- (Exam Topic 4)
You have an Azure Active Din-dory (Azure AD) tenant named contoso.com that contains a user named User1. You plan to publish several apps in the tenant.
You need to ensure that User1 can grant admin consent for the published apps.
Which two possible user roles can you assign to User! to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Correct Answer:
CE
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent
- (Exam Topic 4)
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: User1-10598168@ExamUsers.com
Azure Password: Ag1Bh9!#Bd
The following information is for technical support purposes only: Lab Instance: 10598168
You need to configure Azure to allow RDP connections from the Internet to a virtual machine named VM1. The solution must minimize the attack surface of VM1.
To complete this task, sign in to the Azure portal.
Solution:
To enable the RDP port in an NSG, follow these steps:
Sign in to the Azure portal.
In Virtual Machines, select VM1
In Settings, select Networking.
In Inbound port rules, check whether the port for RDP is set correctly. The following is an example of the configuration:
Priority: 300 Name: Port_3389
Port(Destination): 3389 Protocol: TCP
Source: Any Destinations: Any Action: Allow Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/troubleshoot-rdp-nsg-problem
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have an Azure subscription named Subcription1 that contains an Azure Active Directory (Azure AD) tenant named contosos.com and a resource group named RG1.
You create a custom role named Role1 for contoso.com.
You need to identify where you can use Role1 for permission delegation. What should you identify?
Correct Answer:
A
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles
- (Exam Topic 4)
You need to configure a virtual network named VNET2 to meet the following requirements:
Administrators must be prevented from deleting VNET2 accidentally.
Administrators must be able to add subnets to VNET2 regularly.
To complete this task, sign in to the Azure portal and modify the Azure resources.
Solution:
Locking prevents other users in your organization from accidentally deleting or modifying critical resources, such as Azure subscription, resource group, or resource.
Note: In Azure, the term resource refers to an entity managed by Azure. For example, virtual machines, virtual networks, and storage accounts are all referred to as Azure resources.
* 1. In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET2. Alternatively, browse to Virtual Networks in the left navigation pane.
* 2. In the Settings blade for virtual network VNET2, select Locks.
* 3. To add a lock, select Add.
* 4. For Lock type select Delete lock, and click OK Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You need to create a web app named Intranet11597200 and enable users to authenticate to the web app by using Azure Active Directory (Azure AD).
To complete this task, sign in to the Azure portal.
Solution:
In the Azure portal, type App services in the search box and select App services from the search results.
Click the Create app service button to create a new app service.
In the Resource Group section, click the Create new link to create a new resource group.
Give the resource group a name such as Intranet11597200RG and click OK.
In the Instance Details section, enter Intranet11597200 in the Name field.
In the Runtime stack field, select any runtime stack such as .NET Core 3.1.
Click the Review + create button.
Click the Create button to create the web app.
Click the Go to resource button to open the properties of the new web app.
In the Settings section, click on Authentication / Authorization.
Click the App Service Authentication slider to set it to On.
Click Save to save the changes.
Does this meet the goal?
Correct Answer:
A