Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains 10 virtual networks. The virtual networks are hosted in separate resource groups.
Another administrator plans to create several network security groups (NSGs) in the subscription.
You need to ensure that when an NSG is created, it automatically blocks TCP port 8080 between the virtual networks.
Solution: You configure a custom policy definition, and then you assign the policy to the subscription.
Does this meet the goal?

A. Yes

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure container registry named Registry1 that contains an image named image1.
You receive an error message when you attempt to deploy a container instance by using image1.
You need to be able to deploy a container instance by using image1.
Solution: You create a private endpoint connection for Registry1.
Does this meet the goal?

A. Yes

B. No

You have a Microsoft Entra tenant named contoso.com. You have a CSV file that contains the names and email addresses of 500 external users.
You need to create a guest user account in contoso.com for each of the 500 external users.
Solution: You create a PowerShell script that runs the New-Mginvitation cmdlet for each external user.
Does this meet the goal?

A. Yes

B. No

You plan to deploy several Azure virtual machines that will run Windows Server 2022 in a virtual machine scale set by using an Azure Resource Manager template.
You need to ensure that NGINX is available on all the virtual machines after they are deployed.
What should you use?

A. A Microsoft intune device configuration profile

B. Microsoft entra Application proxy

C. Azure Custom Script Extension

D. Department Center in Azure App service

You have an Azure subscription that contains the virtual networks shown in the following table.


You have the virtual machines shown in the following table.


You have the virtual network interfaces shown in the following table.


Server1 is a DNS server that contains the resources shown in the following table.


You have an Azure private DNS zone named contoso.com that has a virtual network link to VNET2 and the records shown in the following table.


For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains an Azure Storage account named storage1 and the users shown in the following table.


NOTE: Each correct selection is worth one point.

You have an Azure subscription named Sub1 that contains the blob containers shown in the following table.
Sub1 contains two users named User1 and User2. Both users are assigned the Reader role at the Sub1 scope.
You have a condition named Condition1 as shown in the following exhibit.

You have a Microsoft Entra tenant.
You need to modify the Default user role permissions settings for the tenant. The solution must meet the following requirements:

* Standard users must be prevented from creating new service principals.
* Standard users must only be able to use PowerShell or Microsoft Graph to manage their own Azure resources.

Which two settings should you modify? To answer, select the appropriate settings in the answer area.
NOTE: Each correct answer is worth one point

You have an Azure subscription that contains a virtual machine named VM1.
You have an on-premises datacenter that contains a domain controller named DC1.
ExpressRoute is used to connect the on-premises datacenter to Azure.
You need to use Connection Monitor to identify network latency between VM1 and DC1.
What should you install on DC1?

A. the Log Analytics agent

B. the Azure Network Watcher Agent virtual machine extension

C. an Azure Monitor agent extension

D. the Azure Connected Machine agent for Azure Arc-enabled servers

You have an Azure subscription that contains a storage account named storage1.
You plan to create a blob container named contained.
You need to use customer-managed key encryption for contained.
Which key should you use?

A. an EC key that uses the P-384 curve only

B. an EC key that uses the P-521 curve only

C. an EC key that uses the P-384 curve or P-521 curve only

D. an RSA key with a key size of 4096 only

E. an RSA key type with a key size of 2048, 3072. or 4096 only