Black Friday Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

AZ-500 Questions and Answers

Question # 6

You need to meet the identity and access requirements for Group1.

What should you do?

A.

Add a membership rule to Group1.

B.

Delete Group1. Create a new group named Group1 that has a membership type of Office 365. Add users and devices to the group.

C.

Modify the membership rule of Group1.

D.

Change the membership type of Group1 to Assigned. Create two groups that have dynamic memberships. Add the new groups to Group1.

Full Access
Question # 7

You need to create Role1 to meet the platform protection requirements.

How should you complete the role definition of Role1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 8

You need to configure SQLDB1 to meet the data and application requirements.

Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Full Access
Question # 9

You need to deploy Microsoft Antimalware to meet the platform protection requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 10

You plan to implement JIT VM access. Which virtual machines will be supported?

A.

VM1 and VM3 only

B.

VM1. VM2. VM3, and VM4

C.

VM2, VM3, and VM4 only

D.

VM1 only

Full Access
Question # 11

You need to meet the technical requirements for the finance department users.

Which CAPolicy1 settings should you modify?

A.

Cloud apps or actions

B.

Conditions

C.

Grant

D.

Session

Full Access
Question # 12

You need to perform the planned changes for OU2 and User1.

Which tools should you use? To answer, drag the appropriate tools to the correct resources. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Full Access
Question # 13

You need to configure support for Azure Sentinel notebooks to meet the technical requirements.

What is the minimum number of Azure container registries and Azure Machine Learning workspaces required?

Full Access
Question # 14

You need to encrypt storage1 to meet the technical requirements. Which key vaults can you use?

A.

KeyVault1 only

B.

KeyVault2 and KeyVault3 only

C.

KeyVault1 and KeyVault3 only

D.

KeyVault1 KeyVault2 and KeyVault3

Full Access
Question # 15

From Azure Security Center, you need to deploy SecPol1.

What should you do first?

A.

Enable Azure Defender.

B.

Create an Azure Management group.

C.

Create an initiative.

D.

Configure continuous export.

Full Access
Question # 16

You implement the planned changes for ASG1 and ASG2.

In which NSGs can you use ASG1. and the network interfaces of which virtual machines can you assign to ASG2?

Full Access
Question # 17

You need to delegate the creation of RG2 and the management of permissions for RG1. Which users can perform each task? To answer select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

Full Access
Question # 18

You need to configure WebApp1 to meet the data and application requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

Upload a public certificate.

B.

Turn on the HTTPS Only protocol setting.

C.

Set the Minimum TLS Version protocol setting to 1.2.

D.

Change the pricing tier of the App Service plan.

E.

Turn on the Incoming client certificates protocol setting.

Full Access
Question # 19

You have an Azure Container Registry named Registry1.

You add role assignment for Registry1 as shown in the following table.

Which users can upload images to Registry1 and download images from Registry1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 20

You have an Azure subscription that contains the virtual machines shown in the following table.

VNET1, VNET2, and VNET3 are peered with each other. You perform the following actions:

* Create two application security groups named ASG1 and ASG2 in the West US region.

* Add the network interface of VM1 to ASG1.

Full Access
Question # 21

You are troubleshooting a security issue for an Azure Storage account You enable Azure Storage Analytics logs and archive It to a storage account. What should you use to retrieve the diagnostics logs?

A.

Azure Storage Explorer

B.

SQL query editor in Azure

C.

Azure Monitor

D.

Azure Cosmos DB explorer

Full Access
Question # 22

On Monday, you configure an email notification in Azure Security Center to notify user user1@contoso.com.

On Tuesday, Security Center generates the security alerts shown in the following table.

How many email notifications will user1@contoso.com receive on Tuesday? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 23

You have an Azure subscription that contains an Azure SQL database named sql1.

You plan to audit sql1.

You need to configure the audit log destination. The solution must meet the following requirements:

  • Support querying events by using the Kusto query language.
  • Minimize administrative effort.

What should you configure?

A.

an event hub

B.

a storage account

C.

a Log Analytics workspace

Full Access
Question # 24

You have an Azure subscription that contains an Azure key vault. The role assignments for the key vault are shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Full Access
Question # 25

You have an Azure subscription that contains a resource group named RG1 and the identities shown in the following table.

You assign Group4 the Contributor role for RG1.

Which identities can you add to Group4 as members?

A.

User1 only

B.

User1 and Group3 only

C.

User1, Group1, and Group3 only

D.

User1, Group2, and Group3 only

E.

User1, Group1, Group2, and Group3

Full Access
Question # 26

You have an Azure SQL database.

You implement Always Encrypted.

You need to ensure that application developers can retrieve and decrypt data in the database.

Nantes’s of information should you provide to the developers? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

a stored access policy

B.

a shared access signature (SAS)

C.

the column encryption key

D.

user credentials

E.

the column master key

Full Access
Question # 27

You have an Azure subscription that contains the resources shown in the following table.

SQL1 has the following configurations:

• Auditing: Enabled

• Audit log destination: storage1, Workspace1

DB1 has the following configurations:

• Auditing: Enabled

• Audit log destination: storage2

DB2 has auditing disabled.

Where are the audit logs for DB1 and DB2 stored? To answer, select the appropriate options in the answer area

NOTE: Each correct selection is worth one point.

Full Access
Question # 28

Your company has two offices in Seattle and New York. Each office connects to the Internet by using a NAT device. The offices use the IP addresses shown in the following table.

The company has an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

The MFA service settings are configured as shown in the exhibit. (Click the Exhibit tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 29

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

Azure AD Privileged Identity Management (PIM) is enabled for the tenant.

In PIM, the Password Administrator role has the following settings:

  • Maximum activation duration (hours): 2
  • Send email notifying admins of activation: Disable
  • Require incident/request ticket number during activation: Disable
  • Require Azure Multi-Factor Authentication for activation: Enable
  • Require approval to activate this role: Enable
  • Selected approver: Group1

You assign users the Password Administrator role as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 30

You have an Azure subscription that contains an app named App1. App1 has the app registration shown in the following table.

You need to ensure that App1 can read all user calendars and create appointments. The solution must use the principle of least privilege.

What should you do?

A.

Add a new Delegated API permission for Microsoft.Graph Calendars.ReadWrite.

B.

Add a new Application API permission for Microsoft.Graph Calendars.ReadWrite.

C.

Select Grant admin consent.

D.

Add a new Delegated API permission for Microsoft.Graph Calendars.ReadWrite.Shared.

Full Access
Question # 31

You have the Azure Information Protection conditions shown in the following table.

You need to identify how Azure Information Protection will label files.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 32

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You have a hybrid configuration of Azure Active Directory (AzureAD).

You have an Azure HDInsight cluster on a virtual network.

You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.

You need to configure the environment to support the planned authentication.

Solution: You deploy the On-premises data gateway to the on-premises network.

Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 33

You have an Azure subscription that contains the resources shown in the following table.

Transparent Data Encryption (TDE) is disabled on SQL1.

You assign polices to the resource groups as shown in the following table.

You plan to deploy Azure SQL databases by using an Azure Resource Manager (ARM) template. The databases will be configured as shown in the following table.

NOTE: Each correct selection is worth one point.

Full Access
Question # 34

You have an Azure Storage account that contains a blob container named container1 and a client application named App1.

You need to enable App1 access to container1 by using Azure Active Directory (Azure AD) authentication.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 35

You have an Azure subscription that contains the virtual machines shown in the following table.

From Azure Security Center, you turn on Auto Provisioning.

You deploy the virtual machines shown in the following table.

On which virtual machines is the Log Analytics agent installed?

A.

VM3 only

B.

VM1 and VM3 only

C.

VM3 and VM4 only

D.

VM1, VM2, VM3, and VM4

Full Access
Question # 36

You have an Azure subscription that contains the following Azure firewall:

• Name: Fw1

• Azure region: UK West

• Private IP address: 10.1.3.4

• Public IP address: 23.236.62.147

The subscription contains. The virtual networks shown in the following table.

The subscription contains the subnets shown in the following table.

The subscription contains the routes shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Full Access
Question # 37

You have an Azure web app named webapp1.

You need to configure continuous deployment for webapp1 by using an Azure Repo.

What should you create first?

A.

an Azure Application Insights service

B.

an Azure DevOps organizations

C.

an Azure Storage account

D.

an Azure DevTest Labs lab

Full Access
Question # 38

You work at a company named Contoso, Ltd. that has the offices shown in the following table.

Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com. All contoso.com users have Azure Multi-Factor Authentication (MFA) enabled. The tenant contains the users shown in the following table.

The multi-factor settings for contoso.com are configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 39

You are evaluating the security of the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 40

You are evaluating the security of the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 41

You have an Azure subscription.

You need to deploy an Azure virtual WAN to meet the following requirements:

• Create three secured virtual hubs located in the East US, West US, and North Europe Azure regions.

• Ensure that security rules sync between the regions.

What should you use?

A.

Azure Firewall Manager

B.

Azure Virtual Network Manager

C.

Azure Network Function Manager

D.

Azure Front Door

Full Access
Question # 42

You assign User8 the Owner role for RG4, RG5, and RG6.

In which resource groups can User8 create virtual networks and NSGs? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 43

You need to meet the technical requirements for VNetwork1.

What should you do first?

A.

Create a new subnet on VNetwork1.

B.

Remove the NSGs from Subnet11 and Subnet13.

C.

Associate an NSG to Subnet12.

D.

Configure DDoS protection for VNetwork1.

Full Access
Question # 44

You need to ensure that User2 can implement PIM.

What should you do first?

A.

Assign User2 the Global administrator role.

B.

Configure authentication methods for contoso.com.

C.

Configure the identity secure score for contoso.com.

D.

Enable multi-factor authentication (MFA) for User2.

Full Access
Question # 45

You are evaluating the security of VM1, VM2, and VM3 in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 46

What is the membership of Group1 and Group2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 47

: 2 HOTSPOT

Which virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 48

You are evaluating the effect of the application security groups on the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access