You have an Azure subscription that contains the resources shown in the following Table.

You plan to enable Microsoft Defender for Cloud for the subscription.

Which resources can be protected by using Microsoft Defender for Cloud?

Lösung einblenden Lösung ausblenden

HOTSPOT

You have an Azure subscription that contains the alerts shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Lösung einblenden Lösung ausblenden

Richtige Antwort:

Explanation:

Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-overview

HOTSPOT

You have an Azure AD tenant named contoso.com that has Azure AD Premium P1 licenses.

You need to create a group named Group1 that will be assigned the Global reader role.

Which portal should you use to create Group1 and which type of group should you create? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

Lösung einblenden Lösung ausblenden

Richtige Antwort:

Explanation:

https://learn.microsoft.com/en-us/azure/active-directory/roles/groups-create-eligible

HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.

The subscription is linked to an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

You create the groups shown in the following table.

The membership rules for Group1 and Group2 are configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Lösung einblenden Lösung ausblenden

Richtige Antwort:

Explanation:

Reference: https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership

HOTSPOT

You have an Azure subscription that has a managed identity named identity and is linked to an Azure Active Directory (Azure AD) tenant.

The tenant contains the resources shown in the following table.

Which resources can be added to AU1 and AU2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Lösung einblenden Lösung ausblenden

Richtige Antwort:

HOTSPOT

You have a management group named Group1 that contains an Azure subscription named sub1.

Sub1 has a subscription ID of 11111111-1234-1234-1234-1111111111.

You need to create a custom Azure role-based access control (RBAC) role that will delegate permissions to manage the tags on all the objects in Group1.

What should you include in the role definition of Role1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Lösung einblenden Lösung ausblenden

Richtige Antwort:

Explanation:

Note: Assigning a custom RBAC role as the Management Group level is currently in preview only. So, for now the answer to the assignable scope is the subscription level.

Reference:

https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations

https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles

https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal#step-5-assignable-scopes

DRAG DROP

You have an Azure subscription that contains an Azure web app named Appl.

You plan to configure a Conditional Access policy for Appl.

The solution must meet the following requirements:

• Only allow access to App1 from Windows devices.

• Only allow devices that are marked as compliant to access Appl.

Which Conditional Access policy settings should you configure? To answer, drag the appropriate settings to the correct requirements. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

Lösung einblenden Lösung ausblenden

Richtige Antwort:

HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

Azure AD Privileged Identity Management (PIM) is enabled for the tenant.

In PIM, the Password Administrator role has the following settings:

✑ Maximum activation duration (hours): 2

✑ Send email notifying admins of activation: Disable

✑ Require incident/request ticket number during activation: Disable

✑ Require Azure Multi-Factor Authentication for activation: Enable

✑ Require approval to activate this role: Enable

✑ Selected approver: Group1

You assign users the Password Administrator role as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Lösung einblenden Lösung ausblenden

Richtige Antwort:

Explanation:

YES (Already active)

YES (The user will be prompted for MFA regardless the MFA Status of the user)

NO ( Even the user is included in the group, a user can’t approve itself)

https://docs.microsoft.com/es-es/azure/active-directory/privileged-identity-management/pim-deployment-plan (Require approval section)

You have an Azure subscription name Sub1 that contains an Azure Policy definition named Policy1.

Policy1 has the following settings:

– Definition location: Tenant Root Group

– Category: Monitoring

You need to ensure that resources that are noncompliant with Policy1 are listed in the Azure Security Center dashboard.

What should you do first?

Lösung einblenden Lösung ausblenden

You have an Azure subscription name Sub1 that contains an Azure Policy definition named Policy1.

Policy1 has the following settings:

– Definition location: Tenant Root Group

– Category: Monitoring

You need to ensure that resources that are noncompliant with Policy1 are listed in the Azure Security Center dashboard.

What should you do first?

Lösung einblenden Lösung ausblenden