You need to delegate a user to implement the planned change for Defender for Cloud.

The solution must follow the principle of least privilege.

Which user should you choose?

You have an Azure subscription that uses Microsoft Defender for Cloud.

You have an Amazon Web Services (AWS) account.

You need to add the AWS account to Defender for Cloud.

What should you do first?

You have the Azure virtual networks shown in the following table.

You have the Azure virtual machines shown in the following table.

The firewalls on all the virtual machines allow ping traffic.

NSG1 is configured as shown in the following exhibit.

Inbound security rules

Outbound security rules

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You have an Azure subscription named Subscription1.

You need to view which security settings are assigned to Subscription1 by default.

Which Azure policy or initiative definition should you review?

You have an Azure SQL database.

You implement Always Encrypted.

You need to ensure that application developers can retrieve and decrypt data in the database.

Nantes’s of information should you provide to the developers? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains two virtual machines named VM1 and VM2 that run Windows Server 2019.

You are implementing Update Management in Azure Automation.

You plan to create a new update deployment named Update1.

You need to ensure that Update! meets the following requirements:

• Automatically applies updates to VM1 and VM2.

• Automatically adds any new Windows Server 2019 virtual machines to Update1.

What should you include in Update1?

You have an Azure subscription named Sub1 that contains an Azure Log Analytics workspace named LAW1.

You have 100 on-premises servers that run Windows Server 2012 R2 and Windows Server 2016. The servers connect to LAW1. LAW1 is configured to collect security-related performance counters from the connected servers.

You need to configure alerts based on the data collected by LAW1. The solution must meet the following requirements:

Alert rules must support dimensions.

The time it takes to generate an alert must be minimized.

Alert notifications must be generated only once when the alert is generated and once when the alert is

resolved.

Which signal type should you use when you create the alert rules?

You have an Azure subscription that contains an Azure App Services web app named WebApp1. WebApp1 is accessed by users in multiple Azure regions.

You need to secure access to WebApp1. The solution must meet the following requirements:

* Protect against common web vulnerabilities.

* Optimize the routing of traffic from different regions.

What should you use?

You have an Azure AD tenant that contains the users shown in the following table.

You enable passwordless authentication for the tenant.

Which authentication method can each user use for passwordless authentication? To answer, drag the appropriate authentication methods to the correct users. Each authentication method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

You plan to create an Azure Kubernetes Service (AKS) cluster in an Azure subscription.

The manifest of the registered server application is shown in the following exhibit.

You need to ensure that the AKS cluster and Azure Active Directory (Azure AD) are integrated.

Which property should you modify in the manifest?