You have an Azure subscription that contains an Azure Blob storage account bolb1. You need to configure attribute-based access control (ABAC) for blob1. Which attributes can you use in access conditions?

A. blob index tags only

B. blob index tags and container names only

C. file extensions and container names only

D. blob index tags, file extensions, and container names

You have an Azure subscription that contains an Azure key vault named Vault1 and a virtual machine named VM1. VM1 has the Key Vault VM extension installed.
For Vault1, you rotate the keys, secrets, and certificates.
What will be updated automatically on VM1?

A. the keys only

B. the secrets only

C. the certificates only

D. the keys and secrets only

E. the secrets and certificates only

F. the keys, secrets, and certificates

You have an Azure subscription that contains an Azure Kubernetes Service (AKS) cluster named AKS1.
You have an Azure container registry that stores container images that were deployed by using Azure DevOps Microsoft-hosted agents.
You need to ensure that administrators can access AKS1 only from specific networks. The solution must minimize administrative effort.
What should you configure for AKS1?

A. an Application Gateway Ingress Controller (AGIC)

B. a private cluster

C. authorized IP address ranges

D. a private endpoint

You have an Azure subscription that contains an Azure SQL database named sql1.
You plan to audit sql1.
You need to configure the audit log destination. The solution must meet the following requirements:

Support querying events by using the Kusto query language.
Minimize administrative effort.

What should you configure?

A. an event hub

B. a storage account

C. a Log Analytics workspace

You have 10 virtual machines on a single subnet that has a single network security group (NSG).
You need to log the network traffic to an Azure Storage account.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Install the Network Performance Monitor solution.

B. Enable Azure Network Watcher.

C. Enable diagnostic logging for the NSG.

D. Enable NSG flow logs.

E. Create an Azure Log Analytics workspace

You have an Azure subscription that is linked to a Microsoft Entra tenant named contoso.com. In contoso.com, you register an app named App1. You need to perform the following tasks for App1:
• Add and configure the Mobile and desktop applications platform.
• Add the ipaddr optional claim.
Which two settings should you select for App1? To answer, select the appropriate settings in the answer area.
NOTE; Each correct selection is worth one point.

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

You have a network security group (NSG) bound to an Azure subnet. You run Get-AzureRmNetworkSecurityRuleConfig and receive the output shown in the following exhibit.

You have a Microsoft Entra tenant that uses Microsoft Entra Permissions Management and contains the accounts shown in the following table:



Which accounts will be listed as assigned to highly privileged roles on the Azure AD insights tab in the Entra Permissions Management portal?

A. Admin1 only

B. Admin2 and Admin3 only

C. Admin2 and Admin4 only

D. Admin1. Admin2, and Admin3 only

E. Admin2. Admin3, and Admin4 only

F. Admin1. Admin2, Admin3. and Admin4

You have an Azure Active Directory (Azure AD) tenant named contoso.com
You need to configure diagnostic settings for contoso.com. The solution must meet the following requirements:
• Retain loqs for two years.
• Query logs by using the Kusto query language
• Minimize administrative effort.
Where should you store the logs?

A. an Azure Log Analytics workspace

B. an Azure event hub

C. an Azure Storage account

You have an Azure subscription that contains a user named UseR1. You need to ensure that UseR1 can perform the following tasks:
• Create groups.
• Create access reviews for role-assignable groups.
• Assign Azure AD roles to groups.
The solution must use the principle of least privilege. Which role should you assign to User1?

A. Groups administrator

B. Authentication administrator

C. Identity Governance Administrator

D. Privileged role administrator

You have an Azure subscription that contains the resources shown in the following table.