Secure compute, storage, and databases Questions
Practice questions for Secure compute, storage, and databases topic in Microsoft Certified: Azure Security Engineer Associate. 48 questions covering this domain.
You want applications and users to connect to Azure SQL by using Microsoft Entra identities. What must be configured first at the server or instance l...
A call center application should hide most of a customer's email address from nonprivileged users, but the actual values must remain unchanged in the ...
How is Transparent Data Encryption configured for newly created Azure SQL databases?
You want Azure Storage to use a customer-managed key stored in Azure Key Vault. Which configuration is required on the key vault or managed HSM?
A subnet already has an Azure Storage service endpoint enabled and is allowed in a storage account firewall. What happens to IP network rules for traf...
An operations team enables the admin user on Azure Container Registry so a single tester can push and pull images. Which statement about this account ...
A security architect must protect temp disks, caches, and the data flow between compute and storage for a virtual machine. Which disk encryption optio...
Which retention range can be configured for Azure Blob soft delete?
A security engineer wants administrators to connect to Azure VMs without assigning public IP addresses to the VMs. Which service should be used?
A storage team locks a time-based immutable storage policy after testing. Which change is still allowed after the policy is locked?
Blob versioning and blob soft delete are both enabled on a storage account. What happens when the current version of a blob is deleted?
What does Microsoft Defender for Cloud just-in-time VM access do to management ports when no access request is active?
Which Azure SQL feature continuously discovers, classifies, and labels columns containing sensitive data?
A storage account must accept traffic only from a specific Azure Logic Apps standard plan in the same tenant while staying behind a firewall. Which ca...
Which capability lets you deploy an Azure VM whose OS and data disks are protected by the customer's keys with a per-disk Disk Encryption Set?
Which Azure capability provides hardware-isolated, single-tenant key storage that meets FIPS 140-2 Level 3 for keys used by Azure resources?
Which Azure Storage authorization option is recommended over storage account access keys to limit exposure?
A workload uses a Disk Encryption Set with a customer-managed key. The team accidentally deletes the key version. What does Microsoft documentation sa...
A finance team must legally hold blob data so it can't be modified or deleted, regardless of admin role. Which feature meets WORM compliance requireme...
An app must call Azure SQL using a Microsoft Entra identity tied to the host VM, with no secrets stored. Which configuration accomplishes this?
Sign in to see all 48 questions
Create a free account to browse all questions — completely free during our launch phase.