Question 301
HOTSPOT
-
You have an Azure subscription named Sub1 that contains the resource groups shown in the following table.
You create the Azure Policy definition shown in the following exhibit.
You assign the policy to Sub1.
You plan to create the resources shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Question 302
Your on-premises network contains a Hyper-V virtual machine named VM1.
You need to use Azure Arc to onboard VM1 to Microsoft Defender for Cloud.
What should you install first?
A. the guest configuration agent
B. the Azure Monitor agent
C. the Log Analytics agent
D. the Azure Connected Machine agent
Question 303
You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud.
You have the management group hierarchy shown in the following exhibit.
You create the definitions shown in the following table.
You need to use Defender for Cloud to add a security policy.
Which definitions can you use as a security policy?
A. Policy1 only
B. Policy1 and Initiative1 only
C. Initiative1 and Initiative2 only
D. Initiative1, Initiative2, and Initiative3 only
E. Policy1, Initiative1, Initiative2, and Initiative3
Question 304
You have an Azure subscription that contains a Microsoft Defender External Attack Surface Management (Defender EASM) resource named EASM1. EASM1 has discovery enabled and contains several inventory assets.
You need to identify which inventory assets are vulnerable to the most critical web app security risks.
Which Defender EASM dashboard should you use?
A. Security Posture
B. OWASP Top 10
C. Attack Surface Summary
D. GDPR Compliance
Question 305
You have an Azure subscription that uses Microsoft Defender for Cloud.
You need to use Defender for Cloud to review regulatory compliance with the Azure CIS 1.4.0 standard. The solution must minimize administrative effort.
What should you do first?
A. Assign an Azure policy.
B. Disable one of the Out of the box standards.
C. Manually add the Azure CIS 1.4.0 standard.
D. Add a custom initiative.
Question 306
You have an Azure subscription that contains an Azure key vault named Vault1 and a virtual machine named VM1.
VM1 is connected to a virtual network named VNet1.
You need to allow access to Vault1 only from VM1.
What should you do in the Networking settings of Vault1?
A. From the Firewalls and virtual networks tab, add the IP address of VM1.
B. From the Private endpoint connections tab, create a private endpoint for VM1.
C. From the Firewalls and virtual networks tab, add VNet1.
D. From the Firewalls and virtual networks tab, set Allow trusted Microsoft services to bypass this firewall to Yes for Vault1.
Question 307
You have an Azure subscription.
You create a new virtual network named VNet1.
You plan to deploy an Azure web app named App1 that will use VNet1 and will be reachable by using private IP addresses. The solution must support inbound and outbound network traffic.
What should you do?
A. Create an Azure App Service Hybrid Connection.
B. Create an Azure application gateway.
C. Create an App Service Environment.
D. Configure regional virtual network integration.
Question 308
You have an Azure subscription and the computers shown in the following table.
You need to perform a vulnerability scan of the computers by using Microsoft Defender for Cloud.
Which computers can you scan?
A. VM1 only
B. VM1 and VM2 only
C. Server1 and VMSS1_0 only
D. VM1, VM2, and Server1 only
E. VM1, VM2, Server 1, and VMSS1_0
Question 309
You have an Azure subscription that uses Microsoft Defender for Cloud. The subscription contains the Azure Policy definitions shown in the following table.
Which definitions can be assigned as a security policy in Defender for Cloud?
A. Policy1 and Policy2 only
B. Initiative1 and Initiative2 only
C. Policy1 and Initiative1 only
D. Policy2 and Initiative2 only
E. Policy1, Policy2, Initiative1, and Initiative2
Question 310
HOTSPOT
-
On Monday, you configure an email notification in Microsoft Defender for Cloud to notify [email protected] about alerts that have a severity level of Low, Medium, or High.
On Tuesday, Microsoft Defender for Cloud generates the security alerts shown in the following table.
How many email notifications will [email protected] receive on Tuesday? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
