Which of the following should you use to download published audit reports and how Microsoft builds and operates its cloud services?
Azure Policy
Azure Service Health
Service Trust Portal
Answer is Service Trust Portal (STP). Service Trust Portal is the Microsoft public site for publishing audit reports and other compliance-related information relevant to Microsoft’s cloud services. STP users can download audit reports produced by external auditors and gain insight from Microsoft-authored reports that provide details on how Microsoft builds and operates its cloud services.
Question 72
Which of the following provides information about planned maintenance and changes that could affect the availability of your resources?
Azure Monitor
Azure Security Center
Azure Service Health
Answer is Azure Service Health. Azure Service Health is a suite of experiences that provide personalized guidance and support when issues with Azure services affect you. It can notify you, help you understand the impact of issues, and keep you updated as the issue is resolved. Azure Service Health can also help you prepare for planned maintenance and changes that could affect the availability of your resources.
Question 73
Where can you obtain details about the personal data Microsoft processes, how Microsoft processes it, and for what purposes?
Microsoft Privacy Statement
Compliance Manager
Azure Service Health
Answer is Microsoft Privacy Statement. The Microsoft Privacy Statement explains what personal data Microsoft processes, how Microsoft processes it, and for what purposes.
Question 74
Which of the following can be used to help you enforce resource tagging so you can manage billing?
Azure Policy
Azure Service Health
Compliance Manager
Answer is Azure Policy. Azure Policy can be used to enforce tagging values and rules on resources.
Question 75
Which of the following lets you grant users only the rights they need to perform their jobs?
Azure Policy
Compliance Manager
Role-Based Access Control
Answer is Role-Based Access Control (RBAC). RBAC lets you to grant users only the rights they need to perform their jobs.
Question 76
Which of these options helps you most easily disable an account when an employee leaves your company?
Enforce multi-factor authentication (MFA)
Monitor sign-on attempts
Use single sign-on (SSO)
Answer is Use single sign-on (SSO). SSO centralizes user identity, so you can disable an inactive account in a single step.
Question 77
What is Azure Information Protection?
AIP is a cloud-based solution that helps organizations classify and (optionally) protect its documents and emails by applying labels. Labels can be applied automatically (by administrators who define rules and conditions), manually (by users), or with a combination of both (where users are guided by recommendations).
AIP is a cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
AIP is a monitoring service that provides threat protection across all of your services both in Azure, and on-premises.
Answer is AIP is a cloud-based solution that helps organizations classify and (optionally) protect its documents and emails by applying labels. Labels can be applied automatically (by administrators who define rules and conditions), manually (by users), or with a combination of both (where users are guided by recommendations).
AIP helps you to track and secure the usage of your company's intellectual property.
Question 78
Which of the following items would be good use of a resource lock?
An ExpressRoute circuit with connectivity back to your on-premises network
A non-production virtual machine used to test occasional application builds
A storage account used to temporarily store images processed in a development environment
Answer is An ExpressRoute circuit with connectivity back to your on-premises network
Protection this mission critical resource from accidental deletion is a great idea.
Question 79
Which of the following approaches would be the most efficient way to ensure a naming convention was followed across your subscription?
Send out an email with the details of your naming conventions and hope it is followed.
Create a policy with your naming requirements and assign it to the scope of your subscription
Give all other users except for yourself read-only access to the subscription. Have all requests to create resources sent to you so you can review the names being assigned to resources, and then create them.
Answer is Create a policy with your naming requirements and assign it to the scope of your subscription
Using Azure Policy ensures that you can not only recommend a naming standard but report on its adoption.
Question 80
Your Azure environment contains multiple Azure virtual machines.
You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.
What are two possible solutions?
Modify an Azure Traffic Manager profile
Modify a network security group (NSG)
Modify a DDoS protection plan
Modify an Azure firewall
Answers are Modify a network security group (NSG) Modify an Azure firewall
A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network.
You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
In this question, we need to add a rule to the network security group to allow the connection to the virtual machine on port 80 (HTTP).