HOTSPOT - (Topic 5)
You have an Azure subscription
You plan to deploy a new storage account
You need to configure encryption for the account The solution must meet the following requirements
• Use a customer-managed key stored in an key vault
• Use the maximum supported bit length.
Which type of key and which bit length should you use?

Solution:
RSA 4096
Key: RSA
length: 4096 https://learn.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview#key-vault-requirements

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Topic 5)
You have an Azure Storage account named storage1.
For storage 1. you create an encryption scope named Scope1. Which storage types can you encrypt by using Scope1?

1. A. file shares only
2. B. containers only
3. C. file shares and containers only
4. D. containers and tables only
5. E. file shares, containers, and tables only
6. F. file shares, containers, tables, and queues

Correct Answer: B
"Encryption scopes enable you to manage encryption at the level of an individual blob or container." https://learn.microsoft.com/en-us/azure/storage/blobs/encryption-scope- manage?tabs=portal

HOTSPOT - (Topic 5)
You create a Recovery Services vault backup policy named Policy1 as shown in the following exhibit.


Answer:

Solution:
Box 1: 10 years
The yearly backup point occurs to 1 March and its retention period is 10 years.
Box 2: 36 months
The monthly backup point occurs on the 1
of every month and its retention period is 36 months.
Note: Azure retention policy takes the longest period of retention for each backup. In case of conflict between 2 different policies.

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

HOTSPOT - (Topic 5)
You have the Azure resources shown on the following exhibit.

You plan to track resource usage and prevent the deletion of resources.
To which resources can you apply locks and tags? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.


Solution:
Box 1: Sub1, RG1, and VM1 only
You can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources.
Box 2: Sub1, RG1, and VM1 only
You apply tags to your Azure resources, resource groups, and subscriptions.

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Topic 2)
You need to prepare the environment to meet the authentication requirements.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE Each correct selection is worth one point.

1. A. Azure Active Directory (AD) Identity Protection and an Azure policy
2. B. a Recovery Services vault and a backup policy
3. C. an Azure Key Vault and an access policy
4. D. an Azure Storage account and an access policy

Correct Answer: C
D: Seamless SSO works with any method of cloud authentication - Password Hash Synchronization or Pass-through Authentication, and can be enabled via Azure AD Connect.
B: You can gradually roll out Seamless SSO to your users. You start by adding the following Azure AD URL to all or selected users' Intranet zone settings by using Group Policy in Active Directory: https://autologon.microsoftazuread-sso.com