- (Exam Topic 1)
You need to ensure that you can meet the security operations requirements. What should you do first?

1. A. Turn on Auto Provisioning in Security Center.
2. B. Integrate Security Center and Microsoft Cloud App Security.
3. C. Upgrade the pricing tier of Security Center to Standard.
4. D. Modify the Security Center workspace configuration.

Correct Answer: C
The Standard tier extends the capabilities of the Free tier to workloads running in private and other public clouds, providing unified security management and threat protection across your hybrid cloud workloads. The Standard tier also adds advanced threat detection capabilities, which uses built-in behavioral analytics and machine learning to identify attacks and zero-day exploits, access and application controls to reduce exposure to network attacks and malware, and more.
Scenario: Security Operations Requirements
Litware must be able to customize the operating system security configurations in Azure Security Center. References:
https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing

- (Exam Topic 4)
You have an Azure subscription that contains the resources shown in the following table.

You plan to deploy the virtual machines shown in the following table.

You need to assign managed identities to the virtual machines. The solution must meet the following requirements:
Assign each virtual machine the required roles.
Use the principle of least privilege.
What is the minimum number of managed identities required?

1. A. 1
2. B. 2
3. C. 3
4. D. 4

Correct Answer: B
We have two different sets of required permissions. VM1 and VM2 have the same permission requirements. VM3 and VM4 have the same permission requirements.
A user-assigned managed identity can be assigned to one or many resources. By using user-assigned managed identities, we can create just two managed identities: one with the permission requirements for VM1 and VM2 and the other with the permission requirements for VM3 and VM4.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

- (Exam Topic 4)
You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM). A user named User1 is eligible for the Billing administrator role.
You need to ensure that the role can only be used for a maximum of two hours. What should you do?

1. A. Create a new access review.
2. B. Edit the role assignment settings.
3. C. Update the end date of the user assignment
4. D. Edit the role activation settings.

Correct Answer: B

- (Exam Topic 4)
You create a new Azure subscription.
You need to ensure that you can create custom alert rules in Azure Security Center. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

1. A. Onboard Azure Active Directory (Azure AD) Identity Protection.
2. B. Create an Azure Storage account.
3. C. Implement Azure Advisor recommendations.
4. D. Create an Azure Log Analytics workspace.
5. E. Upgrade the pricing tier of Security Center to Standard.

Correct Answer: DE
D: You need write permission in the workspace that you select to store your custom alert. References:
https://docs.microsoft.com/en-us/azure/security-center/security-center-custom-alert

- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

Contoso.com contains a group naming policy. The policy has a custom blocked word list rule that includes the word Contoso.
Which users can create a group named Contoso Sales in contoso.com? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Solution:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-naming-policy

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A