Microsoft Certified: Azure Security Engineer Associate Practice Exam: Test Your Knowledge 2025

Your organization requires that all users authenticate using multi-factor authentication (MFA) when accessing Azure resources from outside the corporate network. However, users within the corporate network should only need their password. What Azure AD feature should you implement?

You are implementing Azure AD Privileged Identity Management (PIM) for your organization. A security auditor asks you to ensure that all activations of the Global Administrator role require approval and that an audit trail is maintained. Which two actions should you perform?

Your company has deployed Azure VMs running critical applications. You need to ensure that only authorized applications can run on these VMs and prevent execution of malicious software. The solution should provide centralized management and reporting. What should you implement?

You are configuring network security for an Azure SQL Database. The database should only be accessible from specific Azure VMs in your virtual network and from your on-premises network via ExpressRoute. Internet access should be blocked. What should you configure?

Your organization uses Azure Key Vault to store encryption keys and secrets. You need to ensure that deleted keys can be recovered within 90 days and that keys cannot be permanently deleted by anyone, including administrators. What should you enable?

You are implementing Azure AD B2B collaboration for external partners. Your security policy requires that external users must accept terms of use and provide MFA before accessing shared resources. Where should you enforce these requirements?

Your company has a hub-and-spoke network topology in Azure. You need to inspect all traffic between spokes and to the internet for threats, while allowing direct spoke-to-spoke communication when no threats are detected. What should you deploy in the hub virtual network?

You need to audit all access to blobs in an Azure Storage account and track who accessed what data and when. The audit logs must be retained for 7 years for compliance. What should you configure?

Your organization uses service principals for application authentication to Azure resources. You discover that a service principal's credentials have been exposed. What is the FASTEST way to prevent the compromised credentials from being used?

You are configuring encryption for Azure VMs running Windows Server. The compliance team requires that encryption keys must be managed by the organization, not Microsoft, and that all disk encryption operations must be logged. What should you implement?

Your company needs to implement a security solution that automatically responds to threats detected in Azure VMs by isolating the affected VM from the network. What should you configure?

You are implementing Just-In-Time (JIT) VM access in Microsoft Defender for Cloud. A developer needs RDP access to a VM for 3 hours to troubleshoot an issue. What happens when JIT access is granted?

Your organization requires all Azure resources to be tagged with cost center and owner information. You need to prevent resource creation if these tags are missing. What should you implement?

You have deployed Azure Application Gateway with Web Application Firewall (WAF) to protect a web application. After deployment, legitimate users report that certain requests are being blocked. How should you troubleshoot and resolve this issue?

Your company uses Azure SQL Database for a production application. You need to implement a solution that detects anomalous database activities indicating potential security threats, such as SQL injection or unusual access patterns. What should you enable?

You are designing a secure architecture for a multi-tier application in Azure. The web tier must be accessible from the internet, but the database tier should have no internet access and only accept connections from the application tier. Which combination of Azure services best implements this requirement?

Your organization has implemented Azure AD Conditional Access with MFA. Users report that they are prompted for MFA every time they sign in, even within the same session. You need to reduce the frequency of MFA prompts while maintaining security. What should you configure?

You need to implement a solution that provides comprehensive security posture management across your Azure subscriptions, identifies misconfigurations, and provides a secure score with recommendations. Which service should you use?

Your company manages sensitive data in Azure Storage accounts. Regulatory requirements mandate that you must be able to prove that data has not been tampered with since creation. What feature should you implement?

You are implementing role-based access control for an Azure subscription. A team of developers needs permission to create and manage virtual machines but should not be able to modify networking or security settings. Which built-in role should you assign?