- (Exam Topic 4)
You have an Azure subscription that contains the virtual networks shown in the following table.
The subscription contains the virtual machines shown in the following table.
On NIC1, you configure an application security group named ASG1. On which other network interfaces can you configure ASG1?
Correct Answer:
C
Only network interfaces in NVET1, which consists of Subnet11 and Subnet12, can be configured in ASG1, as all network interfaces assigned to an application security group have to exist in the same virtual network that the first network interface assigned to the application security group is in.
Reference:
https://azure.microsoft.com/es-es/blog/applicationsecuritygroups/
- (Exam Topic 4)
You have an Azure subscription that contains the resources shown in the following table.
You create the Azure Storage accounts shown in the following table.
You need to configure auditing for SQL1.
Which storage accounts and Log Analytics workspaces can you use as the audit log destination? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You are evaluating the security of the network communication between the virtual machines in Sub2. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Solution:
Q1: No { and it should not be allowed as only TCP 80 is allowed from the "Internet" service tag
Q2: Yes {as it should be for VMs in the same local subnet pinging each other on private IP and no NSG configured}
Q3: Yes {VM5 is in subnet where 1st rule of NSG allows any traffic from any source to the destination}
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
You create and enforce an Azure AD Identity Protection user risk policy that has the following settings: 
Assignment: Include Group1, Exclude Group2 Conditions: Sign-in risk of Medium and above Access: Allow access, Require password change
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Solution:
Box 1: Yes
User1 is member of Group1. Sign in from unfamiliar location is risk level Medium. Box 2: Yes
User2 is member of Group1. Sign in from anonymous IP address is risk level Medium. Box 3: No
Sign-ins from IP addresses with suspicious activity is low. Note:
Azure AD Identity protection can detect six types of suspicious sign-in activities: Users with leaked credentials Sign-ins from anonymous IP addresses Impossible travel to atypical locations Sign-ins from infected devices Sign-ins from IP addresses with suspicious activity Sign-ins from unfamiliar locations
These six types of events are categorized in to 3 levels of risks – High, Medium & Low: References:
http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have an Azure AD tenant that contains the users shown in the following table.
You enable passwordless authentication for the tenant.
Which authentication method can each user use for passwordless authentication? To answer, drag the appropriate authentication methods to the correct users. Each authentication method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
Correct Answer:
A