Your company plans to create separate subscriptions for each department. Each subscription will be associated to the same Azure Active Directory (Azure AD) tenant. You need to configure each subscription to have the same role assignments. What should you use?

A. Azure Security Center

B. Azure Policy

C. Azure AD Privileged Identity Management (PIM)

D. Azure Blueprints

You plan to create an Azure Kubernetes Service (AKS) cluster in an Azure subscription. The manifest of the registered server application is shown in the following exhibit.

You need to ensure that the AKS cluster and Azure Active Directory (Azure AD) are integrated.
Which property should you modify in the manifest?

A. accessTokenAcceptedVersion

B. keyCredentials

C. groupMembershipClaims

D. acceptMappedClaims

You are troubleshooting a security issue for an Azure Storage account. You enable the diagnostic logs for the storage account. What should you use to retrieve the diagnostics logs?

A. Azure Storage Explorer

B. SQL query editor in Azure

C. File Explorer in Windows

D. Azure Security Center

You have an Azure subscription named Subscription1 that contains a resource group named RG1 and the users shown in the following table.

A. The Compliance State of both policy assignments is Non-compliant

B. The Compliance State of the policy assignment to Subscription1 is Compliant, and the Compliance State of the policy assignment to RG1 is Non-compliant.

C. The Compliance State of the policy assignment to Subscription1 is Non-compliant, and the Compliance State of the policy assignment to RG1 is Compliant.

D. The Compliance State of both policy assignments is Compliant.

You have an Azure virtual machines shown in the following table.

A. VM1 only

B. VM1, VM2, and VM3 only

C. VM1, VM2, VM3, and VM4

D. VM1 and VM4 only

On Monday, you configure an email notification in Microsoft Defender for Cloud to notify user1 @contoso.com about alerts that have a severity level of Low, Medium, or High. On Tuesday, Microsoft Defender for Cloud generates the security alerts shown in the following table.

You have an Azure subscription that contains an Azure App Service app named App1, an Azure container instance named AC1. and a storage account named storage1. AC1 hosts an app named App2.
Users send requests to App1 by using a URL of https:/app1.contoso.com/echo/resourcecache? param1 =sample. App1 calls App2. which retrieves data from storage1.
You need to ensure that a security alert will be generated when connections are detected from anomalous IP addresses. Which Microsoft Defender for Cloud service should you use?

A. Microsoft Defender for App Service

B. Microsoft Defender for APIs

C. Microsoft Defender for Storage

D. Microsoft Defender for Containers

You have an Azure Storage account named storage1 that has a container named container1. You need to prevent the blobs in container1 from being modified. What should you do?

A. From container1, change the access level.

B. From container1 add an access policy.

C. From container1, modify the Access Control (1AM) settings.

D. From storage1 , enable soft delete for blobs.

You have an Azure subscription that contains a storage account named storage1 and several virtual machines. The storage account and virtual machines are in the same Azure region. The network configurations of the virtual machines are shown in the following table.

You have the Azure virtual networks shown in the following table.

You have a Microsoft Entra tenant that contains the users shown in the following table.

You have the Azure virtual machines shown in the following table.

A. VM2 only

B. VM2, VM3, VM4, and VM5

C. VM2, VM3, and VM5 only

D. Vm2 and Vm3 only