You are evaluating the security of the network communication between the virtual machines in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1
You need to ensure that the members of Group1 sign in by using passwordless authentication
What should you do?

A. Configure the Microsoft Authenticator authentication method policy.

B. Configure the certificate-based authentication (CBA) policy.

C. Configure the sign-in risk policy.

D. Create a Conditional Access policy.

You have an Azure subscription that contains a managed identity named Identity1 and the Azure key vaults shown in the following table.

A. Key Vault Crypto Service Encryption User

B. Key Vault Crypto User

C. Key Vault Reader

D. Key Vault Crypto Officer

From the Azure portal, you are configuring an Azure policy. You plan to assign policies that use the DeployIfNotExist, AuditIfNotExist, Append, and Deny effects. Which effect requires a managed identity for the assignment?

A. AuditIfNotExist

B. Append

C. DeployIfNotExist

D. Deny

You have an Azure subscription that contains the subnets shown in the following table.



The subscription contains Azure web app named WebApp1 that has the following configurations.

* Region West Us
* Virtual network VNet1
* VNet integration on: Enabled
* Outbound subnet: Subnet11
* Windows plan (West US): ASP1

You plan to deploy an Azure web app named WebApp2 that will have the following settings:

* Region: West US
* VNet integration on-Enabled
* Windows plan (West UAS): WebApp2?
To which subnets can you integrate WebApp2?

A. Subnet11 only

B. Subnet2 only

C. Subnet11 or subnet12 only

D. Subnet2 or Subnet21 only

E. Subnet11, subnet2, or Subnet21

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
You are assigned the Global administrator role for the tenant. You are responsible for managing Azure Security Center settings.
You need to create a custom sensitivity label.
What should you do first?

A. Create a custom sensitive information type.

B. Elevate access for global administrators in Azure AD.

C. Upgrade the pricing tier of the Security Center to Standard.

D. Enable integration with Microsoft Cloud App Security.

You plan to use Azure Sentinel to create an analytic rule that will detect suspicious threats and automate responses.
Which components are required for the rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure subscription.
You need to ensure that you receive notifications regarding suspicious Azure DNS activity.
Which Microsoft Defender plan for Cloud Workload Protection (CWP) should you enable?

A. Storage

B. Servers

C. App Service

D. APIs

E. Resource Manager

You have an Azure subscription that contains the resources shown in the following table.

You have an Azure subscription.
You need to create and deploy an Azure policy that meets the following requirements:
When a new virtual machine is deployed, automatically install a custom security extension.
Trigger an autogenerated remediation task for non-compliant virtual machines to install the extension.
What should you include in the policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains an Azure App Services web app named WebApp1 and an Azure key vault named Vault1. Vault1 has the certificates shown in the following table.

A. Cert1 and Cert2 only

B. Cert1 and Cert3 only

C. Cert3 and Cert4 only

D. Cert1, Cert2, Cert3, and Cert4