You create a new Azure subscription that is associated to a new Azure Active Directory (Azure AD) tenant.
You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the Microsoft Azure Management cloud app.
The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.)

You have a Azure subscription that contains an Azure Container Registry named Registry1. The subscription uses the Standard use tier of Azure Security Center.
You upload several container images to Register1.
You discover that vulnerability security scans were not performed
You need to ensured that the images are scanned for vulnerabilities when they are uploaded to Registry1. What should you do?

A. From the Azure portal modify the Pricing tier settings.

B. From Azure CLI, lock the container images.

C. Upload the container images by using AzCopy

D. Push the container images to Registry1 by using Docker

You have an Azure subscription that contains the Azure virtual machines shown in the following table.

You create an MDM Security Baseline profile named Profile1.
You need to identify to which virtual machines Profile1 can be applied.
Which virtual machines should you identify?

A. VM1 only

B. VM1, VM2, and VM3 only

C. VM1 and VM3 only

D. VM1, VM2, VM3, and VM4

You have an Azure subscription that contains the storage accounts shown in the following table.

You have a hybrid configuration of Azure Active Directory (Azure AD).
All users have computers that run Windows 10 and are hybrid Azure AD joined.
You have an Azure SQL database that is configured to support Azure AD authentication.
Database developers must connect to the SQL database by using Microsoft SQL Server Management Studio (SSMS) and authenticate by using their on-premises Active Directory account.
You need to tell the developers which authentication method to use to connect to the SQL database from SSMS. The solution must minimize authentication prompts.
Which authentication method should you instruct the developers to use?

A. SQL Login

B. Active Directory – Universal with MFA support

C. Active Directory – Integrated

D. Active Directory – Password

Lab Task
use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password. place your cursor in the Enter password box and click on the password below.
Azure Username: Userl -28681041@ExamUsers.com
Azure Password: GpOAe4@lDg
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 28681041
Task 1
You need to configure Azure to allow RDP connections from the Internet to a virtual machine named VM1. The solution must minimize the attack surface of VM1.

You have an Azure subscription. The subscription contains a virtual network named VNet1 that contains the subnets shown in the following table.

A. App4 only

B. App3 and App4 only

C. App2, App3, and App4 only

D. App1, App2, App3, andApp4

You have an app that uses an Azure SQL database. You need to be notified if a SQL injection attack is launched against the database. What should you do?

A. Modify the Diagnostics settings for the database.

B. Deploy the SQL Health Check solution in Azure Monitor.

C. Enable Azure Defender for SQL for the database.

D. Enable server-level auditing for the database

You have an Azure subscription named Sub1. Sub1 contains a virtual network named VNet1 that contains one subnet named Subnet1. Subnet1 contains an Azure virtual machine named VM1 that runs Ubuntu Server 20.04. You create a service endpoint for Microsoft. Storage in Subnet1. You need to ensure that when you deploy Docker containers to VM1, the containers can access Azure Storage resources by using the service endpoint. What should you do on VM1 before you deploy the container?

A. Create an application security group and a network security group (NSG).

B. Install the container network interface (CNI) plug-in.

C. Edit the docker-compose.ym1 file

Lab Task
Task 5
A user named Debbie has the Azure app installed on her mobile device.
You need to ensure that debbie@contoso.com is alerted when a resource lock is deleted.