Free AZ-400 Exam Braindumps (page: 32)

Page 32 of 128

SIMULATION
You need to configure a virtual machine named VM1 to securely access stored secrets in an Azure Key Vault named az400-11566895-kv.
To complete this task, sign in to the Microsoft Azure portal.

  1. See Explanation section for answer.

Answer(s): A

Explanation:

You can use a system-assigned managed identity for a Windows virtual machine (VM) to access Azure Key Vault.

Sign in to Azure portal Locate virtual machine VM1. Select Identity
Enable the system-assigned identity for VM1 by setting the Status to On.


Note: Enabling a system-assigned managed identity is a one-click experience. You can either enable it during the creation of a VM or in the properties of an existing VM.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-nonaad



DRAG DROP (Drag and Drop is not supported)
Your company has an Azure subscription named Subscription1. Subscription1 is associated to an Azure Active Directory tenant named contoso.com.

You need to provision an Azure Kubernetes Services (AKS) cluster in Subscription1 and set the permissions for the cluster by using RBAC roles that reference the identities in contoso.com.

Which three objects should you create in sequence? To answer, move the appropriate objects from the list of objects to the answer area and arrange them in the correct order.

Select and Place:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Step 1: Create an AKS cluster

Step 2: a system-assigned managed identity
To create an RBAC binding, you first need to get the Azure AD Object ID.

1.Sign in to the Azure portal.
2.In the search field at the top of the page, enter Azure Active Directory.
3.Click Enter.
4.In the Manage menu, select Users.
5.In the name field, search for your account.
6.In the Name column, select the link to your account.
7.In the Identity section, copy the Object ID.


Step 3: a RBAC binding


Reference:

https://docs.microsoft.com/en-us/azure/developer/ansible/aks-configure-rbac



HOTSPOT (Drag and Drop is not supported)
You manage build and release pipelines by using Azure DevOps. Your entire managed environment resides in Azure.
You need to configure a service endpoint for accessing Azure Key Vault secrets. The solution must meet the following requirements:
-Ensure that the secrets are retrieved by Azure DevOps.
-Avoid persisting credentials and tokens in Azure DevOps.

How should you configure the service endpoint? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Azure Pipelines service connection

Box 2: Managed Service Identity Authentication
The managed identities for Azure resources feature in Azure Active Directory (Azure AD) provides Azure services with an automatically managed identity in Azure AD. You can use the identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without any credentials in your code.


Reference:

https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-key-vault https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview



You are deploying a server application that will run on a Server Core installation of Windows Server 2019. You create an Azure key vault and a secret.
You need to use the key vault to secure API secrets for third-party integrations.

Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  1. Configure RBAC for the key vault.
  2. Modify the application to access the key vault.
  3. Configure a Key Vault access policy.
  4. Deploy an Azure Desired State Configuration (DSC) extension.
  5. Deploy a virtual machine that uses a system-assigned managed identity.

Answer(s): B,C,E

Explanation:

BE: An app deployed to Azure can take advantage of Managed identities for Azure resources, which allows the app to authenticate with Azure Key Vault using Azure AD authentication without credentials (Application ID and Password/Client Secret) stored in the app.

C:
1.Select Add Access Policy.
2.Open Secret permissions and provide the app with Get and List permissions.
3.Select Select principal and select the registered app by name. Select the Select button.
4.Select OK.
5.Select Save.
6.Deploy the app.


Reference:

https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration



Page 32 of 128



Post your Comments and Discuss Microsoft AZ-400 exam with other Community members:

yajnas commented on December 12, 2024
lot of the questions are from AZ-400 practice test
JAPAN
upvote

yajnas commented on December 12, 2024
very relevant information
JAPAN
upvote

yajnas commented on December 12, 2024
good material
JAPAN
upvote

Pandiyan Venkatraman commented on November 13, 2024
good question
Anonymous
upvote

jack commented on September 11, 2024
?? Just found this to be a great resource for AZ-400 prep! Perfect for gauging your readiness before the exam! ????
Anonymous
upvote

FezekaH commented on June 20, 2024
Very effective.
Anonymous
upvote

Marchelo commented on April 17, 2024
My honest opinion, it is good for passing the exam because all questions are same as the exam. But not so much for learning.
FRANCE
upvote

redy commented on February 09, 2024
nice questions
UNITED STATES
upvote

James commented on November 08, 2023
Thank you for providing these free exam questions. I used your questions for AZ-900 and managed to pass my exam. I am now preparing for my AZ-400. The content and questions looks very helpful.
UNITED STATES
upvote

Pieere commented on May 19, 2023
This exam dumps proved to be very same to the real exam. The questions are from real exam.
FRANCE
upvote

salpar commented on March 15, 2023
Good Questions
UNITED STATES
upvote

Papoo commented on October 19, 2022
There were questions on this breaindump that I had not studied for which helped me brush up on the exam. These dump is India.
INDIA
upvote

Jessica commented on July 22, 2022
I like this site because they promise a 100% money back if you fail. I passed my first exam. So I am going to set for my second exam. I feel confident.
UNITED STATES
upvote

Ron commented on June 24, 2022
I cannot thank you guys enough. I finally passed this exam with the help of your questions bank.
UNITED KINGDOM
upvote

Rakish commented on April 26, 2022
Managed to pass the exam after practicing these questions. The Xenigne App software in this package is very handy.
NEW ZEALAND
upvote

Heavy-Coder commented on November 23, 2021
The PDF questions is well formatted. The Test Engine is a very cool tool to practicy. it take the boring out of studying. Over all I am happy with my purchase.
UNITED STATES
upvote

Praveen commented on June 02, 2020
The content of the exam is pretty much same as the exam. Their Xengine App is very user-friendly and quite helpful to simulate the real exam. However, it still needs work which I have provided my feedback to their support email.
UNITED STATES
upvote