You are designing an enterprise cloud landing-zone strategy and must accelerate delivery. Which tool should you use to build workload-specific application landing zones and quickly provision isolated, secure environments for your applications?

You manage an Azure Key Vault currently using the access policy model. You must switch the vault to the Azure role-based access control permission model. Which role provides the required write permissions to change the permission model?

Which Azure Key Vault capability allows end-to-end, zero-touch key rotation for encryption at rest when using customer-managed keys (CMKs) stored in Azure Managed HSM?

You are securing access to Azure Key Vault to prevent accidental or malicious data loss. You enable soft-delete. You now want to protect against insider attacks and ensure that no one in your organization, nor Azure, can permanently purge a key vault during the retention period. Which feature must you enable?

You need to move several secrets from an Azure Key Vault in the East Coast region to a Key Vault in the West Coast region. Which feature should you use to transfer the secrets across regions securely?

In Microsoft Defender for Cloud, the Secure Score recommends enabling sign-in risk and user risk policies to improve security posture. Your organization has already implemented security defaults, which provide equivalent protections. To ensure accurate scoring without duplicating policies, what should you do?

In Microsoft Defender for Cloud, you need to automate notifications so that a designated user receives an email whenever a compliance assessment fails. Which setup task should you configure?

Which Microsoft Defender for Cloud feature allows you to customize compliance assessments with your organization’s internal standards beyond the default regulations provided by Microsoft?

To create a custom initiative in Microsoft Defender for Cloud, organizations define the policy using _____________and then publish it to their environment. (Fill in the blank.)

You are responsible for extending Microsoft Defender for Cloud coverage across a hybrid and multi-cloud environment that includes Azure, AWS, and on-premises servers.

During the integration process, your security team emphasizes the importance of maintaining continuous visibility while preventing data exposure. Which two actions are most critical to ensure proper integration and secure data flow into Microsoft Defender for Cloud? (Choose two.)

What should you do to have a granular view of inventory changes in the Microsoft Defender External Attack Surface Management (EASM) inventory assets dashboard?

Your security operations team receives an alert in Microsoft Defender for Resource Manager indicating that a PowerShell script executed within your Azure subscription has performed a suspicious series of operations, including enumerating resources, permissions, and network configurations. The alert notes that such activity resembles automated reconnaissance tools, such as MicroBurst, which threat actors use to gather information before attempting further compromise.

What does this detection most likely indicate, and what should be your first response?

In Microsoft Defender for Cloud, you enable agentless scanning of Azure VMs that use disks encrypted with customer-managed keys (CMK) stored in Azure Key Vault. To allow secure copies of the disks to be created, which non-RBAC permissions must you manually assign to the Key Vaults?

You plan to enable Microsoft Defender for SQL Servers on Machines, but are concerned about possible performance impacts. Which statement correctly describes the split architecture used by Microsoft Defender to balance speed and performance?

You are investigating a device flagged by Microsoft Defender for Cloud as potentially compromised. To understand the current state of the device and identify attacker tools and techniques, which response action should you use?

In Microsoft Defender for Cloud, you plan to use Logic Apps to automate responses. Which two triggers are directly supported by the Logic App designer? (Choose two.)

You need to monitor the performance and security of several Azure resources. Since most Azure services automatically generate platform metrics, you want to analyze trends, run queries, and correlate those metrics with other security event data in Azure Monitor. Which destination should you send the platform metrics to?

In Microsoft Sentinel, certain data sources ingested into a Log Analytics workspace are processed using a combination of hardcoded workflows and ingestion-time transformation in the workspace’s Data Collection Rule (DCR). Which data source uses this processing model?

You’re configuring Analytics Rules for Microsoft Sentinel. Match the YAML file attributes to their corresponding descriptions (Drag & Drop).

Your security operations team uses Microsoft Sentinel to manage alerts and incidents across multiple business units. A new alert has been raised with a medium severity rating, but it impacts a high-value application that handles sensitive financial transactions. The SOC manager wants to ensure the incident is properly handled and assigned to the right analyst for investigation, while other low-priority alerts are deprioritized.

Which Sentinel capability directly supports triaging and prioritizing alerts so that they can be assigned to specific team members in line with severity, impact, and organizational security objectives?