You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" SC-100 Practice Test 2 "
0 of 65 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
SC-100
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking on “View Answers” option. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Answered
Review
Question 1 of 65
1. Question
Your company is moving a big data solution to Azure. The company plans to use the following storage workloads: ? Azure Storage blob containers ? Azure Data Lake Storage Gen2 Azure Storage file shares – ? Azure Disk Storage Which two storage workloads support authentication by using Azure Active Directory (Azure AD)? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Correct
Incorrect
Unattempted
Question 2 of 65
2. Question
You are designing the security standards for a new Azure environment. You need to design a privileged identity strategy based on the Zero Trust model. Which framework should you follow to create the design?
Correct
Incorrect
Unattempted
Question 3 of 65
3. Question
You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD). The customer plans to obtain an Azure subscription and provision several Azure resources. You need to evaluate the customer‘s security environment. What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?
Correct
Incorrect
Unattempted
Question 4 of 65
4. Question
A customer follows the Zero Trust model and explicitly verifies each attempt to access its corporate applications. The customer discovers that several endpoints are infected with malware. The customer suspends access attempts from the infected endpoints. The malware is removed from the endpoints. Which two conditions must be met before endpoint users can access the corporate applications again? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Correct
Incorrect
Unattempted
Question 5 of 65
5. Question
Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel. You plan to integrate Microsoft Sentinel with Splunk. You need to recommend a solution to send security events from Microsoft Sentinel to Splunk. What should you include in the recommendation?
Correct
Incorrect
Unattempted
Question 6 of 65
6. Question
You have an Azure subscription that contains virtual machines, storage accounts, and Azure SQL databases. All resources are backed up multiple times a day by using Azure Backup. You are developing a strategy to protect against ransomware attacks. You need to recommend which controls must be enabled to ensure that Azure Backup can be used to restore the resources in the event of a successful ransomware attack. Which two controls should you include in the recommendation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Correct
Incorrect
Unattempted
Question 7 of 65
7. Question
Your company is moving all on-premises workloads to Azure and Microsoft 365. You need to design a security orchestration, automation, and response (SOAR) strategy in Microsoft Sentinel that meets the following requirements: ? Minimizes manual intervention by security operation analysts ? Supports triaging alerts within Microsoft Teams channels What should you include in the strategy?
Correct
Incorrect
Unattempted
Question 8 of 65
8. Question
Your company has a Microsoft 365 subscription and uses Microsoft Defender for Identity. You are informed about incidents that relate to compromised identities. You need to recommend a solution to expose several accounts for attackers to exploit. When the attackers attempt to exploit the accounts, an alert must be triggered. Which Defender for Identity feature should you include in the recommendation?
Correct
Incorrect
Unattempted
Question 9 of 65
9. Question
You have a Microsoft 365 E5 subscription and an Azure subscription. You are designing a Microsoft deployment. You need to recommend a solution for the security operations team. The solution must include custom views and a dashboard for analyzing security events. What should you recommend using in Microsoft Sentinel?
Correct
Incorrect
Unattempted
Question 10 of 65
10. Question
A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription. All on-premises servers in the perimeter network are prevented from connecting directly to the internet. The customer recently recovered from a ransomware attack. The customer plans to deploy Microsoft Sentinel. You need to recommend solutions to meet the following requirements: ? Ensure that the security operations team can access the security logs and the operation logs. ? Ensure that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network. Which two solutions should you include in the recommendation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Correct
Incorrect
Unattempted
Question 11 of 65
11. Question
You have an Azure subscription that has Microsoft Defender for Cloud enabled. Suspicious authentication activity alerts have been appearing in the Workload protections dashboard. You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort. What should you include in the recommendation?
Correct
Incorrect
Unattempted
Question 12 of 65
12. Question
Your company has a Microsoft 365 ES subscription. The Chief Compliance Officer plans to enhance privacy management in the working environment. You need to recommend a solution to enhance the privacy management. The solution must meet the following requirements: ? Identify unused personal data and empower users to make smart data handling decisions. ? Provide users with notifications and guidance when a user sends personal data in Microsoft Teams. ? Provide users with recommendations to mitigate privacy risks. What should you include in the recommendation?
Correct
Incorrect
Unattempted
Question 13 of 65
13. Question
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled. The Azure subscription contains a Microsoft Sentinel workspace. Microsoft Sentinel data connectors are configured for Microsoft 365, Microsoft 365 Defender, Defender for Cloud, and Azure. You plan to deploy Azure virtual machines that will run Windows Server. You need to enable extended detection and response (EDR) and security orchestration, automation, and response (SOAR) capabilities for Microsoft Sentinel. How should you recommend enabling each capability? To answer, select the appropriate options in the answer area. Answer Area: 1. EDR: Add a Microsoft Sentinel data connector for Azure Active Directory (Azure AD) Add a Microsoft Sentinel data connector for Microsoft Defender for Cloud Apps. Onboard the servers to Azure Arc. Onboard the servers to Defender for Cloud. 2. SOAR: Configure Microsoft Sentinel analytics rules. Configure Microsoft Sentinel playbooks. Configure regulatory compliance standards in Defender for Cloud. Configure workflow automation in Defender for Cloud.
Correct
Onboard the servers to Defender for Cloud. Extended detection and response (XDR) is a new approach defined by industry analysts that are designed to deliver intelligent, automated, and integrated security across domains to help defenders connect seemingly disparate alerts and get ahead of attackers. As part of this announcement, we are unifying all XDR technologies under the Microsoft Defender brand. The new Microsoft Defender is the most comprehensive XDR in the market today and prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms. Configure Microsoft Sentinel playbooks. As a SOAR platform, its primary purposes are to automate any recurring and predictable enrichment, response and remediation tasks that are the responsibility of Security Operations Centers (SOC/SecOps). Leveraging SOAR frees up time and resources for more in-depth investigation of and hunting for advanced threats. Automation takes a few different forms in Microsoft Sentinel, from automation rules that centrally manage the automation of incident handling and response to playbooks that run predetermined sequences of actions to provide robust and flexible advanced automation to your threat response tasks. Reference: https://www.microsoft.com/security/blog/2020/09/22/microsoft-unified-siem-xdr-modernize-security-operations/ https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-automation-ninja/ba-p/3563377
Incorrect
Onboard the servers to Defender for Cloud. Extended detection and response (XDR) is a new approach defined by industry analysts that are designed to deliver intelligent, automated, and integrated security across domains to help defenders connect seemingly disparate alerts and get ahead of attackers. As part of this announcement, we are unifying all XDR technologies under the Microsoft Defender brand. The new Microsoft Defender is the most comprehensive XDR in the market today and prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms. Configure Microsoft Sentinel playbooks. As a SOAR platform, its primary purposes are to automate any recurring and predictable enrichment, response and remediation tasks that are the responsibility of Security Operations Centers (SOC/SecOps). Leveraging SOAR frees up time and resources for more in-depth investigation of and hunting for advanced threats. Automation takes a few different forms in Microsoft Sentinel, from automation rules that centrally manage the automation of incident handling and response to playbooks that run predetermined sequences of actions to provide robust and flexible advanced automation to your threat response tasks. Reference: https://www.microsoft.com/security/blog/2020/09/22/microsoft-unified-siem-xdr-modernize-security-operations/ https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-automation-ninja/ba-p/3563377
Unattempted
Onboard the servers to Defender for Cloud. Extended detection and response (XDR) is a new approach defined by industry analysts that are designed to deliver intelligent, automated, and integrated security across domains to help defenders connect seemingly disparate alerts and get ahead of attackers. As part of this announcement, we are unifying all XDR technologies under the Microsoft Defender brand. The new Microsoft Defender is the most comprehensive XDR in the market today and prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms. Configure Microsoft Sentinel playbooks. As a SOAR platform, its primary purposes are to automate any recurring and predictable enrichment, response and remediation tasks that are the responsibility of Security Operations Centers (SOC/SecOps). Leveraging SOAR frees up time and resources for more in-depth investigation of and hunting for advanced threats. Automation takes a few different forms in Microsoft Sentinel, from automation rules that centrally manage the automation of incident handling and response to playbooks that run predetermined sequences of actions to provide robust and flexible advanced automation to your threat response tasks. Reference: https://www.microsoft.com/security/blog/2020/09/22/microsoft-unified-siem-xdr-modernize-security-operations/ https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-automation-ninja/ba-p/3563377
Question 14 of 65
14. Question
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You need to enforce ISO 27001:2013 standards for the subscription. The solution must ensure that noncompliant resources are remediated automatically. What should you use?
Correct
Control mapping of the ISO 27001 Shared Services blueprint sample The following mappings are to the ISO 27001:2013 controls. Use the navigation on the right to jump directly to a specific control mapping. Many of the mapped controls are implemented with an Azure Policy initiative. Open Policy in the Azure portal and select the Definitions page. Then, find and select the [Preview] Audit ISO 27001:2013 controls and deploy specific VM Extensions to support audit requirements built-in policy initiative. Note: Security Center can now auto provision the Azure Policy‘s Guest Configuration extension (in preview) Azure Policy can audit settings inside a machine, both for machines running in Azure and Arc connected machines. The validation is performed by the Guest Configuration extension and client. With this update, you can now set Security Center to automatically provision this extension to all supported machines. Enforcing a secure configuration, based on a specific recommendation, is offered in two modes: Using the Deny effect of Azure Policy, you can stop unhealthy resources from being created Using the Enforce option, you can take advantage of Azure Policy‘s DeployIfNotExist effect and automatically remediate non-compliant resources upon creation Reference: https://docs.microsoft.com/en-us/azure/governance/blueprints/samples/iso27001-shared/control-mapping https://docs.microsoft.com/en-us/azure/defender-for-cloud/release-notes-archive https://docs.microsoft.com/en-us/azure/defender-for-cloud/prevent-misconfigurations
Incorrect
Control mapping of the ISO 27001 Shared Services blueprint sample The following mappings are to the ISO 27001:2013 controls. Use the navigation on the right to jump directly to a specific control mapping. Many of the mapped controls are implemented with an Azure Policy initiative. Open Policy in the Azure portal and select the Definitions page. Then, find and select the [Preview] Audit ISO 27001:2013 controls and deploy specific VM Extensions to support audit requirements built-in policy initiative. Note: Security Center can now auto provision the Azure Policy‘s Guest Configuration extension (in preview) Azure Policy can audit settings inside a machine, both for machines running in Azure and Arc connected machines. The validation is performed by the Guest Configuration extension and client. With this update, you can now set Security Center to automatically provision this extension to all supported machines. Enforcing a secure configuration, based on a specific recommendation, is offered in two modes: Using the Deny effect of Azure Policy, you can stop unhealthy resources from being created Using the Enforce option, you can take advantage of Azure Policy‘s DeployIfNotExist effect and automatically remediate non-compliant resources upon creation Reference: https://docs.microsoft.com/en-us/azure/governance/blueprints/samples/iso27001-shared/control-mapping https://docs.microsoft.com/en-us/azure/defender-for-cloud/release-notes-archive https://docs.microsoft.com/en-us/azure/defender-for-cloud/prevent-misconfigurations
Unattempted
Control mapping of the ISO 27001 Shared Services blueprint sample The following mappings are to the ISO 27001:2013 controls. Use the navigation on the right to jump directly to a specific control mapping. Many of the mapped controls are implemented with an Azure Policy initiative. Open Policy in the Azure portal and select the Definitions page. Then, find and select the [Preview] Audit ISO 27001:2013 controls and deploy specific VM Extensions to support audit requirements built-in policy initiative. Note: Security Center can now auto provision the Azure Policy‘s Guest Configuration extension (in preview) Azure Policy can audit settings inside a machine, both for machines running in Azure and Arc connected machines. The validation is performed by the Guest Configuration extension and client. With this update, you can now set Security Center to automatically provision this extension to all supported machines. Enforcing a secure configuration, based on a specific recommendation, is offered in two modes: Using the Deny effect of Azure Policy, you can stop unhealthy resources from being created Using the Enforce option, you can take advantage of Azure Policy‘s DeployIfNotExist effect and automatically remediate non-compliant resources upon creation Reference: https://docs.microsoft.com/en-us/azure/governance/blueprints/samples/iso27001-shared/control-mapping https://docs.microsoft.com/en-us/azure/defender-for-cloud/release-notes-archive https://docs.microsoft.com/en-us/azure/defender-for-cloud/prevent-misconfigurations
Question 15 of 65
15. Question
You have an Azure subscription that contains virtual machines, storage accounts, and Azure SQL databases. All resources are backed up multiple times a day by using Azure Backup. You are developing a strategy to protect against ransomware attacks. You need to recommend which controls must be enabled to ensure that Azure Backup can be used to restore the resources in the event of a successful ransomware attack. Which two controls should you include in the recommendation? Each correct answer presents a complete solution.
Correct
Checks have been added to make sure only valid users can perform various operations. These include adding an extra layer of authentication. As part of adding an extra layer of authentication for critical operations, you‘re prompted to enter a security PIN before modifying online backups. Your backups need to be protected from sophisticated bot and malware attacks. Permanent loss of data can have significant cost and time implications to your business. To help protect against this, Azure Backup guards against malicious attacks through deeper security, faster notifications, and extended recoverability. For deeper security, only users with valid Azure credentials will receive a security PIN generated by the Azure portal to allow them to backup data. If a critical backup operation is authorized, such as “delete backup data,“ a notification is immediately sent so you can engage and minimize the impact to your business. If a hacker does delete backup data, Azure Backup will store the deleted backup data for up to 14 days after deletion. Use Azure Monitor notifications when backup configurations change.: Key benefits of Azure Monitor alerts include: Monitor alerts at-scale via Backup center: In addition to enabling you to manage the alerts from Azure Monitor dashboard, Azure Backup also provides an alert management experience tailored to backups via Backup center. This allows you to filter alerts by backup specific properties, such as workload type, vault location, and so on, and a way to get quick visibility into the active backup security alerts that need attention. Reference: https://docs.microsoft.com/en-us/azure/security/fundamentals/backup-plan-to-protect-against-ransomware https://www.microsoft.com/security/blog/2017/01/05/azure-backup-protects-against-ransomware/ https://docs.microsoft.com/en-us/azure/backup/move-to-azure-monitor-alerts
Incorrect
Checks have been added to make sure only valid users can perform various operations. These include adding an extra layer of authentication. As part of adding an extra layer of authentication for critical operations, you‘re prompted to enter a security PIN before modifying online backups. Your backups need to be protected from sophisticated bot and malware attacks. Permanent loss of data can have significant cost and time implications to your business. To help protect against this, Azure Backup guards against malicious attacks through deeper security, faster notifications, and extended recoverability. For deeper security, only users with valid Azure credentials will receive a security PIN generated by the Azure portal to allow them to backup data. If a critical backup operation is authorized, such as “delete backup data,“ a notification is immediately sent so you can engage and minimize the impact to your business. If a hacker does delete backup data, Azure Backup will store the deleted backup data for up to 14 days after deletion. Use Azure Monitor notifications when backup configurations change.: Key benefits of Azure Monitor alerts include: Monitor alerts at-scale via Backup center: In addition to enabling you to manage the alerts from Azure Monitor dashboard, Azure Backup also provides an alert management experience tailored to backups via Backup center. This allows you to filter alerts by backup specific properties, such as workload type, vault location, and so on, and a way to get quick visibility into the active backup security alerts that need attention. Reference: https://docs.microsoft.com/en-us/azure/security/fundamentals/backup-plan-to-protect-against-ransomware https://www.microsoft.com/security/blog/2017/01/05/azure-backup-protects-against-ransomware/ https://docs.microsoft.com/en-us/azure/backup/move-to-azure-monitor-alerts
Unattempted
Checks have been added to make sure only valid users can perform various operations. These include adding an extra layer of authentication. As part of adding an extra layer of authentication for critical operations, you‘re prompted to enter a security PIN before modifying online backups. Your backups need to be protected from sophisticated bot and malware attacks. Permanent loss of data can have significant cost and time implications to your business. To help protect against this, Azure Backup guards against malicious attacks through deeper security, faster notifications, and extended recoverability. For deeper security, only users with valid Azure credentials will receive a security PIN generated by the Azure portal to allow them to backup data. If a critical backup operation is authorized, such as “delete backup data,“ a notification is immediately sent so you can engage and minimize the impact to your business. If a hacker does delete backup data, Azure Backup will store the deleted backup data for up to 14 days after deletion. Use Azure Monitor notifications when backup configurations change.: Key benefits of Azure Monitor alerts include: Monitor alerts at-scale via Backup center: In addition to enabling you to manage the alerts from Azure Monitor dashboard, Azure Backup also provides an alert management experience tailored to backups via Backup center. This allows you to filter alerts by backup specific properties, such as workload type, vault location, and so on, and a way to get quick visibility into the active backup security alerts that need attention. Reference: https://docs.microsoft.com/en-us/azure/security/fundamentals/backup-plan-to-protect-against-ransomware https://www.microsoft.com/security/blog/2017/01/05/azure-backup-protects-against-ransomware/ https://docs.microsoft.com/en-us/azure/backup/move-to-azure-monitor-alerts
Question 16 of 65
16. Question
Your company is migrating data to Azure. The data contains Personally Identifiable Information (PII). The company plans to use Microsoft Information Protection for the PII data store in Azure. You need to recommend a solution to discover PII data at risk in the Azure resources. What should you include in the recommendation? To answer, select the appropriate options in the answer area. Answer Area 1. To connect the Azure data sources to Microsoft Information Protection: Azure Purview Endpoint data loss prevention Microsoft Defender for Cloud Apps Microsoft Information Protection 2. To triage security alerts related to resources that contain PII data: Azure Monitor Endpoint data loss prevention Microsoft Defender for Cloud Microsoft Defender for Cloud Apps
Correct
Box 1: Azure Purview – Microsoft Purview is a unified data governance service that helps you manage and govern your on-premises, multi-cloud, and software-as-a-service (SaaS) data. Microsoft Purview allows you to: Create a holistic, up-to-date map of your data landscape with automated data discovery, sensitive data classification, and end-to-end data lineage. Enable data curators to manage and secure your data estate. Empower data consumers to find valuable, trustworthy data. Box 2: Microsoft Defender for Cloud Microsoft Purview provides rich insights into the sensitivity of your data. This makes it valuable to security teams using Microsoft Defender for Cloud to manage the organization‘s security posture and protect against threats to their workloads. Data resources remain a popular target for malicious actors, making it crucial for security teams to identify, prioritize, and secure sensitive data resources across their cloud environments. The integration with Microsoft Purview expands visibility into the data layer, enabling security teams to prioritize resources that contain sensitive data. References: https://docs.microsoft.com/en-us/azure/purview/overview https://docs.microsoft.com/en-us/azure/purview/how-to-integrate-with-azure-security-products
Incorrect
Box 1: Azure Purview – Microsoft Purview is a unified data governance service that helps you manage and govern your on-premises, multi-cloud, and software-as-a-service (SaaS) data. Microsoft Purview allows you to: Create a holistic, up-to-date map of your data landscape with automated data discovery, sensitive data classification, and end-to-end data lineage. Enable data curators to manage and secure your data estate. Empower data consumers to find valuable, trustworthy data. Box 2: Microsoft Defender for Cloud Microsoft Purview provides rich insights into the sensitivity of your data. This makes it valuable to security teams using Microsoft Defender for Cloud to manage the organization‘s security posture and protect against threats to their workloads. Data resources remain a popular target for malicious actors, making it crucial for security teams to identify, prioritize, and secure sensitive data resources across their cloud environments. The integration with Microsoft Purview expands visibility into the data layer, enabling security teams to prioritize resources that contain sensitive data. References: https://docs.microsoft.com/en-us/azure/purview/overview https://docs.microsoft.com/en-us/azure/purview/how-to-integrate-with-azure-security-products
Unattempted
Box 1: Azure Purview – Microsoft Purview is a unified data governance service that helps you manage and govern your on-premises, multi-cloud, and software-as-a-service (SaaS) data. Microsoft Purview allows you to: Create a holistic, up-to-date map of your data landscape with automated data discovery, sensitive data classification, and end-to-end data lineage. Enable data curators to manage and secure your data estate. Empower data consumers to find valuable, trustworthy data. Box 2: Microsoft Defender for Cloud Microsoft Purview provides rich insights into the sensitivity of your data. This makes it valuable to security teams using Microsoft Defender for Cloud to manage the organization‘s security posture and protect against threats to their workloads. Data resources remain a popular target for malicious actors, making it crucial for security teams to identify, prioritize, and secure sensitive data resources across their cloud environments. The integration with Microsoft Purview expands visibility into the data layer, enabling security teams to prioritize resources that contain sensitive data. References: https://docs.microsoft.com/en-us/azure/purview/overview https://docs.microsoft.com/en-us/azure/purview/how-to-integrate-with-azure-security-products
Question 17 of 65
17. Question
You have 50 Azure subscriptions. You need to monitor the resource in the subscriptions for compliance with the ISO 27001:2013 standards. The solution must minimize the effort required to modify the list of monitored policy definitions for the subscriptions. What are two ways to achieve the goal? Each correct answer presents a complete solution.
Correct
An Azure Management group is logical containers that allow Azure Administrators to manage access, policy, and compliance across multiple Azure Subscriptions en masse. If your organization has many Azure subscriptions, you may need a way to efficiently manage access, policies, and compliance for those subscriptions. Management groups provide a governance scope above subscriptions. You organize subscriptions into management groups the governance conditions you apply cascade by inheritance to all associated subscriptions. Blueprint definition locations When creating a blueprint definition, you‘ll define where the blueprint is saved. Blueprints can be saved to a management group or subscription that you have Contributor access to. If the location is a management group, the blueprint is available to assign to any child subscription of that management group. Create and assign an initiative definition With an initiative definition, you can group several policy definitions to achieve one overarching goal. An initiative evaluates resources within scope of the assignment for compliance to the included policies. Note: The Azure Policy Regulatory Compliance built-in initiative definition maps to compliance domains and controls in ISO 27001:2013. The Azure Policy control mapping provides details on policy definitions included within this blueprint and how these policy definitions map to the compliance domains and controls in ISO 27001. When assigned to an architecture, resources are evaluated by Azure Policy for non-compliance with assigned policy definitions. Incorrect: If you plan to apply this policy definition to multiple subscriptions, the location must be a management group that contains the subscriptions you assign the policy to. The same is true for an initiative definition. Reference: https://docs.microsoft.com/en-us/azure/governance/management-groups/overview https://docs.microsoft.com/en-us/azure/governance/blueprints/overview https://docs.microsoft.com/en-us/azure/governance/policy/samples/iso-27001 https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage
Incorrect
An Azure Management group is logical containers that allow Azure Administrators to manage access, policy, and compliance across multiple Azure Subscriptions en masse. If your organization has many Azure subscriptions, you may need a way to efficiently manage access, policies, and compliance for those subscriptions. Management groups provide a governance scope above subscriptions. You organize subscriptions into management groups the governance conditions you apply cascade by inheritance to all associated subscriptions. Blueprint definition locations When creating a blueprint definition, you‘ll define where the blueprint is saved. Blueprints can be saved to a management group or subscription that you have Contributor access to. If the location is a management group, the blueprint is available to assign to any child subscription of that management group. Create and assign an initiative definition With an initiative definition, you can group several policy definitions to achieve one overarching goal. An initiative evaluates resources within scope of the assignment for compliance to the included policies. Note: The Azure Policy Regulatory Compliance built-in initiative definition maps to compliance domains and controls in ISO 27001:2013. The Azure Policy control mapping provides details on policy definitions included within this blueprint and how these policy definitions map to the compliance domains and controls in ISO 27001. When assigned to an architecture, resources are evaluated by Azure Policy for non-compliance with assigned policy definitions. Incorrect: If you plan to apply this policy definition to multiple subscriptions, the location must be a management group that contains the subscriptions you assign the policy to. The same is true for an initiative definition. Reference: https://docs.microsoft.com/en-us/azure/governance/management-groups/overview https://docs.microsoft.com/en-us/azure/governance/blueprints/overview https://docs.microsoft.com/en-us/azure/governance/policy/samples/iso-27001 https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage
Unattempted
An Azure Management group is logical containers that allow Azure Administrators to manage access, policy, and compliance across multiple Azure Subscriptions en masse. If your organization has many Azure subscriptions, you may need a way to efficiently manage access, policies, and compliance for those subscriptions. Management groups provide a governance scope above subscriptions. You organize subscriptions into management groups the governance conditions you apply cascade by inheritance to all associated subscriptions. Blueprint definition locations When creating a blueprint definition, you‘ll define where the blueprint is saved. Blueprints can be saved to a management group or subscription that you have Contributor access to. If the location is a management group, the blueprint is available to assign to any child subscription of that management group. Create and assign an initiative definition With an initiative definition, you can group several policy definitions to achieve one overarching goal. An initiative evaluates resources within scope of the assignment for compliance to the included policies. Note: The Azure Policy Regulatory Compliance built-in initiative definition maps to compliance domains and controls in ISO 27001:2013. The Azure Policy control mapping provides details on policy definitions included within this blueprint and how these policy definitions map to the compliance domains and controls in ISO 27001. When assigned to an architecture, resources are evaluated by Azure Policy for non-compliance with assigned policy definitions. Incorrect: If you plan to apply this policy definition to multiple subscriptions, the location must be a management group that contains the subscriptions you assign the policy to. The same is true for an initiative definition. Reference: https://docs.microsoft.com/en-us/azure/governance/management-groups/overview https://docs.microsoft.com/en-us/azure/governance/blueprints/overview https://docs.microsoft.com/en-us/azure/governance/policy/samples/iso-27001 https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-and-manage
Question 18 of 65
18. Question
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You have an Amazon Web Services (AWS) implementation. You plan to extend the Azure security strategy to the AWS implementation. The solution will NOT use Azure Arc. Which three services can you use to provide security for the AWS resources? Each correct answer presents a complete solution.
Correct
Environment settings page (in preview) (recommended) – This preview page provides a greatly improved, simpler, onboarding experience (including auto provisioning). This mechanism also extends Defender for Cloud‘s enhanced security features to your AWS resources: * Microsoft Defender for Containers brings threat detection and advanced defenses to your Amazon EKS clusters. This plan includes Kubernetes threat protection, behavioral analytics, Kubernetes best practices, admission control recommendations and more. * Microsoft Defender for Servers, though it requires Arc. AWS installations can benefit from Conditional Access. Defender for Cloud Apps integrates with Azure AD Conditional Access to enforce additional restrictions, and monitors and protects sessions after sign-in. Defender for Cloud Apps uses user behavior analytics (UBA) and other AWS APIs to monitor sessions and users and to support information protection. Kubernetes data plane hardening. For a bundle of recommendations to protect the workloads of your Kubernetes containers, install the Azure Policy for Kubernetes. You can also auto deploy this component as explained in enable auto provisioning of agents and extensions. With the add-on on your AKS cluster, every request to the Kubernetes API server will be monitored against the predefined set of best practices before being persisted to the cluster. You can then configure to enforce the best practices and mandate them for future workloads. Incorrect: To enable the Defender for Servers plan you need Azure Arc for servers installed on your EC2 instances. Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/aws/aws-azure-security-solutions
Incorrect
Environment settings page (in preview) (recommended) – This preview page provides a greatly improved, simpler, onboarding experience (including auto provisioning). This mechanism also extends Defender for Cloud‘s enhanced security features to your AWS resources: * Microsoft Defender for Containers brings threat detection and advanced defenses to your Amazon EKS clusters. This plan includes Kubernetes threat protection, behavioral analytics, Kubernetes best practices, admission control recommendations and more. * Microsoft Defender for Servers, though it requires Arc. AWS installations can benefit from Conditional Access. Defender for Cloud Apps integrates with Azure AD Conditional Access to enforce additional restrictions, and monitors and protects sessions after sign-in. Defender for Cloud Apps uses user behavior analytics (UBA) and other AWS APIs to monitor sessions and users and to support information protection. Kubernetes data plane hardening. For a bundle of recommendations to protect the workloads of your Kubernetes containers, install the Azure Policy for Kubernetes. You can also auto deploy this component as explained in enable auto provisioning of agents and extensions. With the add-on on your AKS cluster, every request to the Kubernetes API server will be monitored against the predefined set of best practices before being persisted to the cluster. You can then configure to enforce the best practices and mandate them for future workloads. Incorrect: To enable the Defender for Servers plan you need Azure Arc for servers installed on your EC2 instances. Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/aws/aws-azure-security-solutions
Unattempted
Environment settings page (in preview) (recommended) – This preview page provides a greatly improved, simpler, onboarding experience (including auto provisioning). This mechanism also extends Defender for Cloud‘s enhanced security features to your AWS resources: * Microsoft Defender for Containers brings threat detection and advanced defenses to your Amazon EKS clusters. This plan includes Kubernetes threat protection, behavioral analytics, Kubernetes best practices, admission control recommendations and more. * Microsoft Defender for Servers, though it requires Arc. AWS installations can benefit from Conditional Access. Defender for Cloud Apps integrates with Azure AD Conditional Access to enforce additional restrictions, and monitors and protects sessions after sign-in. Defender for Cloud Apps uses user behavior analytics (UBA) and other AWS APIs to monitor sessions and users and to support information protection. Kubernetes data plane hardening. For a bundle of recommendations to protect the workloads of your Kubernetes containers, install the Azure Policy for Kubernetes. You can also auto deploy this component as explained in enable auto provisioning of agents and extensions. With the add-on on your AKS cluster, every request to the Kubernetes API server will be monitored against the predefined set of best practices before being persisted to the cluster. You can then configure to enforce the best practices and mandate them for future workloads. Incorrect: To enable the Defender for Servers plan you need Azure Arc for servers installed on your EC2 instances. Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/aws/aws-azure-security-solutions
Question 19 of 65
19. Question
You are evaluating an Azure environment for compliance. You need to design an Azure Policy implementation that can be used to evaluate compliance without changing any resources. Which effect should you use in Azure Policy?
Correct
Incorrect
Unattempted
Question 20 of 65
20. Question
Your company has a hybrid cloud infrastructure.
Data and applications are moved regularly between cloud environments.
The company‘s on-premises network is managed as shown in the following exhibit.
Correct
Incorrect
Unattempted
Question 21 of 65
21. Question
Your company plans to move all on-premises virtual machines to Azure.
A network engineer proposes the Azure virtual network design shown in the following table.
You need to recommend an Azure Bastion deployment to provide secure remote access to all the virtual machines.
Based on the virtual network design, how many Azure Bastion subnets are required?
Correct
Incorrect
Unattempted
Question 22 of 65
22. Question
You open Microsoft Defender for Cloud as shown in the following exhibit.
select the answer choice that complete each statements based on the information presented in the graphic.
Answer area
1. To increase the score for the Restrict unauthorized network access control implement:
Azure Active Directory (Azure AD) Condition Access policies
Azure Web Application Firewall(WAF)
network security groups (NSGs)
2. To increase the score for the Enable endpoint protection control, implement:
Microsoft Defender for Resource Manager
Microsoft Defender for servers
Private endpoints
Correct
Incorrect
Unattempted
Question 23 of 65
23. Question
Your company is developing a serverless application in Azure that will have the architecture shown in the following exhibit.
You need to recommend a solution to isolate the compute components on an Azure virtual network.
What should you include in the recommendation?
Correct
The Azure App Service Environment v2 is an Azure App Service feature that provides a fully isolated and dedicated environment for securely running App Service apps at high scale. This capability can host your:
Windows web apps –
Linux web apps –
Docker containers –
Mobile apps –
Functions –
App Service environments (ASEs) are appropriate for application workloads that require:
Very high scale.
Isolation and secure network access.
High memory utilization.
Customers can create multiple ASEs within a single Azure region or across multiple Azure regions. This flexibility makes ASEs ideal for horizontally scaling stateless application tiers in support of high requests per second (RPS) workloads.
Reference: https://docs.microsoft.com/en-us/azure/app-service/environment/intro
Incorrect
The Azure App Service Environment v2 is an Azure App Service feature that provides a fully isolated and dedicated environment for securely running App Service apps at high scale. This capability can host your:
Windows web apps –
Linux web apps –
Docker containers –
Mobile apps –
Functions –
App Service environments (ASEs) are appropriate for application workloads that require:
Very high scale.
Isolation and secure network access.
High memory utilization.
Customers can create multiple ASEs within a single Azure region or across multiple Azure regions. This flexibility makes ASEs ideal for horizontally scaling stateless application tiers in support of high requests per second (RPS) workloads.
Reference: https://docs.microsoft.com/en-us/azure/app-service/environment/intro
Unattempted
The Azure App Service Environment v2 is an Azure App Service feature that provides a fully isolated and dedicated environment for securely running App Service apps at high scale. This capability can host your:
Windows web apps –
Linux web apps –
Docker containers –
Mobile apps –
Functions –
App Service environments (ASEs) are appropriate for application workloads that require:
Very high scale.
Isolation and secure network access.
High memory utilization.
Customers can create multiple ASEs within a single Azure region or across multiple Azure regions. This flexibility makes ASEs ideal for horizontally scaling stateless application tiers in support of high requests per second (RPS) workloads.
Reference: https://docs.microsoft.com/en-us/azure/app-service/environment/intro
Question 24 of 65
24. Question
Your company uses Microsoft Defender for Cloud and Microsoft Sentinel.
The company is designing an application that will have the architecture shown in the following exhibit.
You are designing a logging and auditing solution for the proposed architecture.
The solution must meet the following requirements:
• Integrate Azure Web Application Firewall (WAF) logs with Microsoft Sentinel.
• Use Defender for Cloud to review alerts from the virtual machines.
What should you include in the solution? To answer, select the appropriate options in the answer area.
Answer Area:
For WAF:
The Azure Diagnostics extension
Azure Network Watcher
Data connectors
Workflow automation
For the virtual machines:
The Azure Diagnostics extension
Azure Storage Analytics
Correct
Data connectors –
Microsoft Sentinel connector streams security alerts from Microsoft Defender for Cloud into Microsoft Sentinel.
Launch a WAF workbook (see step 7 below)
The WAF workbook works for all Azure Front Door, Application Gateway, and CDN WAFs. Before connecting the data from these resources, log analytics must be enabled on your resource.
To enable log analytics for each resource, go to your individual Azure Front Door, Application Gateway, or CDN resource:
1. Select Diagnostic settings.
2. Select + Add diagnostic setting.
3. In the Diagnostic setting page (details skipped)
4. On the Azure home page, type Microsoft Sentinel in the search bar and select the Microsoft Sentinel resource.
5. Select an already active workspace or create a new workspace.
6. On the left side panel under Configuration select Data Connectors.
7. Search for Azure web application firewall and select Azure web application firewall (WAF). Select Open connector page on the bottom right.
8. Follow the instructions under Configuration for each WAF resource that you want to have log analytic data for if you haven‘t done so previously.
9. Once finished configuring individual WAF resources, select the Next steps tab. Select one of the recommended workbooks. This workbook will use all log analytic data that was enabled previously. A working WAF workbook should now exist for your WAF resources.
The Log Analytics agent –
Use the Log Analytics agent to integrate with Microsoft Defender for cloud.
The Log Analytics agent is required for solutions, VM insights, and other services such as Microsoft Defender for Cloud.
Note: The Log Analytics agent in Azure Monitor can also be used to collect monitoring data from the guest operating system of virtual machines. You may choose to use either or both depending on your requirements.
Azure Log Analytics agent –
Use Defender for Cloud to review alerts from the virtual machines.
The Azure Log Analytics agent collects telemetry from Windows and Linux virtual machines in any cloud, on-premises machines, and those monitored by System
Center Operations Manager and sends collected data to your Log Analytics workspace in Azure Monitor.
Incorrect:
The Azure Diagnostics extension does not integrate with Microsoft Defender for Cloud.
Reference: https://docs.microsoft.com/en-us/azure/web-application-firewall/waf-sentinel https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-data-collection https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview
Incorrect
Data connectors –
Microsoft Sentinel connector streams security alerts from Microsoft Defender for Cloud into Microsoft Sentinel.
Launch a WAF workbook (see step 7 below)
The WAF workbook works for all Azure Front Door, Application Gateway, and CDN WAFs. Before connecting the data from these resources, log analytics must be enabled on your resource.
To enable log analytics for each resource, go to your individual Azure Front Door, Application Gateway, or CDN resource:
1. Select Diagnostic settings.
2. Select + Add diagnostic setting.
3. In the Diagnostic setting page (details skipped)
4. On the Azure home page, type Microsoft Sentinel in the search bar and select the Microsoft Sentinel resource.
5. Select an already active workspace or create a new workspace.
6. On the left side panel under Configuration select Data Connectors.
7. Search for Azure web application firewall and select Azure web application firewall (WAF). Select Open connector page on the bottom right.
8. Follow the instructions under Configuration for each WAF resource that you want to have log analytic data for if you haven‘t done so previously.
9. Once finished configuring individual WAF resources, select the Next steps tab. Select one of the recommended workbooks. This workbook will use all log analytic data that was enabled previously. A working WAF workbook should now exist for your WAF resources.
The Log Analytics agent –
Use the Log Analytics agent to integrate with Microsoft Defender for cloud.
The Log Analytics agent is required for solutions, VM insights, and other services such as Microsoft Defender for Cloud.
Note: The Log Analytics agent in Azure Monitor can also be used to collect monitoring data from the guest operating system of virtual machines. You may choose to use either or both depending on your requirements.
Azure Log Analytics agent –
Use Defender for Cloud to review alerts from the virtual machines.
The Azure Log Analytics agent collects telemetry from Windows and Linux virtual machines in any cloud, on-premises machines, and those monitored by System
Center Operations Manager and sends collected data to your Log Analytics workspace in Azure Monitor.
Incorrect:
The Azure Diagnostics extension does not integrate with Microsoft Defender for Cloud.
Reference: https://docs.microsoft.com/en-us/azure/web-application-firewall/waf-sentinel https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-data-collection https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview
Unattempted
Data connectors –
Microsoft Sentinel connector streams security alerts from Microsoft Defender for Cloud into Microsoft Sentinel.
Launch a WAF workbook (see step 7 below)
The WAF workbook works for all Azure Front Door, Application Gateway, and CDN WAFs. Before connecting the data from these resources, log analytics must be enabled on your resource.
To enable log analytics for each resource, go to your individual Azure Front Door, Application Gateway, or CDN resource:
1. Select Diagnostic settings.
2. Select + Add diagnostic setting.
3. In the Diagnostic setting page (details skipped)
4. On the Azure home page, type Microsoft Sentinel in the search bar and select the Microsoft Sentinel resource.
5. Select an already active workspace or create a new workspace.
6. On the left side panel under Configuration select Data Connectors.
7. Search for Azure web application firewall and select Azure web application firewall (WAF). Select Open connector page on the bottom right.
8. Follow the instructions under Configuration for each WAF resource that you want to have log analytic data for if you haven‘t done so previously.
9. Once finished configuring individual WAF resources, select the Next steps tab. Select one of the recommended workbooks. This workbook will use all log analytic data that was enabled previously. A working WAF workbook should now exist for your WAF resources.
The Log Analytics agent –
Use the Log Analytics agent to integrate with Microsoft Defender for cloud.
The Log Analytics agent is required for solutions, VM insights, and other services such as Microsoft Defender for Cloud.
Note: The Log Analytics agent in Azure Monitor can also be used to collect monitoring data from the guest operating system of virtual machines. You may choose to use either or both depending on your requirements.
Azure Log Analytics agent –
Use Defender for Cloud to review alerts from the virtual machines.
The Azure Log Analytics agent collects telemetry from Windows and Linux virtual machines in any cloud, on-premises machines, and those monitored by System
Center Operations Manager and sends collected data to your Log Analytics workspace in Azure Monitor.
Incorrect:
The Azure Diagnostics extension does not integrate with Microsoft Defender for Cloud.
Reference: https://docs.microsoft.com/en-us/azure/web-application-firewall/waf-sentinel https://docs.microsoft.com/en-us/azure/defender-for-cloud/enable-data-collection https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview
Question 25 of 65
25. Question
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You are evaluating the Azure Security Benchmark V3 report as shown in the following exhibit.
You need to verify whether Microsoft Defender for servers is installed on all the virtual machines that run Windows.
Which compliance control should you evaluate?
Correct
Microsoft Defender for servers compliance control installed on Windows
Defender for clout “Endpoint Security“ azure security benchmark v3
Endpoint Security covers controls in endpoint detection and response, including use of endpoint detection and response (EDR) and anti-malware service for endpoints in Azure environments.
Security Principle: Enable Endpoint Detection and Response (EDR) capabilities for VMs and integrate with SIEM and security operations processes.
Azure Guidance: Azure Defender for servers (with Microsoft Defender for Endpoint integrated) provides EDR capability to prevent, detect, investigate, and respond to advanced threats.
Use Microsoft Defender for Cloud to deploy Azure Defender for servers for your endpoint and integrate the alerts to your SIEM solution such as Azure Sentinel.
Incorrect:
Asset Management:Â Asset Management covers controls to ensure security visibility and governance over Azure resources, including recommendations on permissions for security personnel, security access to asset inventory, and managing approvals for services and resources (inventory, track, and correct).
Posture and Vulnerability Management:Â Posture and Vulnerability Management focuses on controls for assessing and improving Azure security posture, including vulnerability scanning, penetration testing and remediation, as well as security configuration tracking, reporting, and correction in Azure resources.
Data Protection:Â Data Protection covers control of data protection at rest, in transit, and via authorized access mechanisms, including discover, classify, protect, and monitor sensitive data assets using access control, encryption, key and certificate management in Azure.
Incident Response:Â Incident Response covers controls in incident response life cycle – preparation, detection and analysis, containment, and post-incident activities, including using Azure services such as Microsoft Defender for Cloud and Sentinel to automate the incident response process.
Reference: https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-endpoint-security
Incorrect
Microsoft Defender for servers compliance control installed on Windows
Defender for clout “Endpoint Security“ azure security benchmark v3
Endpoint Security covers controls in endpoint detection and response, including use of endpoint detection and response (EDR) and anti-malware service for endpoints in Azure environments.
Security Principle: Enable Endpoint Detection and Response (EDR) capabilities for VMs and integrate with SIEM and security operations processes.
Azure Guidance: Azure Defender for servers (with Microsoft Defender for Endpoint integrated) provides EDR capability to prevent, detect, investigate, and respond to advanced threats.
Use Microsoft Defender for Cloud to deploy Azure Defender for servers for your endpoint and integrate the alerts to your SIEM solution such as Azure Sentinel.
Incorrect:
Asset Management:Â Asset Management covers controls to ensure security visibility and governance over Azure resources, including recommendations on permissions for security personnel, security access to asset inventory, and managing approvals for services and resources (inventory, track, and correct).
Posture and Vulnerability Management:Â Posture and Vulnerability Management focuses on controls for assessing and improving Azure security posture, including vulnerability scanning, penetration testing and remediation, as well as security configuration tracking, reporting, and correction in Azure resources.
Data Protection:Â Data Protection covers control of data protection at rest, in transit, and via authorized access mechanisms, including discover, classify, protect, and monitor sensitive data assets using access control, encryption, key and certificate management in Azure.
Incident Response:Â Incident Response covers controls in incident response life cycle – preparation, detection and analysis, containment, and post-incident activities, including using Azure services such as Microsoft Defender for Cloud and Sentinel to automate the incident response process.
Reference: https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-endpoint-security
Unattempted
Microsoft Defender for servers compliance control installed on Windows
Defender for clout “Endpoint Security“ azure security benchmark v3
Endpoint Security covers controls in endpoint detection and response, including use of endpoint detection and response (EDR) and anti-malware service for endpoints in Azure environments.
Security Principle: Enable Endpoint Detection and Response (EDR) capabilities for VMs and integrate with SIEM and security operations processes.
Azure Guidance: Azure Defender for servers (with Microsoft Defender for Endpoint integrated) provides EDR capability to prevent, detect, investigate, and respond to advanced threats.
Use Microsoft Defender for Cloud to deploy Azure Defender for servers for your endpoint and integrate the alerts to your SIEM solution such as Azure Sentinel.
Incorrect:
Asset Management:Â Asset Management covers controls to ensure security visibility and governance over Azure resources, including recommendations on permissions for security personnel, security access to asset inventory, and managing approvals for services and resources (inventory, track, and correct).
Posture and Vulnerability Management:Â Posture and Vulnerability Management focuses on controls for assessing and improving Azure security posture, including vulnerability scanning, penetration testing and remediation, as well as security configuration tracking, reporting, and correction in Azure resources.
Data Protection:Â Data Protection covers control of data protection at rest, in transit, and via authorized access mechanisms, including discover, classify, protect, and monitor sensitive data assets using access control, encryption, key and certificate management in Azure.
Incident Response:Â Incident Response covers controls in incident response life cycle – preparation, detection and analysis, containment, and post-incident activities, including using Azure services such as Microsoft Defender for Cloud and Sentinel to automate the incident response process.
Reference: https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-endpoint-security
Question 26 of 65
26. Question
Your company is migrating data to Azure. The data contains Personally Identifiable Information (PII).
The company plans to use Microsoft Information Protection for the PII data store in Azure.
You need to recommend a solution to discover PII data at risk in the Azure resources.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct
Incorrect
Unattempted
Question 27 of 65
27. Question
You are creating the security recommendations for an Azure App Service web app named App1. App1 has the following specifications:
? Users will request access to App1 through the My Apps portal. A human resources manager will approve the requests.
? Users will authenticate by using Azure Active Directory (Azure AD) user accounts.
You need to recommend an access security architecture for App1.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct
Incorrect
Unattempted
Question 28 of 65
28. Question
Your company uses Microsoft Defender for Cloud and Microsoft Sentinel.
The company is designing an application that will have the architecture shown in the following exhibit.
You are designing a logging and auditing solution for the proposed architecture. The solution must meet the following requirements:
? Integrate Azure Web Application Firewall (WAF) logs with Microsoft Sentinel.
? Use Defender for Cloud to review alerts from the virtual machines.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
For WAF:Â Â The Azure Diagnostics extension
Correct
Incorrect
Unattempted
Question 29 of 65
29. Question
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains a Microsoft Sentinel workspace. Microsoft Sentinel data connectors are configured for Microsoft 365, Microsoft 365 Defender,
Defender for Cloud, and Azure.
You plan to deploy Azure virtual machines that will run Windows Server.
You need to enable extended detection and response (EDR) and security orchestration, automation, and response (SOAR) capabilities for Microsoft Sentinel.
How should you recommend enabling each capability? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Add a Microsoft Sentinel data connector for Azure Active Directory (Azure AD).
Add a Microsoft Sentinel data connector for Microsoft Defender for Cloud Apps.
Correct
Incorrect
Unattempted
Question 30 of 65
30. Question
Your company is developing a serverless application in Azure that will have the architecture shown in the following exhibit.
You need to recommend a solution to isolate the compute components on an Azure virtual network.
What should you include in the recommendation?
Correct
Incorrect
Unattempted
Question 31 of 65
31. Question
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You are evaluating the Azure Security Benchmark V3 report as shown in the following exhibit.
You need to verify whether Microsoft Defender for servers is installed on all the virtual machines that run Windows.
Which compliance control should you evaluate?
Correct
Incorrect
Unattempted
Question 32 of 65
32. Question
You have a Microsoft 365 E5 subscription and an Azure subscription.
You need to evaluate the existing environment to increase the overall security posture for the following components:
? Windows 11 devices managed by Microsoft Intune
? Azure Storage accounts
? Azure virtual machines
What should you use to evaluate the components? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Windows 11 devices:Â Microsoft 365 compliance center
Correct
Incorrect
Unattempted
Question 33 of 65
33. Question
Your company has a multi-cloud environment that contains a Microsoft 365 subscription, an Azure subscription, and Amazon Web Services (AWS) implementation.
You need to recommend a security posture management solution for the following components:
• Azure loT Edge devices
• AWS EC2 instances
Which services should you include in the recommendation? To answer, select the appropriate options in the answer area.
Answer Area
1.For the IoT Edge devices:
Azure Arc
Microsoft Defender for Cloud
Microsoft Defender for Cloud Apps
Microsoft Defender for Endpoint
Microsoft Defender for IoT
2.For the AWS EC2 instance:
Azure Arc only
Microsoft Defender for Cloud and Azure Arc
Microsoft Defender for Cloud Apps only
Microsoft Defender for Cloud only
Microsoft Defender for Endpoint and Azure Arc
Microsoft Defender for Endpoint only
Correct
Microsoft Defender for IoT
Microsoft Defender for IoT is a unified security solution for identifying IoT and OT devices, vulnerabilities, and threats and managing them through a central interface.
Azure IoT Edge provides powerful capabilities to manage and perform business workflows at the edge. The key part that IoT Edge plays in IoT environments make it particularly attractive for malicious actors.
Defender for IoT azureiotsecurity provides a comprehensive security solution for your IoT Edge devices. Defender for IoT module collects, aggregates and analyzes raw security data from your Operating System and container system into actionable security recommendations and alerts.
Microsoft Defender for Cloud and Azure Arc
Microsoft Defender for Cloud provides the following features in the CSPM (Cloud Security Posture Management) category in the multi-cloud scenario for AWS.
Take into account that some of them require Defender plan to be enabled (such as Regulatory Compliance):
* Detection of security misconfigurations
* Single view showing Security Center recommendations and AWS Security Hub findings
* Incorporation of AWS resources into Security Center‘s secure score calculations
* Regulatory compliance assessments of AWS resources
Security Center uses Azure Arc to deploy the Log Analytics agent to AWS instances.
Incorrect:
AWS EC2 Microsoft Defender for Cloud Apps
Amazon Web Services is an IaaS provider that enables your organization to host and manage their entire workloads in the cloud. Along with the benefits of leveraging infrastructure in the cloud, your organization‘s most critical assets may be exposed to threats. Exposed assets include storage instances with potentially sensitive information, compute resources that operate some of your most critical applications, ports, and virtual private networks that enable access to your organization.
Connecting AWS to Defender for Cloud Apps helps you secure your assets and detect potential threats by monitoring administrative and sign-in activities, notifying on possible brute force attacks, malicious use of a privileged user account, unusual deletions of VMs, and publicly exposed storage buckets.
Reference:
Reference: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/architecture https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings https://docs.microsoft.com/en-us/azure/azure-arc/servers/overview#supported-cloud-operations https://docs.microsoft.com/en-us/azure/defender-for-iot/device-builders/security-edge-architecture
Incorrect
Microsoft Defender for IoT
Microsoft Defender for IoT is a unified security solution for identifying IoT and OT devices, vulnerabilities, and threats and managing them through a central interface.
Azure IoT Edge provides powerful capabilities to manage and perform business workflows at the edge. The key part that IoT Edge plays in IoT environments make it particularly attractive for malicious actors.
Defender for IoT azureiotsecurity provides a comprehensive security solution for your IoT Edge devices. Defender for IoT module collects, aggregates and analyzes raw security data from your Operating System and container system into actionable security recommendations and alerts.
Microsoft Defender for Cloud and Azure Arc
Microsoft Defender for Cloud provides the following features in the CSPM (Cloud Security Posture Management) category in the multi-cloud scenario for AWS.
Take into account that some of them require Defender plan to be enabled (such as Regulatory Compliance):
* Detection of security misconfigurations
* Single view showing Security Center recommendations and AWS Security Hub findings
* Incorporation of AWS resources into Security Center‘s secure score calculations
* Regulatory compliance assessments of AWS resources
Security Center uses Azure Arc to deploy the Log Analytics agent to AWS instances.
Incorrect:
AWS EC2 Microsoft Defender for Cloud Apps
Amazon Web Services is an IaaS provider that enables your organization to host and manage their entire workloads in the cloud. Along with the benefits of leveraging infrastructure in the cloud, your organization‘s most critical assets may be exposed to threats. Exposed assets include storage instances with potentially sensitive information, compute resources that operate some of your most critical applications, ports, and virtual private networks that enable access to your organization.
Connecting AWS to Defender for Cloud Apps helps you secure your assets and detect potential threats by monitoring administrative and sign-in activities, notifying on possible brute force attacks, malicious use of a privileged user account, unusual deletions of VMs, and publicly exposed storage buckets.
Reference:
Reference: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/architecture https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings https://docs.microsoft.com/en-us/azure/azure-arc/servers/overview#supported-cloud-operations https://docs.microsoft.com/en-us/azure/defender-for-iot/device-builders/security-edge-architecture
Unattempted
Microsoft Defender for IoT
Microsoft Defender for IoT is a unified security solution for identifying IoT and OT devices, vulnerabilities, and threats and managing them through a central interface.
Azure IoT Edge provides powerful capabilities to manage and perform business workflows at the edge. The key part that IoT Edge plays in IoT environments make it particularly attractive for malicious actors.
Defender for IoT azureiotsecurity provides a comprehensive security solution for your IoT Edge devices. Defender for IoT module collects, aggregates and analyzes raw security data from your Operating System and container system into actionable security recommendations and alerts.
Microsoft Defender for Cloud and Azure Arc
Microsoft Defender for Cloud provides the following features in the CSPM (Cloud Security Posture Management) category in the multi-cloud scenario for AWS.
Take into account that some of them require Defender plan to be enabled (such as Regulatory Compliance):
* Detection of security misconfigurations
* Single view showing Security Center recommendations and AWS Security Hub findings
* Incorporation of AWS resources into Security Center‘s secure score calculations
* Regulatory compliance assessments of AWS resources
Security Center uses Azure Arc to deploy the Log Analytics agent to AWS instances.
Incorrect:
AWS EC2 Microsoft Defender for Cloud Apps
Amazon Web Services is an IaaS provider that enables your organization to host and manage their entire workloads in the cloud. Along with the benefits of leveraging infrastructure in the cloud, your organization‘s most critical assets may be exposed to threats. Exposed assets include storage instances with potentially sensitive information, compute resources that operate some of your most critical applications, ports, and virtual private networks that enable access to your organization.
Connecting AWS to Defender for Cloud Apps helps you secure your assets and detect potential threats by monitoring administrative and sign-in activities, notifying on possible brute force attacks, malicious use of a privileged user account, unusual deletions of VMs, and publicly exposed storage buckets.
Reference:
Reference: https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/architecture https://docs.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-aws?pivots=env-settings https://docs.microsoft.com/en-us/azure/azure-arc/servers/overview#supported-cloud-operations https://docs.microsoft.com/en-us/azure/defender-for-iot/device-builders/security-edge-architecture
Question 34 of 65
34. Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are designing the encryption standards for data at rest for an Azure resource. You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly. Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses customer-managed keys (CMKs). Does this meet the goal?
Correct
We need to use customer-managed keys. Transparent data encryption (TDE) helps protect Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics against the threat of malicious offline activity by encrypting data at rest. It performs real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application. In Azure, the default setting for TDE is that the Database Encryption Key (DEK) is protected by a built-in server certificate. The built-in server certificate is unique for each server and the encryption algorithm used is AES 256. TDE protector is either a service-managed certificate (service-managed transparent data encryption) or an asymmetric key stored in Azure Key Vault (customer- managed transparent data encryption). Note: Automated key rotation in Key Vault allows users to configure Key Vault to automatically generate a new key version at a specified frequency. You can use rotation policy to configure rotation for each individual key. Our recommendation is to rotate encryption keys at least every two years to meet cryptographic best practices. This feature enables end-to-end zero-touch rotation for encryption at rest for Azure services with customer-managed key (CMK) stored in Azure Key Vault. Please refer to specific Azure service documentation to see if the service covers end-to-end rotation. Reference: https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview https://docs.microsoft.com/en-us/azure/key-vault/keys/how-to-configure-key-rotation
Incorrect
We need to use customer-managed keys. Transparent data encryption (TDE) helps protect Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics against the threat of malicious offline activity by encrypting data at rest. It performs real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application. In Azure, the default setting for TDE is that the Database Encryption Key (DEK) is protected by a built-in server certificate. The built-in server certificate is unique for each server and the encryption algorithm used is AES 256. TDE protector is either a service-managed certificate (service-managed transparent data encryption) or an asymmetric key stored in Azure Key Vault (customer- managed transparent data encryption). Note: Automated key rotation in Key Vault allows users to configure Key Vault to automatically generate a new key version at a specified frequency. You can use rotation policy to configure rotation for each individual key. Our recommendation is to rotate encryption keys at least every two years to meet cryptographic best practices. This feature enables end-to-end zero-touch rotation for encryption at rest for Azure services with customer-managed key (CMK) stored in Azure Key Vault. Please refer to specific Azure service documentation to see if the service covers end-to-end rotation. Reference: https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview https://docs.microsoft.com/en-us/azure/key-vault/keys/how-to-configure-key-rotation
Unattempted
We need to use customer-managed keys. Transparent data encryption (TDE) helps protect Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics against the threat of malicious offline activity by encrypting data at rest. It performs real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application. In Azure, the default setting for TDE is that the Database Encryption Key (DEK) is protected by a built-in server certificate. The built-in server certificate is unique for each server and the encryption algorithm used is AES 256. TDE protector is either a service-managed certificate (service-managed transparent data encryption) or an asymmetric key stored in Azure Key Vault (customer- managed transparent data encryption). Note: Automated key rotation in Key Vault allows users to configure Key Vault to automatically generate a new key version at a specified frequency. You can use rotation policy to configure rotation for each individual key. Our recommendation is to rotate encryption keys at least every two years to meet cryptographic best practices. This feature enables end-to-end zero-touch rotation for encryption at rest for Azure services with customer-managed key (CMK) stored in Azure Key Vault. Please refer to specific Azure service documentation to see if the service covers end-to-end rotation. Reference: https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview https://docs.microsoft.com/en-us/azure/key-vault/keys/how-to-configure-key-rotation
Question 35 of 65
35. Question
You have Microsoft Defender for Cloud assigned to Azure management groups. You have a Microsoft Sentinel deployment. During the triage of alerts, you require additional information about the security events, including suggestions for remediation. Which components can you use to achieve the goal? Each correct answer presents a complete solution.
Correct
A: Workbooks provide insights about your threat intelligence Workbooks provide powerful interactive dashboards that give you insights into all aspects of Microsoft Sentinel, and threat intelligence is no exception. You can use the built-in Threat Intelligence workbook to visualize key information about your threat intelligence, and you can easily customize the workbook according to your business needs. You can even create new dashboards combining many different data sources so you can visualize your data in unique ways. Since Microsoft Sentinel workbooks are based on Azure Monitor workbooks, there is already extensive documentation available, and many more templates. C: What is a threat intelligence report? Defender for Cloud‘s threat protection works by monitoring security information from your Azure resources, the network, and connected partner solutions. It analyzes this information, often correlating information from multiple sources, to identify threats. Defender for Cloud has three types of threat reports, which can vary according to the attack. The reports available are: Activity Group Report: provides deep dives into attackers, their objectives, and tactics. Campaign Report: focuses on details of specific attack campaigns. Threat Summary Report: covers all of the items in the previous two reports. This type of information is useful during the incident response process, where there‘s an ongoing investigation to understand the source of the attack, the attacker‘s motivations, and what to do to mitigate this issue in the future. Incorrect: Not B: When to use Jupyter notebooks While many common tasks can be carried out in the portal, Jupyter extends the scope of what you can do with this data. For example, use notebooks to: Perform analytics that aren‘t provided out-of-the box in Microsoft Sentinel, such as some Python machine learning features Create data visualizations that aren‘t provided out-of-the box in Microsoft Sentinel, such as custom timelines and process trees Integrate data sources outside of Microsoft Sentinel, such as an on-premises data set. Not D: Defender for Cloud offers security alerts that are powered by Microsoft Threat Intelligence. It also includes a range of advanced, intelligent, protections for your workloads. The workload protections are provided through Microsoft Defender plans specific to the types of resources in your subscriptions. For example, you can enable Microsoft Defender for Storage to get alerted about suspicious activities related to your Azure Storage accounts. Reference: https://docs.microsoft.com/en-us/azure/sentinel/understand-threat-intelligence https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction https://docs.microsoft.com/en-us/azure/defender-for-cloud/threat-intelligence-reports https://docs.microsoft.com/en-us/azure/sentinel/notebooks
Incorrect
A: Workbooks provide insights about your threat intelligence Workbooks provide powerful interactive dashboards that give you insights into all aspects of Microsoft Sentinel, and threat intelligence is no exception. You can use the built-in Threat Intelligence workbook to visualize key information about your threat intelligence, and you can easily customize the workbook according to your business needs. You can even create new dashboards combining many different data sources so you can visualize your data in unique ways. Since Microsoft Sentinel workbooks are based on Azure Monitor workbooks, there is already extensive documentation available, and many more templates. C: What is a threat intelligence report? Defender for Cloud‘s threat protection works by monitoring security information from your Azure resources, the network, and connected partner solutions. It analyzes this information, often correlating information from multiple sources, to identify threats. Defender for Cloud has three types of threat reports, which can vary according to the attack. The reports available are: Activity Group Report: provides deep dives into attackers, their objectives, and tactics. Campaign Report: focuses on details of specific attack campaigns. Threat Summary Report: covers all of the items in the previous two reports. This type of information is useful during the incident response process, where there‘s an ongoing investigation to understand the source of the attack, the attacker‘s motivations, and what to do to mitigate this issue in the future. Incorrect: Not B: When to use Jupyter notebooks While many common tasks can be carried out in the portal, Jupyter extends the scope of what you can do with this data. For example, use notebooks to: Perform analytics that aren‘t provided out-of-the box in Microsoft Sentinel, such as some Python machine learning features Create data visualizations that aren‘t provided out-of-the box in Microsoft Sentinel, such as custom timelines and process trees Integrate data sources outside of Microsoft Sentinel, such as an on-premises data set. Not D: Defender for Cloud offers security alerts that are powered by Microsoft Threat Intelligence. It also includes a range of advanced, intelligent, protections for your workloads. The workload protections are provided through Microsoft Defender plans specific to the types of resources in your subscriptions. For example, you can enable Microsoft Defender for Storage to get alerted about suspicious activities related to your Azure Storage accounts. Reference: https://docs.microsoft.com/en-us/azure/sentinel/understand-threat-intelligence https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction https://docs.microsoft.com/en-us/azure/defender-for-cloud/threat-intelligence-reports https://docs.microsoft.com/en-us/azure/sentinel/notebooks
Unattempted
A: Workbooks provide insights about your threat intelligence Workbooks provide powerful interactive dashboards that give you insights into all aspects of Microsoft Sentinel, and threat intelligence is no exception. You can use the built-in Threat Intelligence workbook to visualize key information about your threat intelligence, and you can easily customize the workbook according to your business needs. You can even create new dashboards combining many different data sources so you can visualize your data in unique ways. Since Microsoft Sentinel workbooks are based on Azure Monitor workbooks, there is already extensive documentation available, and many more templates. C: What is a threat intelligence report? Defender for Cloud‘s threat protection works by monitoring security information from your Azure resources, the network, and connected partner solutions. It analyzes this information, often correlating information from multiple sources, to identify threats. Defender for Cloud has three types of threat reports, which can vary according to the attack. The reports available are: Activity Group Report: provides deep dives into attackers, their objectives, and tactics. Campaign Report: focuses on details of specific attack campaigns. Threat Summary Report: covers all of the items in the previous two reports. This type of information is useful during the incident response process, where there‘s an ongoing investigation to understand the source of the attack, the attacker‘s motivations, and what to do to mitigate this issue in the future. Incorrect: Not B: When to use Jupyter notebooks While many common tasks can be carried out in the portal, Jupyter extends the scope of what you can do with this data. For example, use notebooks to: Perform analytics that aren‘t provided out-of-the box in Microsoft Sentinel, such as some Python machine learning features Create data visualizations that aren‘t provided out-of-the box in Microsoft Sentinel, such as custom timelines and process trees Integrate data sources outside of Microsoft Sentinel, such as an on-premises data set. Not D: Defender for Cloud offers security alerts that are powered by Microsoft Threat Intelligence. It also includes a range of advanced, intelligent, protections for your workloads. The workload protections are provided through Microsoft Defender plans specific to the types of resources in your subscriptions. For example, you can enable Microsoft Defender for Storage to get alerted about suspicious activities related to your Azure Storage accounts. Reference: https://docs.microsoft.com/en-us/azure/sentinel/understand-threat-intelligence https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction https://docs.microsoft.com/en-us/azure/defender-for-cloud/threat-intelligence-reports https://docs.microsoft.com/en-us/azure/sentinel/notebooks
Question 36 of 65
36. Question
A customer uses Azure to develop a mobile app that will be consumed by external users as shown in the following exhibit. You need to design an identity strategy for the app. The solution must meet the following requirements: • Enable the usage of external IDs such as Google, Facebook, and Microsoft accounts. • Be managed separately from the identity store of the customer. • Support fully customizable branding for each app. Which service should you recommend to complete the design?
Correct
Incorrect
Unattempted
Question 37 of 65
37. Question
You need to recommend a solution to meet the requirements for connections to ClaimsDB. What should you recommend using for each requirement? To answer, select the appropriate options in the answer area. Answer Area 1. ClaimsDB must be accessible only from Azure virtual networks: A NAT gateway A network security group A private endpoint A service endpoint 2. The app services permission for ClaimsApp must be assigned to ClaimsDB: A custom role-based acCess control (RBAC) role A managed identity An access package Azure AD Privileged Identity Management (PIM)
Correct
Incorrect
Unattempted
Question 38 of 65
38. Question
You are evaluating an Azure environment for compliance. You need to design an Azure Policy implementation that can be used to evaluate compliance without changing any resources. Which effect should you use in Azure Policy?
Your company has devices that run either Windows 10, Windows 11, or Windows Server. You are in the process of improving the security posture of the devices. You plan to use security baselines from the Microsoft Security Compliance Toolkit. What should you recommend using to compare the baselines to the current device configurations?
Correct
Microsoft Security Compliance Toolkit 1.0, Policy Analyzer. The Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). Its main features include: Highlight when a set of Group Policies has redundant settings or internal inconsistencies. Highlight the differences between versions or sets of Group Policies. Compare GPOs against current local policy and local registry settings Export results to a Microsoft Excel spreadsheet Policy Analyzer lets you treat a set of GPOs as a single unit. This treatment makes it easy to determine whether particular settings are duplicated across the GPOs or are set to conflicting values. Policy Analyzer also lets you capture a baseline and then compare it to a snapshot taken at a later time to identify changes anywhere across the set. Note: The Security Compliance Toolkit (SCT) is a set of tools that allows enterprise security administrators to download, analyze, test, edit, and store Microsoft- recommended security configuration baselines for Windows and other Microsoft products. The SCT enables administrators to effectively manage their enterprise‘s Group Policy Objects (GPOs). Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them broadly through Active Directory or individually through local policy. Security Compliance Toolkit Tools: Policy Analyzer – Local Group Policy Object (LGPO) Set Object Security – GPO to Policy Rules – Incorrect: Not B: Local Group Policy Object (LGPO) What is the Local Group Policy Object (LGPO) tool? LGPO.exe is a command-line utility that is designed to help automate management of Local Group Policy. Using local policy gives administrators a simple way to verify the effects of Group Policy settings, and is also useful for managing non-domain-joined systems. LGPO.exe can import and apply settings from Registry Policy (Registry.pol) files, security templates, Advanced Auditing backup files, as well as from formatted ?€LGPO text?€ files. It can export local policy to a GPO backup. It can export the contents of a Registry Policy file to the LGPO text format that can then be edited, and can build a Registry Policy file from an LGPO text file. Reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10
Incorrect
Microsoft Security Compliance Toolkit 1.0, Policy Analyzer. The Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). Its main features include: Highlight when a set of Group Policies has redundant settings or internal inconsistencies. Highlight the differences between versions or sets of Group Policies. Compare GPOs against current local policy and local registry settings Export results to a Microsoft Excel spreadsheet Policy Analyzer lets you treat a set of GPOs as a single unit. This treatment makes it easy to determine whether particular settings are duplicated across the GPOs or are set to conflicting values. Policy Analyzer also lets you capture a baseline and then compare it to a snapshot taken at a later time to identify changes anywhere across the set. Note: The Security Compliance Toolkit (SCT) is a set of tools that allows enterprise security administrators to download, analyze, test, edit, and store Microsoft- recommended security configuration baselines for Windows and other Microsoft products. The SCT enables administrators to effectively manage their enterprise‘s Group Policy Objects (GPOs). Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them broadly through Active Directory or individually through local policy. Security Compliance Toolkit Tools: Policy Analyzer – Local Group Policy Object (LGPO) Set Object Security – GPO to Policy Rules – Incorrect: Not B: Local Group Policy Object (LGPO) What is the Local Group Policy Object (LGPO) tool? LGPO.exe is a command-line utility that is designed to help automate management of Local Group Policy. Using local policy gives administrators a simple way to verify the effects of Group Policy settings, and is also useful for managing non-domain-joined systems. LGPO.exe can import and apply settings from Registry Policy (Registry.pol) files, security templates, Advanced Auditing backup files, as well as from formatted ?€LGPO text?€ files. It can export local policy to a GPO backup. It can export the contents of a Registry Policy file to the LGPO text format that can then be edited, and can build a Registry Policy file from an LGPO text file. Reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10
Unattempted
Microsoft Security Compliance Toolkit 1.0, Policy Analyzer. The Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). Its main features include: Highlight when a set of Group Policies has redundant settings or internal inconsistencies. Highlight the differences between versions or sets of Group Policies. Compare GPOs against current local policy and local registry settings Export results to a Microsoft Excel spreadsheet Policy Analyzer lets you treat a set of GPOs as a single unit. This treatment makes it easy to determine whether particular settings are duplicated across the GPOs or are set to conflicting values. Policy Analyzer also lets you capture a baseline and then compare it to a snapshot taken at a later time to identify changes anywhere across the set. Note: The Security Compliance Toolkit (SCT) is a set of tools that allows enterprise security administrators to download, analyze, test, edit, and store Microsoft- recommended security configuration baselines for Windows and other Microsoft products. The SCT enables administrators to effectively manage their enterprise‘s Group Policy Objects (GPOs). Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them broadly through Active Directory or individually through local policy. Security Compliance Toolkit Tools: Policy Analyzer – Local Group Policy Object (LGPO) Set Object Security – GPO to Policy Rules – Incorrect: Not B: Local Group Policy Object (LGPO) What is the Local Group Policy Object (LGPO) tool? LGPO.exe is a command-line utility that is designed to help automate management of Local Group Policy. Using local policy gives administrators a simple way to verify the effects of Group Policy settings, and is also useful for managing non-domain-joined systems. LGPO.exe can import and apply settings from Registry Policy (Registry.pol) files, security templates, Advanced Auditing backup files, as well as from formatted ?€LGPO text?€ files. It can export local policy to a GPO backup. It can export the contents of a Registry Policy file to the LGPO text format that can then be edited, and can build a Registry Policy file from an LGPO text file. Reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10
Question 40 of 65
40. Question
You are creating the security recommendations for an Azure App Service web app named App1. App1 has the following specifications: * Users will request access to App1 through the My Apps portal. A human resources manager will approve the requests. * Users will authenticate by using Azure Active Directory (Azure AD) user accounts. You need to recommend an access security architecture for App1. What should you include in the recommendation? To answer, select the appropriate options in the answer area Answer Area: 1. To enable Azure AD authentication for App1, use: Azure AD application Azure AD Application Proxy Azure Application Gateway A managed identity in Azure AD Microsoft Defender for App 2. To implement access requests for App1, use: An access package in Identity Governance An access policy in Microsoft Defender for Cloud Apps An access review in Identity Governance Azure AD Conditional Access App Control An OAuth app policy in Microsoft Defender for Cloud Apps
You need to recommend a solution to evaluate regulatory compliance across the entire managed environment. The solution must meet the regulatory compliance requirements and the business requirements. What should you recommend? To answer, select the appropriate options in the answer area. Answer Area: 1. Evaluate regulatory compliance of cloud resources by assigning: Azure Policy definitions to management groups Azure Policy initiatives to management groups Azure Policy initiatives to subscriptions 2. Evaluate regulatory compliance of on-premises resources by using: Azure Arc Group Policy PowerShell Desired State ConfIguration (DSC)
Correct
Incorrect
Unattempted
Question 42 of 65
42. Question
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report. In the Secure management ports controls, you discover that you have 0 out of a potential 8 points. You need to recommend configurations to increase the score of the Secure management ports controls. Solution: You recommend enabling just-in-time (JIT) VM access on all virtual machines. Does this meet the goal?
Correct
Incorrect
Unattempted
Question 43 of 65
43. Question
You need to recommend a SIEM and SOAR strategy that meets the hybrid requirements, the Microsoft Sentinel requirements, and the regulatory compliance requirements. What should you recommend? Answer Area: Segment Microsoft Sentinel workspaces by: Azure AD tenant Enterprise Region and Azure AD tenant Integrate Azure subscription by using: Self-service sign-up user flows for Azure AD B2B Self-service sign-up user flows for Azure AD B2C The Azure Lighthouse subscription onboarding process
Correct
Incorrect
Unattempted
Question 44 of 65
44. Question
You receive a security alert in Microsoft Defender for Cloud After remediating the threat which policy definition should you assign to prevent the threat from reoccurring?
Correct
Anonymous public read access to containers and blobs in Azure Storage is a convenient way to share data, but may also present a security risk. It‘s important to manage anonymous access judiciously and to understand how to evaluate anonymous access to your data. Operational complexity, human error, or malicious attack against data that is publicly accessible can result in costly data breaches. Microsoft recommends that you enable anonymous access only when necessary for your application scenario. Note: Attackers have been crawling for public containers using tools such as MicroBurst. Exploiting Anonymous Blob Access Now, there are thousands of articles explaining how this can be abused and how to search for insecure storage in Azure. One of the easiest way is to use MicroBurst, provide the storage account name to search for, and it‘ll check if the containers exists based on a wordlist saved in the Misc/permutations.txt Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-prevent
Incorrect
Anonymous public read access to containers and blobs in Azure Storage is a convenient way to share data, but may also present a security risk. It‘s important to manage anonymous access judiciously and to understand how to evaluate anonymous access to your data. Operational complexity, human error, or malicious attack against data that is publicly accessible can result in costly data breaches. Microsoft recommends that you enable anonymous access only when necessary for your application scenario. Note: Attackers have been crawling for public containers using tools such as MicroBurst. Exploiting Anonymous Blob Access Now, there are thousands of articles explaining how this can be abused and how to search for insecure storage in Azure. One of the easiest way is to use MicroBurst, provide the storage account name to search for, and it‘ll check if the containers exists based on a wordlist saved in the Misc/permutations.txt Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-prevent
Unattempted
Anonymous public read access to containers and blobs in Azure Storage is a convenient way to share data, but may also present a security risk. It‘s important to manage anonymous access judiciously and to understand how to evaluate anonymous access to your data. Operational complexity, human error, or malicious attack against data that is publicly accessible can result in costly data breaches. Microsoft recommends that you enable anonymous access only when necessary for your application scenario. Note: Attackers have been crawling for public containers using tools such as MicroBurst. Exploiting Anonymous Blob Access Now, there are thousands of articles explaining how this can be abused and how to search for insecure storage in Azure. One of the easiest way is to use MicroBurst, provide the storage account name to search for, and it‘ll check if the containers exists based on a wordlist saved in the Misc/permutations.txt Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-prevent
Question 45 of 65
45. Question
You are designing security for an Azure landing zone. Your company identifies the following compliance and privacy requirements: • Encrypt cardholder data by using encryption keys managed by the company. • Encrypt insurance claim files by using encryption keys hosted on-premises. Which two configurations meet the compliance and privacy requirements? Each correct answer presents part of the solution.
Azure subscription that uses Azure Storage. The company plans to share specific blobs with vendors. You need to recommend a solution to provide the vendors with secure access to specific blobs without exposing the blobs publicly. The access must be tme-Vimted. What should you include in the recommendation?
Correct
Incorrect
Unattempted
Question 47 of 65
47. Question
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report. In the Secure management ports controls, you discover that you have 0 out of a potential 8 points. You need to recommend configurations to increase the score of the Secure management ports controls. Solution: You recommend onboarding all virtual machines to Microsoft Defender for Endpoint. Does this meet the goal?
Correct
Incorrect
Unattempted
Question 48 of 65
48. Question
You have an Azure subscription that has Microsoft Defender for Cloud enabled. Suspicious authentication activity alerts have been appearing in the Workload protections dashboard. You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort. What should you include in the recommendation?
Correct
The workflow automation feature of Microsoft Defender for Cloud feature can trigger Logic Apps on security alerts, recommendations, and changes to regulatory compliance. Note: Azure Logic Apps is a cloud-based platform for creating and running automated workflows that integrate your apps, data, services, and systems. With this platform, you can quickly develop highly scalable integration solutions for your enterprise and business-to-business (B2B) scenarios. Incorrect: Not C: Using Azure Functions apps would require more effort. Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation
Incorrect
The workflow automation feature of Microsoft Defender for Cloud feature can trigger Logic Apps on security alerts, recommendations, and changes to regulatory compliance. Note: Azure Logic Apps is a cloud-based platform for creating and running automated workflows that integrate your apps, data, services, and systems. With this platform, you can quickly develop highly scalable integration solutions for your enterprise and business-to-business (B2B) scenarios. Incorrect: Not C: Using Azure Functions apps would require more effort. Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation
Unattempted
The workflow automation feature of Microsoft Defender for Cloud feature can trigger Logic Apps on security alerts, recommendations, and changes to regulatory compliance. Note: Azure Logic Apps is a cloud-based platform for creating and running automated workflows that integrate your apps, data, services, and systems. With this platform, you can quickly develop highly scalable integration solutions for your enterprise and business-to-business (B2B) scenarios. Incorrect: Not C: Using Azure Functions apps would require more effort. Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation
Question 49 of 65
49. Question
A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription. All on-premises servers in the perimeter network are prevented from connecting directly to the internet. The customer recently recovered from a ransomware attack. The customer plans to deploy Microsoft Sentinel. You need to recommend solutions to meet the following requirements: * Ensure that the security operations team can access the security logs and the operation logs. * Ensure that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network. Which two solutions should you include in the recommendation? Each correct answer presents a complete solution.
Correct
You can collect data in custom log formats to Microsoft Sentinel with the Log Analytics agent. Note: You can use the Log Analytics agent to collect data in text files of nonstandard formats from both Windows and Linux computers. Once collected, you can either parse the data into individual fields in your queries or extract the data during collection to individual fields. You can connect your data sources to Microsoft Sentinel using custom log formats. Microsoft Sentinel uses Azure role-based access control (Azure RBAC) to provide built-in roles that can be assigned to users, groups, and services in Azure. Use Azure RBAC to create and assign roles within your security operations team to grant appropriate access to Microsoft Sentinel. The different roles give you fine-grained control over what Microsoft Sentinel users can see and do. Azure roles can be assigned in the Microsoft Sentinel workspace directly (see note below), or in a subscription or resource group that the workspace belongs to, which Microsoft Sentinel inherits. Incorrect: You can collect data in custom log formats to Microsoft Sentinel with the Log Analytics agent. Note: You can use the Log Analytics agent to collect data in text files of nonstandard formats from both Windows and Linux computers. Once collected, you can either parse the data into individual fields in your queries or extract the data during collection to individual fields. You can connect your data sources to Microsoft Sentinel using custom log formats. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview https://docs.microsoft.com/en-us/azure/sentinel/connect-custom-logs?tabs=DCGhttps://docs.microsoft.com/en-us/azure/sentinel/roles
Incorrect
You can collect data in custom log formats to Microsoft Sentinel with the Log Analytics agent. Note: You can use the Log Analytics agent to collect data in text files of nonstandard formats from both Windows and Linux computers. Once collected, you can either parse the data into individual fields in your queries or extract the data during collection to individual fields. You can connect your data sources to Microsoft Sentinel using custom log formats. Microsoft Sentinel uses Azure role-based access control (Azure RBAC) to provide built-in roles that can be assigned to users, groups, and services in Azure. Use Azure RBAC to create and assign roles within your security operations team to grant appropriate access to Microsoft Sentinel. The different roles give you fine-grained control over what Microsoft Sentinel users can see and do. Azure roles can be assigned in the Microsoft Sentinel workspace directly (see note below), or in a subscription or resource group that the workspace belongs to, which Microsoft Sentinel inherits. Incorrect: You can collect data in custom log formats to Microsoft Sentinel with the Log Analytics agent. Note: You can use the Log Analytics agent to collect data in text files of nonstandard formats from both Windows and Linux computers. Once collected, you can either parse the data into individual fields in your queries or extract the data during collection to individual fields. You can connect your data sources to Microsoft Sentinel using custom log formats. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview https://docs.microsoft.com/en-us/azure/sentinel/connect-custom-logs?tabs=DCGhttps://docs.microsoft.com/en-us/azure/sentinel/roles
Unattempted
You can collect data in custom log formats to Microsoft Sentinel with the Log Analytics agent. Note: You can use the Log Analytics agent to collect data in text files of nonstandard formats from both Windows and Linux computers. Once collected, you can either parse the data into individual fields in your queries or extract the data during collection to individual fields. You can connect your data sources to Microsoft Sentinel using custom log formats. Microsoft Sentinel uses Azure role-based access control (Azure RBAC) to provide built-in roles that can be assigned to users, groups, and services in Azure. Use Azure RBAC to create and assign roles within your security operations team to grant appropriate access to Microsoft Sentinel. The different roles give you fine-grained control over what Microsoft Sentinel users can see and do. Azure roles can be assigned in the Microsoft Sentinel workspace directly (see note below), or in a subscription or resource group that the workspace belongs to, which Microsoft Sentinel inherits. Incorrect: You can collect data in custom log formats to Microsoft Sentinel with the Log Analytics agent. Note: You can use the Log Analytics agent to collect data in text files of nonstandard formats from both Windows and Linux computers. Once collected, you can either parse the data into individual fields in your queries or extract the data during collection to individual fields. You can connect your data sources to Microsoft Sentinel using custom log formats. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview https://docs.microsoft.com/en-us/azure/sentinel/connect-custom-logs?tabs=DCGhttps://docs.microsoft.com/en-us/azure/sentinel/roles
Question 50 of 65
50. Question
You need to recommend a solution to meet the security requirements for the virtual machines. What should you include in the recommendation?
Correct
Incorrect
Unattempted
Question 51 of 65
51. Question
Your company has on-premises network in Seattle and an Azure subscription. The on-premises network contains a Remote Desktop server. The company contracts a third-party development firm from France to develop and deploy resources to the virtual machines hosted in the Azure subscription. Currently, the firm establishes an RDP connection to the Remote Desktop server. From the Remote Desktop connection, the firm can access the virtual machines hosted in Azure by using custom administrative tools installed on the Remote Desktop server. All the traffic to the Remote Desktop server is captured by a firewall, and the firewall only allows specific connections from France to the server. You need to recommend a modern security solution based on the Zero Trust model. The solution must minimize latency for developers. Which three actions should you recommend? Each correct answer presents part of the solution.
Correct
Organizations can use this location for common tasks like: Requiring multi-factor authentication for users accessing a service when they‘re off the corporate network. Blocking access for users accessing a service from specific countries or regions. The location is determined by the public IP address a client provides to Azure Active Directory or GPS coordinates provided by the Microsoft Authenticator app. Conditional Access policies by default apply to all IPv4 and IPv6 addresses. Use Azure Firewall to protect Azure Virtual Desktop deployments. Azure Virtual Desktop is a desktop and app virtualization service that runs on Azure. When an end user connects to an Azure Virtual Desktop environment, their session is run by a host pool. A host pool is a collection of Azure virtual machines that register to Azure Virtual Desktop as session hosts. These virtual machines run in your virtual network and are subject to the virtual network security controls. They need outbound Internet access to the Azure Virtual Desktop service to operate properly and might also need outbound Internet access for end users. Azure Firewall can help you lock down your environment and filter outbound traffic. Reference: https://docs.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop
Incorrect
Organizations can use this location for common tasks like: Requiring multi-factor authentication for users accessing a service when they‘re off the corporate network. Blocking access for users accessing a service from specific countries or regions. The location is determined by the public IP address a client provides to Azure Active Directory or GPS coordinates provided by the Microsoft Authenticator app. Conditional Access policies by default apply to all IPv4 and IPv6 addresses. Use Azure Firewall to protect Azure Virtual Desktop deployments. Azure Virtual Desktop is a desktop and app virtualization service that runs on Azure. When an end user connects to an Azure Virtual Desktop environment, their session is run by a host pool. A host pool is a collection of Azure virtual machines that register to Azure Virtual Desktop as session hosts. These virtual machines run in your virtual network and are subject to the virtual network security controls. They need outbound Internet access to the Azure Virtual Desktop service to operate properly and might also need outbound Internet access for end users. Azure Firewall can help you lock down your environment and filter outbound traffic. Reference: https://docs.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop
Unattempted
Organizations can use this location for common tasks like: Requiring multi-factor authentication for users accessing a service when they‘re off the corporate network. Blocking access for users accessing a service from specific countries or regions. The location is determined by the public IP address a client provides to Azure Active Directory or GPS coordinates provided by the Microsoft Authenticator app. Conditional Access policies by default apply to all IPv4 and IPv6 addresses. Use Azure Firewall to protect Azure Virtual Desktop deployments. Azure Virtual Desktop is a desktop and app virtualization service that runs on Azure. When an end user connects to an Azure Virtual Desktop environment, their session is run by a host pool. A host pool is a collection of Azure virtual machines that register to Azure Virtual Desktop as session hosts. These virtual machines run in your virtual network and are subject to the virtual network security controls. They need outbound Internet access to the Azure Virtual Desktop service to operate properly and might also need outbound Internet access for end users. Azure Firewall can help you lock down your environment and filter outbound traffic. Reference: https://docs.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop
Question 52 of 65
52. Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report. In the Secure management ports controls, you discover that you have 0 out of a potential 8 points. You need to recommend configurations to increase the score of the Secure management ports controls. Solution: You recommend enabling the VMAccess extension on all virtual machines. Does this meet the goal?
A customer is deploying Docker images to 10 Azure Kubernetes Service (AKS) resources across four Azure subscriptions. You are evaluating the security posture of the customer. You discover that the AKS resources are excluded from the secure score recommendations. You need to produce accurate recommendations and update the secure score. Which two actions should you recommend in Microsoft Defender for Cloud? Each correct answer presents part of the solution.
Correct
How are regulatory compliance standards represented in Defender for Cloud? Industry standards, regulatory standards, and benchmarks are represented in Defender for Cloud‘s regulatory compliance dashboard. Each standard is an initiative defined in Azure Policy. To see compliance data mapped as assessments in your dashboard, add a compliance standard to your management group or subscription from within the Security policy page. When you‘ve assigned a standard or benchmark to your selected scope, the standard appears in your regulatory compliance dashboard with all associated compliance data mapped as assessments. Configure Defender for Containers components If you disabled any of the default protections when you enabled Microsoft Defender for Containers, you can change the configurations and reenable them via auto provisioning. 1. To configure the Defender for Containers components: 2. Sign in to the Azure portal. 3. Navigate to Microsoft Defender for Cloud > Environment settings. 4. Select the relevant subscription. 5. From the left side tool bar, select Auto provisioning. 6. Ensure that Microsoft Defenders for Containers components (preview) is toggled to On. Incorrect: Not : When you enable Microsoft Defender for Containers, Azure Kubernetes Service clusters, and Azure Arc enabled Kubernetes clusters (Preview) protection are both enabled by default. To upgrade to Microsoft Defender for Containers, open the Defender plans page in the portal and enable the new plan: Not : No need for automation. Note: Automate responses to Microsoft Defender for Cloud triggers. Every security program includes multiple workflows for incident response. These processes might include notifying relevant stakeholders, launching a change management process, and applying specific remediation steps. Security experts recommend that you automate as many steps of those procedures as you can. Automation reduces overhead. It can also improve your security by ensuring the process steps are done quickly, consistently, and according to your predefined requirements. Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation
Incorrect
How are regulatory compliance standards represented in Defender for Cloud? Industry standards, regulatory standards, and benchmarks are represented in Defender for Cloud‘s regulatory compliance dashboard. Each standard is an initiative defined in Azure Policy. To see compliance data mapped as assessments in your dashboard, add a compliance standard to your management group or subscription from within the Security policy page. When you‘ve assigned a standard or benchmark to your selected scope, the standard appears in your regulatory compliance dashboard with all associated compliance data mapped as assessments. Configure Defender for Containers components If you disabled any of the default protections when you enabled Microsoft Defender for Containers, you can change the configurations and reenable them via auto provisioning. 1. To configure the Defender for Containers components: 2. Sign in to the Azure portal. 3. Navigate to Microsoft Defender for Cloud > Environment settings. 4. Select the relevant subscription. 5. From the left side tool bar, select Auto provisioning. 6. Ensure that Microsoft Defenders for Containers components (preview) is toggled to On. Incorrect: Not : When you enable Microsoft Defender for Containers, Azure Kubernetes Service clusters, and Azure Arc enabled Kubernetes clusters (Preview) protection are both enabled by default. To upgrade to Microsoft Defender for Containers, open the Defender plans page in the portal and enable the new plan: Not : No need for automation. Note: Automate responses to Microsoft Defender for Cloud triggers. Every security program includes multiple workflows for incident response. These processes might include notifying relevant stakeholders, launching a change management process, and applying specific remediation steps. Security experts recommend that you automate as many steps of those procedures as you can. Automation reduces overhead. It can also improve your security by ensuring the process steps are done quickly, consistently, and according to your predefined requirements. Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation
Unattempted
How are regulatory compliance standards represented in Defender for Cloud? Industry standards, regulatory standards, and benchmarks are represented in Defender for Cloud‘s regulatory compliance dashboard. Each standard is an initiative defined in Azure Policy. To see compliance data mapped as assessments in your dashboard, add a compliance standard to your management group or subscription from within the Security policy page. When you‘ve assigned a standard or benchmark to your selected scope, the standard appears in your regulatory compliance dashboard with all associated compliance data mapped as assessments. Configure Defender for Containers components If you disabled any of the default protections when you enabled Microsoft Defender for Containers, you can change the configurations and reenable them via auto provisioning. 1. To configure the Defender for Containers components: 2. Sign in to the Azure portal. 3. Navigate to Microsoft Defender for Cloud > Environment settings. 4. Select the relevant subscription. 5. From the left side tool bar, select Auto provisioning. 6. Ensure that Microsoft Defenders for Containers components (preview) is toggled to On. Incorrect: Not : When you enable Microsoft Defender for Containers, Azure Kubernetes Service clusters, and Azure Arc enabled Kubernetes clusters (Preview) protection are both enabled by default. To upgrade to Microsoft Defender for Containers, open the Defender plans page in the portal and enable the new plan: Not : No need for automation. Note: Automate responses to Microsoft Defender for Cloud triggers. Every security program includes multiple workflows for incident response. These processes might include notifying relevant stakeholders, launching a change management process, and applying specific remediation steps. Security experts recommend that you automate as many steps of those procedures as you can. Automation reduces overhead. It can also improve your security by ensuring the process steps are done quickly, consistently, and according to your predefined requirements. Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/update-regulatory-compliance-packages https://docs.microsoft.com/en-us/azure/defender-for-cloud/workflow-automation
Question 54 of 65
54. Question
Your company is developing a new Azure App Service web app. You are providing design assistance to verify the security of the web app. You need to recommend a solution to test the web app for vulnerabilities such as insecure server configurations, cross-site scripting (XSS), and SQL injection. What should you include in the recommendation?
Correct
Incorrect
Unattempted
Question 55 of 65
55. Question
Your company plans to deploy several Azure App Service web apps. The web apps will be deployed to the West Europe Azure region. The web apps will be accessed only by customers in Europe and the United States. You need to recommend a solution to prevent malicious bots from scanning the web apps for vulnerabilities. The solution must minimize the attach surface. What should you include in the recommendation?
You have a Microsoft 365 subscription. You need to recommend a security solution to monitor the following activities: ? User accounts that were potentially compromised ? Users performing bulk file downloads from Microsoft SharePoint Online What should you include in the recommendation for each activity? Answer Area: 1. User account that were potentially compromised: 2. User performing bulk file download from SharePoint Online:
Correct
Azure Active Directory (Azure AD) Identity Protection Risk detections in Azure AD Identity Protection include any identified suspicious actions related to user accounts in the directory. Risk detections (both user and sign-in linked) contribute to the overall user risk score that is found in the Risky Users report. Identity Protection provides organizations access to powerful resources to see and respond quickly to these suspicious actions. Note: Premium sign-in risk detections include: * Token Issuer Anomaly – This risk detection indicates the SAML token issuer for the associated SAML token is potentially compromised. The claims included in the token are unusual or match known attacker patterns. * Suspicious inbox manipulation rules – This detection is discovered by Microsoft Defender for Cloud Apps. This detection profiles your environment and triggers alerts when suspicious rules that delete or move messages or folders are set on a user‘s inbox. This detection may indicate that the user‘s account is compromised, that messages are being intentionally hidden, and that the mailbox is being used to distribute spam or malware in your organization. * Etc. Incorrect: Not: Microsoft 365 Defender for Cloud Part of your incident investigation can include user accounts. You can see the details of user accounts identified in the alerts of an incident in the Microsoft 365 Defender portal from Incidents & alerts > incident > Users. Microsoft 365 Defender for App Defender for Cloud apps detect mass download (data exfiltration) policy Detect when a certain user accesses or downloads a massive number of files in a short period of time. Reference: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks https://docs.microsoft.com/en-us/defender-cloud-apps/policies-threat-protection#detect-mass-download-data-exfiltration https://docs.microsoft.com/en-us/microsoft-365/security/defender/investigate-users
Incorrect
Azure Active Directory (Azure AD) Identity Protection Risk detections in Azure AD Identity Protection include any identified suspicious actions related to user accounts in the directory. Risk detections (both user and sign-in linked) contribute to the overall user risk score that is found in the Risky Users report. Identity Protection provides organizations access to powerful resources to see and respond quickly to these suspicious actions. Note: Premium sign-in risk detections include: * Token Issuer Anomaly – This risk detection indicates the SAML token issuer for the associated SAML token is potentially compromised. The claims included in the token are unusual or match known attacker patterns. * Suspicious inbox manipulation rules – This detection is discovered by Microsoft Defender for Cloud Apps. This detection profiles your environment and triggers alerts when suspicious rules that delete or move messages or folders are set on a user‘s inbox. This detection may indicate that the user‘s account is compromised, that messages are being intentionally hidden, and that the mailbox is being used to distribute spam or malware in your organization. * Etc. Incorrect: Not: Microsoft 365 Defender for Cloud Part of your incident investigation can include user accounts. You can see the details of user accounts identified in the alerts of an incident in the Microsoft 365 Defender portal from Incidents & alerts > incident > Users. Microsoft 365 Defender for App Defender for Cloud apps detect mass download (data exfiltration) policy Detect when a certain user accesses or downloads a massive number of files in a short period of time. Reference: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks https://docs.microsoft.com/en-us/defender-cloud-apps/policies-threat-protection#detect-mass-download-data-exfiltration https://docs.microsoft.com/en-us/microsoft-365/security/defender/investigate-users
Unattempted
Azure Active Directory (Azure AD) Identity Protection Risk detections in Azure AD Identity Protection include any identified suspicious actions related to user accounts in the directory. Risk detections (both user and sign-in linked) contribute to the overall user risk score that is found in the Risky Users report. Identity Protection provides organizations access to powerful resources to see and respond quickly to these suspicious actions. Note: Premium sign-in risk detections include: * Token Issuer Anomaly – This risk detection indicates the SAML token issuer for the associated SAML token is potentially compromised. The claims included in the token are unusual or match known attacker patterns. * Suspicious inbox manipulation rules – This detection is discovered by Microsoft Defender for Cloud Apps. This detection profiles your environment and triggers alerts when suspicious rules that delete or move messages or folders are set on a user‘s inbox. This detection may indicate that the user‘s account is compromised, that messages are being intentionally hidden, and that the mailbox is being used to distribute spam or malware in your organization. * Etc. Incorrect: Not: Microsoft 365 Defender for Cloud Part of your incident investigation can include user accounts. You can see the details of user accounts identified in the alerts of an incident in the Microsoft 365 Defender portal from Incidents & alerts > incident > Users. Microsoft 365 Defender for App Defender for Cloud apps detect mass download (data exfiltration) policy Detect when a certain user accesses or downloads a massive number of files in a short period of time. Reference: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks https://docs.microsoft.com/en-us/defender-cloud-apps/policies-threat-protection#detect-mass-download-data-exfiltration https://docs.microsoft.com/en-us/microsoft-365/security/defender/investigate-users
Question 57 of 65
57. Question
You have a Microsoft 365 E5 subscription and an Azure subscripts You need to evaluate the existing environment to increase the overall security posture for the following components: • Windows 11 devices managed by Microsoft Intune • Azure Storage accounts • Azure virtual machines What should you use to evaluate the components? To answer, select the appropriate options in the answer area. Answer Area: 1. Windows 11 device: * Microsoft 365 compliance center * Microsoft 365 Defender * Microsoft Defender for Cloud * Microsoft Sentinel 2. Azure virtual machines: * Microsoft 365 compliance center * Microsoft 365 Defender * Microsoft Defender for Cloud * Microsoft Sentinel 3. Azure Storage accounts: * Microsoft 365 compliance center * Microsoft 365 Defender * Microsoft Defender for Cloud * Microsoft Sentinel
Correct
Microsoft 365 Defender – The Microsoft 365 Defender portal emphasizes quick access to information, simpler layouts, and bringing related information together for easier use. It includes Microsoft Defender for Endpoint. Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. You can integrate Microsoft Defender for Endpoint with Microsoft Intune as a Mobile Threat Defense solution. Integration can help you prevent security breaches and limit the impact of breaches within an organization. Microsoft Defender for Endpoint works with devices that run: Android – iOS/iPadOS Windows 10 – Windows 11 – Microsoft Defender for Cloud Microsoft Defender for Cloud currently protects Azure Blobs, Azure Files and Azure Data Lake Storage Gen2 resources. Microsoft Defender for SQL on Azure price applies to SQL servers on Azure SQL Database, Azure SQL Managed Instance and Azure Virtual Machines. Microsoft 365 Compliance Center Azure Storage Security Assessment: Microsoft 365 Compliance Center monitors and recommends encryption for Azure Storage, and within a few clicks customers can enable built-in encryption for their Azure Storage Accounts. Note: Microsoft 365 compliance is now called Microsoft Purview and the solutions within the compliance area have been rebranded. Microsoft Purview can be setup to manage policies for one or more Azure Storage accounts. Reference: https://docs.microsoft.com/en-us/azure/purview/tutorial-data-owner-policies-storagehttps://docs.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-defender? https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint https://azure.microsoft.com/en-gb/pricing/details/defender-for-cloud/
Incorrect
Microsoft 365 Defender – The Microsoft 365 Defender portal emphasizes quick access to information, simpler layouts, and bringing related information together for easier use. It includes Microsoft Defender for Endpoint. Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. You can integrate Microsoft Defender for Endpoint with Microsoft Intune as a Mobile Threat Defense solution. Integration can help you prevent security breaches and limit the impact of breaches within an organization. Microsoft Defender for Endpoint works with devices that run: Android – iOS/iPadOS Windows 10 – Windows 11 – Microsoft Defender for Cloud Microsoft Defender for Cloud currently protects Azure Blobs, Azure Files and Azure Data Lake Storage Gen2 resources. Microsoft Defender for SQL on Azure price applies to SQL servers on Azure SQL Database, Azure SQL Managed Instance and Azure Virtual Machines. Microsoft 365 Compliance Center Azure Storage Security Assessment: Microsoft 365 Compliance Center monitors and recommends encryption for Azure Storage, and within a few clicks customers can enable built-in encryption for their Azure Storage Accounts. Note: Microsoft 365 compliance is now called Microsoft Purview and the solutions within the compliance area have been rebranded. Microsoft Purview can be setup to manage policies for one or more Azure Storage accounts. Reference: https://docs.microsoft.com/en-us/azure/purview/tutorial-data-owner-policies-storagehttps://docs.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-defender? https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint https://azure.microsoft.com/en-gb/pricing/details/defender-for-cloud/
Unattempted
Microsoft 365 Defender – The Microsoft 365 Defender portal emphasizes quick access to information, simpler layouts, and bringing related information together for easier use. It includes Microsoft Defender for Endpoint. Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. You can integrate Microsoft Defender for Endpoint with Microsoft Intune as a Mobile Threat Defense solution. Integration can help you prevent security breaches and limit the impact of breaches within an organization. Microsoft Defender for Endpoint works with devices that run: Android – iOS/iPadOS Windows 10 – Windows 11 – Microsoft Defender for Cloud Microsoft Defender for Cloud currently protects Azure Blobs, Azure Files and Azure Data Lake Storage Gen2 resources. Microsoft Defender for SQL on Azure price applies to SQL servers on Azure SQL Database, Azure SQL Managed Instance and Azure Virtual Machines. Microsoft 365 Compliance Center Azure Storage Security Assessment: Microsoft 365 Compliance Center monitors and recommends encryption for Azure Storage, and within a few clicks customers can enable built-in encryption for their Azure Storage Accounts. Note: Microsoft 365 compliance is now called Microsoft Purview and the solutions within the compliance area have been rebranded. Microsoft Purview can be setup to manage policies for one or more Azure Storage accounts. Reference: https://docs.microsoft.com/en-us/azure/purview/tutorial-data-owner-policies-storagehttps://docs.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-defender? https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint https://azure.microsoft.com/en-gb/pricing/details/defender-for-cloud/
Question 58 of 65
58. Question
Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud. The company signs a contract with the United States government. You need to review the current subscription for NIST 800-53 compliance. What should you do first?
Correct
The Azure Policy Regulatory Compliance built-in initiative definition maps to compliance domains and controls in NIST SP 800-53 Rev. 5. The following mappings are to the NIST SP 800-53 Rev. 5 controls. Use the navigation on the right to jump directly to a specific compliance domain. Many of the controls are implemented with an Azure Policy initiative definition. To review the complete initiative definition, open Policy in the Azure portal and select the Definitions page. Then, find and select the NIST SP 800-53 Rev. 5 Regulatory Compliance built-in initiative definition. Reference: https://docs.microsoft.com/en-us/azure/governance/policy/samples/gov-nist-sp-800-53-r5
Incorrect
The Azure Policy Regulatory Compliance built-in initiative definition maps to compliance domains and controls in NIST SP 800-53 Rev. 5. The following mappings are to the NIST SP 800-53 Rev. 5 controls. Use the navigation on the right to jump directly to a specific compliance domain. Many of the controls are implemented with an Azure Policy initiative definition. To review the complete initiative definition, open Policy in the Azure portal and select the Definitions page. Then, find and select the NIST SP 800-53 Rev. 5 Regulatory Compliance built-in initiative definition. Reference: https://docs.microsoft.com/en-us/azure/governance/policy/samples/gov-nist-sp-800-53-r5
Unattempted
The Azure Policy Regulatory Compliance built-in initiative definition maps to compliance domains and controls in NIST SP 800-53 Rev. 5. The following mappings are to the NIST SP 800-53 Rev. 5 controls. Use the navigation on the right to jump directly to a specific compliance domain. Many of the controls are implemented with an Azure Policy initiative definition. To review the complete initiative definition, open Policy in the Azure portal and select the Definitions page. Then, find and select the NIST SP 800-53 Rev. 5 Regulatory Compliance built-in initiative definition. Reference: https://docs.microsoft.com/en-us/azure/governance/policy/samples/gov-nist-sp-800-53-r5
Question 59 of 65
59. Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report. In the Secure management ports controls, you discover that you have 0 out of a potential 8 points. You need to recommend configurations to increase the score of the Secure management ports controls. Solution: You recommend enabling adaptive network hardening. Does this meet the goal?
Correct
Instead: You recommend enabling just-in-time (JIT) VM access on all virtual machines. Note: Secure management ports – Brute force attacks often target management ports. Use these recommendations to reduce your exposure with tools like just-in-time VM access and network security groups. Recommendations: – Internet-facing virtual machines should be protected with network security groups – Management ports of virtual machines should be protected with just-in-time network access control – Management ports should be closed on your virtual machines Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls
Incorrect
Instead: You recommend enabling just-in-time (JIT) VM access on all virtual machines. Note: Secure management ports – Brute force attacks often target management ports. Use these recommendations to reduce your exposure with tools like just-in-time VM access and network security groups. Recommendations: – Internet-facing virtual machines should be protected with network security groups – Management ports of virtual machines should be protected with just-in-time network access control – Management ports should be closed on your virtual machines Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls
Unattempted
Instead: You recommend enabling just-in-time (JIT) VM access on all virtual machines. Note: Secure management ports – Brute force attacks often target management ports. Use these recommendations to reduce your exposure with tools like just-in-time VM access and network security groups. Recommendations: – Internet-facing virtual machines should be protected with network security groups – Management ports of virtual machines should be protected with just-in-time network access control – Management ports should be closed on your virtual machines Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls
Question 60 of 65
60. Question
Your company has a Microsoft 365 ES subscription. The Chief Compliance Officer plans to enhance privacy management in the working environment. You need to recommend a solution to enhance the privacy management. The solution must meet the following requirements: *Â Identify unused personal data and empower users to make smart data handling decisions. *Â Provide users with notifications and guidance when a user sends personal data in Microsoft Teams. *. Provide users with recommendations to mitigate privacy risks. What should you include in the recommendation?
Correct
Privacy Risk Management in Microsoft Priva gives you the capability to set up policies that identify privacy risks in your Microsoft 365 environment and enable easy remediation. Privacy Risk Management policies are meant to be internal guides and can help you: Detect overexposed personal data so that users can secure it. Spot and limit transfers of personal data across departments or regional borders. Help users identify and reduce the amount of unused personal data that you store. Incorrect: Not B: Microsoft Viva Insights provides personalized recommendations to help you do your best work. Get insights to build better work habits, such as following through on commitments made to collaborators and protecting focus time in the day for uninterrupted, individual work. Not D: The Microsoft Purview eDiscovery (Premium) solution builds on the existing Microsoft eDiscovery and analytics capabilities. eDiscovery (Premium) provides an end-to-end workflow to preserve, collect, analyze, review, and export content that‘s responsive to your organization‘s internal and external investigations. Reference: https://docs.microsoft.com/en-us/privacy/priva/risk-management
Incorrect
Privacy Risk Management in Microsoft Priva gives you the capability to set up policies that identify privacy risks in your Microsoft 365 environment and enable easy remediation. Privacy Risk Management policies are meant to be internal guides and can help you: Detect overexposed personal data so that users can secure it. Spot and limit transfers of personal data across departments or regional borders. Help users identify and reduce the amount of unused personal data that you store. Incorrect: Not B: Microsoft Viva Insights provides personalized recommendations to help you do your best work. Get insights to build better work habits, such as following through on commitments made to collaborators and protecting focus time in the day for uninterrupted, individual work. Not D: The Microsoft Purview eDiscovery (Premium) solution builds on the existing Microsoft eDiscovery and analytics capabilities. eDiscovery (Premium) provides an end-to-end workflow to preserve, collect, analyze, review, and export content that‘s responsive to your organization‘s internal and external investigations. Reference: https://docs.microsoft.com/en-us/privacy/priva/risk-management
Unattempted
Privacy Risk Management in Microsoft Priva gives you the capability to set up policies that identify privacy risks in your Microsoft 365 environment and enable easy remediation. Privacy Risk Management policies are meant to be internal guides and can help you: Detect overexposed personal data so that users can secure it. Spot and limit transfers of personal data across departments or regional borders. Help users identify and reduce the amount of unused personal data that you store. Incorrect: Not B: Microsoft Viva Insights provides personalized recommendations to help you do your best work. Get insights to build better work habits, such as following through on commitments made to collaborators and protecting focus time in the day for uninterrupted, individual work. Not D: The Microsoft Purview eDiscovery (Premium) solution builds on the existing Microsoft eDiscovery and analytics capabilities. eDiscovery (Premium) provides an end-to-end workflow to preserve, collect, analyze, review, and export content that‘s responsive to your organization‘s internal and external investigations. Reference: https://docs.microsoft.com/en-us/privacy/priva/risk-management
Question 61 of 65
61. Question
You have an Azure subscription that is used as an Azure landing zone for an application. You need to evaluate the security posture of all the workloads in the landing zone. What should you do first?
Correct
Incorrect
Unattempted
Question 62 of 65
62. Question
You are designing an auditing solution for Azure landing zones that will contain the following components: * SQL audit logs for Azure SQL databases * Windows Security logs from Azure virtual machines * Azure App Service audit logs from App Service web apps You need to recommend a centralized logging solution for the landing zones. The solution must meet the following requirements: * Log all privileged access. * Retain logs for at least 365 days. * Minimize costs. What should you include in the recommendation? To answer, select the appropriate options in the answer are Answer Area 1.For the SQL audit logs: 2.For the Security: 3.For the App Service audit logs:
Correct
Incorrect
Unattempted
Question 63 of 65
63. Question
You are designing security for a runbook in an Azure Automation account. The runbook will copy data to Azure Data Lake Storage Gen2. You need to recommend a solution to secure the components of the copy process. What should you include in the recommendation for each component? To answer, select the appropriate options in the answer area. Answer Area: 1. Data security: Access keys stored in Azure Key Vault Automation Contributor built-in role Azure Private Link with network service tags Azure Web Application Firewall rules with network service tags 2. Network access control: Access keys stored in Azure Key Vault Automation Contributor built-in role Azure Private Link with network service tags Azure Web Application Firewall rules with network service tags
Correct
Azure Web Application Firewall with network service tags A service tag represents a group of IP address prefixes from a given Azure service. Microsoft manages the address prefixes encompassed by the service tag and automatically updates the service tag as addresses change, minimizing the complexity of frequent updates to network security rules. You can use service tags to define network access controls on network security groups, Azure Firewall, and user-defined routes. Incorrect: * Not Azure private link with network service tags Network service tags are not used with Private links. Automation Contributor built-in role The Automation Contributor role allows you to manage all resources in the Automation account, except modifying other user‘s access permissions to an Automation account. Reference: https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overviewhttps://docs.microsoft.com/en-us/azure/automation/automation-role-based-access-control
Incorrect
Azure Web Application Firewall with network service tags A service tag represents a group of IP address prefixes from a given Azure service. Microsoft manages the address prefixes encompassed by the service tag and automatically updates the service tag as addresses change, minimizing the complexity of frequent updates to network security rules. You can use service tags to define network access controls on network security groups, Azure Firewall, and user-defined routes. Incorrect: * Not Azure private link with network service tags Network service tags are not used with Private links. Automation Contributor built-in role The Automation Contributor role allows you to manage all resources in the Automation account, except modifying other user‘s access permissions to an Automation account. Reference: https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overviewhttps://docs.microsoft.com/en-us/azure/automation/automation-role-based-access-control
Unattempted
Azure Web Application Firewall with network service tags A service tag represents a group of IP address prefixes from a given Azure service. Microsoft manages the address prefixes encompassed by the service tag and automatically updates the service tag as addresses change, minimizing the complexity of frequent updates to network security rules. You can use service tags to define network access controls on network security groups, Azure Firewall, and user-defined routes. Incorrect: * Not Azure private link with network service tags Network service tags are not used with Private links. Automation Contributor built-in role The Automation Contributor role allows you to manage all resources in the Automation account, except modifying other user‘s access permissions to an Automation account. Reference: https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overviewhttps://docs.microsoft.com/en-us/azure/automation/automation-role-based-access-control
Question 64 of 65
64. Question
You have a Microsoft 365 E5 subscription and an Azure subscription. You are designing a Microsoft deployment. You need to recommend a solution for the security operations team. The solution must include custom views and a dashboard for analyzing security events. What should you recommend using in Microsoft Sentinel?
Correct
After you connected your data sources to Microsoft Sentinel, you get instant visualization and analysis of data so that you can know what‘s happening across all your connected data sources. Microsoft Sentinel gives you workbooks that provide you with the full power of tools already available in Azure as well as tables and charts that are built in to provide you with analytics for your logs and queries. You can either use built-in workbooks or create a new workbook easily, from scratch or based on an existing workbook. Reference: https://docs.microsoft.com/en-us/azure/sentinel/get-visibility
Incorrect
After you connected your data sources to Microsoft Sentinel, you get instant visualization and analysis of data so that you can know what‘s happening across all your connected data sources. Microsoft Sentinel gives you workbooks that provide you with the full power of tools already available in Azure as well as tables and charts that are built in to provide you with analytics for your logs and queries. You can either use built-in workbooks or create a new workbook easily, from scratch or based on an existing workbook. Reference: https://docs.microsoft.com/en-us/azure/sentinel/get-visibility
Unattempted
After you connected your data sources to Microsoft Sentinel, you get instant visualization and analysis of data so that you can know what‘s happening across all your connected data sources. Microsoft Sentinel gives you workbooks that provide you with the full power of tools already available in Azure as well as tables and charts that are built in to provide you with analytics for your logs and queries. You can either use built-in workbooks or create a new workbook easily, from scratch or based on an existing workbook. Reference: https://docs.microsoft.com/en-us/azure/sentinel/get-visibility
Question 65 of 65
65. Question
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled. The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019. You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application. Which security control should you recommend?
Correct
Adaptive application controls are an intelligent and automated solution for defining allowlists of known-safe applications for your machines. Often, organizations have collections of machines that routinely run the same processes. Microsoft Defender for Cloud uses machine learning to analyze the applications running on your machines and create a list of the known-safe software. Allowlists are based on your specific Azure workloads, and you can further customize the recommendations using the instructions below. When you‘ve enabled and configured adaptive application controls, you‘ll get security alerts if any application runs other than the ones you‘ve defined as safe. Incorrect: Not : App protection policies (APP) are rules that ensure an organization‘s data remains safe or contained in a managed app. A policy can be a rule that is enforced when the user attempts to access or move “corporate“ data, or a set of actions that are prohibited or monitored when the user is inside the app. A managed app is an app that has app protection policies applied to it, and can be managed by Intune. Not : Cloud Discovery anomaly detection policy reference. A Cloud Discovery anomaly detection policy enables you to set up and configure continuous monitoring of unusual increases in cloud application usage. Increases in downloaded data, uploaded data, transactions, and users are considered for each cloud application. Not: The Azure Security Benchmark (ASB) provides prescriptive best practices and recommendations to help improve the security of workloads, data, and services on Azure. This benchmark is part of a set of holistic security guidance. Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/adaptive-application-controls https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy https://docs.microsoft.com/en-us/defender-cloud-apps/cloud-discovery-anomaly-detection-policy https://docs.microsoft.com/en-us/security/benchmark/azure/overview
Incorrect
Adaptive application controls are an intelligent and automated solution for defining allowlists of known-safe applications for your machines. Often, organizations have collections of machines that routinely run the same processes. Microsoft Defender for Cloud uses machine learning to analyze the applications running on your machines and create a list of the known-safe software. Allowlists are based on your specific Azure workloads, and you can further customize the recommendations using the instructions below. When you‘ve enabled and configured adaptive application controls, you‘ll get security alerts if any application runs other than the ones you‘ve defined as safe. Incorrect: Not : App protection policies (APP) are rules that ensure an organization‘s data remains safe or contained in a managed app. A policy can be a rule that is enforced when the user attempts to access or move “corporate“ data, or a set of actions that are prohibited or monitored when the user is inside the app. A managed app is an app that has app protection policies applied to it, and can be managed by Intune. Not : Cloud Discovery anomaly detection policy reference. A Cloud Discovery anomaly detection policy enables you to set up and configure continuous monitoring of unusual increases in cloud application usage. Increases in downloaded data, uploaded data, transactions, and users are considered for each cloud application. Not: The Azure Security Benchmark (ASB) provides prescriptive best practices and recommendations to help improve the security of workloads, data, and services on Azure. This benchmark is part of a set of holistic security guidance. Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/adaptive-application-controls https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy https://docs.microsoft.com/en-us/defender-cloud-apps/cloud-discovery-anomaly-detection-policy https://docs.microsoft.com/en-us/security/benchmark/azure/overview
Unattempted
Adaptive application controls are an intelligent and automated solution for defining allowlists of known-safe applications for your machines. Often, organizations have collections of machines that routinely run the same processes. Microsoft Defender for Cloud uses machine learning to analyze the applications running on your machines and create a list of the known-safe software. Allowlists are based on your specific Azure workloads, and you can further customize the recommendations using the instructions below. When you‘ve enabled and configured adaptive application controls, you‘ll get security alerts if any application runs other than the ones you‘ve defined as safe. Incorrect: Not : App protection policies (APP) are rules that ensure an organization‘s data remains safe or contained in a managed app. A policy can be a rule that is enforced when the user attempts to access or move “corporate“ data, or a set of actions that are prohibited or monitored when the user is inside the app. A managed app is an app that has app protection policies applied to it, and can be managed by Intune. Not : Cloud Discovery anomaly detection policy reference. A Cloud Discovery anomaly detection policy enables you to set up and configure continuous monitoring of unusual increases in cloud application usage. Increases in downloaded data, uploaded data, transactions, and users are considered for each cloud application. Not: The Azure Security Benchmark (ASB) provides prescriptive best practices and recommendations to help improve the security of workloads, data, and services on Azure. This benchmark is part of a set of holistic security guidance. Reference: https://docs.microsoft.com/en-us/azure/defender-for-cloud/adaptive-application-controls https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy https://docs.microsoft.com/en-us/defender-cloud-apps/cloud-discovery-anomaly-detection-policy https://docs.microsoft.com/en-us/security/benchmark/azure/overview
Use Page numbers below to navigate to other practice tests
