FREE Microsoft Azure Security Engineer Certification Questions and Answers

Question 1

To determine whether it is accurate, you must take into account the underlined portion.
You are in charge of making a unique subscription for every section of your business. The subscriptions will, however, all be connected to a single Azure Active tenant for Azure Active Directory.
Make sure that the roles assigned to each subscription are the same.
You use Privileged Identity Management (PIM) for Azure AD.
In the event that the underlined part is accurate, choose ""No adjustment required."" Choose the accurate answer if the underlined portion is accurate.

Accepted Answer

No adjustment required

Answer

The statement is accurate. Azure AD Privileged Identity Management (PIM) is designed to manage, control, and monitor access to important resources across Azure AD, Azure, and other Microsoft Online Services. While PIM primarily manages Azure AD roles, it can also extend to Azure resource roles at the subscription level, providing just-in-time access and enforcing review processes. This capability helps ensure consistent and secure role assignments across multiple subscriptions within a single tenant.

Question 2

The Azure subscription for your business includes a virtual network with a single subnet set up.
For the subnet, which has an Azure virtual machine with Ubuntu Server 18.04 installed, you have defined a service endpoint.
To install Docker containers on the virtual computer, you are getting ready. The containers must be able to use Azure Storage resources and Azure via the service endpoint, SQL databases.
Before deploying containers, a task must be completed on the virtual machine.
Installing the container network interface (CNI) plug-in is the solution.
Is the aim being met by the solution?

Accepted Answer

Yes

Answer

The Container Network Interface (CNI) plug-in is crucial for enabling network connectivity for Docker containers on a Linux virtual machine. By installing the CNI plug-in, containers can leverage the underlying virtual network's configuration, including the service endpoint. This allows the containers to securely access Azure Storage and Azure SQL databases directly over the Azure backbone network, fulfilling the requirement.

Question 3

To install Azure virtual machines, you use Azure Resource Manager templates.
You are responsible for making sure that when instances of the virtual machines are provisioned, Windows features that are not in use are immediately deactivated.
Which of the subsequent actions ought you to perform?

Accepted Answer

You should make use of Azure Automation State Configuration.

Answer

Azure Automation State Configuration (DSC) is a cloud-based service that allows you to define and maintain the desired state of your Azure VMs. By using DSC configurations, you can specify which Windows features should be enabled or disabled, ensuring that VMs are provisioned with the correct and secure baseline configuration, including deactivating unused features, immediately upon deployment.

Question 4

Azure virtual machines running Windows Server 2016 are part of your company's Azure subscription.
You are advised that a specific antimalware virtual machine extension must be deployed on every virtual machine. To accomplish this, you are creating the essential code for a policy.
Which of the following effects is a need for your code?

Accepted Answer

DeployIfNotExists

Answer

To ensure that a specific VM extension, like an antimalware extension, is deployed on all virtual machines that meet certain criteria, the 'DeployIfNotExists' effect in Azure Policy is the correct choice. This effect automatically deploys a specified resource (the VM extension in this case) if it detects that the resource is missing on a non-compliant VM. 'AuditIfNotExists' would only report non-compliance without deploying.

Question 5

Azure Active Directory (Azure AD) is used by your organisation in a hybrid configuration. All users use hybrid Windows 10 devices that are connected to Azure AD.
You are in charge of a SQL Azure database that supports Azure AD authentication.
You must ensure that Microsoft SQL Server Management Studio (SSMS) can connect to the SQL database for database developers. Additionally, you must ensure that the developers authenticate using their on-premises Active Directory accounts. Your plan should provide for a minimal amount of authentication prompts.
Which of the following authentication techniques ought to be employed by developers?

Accepted Answer

Active Directory integrated authentication.

Answer

For domain-joined devices and users authenticating with on-premises Active Directory accounts to an Azure SQL Database, 'Active Directory integrated authentication' provides the most seamless experience with minimal prompts. This method leverages the user's existing Windows login credentials from their domain-joined device, allowing for single sign-on without requiring them to re-enter credentials.

Microsoft Azure Security Engineer Certification Practice Test

Microsoft Azure Security Engineer Certification Practice Test

FREE Microsoft Azure Security Engineer Certification Questions and Answers