Question 6 of 286

HOTSPOT -

You plan to deploy an Azure web app named App1 that will use Azure Active Directory (Azure AD) authentication.

App1 will be accessed from the internet by the users at your company. All the users have computers that run Windows 10 and are joined to Azure AD.

You need to recommend a solution to ensure that the users can connect to App1 without being prompted for authentication and can access App1 only from company-owned computers.

What should you recommend for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

    Correct Answer:

    Box 1: An Azure AD app registration

    Azure active directory (AD) provides cloud based directory and identity management services.You can use azure AD to manage users of your application and authenticate access to your applications using azure active directory.

    You register your application with Azure active directory tenant.

    Box 2: A conditional access policy

    Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action.

    By using Conditional Access policies, you can apply the right access controls when needed to keep your organization secure and stay out of your user's way when not needed.

    Reference:

    https://codingcanvas.com/using-azure-active-directory-authentication-in-your-web-application/ https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

Question 7 of 286

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company deploys several virtual machines on-premises and to Azure. ExpressRoute is deployed and configured for on-premises to Azure connectivity.

Several virtual machines exhibit network connectivity issues.

You need to analyze the network traffic to identify whether packets are being allowed or denied to the virtual machines.

Solution: Use Azure Traffic Analytics in Azure Network Watcher to analyze the network traffic.

Does this meet the goal?

    Correct Answer: B

    To determine if packets are being allowed or denied to virtual machines, using Azure Network Watcher's IP Flow Verify feature is the appropriate solution. IP Flow Verify provides specific information on whether a packet is allowed or denied between a source and destination, including details about the security rules that might be affecting the traffic. On the other hand, Azure Traffic Analytics provides insights and visualizations related to network traffic patterns and statistics but doesn't give specifics on packet filtering needed to diagnose connectivity issues at the VM level.

Question 8 of 286

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company deploys several virtual machines on-premises and to Azure. ExpressRoute is deployed and configured for on-premises to Azure connectivity.

Several virtual machines exhibit network connectivity issues.

You need to analyze the network traffic to identify whether packets are being allowed or denied to the virtual machines.

Solution: Use Azure Advisor to analyze the network traffic.

Does this meet the goal?

    Correct Answer: B

    Azure Advisor is a recommendation tool that provides best practices for optimizing Azure deployments, but it does not analyze network traffic or diagnose connectivity issues. To analyze network traffic and identify whether packets are being allowed or denied to virtual machines, Azure Network Watcher's IP Flow Verify feature is the appropriate tool. IP Flow Verify checks if a packet is allowed or denied to or from a virtual machine, providing details such as the direction, protocol, local and remote IPs, and the rule that denied the packet, if applicable. This feature helps quickly diagnose connectivity issues, making it the correct solution for the given scenario.

Question 9 of 286

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your company deploys several virtual machines on-premises and to Azure. ExpressRoute is deployed and configured for on-premises to Azure connectivity.

Several virtual machines exhibit network connectivity issues.

You need to analyze the network traffic to identify whether packets are being allowed or denied to the virtual machines.

Solution: Use Azure Network Watcher to run IP flow verify to analyze the network traffic.

Does this meet the goal?

    Correct Answer: A

    Azure Network Watcher IP Flow Verify checks whether a packet is allowed or denied to or from a virtual machine. It provides details such as direction, protocol, local IP, remote IP, local port, and remote port. If a packet is denied, it identifies which security rule caused the denial. This tool is suitable for diagnosing connectivity issues within Azure virtual networks, making it an appropriate solution for analyzing the network traffic to identify issues with virtual machine connectivity.

Question 10 of 286

DRAG DROP -

You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server 2016 and Linux.

You need to use Azure Monitor to design an alerting strategy for security-related events.

Which Azure Monitor Logs tables should you query? To answer, drag the appropriate tables to the correct log types. Each table may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Select and Place:

    Correct Answer:

    Reference:

    https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-windows-events https://docs.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-syslog