Microsoft Azure Security Technologies - AZ-500 Exam Practice Test
You have an Azure subscription that contains a storage account named contoso2023. You need to perform the following tasks:
* Verify that identity-based authentication over SMB is enabled.
* Only grant users access to contoso2023 in the year 2023.
Which two settings should you use? To answer, select the appropriate settings in the answer area NOTE: Each correct selection is worth one point.
* Verify that identity-based authentication over SMB is enabled.
* Only grant users access to contoso2023 in the year 2023.
Which two settings should you use? To answer, select the appropriate settings in the answer area NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
A screenshot of a computer Description automatically generated
Requirement: Verify that identity-based authentication over SMB is enabled Go there to configure Identity-based authentication (Active Directory) for Azure file shares.
Ref: https://learn.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview
2. Share access signature
Requirement: Only grant users access to contoso2023 in the year 2023
You have two Azure subscriptions named Sub1 and Sub2. Sub1 contains a resource group named RG1 and an Azure policy named Policy1.
You need to remediate the non-compliant resources in Sub1 based on Policy1.
How should you complete the PowerShell script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You need to remediate the non-compliant resources in Sub1 based on Policy1.
How should you complete the PowerShell script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Correct Answer:
Explanation:
* For the first blank, use Set-AzContext to set the current subscription context.
* For the second blank, use Start-AzPolicyRemediation to create and start a policy remediation for a policy assignment.
The final script should look like this:
$policyAssignmentId = " /subscriptions/f0710c27-9663-4c05-1978-1bdbedle86as/providers/Microsoft.
Authorization/f Value Set-AzContext -Subscription "Sub1" Value Start-AzPolicyRemediation - PolicyAssignmentld $policyAssignmentId -Name " policy1" -ResourceDiscovery
You have an Azure subscription.
You plan to create a custom role-based access control (RBAC) role that will provide permission to read the Azure Storage account.
Which property of the RBAC role definition should you configure?
You plan to create a custom role-based access control (RBAC) role that will provide permission to read the Azure Storage account.
Which property of the RBAC role definition should you configure?
Correct Answer: B
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
You have an Azure subscription named Subcription1 that contains an Azure Active Directory (Azure AD) tenant named contosos.com and a resource group named RG1.
You create a custom role named Role1 for contoso.com.
You need to identify where you can use Role1 for permission delegation.
What should you identify?
You create a custom role named Role1 for contoso.com.
You need to identify where you can use Role1 for permission delegation.
What should you identify?
Correct Answer: D
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Sub1.
You have an Azure Storage account named sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in sa1 by using several shared access signatures (SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to sa1.
Solution: You regenerate the Azure storage account access keys.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Sub1.
You have an Azure Storage account named sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in sa1 by using several shared access signatures (SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to sa1.
Solution: You regenerate the Azure storage account access keys.
Does this meet the goal?
Correct Answer: B
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Subscription named Sub1.
You have an Azure Storage account named Sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in Sa1 by using several shared access signatures (SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to Sa1.
Solution: You create a new stored access policy.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Subscription named Sub1.
You have an Azure Storage account named Sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in Sa1 by using several shared access signatures (SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to Sa1.
Solution: You create a new stored access policy.
Does this meet the goal?
Correct Answer: A
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
You plan to deploy an app that will modify the properties of Azure Active Directory (Azure AD) users by using Microsoft Graph. You need to ensure that the app can access Azure AD. What should you configure first?
Correct Answer: B
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
You have an Azure subscription named Subcription1 that contains the resources shown in the following table.
You have an Azure subscription named Subcription2 that contains the following resources:
* An Azure Sentinel workspace
* An Azure Event Grid instance
You need to ingest the CEF messages from the NVAs to Azure Sentinel.
NOTE: Each correct selection is worth one point.
You have an Azure subscription named Subcription2 that contains the following resources:
* An Azure Sentinel workspace
* An Azure Event Grid instance
You need to ingest the CEF messages from the NVAs to Azure Sentinel.
NOTE: Each correct selection is worth one point.
Correct Answer:
You need to implement the planned change for storage2. The solution must meet the technical requirements for storage encryption.
Correct Answer: C
Vote an answer
You have an Azure subscription that contains an Azure key vault.
You create a storage account named storage1.
You plan to store data in the following storage1 services:
* Azure Files
* Azure Blob storage
* Azure Table storage
* Azure Queue storage
For which two services can you configure data encryption by using the keys stored in the key vault? Each correct answer presents a complete solution.
NOTE Each correct selection is worth one point.
You create a storage account named storage1.
You plan to store data in the following storage1 services:
* Azure Files
* Azure Blob storage
* Azure Table storage
* Azure Queue storage
For which two services can you configure data encryption by using the keys stored in the key vault? Each correct answer presents a complete solution.
NOTE Each correct selection is worth one point.
Correct Answer: A,C
Vote an answer