Your company plans to move all on-premises virtual machines to Azure.A network engineer proposes the Azure virtual network design shown in the following table.You need to recommend an Azure Bastion deployment to provide secure remote access to all the virtual machines.Based on the virtual network design, how many Azure Bastion subnets are required?
HOTSPOT -Your company has an Azure App Service plan that is used to deploy containerized web apps.You are designing a secure DevOps strategy for deploying the web apps to the App Service plan.You need to recommend a strategy to integrate code scanning tools into a secure software development lifecycle. The code must be scanned during the following two phases:✑ Uploading the code to repositories✑ Building containersWhere should you integrate code scanning for each phase? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You are designing the encryption standards for data at rest for an Azure resource.You need to provide recommendations to ensure that the data at rest is encrypted by using AES-256 keys. The solution must support rotating the encryption keys monthly.Solution: For Azure SQL databases, you recommend Transparent Data Encryption (TDE) that uses customer-managed keys (CMKs).Does this meet the goal?
A customer uses Azure to develop a mobile app that will be consumed by external users as shown in the following exhibit.You need to design an identity strategy for the app. The solution must meet the following requirements:✑ Enable the usage of external IDs such as Google, Facebook, and Microsoft accounts.✑ Use a customer identity store.✑ Support fully customizable branding for the app.Which service should you recommend to complete the design?
Your company has a hybrid cloud infrastructure.Data and applications are moved regularly between cloud environments.The company's on-premises network is managed as shown in the following exhibit.You are designing security operations to support the hybrid cloud infrastructure. The solution must meet the following requirements:✑ Govern virtual machines and servers across multiple environments.✑ Enforce standards for all the resources across all the environments by using Azure Policy.Which two components should you recommend for the on-premises network? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
You have an Azure subscription that has Microsoft Defender for Cloud enabled.Suspicious authentication activity alerts have been appearing in the Workload protections dashboard.You need to recommend a solution to evaluate and remediate the alerts by using workflow automation. The solution must minimize development effort.What should you include in the recommendation?
