- (Exam Topic 3)
You have an operational model based on the Microsoft Cloud Adoption framework for Azure.
You need to recommend a solution that focuses on cloud-centric control areas to protect resources such as endpoints, database, files, and storage accounts.
What should you include in the recommendation?

1. A. security baselines in the Microsoft Cloud Security Benchmark
2. B. modern access control
3. C. business resilience
4. D. network isolation

Correct Answer: A

- (Exam Topic 3)
You have an on-premises network that has several legacy applications. The applications perform LDAP queries against an existing directory service. You are migrating the on-premises infrastructure to a cloud-only infrastructure.
You need to recommend an identity solution for the infrastructure that supports the legacy applications. The solution must minimize the administrative effort to maintain the infrastructure.
Which identity service should you include in the recommendation?

1. A. Azure Active Directory Domain Services (Azure AD DS)
2. B. Azure Active Directory (Azure AD) B2C
3. C. Azure Active Directory (Azure AD)
4. D. Active Directory Domain Services (AD DS)

Correct Answer: A
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/overview

- (Exam Topic 3)
You are designing a security operations strategy based on the Zero Trust framework.
You need to minimize the operational load on Tier 1 Microsoft Security Operations Center (SOC) analysts. What should you do?

1. A. Enable built-in compliance policies in Azure Policy.
2. B. Enable self-healing in Microsoft 365 Defender.
3. C. Automate data classification.
4. D. Create hunting queries in Microsoft 365 Defender.

Correct Answer: C

- (Exam Topic 3)
You are designing the encryption standards for data at rest for an Azure resource
You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly.
Solution: For blob containers in Azure Storage, you recommend encryption that uses customer-managed keys (CMKs).
Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 3)
You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.
The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.
You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.
Which security control should you recommend?

1. A. Azure Active Directory (Azure AD) Conditional Access App Control policies
2. B. OAuth app policies in Microsoft Defender for Cloud Apps
3. C. app protection policies in Microsoft Endpoint Manager
4. D. application control policies in Microsoft Defender for Endpoint

Correct Answer: D
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/sele