March Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

You need to configure SQLDB1 to meet the data and application requirements.

Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Full Access
Question # 5

You need to deploy AKS1 to meet the platform protection requirements.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

Full Access
Question # 6

You need to ensure that User2 can implement PIM.

What should you do first?

A.

Assign User2 the Global administrator role.

B.

Configure authentication methods for contoso.com.

C.

Configure the identity secure score for contoso.com.

D.

Enable multi-factor authentication (MFA) for User2.

Full Access
Question # 7

You assign User8 the Owner role for RG4, RG5, and RG6.

In which resource groups can User8 create virtual networks and NSGs? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 8

You are evaluating the effect of the application security groups on the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 9

What is the membership of Group1 and Group2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 10

You are evaluating the security of the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 11

From Azure Security Center, you need to deploy SecPol1.

What should you do first?

A.

Enable Azure Defender.

B.

Create an Azure Management group.

C.

Create an initiative.

D.

Configure continuous export.

Full Access
Question # 12

You are evaluating the security of VM1, VM2, and VM3 in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 13

You need to meet the technical requirements for VNetwork1.

What should you do first?

A.

Create a new subnet on VNetwork1.

B.

Remove the NSGs from Subnet11 and Subnet13.

C.

Associate an NSG to Subnet12.

D.

Configure DDoS protection for VNetwork1.

Full Access
Question # 14

: 2 HOTSPOT

Which virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 15

You need to perform the planned changes for OU2 and User1.

Which tools should you use? To answer, drag the appropriate tools to the correct resources. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Full Access
Question # 16

You need to meet the technical requirements for the finance department users.

Which CAPolicy1 settings should you modify?

A.

Cloud apps or actions

B.

Conditions

C.

Grant

D.

Session

Full Access
Question # 17

You implement the planned changes for ASG1 and ASG2.

In which NSGs can you use ASG1. and the network interfaces of which virtual machines can you assign to ASG2?

Full Access
Question # 18

You need to configure support for Azure Sentinel notebooks to meet the technical requirements.

What is the minimum number of Azure container registries and Azure Machine Learning workspaces required?

Full Access
Question # 19

You need to encrypt storage1 to meet the technical requirements. Which key vaults can you use?

A.

KeyVault1 only

B.

KeyVault2 and KeyVault3 only

C.

KeyVault1 and KeyVault3 only

D.

KeyVault1 KeyVault2 and KeyVault3

Full Access
Question # 20

You have an Azure subscription that contains the storage accounts shown in the following, table.

You enable Microsoft Defender for Storage.

Which storage services of storages are monitored by Microsoft Defender for Storage, and which storage accounts are protected by Microsoft Defender for Storage? To answer, select the appropriate options in the answer area.

Full Access
Question # 21

You have an Azure subscription named Sub1.

In Azure Security Center, you have a workflow automation named WF1. WF1 is configured to send an email message to a user named User1.

You need to modify WF1 to send email messages to a distribution group named Alerts.

What should you use to modify WF1?

A.

Azure Application Insights

B.

Azure Monitor

C.

Azure Logic Apps Designer

D.

Azure DevOps

Full Access
Question # 22

You have an Azure subscription that contains a resource group named RG1. RG1 contains a virtual machine named VM1 that uses Azure Active Directory (Azure AD) authentication.

You have two custom Azure roles named Role1 and Role2 that are scoped to RG1.

The permissions for Role1 are shown in the following JSON code.

The permissions for Role2 are shown in the following JSON code.

You assign the roles to the users shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 23

You have an Azure AD tenant that contains 500 users and an administrative unit named AU1.

From the Azure Active Directory admin center, you plan to add the users to AU1 by using Bulk add members.

You need to create and upload a file for the bulk add.

What should you include in the file?

A.

only the display name of each user

B.

only the user principal name (UPN) of each user

C.

only the object identifier of each user

D.

only the user principal name (UPN) and object identifier of each user

E.

Only the user principal name (UPN) and display name of each user

Full Access
Question # 24

You plan to configure Azure Disk Encryption for VM4. Which key vault can you use to store the encryption key?

A.

KeyVault1

B.

KeyVault3

C.

KeyVault2

Full Access
Question # 25

You plan to implement JIT VM access. Which virtual machines will be supported?

A.

VM1 and VM3 only

B.

VM1. VM2. VM3, and VM4

C.

VM2, VM3, and VM4 only

D.

VM1 only

Full Access
Question # 26

You need to delegate the creation of RG2 and the management of permissions for RG1. Which users can perform each task? To answer select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

Full Access
Question # 27

You have an Azure subscription named Sub1 that contains the resources shown in the following table.

You need to enable Microsoft Defender for Cloud for storage accounts and virtual machines.

At which levels can you enable Defender for Cloud for the storage accounts and the virtual machines? To answer, select the appropriate options in the answer area

NOTE: Each correct selection is worth one point

Full Access
Question # 28

You network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. The tenant contains the users shown in the following table.

The tenant contains the groups shown in the following table.

You configure a multi-factor authentication (MFA) registration policy that and the following settings:

  • Assignments:

Controls: Require Azure MFA registration

Enforce Policy: On

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Full Access
Question # 29

You onboard Azure Sentinel. You connect Azure Sentinel to Azure Security Center.

You need to automate the mitigation of incidents in Azure Sentinel. The solution must minimize administrative effort.

What should you create?

A.

an alert rule

B.

a playbook

C.

a function app

D.

a runbook

Full Access
Question # 30

You have Azure Resource Manager templates that you use to deploy Azure virtual machines.

You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.

What should you use?

A.

security policies in Azure Security Center

B.

Azure Logic Apps

C.

an Azure Desired State Configuration (DSC) virtual machine extension

D.

Azure Advisor

Full Access
Question # 31

You have an Azure subscription.

You create an Azure Firewall policy that has the rules shown in the following table:

In which order should the rules be processed? To answer, move all rules from the list of rules to the answer area and arrange them in the correct order.

Full Access
Question # 32

Your on-premises network contains a Hyper-V virtual machine named VM1. You need to use Azure Arc to onboard VM1 to Microsoft Defender for Cloud. What should you install first?

A.

the Azure Monitor agent

B.

the Azure Connected Machine agent

C.

the Log Analytics agent

D.

the guest configuration agent

Full Access
Question # 33

You have an Azure subscription named Subscription1.

You need to view which security settings are assigned to Subscription1 by default.

Which Azure policy or initiative definition should you review?

A.

the Audit diagnostic setting policy definition

B.

the Enable Monitoring in Azure Security Center initiative definition

C.

the Enable Azure Monitor for VMs initiative definition

D.

the Azure Monitor solution ‘Security and Audit’ must be deployed policy definition

Full Access
Question # 34

You have an Azure subscription that contains an Azure Sentinel workspace.

Azure Sentinel is configured to ingest logs from several Azure workloads. A third-party service management platform is used to manage incidents.

You need to identify which Azure Sentinel components to configure to meet the following requirements:

  • When Azure Sentinel identifies a threat, an incident must be created.
  • A ticket must be logged in the service management platform when an incident is created in Azure Sentinel.

Which component should you identify for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 35

You have an Azure subscription that contains a resource group named RG1 and the network security groups (NSGs) shown in the following table.

You create the Azure policy shown in the following exhibit.

You assign the policy to RG1.

What will occur if you assign the policy to NSG1 and NSG2?

A.

Flow logs will be enabled for NSG1 and NSG2.

B.

Flow logs will be enabled for NSG2 only.

C.

Flow logs will be disabled for NSG1 and NSG2.

D.

Flow logs will be enabled for NSG1 only.

Full Access
Question # 36

You have an Azure Active Directory (Azure AD) tenant that contains two administrative units named AU1 and AU2.

Users are assigned to the administrative units as shown in the following table.

Full Access
Question # 37

You have an Azure key vault named KeyVault1 that contains the items shown in the following table.

In KeyVault1 the following events occur in sequence:

• item is deleted.

• ltem2 and Policy1 are deleted.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

ui

Full Access
Question # 38

You have an Azure subscription that contains an Azure Files share named share1 and a user named User1. Identity-based authentication is configured for share1.

User1 attempts to access share1 from a Windows 10 device by using SMB.

Which type of token will Azure Files use to authorize the request?

A.

OAuth 20

B.

JSON Web Token (JWT)

C.

Kerberos

D.

SAML

Full Access
Question # 39

You have an Azure subscription named Sub1.

You have an Azure Active Directory (Azure AD) group named Group1 that contains all the members of your IT team.

You need to ensure that the members of Group1 can stop, start, and restart the Azure virtual machines in Sub1. The solution must use the principle of least privilege.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Full Access
Question # 40

You have an Azure subscription that contains an Azure key vault and an Azure Storage account. The key vault contains customer-managed keys. The storage account is configured to use the customer-managed keys stored In the key vault.

You plan to store data in Azure by using the following services:

* Azure Files

* Azure Blob storage

* Azure Log Analytics

* Azure Table storage

* Azure Queue storage

Which two services data encryption by using the keys stored in the key vault? Each correct answer present a complete solution.

NOTE: Each correct selection is worth one point.

A.

Queue storage

B.

Table storage

C.

Azure Files

D.

Blob storage

Full Access
Question # 41

You are securing access to the resources in an Azure subscription.

A new company policy states that all the Azure virtual machines in the subscription must use managed disks.

You need to prevent users from creating virtual machines that use unmanaged disks.

What should you use?

A.

Azure Monitor

B.

Azure Policy

C.

Azure Security Center

D.

Azure Service Health

Full Access
Question # 42

You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM).

A user named User1 is eligible for the Billing administrator role.

You need to ensure that the role can only be used for a maximum of two hours.

What should you do?

A.

Create a new access review.

B.

Edit the role assignment settings.

C.

Update the end date of the user assignment

D.

Edit the role activation settings.

Full Access
Question # 43

You have an Azure subscription that contains the virtual machines shown in the following table.

Subnet1 and Subnet2 have a network security group {NSG). The NSG has an outbound rule that has the following configurations:

• Port; Any

• Source: Any

• Priority: 100

• Action: Deny

• Protocol: Any

• Destination: Storage

The subscription contains a storage account named storage1.

You create a private endpoint named Private1 that has the following settings:

• Resource type: Microsoft.Storage/storageAccounts

• Resource: storage1

• Target sub-resource: blob

• Virtual network: VNet1

• Subnet: Subnet1

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 44

Lab Task

use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password. place your cursor in the Enter password box and click on the password below.

Azure Username: Userl -28681041@ExamUsers.com

Azure Password: GpOAe4@lDg

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 28681041

Task 1

You need to configure Azure to allow RDP connections from the Internet to a virtual machine named VM1. The solution must minimize the attack surface of VM1.

Full Access
Question # 45

You have an Azure Sentinel workspace that contains an Azure Active Directory (Azure AD) connector, an Azure Log Analytics query named Query1 and a playbook named Playbook1.

Query1 returns a subset of security events generated by Azure AD.

You plan to create an Azure Sentinel analytic rule based on Query1 that will trigger Playbook1.

You need to ensure that you can add Playbook1 to the new rule.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 46

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

In Azure AD Privileged Identity Management (PIM), the Role settings for the Contributor role are configured as shown in the exhibit. (Click the Exhibit tab.)

You assign users the Contributor role on May 1, 2019 as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 47

You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have the management group hierarchy shown in the following exhibit.

You create the definitions shown in the following table.

You need to use Defender for Cloud to add a security policy. Which definitions can you use as a security policy?

A.

Policy1 only

B.

Policy1 and Initiative1 only

C.

Initiative1 and Initiative2 only

D.

Initiative1, Initiative2, and Initiatives only

E.

Policy1, Initiative1, Initiative2, and Initiative3

Full Access
Question # 48

Lab Task

use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password. place your cursor in the Enter password box and click on the password below.

Azure Username: Userl -28681041@ExamUsers.com

Azure Password: GpOAe4@lDg

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 28681041

Task 2

You need to add the network interface of a virtual machine named VM1 to an application security group named ASG1.

Full Access
Question # 49

You have an Azure subscription that contains an instance of Azure Firewall Standard named AzFWL You need to identify whether you can use the following features with AzFW1:

• TLS inspection

• Threat intelligence

• The network intrusion detection and prevention systems (IDPS)

What can you use?

A.

TLS inspection only

B.

threat intelligence only

C.

TLS inspection and the IDPS only

D.

threat intelligence and the IDPS only

E.

TLS inspection, threat intelligence, and the IDPS

Full Access
Question # 50

Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.

The company develops an application named App1. App1 is registered in Azure AD.

You need to ensure that App1 can access secrets in Azure Key Vault on behalf of the application users.

What should you configure?

A.

an application permission without admin consent

B.

a delegated permission without admin consent

C.

a delegated permission that requires admin consent

D.

an application permission that requires admin consent

Full Access
Question # 51

You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.

You need to use the automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry.

What should you create?

A.

an Azure AD user

B.

a secret in Azure Key Vault

C.

an Azure AD group

D.

a role assignment

Full Access
Question # 52

You have an Azure Sentinel deployment.

You need to create a scheduled query rule named Rule1.

What should you use to define the query rule logic for Rule1?

A.

a Transact-SQL statement

B.

a JSON definition

C.

GraphQL

D.

a Kusto query

Full Access
Question # 53

You need to ensure that users can access VM0. The solution must meet the platform protection requirements.

What should you do?

A.

Move VM0 to Subnet1.

B.

On Firewall, configure a network traffic filtering rule.

C.

Assign RT1 to AzureFirewallSubnet.

D.

On Firewall, configure a DNAT rule.

Full Access
Question # 54

You need to meet the identity and access requirements for Group1.

What should you do?

A.

Add a membership rule to Group1.

B.

Delete Group1. Create a new group named Group1 that has a membership type of Office 365. Add users and devices to the group.

C.

Modify the membership rule of Group1.

D.

Change the membership type of Group1 to Assigned. Create two groups that have dynamic memberships. Add the new groups to Group1.

Full Access
Question # 55

You need to ensure that the Azure AD application registration and consent configurations meet the identity and access requirements.

What should you use in the Azure portal? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 56

You need to deploy Microsoft Antimalware to meet the platform protection requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access