exam questions

Exam AZ-801 All Questions

View all questions & answers for the AZ-801 exam

Exam AZ-801 topic 1 question 28 discussion

Actual exam question from Microsoft's AZ-801
Question #: 28
Topic #: 1
[All AZ-801 Questions]

You have an Azure subscription named Sub1 that contains a resource group named RG1. RG1 contains the resources shown in the following table.



Sub1 has Microsoft Defender for Servers enabled. You are assigned the Contributor role for Sub1.

You need to implement just-in-time (JIT) VM access for VM1.

What should you do first?

  • A. Create a network security group (NSG).
  • B. Enable enhanced security in Microsoft Defender for Cloud.
  • C. Request the Owner role for Sub1.
  • D. Create an application security group.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
NotThatGuy242
Highly Voted 11 months, 3 weeks ago
Selected Answer: A
"JIT requires an NSG to be configured or a Firewall configuration (or both)" From here: https://learn.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-usage There's no mention of Azure Firewall in the question, so an NSG would be required.
upvoted 8 times
...
Escaruncho
Most Recent 5 days, 18 hours ago
Selected Answer: A
From what I've gathered, you would need the owner rule IF Microsoft Defender for Servers was not already enabled because you would need that to configure "Microsoft Defender for Cloud, Enhanced Security Management" which is presently just called "Microsoft Defender for Cloud". So if you don't need the owner role nor the "Enable enhanced...", that just leaves us with A. and D. which is definetely out of the question.
upvoted 1 times
...
BlackCat9588
1 month, 1 week ago
Selected Answer: A
A. Create a network security group (NSG).
upvoted 1 times
...
starseed
6 months ago
answer is A
upvoted 1 times
...
smorar
9 months, 1 week ago
The answer is A. Owner: Has full access to all resources, including the right to delegate access to others. Contributor: You can create and manage all types of Azure resources, but you cannot grant access to others. You don't need to be an owner in this case.
upvoted 1 times
smorar
9 months, 1 week ago
The milk. Well, the correct answer is B: B. Enable enhanced security in Microsoft Defender for the cloud. It's true that when you configure JIT, you automatically need to configure NSG, but according to this URL, enabled Defender for Cloud enhanced security features are a prerequisite. https://learn.microsoft.com/en-us/azure/defender-for-cloud/tutorial-protect-resources
upvoted 4 times
NilsAbrahamsson
7 months, 2 weeks ago
Looks like you're right there. Sure, JIT uses NSG, but Enhanced Security is a prerequisite... and the question is "What should you do first?"
upvoted 1 times
...
...
...
bpaccount
9 months, 2 weeks ago
Selected Answer: A
I think its A, NSG
upvoted 1 times
...
mohamed1999
10 months ago
Selected Answer: C
contributor rights alone do not allow you to enable Just-In-Time (JIT) access in an Azure subscription. JIT access involves managing access to specific resources for a limited time window. To enable JIT, you need additional permissions related to security management and resource access control.
upvoted 1 times
...
Kuikz
10 months ago
Selected Answer: A
https://learn.microsoft.com/en-us/azure/defender-for-cloud/just-in-time-access-usage Just-in-time VM access shows your VMs grouped into: Configured - VMs configured to support just-in-time VM access, and shows: - the number of approved JIT requests in the last seven days - the last access date and time - the connection details configured the last user Not configured - VMs without JIT enabled, but that can support JIT. We recommend that you enable JIT for these VMs. Unsupported - VMs that don't support JIT because: - Missing network security group (NSG) or Azure Firewall - JIT requires an NSG to be configured or a Firewall configuration (or both) - Classic VM - JIT supports VMs that are deployed through Azure Resource Manager. - Other - The JIT solution is disabled in the security policy of the subscription or the resource group.
upvoted 1 times
...
AppieHappie
10 months ago
According to Copilot, The Contributor-role on the Subscription level should suffice to perform all the steps required to configure JIT. You do need to configure NSG rules though, so my answer would be A.
upvoted 3 times
...
Chrisvt
11 months, 3 weeks ago
Selected Answer: C
Owner role is required to enable JIT
upvoted 1 times
...
pnewcap
1 year ago
Selected Answer: B
isn't it B?
upvoted 2 times
...
SanMan_NZ
1 year ago
Selected Answer: C
Correct, below are the prerequisites: You’ll need: 1.) An Azure Subscription 2.) Logged into the Azure Portal with an Azure account with the Subscription Owner role. 3.) A Standard Azure Defender plan. You can sign up while logged into the Azure Portal via Azure Security Center. 4.) Azure Cloud Shell or PowerShell. Be sure you log in once to create the storage account it needs at least once. 5.) The Azure Defender service enabled. Part of Azure Security Center, you’ll need to first enable it on your subscription. Azure Security Permissions - https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago