Sub2 contains the network security groups nsgs shown

This preview shows page 129 - 135 out of 200 pages.

Sub2 contains the network security groups (NSGs) shown in the following table.NSG1 has the inbound security rules shown in the following table.NSG2 has the inbound security rules shown in the following table.NSG3 has the inbound security rules shown in the following table.NSG4 has the inbound security rules shown in the following table.
HHNSG1, NSG2, NSG3, and NSG4 have the outbound security rules shown in the following table.Technical requirementsContoso identifies the following technical requirements:Deploy Azure Firewall to VNetwork1 in Sub2.Register an application named App2 in contoso.com.Whenever possible, use the principle of least privilege.Enable Azure AD Privileged Identity Management (PIM) for contoso.com.QUESTION 1HOTSPOTYou assign User8 the Owner role for RG4, RG5, and RG6.In which resource groups can User8 create virtual networks and NSGs? To answer, select the appropriateoptions in the answer area.NOTE:Each correct selection is worth one point.Hot Area:Correct Answer:
HHSection: [none]ExplanationExplanation/Reference:Explanation:Box 1: RG4 onlyThe policy does not allow the creation of virtual networks in RG5 or RG6.Box 2:The policy does not allow the creation of NSGs in RG5.References:QUESTION 2HOTSPOTWhich virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select theappropriate options in the answer area.NOTE:Each correct selection is worth one point.Hot Area:
HHCorrect Answer:Section: [none]ExplanationExplanation/Reference:Explanation:Box 1: VNET4 and VNET1 onlyRG1 has only Delete lock, while there are no locks on RG4.RG2 and RG3 both have Read-only locks.Box 2: VNET4 onlyThere are no locks on RG4, while the other resource groups have either Delete or Read-only locks.Note: As an administrator, you may need to lock a subscription, resource group, or resource to preventother users in your organization from accidentally deleting or modifying critical resources. You can set thelock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-onlyrespectively.CanNotDelete means authorized users can still read and modify a resource, but they can't delete the
HHresource.ReadOnly means authorized users can read a resource, but they can't delete or update the resource.Applying this lock is similar to restricting all authorized users to the permissions granted by the Readerrole.Scenario:User2 is a Security administrator.Sub1 contains six resource groups named RG1, RG2, RG3, RG4, RG5, and RG6.User2 creates the virtual networks shown in the following table.Sub1 contains the locks shown in the following table.Reference:
HHQuestion Set 2QUESTION 1HOTSPOTYou are configuring just in time (JIT) VM access to a set of Azure virtual machines.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 200 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Spring
Professor
Talbi Zaid
Tags
azure active directory

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture