You create an Azure subscription.
You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure AD roles.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You have an Azure subscription that contains a key vault and an Azure SQL server. You need to deploy an Azure SQL database that uses Transparent Data Encryption (TDE) and a customer-managed key. What should you create before you deploy the database?

A. An app registration

B. A standard general-purpose v2 storage account

C. A user-assigned managed identity

D. A user account that is assigned the SQL Security Manager role

You have an Azure subscription that contains the resources shown in the following table.



You plan to deploy an Azure Private Link service named APL1.
Which resource must you reference during the creation of APL1?

A. VMSS1

B. VM1

C. SQL

D. LB1

You have an Azure subscription that contains an Azure key vault and an Azure SQL database named SQL1.
You generate a key named Key1.
You need to enable Transparent Data Encryption (TDE) for SQL1 by using Key1.
Which two settings should you modify for Key1? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.

You need to recommend which virtual machines to use to host App1. The solution must meet the technical requirements for KeyVault1.
Which virtual machines should you use?

A. VM1 only

B. VM1 and VM2 only

C. VM1, VM2, and VM4 only

D. VM1, VM2, VM3. and VM4

You have an Azure subscription that contains the resources shown in the following table.



User1 is a member of Group1. Group1 and User2 are assigned the Key Vault Contributor role for Vault1.
On January 1, 2019, you create a secret in Vault1. The secret is configured as shown in the exhibit. (Click the Exhibit tab.)



User2 is assigned an access policy to Vault1. The policy has the following configurations:

Key Management Operations: Get, List, and Restore
Cryptographic Operations: Decrypt and Unwrap Key
Secret Management Operations: Get, List, and Restore

Group1 is assigned an access to Vault1. The policy has the following configurations:

Key Management Operations: Get and Recover
Secret Management Operations: List, Backup, and Recover
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

You have an Azure subscription that contains the virtual machines shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.



You need to identify which initiatives and policies you can add to Subscription1 by using Azure Security Center.
What should you identify?

A. Policy1 and Policy2 only

B. Initiative1 only

C. Initiative1 and Initiative2 only

D. Initiative1, Initiative2, Policy1, and Policy2

You have a Microsoft Entra tenant named contoso.com. The tenant contains the users shown in the following table.



Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

You plan to deploy an app that will modify the properties of Azure Active Directory (Azure AD) users by using Microsoft Graph. You need to ensure that the app can access Azure AD. What should you configure first?

A. a custom role-based access control (RBAC) role

B. an external identity

C. an Azure AD Application Proxy

D. an app registration