Microsoft AZ-801 Practice Test Questions, Exam Dumps

Practice Exams:

View All

AZ-801 Microsoft Practice Test Questions and Exam Dumps

Question No 1:

You have a server named Server1 that runs Windows Server. You need to ensure that only specific applications can modify the data in protected folders on Server1. Solution: From Virus & threat protection, you configure Controlled folder access. Does this meet the goal?

A. Yes
B. No

Correct answer: A

Explanation:

The Controlled Folder Access feature is part of Windows Defender's Virus & threat protection and is designed specifically to help protect sensitive data stored in certain folders from unauthorized changes made by malicious applications. By configuring Controlled folder access, you can protect folders that contain critical files, ensuring that only trusted applications can modify the data inside those folders.

When Controlled Folder Access is enabled, it works by allowing only trusted apps (as determined by Microsoft or the user) to have write access to the protected folders. This is particularly effective against ransomware and other types of malicious software that try to encrypt or modify important files. Users can configure a list of applications that are allowed to interact with the data in these protected folders, ensuring that only specific applications are granted access.

Since the goal is to ensure that only specific applications can modify data in protected folders, Controlled folder access provides the exact functionality needed. Therefore, this solution meets the goal.

Question No 2:

You need to ensure that only specific applications can modify the data in protected folders on Server1. Solution: From Virus & threat protection, you configure Tamper Protection. Does this meet the goal?

A. Yes
B. No

Correct answer: B

Explanation:

Tamper Protection is a security feature in Windows Defender Antivirus that helps prevent malicious or unauthorized applications from modifying or disabling security settings. However, it does not specifically control or restrict which applications can access or modify data in protected folders. Tamper Protection is more about protecting the security settings and configurations of antivirus software itself from being tampered with, rather than directly controlling access to or modifications of data within protected folders.

To meet the goal of ensuring that only specific applications can modify the data in protected folders, you would typically need a more targeted solution, such as:

Controlled Folder Access: This feature in Windows Defender Exploit Guard can help protect important files and folders from unauthorized changes, specifically preventing untrusted or unknown applications from modifying the contents. With Controlled Folder Access, you can define which applications are allowed to access and modify protected folders. This is the more appropriate solution for the goal described in the question.

Therefore, Tamper Protection alone would not meet the goal because it does not manage application-specific access to protected data in folders. The correct approach would be to use Controlled Folder Access instead. As such, the correct answer is B (No).

Question No 3:

You have a server named Server1 that runs Windows Server. You need to ensure that only specific applications can modify the data in protected folders on Server1. Solution: From App & browser control, you configure the Exploit protection settings. Does this meet the goal?

A. Yes

B. No

Answer: B

Explanation:

The solution of configuring Exploit protection settings from App & browser control does not meet the goal of ensuring that only specific applications can modify data in protected folders. Here’s why:

Exploit Protection: Exploit protection is a security feature in Windows that helps to prevent exploits from taking advantage of vulnerabilities in software. It works by applying security mitigation techniques such as Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and Control Flow Guard (CFG) to applications and processes. However, while Exploit protection enhances the security of the system by preventing exploits, it does not specifically control access or restrict modifications to data in protected folders.

The goal in the question is to restrict access to specific folders and ensure that only designated applications can modify the data in those folders. Exploit protection settings are focused on mitigating vulnerabilities rather than directly controlling or limiting access to data based on the application.

Required Solution: To meet the goal of restricting which applications can modify data in protected folders, you would need a solution focused on controlling access at the file and folder level, typically through mechanisms such as:

Windows Defender Application Control (WDAC): This is a feature that allows administrators to specify which applications are allowed to run on the system. It can be used to restrict which applications can modify data in specific folders by allowing only trusted applications to execute.
Folder Permissions & Access Control Lists (ACLs): You can configure specific folder permissions using file system ACLs. This would allow administrators to control which users and applications have the necessary permissions to modify the data in the protected folders.
AppLocker: AppLocker can be configured to specify which applications are allowed to run on the system, offering a more granular approach to controlling applications based on their identity or location. It could be used to ensure that only specific applications are allowed to access and modify data in the protected folders.

Conclusion: The solution of configuring Exploit protection does not address the need to control which specific applications can modify data in protected folders. Therefore, the correct answer is B. No.

Question No 4:

What should you configure on VM1 to ensure that the new line-of-business (LOB) application can create child processes?

A. Microsoft Defender Credential Guard
B. Microsoft Defender Application Control
C. Microsoft Defender SmartScreen
D. Exploit protection

Correct Answer: D

Explanation:

In this scenario, the goal is to ensure that the new LOB application on the Azure virtual machine VM1 can create child processes. Let's break down each option and its relevance to the requirement:

A. Microsoft Defender Credential Guard

Microsoft Defender Credential Guard is a security feature that helps protect credentials (like user login credentials and other sensitive information) from being stolen through techniques like pass-the-hash attacks. It uses virtualization-based security (VBS) to isolate credential data. However, Credential Guard is not relevant to controlling the ability of an application to create child processes. It mainly targets credential theft, so A is not the correct choice.

B. Microsoft Defender Application Control

Microsoft Defender Application Control (formerly known as Device Guard) is a security feature designed to prevent unauthorized applications from running on a system. It works by creating a list of trusted, approved applications. This could block certain applications from running, but it does not specifically address or enable the ability of an application to create child processes. If the LOB application is not on the approved list, Application Control could block its execution altogether. Therefore, B is not the correct option because it restricts rather than facilitates application behavior.

C. Microsoft Defender SmartScreen

Microsoft Defender SmartScreen is primarily used to protect users from malicious websites, downloads, and apps. It helps filter potentially unsafe web content and applications by checking against known threats. However, SmartScreen does not control or impact the ability of an application to create child processes. It focuses on web-based threats and does not apply to process creation directly. Thus, C is not the correct answer.

D. Exploit protection

Exploit protection is a set of security features in Windows that helps mitigate vulnerabilities in applications. It can protect against common exploits such as buffer overflows, and code injection, and can be used to enforce certain security measures that control how applications behave on the system. Exploit protection settings can help allow or prevent certain types of process execution, ensuring that legitimate applications can function properly (such as creating child processes) while protecting against exploitation.

In this case, Exploit protection allows you to configure system behavior for individual applications, which includes enabling the creation of child processes. This makes it the most suitable choice for ensuring that the LOB application can function properly and create child processes, as it provides an additional layer of protection while allowing the expected application behavior. Therefore, D is the correct choice.

To ensure that the LOB application can create child processes on VM1, Exploit protection should be configured on the system. This setting enables secure operation and mitigates exploitation while allowing the application to create the necessary child processes for its functionality.

Question No 5:

You have 100 Azure virtual machines that run Windows Server. The virtual machines are onboarded to Microsoft Defender for Cloud.
You need to shut down a virtual machine automatically if Microsoft Defender for Cloud generates the "Antimalware disabled in the virtual machine" alert for the virtual machine.

What should you use in Microsoft Defender for Cloud?

A. a logic app
B. a workbook
C. a security policy
D. adaptive network hardening

Correct Answer: A

Explanation:

To automatically shut down a virtual machine when Microsoft Defender for Cloud generates an alert, you should use a logic app. A Logic App in Azure allows you to automate workflows based on certain triggers. In this case, the trigger would be an alert generated by Microsoft Defender for Cloud indicating that "Antimalware is disabled" on the virtual machine.

Once the alert is triggered, the Logic App can be configured to perform specific actions, such as stopping the virtual machine. This approach enables automated responses to security alerts without requiring manual intervention, ensuring that the virtual machines are automatically protected by taking immediate action when a critical security issue (like disabled antimalware) is detected.

Now, let’s consider the other options:

Option B (a workbook) is used for data visualization and monitoring in Microsoft Defender for Cloud, but it is not designed to take automated actions such as shutting down a virtual machine. Workbooks are more useful for analyzing and reporting security data, not for automating responses to alerts.

Option C (a security policy) is used to define rules and configurations to ensure compliance with security standards. While security policies can help prevent certain issues by enforcing settings, they do not provide the automation capability to respond to an alert and take action like shutting down a virtual machine when an alert is generated.

Option D (adaptive network hardening) is used to secure network configurations, but it does not directly address automated actions based on security alerts like "Antimalware disabled." This feature focuses on network security, such as recommending firewall rules, rather than automating responses to alerts from Defender for Cloud.

Therefore, a logic app is the correct choice because it allows you to automate the process of shutting down a virtual machine when a specific alert (such as the "Antimalware disabled" alert) is triggered by Microsoft Defender for Cloud.

Question No 6:

What should you use to onboard Azure Arc-enabled on-premises servers to Microsoft Sentinel while minimizing administrative effort?

A. Azure Automation
B. Azure Policy
C. Azure virtual machine extensions
D. Microsoft Defender for Cloud

Correct Answer: B

Explanation:

In this scenario, you have 100 Azure Arc-enabled on-premises servers, and you want to onboard them to Microsoft Sentinel with minimal administrative effort. The goal is to streamline the process of collecting and sending data from these servers to Microsoft Sentinel. Let's break down each option to determine which solution is the most efficient for this purpose.

Option A: Azure Automation

While Azure Automation is powerful for automating routine tasks and managing configurations across multiple resources, it is not specifically designed for the onboarding of resources to Microsoft Sentinel. Azure Automation can help manage various tasks related to configuration, deployment, and monitoring, but it would require additional scripting and configuration to onboard servers to Sentinel. This would not be the most efficient or minimal effort solution in this case. Therefore, A is not the best option.

Option B: Azure Policy

Azure Policy is the correct solution for this scenario. Azure Policy allows you to enforce compliance across resources in your Azure environment, including Azure Arc-enabled resources. By creating a policy that automatically assigns the appropriate Microsoft Sentinel data connector to Azure Arc-enabled servers, you can automate the onboarding process for all servers in the resource group with minimal administrative effort. Azure Policy ensures that these resources are configured consistently without the need for manual intervention. Additionally, you can easily monitor compliance with the policy, making it a highly scalable and efficient approach. Therefore, B is the correct choice.

Option C: Azure virtual machine extensions

Azure virtual machine extensions are used to deploy and configure software on virtual machines, including things like monitoring agents and security agents. While you could use extensions to deploy the Microsoft Monitoring Agent (MMA) to Azure Arc-enabled servers, this option still requires manual configuration or scripting to ensure that each server is onboarded to Microsoft Sentinel. Using extensions can be effective, but it does not provide the same level of automation and scale as Azure Policy does. Thus, C is not the most efficient choice.

Option D: Microsoft Defender for Cloud

Microsoft Defender for Cloud (formerly Azure Security Center) provides security posture management and threat protection for resources, but it is not specifically designed for onboarding resources to Microsoft Sentinel. While it integrates with Sentinel to provide security insights, Defender for Cloud primarily focuses on security monitoring and threat detection rather than the initial onboarding process. It could complement Sentinel once the resources are onboarded, but it does not help with the onboarding process itself. Therefore, D is not the most appropriate solution for this requirement.

In conclusion, the best option to minimize administrative effort while onboarding Azure Arc-enabled servers to Microsoft Sentinel is Azure Policy. With Azure Policy, you can enforce automatic onboarding and ensure that all servers are configured to send data to Sentinel, without needing to manually configure each server individually. This approach provides the best scalability and efficiency. Therefore, the correct answer is B.

Question No 7:

You have an Azure virtual machine named VM1 that runs Windows Server. You need to encrypt the contents of the disks on VM1 using Azure Disk Encryption. What is a prerequisite for implementing Azure Disk Encryption?

A) Customer Lockbox for Microsoft Azure

B) An Azure Key Vault

C) A BitLocker recovery key

D) Data-link layer encryption in Azure

Answer: B) An Azure Key Vault

Explanation:

Azure Disk Encryption (ADE) is a feature in Microsoft Azure that uses BitLocker (on Windows Server) or DM-Crypt (on Linux) to encrypt the virtual machine (VM) disks to enhance data security. It ensures that the operating system and data disks are encrypted, helping to safeguard the VM’s data from unauthorized access.

Before you can implement Azure Disk Encryption on an Azure virtual machine, there are several prerequisites that must be fulfilled. One of the key requirements is Azure Key Vault.

Azure Disk Encryption relies on Azure Key Vault to manage the encryption keys used for BitLocker or DM-Crypt encryption. The process involves using a key stored in Azure Key Vault to encrypt the VM disks, and also to manage the keys for any decryption operations when needed.

Azure Key Vault provides a secure, cloud-based service for storing and managing sensitive data like encryption keys, certificates, and secrets. When using Azure Disk Encryption, Azure Key Vault acts as the key management service. It stores the BitLocker keys used to encrypt and decrypt the disks on the virtual machine.

Without Azure Key Vault, you will not be able to securely store and manage the encryption keys needed for disk encryption, making it impossible to implement Azure Disk Encryption.

Other Options:

A) Customer Lockbox for Microsoft Azure:
Customer Lockbox is a feature that allows you to approve or deny requests by Microsoft support engineers to access your data during troubleshooting. It does not relate directly to Azure Disk Encryption, as it is intended for managing support access rather than encryption key management. Thus, this is not a prerequisite for Azure Disk Encryption.
C) A BitLocker recovery key:
A BitLocker recovery key is used to recover data in case BitLocker encryption fails or if there are issues with accessing the encrypted disk. While a recovery key is useful for handling issues with encryption, it is not a prerequisite for initiating Azure Disk Encryption. The key management and encryption itself are handled by Azure Key Vault.
D) Data-link layer encryption in Azure:
Data-link layer encryption (such as Ethernet encryption) refers to encryption at the data link layer of the network stack. While network security is important, it is unrelated to the disk encryption process, which focuses on securing the virtual machine's disks rather than the network transmission layer.

In conclusion, to implement Azure Disk Encryption on an Azure virtual machine, Azure Key Vault is a critical prerequisite. It serves as the secure repository for the encryption keys used by BitLocker or DM-Crypt to encrypt and decrypt the VM’s disks. This ensures the integrity and confidentiality of the data stored on the virtual machine, making Azure Key Vault an essential component of the Azure Disk Encryption process.

Question No 8:

You have an Azure subscription that has Microsoft Defender for Cloud enabled. You have 50 Azure virtual machines that run Windows Server. You need to ensure that any security exploits detected on the virtual machines are forwarded to Defender for Cloud.

Which extension should you enable on the virtual machines?

A. Vulnerability assessment for machines
B. Microsoft Dependency agent
C. Log Analytics agent for Azure VMs
D. Guest Configuration agent

Correct Answer:

C. Log Analytics agent for Azure VMs

Explanation:

In Microsoft Defender for Cloud, the Log Analytics agent for Azure VMs is an essential component for monitoring, collecting, and forwarding data related to security exploits, vulnerabilities, and other system events. This agent plays a critical role in the overall security posture of your Azure infrastructure.

Let's dive deeper into why the Log Analytics agent for Azure VMs is the correct choice for this scenario.

Role of the Log Analytics Agent:

The Log Analytics agent (formerly known as the OMS agent) is responsible for gathering performance data, security events, and other diagnostic information from Azure virtual machines and sending this data to Azure Monitor and Microsoft Defender for Cloud (formerly Azure Security Center). The agent allows Defender for Cloud to continuously monitor and analyze security data from the virtual machines (VMs) in your environment.

When you install the Log Analytics agent on your Azure virtual machines, it collects important information such as:

Security events: Logs related to security issues, like failed login attempts, system breaches, and malware activities.
System performance: Performance metrics such as CPU usage, memory utilization, and disk activity.
Security alerts: Security threats, including vulnerabilities and exploits detected on the VM.

This data is sent to Defender for Cloud, where it is processed, correlated, and analyzed. If security vulnerabilities or exploits are identified, Defender for Cloud generates alerts that allow administrators to take timely and informed actions.
While the Vulnerability assessment tool is indeed useful for detecting vulnerabilities on virtual machines, it is not primarily responsible for forwarding detected exploits to Defender for Cloud. Vulnerability assessment is often a part of the security assessment feature, but for forwarding events to Defender for Cloud, the Log Analytics agent is required.

Microsoft Dependency agent:
The Microsoft Dependency agent is primarily used for dependency mapping and discovery, which helps identify connections between VMs, services, and other resources in your environment. It is part of the Azure Monitor service but does not directly forward security-related events to Defender for Cloud.

Guest Configuration agent:
The Guest Configuration agent is used to enforce and monitor compliance policies on virtual machines. It is helpful for compliance management but does not forward security exploit data to Defender for Cloud.

Create a Log Analytics workspace in your Azure portal if you don’t already have one.
Install the Log Analytics agent on your virtual machines. This can be done via the Azure portal or through PowerShell, Azure CLI, or by automating the installation with Azure Automation.
After installation, configure the agent to connect to your Log Analytics workspace and start sending data.
Ensure that your Defender for Cloud is connected to the same workspace. Defender for Cloud will automatically start receiving security events and logs.

Comprehensive monitoring: Collects data from VMs to give you an overview of security and performance. Proactive threat detection: Enables Defender for Cloud to spot potential threats and vulnerabilities in real-time. Centralized log collection: Aggregates logs from all VMs and sends them to a central location, making it easier to manage security events.

To summarize, C) Log Analytics agent for Azure VMs is the correct answer because it plays a crucial role in collecting security data and forwarding it to Defender for Cloud. By deploying this agent on your VMs, you can ensure that any security vulnerabilities or exploits detected are reported and acted upon in a timely manner, enhancing your cloud security posture.