QUESTION: 28 Exam Topic: Secure data and applications questions

You have an Azure subscription named Sub1 that contains the resources shown in the following table.
You need to ensure that you can provide VM1 with secure access to a database on SQL1 by using a contained database user.
What should you do?

Enable a managed identity on VM1.
Create a secret in KV1.
Configure a service endpoint on SQL1.
Create a key in KV1.

Answer(s): A

Reveal Solution Next Question

QUESTION: 29 Exam Topic: Secure data and applications questions

You have an Azure subscription named Sub1 that contains the Azure key vaults shown in the following table:
In Sub1, you create a virtual machine that has the following configurations:
-Name: VM1
-Size: DS2v2
-Resource group: RG1
-Region: West Europe
-Operating system: Windows Server 2016
You plan to enable Azure Disk Encryption on VM1.
In which key vaults can you store the encryption key for VM1?

Vault1 or Vault3 only
Vault1, Vault2, Vault3, or Vault4
Vault1 only
Vault1 or Vault2 only

Answer(s): A

Explanation:

In order to make sure the encryption secrets don't cross regional boundaries, Azure Disk Encryption needs the Key Vault and the VMs to be co-located in the same region. Create and use a Key Vault that is in the same region as the VM to be encrypted.

Reference:

https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-prerequisites

Reveal Solution Next Question

QUESTION: 30 Exam Topic: Secure data and applications questions

HOTSPOT (Drag and Drop is not supported) (Drag and Drop is not supported)
You have an Azure subscription that contains the resources shown in the following table.
User1 is a member of Group1. Group1 and User2 are assigned the Key Vault Contributor role for Vault1.
On January 1, 2019, you create a secret in Vault1. The secret is configured as shown in the exhibit. The date format YYYY-MM-DD is used on the exhibit. (Click the Exhibit tab.)
User2 is assigned an access policy to Vault1. The policy has the following configurations:
-Key Management Operations: Get, List, and Restore
-Cryptographic Operations: Decrypt and Unwrap Key
-Secret Management Operations: Get, List, and Restore
Group1 is assigned an access policy to Vault1. The policy has the following configurations:
-Key Management Operations: Get and Recover
-Secret Management Operations: List, Backup, and Recover
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

See Explanation section for answer.

Answer(s): A

Explanation:

Reveal Solution Next Question

QUESTION: 31 Exam Topic: Secure data and applications questions

HOTSPOT (Drag and Drop is not supported) (Drag and Drop is not supported)
You have an Azure Active Directory (Azure AD) tenant named contoso1812.onmicrosoft.com that contains the users shown in the following table.
You create an Azure Information Protection label named Label1. The Protection settings for Label1 are configured as shown in the exhibit. (Click the Exhibit tab.)
Label1 is applied to a file named File1.
For each of the following statements, select Yes if the statement is true, Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area: