You have an Azure subscription that contains the following Azure firewall:

• Name: Fw1
• Azure region: UK West
• Private IP address: 10.1.3.4
• Public IP address: 23.236.62.147

The subscription contains. The virtual networks shown in the following table.

Your company has an Azure Active Directory (Azure AD) tenant named contoso.com.
The company is developing an application named App1. App1 will run as a service on server that runs Windows Server 2016. App1 will authenticate to contoso.com and access Microsoft Graph to read directory data.
You need to delegate the minimum required permissions to App1.
Which three actions should you perform in sequence from the Azure portal? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You have an Azure subscription that contains an app named App1. App1 has the app registration shown in the following table.



You need to ensure that App1 can read all user calendars and create appointments. The solution must use the principle of least privilege.
What should you do?

A. Add a new Delegated API permission for Microsoft.Graph Calendars.ReadWrite.

B. Add a new Application API permission for Microsoft.Graph Calendars.ReadWrite.

C. Select Grant admin consent.

D. Add a new Delegated API permission for Microsoft.Graph Calendars.ReadWrite.Shared.

You have an Azure subscription that contains three storage accounts, an Azure SQL managed instance named SQL and three Azure SQL databases. The storage accounts are configured as shown in the following table.
SQ11 has the following settings:

• Auditing: On
• Audit tog destination: storage1

The Azure SQL databases are configured as shown in the following table.

You have an Azure subscription that contains a resource group named RG1 and the network security groups (NSGs) shown in the following table.



You assign the policy to RG1.
What will occur if you assign the policy to NSG1 and NSG2?

A. Flow logs will be enabled for NSG1 and NSG2.

B. Flow logs will be enabled for NSG2 only.

C. Flow logs will be disabled for NSG1 and NSG2.

D. Flow logs will be enabled for NSG1 only.

You have a file named File1.yaml that contains the following contents.



You create an Azure container instance named container1 by using File1.yaml.
You need to identify where you can access the values of Variable1 and Variable2.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have a management group named Group1 that contains an Azure subscription named sub1. Sub1 has a subscription ID of 11111111-1234-1234-1234-1111111111.
You need to create a custom Azure role-based access control (RBAC) role that will delegate permissions to manage the tags on all the objects in Group1.
What should you include in the role definition of Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains the virtual networks shown in the following table.
The subscription contains the virtual machines shown in the following table.
You have a storage account named contoso2024 that contains the following resources:

• A container named Contained that contains a file named File1
• A file share named Share1 that contains a file named File2

You create a private endpoint for contoso2024 as shown in the following exhibit.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

You have two Azure virtual machines in the East US2 region as shown in the following table.



You deploy and configure an Azure Key vault.
You need to ensure that you can enable Azure Disk Encryption on VM1 and VM2.
What should you modify on each virtual machine? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains the resources shown in the following table.



You need to configure storage1 to regenerate keys automatically every 90 days. Which cmdlet should you run?

A. set -A=StorageAccount

B. Add-A:StorogcAccountmanagementPolicyAction

C. Set-A;StorageAccountimanagementPolicy

D. Add-AsKeyVaultmanageStorageAccount