Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel for Microsoft Azure Security Technologies

Sample Practice Questions

1. Question 1

   You need to ensure that you can meet the security operations requirements. What should you do first?

   1. A. Turn on Auto Provisioning in Security Center.
   2. B. Integrate Security Center and Microsoft Cloud App Security.
   3. C. Upgrade the pricing tier of Security Center to Standard.
   4. D. Modify the Security Center workspace configuration.
   Explanation

   The correct answer is: D. Modify the Security Center workspace configuration..

   Modifying the Security Center workspace configuration is the first step toward meeting the security operations requirements because it determines which Log Analytics workspace receives the data that Security Center will analyze, alert on, and feed into your operations workflows. Pointing Security Center at the correct workspace ensures monitoring agents from the in-scope VMs send their telemetry to the right destination, where queries, dashboards, and alert rules already exist. Turning on auto provisioning is useful but only valuable once the workspace target is set correctly, otherwise agents enrol with the wrong store. Upgrading the Security Center pricing tier is a separate concern that unlocks paid features but does not by itself wire the operations data plane. Integrating Cloud App Security is a downstream optional connector. Setting the workspace configuration is the gating action that makes the rest of the operations stack coherent.

2. Question 2

   You plan to implement JIT VM access. Which virtual machines will be supported?
   1. A. VM2, VM3, and VM4 only
   2. B. VM1, VM2, VM3, and VM4
   3. C. VM1 and VM3 only
   4. D. VM1 only
   Explanation

   The correct answer is: A. VM2, VM3, and VM4 only.

   Just-in-time VM access depends on the presence of a network security group to function, because JIT enforces its time-boxed access by injecting and removing temporary allow rules in that NSG. In this scenario VM2, VM3, and VM4 each have an NSG attached either to their NIC or to their subnet, so JIT has a rule surface to work with and the feature is supported on them. VM1 lacks an NSG attachment, which is why Defender for Cloud lists it as Unsupported on the JIT blade — there is no rule store for the temporary allow to be written into. The correct answer is therefore VM2, VM3, and VM4, while VM1 stays out of scope until an NSG is associated with it.

3. Question 3

   HOTSPOT You need to configure support for Microsoft Sentinel notebooks to meet the technical requirements. What is the minimum number of Azure container registries and Azure Machine Learning workspaces required? Hot Area:
   Explanation

   Reference: https://docs.microsoft.com/en-us/azure/sentinel/notebooks

4. Question 4

   From Microsoft Defender for Cloud, you need to deploy SecPol1 . What should you do first?
   1. A. Enable Microsoft Defender for Cloud.
   2. B. Create an Azure Management group.
   3. C. Create an initiative.
   4. D. Configure continuous export.
   Explanation

   The correct answer is: A. Enable Microsoft Defender for Cloud..

   Enabling Microsoft Defender for Cloud is the gating first step before any security policy such as SecPol1 can be deployed, because Defender for Cloud has to be active on the subscription for its policy management surface to be available. With Defender for Cloud disabled, the Security policy blade is hidden and the back-end engine that binds initiatives to scopes is not running, so there is no path for SecPol1 to land. Once you enable Defender for Cloud, the subscription is auto-enrolled in the Microsoft cloud security benchmark and you can layer additional policies and initiatives on top, including SecPol1. Creating a management group is unnecessary if SecPol1 targets only a subscription. Creating an initiative is the next step after Defender is on. Configuring continuous export sends findings elsewhere and is unrelated to deploying a policy. Enabling Defender for Cloud is the right first action.

5. Question 5

   You have an Azure subscription that contains an Azure SQL server named SQL1 . SQL1 contains an Azure SQL database named DB1. You need to use Microsoft Defender for Cloud to complete a vulnerability assessment for DB1. What should you do first?
   1. A. From Advanced Threat Protection types, select SQL injection vulnerability.
   2. B. Configure the Send scan report to setting.
   3. C. Set Periodic recurring scans to ON.
   4. D. Enable the Microsoft Defender for SQL plan.
   Explanation

   The correct answer is: D. Enable the Microsoft Defender for SQL plan..

   Enabling the Microsoft Defender for SQL plan on the subscription is the first step toward running a vulnerability assessment on an Azure SQL database, because the Defender for SQL plan is what turns on the vulnerability-assessment scanner alongside the Advanced Threat Protection features. Without the plan, the SQL server has no scanner provisioned and the Vulnerability assessment blade is greyed out. Selecting a specific threat type under Advanced Threat Protection does not by itself perform a scan. Configuring the Send scan report destination is a downstream setting that only matters after the plan and the scanner are running. Setting periodic recurring scans to ON requires the scanner to be available in the first place. The Defender for SQL plan is the gating action and the necessary first step before any of the other configuration choices become meaningful.

Other Microsoft Azure Security Technologies domains

• Secure Compute Storage and Databases (146 questions)
• Secure Identity and Access (176 questions)
• Secure Networking (81 questions)