- (Exam Topic 3)
A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription.
All the on-premises servers in the perimeter network are prevented from connecting directly to the internet. The customer recently recovered from a ransomware attack.
The customer plans to deploy Microsoft Sentinel.
You need to recommend configurations to meet the following requirements:
• Ensure that the security operations team can access the security logs and the operation logs.
• Ensure that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network.
Which two configurations can you include in the recommendation? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

1. A. Azure Active Directory (Azure AD) Conditional Access policies
2. B. a custom collector that uses the Log Analytics agent
3. C. resource-based role-based access control (RBAC)
4. D. the Azure Monitor agent

Correct Answer: CD
https://docs.microsoft.com/en-us/azure/azure-monitor/agents/log-analytics-agent

- (Exam Topic 3)
Your company is developing an invoicing application that will use Azure Active Directory (Azure AD) B2C. The application will be deployed as an App Service web app. You need to recommend a solution to the application development team to secure the application from identity related attacks. Which two configurations should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

1. A. Azure AD Conditional Access integration with user flows and custom policies
2. B. Azure AD workbooks to monitor risk detections
3. C. custom resource owner password credentials (ROPC) flows in Azure AD B2C
4. D. access packages in Identity Governance
5. E. smart account lockout in Azure AD B2C

Correct Answer: AC
https://docs.microsoft.com/en-us/azure/active-directory-b2c/threat-management
https://docs.microsoft.com/en-us/azure/active-directory-b2c/conditional-access-user-flow?pivots=b2c-user-flow

- (Exam Topic 3)
For a Microsoft cloud environment, you are designing a security architecture based on the Microsoft Cloud Security Benchmark.
What are three best practices for identity management based on the Azure Security Benchmark? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

1. A. Manage application identities securely and automatically.
2. B. Manage the lifecycle of identities and entitlements
3. C. Protect identity and authentication systems.
4. D. Enable threat detection for identity and access management.
5. E. Use a centralized identity and authentication system.

Correct Answer: ACE

- (Exam Topic 3)
Your company plans to apply the Zero Trust Rapid Modernization Plan (RaMP) to its IT environment. You need to recommend the top three modernization areas to prioritize as part of the plan.
Which three areas should you recommend based on RaMP? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

1. A. data, compliance, and governance
2. B. user access and productivity
3. C. infrastructure and development
4. D. modern security operations
5. E. operational technology (OT) and loT

Correct Answer: ABD

- (Exam Topic 3)
For a Microsoft cloud environment, you are designing a security architecture based on the Microsoft Cybersecurity Reference Architectures (MCRA). You need to protect against the following external threats of an attack chain:
• An attacker attempts to exfiltrate data to external websites.
• An attacker attempts lateral movement across domain-joined computers.
What should you include in the recommendation for each threat? To answer, select the appropriate options in the answer area.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A