You need to ensure that when Azure Active Directory (Azure AD) users connect to Azure AD from the Internet by using an anonymous IP address, the users are prompted automatically to change their password.
Your Azure environment contains multiple Azure virtual machines.
You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. Solution: You modify an Azure firewall.
Does this meet the goal?
Yes
No
Answer is Yes
Question 83
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Statements
Yes
No
To implement an Azure Multi-Factor Authentication (MFA) solution, you must deploy a federation solution or sync on-premises identities to the cloud.
Two valid methods for Azure Multi-Factor Authentication (MFA) are picture identification and a passport number.
Azure Multi-Factor Authentication (MFA) can be required for administrative and non-administrative user accounts.
Yes-Yes-Yes
Yes-Yes-No
Yes-No-Yes
Yes-No-No
No-Yes-Yes
No-Yes-No
Answer is
Statements
Yes
No
To implement an Azure Multi-Factor Authentication (MFA) solution, you must deploy a federation solution or sync on-premises identities to the cloud.
Two valid methods for Azure Multi-Factor Authentication (MFA) are picture identication and a passport number.
Azure Multi-Factor Authentication (MFA) can be required for administrative and non-administrative user accounts.
Question 84
Your network contains an Active Directory forest. The forest contains 5,000 user accounts.
Your company plans to migrate all network resources to Azure and to decommission the on-premises data center.
You need to recommend a solution to minimize the impact on users after the planned migration.
What should you recommend?
Implement Azure Multi-Factor Authentication (MFA)
Sync all the Active Directory user accounts to Azure Active Directory (Azure AD)
Instruct all users to change their password
Create a guest user account in Azure Active Directory (Azure AD) for each user
Answer is Sync all the Active Directory user accounts to Azure Active Directory (Azure AD)
Question 85
Which of the following could grant or deny access based on the originating IP address?
Azure Active Directory
Azure Firewall
VPN Gateway
Answer is Azure Firewall. The Azure Firewall grants server access based on the originating IP address of each request. You create firewall rules that specify ranges of IP addresses. Only clients from these granted IP addresses will be allowed to access the server. Firewall rules also include specific network protocol and port information.
Question 86
Which of the following could require both a password and a security question for full authentication?
Azure Firewall
Application Gateway
Multi-Factor Authentication
Answer is Multi-Factor Authentication (MFA). MFA can require two or more elements for full authentication.
Question 87
Which of the following services would you use to filter internet traffic in your Azure virtual network?
Azure Firewall
Network Security Group
VPN Gateway
Answer is Network Security Group (NSG). NSGs allow you to filter network traffic to and from Azure resources in an Azure virtual network. An NSG can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol.
Question 88
Which of the following lets you store passwords in Azure so you can centrally manage them for your services and applications?
Azure Advanced Threat Protection
Azure Key Vault
Azure Security Center
Answer is Azure Key Vault. Azure Key Vault is a centralized cloud service for storing your applications' secrets. Key Vault helps you control your applications' secrets by keeping them in a single, central location and by providing secure access, permissions control, and access logging capabilities.
Question 89
Which of the following should you use to download published audit reports and how Microsoft builds and operates its cloud services?
Azure Policy
Azure Service Health
Service Trust Portal
Answer is Service Trust Portal (STP). Service Trust Portal is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft’s cloud services. STP users can download audit reports produced by external auditors and gain insight from Microsoft-authored reports that provide details on how Microsoft builds and operates its cloud services.
Question 90
Which of the following provides information about planned maintenance and changes that could affect the availability of your resources?
Azure Monitor
Azure Security Center
Azure Service Health
Answer is Azure Service Health. Azure Service Health is a suite of experiences that provide personalized guidance and support when issues with Azure services affect you. It can notify you, help you understand the impact of issues, and keep you updated as the issue is resolved. Azure Service Health can also help you prepare for planned maintenance and changes that could affect the availability of your resources.