You are evaluating the effect of the application security groups on the network communication between the virtual machines in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You are evaluating the security of VM1, VM2, and VM3 in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You need to ensure that User2 can implement PIM.
What should you do first?
: 2 HOTSPOT
Which virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure resource group that contains 100 virtual machines.
You have an initiative named Initiative1 that contains multiple policy definitions. Initiative1 is assigned to the resource group.
You need to identify which resources do NOT match the policy definitions.
What should you do?
You have an Azure subscription that is linked to a Microsoft Entra tenant. The tenant uses Microsoft Entra ID Protection.
You have 2,000 users that are each assigned a Microsoft Entra ID P2 license.
You plan to use Azure Monitor to generate an alert when a workload identity that is using leaked credentials is detected.
You need to configure the Diagnostic setting to support the planned alert. The solution must minimize administrative effort.
Which log category should you collect, and to
which destination should you send the logs? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You plan to use Azure Sentinel to create an analytic rule that will detect suspicious threats and automate responses.
Which components are required for the rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the resources show in the following table.
Both VM1 and VM2 connect to VNET1 and are configured to use NSG1.
You need to ensure that only VM1 and VM2 can access DB1.
What should you do?
Your company plans to create separate subscriptions for each department. Each subscription will be
associated to the same Azure Active Directory (Azure AD) tenant.
You need to configure each subscription to have the same role assignments.
What should you use?
You have an Azure subscription that uses Microsoft Defender for Cloud. The subscription contains the Azure Policy definitions shown in the following table.
Which definitions can be assigned as a security policy in Defender for Cloud?
You have an Azure App Service web app named App1 as shown in the following exhibit.
Subnet 2 contains a virtual machine named VM1.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic
NOTE: Each correct selection is worth one point.
You have an Azure subscription that uses Microsoft Defender for Cloud.
Defender for Cloud has the security alerts shown in the following exhibit.
You have an Azure subscription that contains the resources shown in the following table.
SQL1 has the following configurations:
• Auditing: Enabled
• Audit log destination: storage1, Workspace1
DB1 has the following configurations:
• Auditing: Enabled
• Audit log destination: storage2
DB2 has auditing disabled.
Where are the audit logs for DB1 and DB2 stored? To answer, select the appropriate options in the answer area
NOTE: Each correct selection is worth one point.
You have an Azure subscription named Sub1 that contains the Azure key vaults shown in the following table:
In Sub1, you create a virtual machine that has the following configurations:
Name: VM1
Size: DS2v2
Resource group: RG1
Region: West Europe
Operating system: Windows Server 2022
You plan to enable Azure Disk Encryption on VM1.
In which key vaults can you store the encryption key for VM1?
You have an Azure subscription that uses Microsoft Defender.
You enable the CIS Microsoft Azure Foundations Benchmark v2.0.0 built-in to the subscription.
You need to ensure that when users attempt to assign custom role-based access control (RBAC) roles, they receive a custom error message that includes a link to an internal website. The solution must minimize the impact on other policies.
What should you configure?
