You create an alert rule that has the following settings:
* Resource: RG1
* Condition: All Administrative operations
* Actions: Action groups configured for this alert rule: ActionGroup1
* Alert rule name: Alert1
You create an action rule that has the following settings:
* Scope: VM1
* Filter criteria: Resource Type = "Virtual Machines"
* Define on this scope: Suppression
* Suppression config: From now (always)
* Name: ActionRule1
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Note: Each correct selection is worth one point.

Correct Answer:

Explanation

Box 1:
The scope for the action rule is set to VM1 and is set to suppress alerts indefinitely.
Box 2:
The scope for the action rule is not set to VM2.
Box 3:
Adding a tag is not an administrative operation.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-action-rules

Comment: *

Name: *

Email: *

Verification: *

You have 15 Azure virtual machines in a resource group named RG1.
All the virtual machines run identical applications.
You need to prevent unauthorized applications and malware from running on the virtual machines.
What should you do?

• A.Apply an Azure policy to RG1.
• B.From Azure Security Center, configure adaptive application controls.
• C.Configure Azure Active Directory (Azure AD) Identity Protection.
• D.Apply a resource lock to RG1.

Comment: *

Name: *

Email: *

Verification: *

You are configuring and securing a network environment.
You deploy an Azure virtual machine named VM1 that is configured to analyze network traffic.
You need to ensure that all network traffic is routed through VM1.
What should you configure?

• A.a system route
• B.a network security group (NSG)
• C.a user-defined route

Comment: *

Name: *

Email: *

Verification: *

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

Azure AD Privileged Identity Management (PIM) is enabled for the tenant.
In PIM, the Password Administrator role has the following settings:
Maximum activation duration (hours): 2
Send email notifying admins of activation: Disable
Require incident/request ticket number during activation: Disable
Require Azure Multi-Factor Authentication for activation: Enable
Require approval to activate this role: Enable
Selected approver: Group1
You assign users the Password Administrator role as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Correct Answer:

Reference:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-resource-roles-assign-roles

Comment: *

Name: *

Email: *

Verification: *

You need to meet the identity and access requirements for Group1.
What should you do?

• A.Add a membership rule to Group1.
• B.Delete Group1. Create a new group named Group1 that has a membership type of Office 365. Add users and devices to the group.
• C.Modify the membership rule of Group1.
• D.Change the membership type of Group1 to Assigned. Create two groups that have dynamic memberships. Add the new groups to Group1.

Correct Answer: D

Scenario:
Litware identifies the following identity and access requirements: All San Francisco users and their devices must be members of Group1.
The tenant currently contain this group:

References:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership

Comment: *

Name: *

Email: *

Verification: *