PDF + Testing Engine
Testing Engine (only)
PDF (only)
You have an Azure Active Directory (Azure AD) tenant named contoso.comYou need to configure diagnostic settings for contoso.com. The solution must meet thefollowing requirements:• Retain loqs for two years.• Query logs by using the Kusto query language• Minimize administrative effort.Where should you store the logs?
A. an Azure Log Analytics workspace
B. an Azure event hub
C. an Azure Storage account
You plan to create an Azure Kubernetes Service (AKS) cluster in an Azure subscription.The manifest of the registered server application is shown in the following exhibit. You need to ensure that the AKS cluster and Azure Active Directory (Azure AD) areintegrated.Which property should you modify in the manifest?
A. accessTokenAcceptedVersion
B. keyCredentials
C. groupMembershipClaims
D. acceptMappedClaims
You have an Azure subscription that contains an app named App1. App1 has the appregistration shown in the following table. You need to ensure that App1 can read all user calendars and create appointments. Thesolution must use the principle of least privilege.What should you do?
A. Add a new Delegated API permission for Microsoft.Graph Calendars.ReadWrite.
B. Add a new Application API permission for Microsoft.Graph Calendars.ReadWrite.
C. Select Grant admin consent.
D. Add a new Delegated API permission for Microsoft.Graph Calendars.ReadWrite.Shared.
You have an Azure Active Directory (Azure AD) tenant.You need to prevent nonprivileged Azure AD users from creating service principals inAzure AD.What should you do in the Azure Active Directory admin center of the tenant?
A. From the Properties Wade, set Enable Security defaults to Yes.
B. From the Properties blade, set Access management fen Azure resources to No
C. From the User settings blade, set Users can register applications to No
D. From the User settings blade, set Restrict access to Azure AD administration portal toYes.
You have an Azure subscription named Sub1.In Azure Security Center, you have a workflow automation named WF1. WF1 is configuredto send an email message to a user named User1.You need to modify WF1 to send email messages to a distribution group named Alerts.What should you use to modify WF1?
A. Azure Application Insights
B. Azure Monitor
C. Azure Logic Apps Designer
D. Azure DevOps
You have an Azure subscription that contains 100 virtual machines and has Azure SecurityCenter Standard tier enabled.You plan to perform a vulnerability scan of each virtual machine.You need to deploy the vulnerability scanner extension to the virtual machines by using anAzure Resource Manager template.Which two values should you specify in the code to automate the deployment of theextension to the virtual machines? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
A. the user-assigned managed identity
B. the workspace ID
C. the Azure Active Directory (Azure AD) ID
D. the Key Vault managed storage account key
E. the system-assigned managed identity
F. the primary shared key
You have multiple development teams that will create apps in Azure.You plan to create a standard development environment that will be deployed for eachteam.You need to recommend a solution that will enforce resource locks across the developmentenvironments and ensure that the locks are applied in a consistent manner.What should you include in the recommendation?
A. an Azure policy
B. an Azure Resource Manager template
C. a management group
D. an Azure blueprint
You have an Azure Sentinel deployment.You need to create a scheduled query rule named Rule1.What should you use to define the query rule logic for Rule1?
A. a Transact-SQL statement
B. a JSON definition
C. GraphQL
D. a Kusto query
You have an app that uses an Azure SQL database.You need to be notified if a SQL injection attack is launched against the database.What should you do?
A. Modify the Diagnostics settings for the database.
B. Deploy the SQL Health Check solution in Azure Monitor.
C. Enable Azure Defender for SQL for the database.
D. Enable server-level auditing for the database.
You have an Azure subscription that contains the virtual machines shown in the followingtable. All the virtual networks are peered.You deploy Azure Bastion to VNET2.Which virtual machines can be protected by the bastion host?
A. VM1, VM2, VM3, and VM4
B. VM1, VM2, and VM3 only
C. VM2 and VM4 only
D. VM2 only
TESTED 28 October 2023