Free Microsoft Certified: Cybersecurity Architect ExpertPractice Test

Your organization is implementing a Zero Trust architecture for their Azure environment. The security team needs to ensure that all access requests are verified explicitly, regardless of where they originate. Which three fundamental principles should guide your Zero Trust implementation?

A multinational corporation needs to design a data classification and protection strategy for sensitive customer information stored across Azure SQL Database, Azure Storage, and Microsoft 365. Which Azure service should be the foundation of this strategy to discover, classify, and protect sensitive data consistently across all platforms?

Your organization is deploying Azure Kubernetes Service (AKS) clusters for production workloads. As the cybersecurity architect, you need to design a security strategy that includes network isolation, pod security, and secrets management. Which combination of services and features provides the most comprehensive security approach?

A financial services company requires a security operations strategy that meets regulatory compliance requirements for incident response times and threat detection. They need to correlate security events from Azure resources, on-premises systems, and third-party SaaS applications. What should you recommend as the central security information and event management (SIEM) solution?

Your company is implementing Conditional Access policies as part of a Zero Trust strategy. Users report that they cannot access corporate resources from their personal devices. The security requirement states that personal devices should have limited access to non-sensitive resources only. How should you configure the Conditional Access policy?

An organization needs to secure their Azure Virtual Network infrastructure hosting critical business applications. The architecture includes web tier, application tier, and database tier subnets. What security architecture should you implement to provide defense in depth?

Your organization's compliance team requires continuous assessment of Azure resources against CIS Microsoft Azure Foundations Benchmark and regulatory standards like PCI-DSS. Which Azure service should you implement to automate compliance assessment and provide a compliance dashboard?

A healthcare organization is designing a strategy to protect patient health information (PHI) in their Azure environment. They need to implement encryption at rest, encryption in transit, and maintain control over encryption keys with the ability to revoke access immediately. What combination should you recommend?

Your organization wants to implement Just-In-Time (JIT) access as part of their Zero Trust strategy. What Azure service provides JIT VM access to reduce the attack surface of management ports?

A company is migrating applications to Azure and needs to ensure API security for their microservices architecture. The APIs handle sensitive financial transactions and require OAuth 2.0 authentication, rate limiting, request filtering, and threat detection. Which Azure service provides comprehensive API security management?

Your organization needs to implement privileged access management for Azure resources with time-bound access, approval workflows, and audit trails. Which solution should you implement?

A manufacturing company with IoT devices across multiple factories needs to secure their Azure IoT Hub deployment. The security requirements include device authentication, secure communication, and threat detection for anomalous device behavior. What comprehensive security architecture should you design?

Your company is implementing a hybrid cloud architecture with Azure Arc. As the security architect, you need to ensure consistent security policies and compliance across on-premises servers, Azure VMs, and multi-cloud resources. What strategy should you implement?

A global enterprise needs to implement a data residency and sovereignty strategy for their Azure deployments. They operate in regions with strict data localization requirements and need to ensure customer data never leaves specific geographic boundaries. What architectural approach should you recommend?

Your organization needs to protect against SQL injection attacks and other web application vulnerabilities for applications hosted in Azure App Service. What security control should you implement?

A software company developing a multi-tenant SaaS application in Azure needs to implement tenant isolation to ensure data from one customer cannot be accessed by another. The application uses Azure SQL Database and Azure Storage. What security architecture provides the best tenant isolation?

Your organization's security operations team needs to automate incident response for common security alerts in Microsoft Sentinel. When a specific threat is detected, the system should automatically isolate affected machines, disable user accounts, and create a ticket. What Microsoft Sentinel feature should you configure?

A retail company needs to implement network segmentation for their Azure Virtual Network that hosts PCI-DSS in-scope workloads. The cardholder data environment (CDE) must be isolated from other networks. What network architecture should you design?

Your company wants to implement continuous security validation by simulating attacks against Azure resources to identify vulnerabilities before attackers do. Which approach aligns with Zero Trust principles and proactive security?

An organization is deploying containerized applications using Azure Container Instances and Azure Container Registry. As the security architect, you need to ensure container images are scanned for vulnerabilities before deployment and runtime protection is enabled. What security strategy should you implement?