You have an Azure SQL Database server named SQL1.
You plan to turn on Advanced Threat Protection for SQL1 to detect all threat detection types.
Which action will Advanced Threat Protection detect as a threat?

A. A user updates more than 50 percent of the records in a table.

B. A user attempts to sign as SELECT * from table1.

C. A user is added to the db_owner database role.

D. A user deletes more than 100 records from the same table.

Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.
After syncing all on-premises identities to Azure AD, you are informed that users with a givenName attribute starting with LAB should not be allowed to sync to Azure AD.
Which of the following actions should you take?

A. You should make use of the Synchronization Rules Editor to create an attribute-based filtering rule.

B. You should configure a DNAT rule on the Firewall.

C. You should configure a network traffic filtering rule on the Firewall.

D. You should make use of Active Directory Users and Computers to create an attributebased filtering rule.

Your company recently created an Azure subscription.
You have been tasked with making sure that a specified user is able to implement Azure AD Privileged Identity Management (PIM).
Which of the following is the role you should assign to the user?

A. The Global administrator role.

B. The Security administrator role.

C. The Password administrator role.

D. The Compliance administrator role.

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant and a user named User1.
The App registrations settings for the tenant are configured as shown in the following exhibit.



You plan to deploy an app named App1.
You need to ensure that User1 can register App1 in Azure AD. The solution must use the principle of least privilege.
Which role should you assign to User1?

A. App Configuration Data Owner for the subscription

B. Managed Application Contributor for the subscription

C. Cloud application administrator in Azure AD

D. Application developer in Azure AD.

Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
The company develops an application named App1. App1 is registered in Azure AD.
You need to ensure that App1 can access secrets in Azure Key Vault on behalf of the application users.
What should you configure?

A. an application permission without admin consent

B. a delegated permission without admin consent

C. a delegated permission that requires admin consent

D. an application permission that requires admin consent

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.



You create a custom RBAC role in Subscription1 by using the following JSON file.

You have an Azure Active Directory (Azure AD) tenant that contains the resources shown in the following table.



User2 is the owner of Group2.
The user and group settings for App1 are configured as shown in the following exhibit.



User3 is configured to approve access to Appl.
You need to identify the owners of Group2 and the users of Appl.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure subscription.
You plan to map an online infrastructure and perform vulnerability scanning for the following:

• ASNs
• Hostnames
• IP addresses
• SSL certificates

What should you use?

A. Microsoft Defender for Cloud

B. Microsoft Defender for Identity

C. Microsoft Defender for Endpoint

D. Microsoft Defender External Attack Surface Management (Defender EASM)

You have an Azure subscription that uses Microsoft Defender for Cloud.
You have an Amazon Web Services (AWS) account.
You need to ensure that when you deploy a new AWS Elastic Compute Cloud (EC2) instance, the Microsoft Defender for Servers agent installs automatically.
What should you configure first?

A. the log Analytics agent

B. the Azure Monitor agent

C. the native cloud connector

D. the classic cloud connector

You have an Azure AD tenant that contains 500 users and an administrative unit named AU1.
From the Azure Active Directory admin center, you plan to add the users to AU1 by using Bulk add members.
You need to create and upload a file for the bulk add.
What should you include in the file?

A. only the display name of each user

B. only the user principal name (UPN) of each user

C. only the object identifier of each user

D. only the user principal name (UPN) and object identifier of each user

E. Only the user principal name (UPN) and display name of each user