HOTSPOT

You have 20 Azure subscriptions and a security group named Group1. The subscriptions are children of the root management group.

Each subscription contains a resource group named RG1.

You need to ensure that for each subscription RG1 meets the following requirements:

1.

The members of Group1 are assigned the Owner role.

2.

The modification of permissions to RG1 is prevented.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

HOTSPOT

You have an Azure subscription that contains three storage accounts, an Azure SQL managed instance named SQL1, and three Azure SQL databases.

The storage accounts are configured as shown in the following table.

SQL1 has the following settings:

1.

Auditing: On

2.

Audit log destination: storage1

The Azure SQL databases are configured as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

HOTSPOT

You have the Azure Information Protection labels as shown in the following table.

You have the Azure Information Protection policies as shown in the following table.

You need to identify how Azure Information Protection will label files.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

You have Azure Resource Manager templates that you use to deploy Azure virtual machines.

You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.

What should you use?

A. device configuration policies in Microsoft Intune

B. an Azure Desired State Configuration (DSC) virtual machine extension

C. application security groups

D. Azure Logic Apps

E. security policies in Azure Security Center

F. device compliance policies in Microsoft Intune

From Azure Security Center, you create a custom alert rule.

You need to configure which users will receive an email message when the alert is triggered.

What should you do?

A. From Azure Monitor, create an action group.

B. From Security Center, modify the Security policy settings of the Azure subscription.

C. From Azure Active Directory (Azure AD), modify the members of the Security Reader role group.

D. From Security Center, modify the alert rule.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.

You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.

Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced.

Solution: You recommend the use of federation with Active Directory Federation Services (AD FS).

Does the solution meet the goal?

A. Yes

B. No

Your company's Azure subscription includes Windows Server 2016 Azure virtual machines.

You are informed that every virtual machine must have a custom antimalware virtual machine extension installed. You are writing the necessary code for a policy that will help you achieve this.

Which of the following is an effect that must be included in your code?

A. Disabled

B. Modify

C. AuditIfNotExists

D. DeployIfNotExists

You have an Azure key vault named Vault1 that stores the resources shown in the following table.

Which resources support the creation of a rotation policy?

A. Key 1 only

B. Cert1 only

C. Key1 and Secret1 only

D. Key1 and Cert1 only

E. Secret1 and Cert1 only

F. Key1, Secret1, and Cert1

You have an Azure subscription that contains the resources shown in the following table.

You plan to deploy an Azure Private Link service named APL1. Which resource must you reference during the creation of APL1?

A. VMSS1

B. VM1

C. SQL

D. LB1

You need to ensure that you can meet the security operations requirements. What should you do first?

A. Turn on Auto Provisioning in Security Center.

B. Integrate Security Center and Microsoft Cloud App Security.

C. Upgrade the pricing tier of Security Center to Standard.

D. Modify the Security Center workspace configuration.