You want to prevent virtual machines vms from being deployed in a subscription

2. Citrix DaaS

December 8, 2022

Contributed by:

C

When using the Microsoft Azure Resource Manager to provision virtual machines in your Citrix Virtual Apps or Citrix Virtual Desktops service deployment, get familiar with the following:

• Azure Active Directory: https://docs.microsoft.com/en-in/azure/active-directory/fundamentals/active-directory-whatis/
• Consent framework: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/plan-an-application-integration
• Service principal: https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals/

To set up your Microsoft Azure Resource Manager, see Set up resource location.

Where to go next

• For a simple proof-of-concept deployment, install a VDA on a machine that will deliver apps or a desktop to your users.
• For creating and managing a connection, see Connection to Microsoft Azure.
• Review all the steps in the installation and configuration process.

More information

• Connections and resources
• Create machine catalogs
• CTX219211: Set up a Microsoft Azure Active Directory account
• CTX219243: Grant XenApp and XenDesktop access to your Azure subscription
• CTX219271: Deploy hybrid cloud using site-to-site VPN

Was this helpful

Send us your feedback

Instructions for Contributors

2. Citrix DaaS

Microsoft Azure Resource Manager cloud environments

December 8, 2022

Contributed by:

C

December 8, 2022

Contributed by:

C

In this article

• Where to go next
• More information

Was this helpful

Send us your feedback

Instructions for Contributors

Question 101

To complete the sentence, select the appropriate option in the answer area.

A resource group is a logical container for Azure resources. Resource groups make the management of Azure resources easier.
With a resource group, you can allow a user to manage all resources in the resource group, such as virtual machines, websites, and subnets. The permissions you apply to the resource group apply to all resources contained in the resource group.

Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-groups
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview

Question 102

Your company has virtual machines (VMs) hosted in Microsoft Azure. The VMs are located in a single Azure virtual network named VNet1.
The company has users that work remotely. The remote workers require access to the VMs on VNet1.
You need to provide access for the remote workers.

What should you
(Describe general security and network security features)

Configure a Site-to-Site (S2S) VPN.

Configure a VNet-toVNet VPN.

Configure a Point-to-Site (P2S) VPN.

Configure DirectAccess on a Windows Server 2012 server VM.

Configure a Multi-Site VPN

Answer is Configure a Point-to-Site (P2S) VPN.

A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer.
P2S VPN is also a useful solution to use instead of S2S VPN when you have only a few clients that need to connect to a VNet.

Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/design

Question 103

How can the IT department ensure that employees at the company's retail stores can access company applications only from approved tablet devices?
(Describe identity, governance, privacy, and compliance features)

SSO

Conditional Access

Multifactor authentication

Answer is Conditional Access

Conditional Access enables you to require users to access your applications only from approved, or managed, devices.

Question 104

How can the IT department use biometric properties, such as facial recognition, to enable delivery drivers to prove their identities?
(Describe identity, governance, privacy, and compliance features)

SSO

Conditional Access

Multifactor authentication

Answer is Multifactor authentication

Authenticating through multifactor authentication can include something the user knows, something the user has, and something the user is.

Question 105

How can the IT department reduce the number of times users must authenticate to access multiple applications?
(Describe identity, governance, privacy, and compliance features)

SSO

Conditional Access

Multifactor authentication

Answer is SSO

SSO enables a user to remember only one ID and one password to access multiple applications.

Question 106

How can companies allow some users to control the virtual machines in each environment but prevent them from modifying networking and other resources in the same resource group or Azure subscription?
(Describe identity, governance, privacy, and compliance features)

Create a role assignment through Azure role-based access control (Azure RBAC).

Create a policy in Azure Policy that audits resource usage.

Split the environment into separate resource groups.

Answer is Create a role assignment through Azure role-based access control (Azure RBAC).

Azure RBAC enables you to create roles that define access permissions. You might create one role that limits access only to virtual machines and a second role that provides administrators with access to everything.

Question 107

Which is the best way for companies to ensure that they only deploy cost-effective virtual machine SKU sizes?
(Describe identity, governance, privacy, and compliance features)

Create a policy in Azure Policy that specifies the allowed SKU sizes.

Periodically inspect the deployment manually to see which SKU sizes are used.

Create an Azure RBAC role that defines the allowed virtual machine SKU sizes.

Answer is Create a policy in Azure Policy that specifies the allowed SKU sizes.

After you enable this policy, that policy is applied when you create new virtual machines or resize existing ones. Azure Policy also evaluates any current virtual machines in your environment.

Question 108

Which is likely the best way for companies to identify which billing department each Azure resource belongs to?
(Describe identity, governance, privacy, and compliance features)

Track resource usage in a spreadsheet.

Split the deployment into separate Azure subscriptions, where each subscription belongs to its own billing department.

Apply a tag to each resource that includes the associated billing department.

Answer is Apply a tag to each resource that includes the associated billing department.

Tags provide extra information, or metadata, about your resources. They might create a tag that's named BillingDept whose value would be the name of the billing department. You can use Azure Policy to ensure that the proper tags are assigned when resources are provisioned.

Question 109

Where can the company access details about the personal data Microsoft processes and how the company processes it, including for Cortana?
(Describe identity, governance, privacy, and compliance features)

Microsoft Privacy Statement

The Azure compliance documentation

Microsoft compliance offerings

Answer is Microsoft Privacy Statement

The Microsoft Privacy Statement provides information that's relevant to specific services, including Cortana.

Question 110

Where can a legal team access information around how the Microsoft cloud helps them secure sensitive data and comply with applicable laws and regulations?
(Describe identity, governance, privacy, and compliance features)

Microsoft Privacy Statement

Trust Center

Online Services Terms

Answer is Trust Center

The Trust Center is a great resource for people in your organization who might play a role in security, privacy, and compliance.

Previous QuestionNext Question

Quick access to all questions in this exam

Which feature restrict which virtual machine types can be created in a subscription?

Which situation will prevent a virtual machine VM from being migrated from an on

How to move VM from one subscription to another subscription in Azure?

Can be used to prevent VMs being created in specific resource groups?