You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You create and enforce an Azure AD Identity Protection user risk policy that has the following settings:
* Assignment: Include Group1, Exclude Group2
* Conditions: Sign-in risk of Medium and above
* Access: Allow access, Require password change
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation

Box 1: Yes
User1 is member of Group1. Sign in from unfamiliar location is risk level Medium.
Box 2: Yes
User2 is member of Group1. Sign in from anonymous IP address is risk level Medium.
Box 3: No
Sign-ins from IP addresses with suspicious activity is low.
Note:

Azure AD Identity protection can detect six types of suspicious sign-in activities:
* Users with leaked credentials
* Sign-ins from anonymous IP addresses
* Impossible travel to atypical locations
* Sign-ins from infected devices
* Sign-ins from IP addresses with suspicious activity
* Sign-ins from unfamiliar locations
These six types of events are categorized in to 3 levels of risks - High, Medium & Low:
References:
http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/

Comment: *

Name: *

Email: *

Verification: *

You create an Azure subscription with Azure AD Premium P2.
You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure roles.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Correct Answer:

Explanation

Comment: *

Name: *

Email: *

Verification: *

You have an Azure subscription that contains the Azure virtual machines shown in the following table.

You create an MDM Security Baseline profile named Profile1.
You need to identify to which virtual machines Profile1 can be applied.
Which virtual machines should you identify?

• A.VM1 only
• B.VM1, VM2, and VM3 only
• C.VM1 and VM3 only
• D.VM1, VM2, VM3, and VM4

Comment: *

Name: *

Email: *

Verification: *

You have an Azure subscription that contains the resources shown in the following table.

Transparent Data Encryption (TDE) is disabled on SQL1.
You assign polices to the resource groups as shown in the following table.

You plan to deploy Azure SQL databases by using an Azure Resource Manager (ARM) template. The databases will be configured as shown in the following table.
NOTE: Each correct selection is worth one point.

Correct Answer:

Comment: *

Name: *

Email: *

Verification: *

You have the Azure virtual machines shown in the following table.

For which virtual machine can you enable Update Management?

• A.VM2 and VM3 only
• B.VM2, VM3, and VM4 only
• C.VM1, VM2, and VM4 only
• D.VM1, VM2, VM3, and VM4
• E.VM1, VM2, and VM3 only

Comment: *

Name: *

Email: *

Verification: *