Grátis 239 pág. 
Pré-visualização | Página 22 de 35runs Chrome OS and uses Azure Cloud Shell. Correct Answer: ABE A PowerShell script is a �le that contains PowerShell cmdlets and code. A PowerShell script needs to be run in PowerShell. Reference: https://docs.microsoft.com/en-us/powershell/scripting/components/ise/how-to-write-and-run-scripts-in-the-windows-powershell-ise? view=powershell-6 https://docs.microsoft.com/en-us/azure/cloud-shell/quickstart-powershell Community vote distribution BCE (100%) Topic 1Question #172 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription named Subscription1. You sign in to the Azure portal and create a resource group named RG1. From Azure documentation, you have the following command that creates a virtual machine named VM1. az vm create --resource-group RG1 -- name VM1 --image UbuntuLTS --generate-ssh-keys You need to create VM1 in Subscription1 by using the command. Solution: From the Azure portal, launch Azure Cloud Shell and select Bash. Run the command in Cloud Shell. Does this meet the goal? A. Yes B. No Correct Answer: A The command can be run in the Azure Cloud Shell. The Azure Cloud Shell is a free interactive shell. It has common Azure tools preinstalled and con�gured to use with your account. To open the Cloud Shell, just select Try it from the upper right corner of a code block. You can also launch Cloud Shell in a separate browser tab by going to https://shell.azure.com/bash. References: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/quick-create-cli Topic 1Question #173 Your company has several business units. Each business unit requires 20 different Azure resources for daily operation. All the business units require the same type of Azure resources. You need to recommend a solution to automate the creation of the Azure resources. What should you include in the recommendations? A. Azure Resource Manager templates B. virtual machine scale sets C. the Azure API Management service D. management groups Correct Answer: A You can use Azure Resource Manager templates to automate the creation of the Azure resources. Deploying resource through templates is known as .™€גInfrastructure as code˜€ג To implement infrastructure as code for your Azure solutions, use Azure Resource Manager templates. The template is a JavaScript Object Notation (JSON) �le that de�nes the infrastructure and con�guration for your project. The template uses declarative syntax, which lets you state what you intend to deploy without having to write the sequence of programming commands to create it. In the template, you specify the resources to deploy and the properties for those resources. References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview Topic 1Question #174 HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: Reference: https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/quick-acm-cost-analysis https://docs.microsoft.com/en- us/azure/cost-management-billing/costs/cost-analysis-common-uses Topic 1Question #175 HOTSPOT - To answer, select the appropriate option in the answer area. Hot Area: Correct Answer: Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/move-vm Topic 1Question #176 What can you use to identify underutilized or unused Azure virtual machines? A. Azure Advisor B. Azure Cost Management + Billing C. Azure reservations D. Azure Policy Correct Answer: A Azure Advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources. You can get cost recommendations from the Cost tab on the Advisor dashboard. Reference: https://docs.microsoft.com/en-us/azure/advisor/advisor-overview Topic 1Question #177 HOTSPOT - You plan to implement several security services for an Azure environment. You need to identify which Azure services must be used to meet the following security requirements: ✑ Monitor threats by using sensors ✑ Enforce Azure Multi-Factor Authentication (MFA) based on a condition Which Azure service should you identify for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: Box 1: To monitor threats by using sensors, you would use Azure Advanced Threat Protection (ATP). Azure Advanced Threat Protection (ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Sensors are software packages you install on your servers to upload information to Azure ATP. Box 2: To enforce MFA based on a condition, you would use Azure Active Directory Identity Protection. Azure AD Identity Protection helps you manage the roll-out of Azure Multi-Factor Authentication (MFA) registration by con�guring a Conditional Access policy to require MFA registration no matter what modern authentication app you are signing in to. References: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/what-is-atp https://docs.microsoft.com/en-us/azure/active- directory/identity-protection/howto-identity-protection-con�gure-mfa-policy Topic 1Question #178 Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. What are two possible solutions? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Modify an Azure Tra�c Manager pro�le B. Modify a network security group (NSG) C. Modify a DDoS protection plan D. Modify an Azure �rewall Correct Answer: B A network security group works like a �rewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network. You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict tra�c between resources such as virtual machines and subnets. You can �lter network tra�c to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network tra�c to, or outbound network tra�c from, several types of Azure resources. In this question, we need to add a rule to the network security group to allow the connection to the virtual machine on port 80 (HTTP). Reference: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview Community vote distribution D (50%) B (50%) Topic 1Question #179 HOTSPOT - To complete the sentence, select the appropriate option in the answer area. Hot Area: Correct Answer: The just-in-time (JIT) virtual machine (VM) access feature in Azure Security Center allows you to lock down inbound tra�c to your Azure Virtual Machines. This reduces exposure to attacks while providing easy access when you need to connect to a VM. Reference: https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-con�g-asc%2Cjit-request-asc Topic 1Question #180 HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: Reference: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works Can Azure Security Center Monitor Azure resources and onAzure Web Apps (in App Service Environment) Partner solutions integrated with your Azure subscription such as a web application firewall on VMs and on App Service Environment. In addition, non-Azure (including on-premises) machines can also be monitored by Azure Security Center.
Is Microsoft Defender for Cloud can Monitor Azure resources and onDefender for Cloud collects data from your Azure virtual machines (VMs), Virtual Machine Scale Sets, IaaS containers, and non-Azure (including on-premises) machines to monitor for security vulnerabilities and threats.
Which Azure resources are monitored by Azure Security Center?Security Center natively monitors and protects Azure PaaS services such as Service Fabric, SQL Database, SQL Managed Instance, and your storage accounts.
What does Azure Security Center Monitor?Microsoft Azure Security Center is a set of tools for monitoring and managing the security of virtual machines and other cloud computing resources within the Microsoft Azure public cloud.
|
