What should you do A Deploy an Azure firewall to Subnet1 B Remove the Azure

What should you do?A.Deploy an Azure firewall to Subnet1.B.Remove the Azure firewall.C.Implement a virtual network service endpoint.D.Create a stored access policy for contososa1.Answer:CExplanation:Virtual Network (VNet) service endpoints extend your virtual network private address space andthe identity of your VNet to the Azure services, over a direct connection. Endpoints allow you tosecure your critical Azure service resources to only your virtual networks. Traffic from your VNetto the Azure service always remains on the Microsoft Azure backbone network.References:QUESTION 74Your company has the groups shown in the following table.The company has an Azure subscription that contains an Azure Active Directory (Azure AD)tenant named contoso.com.79

An administrator named Admin1 attempts to enable Enterprise State Roaming for all the users inthe Managers group.Admin1 reports that the options for Enterprise State Roaming are unavailable from Azure AD.You verify that Admin1 is assigned the Global administrator role.You need to ensure that Admin1 can enable Enterprise State Roaming.What should you do?A.Enforce Azure Multi-Factor Authentication (MFA) for Admin1.B.Purchase an Azure AD Premium P1 license for each user in the Managers group.C.Assign an Azure AD Privileged Identity Management (PIM) role to Admin1.D.Purchase an Azure Rights Management (Azure RMS) license for each user in the Managers group.Answer:BExplanation:Enterprise State Roaming is available to any organization with an Azure AD Premium orEnterprise Mobility + Security (EMS) license.References:-enableQUESTION 75You create a new Azure subscription. You create a resource group named RG1. In RG1, youcreate the resources shown in the following table.You need to configure an encrypted tunnel between your on-premises network and VNET1.Which two additional resources should you create in Azure? Each correct answer presents part ofthe solution.NOTE: Each correct selection is worth one point.A.a site-to-site connectionB.a VPN gatewayC.a VNet-to VNet connectionD.a local network gatewayE.a point-to-site configurationAnswer:BDExplanation:A Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azurevirtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires80

a VPN device, a local network gateway, located on-premises that has an externally facing publicIP address assigned to it.Finally, create a Site-to-Site VPN connection between your virtual network gateway and your on-premises VPN device.