test13 Flashcards
Which Azure service allows you to view the history of administrator-role assignments and send alerts to the Global Administrator on new assignments?
Azure AD Privileged Identity Management
Azure AD Privileged Identity Management (PIM) enables viewing the history of administrator-role assignments via its audit log and can be configured to send alerts to the Global Administrator when new assignments occur.
How can you ensure outbound traffic from Azure VMs is routed to the closest on-premises network when using multiple ExpressRoute circuits?
Border Gateway Protocol (BGP)
BGP routes can be defined to optimize traffic flow, ensuring outbound traffic from Azure virtual machines is directed to the nearest on-premises network via ExpressRoute circuits.
What is the minimum number of Azure Site Recovery Providers needed for 10 VMs across 3 Hyper-V nodes in a cluster?
3
The Azure Site Recovery Provider must be installed on each Hyper-V node in the cluster, so for 3 nodes, you need 3 providers, regardless of the number of VMs.
Which Azure service can collect logs from Azure AD, Azure subscriptions, and third-party providers, detect threats, and automate responses?
Microsoft Sentinel
Microsoft Sentinel is a SIEM solution that collects log and diagnostic data from multiple sources, detects known threats, and supports automated responses.
To notify when a VM’s CPU percentage deviates from historical norms, what should you create in Azure Monitor?
An alert based on metrics and a dynamic threshold
An alert with a dynamic threshold in Azure Monitor uses historical metric data to detect deviations in CPU percentage, unlike static thresholds which use fixed values.
Which Azure service can discover application components on Windows systems and map communication between services?
Service Map Solution in Azure
The Service Map Solution in Azure automatically discovers application components on Windows systems and maps their communication dependencies.
Which Azure service can analyze how many users return to an application?
Azure Application Insights
Azure Application Insights provides a retention feature to track user return rates, offering insights into application usage patterns.
Can you stream SQLInsights logs from an Azure SQL database to a storage account named appstore1000?
Yes
Yes, diagnostic settings for an Azure SQL database can stream SQLInsights logs to a storage account like appstore1000, provided it meets configuration requirements.
Can you stream SQLInsights logs from an Azure SQL database to a storage account named appstore2000 if it’s in a different location?
No
The storage account must be in the same location as the Azure SQL database to stream diagnostic logs, so appstore2000 in a different location cannot be used.
Can you stream SQLInsights logs from an Azure SQL database to a Log Analytics workspace named appworkspace?
Yes
A Log Analytics workspace can receive SQLInsights logs from an Azure SQL database, regardless of its location, making appworkspace a valid target.
What is the maximum retention duration for data in a Log Analytics workspace?
730 days
In a Log Analytics workspace, the maximum data retention period can be set to 730 days under the ‘Data Retention’ settings.
Which Azure service provides Layer-7 load balancing and protection against SQL Injection attacks for VMs hosting a web application?
Azure Application Gateway
Azure Application Gateway offers Layer-7 load balancing and includes a Web Application Firewall (WAF) to protect against attacks like SQL Injection.
Which hosting solution supports a .NET Core app needing to write to the Windows Event Log and local file system?
Azure Virtual Machine Scale Set
An Azure VM Scale Set provides control over the compute environment, allowing a .NET Core app to write to the Windows Event Log and local file system, unlike managed PaaS options.
For an Azure API Management instance using Azure Functions for read-only APIs, which HTTP method should be defined?
GET only
Since only read operations are allowed, the API Management instance should define only the GET method to restrict to read-only access.
Which Azure Policy effect ensures resources get a ‘Department’ tag with value ‘Information Technology’ if missing?
Modify
The ‘Modify’ effect in Azure Policy allows adding or updating tags on resources, ensuring compliance by applying the ‘Department: Information Technology’ tag.
What object in Azure AD is needed for Azure Policy to add tags to resources automatically?
Managed Identity with the Contributor Role
Azure Policy uses a Managed Identity with the Contributor Role to perform remediation tasks, like adding tags to resources.
Which Azure Blob Storage feature ensures database backup files are immutable for three years?
Time-based retention
Time-based retention policies in Azure Blob Storage prevent modification or deletion of files for a specified period, such as three years.
How can applications securely retrieve database passwords from Azure Key Vault?
Azure AD Managed Identity
An application (e.g., on an Azure Web App) can use a Managed Identity to securely access secrets in Azure Key Vault without hardcoding credentials.
Which service provides temporary access for users to create Azure Web Apps when needed?
Azure AD Privileged Identity Management
Azure AD PIM allows granting temporary, just-in-time access to users for tasks like creating Azure Web Apps, enhancing security.
At which level should an Azure Blueprint definition be created to minimize definitions across multiple subscriptions?
At ManagementGroupA
Defining the Blueprint at the top-level ManagementGroupA reduces the number of definitions needed, applying consistency across all subscriptions beneath it.
At which level should an Azure Blueprint assignment be applied to minimize assignments?
At each SubGroup Management Group
Assigning the Blueprint at each SubGroup Management Group level reduces the number of assignments while ensuring coverage across relevant subscriptions.
What is the ideal way to grant users access to Azure Blob Storage files for one month?
Shared Access Signatures (SAS)
SAS provides time-bound access to Blob Storage objects, allowing users to access files for a specified duration like one month.
Which service supports failover to another server for ApplicationA’s recovery needs?
Azure Site Recovery
Azure Site Recovery enables failover to another server, meeting ApplicationA’s requirement for disaster recovery with minimal downtime.
Which service provides backup for ApplicationB’s data with a suitable RTO?
Azure Backup
Azure Backup offers a straightforward backup solution for ApplicationB, allowing data restoration within the required recovery time objective (RTO).