Thank you for the resources.
I wasn't sure how to offer feedback on the exam so I'll do it here.
The test makes some references to "Azure Defender" which is no longer a thing.
"Which one of the actions below is the only one that a user with Security Admin role cannot perform?" has misleading answers.
It appears to be referencing knowledge from https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions
While it is true that the Security Admin does not deploy the agents and extensions, since this is handled via managed identities, the Security Admin would still be the account to manage auto-provisioning.
"What are the two roles that allow you to create a resource exemption in Microsoft Defender for Cloud?" has confusing resources.
https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions claims the security admin cannot exempt resources.
https://learn.microsoft.com/en-us/azure/defender-for-cloud/exempt-resource published two months later claims that they can.
This creates a scenario where official resources can lead to different sets of "correct" answers in the multiple choice.
Per the https://learn.microsoft.com/en-us/azure/role-based-access-control documentation all of the roles save for Security Reader should have the access--Security Admin and Resource Policy Contributor get it explicitly via Microsoft.Authorization/policyExemptions/*, and Owner has it implicitly as they have all actions available to a resource.
Unless this is supposed to be about suppressing alerts.
"What capabilities below are part of Microsoft Defender for Servers?"
Wording suggests it might be asking about the capabilities of a specific plan or could be Defender of Servers as a whole. Would suggest clarifying.
"Microsoft Defender for DNS protects resources that are connected to Azure DNS. Which one scenario is not supported?"
Every scenario in the answer is supported per https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-dns-introduction#what-are-the-benefits-of-microsoft-defender-for-dns unless the test is trying to be very sly about its wording around communication with malicious servers or DNS, which I would recommend against.
Regards