[Nov 08, 2024] Valid AZ-500 Test Answers & AZ-500 Exam PDF
Valid Microsoft Azure Security Engineer Associate AZ-500 Dumps Ensure Your Passing
Microsoft AZ-500 Practice Test Questions, Microsoft AZ-500 Exam Practice Test Questions
The Microsoft AZ-500 exam is a requirement for getting the Microsoft Certified: Azure Security Engineer Associate certification. This test checks the candidates’ ability to implement security controls, maintain security and identity, access and protections within the Microsoft Azure platform.
What are the best preparation options for the Microsoft AZ-500 exam?
The candidates can explore two training options for the Microsoft AZ-500 certification exam. There are the free online option and the paid instructor-led training. As the name suggested, the first variant does not require that you pay for your training. It has six learning paths and the links to these modules can be found on the official website. These paths include:
- Implementing Virtual Machine Host Security within Azure
- Securing Cloud Applications in Azure
- Managing Identity & Access within Azure AD
- Implementing Resource Management Security within Azure
Each of the courses has different modules and you can find their details on the Microsoft website. If you don’t have a budget for exam preparation, these learning paths are highly recommended to help you achieve success in your certification test.
The instructor-led training is a paid course designed to help the applicants gain competence in the objectives of the certification exam. It offers the students the skills and knowledge required to implement different security controls, identify and remediate different security vulnerabilities, and maintain the security posture of an organization. The course is intended for those individuals who already hold the position of an Azure Security Engineer or who are executing security tasks in their day-to-day job. This training is also the perfect option for the suit engineers who want to improve their expertise in providing security for Azure-based digital platforms.
Microsoft AZ-500 certification exam consists of 40-60 multiple-choice questions, and the total exam duration is 150 minutes. AZ-500 exam format is computer-based and can be taken online or at a testing center. Candidates who pass the exam will receive the Microsoft Azure Security Engineer Associate certification, which is valid for two years. To maintain the certification, candidates must pass a renewal exam or earn a qualifying certification.
NEW QUESTION # 167
You have a hybrid configuration of Azure Active Directory (Azure AD).
All users have computers that run Windows 10 and are hybrid Azure AD joined.
You have an Azure SQL database that is configured to support Azure AD authentication.
Database developers must connect to the SQL database by using Microsoft SQL Server Management Studio (SSMS) and authenticate by using their on-premises Active Directory account.
You need to tell the developers which authentication method to use to connect to the SQL database from SSMS. The solution must minimize authentication prompts.
Which authentication method should you instruct the developers to use?
- A. Active Directory - Integrated
- B. SQL Login
- C. Active Directory - Password
- D. Active Directory - Universal with MFA support
Answer: A
Explanation:
Azure AD can be the initial Azure AD managed domain. Azure AD can also be an on-premises Active Directory Domain Services that is federated with the Azure AD.
Using an Azure AD identity to connect using SSMS or SSDT
The following procedures show you how to connect to a SQL database with an Azure AD identity using SQL Server Management Studio or SQL Server Database Tools.
Active Directory integrated authentication
Use this method if you are logged in to Windows using your Azure Active Directory credentials from a federated domain.
1. Start Management Studio or Data Tools and in the Connect to Server (or Connect to Database Engine) dialog box, in the Authentication box, select Active Directory - Integrated. No password is needed or can be entered because your existing credentials will be presented for the connection.
2. Select the Options button, and on the Connection Properties page, in the Connect to database box, type the name of the user database you want to connect to. (The AD domain name or tenant ID" option is only supported for Universal with MFA connection options, otherwise it is greyed out.) Reference:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/sql-database/sql-database-aad-authentication-configure.md
NEW QUESTION # 168
You have an Azure subscription that contains the virtual machines shown in the following table.
From Azure Security Center, you turn on Auto Provisioning.
You deploy the virtual machines shown in the following table.
On which virtual machines is the Microsoft Monitoring agent installed?
- A. VM3 only
- B. VM1 and VM3 only
- C. VM1, VM2, VM3, and VM4
- D. VM3 and VM4 only
Answer: C
Explanation:
Explanation
When automatic provisioning is enabled, Security Center provisions the Microsoft Monitoring Agent on all supported Azure VMs and any new ones that are created.
Supported Operating systems include: Ubuntu 14.04 LTS (x86/x64), 16.04 LTS (x86/x64), and 18.04 LTS (x64) and Windows Server 2008 R2, 2012, 2012 R2, 2016, version 1709 and 1803.
References:
https://docs.microsoft.com/en-us/azure/security-center/security-center-faq
NEW QUESTION # 169
You have an Azure subscription named Subscription1 that contains a resource group named RG1 and a user named User1. User1 is assigned the Owner role for RG1.
You create an Azure Blueprints definition named Blueprint1 that includes a resource group named RG2 as shown in the following exhibit.
You assign Blueprint1 to Subscription1 by using the following settings:
Lock assignment: Read Only
Managed Identity: System assigned
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking
NEW QUESTION # 170
You have an Azure subscription that contains the resources shown in the following table.
You create the Azure Storage accounts shown in the following table.
You need to configure auditing for SQL1.
Which storage accounts and Log Analytics workspaces can you use as the audit log destination? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 171
You have an Azure key vault named KeyVault1 that contains the items shown in the following table.
In KeyVault, the following events occur in sequence:
Item1 is deleted
Administrator enables soft delete
Item2 and Policy1 are deleted.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 172
Note: scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create a policy definition and assignments that are scoped to resource groups.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
Reference:
https://4sysops.com/archives/apply-governance-policy-to-multiple-azure-subscriptions-with-management-groups/
NEW QUESTION # 173
On Monday, you configure an email notification in Azure Security Center to notify user [email protected].
On Tuesday, Security Center generates the security alerts shown in the following table.
How many email notifications will [email protected] receive on Tuesday? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details
NEW QUESTION # 174
You have an Azure Container Registry named Registry1.
You add role assignment for Registry1 as shown in the following table.
Which users can upload images to Registry1 and download images from Registry1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/bs-latn-ba/azure/container-registry/container-registry-roles
NEW QUESTION # 175
You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.
You configure an access review named Review1 as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
References:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-start-security-review
NEW QUESTION # 176
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
From Azure AD Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as shown in the following exhibit.
From PIM, you assign the Security Administrator role to the following groups:
Group1: Active assignment type, permanently assigned
Group2: Eligible assignment type, permanently eligible
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
https://docs.microsoft.com/bs-cyrl-ba/azure/active-directory/privileged-identity-management/pim-resource-roles-configure-role-settings
NEW QUESTION # 177
You have Azure Resource Manager templates that you use to deploy Azure virtual machines.
You need to disable unused Windows features automatically as instances of the virtual machines are
provisioned.
What should you use?
- A. Azure Advisor
- B. device compliance policies in Microsoft Intune
- C. application security groups
- D. Azure Logic Apps
- E. Azure Automation State Configuration
Answer: E
Explanation:
You can use Azure Automation State Configuration to manage Azure VMs (both Classic and Resource
Manager), on-premises VMs, Linux machines, AWS VMs, and on-premises physical machines.
Note: Azure Automation State Configuration provides a DSC pull server similar to the Windows Feature DSC-
Service so that target nodes automatically receive configurations, conform to the desired state, and report back
on their compliance. The built-in pull server in Azure Automation eliminates the need to set up and maintain
your own pull server. Azure Automation can target virtual or physical Windows or Linux machines, in the cloud
or on-premises.
References:
https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started
NEW QUESTION # 178
You have an Azure subscription that contains a user named User1 and an Azure Container Registry named ConReg1.
You enable content trust for ContReg1.
You need to ensure that User1 can create trusted images in ContReg1. The solution must use the principle of least privilege.
Which two roles should you assign to User1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. AcrImageSigner
- B. AcrQuarantineWriter
- C. Contributor
- D. AcrPush
- E. AcrQuarantineReader
Answer: A,D
NEW QUESTION # 179
You have an Azure subscription that contains the virtual machines shown in the following table.
You have an Azure Cosmos DB account named cosmos1 configured as shown in the following exhibit.

Answer:
Explanation:
NEW QUESTION # 180
You are troubleshooting a security issue for an Azure Storage account.
You enable the diagnostic logs for the storage account.
What should you use to retrieve the diagnostics logs?
- A. AzCopy
- B. File Explorer in Windows
- C. SQL query editor in Azure
- D. the Security & Compliance admin center
Answer: A
Explanation:
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-analytics-logging?toc=%2fazure%2fstorage%
2fblobs%2ftoc.json
NEW QUESTION # 181
You have an Azure subscription named Sub1 that contains the resources shown in the following table.
You need to ensure that you can provide VM1 with secure access to a database on SQL1 by using a contained database user.
What should you do?
https://www.fast2test.com/AZ-500-practice-test.html 88
Valid Fast2test AZ-500 Exam PDF Dumps - New AZ-500 Real Exam Questions
- A. Create a key in KV1.
- B. Enable a managed identity on VM1.
- C. Configure a service endpoint on SQL1.
- D. Create a secret in KV1.
Answer: D
NEW QUESTION # 182
You have an Azure subscription named Sub1 that contains an Azure Log Analytics workspace named LAW1.
You have 500 Azure virtual machines that run Windows Server 2016 and are enrolled in LAW1.
You plan to add the System Update Assessment solution to LAW1.
You need to ensure that System Update Assessment-related logs are uploaded to LAW1 from 100 of the virtual machines only.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/solution-targeting
NEW QUESTION # 183
......
AZ-500 Dumps Real Exam Questions Test Engine Dumps Training: https://www.fast2test.com/AZ-500-premium-file.html
AZ-500 exam dumps and online Test Engine: https://drive.google.com/open?id=1ZpsDNahaMcotpkVg68BGGxTAfrLRvW6l