- (Exam Topic 6)
You create an Azure subscription that is associated to a basic Azure Active Directory (Azure AD) tenant. You need to receive an email notification when any user activates an administrative role.
What should you do?

1. A. Purchase Azure AD Premium 92 and configure Azure AD Privileged Identity Management,
2. B. Purchase Enterprise Mobility + Security E3 and configure conditional access policies.
3. C. Purchase Enterprise Mobility + Security E5 and create a custom alert rule in Azure Security Center.
4. D. Purchase Azure AD Premium PI and enable Azure AD Identity Protection.

Correct Answer: A
When key events occur in Azure AD Privileged Identity Management (PIM), email notifications are sent. For example, PIM sends emails for the following events:
When a privileged role activation is pending approval
When a privileged role activation request is completed
When a privileged role is activated
When a privileged role is assigned
When Azure AD PIM is enabled
References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-email-notifications

- (Exam Topic 6)
You have an Azure subscription.
You need to implement a custom policy that meet the following requirements:
*Ensures that each new resource group in the subscription has a tag named organization set to a value of Contoso.
*Ensures that resource group can be created from the Azure portal.
*Ensures that compliance reports in the Azure portal are accurate.
How should you complete the policy? To answer, select the appropriate options in the answers area.

Solution:
Box 1: "Microsoft.Resources/subscriptions/resourceGroups"
To create a new resource group in a subscription, account have at least the this permission.
Box 2: "Append"
Append adds fields to the resource when the if
condition of the policy rule is met. If the append effect would
override a value in the original request with a different value, then it acts as a deny effect and rejects the
request. To append a new value to an existing array, use the [*]
Reference:
version of the alias
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 6)
You have an Azure subscription that contains the virtual machines shown in the following table.
javascript:void(0)

You deploy a load balancer that has the following configurations:
• Name: LB1
• Type internal
• SKU: Standard
• Virtual network VNET1
You need to ensure that you can add VM1 and VM2 to the backend pool of LB1.
Solution: You create a Basic SKU public IP address, associate the address to the network interface of VM1, and then start VM1.
Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: B
A Backend Pool configured by IP address has the following limitations:
Standard load balancer only
Reference:
https://docs.microsoft.com/en-us/azure/load-balancer/backend-pool-management
You can only attach virtual machines in the same region and that have a standard SKU public IP configuration or no public IP configuration. All IP configurations must be on the same virtual network.

- (Exam Topic 5)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1. Subscription1 contains a resource group named RG1. RG1 contains resources that were deployed by using templates.
You need to view the date and time when the resources were created in RG1.
Solution: From the Subscriptions blade, you select the subscription, and then click Programmatic deployment. Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: B
From the RG1 blade, click Deployments. You see a history of deployment for the resource group. Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-create-first-template Through activity logs, you can determine:
§ what operations were taken on the resources in your subscription
§ who started the operation
§ when the operation occurred
§ the status of the operation
§ the values of other properties that might help you research the operation
On the Azure portal menu, select Monitor, or search for and select Monitor from any page
* 2. Select Activity Log.
* 3. You see a summary of recent operations. A default set of filters is applied to the operations. Notice the information on the summary includes who started the action and when it happened.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs

- (Exam Topic 5)
You have two Azure virtual networks named VNet1 and VNet2. VNet1 contains an Azure virtual machine named VM1. VNet2 contains an Azure virtual machine named VM2.
VM1 hosts a frontend application that connects to VM2 to retrieve data. Users report that the frontend application is slower than usual.
You need to view the average round-trip time (RTT) of the packets from VM1 to VM2. Which Azure Network Watcher feature should you use?

1. A. NSG flow logs
2. B. Connection troubleshoot
3. C. IP flow verify
4. D. Connection monitor

Correct Answer: D
The Connection Monitor feature in Azure Network Watcher is now generally available in all public regions. Connection Monitor provides you RTT values on a per-minute granularity. You can monitor a direct TCP connection from a virtual machine to a virtual machine, FQDN, URI, or IPv4 address.
References:
https://azure.microsoft.com/en-us/updates/general-availability-azure-network-watcher-connection-monitor-in-all