You need to recommend which virtual machines to use to host App1. The solution must meet the technical requirements for KeyVault1.
Which virtual machines should you use?

A. VM1 only

B. VM1 and VM2 only

C. VM1, VM2, and VM4 only

D. VM1, VM2, VM3. and VM4

You have an Azure subscription that contains the resources shown in the following table.



User1 is a member of Group1. Group1 and User2 are assigned the Key Vault Contributor role for Vault1.
On January 1, 2019, you create a secret in Vault1. The secret is configured as shown in the exhibit. (Click the Exhibit tab.)



User2 is assigned an access policy to Vault1. The policy has the following configurations:

Key Management Operations: Get, List, and Restore
Cryptographic Operations: Decrypt and Unwrap Key
Secret Management Operations: Get, List, and Restore

Group1 is assigned an access to Vault1. The policy has the following configurations:

Key Management Operations: Get and Recover
Secret Management Operations: List, Backup, and Recover
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

You have an Azure subscription that contains the virtual machines shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.



You need to identify which initiatives and policies you can add to Subscription1 by using Azure Security Center.
What should you identify?

A. Policy1 and Policy2 only

B. Initiative1 only

C. Initiative1 and Initiative2 only

D. Initiative1, Initiative2, Policy1, and Policy2

You have a Microsoft Entra tenant named contoso.com. The tenant contains the users shown in the following table.



Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

You plan to deploy an app that will modify the properties of Azure Active Directory (Azure AD) users by using Microsoft Graph. You need to ensure that the app can access Azure AD. What should you configure first?

A. a custom role-based access control (RBAC) role

B. an external identity

C. an Azure AD Application Proxy

D. an app registration

You have an Azure subscription that contains a resource group named RG1. RG1 contains a virtual machine named VM1 that uses Azure Active Directory (Azure AD) authentication.
You have two custom Azure roles named Role1 and Role2 that are scoped to RG1.
The permissions for Role1 are shown in the following JSON code.



You assign the roles to the users shown in the following table.

You have an Azure subscription named Subscription1.
You need to view which security settings are assigned to Subscription1 by default.
Which Azure policy or initiative definition should you review?

A. the Audit diagnostic setting policy definition

B. the Enable Monitoring in Azure Security Center initiative definition

C. the Enable Azure Monitor for VMs initiative definition

D. the Azure Monitor solution ‘Security and Audit’ must be deployed policy definition

You have an Azure subscription.
You plan to use Microsoft Defender for Cloud to provide AI security posture management capabilities.
You need to recommend a Defender for Cloud plan that supports the deployment requirements. The solution must minimize costs.
What should you recommend?

A. Microsoft Defender for App Service

B. Microsoft Defender for APIs

C. Foundational Cloud Security Posture Management (CSPM

D. Defender Cloud Security Posture Management (CSPM)

You have an Azure key vault named Vault1 that stores the resources shown in the following table.



Which resources support the creation of a rotation policy?

A. Key 1 only

B. Cert1 only

C. Key1 and Secret1 only

D. Key1 and Cert1 only

E. Secret1 and Cert1 only

F. Key1, Secret1, and Cert1

Lab Task
use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password. place your cursor in the Enter password box and click on the password below.

Azure Username: Userl -28681041@ExamUsers.com
Azure Password: GpOAe4@lDg

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 28681041

Task 3

The developers at your company plan to create a web app named App28681041 and to publish the app to https://www.contoso.com. You need to perform the following tasks:

• Ensure that App28681041 is registered to Azure AD.
• Generate a password for App28681041.

You have an Azure subscription that contains a user named User1 and a storage account named storage 1. The storage1 account contains the resources shown in the following table: