Microsoft Practice Questions, Discussions & Exam Topics by our Authors
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You use Microsoft Defender for Cloud for the centralized policy management of three Azure subscriptions. You use several policy definitions...Scenario Explanation: You are using Microsoft Defender for Cloud for centralized policy management across multiple Azure subscriptions, and you want to deploy multiple policy definitions as a group to all three subscriptions. The key goal is to assign the policy definitions to all subscriptions in a scalable and consistent manner. Solution Evaluation: A) Yes The proposed solution—creating a policy initiative and assigning it at the resource group scope—does not meet the goal. Resource groups are used to organize and manage Azure resources, but scoping policy assignments to resource groups would only apply the policy to resources within that specific group. This doesn't scale across all subscriptions unless each subscription has the same resource group structure, which is usually not the case. Assigning at the resource group level is less efficient for applying the same policies across multiple subscriptions. You would need t... Author: Ishaan · Last updated May 18, 2026 |
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You use Microsoft Defender for Cloud for the centralized policy management of three Azure subscriptions. You use several policy definitions...Scenario Explanation: You are using Microsoft Defender for Cloud for centralized policy management across multiple Azure subscriptions. Your goal is to deploy policy definitions as a group to all three subscriptions. The goal is to make sure that these policies are applied uniformly across all subscriptions in a scalable manner. Solution Evaluation: A) Yes Assigning a policy definition and assignments scoped to resource groups would mean that the policies apply only to the resources within those specific resource groups. While this is technically possible, it would not meet the goal of applying the policies to all three subscriptions. Resource groups are specific to a subscription, and scoping policies at the resource group level means you'd need to manually assign the policies to each resource group within each subscription. This is a less efficient and more fragmented approach compared to... Author: Siddharth · Last updated May 18, 2026 |
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You use Microsoft Defender for Cloud for the centralized policy management of three Azure subscriptions. You use several policy definitions...Scenario Explanation: You are using Microsoft Defender for Cloud to manage policies centrally across multiple Azure subscriptions. The goal is to deploy several policy definitions as a group to all three subscriptions, which should be done in a scalable and efficient manner. Solution Evaluation: A) Yes The solution involving creating a resource graph and assigning it scoped to a management group does not meet the goal. A resource graph in Azure is used for querying and exploring resource data across your environment. It provides the ability to run queries across your subscriptions and resource groups, but it is not used for managing or deploying policies. A management group is used to organize multiple Azure subscriptions, and it is correct that policy assignments can be scoped to a management group for applying policies across multiple subscriptions. However, the resource graph itself... Author: Noah · Last updated May 18, 2026 |
HOTSPOT - You suspect that users are attempting to sign in to resources to which they have no access. You need to create an Azure Log Analytics query to identify failed user sign-in attempts from the last three days. The results must only show users who had more than five failed sign-in attempts. How should you confi...Author: Olivia · Last updated May 18, 2026 |
You have an Azure subscription that contains the resources shown in the following table. You plan to implement Microsoft Defender for Cloud. ...Scenario Explanation: You are planning to implement Microsoft Defender for Cloud to protect resources in an Azure subscription. Microsoft Defender for Cloud provides security management and threat protection for Azure resources, but different types of resources are supported for protection depending on the service's capabilities. Key Concepts: - Microsoft Defender for Cloud offers built-in protection for different Azure resources, including virtual machines, storage accounts, and more. - Protection typically covers Azure Virtual Machines (VMs), storage accounts, Azure Key Vaults, and virtual networks (VNet) through Defender plans. Resource Evaluation: Let's break down the protection options for each resource based on what Microsoft Defender for Cloud can protect: 1. VM1 (Azure Virtual Machine): - Microsoft Defender for Servers (part of Defender for Cloud) protects Azure Virtual Machines. Therefore, VM1 can be protected by Defender for Cloud. 2. Storage1 (Azure Storage Account): - Microsoft Defend... Author: Daniel · Last updated May 18, 2026 |
You create a new Azure subscription. You need to ensure that you can create custom alert rules in Azure Security Center. Which two actions should you perform? Each correct answer p...Scenario Explanation: You need to ensure that you can create custom alert rules in Azure Security Center. Azure Security Center (now part of Microsoft Defender for Cloud) allows you to create custom alerts based on various security signals. To enable custom alert rules, specific requirements must be met, including certain configurations and services. Key Factors to Consider: - Azure Security Center (Defender for Cloud) allows alerting based on security events, and certain features must be in place to use custom alerts effectively. - Custom alert rules in Azure Security Center depend on the availability of Azure Monitor, which uses Log Analytics workspaces for querying and alerting. - The pricing tier of Azure Security Center impacts the range of features, including custom alerting. Option Evaluation: A) Onboard Azure Active Directory (Azure AD) Identity Protection: This is not required to create custom alert rules in Azure Security Center. While Azure AD Identity Protection is a feature for securing identity-related events and generating alerts, it is not directly related to the creation of custom alerts in Azure Security Center. Custom alert rules in Security Center are more focused on resource security and monitoring, not specifically identity protection. B) Create an Azure Storage account: An Azure Storage account is not needed to create custom alert rules in Azure Security Center. While storage accounts are important for storing data, logs, and backups, they are not directly related to custom alerting cap... Author: MoonlitPantherX · Last updated May 18, 2026 |
You have an Azure subscription named Sub1 that contains an Azure Log Analytics workspace named LAW1. You have 100 on-premises servers that run Windows Server 2012 R2 and Windows Server 2016. The servers connect to LAW1. LAW1 is configured to collect security-related performance counters from the connected servers. You need to configure alerts based on the data collected by LAW1. The solution must meet the following requirements: * Alert rules must support dimensions. * The time it takes to gen...Scenario Explanation: You are using an Azure Log Analytics workspace (LAW1) to collect data from on-premises servers running Windows Server 2012 R2 and Windows Server 2016. Your goal is to configure alert rules based on security-related performance counters collected from these servers. The alert rules should support the following requirements: 1. Alert rules must support dimensions. 2. The time it takes to generate an alert must be minimized. 3. Alert notifications must be generated only once when the alert is triggered and once when the alert is resolved. Option Evaluation: A) Log This option is partially correct. Log-based alerts in Azure are based on queries from your Log Analytics workspace, and they can use Kusto Query Language (KQL) for querying collected log data. While this option does support dimensions and can generate alerts based on logs, alert resolution timing is not as quick as metrics-based alerts, and there's more potential delay between data collection and alert firing. Additionally, log-based alerts might trigger multiple notifications for the same alert depending on how the query is written and how frequently data is ingested. B) Log (Saved Query) This option is similar to Option A, except that it refers to saved queries in Azure Monitor. This can indeed support dimensions and can trigger alerts from saved queries within Log Analytics. However, saved queries typically involve longer processing times compared to metrics, and the alerting system might trigger multiple n... Author: ElectricLionX · Last updated May 18, 2026 |
HOTSPOT - You have an Azure subscription that contains an Azure Sentinel workspace. Azure Sentinel is configured to ingest logs from several Azure workloads. A third-party service management platform is used to manage incidents. You need to identify which Azure Sentinel components to configure to meet the following requirements: * When Azure Sentinel identifies a threat, an incident must be created. * A ticket must be logged in the service management platform when an incident ...Author: Kunal · Last updated May 18, 2026 |
HOTSPOT - You have an Azure subscription. You need to create and deploy an Azure policy that meets the following requirements: * When a new virtual machine is deployed, automatically install a custom security extension. * Trigger an autogenerated remediation task for non-compliant virtual machines to install the extension. What should ...Author: Emily · Last updated May 18, 2026 |
You have an Azure subscription named Subscription1 that contains the resources shown in the following table. You need to identify which initiatives and policies you can add...To answer this question, we need to understand what can be added to an Azure subscription using Azure Security Center (now part of Microsoft Defender for Cloud) in terms of initiatives and policies. Key Concepts: - Azure Policies: These are individual rules that enforce specific actions or configurations on Azure resources. Policies can be assigned at the subscription, resource group, or management group level. - Initiatives: An initiative is a collection of Azure Policy definitions that can be managed as a single entity. Initiatives allow you to group policies to achieve a set of objectives (e.g., ensuring compliance with regulations). - Azure Security Center (Defender for Cloud): It enables policy management and security monitoring. You can assign security policies and initiatives to ensure security compliance. Evaluation of Available Options: Without seeing the exact resources and initiatives/policies in the table, I will explain the general rules for choosing initiatives and policies within Azure Security Center: - Policy Definitions: You can assign individual policies, su... Author: Amira · Last updated May 18, 2026 |
You have an Azure resource group that contains 100 virtual machines. You have an initiative named Initiative1 that contains multiple policy definitions. Initiative1 is assigned to the resource group. You n...Scenario Explanation: You have a resource group containing 100 virtual machines and an initiative named Initiative1 that consists of multiple policy definitions. Initiative1 is assigned to the resource group, and your goal is to identify which resources (virtual machines) do not match the policy definitions. This involves checking the compliance status of these resources with the policies defined in the initiative. Key Concepts: - Azure Security Center (now part of Microsoft Defender for Cloud) provides insights into the security posture of resources, including policy compliance. - Azure Policy allows you to create and assign policies that can enforce rules on Azure resources. These policies may have a compliance status (compliant or non-compliant) based on whether resources follow the rules. - Regulatory Compliance Assessments in Azure Security Center provide information on how well your resources align with specific regulatory standards and policies. - Azure Active Directory (Azure AD) admin center provides a range of administrative and security configurations for identity management, including policy assignments. However, the Policy blade in Azure AD is not where you'd view compliance status related to Azure resource policies. Evaluation of Options: A) From Azure Security Center, view the Regulatory compliance assessment: - This is the correct option. Regulatory compliance assessments in Azure Security Center provide visibility into which resources are compliant with the assigned policies and initiatives. By checking the compliance assessment, you can see which resources are non-compliant with the policies in Initiative1. This is the most appropriate place to c... Author: SilverBear · Last updated May 18, 2026 |
You have an Azure subscription named Subscription1. You need to view which security settings are assigned to Subscription1 by default. Wh...Scenario Explanation: You need to view the default security settings that are assigned to Subscription1. The question asks you to identify which Azure policy or initiative definition should be reviewed to check these default security settings. Key Concepts: - Azure Policies and Initiatives are used to enforce rules and configurations across your Azure resources. - Azure Security Center (now part of Microsoft Defender for Cloud) and Azure Monitor play key roles in managing security and monitoring. - Azure Policies can be used to implement certain controls like enabling diagnostic settings, monitoring, and other security features in Azure. Evaluation of Options: A) The Audit diagnostic setting policy definition: - This option is not correct. The Audit diagnostic setting policy focuses on ensuring that diagnostic settings are configured to capture logs and metrics from Azure resources. While this can be important for monitoring, it is not a default security setting. Instead, it helps enforce logging practices. The audit diagnostic setting does not provide an overview of the overall default security policies in Azure. B) The Enable Monitoring in Azure Security Center initiative definition: - This option is correct. The Enable Monitoring in Azure Security Center initiative focuses on enabling monitoring capabilities, including security monitoring in Azure Security Center, which is part of Microsoft Defender for C... Author: Olivia Johnson · Last updated May 18, 2026 |
DRAG DROP - You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) data connector. You are threat hunting suspicious traffic from a specific IP address. You need to annotate an intermediate event stored in the workspace and be able to reference the IP address when navigating through the investigation graph. Which three actions should you p...Author: RadiantJaguar56 · Last updated May 18, 2026 |
HOTSPOT - You have 20 Azure subscriptions and a security group named Group1. The subscriptions are children of the root management group. Each subscription contains a resource group named RG1. You need to ensure that for each subscription RG1 meets the following requirements: * The members of Group1 are assigned the Owner role. * The modification of permissions to...Author: Elijah · Last updated May 18, 2026 |
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You use Microsoft Defender for Cloud for the centralized policy management of three Azure subscriptions. You use several policy definitions to manage the s...Scenario Explanation: You are using Microsoft Defender for Cloud (formerly Azure Security Center) for centralized policy management across three Azure subscriptions. The goal is to deploy policy definitions as a group to all three subscriptions. The proposed solution is to create a policy initiative and an assignment that is scoped to a management group (specifically the Tet Root Group management group). Key Concepts: - Policy Initiatives: A policy initiative is a collection of multiple policy definitions that can be assigned as a group to resources. This helps manage a group of policies collectively and ensures that all policies in the initiative are applied consistently across resources. - Assignments: An assignment links a policy or policy initiative to a scope, which could be a subscription, resource group, or management group. - Management Groups: Management groups are a way to organize Azure subscriptions hierarchically. You can apply policies and initiatives at the management group level, which then cascade down to all subsc... Author: Joseph · Last updated May 18, 2026 |
You have an Azure environment. You need to identify any Azure configurations and workloads that are non-compliant w...Scenario Explanation: You need to identify Azure configurations and workloads that are non-compliant with ISO 27001:2013 standards. The goal is to find the best tool or service in Azure that helps with compliance assessments and security posture management in relation to the ISO 27001:2013 standards. Key Concepts: - ISO 27001:2013 is an international standard for information security management. Compliance with ISO 27001 requires meeting specific controls for managing security risks, including data protection, incident management, and access control. - Azure Tools: Several Azure services are designed to manage security, compliance, and identity, and each focuses on different aspects of the Azure environment. Evaluation of Options: A) Azure Sentinel: - Azure Sentinel is a cloud-native SIEM (Security Information and Event Management) tool that focuses on collecting and analyzing security data across your environment. It is highly useful for security monitoring, threat detection, and investigation, but it is not specifically tailored to ISO 27001 compliance assessments. While Sentinel can provide insights into security incidents, it does not directly offer features or built-in policies to assess compliance with ISO 27001:2013 standards. B) Azure Active Directory (Azure AD) Identity Protection: - Azure AD Identity Protection focuses on identity and access management. It is specifically used to detect risky sign-ins, enforce security policies, and manage identities and their associated risks. While important for securing user identities and access, it d... Author: Evelyn · Last updated May 18, 2026 |
DRAG DROP - You have an Azure subscription that contains 100 virtual machines. Azure Diagnostics is enabled on all the virtual machines. You are planning the monitoring of Azure services in the subscription. You need to retrieve the following details: * Identify the user who deleted a virtual machine three weeks ago. * Query the security events of a virtual machine that runs Windows Server 2016. What should you use in Azure Monitor? To answer, drag the appropriate configuration settings to the correct detai...Author: Isabella1 · Last updated May 18, 2026 |
HOTSPOT - You have an Azure subscription that contains the resources shown in the following table. VM1 and VM2 are stopped. You create an alert rule that has the following settings: * Resource: RG1 * Condition: All Administrative operations * Actions: Action groups configured for this alert rule: ActionGroup1 * Alert rule name: Alert1 You create an action rule that has the following settings: * Scope: VM1 * Filter criteria: Resource Type = "Virtual Machines" * Define on this scope: Suppression...Author: NightmareDragon2025 · Last updated May 18, 2026 |
DRAG DROP - You have an Azure subscription named Sub1 that contains an Azure Log Analytics workspace named LAW1. You have 500 Azure virtual machines that run Windows Server 2016 and are enrolled in LAW1. You plan to add the System Update Assessment solution to LAW1. You need to ensure that System Update Assessment-related logs are uploaded to LAW1 from 100 of the virtual machines only. Which three acti...Author: Aarav · Last updated May 18, 2026 |
You have an Azure subscription named Sub1 that contains the virtual machines shown in the following table. You need to ensure that the virtual machines in RG1 have the Remote Desktop ...Scenario Explanation: You need to ensure that the Remote Desktop Protocol (RDP) port on the virtual machines (VMs) in RG1 is closed by default and only opened when an authorized user requests access. The goal is to configure a security measure that allows temporary access to the RDP port. Key Concepts: - Remote Desktop Port (RDP Port): This is typically port 3389. Closing it by default is a good security practice to prevent unauthorized access. - Just-In-Time (JIT) VM Access: This is a security feature in Azure Security Center (now part of Microsoft Defender for Cloud) that allows you to control access to the RDP and SSH ports of virtual machines. JIT ensures that the RDP port is closed by default and can be opened temporarily for authorized users when required. - Azure AD Privileged Identity Management (PIM): PIM is used to manage privileged roles within Azure Active Directory (Azure AD). While it is useful for managing access to Azure resources, it does not specifically control the RDP port for VMs. - Application Security Group: This is used for grouping and managing network security policies at the application level. It helps simplify network security management but does not provide the ability to close or open ports based on user requests. - Azure AD Conditional Access: This is used to enforce security policies based on user or device conditions (e.g., requiring multi-factor authentication, location-based access). While important for controlling access to Azure resources, it doesn't directly control the access to the RDP port for VMs. Evaluation of Options: A) Azure Active Directory (Azure AD) Privileged Identity Management (PIM): - Not correct. PIM ... Author: IceDragon2023 · Last updated May 18, 2026 |
SIMULATION - You need to ensure that web1234578 is protected from malware by using Microsoft Antimalware for Virtual Machines and is scanned every Fri...To meet the requirement of ensuring that web1234578 is protected from malware by using Microsoft Antimalware for Virtual Machines and is scanned every Friday at 01:00, you would follow these steps in the Azure portal: Key Concepts: - Microsoft Antimalware for Virtual Machines: This is an Azure service that provides malware protection for virtual machines. It includes real-time protection, scheduled scanning, and other security features. - Scheduled Scanning: You can configure scheduled scans to run at specific times. In this case, the requirement specifies that the scan should run every Friday at 01:00. - Azure portal configuration: You'll need to navigate to the Azure portal to configure Antimalware on the VM. Steps to configure: 1. Sign in to the Azure portal: You would start by signing in to the Azure portal with an account that has the necessary permissions to configure Microsoft Antimalware for Virtual Machines. 2. Navigate to the Virtual Machine: Find and select the VM named web1234578. 3. Configure Antimalware: - From the VM's settings in... Author: Victoria · Last updated May 18, 2026 |
SIMULATION - You need to ensure that the events in the NetworkSecurityGroupRuleCounter log of the VNET01-Subnet0-NSG network security group (NSG) are stored in the logs1234578 Azure S...Scenario Overview: You need to ensure that the events from the NetworkSecurityGroupRuleCounter log of the VNET01-Subnet0-NSG network security group (NSG) are stored in the `logs1234578` Azure Storage account for 30 days. Key Concepts: - NetworkSecurityGroupRuleCounter log: This log collects data related to the usage of rules in a Network Security Group (NSG). It helps you track the amount of traffic that each rule processes, which is useful for monitoring network activity. - Azure Storage Account: You need to store these logs in an Azure Storage account for a specified duration (30 days in this case). Logs are typically stored in Azure Blob Storage or Azure Table Storage depending on your configuration. - Retention for 30 days: Ensuring logs are retained for a specific duration can be done by configuring retention policies in Azure monitoring solutions. Steps to Complete the Task in the Azure Portal: 1. Sign in to the Azure portal: Access the Azure portal with the appropriate credentials. 2. Navigate to the Network Security Group (NSG): - In the portal, go to Network Security Groups and select VNET01-Subnet0-NSG. 3. Configure Diagnostic Settings: - Under the Monitoring section, select Diagnostics settings. - Configure a new diagnostic setting for the NetworkSecurityGroupRuleCounter logs. - Choose the log categories you want to send (in this case, the NetworkSecurityGroupRuleCounter logs). 4. Select the Storage Account: - Choose Send to Azure Storage as the destination for the logs. - Select the logs1234578 Azure Storage account as the destination. - Ensure the logs are retained for 30 days by setting... Author: Lucas Carter · Last updated May 18, 2026 |
You are troubleshooting a security issue for an Azure Storage account. You enable the diagnostic logs for the storage account....Scenario Explanation: You are troubleshooting a security issue for an Azure Storage account and have enabled diagnostic logs for that storage account. The task is to retrieve those diagnostic logs. Key Concepts: - Diagnostic logs in Azure provide detailed information about the operations and requests made to Azure resources, such as a storage account. - The retrieval of these logs can be done from a centralized service or tool, depending on the destination where the logs are being stored and the specific needs of your troubleshooting process. Evaluation of Options: A) Azure Security Center: - Not the best choice. Azure Security Center focuses on security posture management and provides security recommendations and threat protection. While it can give insights into security-related incidents, it does not provide a direct method to retrieve diagnostic logs for resources like a storage account. B) Azure Monitor: - Correct choice. Azure Monitor is designed for monitoring Azure resources, and it provides a comprehensive way to view and query diagnostic logs. When you enable diagnostic logs for a resource like an Azure Storage account, those logs are typically stored in Azure Monitor or Log Analytics.... Author: Jack · Last updated May 18, 2026 |
You have an Azure subscription that contains the resources shown in the following table. You plan to enable Azure Defender for the subscripti...Scenario Explanation: You are looking to enable Azure Defender for a subscription, and you need to determine which resources can be protected using Azure Defender based on the resources listed. Azure Defender (now part of Microsoft Defender for Cloud) offers advanced threat protection for Azure resources. Key Concepts: - Azure Defender provides security protection for various Azure resources, such as virtual machines (VMs), storage accounts, and key vaults, but not necessarily for all types of resources. - Microsoft Defender for Cloud provides a set of protections for workloads like VMs, databases, containers, networks, and key vaults, among others. Evaluation of Resources: - VM1 (Virtual Machine): Azure Defender can protect virtual machines. It helps detect threats, malware, and other security issues on VMs. - VNET1 (Virtual Network): Azure Defender can protect a Virtual Network (VNET) through its network security features, such as detecting suspicious network activities, but VNETs are not directly "protected" in the same way VMs or storage accounts are. - storage1 (Storage Account): Azure Defender can protect Azure Storage accounts (blobs, files, etc.), providing threat protection for these resources. - Vault1 (Key Vault): Azure Defender for Key Vault can provide security protections such as access control and detection of unauthorized access or activity within a key vault. Evaluation of Options: A) VM1, VNET1, storage1, and Vault1: - Not correct. While VM1, storage1, and Vault1... Author: Nathan · Last updated May 18, 2026 |
DRAG DROP - You have an Azure subscription that contains the following resources: * A network virtual appliance (NVA) that runs non-Microsoft firewall software and routes all outbound traffic from the virtual machines to the internet * An Azure function that contains a script to manage the firewall rules of the NVA * Azure Security Center standard tier enabled for all virtual machines * An Azure Sentinel workspace * 30 virtual machines You need to ensure that when a high-priority alert is generated in Security Center for a virtual machine, an incident is created in Azure Sentinel and then a script is initiated to configure a firewall rule for the NVA. How should you configure Azure Sentine...Author: Noah · Last updated May 18, 2026 |
You have an Azure subscription that contains a resource group named RG1 and a security group named ServerAdmins. RG1 contains 10 virtual machines, a virtual network named VNET1, and a network security group (NSG) named NSG1. ServerAdmins can access the virtual machines by using RDP. You need to ensure that NSG1 only allows R...Scenario Explanation: The goal is to ensure that RDP access to virtual machines in RG1 is granted only when a member of the ServerAdmins security group requests access, and the access should be limited to a maximum of 60 minutes. Key Concepts: - Network Security Group (NSG): Controls inbound and outbound traffic to Azure resources (like virtual machines), and can define rules for allowed protocols and ports (such as RDP). - Just-In-Time (JIT) VM Access: A feature in Microsoft Defender for Cloud that allows you to control and limit access to virtual machines by providing access only for a specific period when requested. - Azure Bastion: A fully managed service that enables RDP and SSH connectivity to virtual machines directly in the portal without needing public IP addresses. - Privileged Identity Management (PIM): Azure AD's feature for managing, controlling, and monitoring privileged roles, including just-in-time assignment of roles. Evaluation of Options: A) An Azure policy assigned to RG1: - Not the best option. Azure Policies enforce governance and compliance across Azure resources but are typically used for enforcing configuration standards. While policies can be applied to control specific settings, they are not specifically designed to control temporary access (such as JIT access for RDP). This option will not provide the required time-limited RDP access. B) A Just-In-Time (JIT) VM access policy in Microsoft Defender for Cloud: - Correct choice. JIT VM Access in Microsoft Defender for Cloud provides a time-limited access mechanism. This feature allows you to request RDP access to ... Author: Kunal · Last updated May 18, 2026 |
HOTSPOT - You have an Azure subscription named Subscription1 that contains the resources shown in the following table. You have an Azure subscription named Subscription2 that contains the following resources: * An Azure Sentinel workspace * An Azure Event Grid instance You need to ingest the CEF messages from the NVA1 to Azure Sentinel. What should yo...Author: Ishaan · Last updated May 18, 2026 |
HOTSPOT - You have an Azure subscription named Subscription1 that contains a resource group named RG1 and a user named User1. User1 is assigned the Owner role for RG1. You create an Azure Blueprints definition named Blueprint1 that includes a resource group named RG2 as shown in the following exhibit. You assign Blueprint1 to Subscription1 by using the following settings: * Lock assignment: Read Only * Managed I...Author: Leah · Last updated May 18, 2026 |
You have an Azure Sentinel deployment. You need to create a scheduled query rule named Rule1. What should y...Scenario Explanation: You need to create a scheduled query rule in Azure Sentinel, named Rule1. The task is to determine the appropriate language or method for defining the query rule logic. Key Concepts: - Azure Sentinel uses Kusto Query Language (KQL) to define and query data in Log Analytics workspaces, which is where Sentinel collects and analyzes data. - Scheduled query rules in Azure Sentinel are defined using KQL queries that run on a regular schedule to identify potential security issues or triggers based on the data collected in the workspace. Evaluation of Options: A) A Transact-SQL statement: - Not the best choice. Transact-SQL (T-SQL) is used in SQL Server and Azure SQL Database for querying relational databases, but it is not the correct language for defining scheduled query rules in Azure Sentinel. Azure Sentinel works with KQL in its Log Analytics workspace, not T-SQL. B) A JSON definition: - Not the best choice. JSON (JavaScript Object Notation) is a format for structuring data, commonly used for configuration files and API requests. While JSON might be used to configure set... Author: Isabella · Last updated May 18, 2026 |
You have an Azure subscription named Subscription1 that contains a resource group named RG1 and the users shown in the following table. You perform the following tasks: * Assign User1 the Network Contributor role for Subscription1. * Assign User2 the Contributor role for RG1. To Subscription1 and RG1, you assign the following policy de...Scenario Explanation: In this scenario, we need to evaluate the Compliance State of the policy assignments to Subscription1 and RG1. The policy being applied is: "External accounts with write permissions should be removed from your subscription." - User1 is assigned the Network Contributor role for Subscription1, which grants write permissions on network resources in the subscription. - User2 is assigned the Contributor role for RG1, which grants write permissions on resources in that specific resource group. Key Concepts: - Azure Policies: Azure policies allow you to enforce organizational rules, such as restricting access to external accounts or requiring specific configurations. The Compliance State of a policy assignment shows whether the resources within the scope of the policy comply with its rules. - Roles: The Network Contributor and Contributor roles both grant write permissions, which are critical to evaluate the compliance against the policy requiring the removal of external accounts with write permissions. Evaluation: Policy Definition: The policy "External accounts with write permissions should be removed" ensures that any accounts with write permissions (whether internal or external) are restricted. External accounts with write perm... Author: Ella · Last updated May 18, 2026 |
HOTSPOT - You have an Azure Sentinel workspace that has the following data connectors: * Azure Active Directory Identity Protection * Common Event Format (CEF) Azure Firewall - You need to ensure that data is being ingested from each connector. From the Logs query window, which table should you query for ...Author: Ella · Last updated May 18, 2026 |
You have 10 on-premises servers that run Windows Server 2019. You plan to implement Azure Security Center vulnerability scanning for t...To implement Azure Security Center vulnerability scanning for your on-premises servers running Windows Server 2019, the correct first step is to install an agent that allows for integration with Azure Security Center and facilitates vulnerability scanning. Let’s go through each option to explain why or why not it’s the right choice: A) Azure Arc-enabled servers Connected Machine agent Azure Arc enables you to manage on-premises servers as part of your Azure environment, extending Azure management and services to non-Azure servers. This agent can help in enabling various Azure services, including Azure Security Center, to work with your on-premises machines. - Why it's selected: To enable vulnerability scanning in Azure Security Center, you need Azure Arc to connect your on-premises servers with Azure. Once connected, Azure Security Center can access the servers for vulnerability scanning. - Other options: Other solutions like Microsoft Defender or Microsoft Endpoint Configuration Manager don't provide the direct connection needed for Azure Security Center vulnerability scanning. B) Microsoft Defender for Endpoint agent Microsoft Defender for Endpoint offers endpoint protection by detecting and responding to security threats. It provides advanced threat protection and vulnerability management but isn’t directly linked to Azure Security Center vulnerability scanning. - Why it’s not selected: While it provides endpoint security, it doesn’t establish the required connection between on-premises servers and Azure Security Center for vulnerability scanning. It would be helpful for endpoint protection but doesn't address t... Author: Aarav2020 · Last updated May 18, 2026 |
HOTSPOT - You have an Azure subscription that contains three storage accounts, an Azure SQL managed instance named SQL1, and three Azure SQL databases. The storage accounts are configured as shown in the following table. SQL1 has the following settings: * Auditing: On * Audit log destination: storage1 The Azure SQL databases are configured as shown in the following ta...Author: Ahmed97 · Last updated May 18, 2026 |
You have an Azure subscription name Sub1 that contains an Azure Policy definition named Policy1. Policy1 has the following settings: * Definition location: Tenant Root Group * Category: Monitoring You need to ensure that resources that a...To ensure that resources that are noncompliant with Policy1 are listed in the Azure Security Center dashboard, you need to properly assign and configure the policy so that Azure Security Center can evaluate and report on the compliance status of resources. Let's analyze each option: A) Change the Category of Policy1 to Security Center - Why it’s not selected: Changing the category of a policy defines the type of policy for organizational and administrative purposes. While "Security Center" is a category related to security policies, the issue here isn't the category but rather the assignment of the policy to the correct scope, such as a subscription, resource group, or management group. Changing the category won't automatically ensure visibility in the Security Center dashboard. - Scenario: You might change the category to make it easier to group security-related policies, but it does not directly affect policy compliance reporting in Azure Security Center. B) Add Policy1 to a custom initiative - Why it’s not selected: Initiatives are collections of multiple policies, and adding Policy1 to an initiative could be helpful for grouping policies together. However, this does not solve the problem of ensuring compliance reporting in Azure Security Center. What matters here is that Policy1 itself needs to be assigned correctly to the right scope (e.g., Sub1), not necessarily part of an initiative. - Scenario: If you had multiple related policies and wanted to track them together as part of a broader initiative, you might create an initiative, but it is not ... Author: StarryEagle42 · Last updated May 18, 2026 |
You have an Azure subscription. You plan to create a workflow automation in Azure Security Center that will automatically remediate...To create a workflow automation in Azure Security Center (which is now part of Microsoft Defender for Cloud) to automatically remediate a security vulnerability, you need to create the right foundational elements. Let's go through each option to understand which one is necessary for such a process. A) An automation account - Why it’s selected: The automation account is a key component for implementing automation in Azure. It acts as the foundation for running automated workflows like runbooks, which can remediate security vulnerabilities. The automation account allows you to create, schedule, and run these automation tasks. You can then link the automation account to Azure Security Center to perform tasks like remediation based on policy compliance or alerts. - Why it’s the first step: You need an automation account to start building automation tasks (such as runbooks) that can be triggered by security alerts and events. Without an automation account, you won't be able to create or manage automated workflows for remediation. - Scenario: It is the essential first step for setting up automation processes in Azure. B) A managed identity - Why it’s not selected: A managed identity is typically used for authenticating Azure resources and allowing them to access other resources securely. While a managed identity could be required later to grant the necessary permissions for automation tasks to interact with other resources, it is not the first thing to create for initiating an automation workflow. You first need an automation account before considering managed identity usage. - Scenario: You might need to assign a managed identity to a runbook later for permissions, but it is not the starting point. C) An Azure logic app - Why it’s not selected: Azure Logic Apps are ... Author: Benjamin · Last updated May 18, 2026 |
SIMULATION - A user named Debbie has the Azure app installed on her mobile device. You need to ensure that [email protected] is alerted when a resource l...To ensure that Debbie ([email protected]) is alerted when a resource lock is deleted, you would need to create an alert rule for the event of resource lock deletion. Here’s a step-by-step reasoning for the available options in the Azure portal: Steps: 1. Sign in to the Azure portal as the administrator. 2. Navigate to Azure Monitor and then to Alerts. 3. Create an alert rule to monitor events related to the resource lock deletion. Now let’s analyze the options to ensure the correct configuration: A) Activity Log Alerts - Why it’s selected: Activity Log Alerts allow you to monitor activity logs for specific actions, such as the deletion of resource locks. The Activity Log captures all administrative operations performed in Azure, including creating, modifying, and deleting resources. You can set up an alert to be triggered when a resource lock is deleted. Once the alert is triggered, it can be configured to send notifications, such as an email to [email protected]. - Why it’s the correct choice: Resource lock changes, like deletions, are logged in the Activity Log, and creating an Activity Log Alert would allow you to set up an alert specifically for the deletion event. This is the most direct and relevant way to achieve the goal of alerting Debbie when a resource lock is deleted. - Scenario: This option is ideal when monitoring for specific resource management activities, such as changes in resource locks, security policy modifications, or other administrative actions. B) Action Groups - Why it’s not selected: Action Groups are used in conjunction with alerts to specify the actions (such as sending emails or invoking webhooks) when an alert is... Author: Deepak · Last updated May 18, 2026 |
SIMULATION - You plan to connect several Windows servers to the WS12345678 Azure Log Analytics workspace. You need to ensure that the events in the System event logs are collected automatically to the workspace after you connect the...To connect several Windows servers to the WS12345678 Azure Log Analytics workspace and ensure that events in the System event logs are collected automatically, you need to configure the Log Analytics agent on each of the Windows servers. Here's an analysis of the options and the rationale behind selecting the appropriate one: 1. Azure Monitor Agent (AMA) - Description: This is a newer agent for monitoring Azure resources and is designed to replace the legacy Log Analytics agent. It provides advanced capabilities, including more flexible data collection and improved security features. - Use Case: The AMA would be ideal if you're starting fresh with Azure monitoring and plan to eventually transition from the older Log Analytics agent. - Rejection Reason: While AMA is an advanced tool, it doesn’t yet support collecting event logs from Windows servers like the Log Analytics agent. Therefore, it cannot be used in this specific scenario for event log collection. 2. Log Analytics Agent (formerly known as OMS Agent) - Description: The Log Analytics agent allows you to send event logs from Windows servers to Azure Log Analytics workspaces. This agent supports collecting System event logs, Application logs, and other telemetry data from on-premises or Azure virtual machines. - Use Case: The Log Analytics agent is designed specifically for the collection of event logs, including System event logs, which is required in your scenario. - Rejection Reason: The Log Analytics agent is the appropriate choice because it is explicitly built to collect Windows event logs, making it the most suitable for this task. 3. Azure Diagnostics Extension - Description: The Azure Diagnostics extension collects diagnostic data from virtual machines, including performance data, and sends it to Azure Monitor or Log Analytics. It can capture data such as performance counters, logs, and crash dumps. - Use Case: It’s primarily used for collecting diagnostic data related to VM performance and metrics but doesn’t focus on event logs like the Log Analytics ag... Author: FrostFalcon88 · Last updated May 18, 2026 |
SIMULATION - You need to ensure that the AzureBackupReport log for the Vault1 Recovery Services vault is stored in the WS12345678 Azure Log Analytics workspace. To compl...To ensure that the AzureBackupReport log for the Vault1 Recovery Services vault is stored in the WS12345678 Azure Log Analytics workspace, you need to configure the appropriate data collection and log forwarding settings in the Azure portal. Here’s a breakdown of the options and the reasoning behind selecting the correct one: 1. Azure Monitor (Backup) - Description: Azure Backup integrates with Azure Monitor to collect and store backup-related logs, including the AzureBackupReport log. This integration allows logs from backup operations to be sent directly to an Azure Log Analytics workspace. - Use Case: This option is directly related to backup logs, making it the most straightforward choice when aiming to send AzureBackupReport logs from a Recovery Services vault to a Log Analytics workspace. - Rejection Reason: This is the appropriate choice, not rejected. Azure Monitor for Backup is specifically designed to collect backup-related logs, including AzureBackupReport. 2. Log Analytics Agent (formerly OMS Agent) - Description: The Log Analytics agent allows you to collect logs from virtual machines and other resources. While it’s great for collecting general event logs (such as system logs or custom logs), it does not directly collect Azure-specific logs like AzureBackupReport from a Recovery Services vault. - Use Case: It is typically used for custom logs or event logs from on-premises servers or VMs. However, it is not the right choice for collecting backup-related logs directly from Recovery Services Vaults. - Rejection Reason: The Log Analytics agent does not specifically support collecting AzureBackupReport logs. Therefore, it isn’t suitable for this specific task. 3. Azure Automation State Configuration - Description: This service is used for automating the configuration and management of Azure resources through configuration management. It’s typically used to ensure that your Azure resources maintain a desired configuration state. - Use Case: It is not used for log collection, but for managing infrastructure state or applying configuration policies to resources. - Rejection Reason: Azure Automation State Configuration does not deal with log collection and therefore cannot be used to store AzureBackupReport logs in a Log Analytics workspace. 4. Az... Author: Maya · Last updated May 18, 2026 |
SIMULATION - You need to ensure that the audit logs from the SQLdb1 Azure SQL database are stored in the WS12345678 Azure Log Analytics workspace. To complete ...To ensure that the audit logs from the SQLdb1 Azure SQL database are stored in the WS12345678 Azure Log Analytics workspace, you need to configure Azure resources to collect and send those logs to the workspace. Below is an analysis of the available options and the rationale for selecting the best option: 1. Azure SQL Auditing - Description: Azure SQL Auditing captures database-level events in Azure SQL Database and stores them in a designated Log Analytics workspace or Azure Storage account. This feature records events such as login attempts, data changes, and other important activities in the database. - Use Case: This is the most direct and relevant option for ensuring that audit logs from the SQLdb1 Azure SQL database are captured and stored in Azure Log Analytics. By enabling SQL Auditing and selecting the correct Log Analytics workspace as the destination, audit logs are automatically forwarded to WS12345678. - Rejection Reason: This is the ideal choice, as it directly addresses the requirement to capture and store SQL audit logs in the Log Analytics workspace. It is not rejected but selected. 2. Azure Monitor (SQL) - Description: Azure Monitor for SQL Database provides performance metrics and logs, such as query performance insights, resource utilization, and database health data. This helps monitor the performance of the database. - Use Case: It is used for monitoring performance and resource metrics but is not designed specifically for capturing audit logs related to database activities such as user logins or data changes. - Rejection Reason: While Azure Monitor for SQL can provide insights into performance metrics, it does not capture audit logs. Therefore, it is not suitable for the task of capturing and storing audit logs in the Log Analytics workspace. 3. Log Analytics Agent - Description: The Log Analytics agent (formerly OMS agent) is used to collect log and performance data from virtual machines and on-premises servers. It can be configured to collect Windows Event Logs, Syslog, and custom logs from various resources. - Use Case: While the Log Analytics agent is useful for collecting logs from VM-based resources or on-premises servers, it is not the right tool for collecting audit logs from Azure SQL Database. Azure SQL Audit is the native solution for capturing database activity. - Rejection Reason: The Log Analytics agent is not applicable for capturing Azure SQL audit logs, as the agent is designed for collecting logs from virtual... Author: Manish · Last updated May 18, 2026 |
HOTSPOT - You are configuring just in time (JIT) VM access to a Windows Server 2019 Azure virtual machine. You need to grant users PowerShell access to the virtual machine by using JIT VM access. What should you configure? To answer, select...Author: Liam · Last updated May 18, 2026 |
HOTSPOT - You have an Azure subscription that contains the resources shown in the following table. You create the Azure Storage accounts shown in the following table. You need to configure auditing for SQL1. Which storage accounts and Log Analytics workspaces can you use as the audit log desti...Author: CrystalWolfX · Last updated May 18, 2026 |
You are troubleshooting a security issue for an Azure Storage account. You enable the diagnostic logs for the storage account....To retrieve diagnostic logs for an Azure Storage account, the correct tool to use is Azure Storage Explorer. Here's the reasoning for the selection and why other options are not suitable: Selected Option: A) Azure Storage Explorer Why Azure Storage Explorer is selected: - Azure Storage Explorer is a tool specifically designed to interact with Azure Storage resources, including accessing diagnostic logs from storage accounts. It allows you to browse, manage, and retrieve logs related to the storage account, including diagnostic logs. - The diagnostic logs from the Azure Storage account are typically stored in a Blob container within the storage account, and Azure Storage Explorer provides a direct interface to access such containers and retrieve logs. - It can also support other operations like managing data, uploading, and downloading files, making it suitable for storage account management, including diagnostics. Why other options are rejected: 1. B) SQL Query Editor in Azure: - The SQL Query Editor is intended for querying databases (like Azure SQL ... Author: Rohan · Last updated May 18, 2026 |
You are troubleshooting a security issue for an Azure Storage account. You enable Azure Storage Analytics logs and archive it to a storage ac...To retrieve Azure Storage Analytics logs that have been archived to a storage account, the correct option is AzCopy. Here's the reasoning behind the selection and rejection of the other options: Selected Option: C) AzCopy Why AzCopy is selected: - AzCopy is a command-line tool designed for high-performance data transfers between storage accounts in Azure. Since Azure Storage Analytics logs are typically archived as blobs in a container within a storage account, AzCopy can be used to efficiently copy, download, or manage these logs from the destination storage account. - AzCopy is ideal for retrieving large amounts of data, including logs, and can work with blobs (where Azure Storage Analytics logs are stored). - It is specifically designed for tasks like transferring diagnostic logs, so it is the best tool for retrieving the archived Azure Storage Analytics logs. Why other options are rejected: 1. A) Azure Cosmos DB Explorer: - Azure Cosmos DB Explorer is a tool used to manage and query data in Azure Cosmos DB, not for interac... Author: Amelia · Last updated May 18, 2026 |
You have an Azure Sentinel workspace. You need to create a playbook. Which two triggers will start the playbook? Each correct answer presents a com...To create and trigger a playbook in Azure Sentinel, the correct triggers are related to specific security events or incidents. The two correct triggers to start a playbook are: Selected Option: C) An Azure Sentinel alert is generated Selected Option: E) An Azure Sentinel incident is created Explanation for the selection: C) An Azure Sentinel alert is generated: - Alerts in Azure Sentinel are typically the results of specific detections or queries, often triggered by security data. When an alert is generated, it can indicate that a security event or anomaly has been detected, prompting automated responses through playbooks. - Use Case: For example, if a suspicious login attempt is detected or a malware signature is flagged, this generates an alert. The playbook can then be triggered automatically to respond to this alert, like isolating an infected machine or sending notifications. E) An Azure Sentinel incident is created: - Incidents in Azure Sentinel represent a collection of related alerts and can be a higher-level security event requiring investigation. Playbooks can be triggered by the creation of incidents, allowing automated responses to incidents, such as notifying teams or performing containment actions. - Use Case: When multiple alerts are grouped into an incident (such as a possible security breach or data exfiltration attempt), a playbook can automatically start, helping with investigation, containment, and remediation actions. Why other options are rejected: 1. A) An Azure Sentinel scheduled query rule is executed: - A scheduled query rul... Author: Aarav · Last updated May 18, 2026 |
You are troubleshooting a security issue for an Azure Storage account. You enable Azure Storage Analytics logs and archive it to a storage ac...To retrieve diagnostic logs that have been archived to a storage account using Azure Storage Analytics, the correct tool to use is Azure Storage Explorer. Here's the reasoning for the selection and why other options are rejected: Selected Option: D) Azure Storage Explorer Why Azure Storage Explorer is selected: - Azure Storage Explorer is a specialized tool for managing and accessing data stored in Azure Storage accounts, including blobs, queues, tables, and files. - Since Azure Storage Analytics logs are archived as blobs in a storage account, Azure Storage Explorer is the ideal tool to access, browse, and download these logs stored in Blob containers. - It is designed specifically for interacting with Azure Storage resources, including retrieving diagnostic logs that are archived in storage accounts. Why other options are rejected: 1. A) Azure Monitor: - Azure Monitor is a platform for monitoring and visualizing performance and health metrics of various Azure resources, including alerts, metrics, and logs. However, while it can collect and display certain logs (like metrics or activity logs), it is not designed for retrieving archived logs from a storage account that were specifically archived by Azure Storage Analyt... Author: Arjun · Last updated May 18, 2026 |
You have an Azure Active Directory (Azure AD) tenant that contains a user named User1. You plan to enable passwordless authentication for the tenant. You need to ensure that User1 can enable the combined registration experienc...To enable passwordless authentication and ensure that User1 can enable the combined registration experience in Azure Active Directory (Azure AD) using the principle of least privilege, the most appropriate role to assign is Authentication Administrator. Here's the reasoning for the selection and why the other options are rejected: Selected Option: C) Authentication Administrator Why Authentication Administrator is selected: - The Authentication Administrator role in Azure AD allows the user to manage authentication methods, including enabling and configuring passwordless authentication, and managing security features like combined registration experiences (for things like MFA, passwordless authentication, etc.). - Principle of least privilege: This role is specifically designed for managing authentication settings, so it provides the necessary permissions without granting broader access to Azure AD features. It ensures that the user can manage passwordless authentication without additional privileges that could introduce security risks. Why other options are rejected: 1. A) Security Administrator: - The Security Administrator role provides permissions to manage security-related settings across Azure AD, such as conditional access policies, identity protection, and security alerts. However, it does not provide the specific permissions needed to enable passwordless authentication or configure the combined registration experience. - Rejected Use Case: This role grants broader security permissions, which go beyond ... Author: StarlightBear · Last updated May 18, 2026 |
You are troubleshooting a security issue for an Azure Storage account. You enable Azure Storage Analytics logs and archive it to a storage ac...When troubleshooting a security issue for an Azure Storage account and enabling Azure Storage Analytics logs, the objective is to retrieve diagnostic logs to analyze security-related activities such as access patterns, failed requests, and other storage account activities. The best approach to retrieve the diagnostics logs involves a few key factors like data access, integration with storage, and intended usage. Here’s a breakdown of each option: A) Azure Cosmos DB Explorer - Purpose: Azure Cosmos DB Explorer is primarily used for managing and exploring Cosmos DB databases. - Rejection: It is not designed to retrieve or manage Azure Storage logs. This tool is not compatible with Azure Storage Analytics logs. B) Azure Monitor - Purpose: Azure Monitor is a comprehensive monitoring service that collects, analyzes, and acts on telemetry from both cloud and on-premises environments. It can analyze logs from various services including Azure Storage. - Rejection: While Azure Monitor can collect and analyze logs from Azure Storage, it’s a broad tool for overall monitoring, not specifically focused on retrieving storage analytics logs. It also requires additional configuration for specific log data sources, which might not be straightforward for this immediate retr... Author: Leah Davis · Last updated May 18, 2026 |
You have the Azure resources shown in the following table. You need to meet the following requirements: * Internet-facing virtual machines must be protected by using network security groups (NSGs). * All the virtual machines must have disk encryption e...To meet the given requirements, let’s break down each of the two conditions: 1. Internet-facing virtual machines must be protected by using network security groups (NSGs). - This requirement ensures that specific security configurations, like inbound and outbound traffic rules, are applied to internet-facing VMs. Network Security Groups (NSGs) are typically associated with individual virtual machines or subnets to enforce rules. 2. All the virtual machines must have disk encryption enabled. - This requirement specifies that every VM's disk must be encrypted. This can be done through Azure Disk Encryption, which ensures that the disks of the VMs are secured. Review of the Options: A) 1 Policy - Reasoning: It is possible to configure both requirements in a single policy if the policy is designed to check for NSG enforcement on internet-facing VMs and disk encryption on all VMs. - Selection Justification: Microsoft Defender for Cloud allows the creation of custom or built-in policies that can check multiple configurations in a single policy. You can create a policy that verifies both the presence of NSGs on internet-facing VMs and the disk encryption status across all VMs in a single security policy. - Rejection: Even though the policy could check both conditions, creating two separate policies for more granular control might sometimes be advisable for ease of management and clarity. B) 2 Policies - Reasoning: This is ... Author: Siddharth · Last updated May 18, 2026 |
HOTSPOT - You have an Azure subscription that contains an Azure key vault. The role assignments for the key vault are shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based ...Author: Manish · Last updated May 18, 2026 |
HOTSPOT - You have an Azure subscription that contains a blob container named cont1. Cont1 has the access policies shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based o...Author: ThunderBear · Last updated May 18, 2026 |