- (Exam Topic 6)
Your network is configured as shown in the following exhibit.
The firewalls are configured as shown in the following table.
Prod1 contains a vCenter server.
You install an Azure Migrate Collector on Test1.
You need to discover the virtual machines.
Which TCP port should be allowed on each firewall? To answer, drag the appropriate ports to the correct firewalls. Each port may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Solution:
References:
https://docs.microsoft.com/en-us/azure/migrate/concepts-collector
References:
https://docs.microsoft.com/en-us/azure/migrate/migrate-appliance
Does this meet the goal?
Correct Answer:A
- (Exam Topic 6)
You have an Azure Active Directory (Azure AD) tenant named Tenant1 and an Azure subscription named You enable Azure AD Privileged Identity Management.
You need to secure the members of the Lab Creator role. The solution must ensure that the lab creators request access when they create labs.
What should you do first?
Correct Answer:A
As a Privileged Role Administrator you can: 
Enable approval for specific roles Specify approver users and/or groups to approve requests View request and approval history for all privileged roles
References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
- (Exam Topic 6)
You have an Azure subscription named Subscription1 that has a subscription ID of c276fc76-9cd4-44c9-99a7-4fd71546436e.
You need to create a custom RBAC role named CR1 that meets the following requirements: 
Can be assigned only to the resource groups in Subscription1
Prevents the management of the access permissions for the resource groups Allows the viewing, creating, modifying, and deleting of resource within the resource groups
What should you specify in the assignable scopes and the permission elements of the definition of CR1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Box 1: "/subscription/c276fc76-9cd4-44c9-99a7-4fd71546436e"
In the assignableScopes you need to mention the subscription ID where you want to implement the RBAC Box 2: "Microsoft.Authorization/*"
Microsoft.Authorization/* is used to Manage authorization
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftauthori https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
References:
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles
https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftresourc
Does this meet the goal?
Correct Answer:A
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate.
From Azure, you download and install the VPN client configuration package on a computer named Computer2.
You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2. Solution: You modify the Azure Active Directory (Azure AD) authentication policies.
Does this meet this goal?
Correct Answer:B
Instead export the client certificate from Computer1 and install the certificate on Computer2. Note:
Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a client certificate from the self-signed root certificate, and then export and install the client certificate. If the client certificate is not installed, authentication fails.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
- (Exam Topic 6)
You have an Azure subscription that contains an Azure Storage account storageaccount1.
You export storage account as an Azure Resource Manager template. The template contains the following sections.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
Correct Answer:A