Question 1

Your company has a main office and 10 branch offices. Each branch office contains an on-premises

file server that runs Windows Server and multiple devices that run either Windows 11 or macOS. The

devices are enrolled in Microsoft Intune.

You have a Microsoft Entra tenant.

You need to deploy Global Secure Access to implement web filtering for device traffic to the internet

The solution must ensure that all the web traffic from the devices in the branch offices is controlled

by using Global Secure Access.

What should you do first in each branch office?

Options :

A : Configure an Intune policy to deploy the Global Secure Access client to each device

B : Configure an IPsec tunnel on the router.

C : Install the Microsoft Entra private network connector on the file server.

D : Configure an Intune policy to onboard Microsoft Defender for Endpoint to each device.

Answer: B

Question 2

A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an

Azure subscription.

All the on-premises servers in the perimeter network are prevented from connecting directly to the

internet.

The customer recently recovered from a ransomware attack.

The customer plans to deploy Microsoft Sentinel.

You need to recommend configurations to meet the following requirements:

Ensure that the security operations team can access the security logs and the operation logs.

Ensure that the IT operations team can access only the operations logs, including the event logs of

the servers in the perimeter network.

Which two configurations can you include in the recommendation? Each correct answer presents a

complete solution. NOTE: Each correct selection is worth one point.

Options :

A : Configure Azure Active Directory (Azure AD) Conditional Access policies.

B : Use the Azure Monitor agent with the multi-homing configuration.

C : Implement resource-based role-based access control (RBAC) in Microsoft Sentinel.

D : Create a custom collector that uses the Log Analytics agent.

Answer: B,C

Question 3

Your company is developing a modern application that will run as an Azure App Service web app. You plan to perform threat modeling to identify potential security issues by using the Microsoft Threat Modeling Tool. Which type of diagram should you create?

Options :

A : data flow

B : system flow

C : process flow

D : network flow

Answer: A

Question 4

You are designing the encryption standards for data at rest for an Azure resource

You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256

keys. The solution must support rotating the encryption keys monthly.

Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses customer-managed keys (CMKs).

Does this meet the goal?

Options :

A : Yes

B : No

Answer: B

Question 5

You have a Microsoft 365 tenant. Your company uses a third-party software as a service (SaaS) app named App1. App1 supports authenticating users by using Azure AO credentials. You need to recommend a solution to enable users to authenticate to App1 by using their Azure AD credentials. What should you include in the recommendation?

Options :

A : an Azure AD enterprise application

B : a retying party trust in Active Directory Federation Services (AD FS)

C : Azure AD Application Proxy

D : Azure AD B2C

Answer: C