Questions 1-30 Flashcards
You are designing the security standards for a new Azure environment. You need to design a privileged identity strategy based on the Zero Trust model.
Which framework should you follow to create the design?
A. Microsoft Security Development Lifecycle (SDL) B. Enhanced Security Admin Environment (ESAE) C. Rapid Modernization Plan (RaMP) D. Microsoft Operational Security Assurance (OSA)
C. Rapid Modernization Plan (RaMP)
A customer follows the Zero Trust model and explicitly verifies each attempt to access its corporate applications.
The customer discovers that several endpoints are infected with malware.
The customer suspends access attempts from the infected endpoints.
The malware is removed from the endpoints.
Which two conditions must be met before endpoint users can access the corporate applications again? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. The client access tokens are refreshed. B. Microsoft Intune reports the endpoints as compliant. C. A new Azure Active Directory (Azure AD) Conditional Access policy is enforced. D. Microsoft Defender for Endpoint reports the endpoints as compliant.
A. The client access tokens are refreshed.
B. Microsoft Intune reports the endpoints as compliant.
Your company has on-premises network in Seattle and an Azure subscription. The on-premises network contains a Remote Desktop server.
The company contracts a third-party development firm from France to develop and deploy resources to the virtual machines hosted in the Azure subscription.
Currently, the firm establishes an RDP connection to the Remote Desktop server. From the Remote Desktop connection, the firm can access the virtual machines hosted in Azure by using custom administrative tools installed on the Remote desktop server. All the traffic to the Remote Desktop server is captured by a firewall, and the firewall only allows specific connections from France to the server. You need to recommend a modern security solution based on the Zero Trust model. The solution must minimize latency for developers. Which three actions should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Configure network security groups (NSGs) to allow access from only specific logical groupings of IP address ranges. B. Deploy a Remote Desktop server to an Azure region located in France. C. Migrate from the Remote Desktop server to Azure Virtual Desktop. D. Implement Azure Firewall to restrict host pool outbound access. E. Configure Azure Active Directory (Azure AD) Conditional Access with multi-factor authentication (MFA) and named locations.
C. Migrate from the Remote Desktop server to Azure Virtual Desktop.
D. Implement Azure Firewall to restrict host pool outbound access.
E. Configure Azure Active Directory (Azure AD) Conditional Access with multi-factor authentication (MFA) and named locations.
You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You have an Amazon Web Services (AWS) implementation.
You plan to extend the Azure security strategy to the AWS implementation. The solution will NOT use Azure Arc.
Which three services can you use to provide security for the AWS resources? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Microsoft Defender for Containers B. Microsoft Defender for Servers C. Azure Active Directory (Azure AD) Conditional Access D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM) E. Azure Policy
A. Microsoft Defender for Containers
C. Azure Active Directory (Azure AD) Conditional Access
E. Azure Policy
HOTSPOT-
Your company has a Microsoft 365 E5 subscription, an Azure subscription, on-premises applications, and Active Directory Domain Services (AD DS).
You need to recommend an identity security strategy that meets the following requirements:
✑ Ensures that customers can use their Facebook credentials to authenticate to an Azure App Service website
✑ Ensures that partner companies can access Microsoft SharePoint Online sites for the project to which they are assigned
The solution must minimize the need to deploy additional infrastructure components.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer Area
For the customers:
* Azure AD B2B authentication with access package assignments
* Azure AD B2C authentication
* Federation in Azure AD Connect with Active Directory Federation Services
* Pass-through authentication in Azure AD Connect
* Password hash synchronization in Azure AD Connect
For the partners:
* Azure AD B2B authentication with access package assignments
* Azure AD B2C authentication
* Federation in Azure AD Connect with Active Directory Federation Services
* Pass-through authentication in Azure AD Connect
* Password hash synchronization in Azure AD Connect
For the customers: Azure AD B2C authentication
For the partners: Azure AD B2B authentication with access package assignments
You are planning the security requirements for Azure Cosmos DB Core (SQL) API accounts.
You need to recommend a solution to audit all users that access the data in the Azure Cosmos DB accounts.
Which two configurations should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Send the Azure Active Directory (Azure AD) sign-in logs to a Log Analytics workspace. B. Enable Microsoft Defender for Identity. C. Send the Azure Cosmos DB logs to a Log Analytics workspace. D. Disable local authentication for Azure Cosmos DB. E. Enable Microsoft Defender for Cosmos DB.
A. Send the Azure Active Directory (Azure AD) sign-in logs to a Log Analytics workspace.
D. Disable local authentication for Azure Cosmos DB.
You are designing the security standards for containerized applications onboarded to Azure.
You are evaluating the use of Microsoft Defender for Containers.
In which two environments can you use Defender for Containers to scan for known vulnerabilities? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Linux containers deployed to Azure Container Instances B. Windows containers deployed to Azure Kubernetes Service (AKS) C. Windows containers deployed to Azure Container Registry D. Linux containers deployed to Azure Container Registry E. Linux containers deployed to Azure Kubernetes Service (AKS)
C. Windows containers deployed to Azure Container Registry
D. Linux containers deployed to Azure Container Registry
Your company has on-premises network and an Azure subscription.
The company does NOT have a Site-to-Site VPN or an ExpressRoute connection to Azure. You are designing the security standards for Azure App Service web apps. The web apps will access Microsoft SQL Server databases on the network.
You need to recommend security standards that will allow the web apps to access the databases. The solution must minimize the number of open internet-accessible endpoints to the on-premises network.
What should you include in the recommendation?
A. virtual network NAT gateway integration B. hybrid connections C. virtual network integration D. a private endpoint
B. hybrid connections
You are creating an application lifecycle management process based on Microsoft Security Development Lifecycle (SDL).
You need to recommend a security standard for onboarding applications to Azure. The standard will include recommendations for application design, development, and deployment.
What should you include during the application design phase?
A. software decomposition by using Microsoft Visual Studio Enterprise B. dynamic application security testing (DAST) by using Veracode C. threat modeling by using the Microsoft Threat Modeling Tool D. static application security testing (SAST) by using SonarQube
C. threat modeling by using the Microsoft Threat Modeling Tool
Your company is developing a new Azure App Service web app.
You are providing design assistance to verify the security of the web app.
You need to recommend a solution to test the web app for vulnerabilities such as insecure server configurations, cross-site scripting (XSS), and SQL injection.
What should you include in the recommendation?
A. dynamic application security testing (DAST) B. static application security testing (SAST) C. interactive application security testing (IAST) D. runtime application self-protection (RASP)
A. dynamic application security testing (DAST)
You are a security analyst for an organization. Your company recently initiated a cloud adoption strategy and concerns related to threat detection in Azure Container Registry for their Linux images.
Which two Microsoft cloud native solutions can integrate with Azure Container Registry to automatically scan all Linux images pushed to a registry? (Select Two)
A. Microsoft Defender for Cloud B. Twistlock Enterprise Edition C. Azure Logic Apps D. Log Analytics Workspace
A. Microsoft Defender for Cloud
D. Log Analytics Workspace
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your on-premises network contains an e-commerce web app that was developed in Angular and Node,js. The web app uses a MongoDB database.
You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.
Client Browser–>Azure App Service Web App–>Azure Cosmos DB–>Azure Cognitive Search
You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model.
Solution: You recommend creating private endpoints for the web app and the database layer.
Does this meet the goal?
A. Yes B. No
A. Yes
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your on-premises network contains an e-commerce web app that was developed in Angular and Node,js. The web app uses a MongoDB database.
You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.
Client Browser–>Azure App Service Web App–>Azure Cosmos DB–>Azure Cognitive Search
You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model.
Solution: You recommend implementing Azure Key Vault to store credentials.
Does this meet the goal?
A. Yes B. No
B. No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your on-premises network contains an e-commerce web app that was developed in Angular and Node,js. The web app uses a MongoDB database.
You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.
Client Browser–>Azure App Service Web App–>Azure Cosmos DB–>Azure Cognitive Search
You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model.
Solution: You recommend implementing Azure Application Gateway with Azure Web Application Firewall (WAF).
Does this meet the goal?
A. Yes B. No
B. No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your on-premises network contains an e-commerce web app that was developed in Angular and Node,js. The web app uses a MongoDB database.
You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.
Client Browser–>Azure App Service Web App–>Azure Cosmos DB–>Azure Cognitive Search
You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model.
Solution: You recommend implementing Azure Front Door with Azure Web Application Firewall (WAF).
Does this meet the goal?
A. Yes B. No
B. No
