NEW QUESTION 1

You have Microsoft Defender for Cloud assigned to Azure management groups. You have a Microsoft Sentinel deployment.
During the triage of alerts, you require additional information about the security events, including suggestions for remediation. Which two components can you use to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

• A. workload protections in Defender for Cloud
• B. threat intelligence reports in Defender for Cloud
• C. Microsoft Sentinel notebooks
• D. Microsoft Sentinel threat intelligence workbooks

Answer: A

NEW QUESTION 2

You need to recommend a solution to meet the security requirements for the virtual machines. What should you include in the recommendation?

• A. an Azure Bastion host
• B. a network security group (NSG)
• C. just-in-time (JIT) VM access
• D. Azure Virtual Desktop

Answer: A

NEW QUESTION 3

You have a customer that has a Microsoft 365 subscription and an Azure subscription.
The customer has devices that run either Windows, iOS, Android, or macOS. The Windows devices are deployed on-premises and in Azure.
You need to design a security solution to assess whether all the devices meet the customer's compliance rules. What should you include in the solution?

• A. Microsoft Information Protection
• B. Microsoft Defender for Endpoint
• C. Microsoft Sentinel
• D. Microsoft Endpoint Manager

Answer: D

NEW QUESTION 4

You need to recommend a strategy for securing the litware.com forest. The solution must meet the identity requirements. What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 5

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating the Azure Security Benchmark V3 report.
In the Secure management ports controls, you discover that you have 0 out of a potential 8 points. You need to recommend configurations to increase the score of the Secure management ports controls.
Solution: You recommend onboarding all virtual machines to Microsoft Defender for Endpoint. Does this meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 6

You need to recommend a solution to meet the AWS requirements.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 7

You have a customer that has a Microsoft 365 subscription and uses the Free edition of Azure Active Directory (Azure AD)
The customer plans to obtain an Azure subscription and provision several Azure resources. You need to evaluate the customer's security environment.
What will necessitate an upgrade from the Azure AD Free edition to the Premium edition?

• A. role-based authorization
• B. Azure AD Privileged Identity Management (PIM)
• C. resource-based authorization
• D. Azure AD Multi-Factor Authentication

Answer: A

NEW QUESTION 8

A customer has a Microsoft 365 E5 subscription and an Azure subscription.
The customer wants to centrally manage security incidents, analyze log, audit activity, and hunt for potential threats across all deployed services.
You need to recommend a solution for the customer. The solution must minimize costs. What should you include in the recommendation?

• A. Microsoft 365 Defender
• B. Microsoft Defender for Cloud
• C. Microsoft Defender for Cloud Apps
• D. Microsoft Sentinel

Answer: D

NEW QUESTION 9

You are designing a security strategy for providing access to Azure App Service web apps through an Azure Front Door instance.
You need to recommend a solution to ensure that the web apps only allow access through the Front Door instance.
Solution: You recommend access restrictions to allow traffic from the backend IP address of the Front Door instance.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 10

Your company is migrating data to Azure. The data contains Personally Identifiable Information (Pll). The company plans to use Microsoft Information Protection for the Pll data store in Azure. You need to recommend a solution to discover Pll data at risk in the Azure resources.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 11

Your company has an on-premises network, an Azure subscription, and a Microsoft 365 E5 subscription. The company uses the following devices:
• Computers that run either Windows 10 or Windows 11
• Tablets and phones that run either Android or iOS
You need to recommend a solution to classify and encrypt sensitive Microsoft Office 365 data regardless of where the data is stored. What should you include in the recommendation?

• A. eDiscovery
• B. retention policies
• C. Compliance Manager
• D. Microsoft Information Protection

Answer: A

NEW QUESTION 12

Your company has an on-premise network in Seattle and an Azure subscription. The on-premises network contains a Remote Desktop server.
The company contracts a third-party development firm from France to develop and deploy resources to the virtual machines hosted in the Azure subscription.
Currently, the firm establishes an RDP connection to the Remote Desktop server. From the Remote Desktop connection, the firm can access the virtual machines hosted in Azure by using custom administrative tools installed on the Remote Desktop server. All the traffic to the Remote Desktop server is captured by a firewall, and the firewall only allows specific connections from France to the server.
You need to recommend a modern security solution based on the Zero Trust model. The solution must minimize latency tor developers.
Which three actions should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. Configure network security groups (NSGs) to allow access from only specific logical groupings of IP address ranges.
• B. Implement Azure Firewall to restrict host pool outbound access.
• C. Configure Azure Active Directory (Azure AD) Conditional Access with multi-factor authentication (MFA) and named locations.
• D. Migrate from the Remote Desktop server to Azure Virtual Desktop.
• E. Deploy a Remote Desktop server to an Azure region located in France.

Answer: BDE

NEW QUESTION 13

Your company is designing an application architecture for Azure App Service Environment (ASE) web apps as shown in the exhibit. (Click the Exhibit tab.)

Communication between the on-premises network and Azure uses an ExpressRoute connection.
You need to recommend a solution to ensure that the web apps can communicate with the on-premises application server. The solution must minimize the number of public IP addresses that are allowed to access the on-premises network.
What should you include in the recommendation?

• A. Azure Traffic Manager with priority traffic-routing methods
• B. Azure Application Gateway v2 with user-defined routes (UDRs).
• C. Azure Front Door with Azure Web Application Firewall (WAF)
• D. Azure Firewall with policy rule sets

Answer: A

NEW QUESTION 14

You are designing an auditing solution for Azure landing zones that will contain the following components:
• SQL audit logs for Azure SQL databases
• Windows Security logs from Azure virtual machines
• Azure App Service audit logs from App Service web apps
You need to recommend a centralized logging solution for the landing zones. The solution must meet the following requirements:
• Log all privileged access.
• Retain logs for at least 365 days.
• Minimize costs.
What should you include in the recommendation? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 15

Your company uses Microsoft Defender for Cloud and Microsoft Sentinel. The company is designing an application that will have the architecture shown in the following exhibit.

You are designing a logging and auditing solution for the proposed architecture. The solution must meet the following requirements-.
• Integrate Azure Web Application Firewall (WAF) logs with Microsoft Sentinel.
• Use Defender for Cloud to review alerts from the virtual machines.
What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 16

You need to recommend a solution to resolve the virtual machine issue. What should you include in the recommendation?

• A. Onboard the virtual machines to Microsoft Defender for Endpoint.
• B. Onboard the virtual machines to Azure Arc.
• C. Create a device compliance policy in Microsoft Endpoint Manager.
• D. Enable the Qualys scanner in Defender for Cloud.

Answer: A

NEW QUESTION 17
......