- (Exam Topic 6)
You have 100 Azure subscriptions. All the subscriptions are associated to the same Azure Active Directory (Azure AD) tenant named contoso.com.
You are a global administrator.
You plan to create a report that lists all the resources across all the subscriptions. You need to ensure that you can view all the resources in all the subscriptions. What should you do?
Correct Answer:
C
The New-AzureADUserAppRoleAssignment cmdlet assigns a user to an application role in Azure Active Directory (AD). Use it for the application report.
References:
https://docs.microsoft.com/en-us/powershell/module/azuread/new-azureaduserapproleassignment?view=azuread
- (Exam Topic 6)
You have an Azure subscription named Subscription 1 that contains two Azure virtual networks named VNet1 and VNet2. VNet1 contains a VPN gateway named VPNGW1 that uses static routing. There is a site-to-site VPN connection between your on-premises network and VNet1.
On a computer named Client1 that runs Windows 10, you configure a point to site VPN connection to VNet1. You configure virtual network peering between VNet1 and VNet2. You verify that you can connect to VNet2
from the on premises network. Client1 is unable to connect to VNet2.
You need to ensure that you can connect Client1 to VNet2. What should you do?
Correct Answer:
C
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-point-to-site-routing
- (Exam Topic 5)
You have a virtual network named VNET1 that contains the subnets shown in the following table:
You have two Azure virtual machines that have the network configurations shown in the following table:
For NSG1, you create the inbound security rule shown in the following table:
For NSG2, you create the inbound security rule shown in the following table:
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Solution:
Box 1: Yes
The inbound security rule for NSG1 allows TCP port 1433 from 10.10.2.0/24 (or Subnet2 where VM2 and VM3 are located) to 10.10.1.0/24 (or Subnet1 where VM1 is located) while the inbound security rule for NSG2 blocks TCP port 1433 from 10.10.2.5 (or VM2) to 10.10.1.5 (or VM1). However, the NSG1 rule has a higher priority (or lower value) than the NSG2 rule.
Box 2: Yes
No rule explicitly blocks communication from VM1. The default rules, which allow communication, are thus applied.
Box 3: Yes
No rule explicitly blocks communication between VM2 and VM3 which are both on Subnet2. The default rules, which allow communication, are thus applied. Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named adatum.com. Adatum.com contains the groups in the following table.
You create two user accounts that are configured as shown in the following table.
To which groups do User1 and User2 belong? To answer. select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
Box 1: Group 1 only First rule applies
Box 2: Group1 and Group2 only Both membership rules apply.
References: https://docs.microsoft.com/en-us/sccm/core/clients/manage/collections/create-collections
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 5)
You have an Azure subscription that contains the resources shown in the following table.
The Not allowed resources types Azure policy is assigned to RG1 and uses the following parameters:
In RG1, you need to create a new virtual named VM2, and then connected VM2 to VNET1. What should you do first?
Correct Answer:
C
The Not allowed resource types Azure policy prohibits the deployment of specified resource types. You specify an array of the resource types to block.
Virtual Networks and Virtual Machines are prohibited. Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/samples/not-allowed-resource-types