AZ-204: Practice topic 3

Reading time ~1 minute

In app registration, select New registration

Select Azure AD

Wrong

In app registration, select New registration

Select Azure AD

Create a new application

https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

Page 13

  1. AC X BC

Prerequisites:

A working Azure AD tenant with at least an Azure AD Premium P1 or trial license enabled.

The recommended way to enable and use Azure AD Multi-Factor Authentication is with Conditional Access policies.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa

  1. C

  2. B

  3. Y

  4. Y

Page 14

  1. Soft deletion

Purge protection

  1. AD

9. client_id, application, profile X

  1. UseAuth UseAuthorization UseAzureAppConfiguration

  2. C

Page 15

  1. Y

  2. Y X

The requirement is to save scanned copies of patient intake forms. Which is kind of unstructured data, should not be saved with cosmos db. Using azure blob storage instead.

  1. N

  2. keyvault

keyvault key

vm

vm encryption

data X all

  1. C

Page 16

  1. 5->3->4->2->1

X

5->3->2->1->4

  1. N

  2. Y X

Role-based access control is used for authorization and not authentication.

  1. Device

iPhone X iOS

Header

User_agent

iPhone

  1. Y X

Page 17

  1. Y

  2. optionalClaims

requiredResourceAccess

https://docs.microsoft.com/en-US/azure/active-directory/develop/reference-app-manifest?WT.mc_id=Portal-Microsoft_AAD_RegisteredApps

  1. B

  2. B X A

  1. D

Page 18

  1. D

  2. Inbound

Inbound

Outbound Outbound

  1. SecretClient

ClientSecretCredential X DefaultAzureCredential

This example is using ‘DefaultAzureCredential()’ class from Azure Identity Library, which allows to use the same code across different environments with different options to provide identity. For more information about authenticating to key vault, see Developer’s Guide.

https://docs.microsoft.com/en-us/azure/key-vault/secrets/quick-create-net#authenticate-and-create-a-client

  1. AB

31. AC X AD

The question requires to use SAS token, C is not correct.

https://docs.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas#revoke-a-user-delegation-sas

Page 19

  1. Generate key blob-> Generate KEK-> Retrieve KEk-> key import

X

Generate KEK-> Retrieve KEk-> Generate key blob-> key import

User steps To perform a key transfer, a user performs following steps:

  1. Generate KEK.
  2. Retrieve the public key of the KEK.
  3. Using HSM vendor provided BYOK tool - Import the KEK into the target HSM and exports the Target Key protected by the KEK.
  4. Import the protected Target Key to Azure Key Vault.

Customers use the BYOK tool and documentation provided by HSM vendor to complete Steps 3. It produces a Key Transfer Blob (a “.byok” file).

https://docs.microsoft.com/en-us/azure/key-vault/keys/byok-specification

  1. A

  2. YYYY

  3. AC

36. Y X N

N

Y

https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-choose-offer

Page 20

  1. Builder scopes

Page 21

Page 22

Read More

AZ-204: Practice topic 5

1. inboundOutboundBackend2. C### [Page 25](https://www.examtopics.com/exams/microsoft/az-204/view/25/)25. 26. 27. 28. 29. ### [Page 26](h...… Continue reading

AZ-204: Practice topic 4

Published on February 20, 2022

AZ-204: Practice topic 2

Published on January 14, 2022