Microsoft AZ-500 Quiz 25 Topic 4 Questions 121-125

Question: 1

You have an Azure subscription that contains a user named Adminl1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer.

Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center.

You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1.

What should you do?

ACreate and configure an additional public IP address for VM 1.

BReplace the Basic Load Balancer with an Azure Standard Load Balancer.

CAssign an Azure Active Directory Premium Plan 1 license to Admin1.

DCreate and configure a network security group (NSG).

Show Answer

Question: 2

You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.

You need to ensure that User1 can create and manage administrative units. The solution must use the principle of least privilege.

Which role should you assign to User1?

APrivileged role administrator

BHelpdesk administrator

CGlobal administrator

DSecurity administrator

Show Answer

Question: 3

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: User1-10598168@ExamUsers.com

Azure Password: Ag1Bh9!#Bd

The following information is for technical support purposes only:

Lab Instance: 10598168

q3_AZ-500

You need to ensure that a user named user21059868 can manage the properties of the virtual machines in the RG1lod10598168 resource group. The solution must use the principle of least privilege.

To complete this task, sign in to the Azure portal.

AExplanation:
1. In Azure portal, locate and select the RG1lod10598168 resource group.
2. Click Access control (IAM).
3. Click the Role assignments tab to view all the role assignments at this scope.
4. Click Add > Add role assignment to open the Add role assignment pane.

5. In the Role drop-down list, select the role Virtual Machine Contributor.
Virtual Machine Contributor lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.
6. In the Select list, select user user21059868
7. Click Save to assign the role.

Show Answer

Question: 4

SIMULATION

The developers at your company plan to publish an app named App11641655 to Azure.

To complete this task, sign in to the Azure portal and modify the Azure resources.

AExplanation:
Step 1: Register the Application
1. Sign in to your Azure Account through the Azure portal.
2. Select Azure Active Directory.
3. Select App registrations.
4. Select New registration.
5. Name the application App11641655. Select a supported account type, which determines who can use the application. Under Redirect URI, select Web for the type of application you want to create. Enter the URI: https://app.contoso.com , where the access token is sent to.

6. Click Register

Show Answer

Question: 5

SIMULATION

You need to create a new Azure Active Directory (Azure AD) directory named 10317806.onmicrosoft.com. The new directory must contain a user named user10317806 who is configured to sign in by using Azure Multi-Factor Authentication (MFA).

AExplanation:
To create a new Azure AD tenant:
1. Browse to theAzure portaland sign in with an account that has an Azure subscription.
2. Select theplus icon (+)and search forAzure Active Directory.

3. SelectAzure Active Directoryin the search results.

4. SelectCreate.
5. Provide anOrganization name(10317806) and anInitial domain name (10317806). Then selectCreate. This will create the directory named
10317806.onmicrosoft.com.

6. After directory creation is complete, select the information box to manage your new directory.
To create the user:
1. In the Azure portal, make sure you are on the Azure Active Directory fly out.

If not, select the Azure Active Directory icon from the left services navigation.

2. UnderManage, selectUsers.

3. SelectAll usersand then select+ New user.
4. Provide aNameandUser name(user10317806) for the user. When you're done, selectCreate.
To enable MFA:
1. In the Azure portal, make sure you are on the Azure Active Directory fly out.

If not, select the Azure Active Directory icon from the left services navigation.

2. UnderManage, selectUsers.

3. Click on the Multi-Factor Authentication link.
4. Tick the checkbox next to the user's name and click the Enable link.

Show Answer

Microsoft AZ-500 Quiz:25 Topic:4 Questions:121-125