- (Exam Topic 4)
You have an Azure subscription that contains an Azure key vault named KeyVault1 and the virtual machines shown in the following table.

You set the Key Vault access policy to Enable access to Azure Disk Encryption for volume encryption. KeyVault1 is configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 4)
You have 15 Azure virtual machines in a resource group named RG1. All virtual machines run identical applications.
You need to prevent unauthorized applications and malware from running on the virtual machines. What should you do?

1. A. Configure Azure Active Directory (Azure AD) Identity Protection.
2. B. From Microsoft Defender for Cloud, configure adaptive application controls.
3. C. Apply an Azure policy to RGI.
4. D. Apply a resource lock to RGI.

Correct Answer: B
Microsoft Defender for Cloud helps you prevent, detect, and respond to threats. Defender for Cloud gives you increased visibility into, and control over, the security of your Azure resources. It provides integrated security monitoring and policy management across your Azure subscriptions. It helps detect threats that might otherwise go unnoticed, and works with a broad ecosystem of security solutions.
Defender for Cloud helps you optimize and monitor the security of your virtual machines by:
Providing security recommendations for the virtual machines. Example recommendations include: app system updates, configure ACLs endpoints, enable antimalware, enable network security groups, and apply disk encryption.
Monitoring the state of your virtual machines.
https://learn.microsoft.com/en-us/azure/security/fundamentals/virtual-machines-overview

- (Exam Topic 2)
You need to ensure that User2 can implement PIM. What should you do first?

1. A. Assign User2 the Global administrator role.
2. B. Configure authentication methods for contoso.com.
3. C. Configure the identity secure score for contoso.com.
4. D. Enable multi-factor authentication (MFA) for User2.

Correct Answer: D
To start using PIM in your directory, you must first enable PIM.
* 1. Sign in to the Azure portal as a Global Administrator of your directory.
You must be a Global Administrator with an organizational account (for example, @yourdomain.com), not a Microsoft account (for example, @outlook.com), to enable PIM for a directory.
Scenario: Technical requirements include: Enable Azure AD Privileged Identity Management (PIM) for contoso.com
References:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-getting-started

- (Exam Topic 4)
You have an Azure subscription that contains the users shown in the following table.

Which users can enable Azure AD Privileged Identity Management (PIM)?

1. A. User2 and User3 only
2. B. User1 and User2 only
3. C. User2 only
4. D. User1 only

Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-deployment-plan

- (Exam Topic 3)
You implement the planned changes for ASG1 and ASG2.
In which NSGs can you use ASG1. and the network interfaces of which virtual machines can you assign to ASG2?

Solution:
Graphical user interface, text, application, chat or text message Description automatically generated

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A