Your organization has enabled Privileged Identity Management (PIM) for Azure AD roles. However, some administrators do not receive activation notifications when their privileged access expires. What should you check first?

A security team wants to detect advanced persistent threats (APT) targeting sensitive Azure workloads. Which Microsoft Defender for Cloud feature provides the best detection capabilities?

Your organization has multiple cloud environments (Azure, AWS, GCP). You need to establish a centralized security monitoring solution using Microsoft Sentinel. Which action should you take first?

Your security team is configuring Microsoft Sentinel to detect and respond to insider threats. Which data connectors should be prioritized for early detection of suspicious insider activities?

Your organization has detected lateral movement attacks in its Azure environment. The security team must implement a preventive control to restrict unauthorized east-west traffic between Virtual Machines. Which solution should be implemented?

Your company is using Microsoft Defender for Cloud to monitor security misconfigurations in Azure workloads. You need to ensure that only high-severity security alerts trigger automated remediation using Logic Apps playbooks. What should you configure?

Your organization wants to adopt a Zero Trust security model. The security team is designing an architecture that ensures least privilege access and continuous verification. Which approach best aligns with Zero Trust principles?

You are tasked with securing remote workforce access to critical applications. The company requires passwordless authentication for enhanced security. Which Microsoft feature should you implement?

Your company is expanding multi-cloud security operations. You need to ensure security logs from AWS and Google Cloud Platform (GCP) are integrated into Microsoft Sentinel. What should you do?

Your organization needs to ensure compliance with regulatory frameworks like NIST, ISO 27001, and CIS for cloud security. Which Microsoft tool provides built-in assessments and recommendations?

A developer in your company accidentally committed Azure Storage keys to a public GitHub repository. What is the most effective way to prevent misuse?

Your security team wants to automate remediation of security misconfigurations across Azure resources. Which tool should you use?

Your organization wants to prevent data exfiltration by blocking unauthorized file transfers from company devices. Which Microsoft solution should you deploy?

Your team is responsible for securing Azure Kubernetes Service (AKS) clusters. Which security control should be implemented to prevent unauthorized access to the API server?

Your organization requires end-to-end data encryption for Microsoft 365 services, ensuring only the organization can decrypt data. Which solution should you deploy?

Your company is undergoing a cloud migration and wants to implement Secure Access Service Edge (SASE) architecture. Which Microsoft solution best aligns with this approach?

Your organization uses Azure AD Identity Protection to detect and respond to identity-based threats. You need to prevent high-risk sign-ins while minimizing user disruption. Which approach should you implement?

Your security team is deploying Microsoft Sentinel for security incident monitoring. To detect and respond to threats efficiently, which of the following should you configure?

Your organization plans to implement Privileged Access Workstations (PAW) to enhance security for administrators. Which of the following security principles should be enforced for these workstations?

Your company stores sensitive customer data in Azure SQL Database. To ensure compliance with GDPR and industry regulations, you must prevent unauthorized users from viewing unencrypted data at rest. Which security control should you implement?

Your organization is implementing Microsoft Defender for Cloud to improve security posture. A key requirement is to protect both Azure and on-premises workloads against evolving threats. Which of the following features best supports this goal?

Your organization is designing a Zero Trust security strategy. You need to ensure that all access requests are evaluated continuously based on risk. Which of the following should be the primary mechanism for enforcing this strategy?

You need to recommend a solution to scan the application code. The solution must meet the application development requirements. What should you include in the recommendation?

You need to recommend a solution to meet the security requirements for the InfraSec group. What should you use to delegate the access?

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.

The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.

You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.

Which security control should you recommend?

You are designing the encryption standards for data at rest for an Azure resource

You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly.

Solution: For blob containers in Azure Storage, you recommend encryption that uses customer-managed keys (CMKs).

Does this meet the goal?

You plan to deploy 20 Azure Kubernetes Service (AKS) clusters. The cluster configuration will be managed declaratively by using Kubernetes manifest files stored in Azure Repos.

You need to recommend a solution to ensure that the configuration of all the clusters remains consistent by using the manifest files stored in Azure Repos.

What should you include in the recommendation?

You have an Azure subscription

You plan to deploy multiple containerized microservice-based apps to Azure Kubemetes Service (AKS)

You need to recommend a solution that meets the following requirements:

* Manages secrets

* Provides encryption

* Secures service-to-service communication by using mTLS encryption

* Minimizes administrative effort

What should you include in the recommendation?

You have an on-premises server that runs Windows Server and contains a Microsoft SQL Server database named DB1.

You plan to migrate DB1 to Azure.

You need to recommend an encrypted Azure database solution that meets the following requirements:

* Minimizes the risks of malware that uses elevated privileges to access sensitive data

* Prevents database administrators from accessing sensitive data

* Enables pattern matching for server-side database operations

* Supports Microsoft Azure Attestation

* Uses hardware-based encryption

What should you include in the recommendation?

You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You are evaluating the Azure Security Benchmark V3 report.
In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.
You need to recommend configurations to increase the score of the Secure management ports controls.
Solution: You recommend enabling the VMAccess extension on all virtual machines.
Does this meet the goal?

Your company has a hybrid cloud infrastructure.
The company plans to hire several temporary employees within a brief period. The temporary employees will need to access applications and data on the company's on-premises network.
The company's secutity policy prevents the use of personal devices for accessing company data and applications.
You need to recommend a solution to provide the temporary employee with access to company resources. The solution must be able to scale on demand.
What should you include in the recommendation?

You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You are evaluating the Azure Security Benchmark V3 report as shown in the following exhibit.

You need to verify whether Microsoft Defender for servers is installed on all the virtual machines that run Windows.
Which compliance control should you evaluate?

You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You are evaluating the Azure Security Benchmark V3 report.
In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.
You need to recommend configurations to increase the score of the Secure management ports controls.
Solution: You recommend enabling adaptive network hardening.
Does this meet the goal?

You receive a security alert in Microsoft Defender for Cloud as shown in the exhibit. (Click the Exhibit tab.)

After remediating the threat, which policy definition should you assign to prevent the threat from reoccurring?

You have an Azure subscription that has Microsoft Defender for Cloud enabled.
You need to enforce ISO 27001:2013 standards for the subscription. The solution must ensure that noncompliant resources are remediated automatically.
What should you use?

Your company finalizes the adoption of Azure and is implementing Microsoft Defender for Cloud.
You receive the following recommendations in Defender for Cloud
✑ Access to storage accounts with firewall and virtual network configurations should be restricted.
✑ Storage accounts should restrict network access using virtual network rules.
✑ Storage account should use a private link connection.
✑ Storage account public access should be disallowed.
You need to recommend a service to mitigate identified risks that relate to the recommendations.
What should you recommend?

Your company has an Azure subscription that has enhanced security enabled for Microsoft Defender for Cloud.
The company signs a contract with the United States government.
You need to review the current subscription for NIST 800-53 compliance.
What should you do first?

You are evaluating an Azure environment for compliance.
You need to design an Azure Policy implementation that can be used to evaluate compliance without changing any resources.
Which effect should you use in Azure Policy?

You have 10 Azure subscriptions that contain 100 role-based access control (RBAC) role assignments.
You plan to consolidate the role assignments.
You need to recommend a solution to identify which role assignments were NOT used during the last 90 days. The solution must minimize administrative effort.
What should you include in the recommendation?

You have an Azure subscription.
You plan to deploy enterprise-scale landing zones based on the Microsoft Cloud Adoption Framework for Azure. The deployment will include a single-platform landing zone for all shared services and three application landing zones that will each host a different Azure application.
You need to recommend which resource to deploy to each landing zone. The solution must meet the Cloud Adoption Framework best-practice recommendations for enterprise-scale landing zones.
What should you recommend?

You have a Microsoft Entra tenant that syncs with an Active Directory Domain Services (AD DS) domain.
You have an on-premises datacenter that contains 100 servers. The servers run Windows Server and are backed up by using Microsoft Azure Backup Server (MABS).
You are designing a recovery solution for ransomware attacks. The solution follows Microsoft Security Best Practices.
You need to ensure that a compromised local administrator account cannot be used to stop scheduled backups.
What should you do?

You have a Microsoft Entra tenant that contains 10 Windows 11 devices and two groups named Group1 and Group2. The Windows 11 devices are joined to the Microsoft Entra tenant and are managed by using Microsoft Intune.
You are designing a privileged access strategy based on the rapid modernization plan (RaMP). The strategy will include the following configurations:
• Each user in Group1 will be assigned a Windows 11 device that will be configured as a privileged access device.
• The Security Administrator role will be mapped to the privileged access security level.
• The users in Group1 will be assigned the Security Administrator role.
• The users in Group2 will manage the privileged access devices.
You need to configure the local Administrators group for each privileged access device. The solution must follow the principle of least privilege.
What should you include in the solution?

You are designing a security operations strategy based on the Zero Trust framework.
You need to minimize the operational load on Tier 1 Microsoft Security Operations Center (SOC) analysts.
What should you do?

You have an Azure Kubernetes Service (AKS) cluster that hosts Linux nodes.
You need to recommend a solution to ensure that deployed worker nodes have the latest kernel updates. The solution must minimize administrative effort.
What should you recommend?

You are designing a ransomware response plan that follows Microsoft Security Best Practices.
You need to recommend a solution to minimize the risk of a ransomware attack encrypting local user files.
What should you include in the recommendation?

You have the following on-premises servers that run Windows Server:
• Two domain controllers in an Active Directory Domain Services (AD DS) domain
• Two application servers named Server1 and Server2 that run ASP.NET web apps
• A VPN server named Served that authenticates by using RADIUS and AD DS
End users use a VPN to access the web apps over the internet.
You need to redesign a user access solution to increase the security of the connections to the web apps. The solution must minimize the attack surface and follow the Zero Trust principles of the Microsoft Cybersecurity Reference Architectures (MCRA).
What should you include in the recommendation?

You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain. Client computers run Windows and are hybrid-joined to Azure AD.
You are designing a strategy to protect endpoints against ransomware. The strategy follows Microsoft Security Best Practices.
You plan to remove all the domain accounts from the Administrators groups on the Windows computers.
You need to recommend a solution that will provide users with administrative access to the Windows computers only when access is required. The solution must minimize the lateral movement of ransomware attacks if an administrator account on a computer is compromised.
What should you include in the recommendation?

You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD).
The customer plans to obtain an Azure subscription and provision several Azure resources.
You need to evaluate the customer's security environment.
What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?

Your company has a Microsoft 365 subscription and uses Microsoft Defender for Identity.
You are informed about incidents that relate to compromised identities.
You need to recommend a solution to expose several accounts for attackers to exploit. When the attackers attempt to exploit the accounts, an alert must be triggered.
Which Defender for Identity feature should you include in the recommendation?

Your company has a Microsoft 365 ES subscription.
The Chief Compliance Officer plans to enhance privacy management in the working environment.
You need to recommend a solution to enhance the privacy management. The solution must meet the following requirements:
✑ Identify unused personal data and empower users to make smart data handling decisions.
✑ Provide users with notifications and guidance when a user sends personal data in Microsoft Teams.
✑ Provide users with recommendations to mitigate privacy risks.
What should you include in the recommendation?

You have an Azure AD tenant that syncs with an Active Directory Domain Services (AD DS) domain.
You are designing an Azure DevOps solution to deploy applications to an Azure subscription by using continuous integration and continuous deployment (CI/CD) pipelines.
You need to recommend which types of identities to use for the deployment credentials of the service connection. The solution must follow DevSecOps best practices from the Microsoft Cloud Adoption Framework for Azure.
What should you recommend?

For an Azure deployment, you are designing a security architecture based on the Microsoft Cloud Security Benchmark.
You need to recommend a best practice for implementing service accounts for Azure API management.
What should you include in the recommendation?

You have legacy operational technology (OT) devices and IoT devices.
You need to recommend best practices for applying Zero Trust principles to the OT and IoT devices based on the Microsoft Cybersecurity Reference Architectures (MCRA). The solution must minimize the risk of disrupting business operations.
Which two security methodologies should you include in the recommendation? Each correct answer presents part of the solution.

Your company is developing a serverless application in Azure that will have the architecture shown in the following exhibit.

You need to recommend a solution to isolate the compute components on an Azure virtual network.
What should you include in the recommendation?

Your company has a third-party security information and event management (SIEM) solution that uses Splunk and Microsoft Sentinel.
You plan to integrate Microsoft Sentinel with Splunk.
You need to recommend a solution to send security events from Microsoft Sentinel to Splunk.
What should you include in the recommendation?

You are designing the security standards for a new Azure environment.
You need to design a privileged identity strategy based on the Zero Trust model.
Which framework should you follow to create the design?

Your company is moving all on-premises workloads to Azure and Microsoft 365.
You need to design a security orchestration, automation, and response (SOAR) strategy in Microsoft Sentinel that meets the following requirements:
✑ Minimizes manual intervention by security operation analysts
✑ Supports triaging alerts within Microsoft Teams channels
What should you include in the strategy?

You have an Azure subscription that has Microsoft Defender for Cloud enabled.
Suspicious authentication activity alerts have been appearing in the Workload protections dashboard.
You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort.
What should you include in the recommendation?

You have a Microsoft 365 E5 subscription and an Azure subscription.
You are designing a Microsoft deployment.
You need to recommend a solution for the security operations team. The solution must include custom views and a dashboard for analyzing security events.
What should you recommend using in Microsoft Sentinel?