Passing Microsoft AZ-500 Exam Using 2024 Practice Tests
AZ-500 Study Guide Brilliant AZ-500 Exam Dumps PDF
Microsoft AZ-500 exam is an important credential for IT professionals seeking to validate their expertise in securing cloud-based systems and data. By passing AZ-500 exam, individuals can demonstrate their proficiency in a range of Azure security technologies and advance their careers in cloud security.
For more info visit:
Microsoft AZ-500 Exam Reference
NEW QUESTION # 185
You have an Azure subscription that contains the resources shown in the following table.
User1 is a member of Group1. Group1 and User2 are assigned the Key Vault Contributor role for Vault1.
On January 1, 2019, you create a secret in Vault1. The secret is configured as shown in the exhibit. (Click the Exhibit tab.)
User2 is assigned an access policy to Vault1. The policy has the following configurations:
Key Management Operations: Get, List, and Restore
Cryptographic Operations: Decrypt and Unwrap Key
Secret Management Operations: Get, List, and Restore
Group1 is assigned an access to Vault1. The policy has the following configurations:
Key Management Operations: Get and Recover
Secret Management Operations: List, Backup, and Recover
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Explanation:
NEW QUESTION # 186
You are evaluating the security of VM1, VM2, and VM3 in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 187
You have an Azure subscription that contains a user named Admin1 and a resource group named RG1.
In Azure Monitor, you create the alert rules shown in the following table.
Admin1 performs the following actions on RG1:
* Adds a virtual network named VNET1
* Adds a Delete lock named Lock1
Which rules will trigger an alert as a result of the actions of Admin1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 188
You have an Azure subscription that contains a storage account named storage1 and several virtual machines. The storage account and virtual machines are in the same Azure region. The network configurations of the virtual machines are shown in the following table.
The virtual network subnets have service endpoints defined as shown in the following table.
You configure the following Firewall and virtual networks settings for storage1:
Allow access from: Selected networks
Virtual networks: VNET3\Subnet3
Firewall - Address range: 52.233.129.0/24
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 189
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com.
The company is developing an application named App1. App1 will run as a service on server that runs Windows Server 2016. App1 will authenticate to contoso.com and access Microsoft Graph to read directory data.
You need to delegate the minimum required permissions to App1.
Which three actions should you perform in sequence from the Azure portal? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
Explanation:
Step 1: Create an app registration
First the application must be created/registered.
Step 2: Add an application permission
Application permissions are used by apps that run without a signed-in user present.
Step 3: Grant permissions
NEW QUESTION # 190
You have the Azure virtual machines shown in the following table.
For which virtual machine can you enable Update Management?
- A. VM1, VM2, and VM3 only
- B. VM1, VM2, and VM4 only
- C. VM2, VM3, and VM4 only
- D. VM1, VM2, VM3, and VM4
- E. VM2 and VM3 only
Answer: B
Explanation:
References:
https://docs.microsoft.com/en-us/azure/automation/automation-update-management?toc=%2Fazure%2Fautomati
NEW QUESTION # 191
You have a hybrid configuration of Azure Active Directory (Azure AD).
All users have computers that run Windows 10 and are hybrid Azure AD joined.
You have an Azure SQL database that is configured to support Azure AD authentication.
Database developers must connect to the SQL database by using Microsoft SQL Server Management Studio (SSMS) and authenticate by using their on-premises Active Directory account.
You need to tell the developers which authentication method to use to connect to the SQL database from SSMS. The solution must minimize authentication prompts.
Which authentication method should you instruct the developers to use?
- A. Active Directory - Password
- B. SQL Login
- C. Active Directory - Universal with MFA support
- D. Active Directory - Integrated
Answer: D
Explanation:
Explanation
Azure AD can be the initial Azure AD managed domain. Azure AD can also be an on-premises Active Directory Domain Services that is federated with the Azure AD.
Using an Azure AD identity to connect using SSMS or SSDT
The following procedures show you how to connect to a SQL database with an Azure AD identity using SQL Server Management Studio or SQL Server Database Tools.
Active Directory integrated authentication
Use this method if you are logged in to Windows using your Azure Active Directory credentials from a federated domain.
1. Start Management Studio or Data Tools and in the Connect to Server (or Connect to Database Engine) dialog box, in the Authentication box, select Active Directory - Integrated. No password is needed or can be entered because your existing credentials will be presented for the connection.
2. Select the Options button, and on the Connection Properties page, in the Connect to database box, type the name of the user database you want to connect to. (The AD domain name or tenant ID" option is only supported for Universal with MFA connection options, otherwise it is greyed out.) References:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/sql-database/sql-database-aad-authentication-c
NEW QUESTION # 192
You have an Azure Active Directory (Azure AD) tenant named Contoso.com and an Azure Service (AKS) cluster AKS1.
You discover that AKS1 cannot be accessed by using accounts from Contoso.com You need to ensure AKS1 can be accessed by using accounts from Contoso.com The solution must minimize administrative effort.
What should you do first?
- A. From Azure AD, configure the User settings
- B. From Azure recreate AKS1,
- C. From Azure AD, implement Azure AD Premium.
- D. From AKS1, upgrade the version of Kubermetes.
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration-cli
NEW QUESTION # 193
You have an Azure subscription that contains a Microsoft Sentinel workspace.
Microsoft Sentinel is configured to ingest logs from several Azure workloads. A third-party service management platform is used to manage incidents.
You need to identify which Microsoft Sentinel components to configure to meet the following requirements:
* When Microsoft Sentinel identifies a threat an incident must be created.
* A ticket must be logged in the service management platform when an incident is created in Microsoft Sentinel.
Which component should you identify for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 194
You have an Azure SQL database named DB1 that contains a table named Table.
You need to configure DB1 to meet the following requirements;
* Sensitive data in Table1 must be identified automatically.
* Only the first character and last character of the sensitive data must be displayed in query results.
Which two features should you configure? To answer, select the features in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 195
You have an Azure subscription that contains 100 virtual machines. Azure Diagnostics is enabled on all the virtual machines.
You are planning the monitoring of Azure services in the subscription.
You need to retrieve the following details:
* Identify the user who deleted a virtual machine three weeks ago.
* Query the security events of a virtual machine that runs Windows Server 2016.
What should you use in Azure Monitor? To answer, drag the appropriate configuration settings to the correct details. Each configuration setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box1: Activity log
Azure activity logs provide insight into the operations that were performed on resources in your subscription.
Activity logs were previously known as "audit logs" or "operational logs," because they report control-plane events for your subscriptions.
Activity logs help you determine the "what, who, and when" for write operations (that is, PUT, POST, or DELETE).
Box 2: Logs
Log Integration collects Azure diagnostics from your Windows virtual machines, Azure activity logs, Azure Security Center alerts, and Azure resource provider logs. This integration provides a unified dashboard for all your assets, whether they're on-premises or in the cloud, so that you can aggregate, correlate, analyze, and alert for security events.
References:
https://docs.microsoft.com/en-us/azure/security/azure-log-audit
NEW QUESTION # 196
Which virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: VNET4 and VNET1 only
RG1 has only Delete lock, while there are no locks on RG4.
RG2 and RG3 both have Read-only locks.
Box 2: VNET4 only
There are no locks on RG4, while the other resource groups have either Delete or Read-only locks.
Note: As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.
* CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource.
* ReadOnly means authorized users can read a resource, but they can't delete or update the resource.
Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
Scenario:
User2 is a Security administrator.
Sub1 contains six resource groups named RG1, RG2, RG3, RG4, RG5, and RG6.
User2 creates the virtual networks shown in the following table.
Sub1 contains the locks shown in the following table.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources
NEW QUESTION # 197
You have an Azure subscription that contains the alerts shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-overview
NEW QUESTION # 198
SIMULATION
You need to ensure that when administrators deploy resources by using an Azure Resource Manager template, the deployment can access secrets in an Azure key vault named KV11597200.
To complete this task, sign in to the Azure portal.
- A. You need to configure an option in the Advanced Access Policy of the key vault.
* In the Azure portal, type Azure Key Vault in the search box, select Azure Key Vault from the search results then select the key vault named KV11597200. Alternatively, browse to Azure Key Vault in the left navigation pane.
* In the properties of the key vault, click on Advanced Access Policies.
* Tick the checkbox labelled Enable access to Azure Resource Manager for template deployment.
* Click Save to save the changes. - B. You need to configure an option in the Advanced Access Policy of the key vault.
* In the Azure portal, type Azure Key Vault in the search box, select Azure Key Vault from the search results then select the key vault named KV11597200.
* In the properties of the key vault, click on Advanced Access Policies.
* Tick the checkbox labelled Enable access to Azure Resource Manager for template deployment.
* Click Save to save the changes.
Answer: A
NEW QUESTION # 199
You work at a company named Contoso, Ltd. that has the offices shown in the following table.
Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com. All contoso.com users have Azure Multi-Factor Authentication (MFA) enabled. The tenant contains the users shown in the following table.
The multi-factor settings for contoso.com are configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION # 200
You have the Azure Information Protection conditions shown in the following table.
You need to identify how Azure Information Protection will label files.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: Label 2 only
How multiple conditions are evaluated when they apply to more than one label
* The labels are ordered for evaluation, according to their position that you specify in the policy: The label positioned first has the lowest position (least sensitive) and the label positioned last has the highest position (most sensitive).
* The most sensitive label is applied.
* The last sublabel is applied.
Box 2: No Label
Automatic classification applies to Word, Excel, and PowerPoint when documents are saved, and apply to Outlook when emails are sent. Automatic classification does not apply to Microsoft Notepad.
References:
https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-classification
NEW QUESTION # 201
You are evaluating the security of VM1, VM2, and VM3 in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION # 202
You have an Azure subscription named Sub1 that contains the Azure key vaults shown in the following table.
In Sub1, you create a virtual machine that has the following configurations:
* Name:VM1
* Size: DS2v2
* Resource group: RG1
* Region: West Europe
* Operating system: Windows Server 2016
You plan to enable Azure Disk Encryption on VM1.
In which key vaults can you store the encryption key for VM1?
- A. Vault1, Vault2, Vault3, or Vault4
- B. Vault1 or Vault3 only
- C. Vault1 only
- D. Vault1 or Vault2 only
Answer: B
Explanation:
"Your key vault and VMs must be in the same subscription. Also, to ensure that encryption secrets don't cross regional boundaries, Azure Disk Encryption requires the Key Vault and the VMs to be co-located in the same region." https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault
NEW QUESTION # 203
You have an Azure subscription.
You create an Azure web app named Contoso1812 that uses an S1 App service plan.
You create a DNS record for www.contoso.com that points to the IP address of Contoso1812.
You need to ensure that users can access Contoso1812 by using the https://www.contoso.com URL.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Add a deployment slot to Contoso1812.
- B. Scale out the App Service plan of Contoso1812.
- C. Upload a PFX file to Contoso1812
- D. Add a hostname to Contoso1812.
- E. Scale up the App Service plan of Contoso1812.
- F. Turn on the system-assigned managed identity for Contoso1812.
Answer: C,D
Explanation:
B: You can configure Azure DNS to host a custom domain for your web apps. For example, you can create an Azure web app and have your users access it using either www.contoso.com or contoso.com as a fully qualified domain name (FQDN). To do this, you have to create three records:
A root "A" record pointing to contoso.com
A root "TXT" record for verification
A "CNAME" record for the www name that points to the A record
F: To use HTTPS, you need to upload a PFX file to the Azure Web App. The PFX file will contain the SSL certificate required for HTTPS.
References: https://docs.microsoft.com/en-us/azure/dns/dns-web-sites-custom- Domain
NEW QUESTION # 204
......
Microsoft AZ-500: Microsoft Azure Security Technologies is a certification exam that is designed for the professionals who are willing to enhance their skills in Microsoft Azure Security. AZ-500 exam is intended to validate the candidate's expertise in implementing security controls, maintaining the security posture, and securing data, applications, and networks in Microsoft Azure. AZ-500 exam is an excellent opportunity for individuals who want to become a certified Microsoft Azure Security Engineer.
Free AZ-500 Test Questions Real Practice Test Questions: https://www.examcollectionpass.com/Microsoft/AZ-500-practice-exam-dumps.html
View AZ-500 Exam Question Dumps With Latest Demo: https://drive.google.com/open?id=1vmDtDZpJ84F9hVQNp3mcb2ghmu-JLDdL