- (Exam Topic 4)
You have an Azure subscription that contains the resources shown in the following table.
User1 is a member of Group1. Group1 and User2 are assigned the Key Vault Contributor role for Vault1.
On January 1, 2019, you create a secret in Vault1. The secret is configured as shown in the exhibit. (Click the Exhibit tab.)
User2 is assigned an access policy to Vault1. The policy has the following configurations: 
Key Management Operations: Get, List, and Restore Cryptographic Operations: Decrypt and Unwrap Key 
Secret Management Operations: Get, List, and Restore
Group1 is assigned an access to Vault1. The policy has the following configurations: Key Management Operations: Get and Recover Secret Management Operations: List, Backup, and Recover
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Solution:
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have an Azure subscription that contains the resources shown in the following Table.
You plan to enable Microsoft Defender for Cloud for the subscription. Which resources can be protected by using Microsoft Defender for Cloud?
Correct Answer:
C
- (Exam Topic 4)
Your network contains an Active Directory forest named contoso.com. You have an Azure Directory (Azure AD) tenant named contoso.com.
You plan to configure synchronization by using the Express Settings installation option in Azure AD Connect. You need to identify which roles and groups are required to perform the planned configurations. The solution must use the principle of least privilege.
Which two roles and groups should you identify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Correct Answer:
CE
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions
- (Exam Topic 4)
You have an Azure subscription that contains the resources shown in the following table.
You need to ensure that ServerAdmins can perform the following tasks: Create virtual machine to the existing virtual network in RG2 only.
The solution must use the principle of least privilege.
Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Correct Answer:
BF
- (Exam Topic 4)
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: User1-10598168@ExamUsers.com
Azure Password: Ag1Bh9!#Bd
The following information is for technical support purposes only: Lab Instance: 10598168
You need to email an alert to a user named admin1@contoso.com if the average CPU usage of a virtual machine named VM1 is greater than 70 percent for a period of 15 minutes.
To complete this task, sign in to the Azure portal.
Solution:
Create an alert rule on a metric with the Azure portal
* 1. In the portal, locate the resource, here VM1, you are interested in monitoring and select it.
* 2. Select Alerts (Classic) under the MONITORING section. The text and icon may vary slightly for different resources.
* 3. Select the Add metric alert (classic) button and fill in the fields as per below, and click OK. Metric: CPU Percentage
Condition: Greater than Period: Over last 15 minutes Notify via: email
Additional administrator email(s): admin1@contoso.com
Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-insights-alerts-portal
Does this meet the goal?
Correct Answer:
A
