- (Exam Topic 3)
Your company develops several applications that are accessed as custom enterprise applications in Azure Active Directory (Azure AD). You need to recommend a solution to prevent users on a specific list of countries from connecting to the applications. What should you include in the recommendation?

1. A. activity policies in Microsoft Defender for Cloud Apps
2. B. sign-in risk policies in Azure AD Identity Protection
3. C. device compliance policies in Microsoft Endpoint Manager
4. D. Azure AD Conditional Access policies
5. E. user risk policies in Azure AD Identity Protection

Correct Answer: A
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-loca https://docs.microsoft.com/en-us/power-platform/admin/restrict-access-online-trusted-ip-rules

- (Exam Topic 3)
You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report.
In the Secure management ports controls, you discover that you have 0 out of a potential 8 points. You need to recommend configurations to increase the score of the Secure management ports controls. Solution: You recommend enabling adaptive network hardening.
Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A
JIT:
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-privileged-access#pa-2-avoid-s
Adaptive Network Hardening:
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-network-security#ns-7-simplify

- (Exam Topic 3)
Your on-premises network contains an e-commerce web app that was developed in Angular and Node.js. The web app uses a MongoDB database. You plan to migrate the web app to Azure. The solution architecture team proposes the following architecture as an Azure landing zone.

You need to provide recommendations to secure the connection between the web app and the database. The solution must follow the Zero Trust model.
Solution: You recommend implementing Azure Front Door with Azure Web Application Firewall (WAF). Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: B
https://www.varonis.com/blog/securing-access-azure-webapps

- (Exam Topic 3)
You have an on-premises network and a Microsoft 365 subscription. You are designing a Zero Trust security strategy.
Which two security controls should you include as part of the Zero Trust solution? Each correct answer part of the solution.
NOTE: Each correct answer is worth one point.

1. A. Block sign-attempts from unknown location.
2. B. Always allow connections from the on-premises network.
3. C. Disable passwordless sign-in for sensitive account.
4. D. Block sign-in attempts from noncompliant devices.

Correct Answer: AD

- (Exam Topic 3)
Azure subscription that uses Azure Storage.
The company plans to share specific blobs with vendors. You need to recommend a solution to provide the vendors with secure access to specific blobs without exposing the blobs publicly. The access must be
tme-Vimted. What should you include in the recommendation?

1. A. Create shared access signatures (SAS).
2. B. Share the connection string of the access key.
3. C. Configure private link connections.
4. D. Configure encryption by using customer-managed keys (CMKs)

Correct Answer: D