- (Exam Topic 4)
You have Azure Resource Manager templates that you use to deploy Azure virtual machines.
You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.
What should you use?
Correct Answer:
B
You can use Azure Automation State Configuration to manage Azure VMs (both Classic and Resource Manager), on-premises VMs, Linux machines, AWS VMs, and on-premises physical machines.
Note: Azure Automation State Configuration provides a DSC pull server similar to the Windows Feature DSCService so that target nodes automatically receive configurations, conform to the desired state, and report back on their compliance. The built-in pull server in Azure Automation eliminates the need to set up and maintain your own pull server. Azure Automation can target virtual or physical Windows or Linux machines, in the cloud or on-premises.
References:
https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started
- (Exam Topic 4)
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant and a user named User1.
The App registrations settings for the tenant are configured as shown in the following exhibit.
You plan to deploy an app named App1.
You need to ensure that User1 can register App1 in Azure AD. The solution must use the principle of least privilege.
Which role should you assign to User1?
Correct Answer:
D
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task
- (Exam Topic 4)
You have an Azure subscription that uses Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
A PIM user that is assigned the User Access Administrator role reports receiving an authorization error when performing a role assignment or viewing the list of assignments.
You need to resolve the issue by ensuring that the PIM service principal has the correct permissions for the subscription. The solution must use the principle of least privilege.
Which role should you assign to the PIM service principle?
Correct Answer:
B
- (Exam Topic 4)
You have an Azure subscription that contains an Azure key vault. The role assignments for the key vault are shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You need to create a new Azure Active Directory (Azure AD) directory named 12345678.onmicrosoft.com. The new directory must contain a new user named user1@12345678.onmicrosoft.com.
To complete this task, sign in to the Azure portal.
Solution:
The first step is to create the Azure Active Directory tenant.
Sign in to the Azure portal. From the Azure portal menu, select Azure Active Directory. On the overview page, select Manage tenants. Select +Create. On the Basics tab, select Azure Active Directory. Select Next: Configuration
to move on to thCe onfiguration tab. For Organization name, enter 12345678. For the Initial domain name, enter 12345678. Leave the Country/Region as the default.
The next step is to create the user. From the Azure portal menu, select Azure Active Directory. Select Users then select New user. Enter User1 in the User name and Name fields. Leave the default option of Auto-generate password. Click the Create button.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-access-create-new-tenant https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory
Does this meet the goal?
Correct Answer:
A
