AZ-300

Ace your homework & exams now with Quizwiz!

Adding a Route to an Azure Route Table the following are available Next Hop Types

Virtual Network Gateway Virtual Network Internet Virtual Appliance

When you are configuring a sink, to which Azure service can configure?

You can configure a Azure Storage Account as a sink. You cannot configure a sink to Application Insights for application layer information. Azure Security Center is related to security issues or risks across your environment. Azure OMS is not a suitable solution in this scenario.

What actions can you not configure with an Alert rule?

You cannot configure with an alert is a SCOM Alert. The following are actions that can be configured in Azure alerts: SMS Webhook Logic App

To configure an on-premises environment and Azure Active Directory that meets the following criteria: Ensure no password hashes are stored in the cloud. Enable my users to sign in and access cloud services using their on-premises password. Ensure no new on-premises servers are created.

Pass-through authentication (PTA) and single sign-on Federation (AD FS) requires commissioning on-premises servers. Password hash synchronization (PHS) with SSO stores hashed passwords in the cloud.

Which feature allows you to keep on-premises Active Directory passwords in-sync with passwords in the Cloud?

Password writeback is a feature that you can enable when you use Azure AD Connect that allows password changes in the Cloud to be written back to an existing on-premises directory in real time.

Configure Azure MFA to set a time period to allow authentication attempts after a user is authenticated.

You should configure a Caching Rule. You can set a time period to allow authentication attempts after a user is authenticated by using the caching feature. App Password is used to configure apps that don't work with MFA.

Enable Enterprise State Roaming.

Azure Active Directory > Devices > Enterprise State Roaming Users may sync settings and app data across devices

Azure Active Directory Self-Service Password Reset

Azure Active Directory Self-Service Password Reset (SSPR) can only be setup with a maximum of 2 methods. The securest methods available are to use a Mobile App code and Security Questions or email. Using a text SMS is the least secure method.

Choose the option that best describes the outcome of running the PowerShell script: Set-AzStorageAccount -Name "blobssa1" -ResourceGroupName "Store2RG" -EnableHttpsTrafficOnly $True

Enable "Secure transfer required" setting for the Storage Account named "blobssa1"

Examine the following PowerShell script.. Set-AzDiagnosticSetting -ResourceId logsbapp01 -ServiceBusRuleId serbuazh740 Choose the option that completes the statement to configure Diagnostic Logs to stream to the Event Hub.

-Enabled $true

To receive an OAuth 2.0 bearer token what does the client supply to the bearer?

Authorization code and Client_id are required.

What meets the following requirements for protecting confidential data: 1) Encrypts data at rest 2) Data is protected in the Trusted Execution Environment enclave 3) Stops malicious insiders with administrative privilege, or direct access to hardware, from gaining access

Azure Confidential Computing is the correct technology which meets these requirements. Encrypting data at rest using Azure Key Vault doesn't protect data in a Trusted Execution Environment enclave. Azure Information Protection applies labels and protections to data. Azure Transparent Data Encryption (TDE) encrypts SQL Data.

The business has a requirement to allow a remote office to write file data to a Storage Account called "azsaeastcore" during a two week project. It essential that you set this up quickly and in the most secure manner. Apply your knowledge of Storage Accounts to select the correct answer that meets the requirements.

Configure Shared access signature in "azsaeastcore" with the following settings: Allowed permissions = "Write" Set the "Allowed IP addresses" to include the remote offices IP address Set an expiry date of two weeks. The Shared Access key should remain private and not provided to the remote site. You need to ensure that you meet the requirements of the scenario, which stipulates that security is a factor. You can provide specific access using Write permissions to the Storage Account from only the Allowed IP addresses, which will satisfy the requirements. You should configure the Write permission only, as allowing the "List" permission is not a requirement in this scenario.

You have a VM called 'Webapp01' and you want to view resource usage for the VM for the last week. What should you configure to show you this?

Configuring Azure Monitoring Metrics or Azure Monitoring Insights will give you performance data that you require for the VM. Azure Crash Dump Logger is not a valid Azure service. Azure Monitoring Alerts is configured to give you alerts rather than metrics. Azure VM Boot Diagnostics gives you diagnostics into VM boot issues or crashes.

Configure security policy to require that users answer security questions as well as passwords when logging in from outside of the US.

Configuring Conditional Access and MFA will allow you to specify security requirements for when users attempt to logon from locations outside of the US and also ensure that users use another factor such as security questions.

Monitor a critical web application

Create an Alert for the WebApp by configuring: resource condition action group alert details

You need to delete the certificate "EnAppCert" from the "EnAppVault". What is the correct REST API call that will perform this task successfully?

DELETE HTTPS://EnAppVault.vault.azure.net/certificates/EnAppCert?api-version=7.0 This command will delete all versions of a certificate object from a specified key vault, along with its associated policy.

Options that are required to add this custom domain

Login to Azure as a Global Administrator Navigate to Custom Domain Names Type in custom domain name Copy the DNS TXT file record Add this as a TXT DNS record with your domain registrar Click Verify within the custom domains section of Azure Mark the custom domain as primary

You need to create a Storage Account called "azsamp3we" in the West European region. This Storage Account will contain audio files of recorded customer service calls. The audio files are required for streaming to a browser application. You are required to add some Storage redundancy and the Compliance Officer the company requires this data to be stored inside the Western European region.

Select Azure Blob Storage, then choose LRS (Locally-Redundant Storage) LRS (Locally-Redundant Storage) keeps 3 replicas of your data within a single facility and within a single region for durability and is the best choice for this as it applies redundancy for data centers within the same region. GRS replicates your data between two regions. GRS would offer more redundancy, but would allow the data to be synced to another region that is located outside the Western European.

Powershell cmdlet to disable the Azure AD Connect synchronization schedule.

Set-ADSyncScheduler -SyncCycleEnabled $false will disable the Azure AD Sync Scheduler service.

The data will be structured and will need a key attribute. Choose the most appropriate Azure Storage Account type

Table Storage . Queue Storage is for message storage. Blob Storage is for unstructured data. File Storage is for files.

Which DNS records do you need to configure to add and verify a domain to Azure Active Directory.

The DNS configuration that needs to specified is: TXT record - Alias, Destination and TTL.

You have configured a Storage Account in the East USA region to use ZRS redundancy. Which statement best describes the outcome if the East USA region suffers an outage?

The Storage Account will be unavailable if the East USA region suffers an outage. To ensure resiliency against a region failure you would need to enable Geo-Redundant Storage (GRS) and not Zone Redundant Storage (ZRS). Zone Redundant Storage does not provide redundancy against a region failure. ZRS only provides redundancy against zone failures within the same region.

You have a requirement to configure a solution to replace an on-premises NAS device that stores Infrastructure tools in a share. The share is currently mapped to Windows 10 devices. Recommend a solution would best meet this requirement?

The correct answer is: Azure File Storage with an SMB Share CIFS is more suitable for use with Linux devices.

In a hybrid environment what is the requirement for client machines to use Azure Seamless Single Sign-On?

The correct requirement for Azure Seamless Single Sign-On (SSO) is that the client machines are domain joined

The following cannot be configured as a valid IP address range to use in a VNet in Azure

The following are not valid IP subnet address ranges that can be used with VNets: 224.0.0.0/4 (Multicast) 255.255.255.255/32 (Broadcast) 127.0.0.0/8 (Loopback) 169.254.0.0/16 (Link-local) 168.63.129.16/32 (Internal DNS)

Ensure users will see relevant disclaimers for legal, or compliance requirements

To configure disclaimers for users you must go to Azure Active Directory > Identity Governance, then click Publish a Terms of use.

Backing up a Blob Storage Account when not familiar with Azure CLI or PowerShell.

Use Storage Explorer to create a snapshot of the Blob Storage WMI (Windows Management Instrumentation) in used with local devices and is not suitable for cloud based Azure Storage. Azure Blob Backup is not a valid tool. NetApp Files do allow built in snapshots but these will be sent to a separate File Storage Service.

You have been using a Storage Account called "storeapwe1" for application data. You believe an ex-employee has saved the key 1 details. How should you secure the data and keep the application online?

Use key 2 for the application that uses the storage account and regenerate key 1


Related study sets

Macroeconomics Final: All Previous Tests

View Set

Taxes, retirement, and other insurance concepts

View Set

Military Time to Standard Conversion

View Set

Group Life Insurance, Retirement Plans, and Social Security Disability Program - Quiz

View Set