You have a management group named MG1 that contains an Azure subscription and a resource group named RG1. RG1 contains a virtual machine named VM1. You have the custom Azure roles shown in the following table.

You have an Azure subscription.
You plan to create a workflow automation in Microsoft Defender for Cloud that will automatically remediate a security vulnerability.
What should you create first?

A. an Azure function app

B. an automation account

C. a managed identity

D. an alert rule

E. an Azure logic app

You have an Azure subscription that contains a Microsoft Defender External Attack Surface Management (Defender EASM) resource named EASM1. You review the Attack Surface Summary dashboard. You need to identify the following insights:
• Deprecated technologies that are no longer supported
• Infrastructure that will soon expire
Which section of the dashboard should you review?

A. Securing the Cloud

B. Sensitive Services

C. attack surface composition

D. Attack Surface Priorities

You have an Azure Active Directory (Azure AD) tenant and a root management group. You create 10 Azure subscriptions and add the subscriptions to the rout management group. You need to create an Azure Blueprints definition that will be stored in the root management group. What should you do first?

A. Add an Azure Policy definition to the root management group.

B. Modify the role-based access control (RBAC) role assignments for the root management group.

C. Create a user-assigned identity.

D. Create a service principal.

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

You have an Azure subscription that contains an Azure SQL database named SQLDB1. SQLDB1 contains the columns shown in the following table.

You have an Azure subscription that is linked to an Azure AD tenant and contains the resources shown in the following table.

A. Managed1 and App1 only

B. Group1 and Managed1 only

C. Group1. Managed1, and VM2only

D. Group1, Managed1, VM1. and App1 only

You have an Azure subscription that contains the resources shown in the following table.

You have an Azure subscription that contains a user named Adminl1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer.
Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center.
You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1.
What should you do?

A. Create and configure an additional public IP address for VM 1.

B. Replace the Basic Load Balancer with an Azure Standard Load Balancer.

C. Assign an Azure Active Directory Premium Plan 1 license to Admin1.

D. Create and configure a network security group (NSG).

You have an Azure subscription that contains the resources shown in the following table.