Which of the following could grant or deny access based on the originating IP address?
Azure Active Directory
Aure Firewall
VPN Gateway
Which of the following could require both a password and a security question for full authentication?
Azure Firewall
Application Gateway
Multi-Factor Authentication
Which of the following services would you use to filter internet traffic in your Azure virtual network?
Network Security Group
Which of the following lets you store passwords in Azure so you can centrally manage them for your services and applications?
Azure Advanced Threat Protection
Azure Key Vault
Azure Security Center
Which of the following should you use to download published audit reports and how Microsoft builds and operates its cloud services?
Azure Policy
Azure Service Health
Service Trust Portal
Which of the following provides information about planned maintenance and changes that could affect the availability of your resources?
Azure Monitor
Where can you obtain details about the personal data Microsoft processes, how Microsoft processes it, and for what purposes?
Microsoft Privacy Statement
Compliance Manager
Which of the following can be used to help you enforce resource tagging so you can manage billing?
Which of the following can be used to define a repeatable set of Azure resources that implement organizational requirements?
Azure Blueprint
Azure Resource Groups
Which of the following lets you grant users only the rights they need to perform their jobs?
Role-Based Access Control
Which of these options helps you most easily disable an account when an employee leaves your company?
Enforce multi-factor authentication (MFA)
Monitor sign-on attempts
Use single sign-on (SSO)
What is Azure Information Protection?
AIP is a cloud-based solution that helps organizations classify and (optionally) protect its documents and emails by applying labels. Labels can be applied automatically (by administrators who define rules and conditions), manually (by users), or with a combination of both (where users are guided by recommendations).
AIP is a cloud-based security solution that identifies, detects, and helps you investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
AIP is a monitoring service that provides threat protection across all of your services both in Azure, and on-premises.
Which of the following items would be good use of a resource lock?
An ExpressRoute circuit with connectivity back to your on-premises network
A non-production virtual machine used to test occasional application builds
A storage account used to temporarily store images processed in a development environment
Which of the following approaches would be the most efficient way to ensure a naming convention was followed across your subscription?
Send out an email with the details of your naming conventions and hope it is followed.
Create a policy with your naming requirements and assign it to the scope of your subscription
Give all other users except for yourself read-only access to the subscription. Have all requests to create resources sent to you so you can review the names being assigned to resources, and then create them.
