Microsoft Certified: Azure Security Engineer Associate Intermediate Practice Exam: Medium Difficulty 2025

Your organization has deployed Azure AD Conditional Access policies to secure access to corporate resources. Users in the marketing department frequently work from coffee shops and require access to sensitive customer data stored in Azure. The security team wants to ensure that access from public networks requires additional verification, but internal office access should remain seamless. What combination of Conditional Access controls should you implement?

You are implementing Privileged Identity Management (PIM) for Azure resources. The compliance team requires that any activation of the Global Administrator role must be reviewed and approved before access is granted, and all activations should have a maximum duration. Which PIM settings should you configure?

Your company is migrating applications to Azure and needs to implement identity federation between on-premises Active Directory and Azure AD. The security team wants users to authenticate against on-premises AD, and if the on-premises infrastructure becomes unavailable, users should still be able to access cloud resources. What authentication method should you recommend?

You need to secure network traffic between Azure virtual machines across different virtual networks and ensure that traffic to an Azure SQL Database is protected from internet exposure. The solution must provide network isolation and allow centralized network policy management. What should you implement?

Your organization uses Azure Application Gateway with Web Application Firewall (WAF) to protect web applications. Security monitoring has detected potential SQL injection attempts that are currently being logged but not blocked. Management wants to prevent these attacks while minimizing the risk of blocking legitimate traffic. What approach should you take?

You manage an Azure Storage account containing sensitive financial data. The compliance team requires that all data must be encrypted with customer-managed keys, automatic key rotation should be enabled, and access to keys must be auditable. How should you configure this solution?

Your company runs Azure SQL Database instances that contain personally identifiable information (PII). The security team needs to discover, classify, and protect sensitive data, while also monitoring and alerting on unusual access patterns. Which combination of Azure SQL security features should you implement?

You are deploying Azure Virtual Machines that will run business-critical applications. The security policy requires that all VMs must have security baselines enforced, vulnerabilities continuously assessed, and endpoint protection validated. What Azure service should you implement to meet these requirements?

Your security operations team needs to investigate a potential security incident involving unusual authentication patterns across multiple Azure resources. They need to correlate security events from Azure AD sign-in logs, Azure Activity logs, and security alerts from various sources in a centralized location. What solution should you implement?

Your organization needs to implement automated responses to security threats in Azure. When Microsoft Defender for Cloud detects a suspicious process execution on a virtual machine, the VM should be automatically isolated from the network and a ticket should be created in the company's ServiceNow instance. What should you configure?