After you migrate App1 to Azure, you need to enforce the data modification requirements to meet the security and compliance requirements.
What should you do?
A.Create an access policy for the blob service.
B.Implement Azure resource locks.
C.Create Azure RBAC assignments.
D.Modify the access level of the blob service.
You have an Azure subscription that contains a custom application named Application1. Application1 was developed by an external company named Fabrikam, Ltd. Developers at Fabrikam were assigned role-based access control (RBAC) permissions to the Application1 components. All users are licensed for the Microsoft 365 E5 plan.
You need to recommend a solution to verify whether the Fabrikam developers still require permissions to Application1. The solution must meet the following requirements:
To the manager of the developers, send a monthly email message that lists the access permissions to Application1.
If the manager does not verify an access permission, automatically revoke that permission. Minimize development effort.
What should you recommend?
A.In Azure Active Directory (Azure AD), create an access review of Application1.
B.Create an Azure Automation runbook that runs the Get-AzRoleAssignment cmdlet.
C.In Azure Active Directory (Azure AD) Privileged Identity Management, create a custom role assignment for the Application1 resources.
D.Create an Azure Automation runbook that runs the Get-AzureADUserAppRoleAssignment cmdlet.
You have an Azure subscription. The subscription has a blob container that contains multiple blobs.
Ten users in the finance department of your company plan to access the blobs during the month of April.
You need to recommend a solution to enable access to the blobs during the month of April only. Which security solution should you include in the recommendation?
A.shared access signatures (SAS)
B.Conditional Access policies
C.certificates
D.access keys
You have an Azure Active Directory (Azure AD) tenant that syncs with an on-premises Active Directory domain.
You have an internal web app named WebApp1 that is hosted on-premises. WebApp1 uses Integrated Windows authentication.
Some users work remotely and do NOT have VPN access to the on-premises network. You need to provide the remote users with single sign-on (SSO) access to WebApp1.
Which two features should you include in the solution? Each correct answer presents part of the solution.
A.Azure AD Application Proxy
B.Azure AD Privileged Identity Management (PIM)
C.Conditional Access policies
D.Azure Arc
E.Azure AD enterprise applications
F.Azure Application Gateway
You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group1. Group1 is configured for assigned membership. Group1 has 50 members, including 20 guest users.
You need to recommend a solution for evaluating the membership of Group1. The solution must meet the following requirements:
The evaluation must be repeated automatically every three months.
Every member must be able to report whether they need to be in Group1.
Users who report that they do not need to be in Group1 must be removed from Group1 automatically.
Users who do not report whether they need to be in Group1 must be removed from Group1 automatically.
What should you include in the recommendation?
A.Implement Azure AD Identity Protection.
B.Change the Membership type of Group1 to Dynamic User.
C.Create an access review.
D.Implement Azure AD Privileged Identity Management (PIM).
You plan to deploy Azure Databricks to support a machine learning application. Data engineerswill mount an Azure Data Lake Storage account to the Databricks file system. Permissions to folders are granted directly to the data engineers.
You need to recommend a design for the planned Databrick deployment. The solution must meet the following requirements:
Ensure that the data engineers can only access folders to which they have permissions. Minimize development effort.
Minimize costs.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
You plan to deploy an Azure web app named App1 that will use Azure Active Directory (Azure AD) authentication.
App1 will be accessed from the internet by the users at your company. All the users have computers that run Windows 10 and are joined to Azure AD.
You need to recommend a solution to ensure that the users can connect to App1 without being prompted for authentication and can access App1 only from company-owned computers.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
Your company deploys several virtual machines on-premises and to Azure. ExpressRoute is being deployed and configured for on-premises to Azure connectivity.
Several virtual machines exhibit network connectivity issues.
You need to analyze the network traffic to identify whether packets are being allowed or denied to the virtual machines.
Solution: Use Azure Traffic Analytics in Azure Network Watcher to analyze the network traffic. Does this meet the goal?
A.Yes B.No
Your company deploys several virtual machines on-premises and to Azure. ExpressRoute is deployed and configured for on-premises to Azure connectivity.
Several virtual machines exhibit network connectivity issues.
You need to analyze the network traffic to identify whether packets are being allowed or denied to the virtual machines.
Solution: Use Azure Advisor to analyze the network traffic. Does this meet the goal?
A.Yes B.No
