Question 1

A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an

Azure subscription.

All the on-premises servers in the perimeter network are prevented from connecting directly to the

internet.

The customer recently recovered from a ransomware attack.

The customer plans to deploy Microsoft Sentinel.

You need to recommend configurations to meet the following requirements:

Ensure that the security operations team can access the security logs and the operation logs.

Ensure that the IT operations team can access only the operations logs, including the event logs of

the servers in the perimeter network.

Which two configurations can you include in the recommendation? Each correct answer presents a

complete solution. NOTE: Each correct selection is worth one point.

Options :

A : Configure Azure Active Directory (Azure AD) Conditional Access policies.

B : Use the Azure Monitor agent with the multi-homing configuration.

C : Implement resource-based role-based access control (RBAC) in Microsoft Sentinel.

D : Create a custom collector that uses the Log Analytics agent.

Answer: B,C

Question 2

Your company has devices that run either Windows 10, Windows 11, or Windows Server.

You are in the process of improving the security posture of the devices.

You plan to use security baselines from the Microsoft Security Compliance Toolkit.

What should you recommend using to compare the baselines to the current device configurations?

Options :

A : Microsoft Intune

B : Policy Analyzer

C : Local Group Policy Object (LGPO)

D : Windows Autopilot

Answer: B

Question 3

Your company is developing a modern application that will run as an Azure App Service web app. You plan to perform threat modeling to identify potential security issues by using the Microsoft Threat Modeling Tool. Which type of diagram should you create?

Options :

A : data flow

B : system flow

C : process flow

D : network flow

Answer: A

Question 4

You are designing the encryption standards for data at rest for an Azure resource

You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256

keys. The solution must support rotating the encryption keys monthly.

Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses customer-managed keys (CMKs).

Does this meet the goal?

Options :

A : Yes

B : No

Answer: B

Question 5

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You are evaluating

the Azure Security Benchmark V3 report.

In the Secure management ports controls, you discover that you have 0 out of a potential 8 points.

You need to recommend configurations to increase the score of the Secure management ports

controls.

Solution: You recommend onboarding all virtual machines to Microsoft Defender for Endpoint.

Does this meet the goal?

Options :

A : Yes

B : No

Answer: B