- (Exam Topic 5)
You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group'. Group i is configured Tor assigned membership. Group I has 50 members. including 20 guest users.
You need To recommend a solution for evaluating the member ship of Group1. The solution must meet the following requirements:
• The evaluation must be repeated automatically every three months
• Every member must be able to report whether they need to be in Group1
• Users who report that they do not need to be in Group 1 must be removed from Group1 automatically
• Users who do not report whether they need to be m Group1 must be removed from Group1 automatically. What should you include in me recommendation?
Correct Answer:
D
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview#learn-about-acces Have reviews recur periodically: You can set up recurring access reviews of users at set frequencies such as weekly, monthly, quarterly or annually, and the reviewers will be notified at the start of each review. Reviewers can approve or deny access with a friendly interface and with the help of smart recommendations.
An administrator creates an access review of Group C with 50 member users and 25 guest users. Makes it a self-review. 50 licenses for each user as self-reviewers.*
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview#example-license-s
There are 4 requirements and every single one is only met by access reviews.
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview#when-should-you
Dynamic User is needed if a user must be automatically granted access on base of its attributes (department, jobtitle, location, etc.)
https://techcommunity.microsoft.com/t5/itops-talk-blog/dynamic-groups-in-azure-ad-and-microsoft-365/ba-p/22
Implementing Azure AD PIM is no solution and absolutely not necessary for access reviews. https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview#where-do-you-cre
- (Exam Topic 5)
You have an Azure subscription that contains 300 Azure virtual machines that run Windows Server 2016. You need to centrally monitor all warning events in the System logs of the virtual machines.
What should you include in the solutions? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Solution:
Graphical user interface, text, application, email Description automatically generated
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 5)
You need to design a solution that will execute custom C# code in response to an event routed to Azure Event Grid. The solution must meet the following requirements:
The executed code must be able to access the private IP address of a Microsoft SQL Server instance that runs on an Azure virtual machine.
Costs must be minimized.
What should you include in the solution?
Correct Answer:
D
When you create a function app in Azure, you must choose a hosting plan for your app. There are three basic hosting plans available for Azure Functions: Consumption plan, Premium plan, and Dedicated (App Service) plan.
For the Consumption plan, you don't have to pay for idle VMs or reserve capacity in advance. Connect to private endpoints with Azure Functions
As enterprises continue to adopt serverless (and Platform-as-a-Service, or PaaS) solutions, they often need a way to integrate with existing resources on a virtual network. These existing resources could be databases, file storage, message queues or event streams, or REST APIs.
Reference:
https://docs.microsoft.com/en-us/azure/azure-functions/functions-scale https://techcommunity.microsoft.com/t5/azure-functions/connect-to-private-endpoints-with-azure-functions/ba-p
- (Exam Topic 5)
You have an Azure subscription that is linked to an Azure Active Directory Premium Plan 2 tenant The tenant has multi-factor authentication (MFA) enabled for all users.
You have the named locations shown in the following table.
You have the users shown in the following table.
You plan to deploy the Conditional Access policies shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
A screenshot of a computer Description automatically generated with medium confidence
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 5)
You are designing an Azure web app.
You plan to deploy the web app to the North Europe Azure region and the West Europe Azure region. You need to recommend a solution for the web app. The solution must meet the following requirements:
Users must always access the web app from the North Europe region, unless the region fails.
The web app must be available to users if an Azure region is unavailable.
Deployment costs must be minimized.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Graphical user interface, text, application, chat or text message Description automatically generated
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods#priority-traffic-routing
Does this meet the goal?
Correct Answer:
A