CORRECT ANSWERS (VERIFIED ANSWERS) PLUS RATIONALES 2026 Q&A |
INSTANT DOWNLOAD PDF.
CORE DOMAINS
Manage Identity and Access
Secure Networking
Secure Compute, Storage, and Databases
Manage Security Operations
Cloud Security Posture Management (CSPM)
Governance and Compliance
Threat Protection and Incident Response
Data Encryption and Protection
INTRODUCTION
The purpose of this assessment is to evaluate the technical proficiency of candidates
in securing Azure environments and protecting organizational assets in the cloud.
,This exam covers a comprehensive range of topics, including identity management,
infrastructure security, and threat protection. The assessment is structured using
multiple-choice and complex scenario-based questions to mirror the rigor of
professional certification. Candidates are tested on their ability to implement security
controls, maintain security posture, and manage identity and access. A strong
emphasis is placed on real-world application, critical thinking, and decision-making to
ensure candidates can effectively mitigate vulnerabilities and respond to security
incidents in live production environments.
SECTION ONE: QUESTIONS 1–100
1. A company needs to ensure that users can only access Azure resources from
managed devices that are compliant with corporate security policies. Which
Azure AD feature should be implemented?
A. Access Reviews
B. Conditional Access
C. Resource Guard
D. Privileged Identity Management
🟢 B. Conditional Access
,🔴 RATIONALE: Conditional Access policies allow administrators to enforce
requirements such as device compliance or trusted locations before granting access
to applications and resources.
2. You are configuring a Network Security Group (NSG) to allow traffic to a web
server. Which rule component identifies the traffic based on the application type
rather than just a port number?
A. Service Tags
B. Application Security Groups
C. Augmented Security Rules
D. IP Address Prefixes
🟢 B. Application Security Groups
🔴 RATIONALE: Application Security Groups (ASGs) allow you to group servers with
similar functions (like web servers) and define security policies based on those
groups, simplifying rule management.
3. Which Azure service provides automated security assessments and
recommendations to improve the security posture of your cloud resources?
, A. Azure Sentinel
B. Azure Advisor
C. Microsoft Defender for Cloud
D. Azure Monitor
🟢 C. Microsoft Defender for Cloud
🔴 RATIONALE: Microsoft Defender for Cloud provides Cloud Security Posture
Management (CSPM) and provides a secure score along with actionable
recommendations to harden resources.
4. To prevent unauthorized deletion of a critical production storage account, which
Azure Resource Manager feature should you apply?
A. Azure Policy
B. Resource Lock
C. Role-Based Access Control
D. Management Group
🟢 B. Resource Lock
🔴 RATIONALE: Resource Locks (specifically the "CanNotDelete" lock) prevent
authorized users from accidentally or intentionally deleting a resource.