Questions Flashcards
The core application development team in your company needs read/write access to Azure-based storage account as a repository for new , company-wide application.
You need to create a geo-redundant storage account within Azure resource group and provide the access control keys to the application development team.
How should you complete the PowerShell script?
Select answer:
Add-AzureAccount
Login-AzAccount
Set-AzContext-Subscription “SubsciprtionName”
Select answer:
New-AzResourceGroup
New-AzReourceGroupDeployment
-Name “ResourceGroupName” -Location “East US 2”
New-AzStorageAccount -Name “Storageaccount” -ResourceGroupName “ResourceGroupname”
Select anawer - Kind or -Sku Name
Select answer Standard_GRS or Standard_LRS or Standard_RAGRS
-Location “East US 2
Select Answer get-AZkeyVault or Get-Azstorage or Get-AzStorageAccountKey
-ResourceGroupName “ResourceGroupName” -Name “Storageaccount”
Question 2
your Azure subscription has the following resources:
three app services
one backup vault
one Azure event hub
a virtual network named vnet 01
VPN gateway
You deploy a new storage account named storage one in a resource group named RG01
you need to ensure that the app services, the backup vault and the event hub can access a new storage account. Access should be enabled from the Azure only and not via public Internet.
you decide to use PowerShell to set up the new storage account.
how should you complete the command string to answer select the appropriate options from the drop down menus?
Get-AZ virtual network -resource group name “RG01” -name “V net 01
Set -AZ VirtualNetworkSubnetConfig -Name “VSubnet 01
-address prefix “10.0.0.0/24” -service endpoint “ Select answer : AzureServices or Logging or Metrics or Microsoft.storage or none
Set-AzVirtaulNetwork
$subnet =GetAzvirtaulNetwork -ResourceGroupName “RG01” -Name “VNET01”
Get-AzVirtaulNetqorkingSubnetConfig -Name “VSUBNET01”
Select Answer:
Add-AzStorageAccountNetworkRule
Remove-AzStorageAccountNetworkRuleSet
SetAzStorageAccount
Upadate-AzStorageAccountNetworkRuleSet
-ResourceGroupName “RG01” -Name “storage01” -VirtaulNetworkResourceId $subnet.Id
Select Answer
Add-AzStorageAccountNetworkRule
Remove-AzStorageAccountNetworkRuleSet
SetAzStorageAccount
Upadate-AzStorageAccountNetworkRuleSet
- ResourceGroup “RG01” -Name “Storage01” – Bypass( Select answer: AzureServices or Logging or Metrics or Microsoft.storage or none)
Your company is developing a.net application that stores part of the information in an Azure storage account the application will be installed on end users computers.
You need to ensure that the information stored in the storage account is accessed in a secure way so you asked the developers to use a shared access signature when accessing said information. You need to make the required configurations on the storage account to follow security bits practices and enable access to the account without immediate effect
for each of the following statements select yes if the statement is true otherwise select no
Statement
you need to configure a stored access policy
Yes or no
you should see the shade access signature start time to now
Yes or no
you should validate data that has been written using a SAS
Yes or no
one option for revoking access is by deleting a stored access policy
Yes or no
You create a binary large object storage account named report storage 99 that contains archival reports from past corporate board meetings
A board member requests access to a specific report the member does not have an Azure Active Directory Azure AD user account moreover they have access only to a web browser on his Google Chromebook device.
You need you need to provide the board member with least privileged access to the request report while maintaining security compliance and minimizing administrative overhead
What should you do?
Deploy a point to site (P2S) virtual private network (VPN) connection on the board member’s Chromebook and grant the board member role based access control access to the report
generate a shared access signature token for the report and share the uniform resource locator URL with the board member
copy the report to Azure file service share the provide provide the board member with a PowerShell connection script
Create an Azure AD account for a board member and granting role based access to the storage account
You have a storage account named sales storage in a subscription named sales subscription you create a container in a BLOB storage named sales container
You create the shared access signature shown in the exhibit
you try to carry out the actions from several computers at different times using the SAS key1 one configurations shown in the exhibit
what level of access would be available in each scenario to answer select the appropriate options from the drop down menus
Choose options
Configuration: 151.112.10.6
Value : March 4th 2020 at 11am
Action: Connect to storage account
Action result(Select answer) :
Connection failure with read access
Connection failure with read , write , and list access
Connection success with read , write , and list access
Configuration: 151.112.11.6
Value : March 4th 2020 at 12am
Action: Connect to storage account
Action result(Select answer) :
Connection failure with read access
Connection failure with read , write , and list access
Connection success with read , write , and list access
Configuration: 151.112.10.6
Value : March 4th 2020 at 10am
Action: Create a container
Action result(Select answer) :
Connection failure with read access
Connection failure with read , write , and list access
Connection success with read , write , and list access
Configuration: 151.112.10.6
Value : March 4th 2020 at 12am
Action: Read a file share
Action result(Select answer) :
Connection failure with read access
Connection failure with read , write , and list access
Connection success with read , write , and list access
Q6
Q7
Q8
Q9
Q10
Q11
Q12
Q13
Q14
Q15
