You work for an organization that has above 100 Windows Server 2016 virtual machines (VMs). Those VMs are running in the Azure West Europe region. Azure Automation runbook is used by the machines to automatically start and stop. Azure Update Management is used to manage updates. You get to know about a Microsoft security vulnerability which is affecting the Windows Server 2016 operating system (OS). When a hotfix is installed, the vulnerability gets fixed. You need to create a report of the systems that do not have the hotfix installed. What would be your step of action to generate the report?

You work for an organization as an Azure administrator. There is one subscription having all Azure resources and all of them are in a single region. The organization has an Active Directory (AD) domain that is synchronized from on-premises using Azure AD Connect. Active Directory Federation Services (ADFS) is used for Single Sign-On (SSO). A managed SQL instance named Database1 is deployed to Azure with a single-user database. The users have to be authenticated when they connect, for which you use SQL Server authentication. A concern put front by the users says they are required to remember a separate username and password when if they want Excel to be connected to the managed SQL instance. As a solution, you decide to configure the Azure SQL Database so users can login without having to enter a username and password. Can you identify from the options below, which two actions should you perform?

You are working for an organization as an Azure administrator. You are tasked to migrate an on-premises SQL Server to four Azure SQL databases in a single Azure SQL Server. The SQL Server audit logs were copied to an Azure Blob storage before migrating to Azure. There is a quarterly review carried with the audit logs for any suspicious activity. You are required to make sure Auditing events of all Azure SQL databases must be logged and stored for review. You should be careful with the costs as they should be minimum. Can you identify the two actions you should perform? (opt any TWO).

There is an Azure App Service app you are managing. This app hosts website artifacts in a general purpose v2 storage account. You are required to execute the App Service app configuration so it can authenticate programmatically to the storage account. Choose which of the following would you create.

You are working for an organization managing its Azure subscription. The subscription is called Sub1 and is associated with Company1, an Azure Active Directory (Azure AD) tenant. There is another Azure AD tenant that the organization’s IT department is managing. That tenant is called corp-company1.com. A new administrator, Admin1, is hired by the organization. Admin1 has the following identities: -An account in company1.com named Identity1 -An account in corp-company1.com named Identity2 -An Outlook.com account named Identity3 You are required to transfer Sub1 ownership to Admin1. Can you identify the identities from Admin1 that might be used to transfer Sub1 ownership?

You are working for an organization as an Azure administrator. The keys for Azure Service Bus are stored and accessed by Azure Key Vault used by several applications that organization is using. The keys are manually regenerated and stored in the key vault and this process is a little time taking. What would be your step of action if you want to configure Azure to rotate the keys automatically?

You work for a company managing its Azure Virtual Machine (VM). The VM is running Windows Server named and is called VM1. You are tasked to perform emergency security configuration on VM1 for which you decide to use Serial Console. What will be your first step of action?

You work for an organization as an Azure administrator. There was an audit exercise that surfaced the fact that numerous privileged users have accounts without multi-factor authentication (MFA) enabled. Now you need to filter out those privileged accounts on which MFA must be enabled. What would be your step of action?

You work for an organization that has offices in multiple regions across the world. There is a local file server at each office where departmental data is stored. Your company creates a storage account for a pilot of Azure File Sync for a remote office. 192.168.1.0/24 is the subnet used by the remote office. You need to make sure storage account can be accessed from nowhere other than the remote office. What will be your step of action?

Your organization wants to share some confidential drawings of a new design project with a customer. You are asked to provide read-only access to the files containing drawings, with the files configured to stay with the customer for a short period of time, accessible from customer’s office. A static IP address is used to connect to the internet at the customer's office. You need to provide the most cost-effective, secure solution. Which of the following is the best step to take?

There is a web application being developed by your company. The app requires API access to a general purpose v2 storage account in Azure. You want to regenerate the access keys from the storage account on a schedule. What would be your step of action?

VNet1 is an Azure virtual network (VNet) where several development servers of the company are running. There development team has numerous Docker images stored in a private repository. These container images are planned to be deployed in Azure using Azure Container Instances (ACI). You need to restrict access to these containers to VNet1. What will be your next step of action?

You work for an organization using Azure Active Directory (Azure AD) Privileged Identity Management (PIM). You want John Doe, a user, to request administrative role elevation before he takes any administrative action in Azure. What should be your step of action?

Your organization stores Docker images for internal development using Azure Container Registry. You are required to configure the registry in such a way that a registry name is needed by developers to log into the registry and an access key is required as the password. What would be your step of action?

There are four Azure virtual machines (VMs) in your company. Windows Server 2016 is run on all the VMs and located on a subnet named web1 in a virtual network (VNet) named vnet1. The four Azure VMs are called web1, web2. web3, and web4. Following are the requirements of inbound network traffic: -TCP 443 (all VMs) -TCP 1444 (web1, web3) Knowing this situation, can you identify the number of network security groups (NSGs) you need?

There are six Azure virtual machines (VMs)in your organization. The VMs are running Linux. Your organization has a line-of-business (LOB) application and these six VMs form the web tier of this LOB application. You want the key application services to start programmatically. Which of the following do you think you should use?

You work for a company running five Windows Server 2012 R2 virtual machines (VMs). The VMs are located in the Azure West Europe region. The VMs were originally deployed from the Azure marketplace. There is presently a n antivirus solution installed and is expected to become end of life soon. The company wants to now replace the old antivirus solution with Microsoft Antimalware. You are required to enable Microsoft Antimalware on each VM and do it with zero manual interaction. What would be your next step of action?

You are working for a company as an Azure administrator. There are above 100 virtual machines (VMs) and all running on a single tenant. That one tenant has three subscriptions. Security alerts are reported to have increased within Azure Security Center. You must make sure you receive a notification immediately as the alerts are detected in Security Center. Identify the action(s) you must perform. Each correct answer presents part of the solution

There is a team of developers and data scientists and you are a security administrator on that team. It is planned to use Azure Databricks to perform data analysis. You are tasked to design an Azure-based storage repository with these requirements met: -Hadoop-compatible file system -File-level access control lists -Shared access signature (SAS) token support Identify which of the following would you create?

Your organization has a Microsoft SQL Server 2019 database. The database is hosted on an Azure virtual machine (VM). There is a web application that uses the database as its data store. The page speed of customers shopping is cart is noticeably slow. What will you do if you want tp know what stored is being called when customers access this page?

Your company has an Azure SQL database. The database also consists of sensitive data. You want the prevent sensitive data from appearing as plain text inside the database system. What would be your step of action?

A company has a single Azure subscription on resources are deployed. There is a resource group where company’s production resources are created. That resource group is called production-rg. There is another resource group where company's development resources are created. That resource group is called development-rg. The development team is assigned the Contributor role to the development-rg resource group. The development team uses three software to make regular configuration changes to the resources of development-rg, as part of their testing. They use the Azure portal, PowerShell, and Azure CLI. You want to make sure development team can work without having the existing files deleted by any user. What would you do?

You work for a company as an Azure administrator. There is a third party email scanning system used by the organization. The system scans email every time an email is sent to or received by Microsoft Office 365. The solution supports single sign-on (SSO) and has advanced mail scanning, reporting, and quarantine features. There is a recipient verification feature in the third-party email scanning system. A non-interactive Azure enterprise app is used to connect that feature to the tenant directory. The application verifies the sending email address before allowing the email to be sent. You are required to know what configurations are set regarding the permissions on the Azure enterprise app. Identify the two actions you must take. (opt any TWO)