- (Exam Topic 4)
You have an Azure subscription that contains the resources shown in the following table.
You plan to deploy the virtual machines shown in the following table.
You need to assign managed identities to the virtual machines. The solution must meet the following requirements:
Assign each virtual machine the required roles. Use the principle of least privilege.
What is the minimum number of managed identities required?
Correct Answer:
B
We have two different sets of required permissions. VM1 and VM2 have the same permission requirements. VM3 and VM4 have the same permission requirements.
A user-assigned managed identity can be assigned to one or many resources. By using user-assigned managed identities, we can create just two managed identities: one with the permission requirements for VM1 and VM2 and the other with the permission requirements for VM3 and VM4.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
- (Exam Topic 4)
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
You need to identify which initiatives and policies you can add to Subscription1 by using Azure Security Center.
What should you identify?
Correct Answer:
D
Reference:
https://docs.microsoft.com/en-us/azure/security-center/custom-security-policies
- (Exam Topic 4)
You plan to use Azure Sentinel to create an analytic rule that will detect suspicious threats and automate responses.
Which components are required for the rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-custom https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have an Azure subscription named Sub1.
In Azure Security Center, you have a workflow automation named WF1. WF1 is configured to send an email message to a user named User1.
You need to modify WF1 to send email messages to a distribution group named Alerts. What should you use to modify WF1?
Correct Answer:
C
Reference:
https://docs.microsoft.com/en-us/azure/security-center/workflow-automation
https://docs.microsoft.com/en-us/learn/modules/resolve-threats-with-azure-security-center/6-exerciseconfigure-p
- (Exam Topic 4)
You need to configure a virtual network named VNET2 to meet the following requirements: 
Administrators must be prevented from deleting VNET2 accidentally. Administrators must be able to add subnets to VNET2 regularly.
To complete this task, sign in to the Azure portal and modify the Azure resources.
Solution:
Locking prevents other users in your organization from accidentally deleting or modifying critical resources, such as Azure subscription, resource group, or resource.
Note: In Azure, the term resource refers to an entity managed by Azure. For example, virtual machines, virtual networks, and storage accounts are all referred to as Azure resources.
* 1. In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET2. Alternatively, browse to Virtual Networks in the left navigation pane.
* 2. In the Settings blade for virtual network VNET2, select Locks.
* 3. To add a lock, select Add.
* 4. For Lock type select Delete lock, and click OK Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources
Does this meet the goal?
Correct Answer:
A
