NEW QUESTION 1

What should you create in Azure AD to meet the Contoso developer requirements?

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 2

Your company has an on-premise network in Seattle and an Azure subscription. The on-premises network contains a Remote Desktop server.
The company contracts a third-party development firm from France to develop and deploy resources to the virtual machines hosted in the Azure subscription.
Currently, the firm establishes an RDP connection to the Remote Desktop server. From the Remote Desktop connection, the firm can access the virtual machines hosted in Azure by using custom administrative tools installed on the Remote Desktop server. All the traffic to the Remote Desktop server is captured by a firewall, and the firewall only allows specific connections from France to the server.
You need to recommend a modern security solution based on the Zero Trust model. The solution must minimize latency tor developers.
Which three actions should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Configure network security groups (NSGs) to allow access from only specific logical groupings of IP address ranges.
• B. Implement Azure Firewall to restrict host pool outbound access.
• C. Configure Azure Active Directory (Azure AD) Conditional Access with multi-factor authentication (MFA) and named locations.
• D. Migrate from the Remote Desktop server to Azure Virtual Desktop.
• E. Deploy a Remote Desktop server to an Azure region located in France.

Answer: BDE

NEW QUESTION 3

You have an Azure subscription that has Microsoft Defender for Cloud enabled. Suspicious authentication activity alerts have been appearing in the Workload protections dashboard.
You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort. What should you include in the recommendation?

• A. Azure Monitor webhooks
• B. Azure Logics Apps
• C. Azure Event Hubs
• D. Azure Functions apps

Answer: D

NEW QUESTION 4

You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation?

• A. Onboard the virtual machines to Microsoft Defender for Endpoint.
• B. Onboard the virtual machines to Azure Arc.
• C. Create a device compliance policy in Microsoft Endpoint Manager.
• D. Enable the Qualys scanner in Defender for Cloud.

Answer: A

NEW QUESTION 5

You need to recommend a solution to meet the security requirements for the virtual machines. What should you include in the recommendation?

• A. an Azure Bastion host
• B. a network security group (NSG)
• C. just-in-time (JIT) VM access
• D. Azure Virtual Desktop

Answer: A

NEW QUESTION 6

You open Microsoft Defender for Cloud as shown in the following exhibit.

Use the drop-down menus to select the answer choice that complete each statements based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 7

You are designing security for a runbook in an Azure Automation account. The runbook will copy data to Azure Data Lake Storage Gen2.
You need to recommend a solution to secure the components of the copy process.
What should you include in the recommendation for each component? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 8

Your company plans to move all on-premises virtual machines to Azure. A network engineer proposes the Azure virtual network design shown in the following table.

You need to recommend an Azure Bastion deployment to provide secure remote access to all the virtual machines. Based on the virtual network design, how many Azure Bastion subnets are required?

• A. 1
• B. 2
• C. 3
• D. 4
• E. 5

Answer: A

NEW QUESTION 9

Your company has an on-premises network, an Azure subscription, and a Microsoft 365 E5 subscription. The company uses the following devices:
• Computers that run either Windows 10 or Windows 11
• Tablets and phones that run either Android or iOS
You need to recommend a solution to classify and encrypt sensitive Microsoft Office 365 data regardless of where the data is stored. What should you include in the recommendation?

• A. eDiscovery
• B. retention policies
• C. Compliance Manager
• D. Microsoft Information Protection

Answer: A

NEW QUESTION 10

You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.
You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.
Solution: You recommend access restrictions to allow traffic from the backend IP address of the Front Door instance.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 11

You are creating the security recommendations for an Azure App Service web app named App1. App1 has the following specifications:
• Users will request access to App1 through the My Apps portal. A human resources manager will approve the requests.
• Users will authenticate by using Azure Active Directory (Azure AD) user accounts. You need to recommend an access security architecture for App1.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 12

You have an Azure subscription that is used as an Azure landing zone for an application. You need to evaluate the security posture of all the workloads in the landing zone. What should you do first?

• A. Add Microsoft Sentinel data connectors.
• B. Configure Continuous Integration/Continuous Deployment (CI/CD) vulnerability scanning.
• C. Enable the Defender plan for all resource types in Microsoft Defender for Cloud.
• D. Obtain Azure Active Directory Premium Plan 2 licenses.

Answer: A

NEW QUESTION 13

You are designing security for an Azure landing zone. Your company identifies the following compliance and privacy requirements:
• Encrypt cardholder data by using encryption keys managed by the company.
• Encrypt insurance claim files by using encryption keys hosted on-premises.
Which two configurations meet the compliance and privacy requirements? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Store the insurance claim data in Azure Blob storage encrypted by using customer-provided keys.
• B. Store the cardholder data in an Azure SQL database that is encrypted by using keys stored in Azure Key Vault Managed HSM
• C. Store the insurance claim data in Azure Files encrypted by using Azure Key Vault Managed HSM.
• D. Store the cardholder data in an Azure SQL database that is encrypted by using Microsoft-managed Keys.

Answer: CD

NEW QUESTION 14

Your company is migrating data to Azure. The data contains Personally Identifiable Information (Pll). The company plans to use Microsoft Information Protection for the Pll data store in Azure. You need to recommend a solution to discover Pll data at risk in the Azure resources.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 15

Your company has a Microsoft 365 E5 subscription.
Users use Microsoft Teams, Exchange Online, SharePoint Online, and OneDrive for sharing and collaborating. The company identifies protected health information (PHI) within stored documents and communications. What should you recommend using to prevent the PHI from being shared outside the company?

• A. insider risk management policies
• B. data loss prevention (DLP) policies
• C. sensitivity label policies
• D. retention policies

Answer: A

NEW QUESTION 16
......