Question 121
Open question ↗You have a Microsoft Entra tenant and an Azure subscription.
You are evaluating the use of a risk-based Conditional Access policy to control the access of workload identities to resources.
To which type of identity should you apply the policy, and which signal source can you use as part of the policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 122
Open question ↗You have a Microsoft Entra tenant named contoso.com that syncs with an Active Directory Domain Services (AD DS) domain named corp.contoso.com The domain contains 100 devices that have the following configurations:
• Hybrid joined
• Enrolled in Microsoft Intune
• Disabled built-in local administrator account
• Contain a local user account named User1 that is a member of the local administrators group
You need to recommend a solution that meets the following requirements:
• Ensures that the Directory Services Restore Mode (DSRM) credentials of each domain controller are backed up to the AD DS database
• Ensures that the password of User1 changes automatically every 60 days
• Ensures that the credentials of User1 are stored in an encrypted store
• Prevents the User1 password from being changed manually
• Whenever possible, stores all credentials in contoso.com
• Minimizes administrative effort
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 123
Open question ↗You have an Azure subscription that is linked to a Microsoft Entra tenant.
You plan deploy an enterprise application named App1. App1 requires LDAP to look up attributes related to Microsoft Entra users.
You need to recommend a solution to support the LDAP requirement.
What should you recommend?
Question 124
Open question ↗You have a Microsoft Entra tenant named contoso.onmicrosoft.com and an Azure subscription named Sub1.
You need to implement Microsoft Entra Verified ID by using Quick Verified ID setup.
What should you create first?
Question 125
Open question ↗You have a Microsoft 365 subscription that contains a Microsoft SharePoint Online site named Site1.
You have a Conditional Access policy named Policy1 that only allows workload identities from trusted locations to access SharePoint Online.
You plan to move all business-sensitive information to Site1.
You need to ensure that CAPolicy1 applies to Site1 only.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Question 126
Open question ↗You have an Azure subscription.
You need to create an Azure policy to ensure that all the resources in the subscription have tags assigned. The solution must ensure that the policy can remediate noncompliant resources automatically.
How should you configure the policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 127
Open question ↗You have an Azure Storage account named storage1.
You plan to secure storage1 by using a Bring Your Own Key (BYOK) strategy.
You create an Azure key vault named AKV1 and upload a compatible key.
You need to configure storage1 to use the key stored in AKV1 for encryption.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Question 128
Open question ↗You have an Azure subscription that contains 15 custom apps. The source files for the apps are stored in Git repositories. The apps are deployed by using Azure DevOps.
You need to recommend a DevSecOps solution to implement static application security testing (SAST) of the app code to identify hard-coded secrets.
What should you include in the recommendation?
Question 129
Open question ↗You have an on-premises server named Server1. Server1 is an FTP server that can be accessed by only the users at your company.
You have an Azure subscription.
You need to recommend a Zero Trust Network Access (ZTNA) solution to enforce Conditional Access policies when users access Server1 from the internet.
What should you include in the recommendation?
Question 130
Open question ↗Your network contains an on-premises Active Directory Domain Services (AD DS) domain named Domain1. Domain1 contains 10 domain controllers.
You have an Azure subscription named Sub1 that contains a Microsoft Sentinel workspace named WS1.
You have a Microsoft 365 subscription that contains 5,000 users. Each user is assigned a Microsoft 365 E3 license.
You need to recommend a solution to ingest security logs from all the domain controllers into WS1. The solution must meet the following requirements:
• The cost of ingesting data into WS1 must be minimized.
• WS1 must ingest all the Windows Security event logs generated by the domain controllers.
• The solution must support the generation of approximately 350 MB of logs per day from each domain controller.
What should you recommend?