Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

AZ-500 Questions and Answers

Question # 6

You have an Azure Active Directory (Azure AD) tenant that contains a user named Admin1. Admin1 is assigned the Application developer role.

You purchase a cloud app named App1 and register App1 in Azure AD.

Admin1 reports that the option to enable token encryption for App1 is unavailable.

You need to ensure that Admin1 can enable token encryption for App1 in the Azure portal.

What should you do?

A.

Upload a certificate for App1.

B.

Modify the API permissions of App1.

C.

Add App1 as an enterprise application.

D.

Assign Admin1 the Cloud application administrator role.

Full Access
Question # 7

You have an Azure subscription that contains the resources shown in the following table.

You need to ensure that ServerAdmins can perform the following tasks:

Create virtual machine to the existing virtual network in RG2 only.

The solution must use the principle of least privilege.

Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

the Contributor role for the subscription

B.

the Network Contributor role for RG2

C.

A custom RBAC role for the subscription

D.

a custom RBAC role for RG2

E.

the Network Contributor role for RG1.

F.

the Virtual Machine Contributor role for RG1.

Full Access
Question # 8

You have an Azure subscription that contains a key vault and an Azure SQL server.

You need to deploy an Azure SQL database that uses Transparent Data Encryption (TDE) and a customer-managed key.

What should you create before you deploy the database?

A.

An app registration

B.

A standard general-purpose v2 storage account

C.

A user-assigned managed identity

D.

A user account that is assigned the SQL Security Manager role

Full Access
Question # 9

You have an Azure subscription named Sub1 that contains the Azure key vaults shown in the following table:

In Sub1, you create a virtual machine that has the following configurations:

    Name: VM1

    Size: DS2v2

    Resource group: RG1

    Region: West Europe

    Operating system: Windows Server 2022

You plan to enable Azure Disk Encryption on VM1.

In which key vaults can you store the encryption key for VM1?

A.

Vault1 or Vault3 only

B.

Vault1, Vault2, Vault3, or Vault4

C.

Vault1 only

D.

Vault1 or Vault2 only

Full Access
Question # 10

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain.

You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.

You plan to deploy Azure AD Connect and to integrate Active Directory and the Azure AD tenant.

You need to recommend an integration solution that meets the following requirements:

Ensures that password policies and user logon restrictions apply to user accounts that are synced to the Tenant Minimizes the number of servers required for the solution.

Which authentication method should you include in the recommendation?

A.

federated identity with Active Directory Federation Services (AD FS)

B.

password hash synchronization with seamless single sign-on (SSO)

C.

pass-through authentication with seamless single sign-on (SSO)

Full Access
Question # 11

You assign User8 the Owner role for RG4, RG5, and RG6.

In which resource groups can User8 create virtual networks and NSGs? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 12

You are evaluating the security of VM1, VM2, and VM3 in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 13

: 2 HOTSPOT

Which virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 14

You need to ensure that User2 can implement PIM.

What should you do first?

A.

Assign User2 the Global administrator role.

B.

Configure authentication methods for contoso.com.

C.

Configure the identity secure score for contoso.com.

D.

Enable multi-factor authentication (MFA) for User2.

Full Access
Question # 15

You plan to configure Azure Disk Encryption for VM4. Which key vault can you use to store the encryption key?

A.

KeyVault1

B.

KeyVault3

C.

KeyVault2

Full Access
Question # 16

You need to delegate the creation of RG2 and the management of permissions for RG1. Which users can perform each task? To answer select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

Full Access
Question # 17

You are evaluating the effect of the application security groups on the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 18

You are evaluating the security of the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 19

You need to meet the technical requirements for VNetwork1.

What should you do first?

A.

Create a new subnet on VNetwork1.

B.

Remove the NSGs from Subnet11 and Subnet13.

C.

Associate an NSG to Subnet12.

D.

Configure DDoS protection for VNetwork1.

Full Access
Question # 20

What is the membership of Group1 and Group2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 21

You need to deploy AKS1 to meet the platform protection requirements.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

Full Access
Question # 22

You need to create Role1 to meet the platform protection requirements.

How should you complete the role definition of Role1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 23

You need to ensure that users can access VM0. The solution must meet the platform protection requirements.

What should you do?

A.

Move VM0 to Subnet1.

B.

On Firewall, configure a network traffic filtering rule.

C.

Assign RT1 to AzureFirewallSubnet.

D.

On Firewall, configure a DNAT rule.

Full Access
Question # 24

You need to ensure that the Azure AD application registration and consent configurations meet the identity and access requirements.

What should you use in the Azure portal? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 25

You need to meet the identity and access requirements for Group1.

What should you do?

A.

Add a membership rule to Group1.

B.

Delete Group1. Create a new group named Group1 that has a membership type of Office 365. Add users and devices to the group.

C.

Modify the membership rule of Group1.

D.

Change the membership type of Group1 to Assigned. Create two groups that have dynamic memberships. Add the new groups to Group1.

Full Access
Question # 26

You need to configure WebApp1 to meet the data and application requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

Upload a public certificate.

B.

Turn on the HTTPS Only protocol setting.

C.

Set the Minimum TLS Version protocol setting to 1.2.

D.

Change the pricing tier of the App Service plan.

E.

Turn on the Incoming client certificates protocol setting.

Full Access
Question # 27

You need to deploy Microsoft Antimalware to meet the platform protection requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 28

You need to ensure that you can meet the security operations requirements.

What should you do first?

A.

Turn on Auto Provisioning in Security Center.

B.

Integrate Security Center and Microsoft Cloud App Security.

C.

Upgrade the pricing tier of Security Center to Standard.

D.

Modify the Security Center workspace configuration.

Full Access
Question # 29

You need to configure support for Azure Sentinel notebooks to meet the technical requirements.

What is the minimum number of Azure container registries and Azure Machine Learning workspaces required?

Full Access
Question # 30

You plan to implement JIT VM access. Which virtual machines will be supported?

A.

VM1 and VM3 only

B.

VM1. VM2. VM3, and VM4

C.

VM2, VM3, and VM4 only

D.

VM1 only

Full Access
Question # 31

You need to perform the planned changes for OU2 and User1.

Which tools should you use? To answer, drag the appropriate tools to the correct resources. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Full Access
Question # 32

From Azure Security Center, you need to deploy SecPol1.

What should you do first?

A.

Enable Azure Defender.

B.

Create an Azure Management group.

C.

Create an initiative.

D.

Configure continuous export.

Full Access
Question # 33

You need to encrypt storage1 to meet the technical requirements. Which key vaults can you use?

A.

KeyVault1 only

B.

KeyVault2 and KeyVault3 only

C.

KeyVault1 and KeyVault3 only

D.

KeyVault1 KeyVault2 and KeyVault3

Full Access
Question # 34

You have 10 virtual machines on a single subnet that has a single network security group (NSG).

You need to log the network traffic to an Azure Storage account.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

Install the Network Performance Monitor solution.

B.

Enable Azure Network Watcher.

C.

Enable diagnostic logging for the NSG.

D.

Enable NSG flow logs.

E.

Create an Azure Log Analytics workspace.

Full Access
Question # 35

You need to meet the technical requirements for the finance department users.

Which CAPolicy1 settings should you modify?

A.

Cloud apps or actions

B.

Conditions

C.

Grant

D.

Session

Full Access
Question # 36

You have an Azure subscription named Sub1.

You have an Azure Active Directory (Azure AD) group named Group1 that contains all the members of your IT team.

You need to ensure that the members of Group1 can stop, start, and restart the Azure virtual machines in Sub1. The solution must use the principle of least privilege.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Full Access
Question # 37

You have an Azure subscription that contains the resources shown in the following Table.

You plan to enable Microsoft Defender for Cloud for the subscription. Which resources can be protected by using Microsoft Defender for Cloud?

A.

VM1, VNET1, and storage1 only

B.

VM1, storage1, and Vault1 only

C.

VM1.VNET1, storage1, and Vault1

D.

VM1 and storage1 only

E.

VM1 and VNET only

Full Access
Question # 38

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

You create a resource group named RG1.

Which users can modify the permissions for RG1 and which users can create virtual networks in RG1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 39

You need to configure SQLDB1 to meet the data and application requirements.

Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Full Access
Question # 40

You have an Azure subscription that contains an Azure Sentinel workspace.

Azure Sentinel is configured to ingest logs from several Azure workloads. A third-party service management platform is used to manage incidents.

You need to identify which Azure Sentinel components to configure to meet the following requirements:

    When Azure Sentinel identifies a threat, an incident must be created.

    A ticket must be logged in the service management platform when an incident is created in Azure Sentinel.

Which component should you identify for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 41

You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as shown in the following table.

You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6.

Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 42

You have an Azure subscription that contains an Azure App Services web app named WebApp1 and an Azure key vault named Vault1. Vault1 has the certificates shown in the following table.

You plan to implement TLS for WebApp1.

You need to add a certificate to WebApp1.

Which certificates from Vault1 can you add to WebApp1?

A.

Cert1 and Cert2 only

B.

Cert1 and Cert3 only

C.

Cert3 and Cert4 only

D.

Cert1, Cert2, Cert3, and Cert4

Full Access
Question # 43

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.

You use several policy definitions to manage the security of the subscriptions.

You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create a policy definition and assignments that are scoped to resource groups.

Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 44

You implement the planned changes for ASG1 and ASG2.

In which NSGs can you use ASG1. and the network interfaces of which virtual machines can you assign to ASG2?

Full Access