- (Exam Topic 4)
You have an Azure environment.
You need to identify any Azure configurations and workloads that are non-compliant with ISO 27001 standards. What should you use?
Correct Answer:
C
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-compliance-dashboard
- (Exam Topic 4)
You have 20 Azure subscriptions and a security group named Group1. The subscriptions are children of the root management group.
Each subscription contains a resource group named RG1.
You need to ensure that for each subscription RG1 meets the following requirements:
The members of Group1 are assigned the Owner role.
The modification of permissions to RG1 is prevented.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
A user named Debbie has the Azure app installed on her mobile device.
You need to ensure that debbie@contoso.com is alerted when a resource lock is deleted. To complete this task, sign in to the Azure portal.
Solution:
You need to configure an alert rule in Azure Monitor.
Type Monitor into the search box and select Monitor from the search results. Click on Alerts.
Click on +New Alert Rule.
In the Scope section, click on the Select resource link.
In the Filter by resource type box, type locks and select Management locks (locks) from the filtered results. Select the subscription then click the Done button.
In the Condition section, click on the Select condition link.
Select the Delete management locks condition the click the Done button. In the Action group section, click on the Select action group link.
Click the Create action group button to create a new action group.
Give the group a name such as Debbie Mobile App (it doesn’t matter what name you enter for the exam) then click the Next: Notifications > button.
In the Notification type box, select the Email/SMS message/Push/Voice option.
In the Email/SMS message/Push/Voice window, tick the Azure app Push Notifications checkbox and enter debbie@contoso.com in the Azure account email field.
Click the OK button to close the window.
Enter a name such as Debbie Mobile App in the notification name box.
Click the Review & Create button then click the Create button to create the action group.
Back in the Create alert rule window, in the Alert rule details section, enter a name such as Management lock deletion in the Alert rule name field.
Click the Create alert rule button to create the alert rule.
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have an Azure subscription that contains an Azure SQL database named sql1. You plan to audit sql1.
You need to configure the audit log destination. The solution must meet the following requirements:
Support querying events by using the Kusto query language.
Minimize administrative effort. What should you configure?
Correct Answer:
C
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-log-analytics-wizard
- (Exam Topic 4)
You have an Azure subscription that contains an app named App1. App1 has the app registration shown in the following table.
You need to ensure that App1 can read all user calendars and create appointments. The solution must use the principle of least privilege.
What should you do?
Correct Answer:
A
Reference:
https://docs.microsoft.com/en-us/graph/permissions-reference#calendars-permissions