Microsoft Azure Security Engineer Associate Intermediate Practice Exam: Medium Difficulty 2025

Your organization uses Azure AD with multiple applications integrated via SAML. A security audit reveals that several former employees still have active sessions. You need to ensure that when an employee is disabled in the on-premises Active Directory, their Azure AD access is revoked within 30 minutes, and all active sessions are terminated. What combination of solutions should you implement?

You are securing an Azure Virtual Network that hosts production web servers. The web servers need to allow HTTPS traffic from the internet but must block all other inbound traffic. Additionally, the servers should only be able to access specific Azure SQL Database instances and Azure Storage accounts. Which combination of security controls should you implement?

Your company stores sensitive customer data in Azure Blob Storage. Compliance requirements mandate that all data must be encrypted at rest using customer-managed keys, with automatic key rotation every 90 days. Additionally, you need to ensure that no one, including Microsoft administrators, can access the data without proper authorization. What should you implement?

You manage security for an Azure subscription that contains multiple resource groups. You need to ensure that any virtual machine created without Azure Disk Encryption enabled is automatically flagged, and prevent deployment of VMs in the Production resource group without encryption. Existing non-compliant VMs should be identified but not affected. What should you configure?

Your organization requires that all privileged access to Azure resources be time-bound and require approval. The IT director should be able to activate the Contributor role on the production subscription for up to 8 hours with approval from the security team. How should you configure this using Azure AD Privileged Identity Management (PIM)?

You are implementing a hub-and-spoke network topology in Azure. The hub virtual network contains Azure Firewall, and three spoke virtual networks contain application workloads. You need to ensure all traffic between spokes is inspected by Azure Firewall and logged. What configuration should you implement?

Your company runs a multi-tier application on Azure VMs. The application tier accesses Azure SQL Database. You need to ensure that the application authenticates to SQL Database without storing credentials in application code or configuration files, and the solution should support automatic credential rotation. What should you implement?

You receive an alert from Microsoft Defender for Cloud indicating potential cryptocurrency mining activity on a Linux VM in your Azure subscription. The VM is part of a production environment. What should be your immediate response actions in the correct sequence?

Your organization uses Azure AD Conditional Access to secure access to corporate resources. You need to ensure that users accessing Azure portal from outside the corporate network must use multi-factor authentication, but users connecting from corporate offices should only need their password. Guest users should always require MFA regardless of location. How should you configure the Conditional Access policy?

You are configuring Microsoft Defender for Cloud for your Azure subscription containing VMs, storage accounts, and SQL databases. Your security team needs to receive alerts for high-severity threats via email within 5 minutes, and you want to automatically trigger a Logic App to create incident tickets in your ServiceNow system. What should you configure?