00:00

QUESTION 41

- (Exam Topic 4)
You have an Azure subscription named Sub1 that contains the Azure key vaults shown in the following table:
AZ-500 dumps exhibit
In Sub1, you create a virtual machine that has the following configurations:
AZ-500 dumps exhibit Name: VM1
AZ-500 dumps exhibit Size: DS2v2
AZ-500 dumps exhibit Resource group: RG1
AZ-500 dumps exhibit Region: West Europe
AZ-500 dumps exhibit Operating system: Windows Server 2016
You plan to enable Azure Disk Encryption on VM1.
In which key vaults can you store the encryption key for VM1?

Correct Answer: A
In order to make sure the encryption secrets don’t cross regional boundaries, Azure Disk Encryption needs the Key Vault and the VMs to be co-located in the same region. Create and use a Key Vault that is in the same region as the VM to be encrypted.
Reference:
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-prerequisites

QUESTION 42

- (Exam Topic 4)
You have an Azure subscription that contains virtual machines. You enable just in time (JIT) VM access to all the virtual machines.
You need to connect to a virtual machine by using Remote Desktop. What should you do first?

Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/connect-logon

QUESTION 43

- (Exam Topic 4)
You need to configure an access review. The review will be assigned to a new collection of reviews and reviewed by resource owners.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
AZ-500 dumps exhibit
Solution:
Step 1: Create an access review program Step 2: Create an access review control Step 3: Set Reviewers to Group owners
In the Reviewers section, select either one or more people to review all the users in scope. Or you can select to have the members review their own access. If the resource is a group, you can ask the group owners to review.
AZ-500 dumps exhibit
References:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-programs-controls

Does this meet the goal?

Correct Answer: A

QUESTION 44

- (Exam Topic 4)
You have an Azure subscription that contains an Azure key vault and an Azure Storage account. The key vault contains customer-managed keys. The storage account is configured to use the customer-managed keys stored In the key vault.
You plan to store data in Azure by using the following services:
* Azure Files
* Azure Blob storage
* Azure Log Analytics
* Azure Table storage
* Azure Queue storage
Which two services data encryption by using the keys stored in the key vault? Each correct answer present a complete solution.
NOTE: Each correct selection is worth one point.

Correct Answer: AC
https://docs.microsoft.com/en-us/azure/storage/common/account-encryption-key-create?tabs=portal

QUESTION 45

- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named contoso.com
You need to configure diagnostic settings for contoso.com. The solution must meet the following requirements:
• Retain loqs for two years.
• Query logs by using the Kusto query language
• Minimize administrative effort. Where should you store the logs?

Correct Answer: A
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-queries