You have an Azure subscription that contains a resource group named RG1. RG1 contains a virtual machine named VM1 that uses Azure Active Directory (Azure AD) authentication.
You have two custom Azure roles named Role1 and Role2 that are scoped to RG1.
The permissions for Role1 are shown in the following JSON code.



You assign the roles to the users shown in the following table.

You have an Azure subscription named Subscription1.
You need to view which security settings are assigned to Subscription1 by default.
Which Azure policy or initiative definition should you review?

A. the Audit diagnostic setting policy definition

B. the Enable Monitoring in Azure Security Center initiative definition

C. the Enable Azure Monitor for VMs initiative definition

D. the Azure Monitor solution ‘Security and Audit’ must be deployed policy definition

You have an Azure subscription.
You plan to use Microsoft Defender for Cloud to provide AI security posture management capabilities.
You need to recommend a Defender for Cloud plan that supports the deployment requirements. The solution must minimize costs.
What should you recommend?

A. Microsoft Defender for App Service

B. Microsoft Defender for APIs

C. Foundational Cloud Security Posture Management (CSPM

D. Defender Cloud Security Posture Management (CSPM)

You have an Azure key vault named Vault1 that stores the resources shown in the following table.



Which resources support the creation of a rotation policy?

A. Key 1 only

B. Cert1 only

C. Key1 and Secret1 only

D. Key1 and Cert1 only

E. Secret1 and Cert1 only

F. Key1, Secret1, and Cert1

Lab Task
use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password. place your cursor in the Enter password box and click on the password below.

Azure Username: Userl -28681041@ExamUsers.com
Azure Password: GpOAe4@lDg

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 28681041

Task 3

The developers at your company plan to create a web app named App28681041 and to publish the app to https://www.contoso.com. You need to perform the following tasks:

• Ensure that App28681041 is registered to Azure AD.
• Generate a password for App28681041.

You have an Azure subscription that contains a user named User1 and a storage account named storage 1. The storage1 account contains the resources shown in the following table:

You have an Azure subscription named Subscription1.
You deploy a Linux virtual machine named VM1 to Subscription1.
You need to monitor the metrics and the logs of VM1.
D18912E1457D5D1DDCBD40AB3BF70D5D
What should you use?

A. the AzurePerformanceDiagnostics extension

B. Azure HDInsight

C. Linux Diagnostic Extension (LAD) 3.0

D. Azure Analysis Services

You have an Azure subscription linked to an Azure Active Directory Premium Plan 1 tenant.
You plan to implement Azure Active Directory (Azure AD) Identity Protection.
You need to ensure that you can configure a user risk policy and a sign-in risk policy.
What should you do first?

A. Purchase Azure Active Directory Premium Plan 2 licenses for all users.

B. Register all users for Azure Multi-Factor Authentication (MFA).

C. Enable security defaults for Azure AD.

D. Upgrade Azure Security Center to the standard tier.

You have the Azure Information Protection conditions shown in the following table.



You need to identify how Azure Information Protection will label files.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure subscription that uses Microsoft Defender for Cloud.
You have an Amazon Web Service (AWS) account named AWS1 that is connected to defender for Cloud.
You need to ensure that AWS foundational Security Best Practices. The solution must minimize administrate effort.
What should do you in Defender for Cloud?

A. Create a new customer assessment.

B. Assign a built-in assessment.

C. Assign a built-in compliance standard.

D. Create a new custom standard.