Microsoft Azure Security Technologies - AZ-500무료 덤프문제 풀어보기

You have an Azure subscription named Sub! and an Amazon Web Services (AWS) account named AWS1.
You create a new user account named Admin1.
You need to ensure that Admin1 can perform the following actions:
* Add AWS1 to Microsoft Defender for Cloud.
* Enable Azure Arc autoprovisioning for all existing and future Amazon Elastic Compute Cloud (EC2) instances.
The solution must follow the principle of least privilege. Which role should you assign to Admin1 at the Sub1 scope?

정답: B
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Subscription named Sub1.
You have an Azure Storage account named Sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in Sa1 by using several shared access signatures (SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to Sa1.
Solution: You generate new SASs.
Does this meet the goal?

정답: B
설명: (Fast2test 회원만 볼 수 있음)
Your on-premises network contains the servers shown in the following table.

You have an Azure subscription That contains multiple virtual machines that run either Windows Server 2019 Of SLES.
정답:

Explanation:
You have an Azure subscription. The subscription contains a virtual network named VNet1 that contains the subnets shown in the following table.

The subscription contains the function apps shown in the following table.

The outbound traffic of which app is controlled by using NSG1?

정답: B
You have an Azure subscription that contains a resource group named RG1 and an Azure policy named Policy1.
You need to assign Policy1 to RG1.
How should you complete the script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content NOTE: Each correct selection is worth one point.
정답:

Explanation:
You have a network security group (NSG) bound to an Azure subnet.
You run Get-AzureRmNetworkSecurityRuleConfig and receive the output shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
정답:

Explanation:
Box 1: able to connect to East US 2
The StorageEA2Allow has DestinationAddressPrefix {Storage/EastUS2}
Box 2: dropped
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group
You have an Azure subscription that uses Microsoft Defender for Cloud. You have accounts for the following cloud services:
* Alibaba Cloud
* Amazon Web Services (AWS)
* Google Cloud Platform (GCP)
What can you add to Defender for Cloud?

정답: B
You have an Azure subscription named Sub1 that contains the resources shown in the following table.

You need to ensure that you can provide VM1 with secure access to a database on SQL1 by using a contained database user.
What should you do?

정답: C
설명: (Fast2test 회원만 볼 수 있음)
You have an Azure subscription that contains the resources shown in the following table.

You plan to deploy the virtual machines shown in the following table.

You need to assign managed identities to the virtual machines. The solution must meet the following requirements:
* Assign each virtual machine the required roles.
* Use the principle of least privilege.
What is the minimum number of managed identities required?

정답: A
설명: (Fast2test 회원만 볼 수 있음)
You need to configure SQLDB1 to meet the data and application requirements.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
정답:

Explanation:
From the Azure portal, create an Azure AD administrator for LitwareSQLServer1 Connect to SQLDB1 by using SSMS In SQLDB1, create contained database users
https://www.youtube.com/watch?v=pEPyPsGEevw
You need to delegate a user to implement the planned change for Defender for Cloud.
The solution must follow the principle of least privilege.
Which user should you choose?

정답: B
Your company plans to create separate subscriptions for each department. Each subscription will be associated to the same Azure Active Directory (Azure AD) tenant.
You need to configure each subscription to have the same role assignments.
What should you use?

정답: D
설명: (Fast2test 회원만 볼 수 있음)
You have an Azure AD tenant that contains the users shown in the following table.

You enable passwordless authentication for the tenant.
Which authentication method can each user use for passwordless authentication? To answer, drag the appropriate authentication methods to the correct users. Each authentication method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
정답:

Explanation:
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You create and enforce an Azure AD Identity Protection user risk policy that has the following settings:
* Assignment: Include Group1, Exclude Group2
* Conditions: Sign-in risk of Medium and above
* Access: Allow access, Require password change
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:

Explanation:

Box 1: Yes
User1 is member of Group1. Sign in from unfamiliar location is risk level Medium.
Box 2: Yes
User2 is member of Group1. Sign in from anonymous IP address is risk level Medium.
Box 3: No
Sign-ins from IP addresses with suspicious activity is low.
Note:

Azure AD Identity protection can detect six types of suspicious sign-in activities:
* Users with leaked credentials
* Sign-ins from anonymous IP addresses
* Impossible travel to atypical locations
* Sign-ins from infected devices
* Sign-ins from IP addresses with suspicious activity
* Sign-ins from unfamiliar locations
These six types of events are categorized in to 3 levels of risks - High, Medium & Low:
References:
http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/
You have a Microsoft Entra tenant named contoso.com that contains a user named User1.
You register an app named App1 in contoso.com and create an app role named Role1.
You need to assign Role1 to User1.
What should you configure on the Enterprise applications blade of App1 in the Microsoft Entra admin center?

정답: C

우리와 연락하기

문의할 점이 있으시면 메일을 보내오세요. 12시간이내에 답장드리도록 하고 있습니다.

근무시간: ( UTC+9 ) 9:00-24:00
월요일~토요일

서포트: 바로 연락하기 

English Deutsch 繁体中文 日本語