You have an Azure subscription named Sub1 that has Security defaults disabled. The subscription contains the following users:
* Five users that have owner permissions for Sub1.
* Ten users that have owner permissions for Azure resources.
None of the users have multi-factor authentication (MFA) enabled.
Sub1 has the secure score as shown in the Secure Score exhibit. (Click the Secure Score tab.)
You plan to enable MFA for the following users:
* Five users that have owner permissions for Sub1.
* Five users that have owner permissions for Azure resources.
By how many points will the secure score increase after you perform the planned changes?
You have an Azure subscription that contains an Azure App Service app named App1, an Azure container instance named AC1. and a storage account named storage1. AC1 hosts an app named App2.
Users send requests to App1 by using a URL of https:/app1.contoso.com/echo/resource-cache? param1 =sample. App1 calls App2. which retrieves data from storage1.
You need to ensure that a security alert will be generated when connections are detected from anomalous IP addresses. Which Microsoft Defender for Cloud service should you use?
You have an Azure subscription that contains the virtual machines shown in the following table.
You are configuring Microsoft Defender for Servers.
You plan to enable adaptive application controls to create an allowlist of known-safe apps on the virtual machines. Which virtual machines support the use of adaptive application controls?
Lab Task
Task 2
You need to ensure that the events in the NetworkSecurityGroupRuleCounter log of the VNETOI-Subnet0-NSG network security group (NSG) are stored in the Iogs31330471 Azure Storage account for 30 days.
Enable diagnostic resource logging for the NSG. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to select theRule countercategory under Logs and choose theIogs31330471storage account as the destination.
Configure the retention policy for the storage account to keep the logs for 30 days. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to specify thedaysparameter as 30 for the Set-AzStorageServiceProperty cmdlet or the az storage logging update command.
View and analyze the logs in the storage account. You can use any tool that can read JSON files, such as Azure Storage Explorer or Visual Studio Code.You can also export the logs to any visualization tool, SIEM solution, or IDS of your choice
Lab Task
Task 3
You need to ensure that a user named Danny-31330471 can sign in to any SQL database on a Microsoft SQL server named web31330471 by using SQL Server Management Studio (SSMS) and Azure AD credentials.
Create and register an Azure AD application. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to specify a name, such as SQLServerCTP1, and select the supported account types, such as Accounts in this organization directory only.
Queenie
12 days agoLou
16 days agoMarylin
17 days agoSylvie
26 days agoValentin
1 months agoTwana
1 months agoIzetta
1 months agoGianna
2 months agoReena
2 months agoRenato
2 months agoNicholle
2 months agoGennie
3 months agoRory
3 months agoJohnna
3 months agoSabina
3 months agoDorothy
4 months agoApolonia
4 months agoGenevieve
5 months agoLucille
5 months agoFarrah
6 months agoRamonita
6 months agoGilbert
6 months agoKenny
6 months ago