deck-1 (m)

Question 1

License and Access Review

Answer 1

P2

Question 2

ACR accessing from SF office vnet and using MFA. 2 things for access control?

Answer 2

Disable admin and Set Firewall rule

Question 3

Storage Account V1 supported by AD authentication? need to upgrade to V2?

Answer 3

Yes, No

Question 4

VM update management and 2 related resources

Answer 4

Log Analytics workspace, Automation Account

Question 5

Enterprise App running non-interactive mode. What permission? Admin or User consent? Where to review the enterprise app? MDC or AD

Answer 5

App Permission, Admin consent. AD

Question 6

SQL injection attack. What to implement? ATP?

Answer 6

Advanced Threat Protection

Question 7

TLS certificate format for Web App to upload and Min Service plan

Answer 7

PFX and Basic. CRT for public key certificate.

Question 8

3 encryptions in SQL: at rest, column encryption, and in transit

Answer 8

TDE (Transparent Data Encryption), Always Encrypted, TLS/SSL encryption. DDM is not a encryption.

Question 8

cmd to create a spn (Service principal name) in AKS

Answer 8

az ad sp create-for-rbac

Question 8

Web app reading a secret from KV on behalf of users. What permission and consent?

Answer 8

Delegated permission + no admin consent (why? no write).

and no user consent either since it is not reading from user’s profile.

Question 9

Enterprise App reading all user profile within the tenant. Graph API scope, scope type, consent

Answer 9

Directory.Read.All, app-only (not app.only), and admin consent - Yes.

• why? running as a service

Question 9

Payroll manager reviews group membership. What implementation? Licenses?

Answer 9

Access Review, P2

Question 10

traffic going thru NVA. what routing solution?

Answer 10

UDR (User Defined Route)

Question 11

NSG migration to AKS environment. What implementation? NetworkPolicy or NetworkRule? What sub-elements?

Answer 11

NetworkPolicy

with ingress and port

Question 12

Locate the trusted data? Purview what?

Answer 12

Catalog

Question 13

a set of cloud-based experience at scale? Purview what?

Answer 13

Policy App

Question 14

discover what kinds of data? Purview what?

Answer 14

Data Estate Insights App

Question 15

Failed Login. Which KQL table?

Answer 15

SecurityEvent

Question 16

MDC logs to KQL what table? for example, Virus detection on a VM

Answer 16

SecurityAlert

Question 17

VM is power-off or resized. Which KQL table?

Answer 17

Operation

Question 18

KQL syntax for 5 days ago?

Answer 18

ago(5d)

ago(-5) XXX

(Get-Date).AddDays(-5) is not allowed powershell syntax in KQL

Question 19

A firewall in a vnet. 2 resources needed?

Answer 19

AzureFirewallSubnet, and a public IP

Question 20

webapp accessing a storage account. Authentication implementation?

Answer 20

managed identity

RBAC assignment is not for authentication.

Question 21

SPA with personal account login. which grant flow and account type, single or multi-tenant?

Answer 21

Implicit

to get token without performing server credential exchange. authorization code grant requires stores a client secrete or certificate. SPA cannot store it.

no tenant account type. Pick Personal only type.

Question 22

3 levels of KV

Answer 22

managed HSM, HSM-protected KV, software-protected KV

Question 23

what resource can trigger what NearExpiry?

Answer 23

EventGrid and Certificate

Question 24

Two KV key related roles?

Answer 24

Crypto Officer, Crypto Service Encryption user

Question 25

3 file share-level permissions and roles

Answer 25

SMB share reader
SMB share contributor
SMB share Elevated contributor

diff: to modify ACL

Question 26

MDC 2 roles for Regulatory Compliance Access

Answer 26

Resource Policy Contributor,
Security Admin

Question 27

PIM needs a consent?

Answer 27

No. It is automatically activated when visiting PIM portal page. To activate PIM, user needs to be in
a priv role (e.g. Global admin) and with P2 license.

Question 28

can set “Create remediate task” to Yes by doing what?

Answer 28

Creating/modifying policy your assignment

Question 29

For access review, P2 license needs to be assigned to all group members or group owner only?

Answer 29

group owner only