AZ-500 Practice Test Questions Updated 337 Questions [Q62-Q86]

Share

AZ-500 Practice Test Questions Updated 337 Questions

Microsoft AZ-500 Dumps - Secret To Pass in First Attempt

NEW QUESTION 62
You create an alert rule that has the following settings:
Resource: RG1
Condition: All Administrative operations
Actions: Action groups configured for this alert rule: ActionGroup1
Alert rule name: Alert1
You create an action rule that has the following settings:
Scope: VM1
Filter criteria: Resource Type = "Virtual Machines"
Define on this scope: Suppression
Suppression config: From now (always)
Name: ActionRule1
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Note: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-action-rules

 

NEW QUESTION 63
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create a resource graph and an assignment that is scoped to a management group.
Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
References:
https://4sysops.com/archives/apply-governance-policy-to-multiple-azure-subscriptions-with-management-groups/

 

NEW QUESTION 64
You have an Azure subscription that contains the resources shown in the following table.

User1 is a member of Group1. Group1 and User2 are assigned the Key Vault Contributor role for Vault1.
On January 1, 2019, you create a secret in Vault1. The secret is configured as shown in the exhibit. (Click the Exhibit tab.)

User2 is assigned an access policy to Vault1. The policy has the following configurations:
* Key Management Operations: Get, List, and Restore
* Cryptographic Operations: Decrypt and Unwrap Key
* Secret Management Operations: Get, List, and Restore
Group1 is assigned an access to Vault1. The policy has the following configurations:
* Key Management Operations: Get and Recover
* Secret Management Operations: List, Backup, and Recover
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation:

Explanation

 

NEW QUESTION 65
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username: [email protected]
Azure Password: Ag1Bh9!#Bd
The following information is for technical support purposes only:
Lab Instance: 10598168




You need to collect all the audit failure data from the security log of a virtual machine named VM1 to an Azure Storage account.
To complete this task, sign in to the Azure portal.
This task might take several minutes to complete You can perform other tasks while the task completes.

Answer:

Explanation:
See the explanation below.
Explanation
Step 1: Create a workspace
Azure Monitor can collect data directly from your Azure virtual machines into a Log Analytics workspace for detailed analysis and correlation.
1. In the Azure portal, select All services. In the list of resources, type Log Analytics. As you begin typing, the list filters based on your input. Select Log Analytics workspaces.

2. Select Create, and then select choices for the following items:

3. After providing the required information on the Log Analytics workspace pane, select OK.
While the information is verified and the workspace is created, you can track its progress under Notifications from the menu.
Step 2: Enable the Log Analytics VM Extension
Installing the Log Analytics VM extension for Windows and Linux allows Azure Monitor to collect data from your Azure VMs.
1. In the Azure portal, select All services found in the upper left-hand corner. In the list of resources, type Log Analytics. As you begin typing, the list filters based on your input. Select Log Analytics workspaces.
2. In your list of Log Analytics workspaces, select DefaultWorkspace (the name you created in step 1).
3. On the left-hand menu, under Workspace Data Sources, select Virtual machines.
4. In the list of Virtual machines, select a virtual machine you want to install the agent on. Notice that the Log Analytics connection status for the VM indicates that it is Not connected.
5. In the details for your virtual machine, select Connect. The agent is automatically installed and configured for your Log Analytics workspace. This process takes a few minutes, during which time the Status shows Connecting.
After you install and connect the agent, the Log Analytics connection status will be updated with This workspace.
Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-azurevm

 

NEW QUESTION 66
You have an Azure subscription that contains the alerts shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-overview

 

NEW QUESTION 67
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

The tenant contains the named locations shown in the following table.

You create the conditional access policies for a cloud app named App1 as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 68
You have an Azure subscription that contains the virtual machines shown in the following table.

You create the Azure policies shown in the following table.

You create the resource locks shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 69
You work at a company named Contoso, Ltd. that has the offices shown in the following table.

Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com. All contoso.com users have Azure Multi-Factor Authentication (MFA) enabled. The tenant contains the users shown in the following table.

The multi-factor settings for contoso.com are configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

 

NEW QUESTION 70
You create a new Azure subscription that is associated to a new Azure Active Directory (Azure AD) tenant.
You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the Microsoft Azure Management cloud app.
The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.)

The Grant settings for Portal Policy are configured as shown in the Grant exhibit. (Click the Grant tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:
Explanation
Box 1: No
The Contoso location is excluded
Box 2: NO
Box 3: NO
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

 

NEW QUESTION 71
You are testing an Azure Kubernetes Service (AKS) cluster. The cluster is configured as shown in the
exhibit. (Click the Exhibit tab.)

You plan to deploy the cluster to production. You disable HTTP application routing.
You need to implement application routing that will provide reverse proxy and TLS termination for AKS
services by using a single IP address.
What should you do?

  • A. Install the container network interface (CNI) plug-in.
  • B. Create an Azure Standard Load Balancer.
  • C. Create an Azure Basic Load Balancer.
  • D. Create an AKS Ingress controller.

Answer: D

Explanation:
Explanation/Reference:
Explanation:
An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and
TLS termination for Kubernetes services.
References:
https://docs.microsoft.com/en-us/azure/aks/ingress-tls

 

NEW QUESTION 72
You have an Azure subscription that contains a user named User1 and an Azure Container Registry named ConReg1.
You enable content trust for ContReg1.
You need to ensure that User1 can create trusted images in ContReg1. The solution must use the principle of least privilege.
Which two roles should you assign to User1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. AcrPush
  • B. AcrQuarantineWriter
  • C. AcrImageSigner
  • D. AcrQuarantineReader
  • E. Contributor

Answer: A,C

Explanation:
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-content-trust
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-roles
https://www.fast2test.com/AZ-500-practice-test.html 39
Valid Fast2test AZ-500 Exam PDF Dumps - New AZ-500 Real Exam Questions

 

NEW QUESTION 73
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to implement an application that will consist of the resources shown in the following table.

Users will authenticate by using their Azure AD user account and access the Cosmos DB account by using resource tokens.
You need to identify which tasks will be implemented in CosmosDB1 and WebApp1.
Which task should you identify for each resource? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

CosmosDB1: Create database users and generate resource tokens.
Azure Cosmos DB resource tokens provide a safe mechanism for allowing clients to read, write, and delete specific resources in an Azure Cosmos DB account according to the granted permissions.
WebApp1: Authenticate Azure AD users and relay resource tokens
A typical approach to requesting, generating, and delivering resource tokens to a mobile application is to use a resource token broker. The following diagram shows a high-level overview of how the sample application uses a resource token broker to manage access to the document database data:

References:
https://docs.microsoft.com/en-us/xamarin/xamarin-forms/data-cloud/cosmosdb/authentication

 

NEW QUESTION 74
You have an Azure Active Directory (Azure AD) tenant that contains the resources shown in the following table.

User2 is the owner of Group2.
The user and group settings for App1 are configured as shown in the following exhibit.

You enable self-service application access for App1 as shown in the following exhibit.

User3 is configured to approve access to Appl.
You need to identify the owners of Group2 and the users of Appl.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-access

 

NEW QUESTION 75
What is the membership of Group1 and Group2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: User1, User2, User3, User4
Contains "ON" is true for Montreal (User1), MONTREAL (User2), London (User 3), and Ontario (User4) as string and regex operations are not case sensitive.
Box 2: Only User3
Match "*on" is only true for London (User3).
Scenario:
Contoso.com contains the users shown in the following table.

Contoso.com contains the security groups shown in the following table.

References:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership

 

NEW QUESTION 76
You create a new Azure subscription.
You need to ensure that you can create custom alert rules in Azure Security Center.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Onboard Azure Active Directory (Azure AD) Identity Protection.
  • B. Create an Azure Storage account.
  • C. Create an Azure Log Analytics workspace.
  • D. Upgrade the pricing tier of Security Center to Standard.
  • E. Implement Azure Advisor recommendations.

Answer: C,D

Explanation:
Explanation
D: You need write permission in the workspace that you select to store your custom alert.
References:
https://docs.microsoft.com/en-us/azure/security-center/security-center-custom-alert

 

NEW QUESTION 77
You have an Azure subscription named Sub1 that contains the virtual machines shown in the following table.

You need to ensure that the virtual machines in RG1 have the Remote Desktop port closed until an authorized user requests access.
What should you configure?

  • A. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
  • B. an application security group
  • C. Azure Active Directory (Azure AD) conditional access
  • D. just in time (JIT) VM access

Answer: D

Explanation:
Explanation
Just-in-time (JIT) virtual machine (VM) access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.
Note: When just-in-time is enabled, Security Center locks down inbound traffic to your Azure VMs by creating an NSG rule. You select the ports on the VM to which inbound traffic will be locked down. These ports are controlled by the just-in-time solution.
When a user requests access to a VM, Security Center checks that the user has Role-Based Access Control (RBAC) permissions that permit them to successfully request access to a VM. If the request is approved, Security Center automatically configures the Network Security Groups (NSGs) and Azure Firewall to allow inbound traffic to the selected ports and requested source IP addresses or ranges, for the amount of time that was specified. After the time has expired, Security Center restores the NSGs to their previous states. Those connections that are already established are not being interrupted, however.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time

 

NEW QUESTION 78
You have an Azure subscription that contains an Azure Sentinel workspace.
Azure Sentinel is configured to ingest logs from several Azure workloads. A third-party service management platform is used to manage incidents.
You need to identify which Azure Sentinel components to configure to meet the following requirements:
When Azure Sentinel identifies a threat, an incident must be created.
A ticket must be logged in the service management platform when an incident is created in Azure Sentinel.
Which component should you identify for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/create-incidents-from-alerts
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook

 

NEW QUESTION 79
You have an Azure subscription that contains a user named Admin1 and resource group named RG1.
In Azure Monitor, you create the alert rules shown in the following table.
Admin1 performs the following actions on RG1:
Adds a virtual network named Lock1.
Which rules will trigger an alert as a result of the actions of Admin1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 80
You need to ensure that web11597200 is protected from malware by using Microsoft Antimalware for Virtual Machines and is scanned every Friday at 01:00.
To complete this task, sign in to the Azure portal.

Answer:

Explanation:
See the explanation below.
Explanation
You need to install and configure the Microsoft Antimalware extension on the virtual machine named web11597200.
* In the Azure portal, type Virtual Machines in the search box, select Virtual Machines from the search results then select web11597200. Alternatively, browse to Virtual Machines in the left navigation pane.
* In the properties of web11597200, click on Extensions.
* Click the Add button to add an Extension.
* Scroll down the list of extensions and select Microsoft Antimalware.
* Click the Create button. This will open the settings pane for the Microsoft Antimalware Extension.
* In the Scan day field, select Friday.
* In the Scan time field, enter 60. The scan time is measured in minutes after midnight so 60 would be
01:00, 120 would be 02:00 etc.
* Click the OK button to save the configuration and install the extension.

 

NEW QUESTION 81
You plan to deploy Azure container instances.
You have a containerized application that validates credit cards. The application is comprised of two containers:
an application container and a validation container.
The application container is monitored by the validation container. The validation container performs security checks by making requests to the application container and waiting for responses after every transaction.
You need to ensure that the application container and the validation container are scheduled to be deployed together. The containers must communicate to each other only on ports that are not externally exposed.
What should you include in the deployment?

  • A. network security groups (NSGs)
  • B. management groups
  • C. application security groups
  • D. container groups

Answer: D

Explanation:
Section: [none]
Explanation:
Azure Container Instances supports the deployment of multiple containers onto a single host using a container group. A container group is useful when building an application sidecar for logging, monitoring, or any other configuration where a service needs a second attached process.
Reference:
https://docs.microsoft.com/en-us/azure/container-instances/container-instances-container-groups

 

NEW QUESTION 82
You have an Azure subscription named Sub1.
You create a virtual network that contains one subnet. On the subnet, you provision the virtual machines shown in the following table.

Currently, you have not provisioned any network security groups (NSGs).
You need to implement network security to meet the following requirements:
Allow traffic to VM4 from VM3 only.
Allow traffic from the Internet to VM1 and VM2 only.
Minimize the number of NSGs and network security rules.
How many NSGs and network security rules should you create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

 

NEW QUESTION 83
You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.
You need to use the automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry.
What should you create?

  • A. a role assignment
  • B. an Azure Active Directory (Azure AD) user
  • C. an Azure Active Directory (Azure AD) group
  • D. a secret in Azure Key Vault

Answer: A

Explanation:
Section: [none]
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal

 

NEW QUESTION 84
You have the Azure Information Protection conditions shown in the following table.

You need to identify how Azure Information Protection will label files.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

References:
https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-classification

 

NEW QUESTION 85
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

You create and enforce an Azure AD Identity Protection sign-in risk policy that has the following settings:
* Assignments: Include Group1, exclude Group2
* Conditions: Sign-in risk level: Medium and above
* Access Allow access, Require multi-factor authentication
You need to identify what occurs when the users sign in to Azure AD.
What should you identify for each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
References:
http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks

 

NEW QUESTION 86
......


Skills measured

  • The content of this exam was updated on August 2, 2021. Please download the exam skills outline below to see what changed.
  • Manage security operations (25-30%)
  • Implement platform protection (15-20%)
  • Manage identity and access (30-35%)
  • Secure data and applications (20-25%)

The candidates for Microsoft AZ-500 will be tested on four different domains. They should understand each component of the topics before attempting the exam. The highlights of these areas are as follows:

  • Managing Security Operations: 25-30%

    Here the test takers are required to develop their knowledge and skills in monitoring security with the use of Azure Monitor. This covers their expertise in creating and customizing alerts, monitoring security logs with Azure Monitor, and configuring diagnostic logging & log retention. The students also need to have competence in monitoring security with the use of Azure Security Center; configuring security policies; monitoring security with the use of Azure Sentinel.

  • Implementing Platform Protection: 15-20%

    This section requires that the examinees develop competence in applying advanced network security, which includes securing connectivity of virtual networks, configuring NSG and ASGs, Web Application Firewall, Azure Front Door Service, firewall on storage accounts, and implementing DDoS protection and Service Endpoints. It also measures their skills in configuring advanced security for computing.

  • Managing Identity & Access: 30-35%

    This subject area will measure one’s skills in managing Azure AD identities, including configuring and managing security for service principals, Azure AD directory groups, Azure AD users, password write-back, and authentication methods. It will also evaluate the competence in configuring secure access through the use of Azure Active Directory, managing application access, and managing access control.

  • Securing Data & Applications: 20-25%

    This topic of the Microsoft AZ-500 exam will measure the ability of the candidates to configure security for storage, which includes configuring access control and key management for storage accounts, configuring Azure AD authentication for Azure Storage and Azure AD Domain Services authentication for different Azure Files. It also evaluates the skills of the learners associated with configuring security for different databases and configuring and managing Key Vault.

 

Microsoft AZ-500 Exam Dumps [2023] Practice Valid Exam Dumps Question: https://www.fast2test.com/AZ-500-premium-file.html

AZ-500 Dumps - Grab Out For [NEW-2023] Microsoft Exam: https://drive.google.com/open?id=1czRcb2Xlxm8W3GJLxh0s8My0dHB1zbcF

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어