AZ-900 : Microsoft Azure Fundamentals : Part 09

 

1. DRAG DROP

   You need to complete the defense-in-depth strategy used in a datacenter.

   What should you do? To answer, drag the appropriate layers to the correct positions in the model. Each layer may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

   NOTE: Each correct selection is worth one point.

   

   AZ-900 Microsoft Azure Fundamentals Part 09 Q01 083 Question

   

   AZ-900 Microsoft Azure Fundamentals Part 09 Q01 083 Answer

   Explanation:

   Defence in depth layers (from bottom to top):
   Data
   – In almost all cases attackers are after data.
   – Data can be in database, stored on disk inside VMs, on a SaaS application such as Office 365 or in cloud storage.
   – Those storing and controlling access to data to ensures that it’s properly secured
   – Often regulatory requirements dictates controls & processes
   – to ensure confidentiality, integrity, and availability.
   Application
   – Ensure applications are secure and free of vulnerabilities.
   – Store sensitive application secrets in a secure storage medium.
   – Make security a design requirement for all application development.
   – Integrate security into the application development life cycle.
   Compute
   – Secure access to virtual machines.
   – Implement endpoint protection and keep systems patched and current.
   – Malware, unpatched systems, and improperly secured systems open your environment to attacks.
   Networking
   – Limit communication between resources.
   – Deny by default.
   – Allow only what is required
   – Restrict inbound internet access and limit outbound, where appropriate.
   – Implement secure connectivity to on-premises networks.
   Perimeter
   – Use distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for end users.
   – Use perimeter firewalls to identify and alert on malicious attacks against your network.
   Identity and access
   – Control access to infrastructure and change control.
   – Access granted is only what is needed
   – Use single sign-on and multi-factor authentication.
   – Audit events and changes.
   Physical security
   – Building security & controlling access to computing hardware.
   – First line of defense.

2. You have an Azure virtual machine named VM1.

   You plan to encrypt VM1 by using Azure Disk Encryption.

   Which Azure resource must you create first?

   • an Azure Storage account
   • an Azure Key Vault
   • an Azure Information Protection policy
   • an Encryption key
   Explanation:
   Azure Disk Encryption requires an Azure Key Vault to control and manage disk encryption keys and secrets.

3. Which resources can be used as a source for a Network security group inbound security rule?

   • Service Tags only
   • IP Addresses, Service tags and Application security groups
   • Application security groups only
   • IP Addresses only
   Explanation:
   Source or destination:
   Any, or an individual IP address, classless inter-domain routing (CIDR) block (10.0.0.0/24, for example), service tag, or application security group.

4. HOTSPOT

   To complete the sentence, select the appropriate option in the answer area.

   

   AZ-900 Microsoft Azure Fundamentals Part 09 Q04 084 Question

   

   AZ-900 Microsoft Azure Fundamentals Part 09 Q04 084 Answer

5. HOTSPOT

   To complete the sentence, select the appropriate option in the answer area.

   

   AZ-900 Microsoft Azure Fundamentals Part 09 Q05 085 Question

   

   AZ-900 Microsoft Azure Fundamentals Part 09 Q05 085 Answer

6. HOTSPOT

   To complete the sentence, select the appropriate option in the answer area.

   

   AZ-900 Microsoft Azure Fundamentals Part 09 Q06 086 Question

   

   AZ-900 Microsoft Azure Fundamentals Part 09 Q06 086 Answer

7. HOTSPOT

   To complete the sentence, select the appropriate option in the answer area.

   

   AZ-900 Microsoft Azure Fundamentals Part 09 Q07 087 Question

   

   AZ-900 Microsoft Azure Fundamentals Part 09 Q07 087 Answer

   Explanation:
   The VNet will be marked as ‘Non-compliant’ when the policy is assigned. However, it will not be deleted and will continue to function normally.
   Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements.
   If there are any existing resources that aren’t compliant with a new policy assignment, they appear under Non-compliant resources.
   

8. Your company has an Azure subscription that contains resources in several regions.

   You need to create the Azure resource that must be used to meet the policy requirement.

   What should you create?

   • a read-only lock
   • an Azure policy 
   • a management group
   • a reservation
   Explanation:

   Azure policies can be used to define requirements for resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources.

   Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non-compliance with assigned policies. All data stored by Azure Policy is encrypted at rest.

   Azure Policy offers several built-in policies that are available by default. In this question, we would use the ‘Allowed Locations’ policy to define the locations where resources can be deployed.

9. This question requires that you evaluate the underlined text to determine if it is correct.

   From Azure Cloud Shell, you can track your company’s regulatory standards and regulations, such as ISO 27001.

   Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed.” If the statement is incorrect, select the answer choice that makes the statement correct.

   • No change is needed.
   • the Microsoft Cloud Partner Portal
   • Compliance Manager
   • the Trust Center
   Explanation:
   Microsoft Compliance Manager (Preview) is a free workflow-based risk assessment tool that lets you track, assign, and verify regulatory compliance activities related to Microsoft cloud services. Azure Cloud Shell, on the other hand, is an interactive, authenticated, browser-accessible shell for managing Azure resources.

10. HOTSPOT

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q10 088 Question

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q10 088 Answer

    Explanation:

    Azure AD join only applies to Windows 10 devices.

11. HOTSPOT

    To complete the sentence, select the appropriate option in the answer area.

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q11 089 Question

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q11 089 Answer

    Explanation:
    The Microsoft Privacy Statement explains what personal data Microsoft processes, how Microsoft processes the data, and the purpose of processing the data

12. HOTSPOT

    To complete the sentence, select the appropriate option in the answer area.

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q12 090 Question

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q12 090 Answer

    Explanation:

    Authentication, not authorization is the process of verifying a user’s credentials.

    The difference between authentication and authorization is:
    – Authentication is proving your identity, proving that you are who you say you are. The most common example of this is logging in to a system by providing credentials such as a username and password.
    – Authorization is what you’re allowed to do once you’ve been authenticated. For example, what resources you’re allowed to access and what you can do with those resources.

13. HOTSPOT

    To complete the sentence, select the appropriate option in the answer area.

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q13 091 Question

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q13 091 Answer

14. HOTSPOT

    To complete the sentence, select the appropriate option in the answer area.

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q14 092 Question

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q14 092 Answer

15. HOTSPOT

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q15 093 Question

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q15 093 Answer

16. HOTSPOT

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q16 094 Question

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q16 094 Answer

17. HOTSPOT

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q17 095 Question

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q17 095 Answer

18. HOTSPOT

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q18 096 Question

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q18 096 Answer

19. Your company plans to migrate all on-premises data to Azure.

    You need to identify whether Azure complies with the company’s regional requirements.

    What should you use?

    • the Knowledge Center
    • Azure Marketplace
    • the MyApps portal
    • the Trust Center 
    Explanation:

    Azure has more than 90 compliance certifications, including over 50 specific to global regions and countries, such as the US, the European Union, Germany, Japan, the United Kingdom, India and China.

    You can view a list of compliance certifications in the Trust Center to determine whether Azure meets your regional requirements.

20. HOTSPOT

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q20 097 Question

    

    AZ-900 Microsoft Azure Fundamentals Part 09 Q20 097 Answer

    Explanation:

    Box 1: No
    Authorization to access Azure resources can be provided by other identity providers by using federation. A commonly used example of this is to federate your on-premises Active Directory environment with Azure AD and use this federation for authentication and authorization.

    Box 2: Yes
    As described above, third-party cloud services and on-premises Active Directory can be used to access Azure resources. This is known as ‘federation’.
    Federation is a collection of domains that have established trust. The level of trust may vary, but typically includes authentication and almost always includes authorization. A typical federation might include a number of organizations that have established trust for shared access to a set of resources.

    Box 3: Yes
    Azure Active Directory (Azure AD) is a centralized identity provider in the cloud. This is the primary built-in authentication and authorization service to provide secure access to Azure resources.