You have an Azure subscription that contains the following resources:
•An Azure SQL Database logical server named Server1 that contains a database named DB1
•An Azure SQL Managed Instance named Instance1 that contains a database named DB2
You need to configure database auditing. The solution must meet the following requirements:
•Ensure that audit data is centrally available in a location that supports for KQL queries.
•Minimize ongoing administrative effort as additional databases are added.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You use Microsoft Security Copilot.
Security Copilot contributors currently create custom plugins for their own sessions and manage organization-wide custom plugins.
You need to prevent the contributors from managing the organization-wide custom plugins. The solution must NOT affect the contributors ' ability to create custom plugins for their own sessions.
What should you select in the Plugin settings?
You have a Microsoft Entra tenant that contains the users shown in the following table.
You use Microsoft Security Copilot.
From Microsoft Security Store, User1 attempts to deploy a partner built agent named Agent1 and reports that the Get agent option is unavailable.
You need to identify whether Agent1 can run in Security Copilot successfully. The solution must follow the principle of least privilege.
How should you complete the deployment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have Microsoft Security Copilot agents that authenticate by using Microsoft Entra service principals.
You receive a Microsoft Defender alert triggered by the anomalous OAuth authentication of an agent ' s Microsoft Entra service principal.
You need to assess the impact of the agent identity and identify which resources are affected if the identity is abused for lateral movement The solution must minimize administrative effort.
What should you do?
You have an Azure subscription named Sub1 that contains 50 virtual machines. Sub1 has Microsoft Defender for Cloud enabled.
Sub1 contains an Azure key vault named KV1 and an Azure policy that enforces storing all secrets in KV1.
Occasionally, the developers at your company store plaintext tokens and SSH private keys on the virtual machines.
You need to configure Defender for Cloud to detect plaintext secrets on the virtual machines. The solution must minimize administrative changes to the virtual machines.
How should you configure Defender for Cloud? To answer, select the appropriate options in the answer area
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the following servers:
•200 virtual machines that run either Windows Server or Ubuntu Server
•50 Azure Arc enabled servers
You use Azure Policy to manage compliance across all the servers.
You need to enforce an organization-specific security baseline. The solution must meet the following requirements:
•Customize a built-in security baseline.
•Ensure that configuration changes to the servers are enforced automatically after the security baseline is deployed.
♦Minimize administrative effort.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You are configuring a new Microsoft Sentinel workspace named Workspace1.
You have an external IT Service Management (ITSM) system that is NOT supported by any Microsoft Sentinel solutions in Azure Marketplace.
You need to ensure that Workspace1 creates service tickets in the ITSM system for all new security incidents.
What should you create?
You have a Microsoft 365 subscription.
You use Microsoft Entra Agent ID to manage an agent identity.
You manage AI agents from the Microsoft 365 admin center.
An autonomous agent named Agent1 runs without a signed-in user. The agent must access Microsoft Graph and read secrets from a single Azure key vault.
You need to grant Agent 1 access to Microsoft Graph and Key Vault without requiring user interaction or consent at runtime.
What should you do for the agent identity? To answer, drag the appropriate actions to the correct services. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have a management group named MG1 that contains two subscriptions named Sub1 and Sub2
Sub1 contains a resource group named RG-Exception and a resource group named RG1 that hosts Microsoft Foundry resources.
You need to assign an Azure policy to force new Foundry deployments in MG1 to use private endpoints. The solution must NOT restrict deployments in RG-Exception.
How should you configure the policy?
You have an Azure subscription named Sub1. Sub1 contains 20 virtual machines that run Windows Server.
Sub1 has the Microsoft Defender for Cloud Defender Cloud Security Posture Management (CSPM) plan enabled.
You need to ensure that all the virtual machines are scanned automatically for known security flaws and misconfigurations.
What should you use?
