최신 AZ-500 무료덤프 - Microsoft Azure Security Technologies
You have an Azure subscription that contains a resource group named RG1 and a security group named ServerAdmins. RG1 contains 10 virtual machines, a virtual network named VNET1, and a network security group JNSG) named NSG1. ServerAdmins can access the virtual machines by using RDP.
You need to ensure that NSG1 only allows RDP connections to the virtual machines for a maximum of 60 minutes when a member of ServerAdmins requests access.
What should you configure?
You need to ensure that NSG1 only allows RDP connections to the virtual machines for a maximum of 60 minutes when a member of ServerAdmins requests access.
What should you configure?
정답: B
Lab Task
Task 2
You need to ensure that the events in the NetworkSecurityGroupRuleCounter log of the VNETOI-Subnet0- NSG network security group (NSG) are stored in the Iogs31330471 Azure Storage account for 30 days.
Task 2
You need to ensure that the events in the NetworkSecurityGroupRuleCounter log of the VNETOI-Subnet0- NSG network security group (NSG) are stored in the Iogs31330471 Azure Storage account for 30 days.
정답:
see the task answer with step by step below:
* Enable diagnostic resource logging for the NSG. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to select the Rule counter category under Logs and choose the Iogs31330471 storage account as the destination.
* Configure the retention policy for the storage account to keep the logs for 30 days. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to specify the days parameter as
30 for the Set-AzStorageServiceProperty cmdlet or the az storage logging update command.
* View and analyze the logs in the storage account. You can use any tool that can read JSON files, such as Azure Storage Explorer or Visual Studio Code. You can also export the logs to any visualization tool, SIEM solution, or IDS of your choice
* Enable diagnostic resource logging for the NSG. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to select the Rule counter category under Logs and choose the Iogs31330471 storage account as the destination.
* Configure the retention policy for the storage account to keep the logs for 30 days. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to specify the days parameter as
30 for the Set-AzStorageServiceProperty cmdlet or the az storage logging update command.
* View and analyze the logs in the storage account. You can use any tool that can read JSON files, such as Azure Storage Explorer or Visual Studio Code. You can also export the logs to any visualization tool, SIEM solution, or IDS of your choice
You have an Azure subscription that contains the resources shown in the following table.
You need to ensure that ServerAdmins can perform the following tasks:
* Create virtual machines in RG1 only.
* Connect the virtual machines to the existing virtual networks in RG2 only.
The solution must use the principle of least privilege.
Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to ensure that ServerAdmins can perform the following tasks:
* Create virtual machines in RG1 only.
* Connect the virtual machines to the existing virtual networks in RG2 only.
The solution must use the principle of least privilege.
Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
정답: D,F
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure subscription that contains the virtual machines shown in the following table.
You have an Azure Cosmos DB account named cosmos1 configured as shown in the following exhibit.
You have an Azure Cosmos DB account named cosmos1 configured as shown in the following exhibit.
정답:
Explanation:
Yes, Yes, No
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
You need to identify which initiatives and policies you can add to Subscription1 by using Azure Security Center.
What should you identify?
You need to identify which initiatives and policies you can add to Subscription1 by using Azure Security Center.
What should you identify?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure subscription that contains a web app named Appl. App1 provides users with product images and videos. Users access App1 by using a URL of HTTPS://appl.contoso.com. You deploy two server pools named Pool! and Pool2. Pool1 hosts product images. Pool2 hosts product videos. You need to optimize The performance of Appl. The solution must meet the following requirements:
* Minimize the performance impact of TLS connections on Pool1 and Pool2.
* Route user requests to the server pools based on the requested URL path.
What should you include in the solution?
* Minimize the performance impact of TLS connections on Pool1 and Pool2.
* Route user requests to the server pools based on the requested URL path.
What should you include in the solution?
정답: C
You need to encrypt storage1 to meet the technical requirements. Which key vaults can you use?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure Active Din-dory (Azure AD) tenant named contoso.com that contains a user named User1.
You plan to publish several apps in the tenant.
You need to ensure that User1 can grant admin consent for the published apps.
Which two possible user roles can you assign to User! to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
You plan to publish several apps in the tenant.
You need to ensure that User1 can grant admin consent for the published apps.
Which two possible user roles can you assign to User! to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
정답: B,D
설명: (DumpTOP 회원만 볼 수 있음)
You plan to implement JIT VM access. Which virtual machines will be supported?
정답: B
You need to create Role1 to meet the platform protection requirements.
How should you complete the role definition of Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
How should you complete the role definition of Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
1) Microsoft.Compute/
2) disks
3) /subscrption/{subscriptionId}/resourceGroups/{Resource Group Id}
A new custom RBAC role named Role1 must be used to delegate the administration of the managed disks in Resource Group1. Role1 must be available only for Resource Group1.
You have three on-premises servers named Server1, Server2, and Server3 that run Windows Server1 and Server2 and located on the Internal network. Server3 is located on the premises network. All servers have access to Azure.
From Azure Sentinel, you install a Windows firewall data connector.
You need to collect Microsoft Defender Firewall data from the servers for Azure Sentinel.
What should you do?
From Azure Sentinel, you install a Windows firewall data connector.
You need to collect Microsoft Defender Firewall data from the servers for Azure Sentinel.
What should you do?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure subscription named Sub1 that contains an Azure Log Analytics workspace named LAW1.
You have 500 Azure virtual machines that run Windows Server 2016 and are enrolled in LAW1.
You plan to add the System Update Assessment solution to LAW1.
You need to ensure that System Update Assessment-related logs are uploaded to LAW1 from 100 of the virtual machines only.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have 500 Azure virtual machines that run Windows Server 2016 and are enrolled in LAW1.
You plan to add the System Update Assessment solution to LAW1.
You need to ensure that System Update Assessment-related logs are uploaded to LAW1 from 100 of the virtual machines only.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
정답:
Explanation:
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/solution-targeting
You have an Azure SQL database.
You implement Always Encrypted.
You need to ensure that application developers can retrieve and decrypt data in the database.
Nantes's of information should you provide to the developers? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You implement Always Encrypted.
You need to ensure that application developers can retrieve and decrypt data in the database.
Nantes's of information should you provide to the developers? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
정답: D,E
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure subscription.
You create an Azure Firewall policy that has the rules shown in the following table:
In which order should the rules be processed? To answer, move all rules from the list of rules to the answer area and arrange them in the correct order.
You create an Azure Firewall policy that has the rules shown in the following table:
In which order should the rules be processed? To answer, move all rules from the list of rules to the answer area and arrange them in the correct order.
정답:
Explanation:
The rules should be processed in the following order:
* Rule1: This is a network rule collection with the lowest priority (100). It allows any protocol and port from any source to any destination.
* Rule2: This is a NAT rule collection with the second lowest priority (200). It translates the source IP address of VM1 to a public IP address when it accesses the internet.
* Rule3: This is an application rule collection with the third lowest priority (300). It allows HTTP and HTTPS traffic from any source to any destination.
* Rule4: This is an application rule collection with the fourth lowest priority (400). It blocks HTTP and HTTPS traffic from any source to www.contoso.com.
* Rule5: This is a network rule collection with the highest priority (500). It blocks ICMP traffic from any source to any destination.
The rules are processed from the lowest priority to the highest priority. If a rule matches the traffic, it is applied and no further rules are evaluated. If no rule matches the traffic, it is denied by default.
You have an Azure subscription that contains the virtual machines shown in the following table.
VNET1, VNET2, and VNET3 are peered with each other. You perform the following actions:
* Create two application security groups named ASG1 and ASG2 in the West US region.
* Add the network interface of VM1 to ASG1.
VNET1, VNET2, and VNET3 are peered with each other. You perform the following actions:
* Create two application security groups named ASG1 and ASG2 in the West US region.
* Add the network interface of VM1 to ASG1.
정답:
see the answer below in explanation.
Explanation:
Answer as below.
Explanation:
Answer as below.
You have an on-premises network and an Azure subscription.
You have the Microsoft SQL Server instances shown in the following table.
You plan to implement Microsoft Defender for SQL.
Which SQL Server instances will be protected by Microsoft Defender for SQL?
You have the Microsoft SQL Server instances shown in the following table.
You plan to implement Microsoft Defender for SQL.
Which SQL Server instances will be protected by Microsoft Defender for SQL?
정답: D
You have an Azure subscription that contains the resources shown in the following table.
You plan to deploy an Azure Private Link service named APL1.
Which resource must you reference during the creation of APL1?
You plan to deploy an Azure Private Link service named APL1.
Which resource must you reference during the creation of APL1?
정답: A
You have 10 virtual machines on a single subnet that has a single network security group (NSG).
You need to log the network traffic to an Azure Storage account.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You need to log the network traffic to an Azure Storage account.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
You have an Azure AD tenant that contains the groups shown in the following table.
You assign licenses to the groups as shown in the following table.
On May1, you delete Group1. Group2, and Group3.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You assign licenses to the groups as shown in the following table.
On May1, you delete Group1. Group2, and Group3.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
