Microsoft Azure Security Engineer Associate Practice Exam: Test Your Knowledge 2025

Your organization requires that all users accessing Azure resources must authenticate using multi-factor authentication (MFA). However, users connecting from the corporate network should be exempt from MFA requirements. What should you configure?

A company has deployed Azure Virtual Machines that must not be accessible from the internet. You need to ensure that administrators can securely connect to these VMs for management purposes without exposing them to public internet access. What should you implement?

You need to ensure that data stored in an Azure Storage Account is encrypted with customer-managed keys stored in Azure Key Vault. The storage account already contains data. What should you do?

Your company has implemented Azure AD Privileged Identity Management (PIM). A user needs temporary Global Administrator access for 8 hours to perform emergency maintenance. What should the user do?

You are configuring Microsoft Defender for Cloud and need to receive alerts when suspicious activities are detected on your Azure SQL databases. You also want automated recommendations for remediation. What should you enable?

A company needs to restrict access to Azure Key Vault so that only specific virtual machines in a particular subnet can access secrets. Internet access to the Key Vault must be blocked. What should you configure?

Your organization uses Azure AD to manage user identities. You need to implement a solution that automatically detects and responds to potential compromised user accounts based on behavioral analysis. Which solution should you implement?

You are implementing network security for Azure Virtual Machines. You need to ensure that only specific applications can communicate on certain ports, and you want to implement microsegmentation. What should you use?

A company stores sensitive customer data in Azure SQL Database. Compliance requirements mandate that certain columns containing personal information must be encrypted and that only authorized applications can decrypt this data. What should you implement?

You need to monitor and detect potential security threats across your Azure resources, on-premises servers, and other cloud platforms from a single dashboard. What should you implement?

Your organization requires that all privileged role assignments in Azure AD must be reviewed quarterly to ensure users still require access. You need to implement an automated solution that prompts managers to review their team members' access. What should you configure?

A company has deployed Azure VMs running web applications that must be protected from common web vulnerabilities such as SQL injection and cross-site scripting. The solution should inspect HTTP/HTTPS traffic and block malicious requests. What should you deploy?

You are securing an Azure Storage Account that contains virtual machine disk snapshots. You need to ensure that data cannot be deleted for 7 years to meet compliance requirements, even by administrators with full permissions. What should you configure?

Your company has implemented Azure Sentinel as a SIEM solution. You need to automatically respond to security incidents where a user account shows multiple failed sign-in attempts followed by a successful sign-in from an unfamiliar location. What should you configure?

You are implementing a solution where an Azure Function needs to access secrets from Azure Key Vault without storing credentials in the application code or configuration files. What authentication method should you use?

A company has multiple Azure subscriptions and needs to enforce a security policy that prevents anyone from creating virtual machines without encryption at rest enabled. The policy must be applied across all existing and future subscriptions. What should you implement?

You need to implement a solution that discovers and classifies sensitive data such as credit card numbers and social security numbers stored in Azure SQL Database. The solution should also provide recommendations for protecting this data. What should you use?

Your organization requires that Azure Kubernetes Service (AKS) clusters must only pull container images from approved Azure Container Registry instances. You need to enforce this requirement and prevent deployment of containers from public registries or unapproved sources. What should you implement?

A security incident has occurred where unauthorized access to an Azure Storage Account was detected. You need to investigate when and how the account access keys were last rotated and who accessed the storage account. Where should you review this information?

Your company requires that guest users invited to Azure AD must accept terms of use before accessing company resources, and they must re-accept these terms every 90 days. What should you configure?