DRAG DROP -
Your network contains an Active Directory Domain Services (AD DS) domain.
You need to implement a solution that meets the following requirements:
✑ Ensures that the members of the Domain Admins group are allowed to sign in only to domain controllers
✑ Ensures that the lifetime of Kerberos Ticket Granting Ticket (TGT) for the members of the Domain Admins group is limited to one hour
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/how-to-configure-protected-accounts
You have an Azure virtual machine named VM1 that runs Windows Server.
You plan to deploy a new line-of-business (LOB) application to VM1.
You need to ensure that the application can create child processes.
What should you configure on VM1?
Correct Answer: D
To ensure that an application on a Windows Server running on an Azure virtual machine can create child processes, you should configure Exploit protection settings on the VM. Exploit protection offers a feature to manage security settings for preventing applications from creating child processes. Configuring Exploit protection correctly would allow the necessary permissions for the line-of-business application to create child processes.
HOTSPOT -
Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. The domain contains the organizational units (OUs) shown in the following table.
In the domain, you create the Group Policy Objects (GPOs) shown in the following table.
You need to implement IPsec authentication to ensure that only authenticated computer accounts can connect to the members in the domain. The solution must minimize administrative effort.
Which GPOs should you apply to the Domain Controllers OU and the Domain Servers OU? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/configure-authentication-methods
You have 100 Azure virtual machines that run Windows Server. The virtual machines are onboarded to Microsoft Defender for Cloud.
You need to shut down a virtual machine automatically if Microsoft Defender for Cloud generates the "Antimalware disabled in the virtual machine" alert for the virtual machine.
What should you use in Microsoft Defender for Cloud?
Correct Answer: A
To shut down a virtual machine automatically when Microsoft Defender for Cloud generates the 'Antimalware disabled in the virtual machine' alert, you should use a logic app. Logic apps in Microsoft Defender for Cloud allow you to automate responses to specific security alerts, such as shutting down a non-compliant virtual machine. This is achieved by creating workflows that respond to alerts automatically. Other options like a workbook, a security policy, or adaptive network hardening serve different purposes and do not provide the automation required for this specific task.
You have a Microsoft Sentinel deployment and 100 Azure Arc-enabled on-premises servers. All the Azure Arc-enabled resources are in the same resource group.
You need to onboard the servers to Microsoft Sentinel. The solution must minimize administrative effort.
What should you use to onboard the servers to Microsoft Sentinel?
Correct Answer: B
To onboard Azure Arc-enabled on-premises servers to Microsoft Sentinel with minimal administrative effort, you should use Azure Policy. Azure Policy allows you to enforce organization standards and assess compliance at scale for your resources, including on-premises servers enabled with Azure Arc. By utilizing Azure Policy, you can automate the deployment of the necessary monitoring agents required for Microsoft Sentinel, ensuring all target systems are compliant and onboarded efficiently.