Secure storage, databases, and networking Questions
Practice questions for Secure storage, databases, and networking topic in Microsoft Certified: Cloud and AI Security Engineer Associate. 58 questions covering this domain.
A call center application should hide most of a customer's email address from nonprivileged users, but the actual values must remain unchanged in the ...
You want Azure Storage to use a customer-managed key stored in Azure Key Vault. Which configuration is required on the key vault or managed HSM?
Two inbound network security group rules match the same traffic. Which rule is processed first?
A private endpoint is configured for an Azure service, but clients still resolve the service's public IP address. What should you change?
A user creates a private endpoint to a resource they don't own and selects manual approval. The endpoint shows Pending. Which statement is correct?
Your organization uses Azure Virtual Network Manager security admin rules. What happens when traffic matches an Always allow security admin rule?
A subnet is granted access to an Azure Storage account by using a virtual network service endpoint. How does the source IP appear to the storage servi...
You need protection against a volumetric Layer 3 or Layer 4 attack and also protection against Layer 7 web exploits. Which combination should you depl...
Which Azure Firewall SKU adds signature-based intrusion detection and prevention?
A security engineer wants administrators to connect to Azure VMs without assigning public IP addresses to the VMs. Which service should be used?
How is Transparent Data Encryption configured for newly created Azure SQL databases?
Blob versioning and blob soft delete are both enabled on a storage account. What happens when the current version of a blob is deleted?
Which retention range can be configured for Azure Blob soft delete?
A private endpoint connection was created by using manual approval. Which connection status must the endpoint reach before it can send traffic to the ...
A storage team locks a time-based immutable storage policy after testing. Which change is still allowed after the policy is locked?
An organization wants to filter outbound traffic from a virtual network and require centralized public IP egress (e.g., for SaaS allowlisting). Which ...
A security engineer must restrict Azure Storage account access from a specific subnet to only the storage accounts that belong to a chosen list. Which...
An architect needs east-west traffic between on-prem and many spoke VNets to traverse a centralized firewall through ExpressRoute, while spoke-to-spok...
A team must view all NSG rules applied to a NIC across subnet and NIC NSGs and identify why a connection is failing. Which Network Watcher tool gives ...
A regulated workload must keep all PaaS connectivity off the public internet, including DNS resolution from on-prem. Which design element is required ...
Sign in to see all 58 questions
Create a free account to browse all questions — completely free during our launch phase.