Microsoft AZ-500 Quiz 25 Topic 4 Questions 121-125

Question: 1

You have an Azure subscription that contains a user named Adminl1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer.

Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center.

You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1.

What should you do?

ACreate and configure an additional public IP address for VM 1.

BReplace the Basic Load Balancer with an Azure Standard Load Balancer.

CAssign an Azure Active Directory Premium Plan 1 license to Admin1.

DCreate and configure a network security group (NSG).

Show Answer

Question: 2

You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.

You need to ensure that User1 can create and manage administrative units. The solution must use the principle of least privilege.

Which role should you assign to User1?

APrivileged role administrator

BHelpdesk administrator

CGlobal administrator

DSecurity administrator

Show Answer

Question: 3

SIMULATION

You need to ensure that when administrators deploy resources by using an Azure Resource Manager template, the deployment can access secrets in an Azure key vault named KV11597200.

To complete this task, sign in to the Azure portal.

AExplanation:
You need to configure an option in the Advanced Access Policy of the key vault.
In the Azure portal, type Azure Key Vault in the search box, select Azure Key Vault from the search results then select the key vault named KV11597200. Alternatively, browse to Azure Key Vault in the left navigation pane.
In the properties of the key vault, click on Advanced Access Policies.
Tick the checkbox labelled Enable access to Azure Resource Manager for template deployment.
Click Save to save the changes.

Show Answer

Question: 4

SIMULATION

Click to expand each objective. To connect to the Azure portal, type https://portal.azure.com in the browser address bar.

q4_AZ-500

When you are finished performing all the tasks, click the 'Next' button.

Note that you cannot return to the lab once you click the 'Next' button. Scoring occur in the background while you complete the rest of the exam.

Overview

The following section of the exam is a lab. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

To start the lab

You may start the lab by clicking the Next button.

You plan to deploy an application gateway named appgw1015 to load balance internal IP traffic to the Azure virtual machines connected to subnet0.

You need to configure a virtual network named VNET1015 to support the planned application gateway.

What should you do from the Azure portal?

AStep 1:
Click Networking, Virtual Network, and select VNET1015.
Step 2:
Click Subnets, and Click +Add on the VNET1015 - Subnets pane that appears.
Step 3:
On the Subnets page, click +Gateway subnet at the top to open the Add subnet page.

Step 4:
Locate subnet0 and add it.

BStep 1:
Click Networking, Virtual Network, and select VNET1015.
Step 2:
Click Subnets, and Click +Add on the VNET1015 - Subnets pane that appears.
Step 3:
On the Subnets page, click +Gateway subnet at the top to open the Add subnet page.

Step 4:
Locate subnet0 and add it.

Show Answer

Question: 5

SIMULATION

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Azure Username: User1-10598168@ExamUsers.com

Azure Password: Ag1Bh9!#Bd

The following information is for technical support purposes only:

Lab Instance: 10598168

q5_AZ-500

You need to perform the following tasks:

*Ensure that App10598168 is registered to Azure Active Directory (Azure AD).

*Generate a password for App10598168.

To complete this task, sign in to the Azure portal.

AStep 1: Register the Application
1. Sign in to your Azure Account through the Azure portal.
2. Select Azure Active Directory.
3. Select App registrations.
4. Select New registration.

6. Click Register
Step 2: Create a new application secret
If you choose not to use a certificate, you can create a new application secret.
7 Select Certificates & secrets.
8. Select Client secrets -> New client secret.
9. Provide a description of the secret, and a duration. When done, select Add.
After saving the client secret, the value of the client secret is displayed. Copy this value because you aren't able to retrieve the key later. You provide the key value with the application ID to sign in as the application. Store the key value where your application can retrieve it.

BStep 1: Register the Application
1. Sign in to your Azure Account through the Azure portal.
2. Select Azure Active Directory.
3. Select App registrations.
4. Select New registration.
5. Name the application App10598168 . Select a supported account type, which determines who can use the application. Under Redirect URI, select Web for the type of application you want to create. Enter the URI: https://www.contoso.com , where the access token is sent to.
6. Click Register
Step 2: Create a new application secret
If you choose not to use a certificate, you can create a new application secret.
7 Select Certificates & secrets.
8. Select Client secrets -> New client secret.
9. Provide a description of the secret, and a duration. When done, select Add.
After saving the client secret, the value of the client secret is displayed. Copy this value because you aren't able to retrieve the key later. You provide the key value with the application ID to sign in as the application. Store the key value where your application can retrieve it.

Show Answer

Microsoft AZ-500 Quiz:25 Topic:4 Questions:121-125