AZ-500(Typically-Yes-question)

Upload images to the Azure Container Registry - AcrPush

Download of images from the Azure Container Registry - AcrPull

You need to perform a task on the virtual machine prior to deploying containers:
Solution: You install the container network interface (CNI) plug-in.

Sure that Windows features that are not in use, are automatically inactivated when
instances of the virtual machines are provisioned:
- You should make use of Azure Automation State Configuration

Custom antimalware virtual machine extension installed.

- DeployifNotExists

You need to make sure that database developers are able to connect to the SQL
database via Microsoft SQL Server Management Studio (SSMS).
- Active Directory integrated authentication

Which of the following will happen if when a faulty SQL statement is generate in
the database by an application?
- A Vulnerability to SQL injection alert is triggered

You have to make sure that a specific user can set advanced access policies for the
key vault.
- Azure AD Privileged Identity Management (PIM)

You have to make sure that a specific user is able to add and delete certificates
in the key vault.
- A key vault access policy.

You plan to deploy and configure an Azure Key vault, and enable Azure Disk
Encryption for the virtual machine.
- It is supported for standard tier VMs.

You plan to deploy and configure an Azure Key vault, and enable Azure Disk
Encryption for the virtual machine.
- It is NOT supported for basic tier VM.

You want to make sure that the results only show users who had failed to sign-in
more than five times.
- The EventID and Count() parameters.

You want to make sure that the results only show users who had failed to sign-in
more than five times.
- It enforces your team's change managements standards
- It enforces your team's code quality

You need to ensure that the app is registered to Azure Active Directory (Azure AD).
The registration must use the sign-on URLs of https://app.contoso.com.
- Sign in to your Azure Account through the Azure portal.
- Select Azure Active Directory.

FQDN - fully qualified domain names

Azure Blueprints
- When You need to configure each subscription to have the same role assignments
If you need to deploy the policy definitions as a group to all three subscriptions
- Need use a management group.

Which three actions should ylm4 perform in sequence?

- Send the accounts Azure AD users an invitation.
- Ensure that the accounts Azure AD users accept the invitation so that user
objects are automatically created in the resources Azure AD tenant.
- Choose an Azure AD identity provider for authentication.

Which three actions should you perform in sequence?

- Create an Initiative definition.
- Add costcenterTag1 and productnameTag1 to the Initiative definition.
- Assign the Initiative definition to Subscription1

Which three actions should you perform in sequence?

- Create an app registration
- Add an application permission.
- Grant permissions.

Which three actions should you perform?

- Create a new resource group named RG2.
- Move SERVER03 to RG2.
- Assign the development team the Virtual Machine Contributor role scoped to RG2.

Which four initial actions should you perform in sequence?

- Connect to Azure Portal.
- Open Defender for Cloud.
- Select the Recommendations page.
- Select ‘A vulnerability assessment solution should be enabled on your virtual
machines‘.

Which four actions should you perform in sequence?

- Assign the marketing group owner an Azure Premium P2 license.
- Select the marketing group for access review.
- Scope the access review users to All users.
- Specify the recurrence of the review.

You need to enforce SecurityPolicyInitiative1 and the role assignments when a new
resource group is created.
- Create an Azure Blueprints definition
- Publish an Azure Blueprints version
- Assign an Azure Blueprint.

Can upload images to the container registry

- AcrPush
- Contributor

Can download images to the container registry

- AcrPull
- Contributor

Azure Monitor
- Metrics
- Logs

Three items you have to configure when creating an Azure Monitor Alert Rule
- Resources
- Action
- Condition

You have to ensure that all subscriptions have the same role assignments.
- By using Azure Blueprints

What is the difference between OpenID Connect and OAuth 2.0?

- OAuth 2.0 is a protocol used for authorization
- OpenID Connect is a protocol used for authentication
- OpenID Connect is an extension of OAuth 2.0

Azure AD Conditional Access?

- Azure AD Premium P1

Azure AD MFA?
- No license is required

How long is metrics data stored for?

- 93 days

What are the three alert states in Azure Monitor?

- New
- Acknowledged
- Closed

Which of the following are valid Azure Monitor data sources?

- ALL

What is the default retention period for Azure Monitor logs?

- 30 days

You have been tasked with enabling Advanced Threat Protection for an Azure SQL
Database server.Advanced Threat Protection must be configured to identify all types
of threat detection.Which of the following will happen if when a faulty SQL
statement is generate in the database by an application?
- A Potential SQL injection alert is triggered.

Fab-prod-subscription
- TRUE Solution: Create a new security group with an assigned membership type and
configure group-based licensing.

Fab-prod-subscription:
- job tittle;
- department.

Fab-prod-subscription:
- Conditional Access

Fab-prod-subscription: issues : all answers

Fab-prod-subscription:
- Yes Solution: You configure Azure AD Identity Protection.

What are the three alert states in Azure Monitor?

- New
- Acknowledged
- Closed

What are the two Azure Monitor alert conditions?

- Fired
- Resolved

As part of an Azure SQL Database AlwaysEncrypted configuration, where are the

encryption keys stored?
- Column Master Key: AKV
- Column Encryption Key: SQL

What is the difference between OpenID Connect and OAuth 2.0?

- OAuth 2.0 is a protocol used for authorization
- OpenID Connect is a protocol used for authentication
- OpenID Connect is an extension of OAuth 2.0

When doing an app registration in Azure AD, what are two methods to ensure
application security?
- Application Certificate
- Application secret

Which of the following are valid Azure Monitor data sources?

- ALL

Which single Azure SQL Database feature provides data security for data at rest,
data in transit and data in use?
- Always Encrypted

IP addresses with dubious activity

- Medium

Able to secure Azure AD roles by making use of Azure Active Directory (Azure AD)
Privileged Identity Management (PIM).
- You should discover privileged roles

Impossible travel to atypical locations - Medium

User with leaked credentials - High
Sign-ins from IP addresses with suspicious activity - Low

Unfamiliar location/ need change password - Yes

Anonymous IP / need change password - Yes
Computer containing malware/ change password - No

Which three actions should you perform in sequence?

- review program
- review control
- group owners

User3 can perform Review1 for - User3 only

If User2 fails to complete Review1 by December 12/2020 - User3 will receive a
confirmation request

If User1 - YES
If User2 - NO
If User2 - NO

Which three actions should you perform in sequence?

- Consent to PIM
- Verify your MFA
- Sign up PIM for Azure AD role
SIMULATION -
The developers at your company plan to create a web app named App12345678 and to
publish the app to https://www.contoso.com.
You need to perform the following tasks:
✑ Ensure that App12345678 is registered to Azure Active Directory (Azure AD).
✑ Generate a password for App12345678.
To complete this task, sign in to the Azure portal.

Correct Answer:
See the explanation below.
Step 1: Register the Application
1. Sign in to your Azure Account through the Azure portal.
2. Select Azure Active Directory.
3. Select App registrations.
4. Select New registration.
5. Name the application 12345678. Select a supported account type, which determines
who can use the application. Under Redirect URI, select Web for the type of
application you want to create. Enter the URI: https://www.contoso.com , where the
access token is sent to.
6. Click Register
Step 2: Create a new application secret
If you choose not to use a certificate, you can create a new application secret.
7. Select Certificates & secrets.
8. Select Client secrets -> New client secret.
9. Provide a description of the secret, and a duration. When done, select Add.
After saving the client secret, the value of the client secret is displayed. Copy
this value because you aren't able to retrieve the key later. You provide the key
value with the application ID to sign in as the application. Store the key value
where your application can retrieve it.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-
service-principal-portal