You plan to create an Azure environment that will have a root management group and five child and five child management groups. Each child management group will contains five Azure subscriptions. You plan to have between 10 and 30 resource group in each subscription.
Ensure that you can update RBAC role assignment all the subscription and resource groups.
Minimize administrative effort.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation

Comment: *

Name: *

Email: *

Verification: *

You have 200 resource groups across 20 Azure subscriptions.
Your company's security policy states that the security administrator must verify all assignments of the Owner role for the subscriptions and resource groups once a month. All assignments that are not approved by the security administrator must be removed automatically. The security administrator must be prompted every month to perform the verification.
What should you use to implement the security policy?

• A.the user risk policy We Azure Active Directory (Azure AD) Identity Protection
• B.Access reviews in Identity Governance
• C.Identity Secure Score in Azure Security Center
• D.role assignments in Azure Active Directory (Azure AD) Privileged identity Management (PIM)

Comment: *

Name: *

Email: *

Verification: *

Your company purchases an app named App1.
You need to recommend a solution 10 ensure that App 1 can read and modify access reviews.
What should you recommend?

• A.From the Azure Active Directory admin center, register App1. and then delegate permissions to the Microsoft Graph API.
• B.From the Azure Active Directory admin center, register App1. from the Access control (IAM) blade, delegate permissions.
• C.From API Management services, publish the API of App1. and then delegate permissions to the Microsoft Graph API.
• D.From API Management services, publish the API of App1 From the Access control (IAM) blade, delegate permissions.

Comment: *

Name: *

Email: *

Verification: *

Your company has 20 web APIs that were developed in-house.
The company is developing 10 web apps that will use the web APIs. The web apps and the APIs are registered in the company's Azure Active Directory (Azure AD) tenant. The web APIs are published by using Azure API Management.
You need to recommend a solution to block unauthorized requests originating from the web apps from reaching the web APIs. The solution must meet the following requirements:
Use Azure AD-generated claims.
Minimize configuration and management effort.
What should you include in the recommendation? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

1. Azure AD https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#grant-permissions-in-azure-ad
2. API Management https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad#configure-a-jwt-validation-policy-to-pre-authorize-requests

Correct Answer:

Comment: *

Name: *

Email: *

Verification: *

You have a resource group named RG1 that contains the objects shown in the following table.

You need to configure permissions so that App1 can copy all the secrets from KV1 to KV2. App1 currently has the Get permission for the secrets in KV1.
Which additional permissions should you assign to App1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Reference:
https://docs.microsoft.com/en-us/rest/api/keyvault/

Comment: *

Name: *

Email: *

Verification: *