Loading questions...
Loading questions...
Preview
Updated
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
You need to ensure that the rg1lod28681041n1 Azure Storage account is encrypted by using a key stored in the KeyVault28681041 Azure key vault.
To complete this task, sign in to the Azure portal.
You have an Azure subscription.
You plan to deploy Microsoft Defender External Attack Surface Management (Defender EASM) to identify and monitor externally facing assets.
You create a new Defender EASM instance named EASM1.
What should you do next?
You have an Azure subscription that contains an Azure Key Vault Standard key vault named Vault1. Vault1 hosts a 2048-bit RSA key named key1.
You need to ensure that key1 is rotated every 90 days.
What should you do first?
You have an Azure subscription that contains a virtual network named VNet1. VNet1 contains a single subnet. The subscription contains a virtual machine named VM1 that is connected to VNet1.
You plan to deploy an Azure SQL managed instance named SQL1.
You need to ensure that VM1 can access SQL1.
Which three components should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
You have two Azure subscriptions named Sub1 and Sub2. Sub1 contains a resource group named RG1 and an Azure policy named Policy1.
You need to remediate the non-compliant resources in Sub1 based on Policy1.
How should you complete the PowerShell script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have an Azure subscription named Sub1 that contains the storage accounts shown in the following table.
The storage3 storage account is encrypted by using customer-managed keys.
You need to enable Microsoft Defender for Storage to meet the following requirements:
• The storage1 and storage2 accounts must be included in the Defender for Storage protections.
• The storage3 account must be excluded from the Defender for Storage protections.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area.
Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure AD tenant.
You plan to implement single sign-on (SSO) for Azure AD resources.
You need to configure an Intranet Zone setting for all users by using a Group Policy Object (GPO).
Which setting should you configure?
You have an Azure AD tenant.
You need to ensure that users cannot create passwords containing a variation of the word contoso.
What should you configure?
You have an Azure AD tenant that contains the groups shown in the following table.
You assign licenses to the groups as shown in the following table.
On May1, you delete Group1, Group2, and Group3.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription.
You create an Azure Firewall policy that has the rules shown in the following table.
In which order should the rules be processed? To answer, move all rules from the list of rules to the answer area and arrange them in the correct order.
You are implementing an Azure Application Gateway web application firewall (WAF) named WAF1.
You have the following Bicep code snippet.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the virtual networks shown in the following table.
NSG1 and NSG2 both have default rules only.
The subscription contains the virtual machines shown in the following table.
The subscription contains the web apps shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription named Sub1 that has Security defaults disabled. The subscription contains the following users:
• Five users that have owner permissions for Sub1.
• Ten users that have owner permissions for Azure resources.
None of the users have multi-factor authentication (MFA) enabled.
Sub1 has the secure score as shown in the Secure Score exhibit. (Click the Secure Score tab.)
You plan to enable MFA for the following users:
• Five users that have owner permission for Sub1.
• Five users that have owner permissions for Azure resources.
By how many points will the secure score increase after you perform the planned changes?
You have an Azure AD tenant that contains the users shown in the following table.
You need to ensure that the users cannot create app passwords. The solution must ensure that User1 can continue to use the Mail and Calendar app.
What should you do?
You have an Azure subscription that contains the resources shown in the following table.
You need to configure network connectivity to meet the following requirements:
• Communication from VM1 to storage1 must traverse an optimized Microsoft backbone network.
• All the outbound traffic from VM1 to the internet must be denied.
• The solution must minimize costs and administrative effort.
What should you configure for VNet1 and NSG1? To answer, drag the appropriate components to the correct resources. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that uses Microsoft Defender for Cloud.
You need to add a custom security recommendation to Defender for Cloud. The recommendation must be assigned the custom severity rating of the subscription.
What should you create?
You have a Microsoft Entra tenant named Contoso.com and an Azure Kubernetes Service (AKS) cluster AKS1.
You discover that AKS1 cannot be accessed by using accounts from Contoso.com.
You need to ensure AKS1 can be accessed by using accounts from Contoso.com. The solution must minimize administrative effort.
What should you do first?
You have an Azure subscription that contains an Azure web app named App1.
You plan to configure a Conditional Access policy for App1. The solution must meet the following requirements:
• Only allow access to App1 from Windows devices.
• Only allow devices that are marked as compliant to access App1.
Which Conditional Access policy settings should you configure? To answer, drag the appropriate settings to the correct requirements. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You need to ensure that the events in the NetworkSecurityGroupRuleCounter log of the VNET01-Subnet0-NSG network security group (NSG) are stored in the logs1234578 Azure Storage account.
To complete this task, sign in to the Azure portal.
You have an Azure subscription that contains an Azure Data Lake Storage account named sa1.
You plan to deploy an app named App1 that will access sa1 and perform operations, including Read, List, Create Directory, and Delete Directory.
You need to ensure that App1 can connect securely to sa1 by using a private endpoint.
What is the minimum number of private endpoints required for sa1?
You have a Microsoft Entra tenant that contains the users shown in the following table.
You configure the Temporary Access Pass settings as shown in the following exhibit.
You add the Temporary Access Pass authentication method to Admin2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Your network contains an on-premises Active Directory domain named adatum.com that syncs to a Microsoft Entra tenant.
The Microsoft Entra tenant contains the users shown in the following table.
You configure the Microsoft Entra Password Protection settings for adatum.com as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have a Microsoft Entra tenant that contains the users shown in the following table.
From Microsoft Entra Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as shown in the following exhibit.
From PIM, you assign the Security Administrator role to the following groups:
• Group1: Active assignment type, permanently assigned
• Group2: Eligible assignment type, permanently eligible
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the virtual networks shown in the following table.
The subscription contains the virtual machines shown in the following table.
You have a storage account named contoso2024 that contains the following resources:
• A container named Container1 that contains a file named File1
• A file share named Share1 that contains a file named File2
You create a private endpoint for contoso2024 as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have a Microsoft Entra tenant named contoso.com.
You have a partner company that has a Microsoft Entra tenant named fabrikam.com.
You need to ensure that when a user in fabrikam.com attempts to access the resources in contoso.com, the user only receives a single Microsoft Entra Multi-Factor Authentication (MFA) prompt. The solution must minimize administrative effort.
What should you do?
