General

Your company uses line-of-business apps that contain Microsoft Office VBA macros. You need to prevent users from downloading and running additional payloads from the Office VBA macros as additional child processes. Which two commands can you run to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

You have an Azure subscription that uses Microsoft Defender for Servers Plan 1 and contains a server named Server1. You enable agentless scanning. You need to prevent Server1 from being scanned. The solution must minimize administrative effort. What should you do? A.Create an exclusion tag. B.Upgrade the subscription to Defender for Servers Plan 2. C.Create a governance rule. D.Create an exclusion group.

DRAG DROP You have the resources shown in the following table. You need to prevent duplicate events from occurring in SW1. What should you use for each action? To answer, drag the appropriate resources to the correct actions. Each resource may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place:

Case study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided. To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study. At the end of this case study, a review screen will appear. This screen allows you to review your answers and to

HOTSPOT You have an Azure subscription named Sub1 that contains an Azure key vault named Vault1 and an Azure Automation account named Automation1. You need to ensure that Automation1 can access Vault1. The solution1 must meet the following requirements: •Ensure that if Automation1 is deleted, the permissions granted for Vault1 will be removed automatically. •Ensure that runbooks created in Automation1 can read secret values stored in Vault1. •Follow the principle of least privilege. What should you configure for Automation1, and which built-in role should Automation1 use to access Vault1? To answer, select the appropriate options in the answer area. NOTE: Each correct answer is worth one point.

HOTSPOT You have an Azure subscription named Sub1 that contains a resource group named RG1. RG1 contains two Azure key vaults named KV1 and KV2 that use Azure role-based access control (Azure RBAC). The subscription contains the users shown in the following table. KV1 contains a secret named Secret1. KV2 contains a secret named Secret2. Which users can read the values of each secret? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You have an Azure subscription that uses Microsoft Security Copilot. You need to temporarily increase the number of security compute units. What is the smallest interval of time you can be billed for?

DRAG DROP You need to configure DC1 to meet the business requirements. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place:

HOTSPOT You have an Azure DevOps organization that contains an Azure Repos repository named Repo1 and is onboarded to Microsoft Defender for DevOps. You create infrastructure as code (Ia

HOTSPOT You have the Azure subscriptions shown in the following table. You have a Microsoft Entra tenant that contains the users shown in the following table. The users have the Azure roles shown in the following table. You configure Microsoft Copilot for Security capacities as shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.