ExamGecko
Search Search Login
Home Home / Microsoft / AZ-720
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT A company named Contoso connects its on-premises resources to Azure by using ExpressRoute. An administrator reports that the circuit is in a failed state. You need to resolve the issue. How should you complete the PowerShell commands?
You need to resolve the issue with VM10. What should you do?
A company has an Azure point-to-site virtual private network (VPN) that uses certificate-based authentication. A user reports that the following error message when they try to connect to the VPN by using a VPN client on a Windows 11 machine: A certificate could not be found You need to resolve the issue. Which three actions should you perform?
You need to resolve the issue repotted by Admin2. What should you do?
A company has an Azure Virtual Network gateway named VNetGW1. The company enables point-tosite connectivity on VNetGW1. An administrator configures VNetGW1 for the following: OpenVPN for the tunnel type. Azure certificate for the authentication type. Users receive a certificate mismatch error when connecting by using a VPN client. You need to resolve the certificate mismatch error. What should you do?
A company has two virtual networks (VNets) that are configured to use peering. Several Azure virtual machines are connected to each network. An on-premises network is connected to one of the VNets by using Azure VPN Gateway. An administrator reports that communication between applications across the VNets is failing. You need to troubleshoot the issue. Which two features can you use to achieve the goal?
A company has an Azure tenant. The company deploys an Azure Firewall named FW1 using the Standard SKU. You configure FW1 using classic firewall rules. The company creates an application rule collection with the following settings: Priority: 100 Action: Deny Rule type: FQDN Source type: IP address Source: * Protocol: http:80,https:443 Target FQDN: *.cloud.contoso.com An engineer observes that traffic to console.cloud.conotoso.com is still allowed by FW1. You need to determine why the traffic is allowed. What should you review?
A company migrates an on-premises Windows virtual machine (VM) to Azure. An administrator enables backups for the VM by using the Azure portal. The company reports that the Azure VM backup job is failing. You need to troubleshoot the issue. Solution: Configure the retention range for the current VM backup policy. Does the solution meet the goal?
A company connects their on-premises network by using Azure VPN Gateway. The on-premises environment includes three VPN devices that separately tunnel to the gateway by using Border Gateway Protocol (BGP). A new subnet should be unreachable from the on-premises network. You need to implement a solution. Solution: Configure subnet delegation. Does the solution meet the goal?
A company implements self-service password reset (SSPR). After a firewall upgrade at the company's datacenter, SSPR stops working. You need to resolve the issue. Which two URLs must be present on the firewalls to allow SSPR to connect?

Question 8 - AZ-720 discussion

Report
Export

HOTSPOT

You need to resolve the issue.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 8
Correct answer: Question 8

Explanation:

Box 1: Assign the Contributor role to the team members.

In the given scenario, the team members are unable to create or manage resources in the Azure portal. To allow them to do so, you should assign the Contributor role to the team members. The Contributor role allows users to create and manage resources within the scope of their access, but they cannot grant access to others. The Reader role only provides read access to resources and does not allow creation or management of resources. The Reader and Data Access role is not a valid combined role in Azure. Reference: - Azure built-in roles: https://docs.microsoft.com/enus/ azure/role-based-access-control/built-in-roles As mentioned in the scenario, the team members are unable to create resources in Azure Portal. This indicates that they do not have sufficient permissions to perform this operation. To grant them permissions, you need to assign them an Azure role that allows creating and managing Azure resources. Azure roles are roles that can be assigned to users, groups, or applications to manage access to Azure resources1. Azure roles are based on Azure role-based access control (Azure RBAC), which is an authorization system that provides fine-grained access management of Azure resources2. With Azure RBAC, you can control access to resources by creating role assignments, which consist of three elements2:

The security principal: The user, group, or application that you want to grant or deny access to the resource. The role definition: The predefined or custom set of permissions that you want to grant or deny on the resource. For example, read, write, delete, backup, restore, etc. The scope: The level at which you want to apply the role assignment. For example, at the management group, subscription, resource group, or individual resource level. To assign an Azure role that allows creating and managing Azure resources, you can use the Contributor role. The Contributor role is a built-in role that has full access to all resources except granting access to others1. This means that users who are assigned the Contributor role can create and manage any type of Azure resource, such as virtual machines, storage accounts, web apps, etc. To assign the Contributor role using the Azure portal, follow these steps3:

In the Azure portal, navigate to the scope where you want to assign the role. For example, a subscription or a resource group. Select Access control (IAM), then select Add > Add role assignment.

Under Role, select Contributor from the drop-down list.

Under Assign access to, select User, group, or service principal.

Under Select, find and select the users or groups that you want to assign the role to. You can type in the Select box to search the directory for display name or email address. Select Save to create the role assignment.

To assign the Contributor role using the Azure CLI or PowerShell, see Assign Azure roles using CLI or PowerShell.

Box 2: Assign the Storage Blob Data Contributor role to the team members.

A detailed explanation with references is as follows:

As mentioned in the scenario, the team members are unable to perform backups and restores of blob dat a. This indicates that they do not have sufficient permissions to access blob storage resources. To grant them permissions, you need to assign them an Azure role that allows read/write/delete permissions to blob storage resources.

Azure roles are roles that can be assigned to users, groups, or applications to manage access to Azure resources2. Azure roles are based on Azure role-based access control (Azure RBAC), which is an authorization system that provides fine-grained access management of Azure resources3. With Azure RBAC, you can control access to resources by creating role assignments, which consist of three elements3:

The security principal: The user, group, or application that you want to grant or deny access to the resource. The role definition: The predefined or custom set of permissions that you want to grant or deny on the resource. For example, read, write, delete, backup, restore, etc. The scope: The level at which you want to apply the role assignment. For example, at the management group, subscription, resource group, or individual resource level. To assign an Azure role that allows read/write/delete permissions to blob storage resources, you can use the Storage Blob Data Contributor role. The Storage Blob Data Contributor role is a built-in role that has full access to blob storage resources except granting access to others1. This means that users who are assigned the Storage Blob Data Contributor role can perform backups and restores of blob data. To assign the Storage Blob Data Contributor role using the Azure portal, follow these steps4:

In the Azure portal, navigate to the scope where you want to assign the role. For example, a storage account or a container. Select Access control (IAM), then select Add > Add role assignment.

Under Role, select Storage Blob Data Contributor from the drop-down list.

Under Assign access to, select User, group, or service principal.

Under Select, find and select the users or groups that you want to assign the role to. You can type in the Select box to search the directory for display name or email address. Select Save to create the role assignment.

To assign the Storage Blob Data Contributor role using the Azure CLI or PowerShell, see Assign Azure roles using CLI or PowerShell.

Show Answer Show Case Study
asked 02/10/2024
Cihad Yorulmaz
31 questions
PreviousPreviousNextNext
User
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms