- (Exam Topic 4)
You have an Azure subscription that uses Microsoft Sentinel.
You need to create a Microsoft Sentinel notebook that will use the Guided Investigation - Anomaly Lookup template.
What should you create first?
Correct Answer:
A
- (Exam Topic 4)
You have an Azure subscription that contains a resource group named RG1 and the network security groups (NSGs) shown in the following table.
You create the Azure policy shown in the following exhibit.
You assign the policy to RG1.
What will occur if you assign the policy to NSG1 and NSG2?
Correct Answer:
B
- (Exam Topic 4)
You have an Azure subscription that contains 100 virtual machines and has Azure Security Center Standard tier enabled.
You plan to perform a vulnerability scan of each virtual machine.
You need to deploy the vulnerability scanner extension to the virtual machines by using an Azure Resource Manager template.
Which two values should you specify in the code to automate the deployment of the extension to the virtual machines? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Correct Answer:
AC
- (Exam Topic 4)
You need to configure a Microsoft SQL server named Web11597200 only to accept connections from the Subnet0 subnet on the VNET01 virtual network.
To complete this task, sign in to the Azure portal.
Solution:
You need to allow access to Azure services and configure a virtual network rule for the SQL Server.
In the Azure portal, type SQL Server in the search box, select SQL Server from the search results then select the server named web11597200. Alternatively, browse to SQL Server in the left navigation pane.
In the properties of the SQL Server, click Firewalls and virtual networks.
In the Virtual networks section, click on Add existing. This will open the Create/Update virtual network rule window.
Give the rule a name such as Allow_VNET01-Subnet0 (it doesn’t matter what name you enter for the exam).
In the Virtual network box, select VNET01.
In the Subnet name box, select Subnet0.
Click the OK button to save the rule.
Back in the Firewall / Virtual Networks window, set the Allow access to Azure services option to On.
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have an Azure resource group that contains 100 virtual machines.
You have an initiative named Initiative1 that contains multiple policy definitions. Initiative1 is assigned to the resource group.
You need to identify which resources do NOT match the policy definitions.
What should you do?
Correct Answer:
A
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/how-to/get-compliance-data#portal