who uninstalled a virtual machine fifteen days ago. Azure Monitor has already been visited by you.
Which choice from the list below ought to you pick?

Correct! Wrong!

The operations that were carried out on the resources in your subscription are detailed in the Azure activity logs. Previously, activity logs were referred to as "audit logs" or Because they record control-plane events for your subscriptions, they are known as "operational logs."

Single Sign-On (SSO) is enabled in your hybrid configuration of Azure Active Directory (Azure AD). You have an Azure SQL Database instance with Azure AD authentication functionality enabled.
The domain-joined device must be used to establish a connection to the database instance, and database developers must authenticate using their local Active Directory accounts.
Use Microsoft SQL Server Management Studio to check if developers can connect to the instance. The issue must be solved by reducing authentication requests.
Which authentication technique ought to you suggest?

Correct! Wrong!

Integrated Active Directory
A method of connecting to the Microsoft Azure SQL Database utilizing identities from Azure Active Directory (Azure AD) is called Azure Active Directory Authentication.
If you are logged in to Windows with your Azure Active Directory credentials from a federated domain, use this approach to connect to SQL Database.

You cannot go back to a question you've already answered in this section. As a result, the review screen will not display these questions.
You've set up Azure Active Directory (Azure AD) in a hybrid setup.
On a virtual network, you have an Azure HDInsight cluster.
Users will be able to log into the cluster using their on-premises Active Directory credentials, according to your plan.
The environment needs to be set up to accommodate the intended authentication.
You set up an Azure AD Application Proxy as a solution.
Is the objective being met?

Correct! Wrong!

Instead, you use a VPN gateway and Azure Virtual Networks to connect HDInsight to your on-premises network.
Note: You must take the following steps in order to enable name-based communication between HDInsight and resources on the joined network:
Establish an Azure virtual network.
- In the Azure Virtual Network, create a unique DNS server.
- Set the custom DNS server as the virtual network's default DNS server, replacing the Azure Recursive Resolver by default.
- Set up forwarding between your on-premises DNS server and the custom DNS server.

Your organization has an Azure Active Directory (Azure AD) tenant with the same name as their Active Directory forest, which is weylandindustries.com.
You are informed that users with a givenName attribute commencing with LAB should not be permitted to sync to Azure AD once all on-premises identities have been synced to it.
AD Azure.
Which of the subsequent steps ought you to take?

Correct! Wrong!

Create attribute-based filtering rules using the Synchronization Rules Editor.

Related Post