- (Exam Topic 4)
You have an Azure subscription that contains a user named Admin1 and a resource group named RG1. In Azure Monitor, you create the alert rules shown in the following table.

Admin1 performs the following actions on RG1:
Adds a virtual network named VNET1
Adds a Delete lock named Lock1
Which rules will trigger an alert as a result of the actions of Admin1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 4)
You have an Azure Sentinel workspace that contains an Azure Active Directory (Azure AD) connector, an Azure Log Analytics query named Query1 and a playbook named Playbook1.
Query1 returns a subset of security events generated by Azure AD.
You plan to create an Azure Sentinel analytic rule based on Query1 that will trigger Playbook1. You need to ensure that you can add Playbook1 to the new rule.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Solution:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-custom https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The User administrator role is assigned to a user named Admin1.
An external partner has a Microsoft account that uses the user1@outlook.com sign in.
Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: “Unable to invite user user1@outlook.com Generic authorization exception.”
You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.
What should you do?

1. A. From the Roles and administrators blade, assign the Security administrator role to Admin1.
2. B. From the Organizational relationships blade, add an identity provider.
3. C. From the Custom domain names blade, add a custom domain.
4. D. From the Users blade, modify the External collaboration settings.

Correct Answer: D
You need to allow guest invitations in the External collaboration settings.

- (Exam Topic 4)
You have an Azure environment.
You need to identify any Azure configurations and workloads that are non-compliant with ISO 27001:2013 standards.
What should you use?

1. A. Azure Active Directory (Azure AD) Identity Protection
2. B. Microsoft Defender for Cloud
3. C. Microsoft Defender for Identity
4. D. Microsoft Sentinel

Correct Answer: B

- (Exam Topic 4)
You have an Azure subscription that contains an Azure SQL database named sql1. You plan to audit sql1.
You need to configure the audit log destination. The solution must meet the following requirements:
Support querying events by using the Kusto query language.
Minimize administrative effort. What should you configure?

1. A. an event hub
2. B. a storage account
3. C. a Log Analytics workspace

Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-log-analytics-wizard