- (Exam Topic 4)
You have an Azure subscription named Subscription1.
You need to view which security settings are assigned to Subscription1 by default. Which Azure policy or initiative definition should you review?
Correct Answer:B
Reference:
https://docs.microsoft.com/en-us/azure/security-center/tutorial-security-policy https://docs.microsoft.com/en-us/azure/security-center/policy-reference
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Subscription named Sub1.
You have an Azure Storage account named Sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in Sa1 by using several shared access signatures (SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service. You need to revoke all access to Sa1.
Solution: You create a new stored access policy. Does this meet the goal?
Correct Answer:B
Shared access signatures provides access to a particular resource such as blog. Stored access policies are a group of Shared Access Signatures (SAS). In order to revoke access to a SAS you can either:
* 1. Rotate the Key1 or Key 2, that is the access keys used to sign the SAS. Rotating the access keys used to sign the SAS, invalidates any previously signed SAS hence revoking the SAS issused before
* 2. Remove the stored access policy which an SAS is linked to. If a Stored Access Policy is removed, it also invalidates the SASs liked to the Stored Access Policy.
- (Exam Topic 4)
You have multiple development teams that will create apps in Azure.
You plan to create a standard development environment that will be deployed for each team.
You need to recommend a solution that will enforce resource locks across the development environments and ensure that the locks are applied in a consistent manner.
What should you include in the recommendation?
Correct Answer:D
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking
- (Exam Topic 4)
You need to create a web app named Intranet11597200 and enable users to authenticate to the web app by using Azure Active Directory (Azure AD).
To complete this task, sign in to the Azure portal.
Solution:
In the Azure portal, type App services in the search box and select App services from the search results. Click the Create app service button to create a new app service. In the Resource Group section, click the Create new link to create a new resource group. Give the resource group a name such as Intranet11597200RG and click OK. In the Instance Details section, enter Intranet11597200 in the Name field. In the Runtime stack field, select any runtime stack such as .NET Core 3.1. Click the Review + create button. Click the Create button to create the web app. Click the Go to resource button to open the properties of the new web app. In the Settings section, click on Authentication / Authorization. Click the App Service Authentication slider to set it to On.
Click Save to save the changes.
Does this meet the goal?
Correct Answer:A
- (Exam Topic 3)
From Azure Security Center, you need to deploy SecPol1. What should you do first?
Correct Answer:C
Reference:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/security-center/custom-security-policies.md https://zimmergren.net/create-custom-security-center-recommendation-with-azure-policy/