Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

AZ-500 Questions and Answers

Question # 6

You need to create Role1 to meet the platform protection requirements.

How should you complete the role definition of Role1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 7

You need to ensure that you can meet the security operations requirements.

What should you do first?

A.

Turn on Auto Provisioning in Security Center.

B.

Integrate Security Center and Microsoft Cloud App Security.

C.

Upgrade the pricing tier of Security Center to Standard.

D.

Modify the Security Center workspace configuration.

Full Access
Question # 8

You need to configure WebApp1 to meet the data and application requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

Upload a public certificate.

B.

Turn on the HTTPS Only protocol setting.

C.

Set the Minimum TLS Version protocol setting to 1.2.

D.

Change the pricing tier of the App Service plan.

E.

Turn on the Incoming client certificates protocol setting.

Full Access
Question # 9

You implement the planned changes for ASG1 and ASG2.

In which NSGs can you use ASG1. and the network interfaces of which virtual machines can you assign to ASG2?

Full Access
Question # 10

You need to configure SQLDB1 to meet the data and application requirements.

Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Full Access
Question # 11

From Azure Security Center, you need to deploy SecPol1.

What should you do first?

A.

Enable Azure Defender.

B.

Create an Azure Management group.

C.

Create an initiative.

D.

Configure continuous export.

Full Access
Question # 12

You plan to configure Azure Disk Encryption for VM4. Which key vault can you use to store the encryption key?

A.

KeyVault1

B.

KeyVault3

C.

KeyVault2

Full Access
Question # 13

You need to configure support for Azure Sentinel notebooks to meet the technical requirements.

What is the minimum number of Azure container registries and Azure Machine Learning workspaces required?

Full Access
Question # 14

You need to perform the planned changes for OU2 and User1.

Which tools should you use? To answer, drag the appropriate tools to the correct resources. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Full Access
Question # 15

You need to delegate the creation of RG2 and the management of permissions for RG1. Which users can perform each task? To answer select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

Full Access
Question # 16

You need to encrypt storage1 to meet the technical requirements. Which key vaults can you use?

A.

KeyVault1 only

B.

KeyVault2 and KeyVault3 only

C.

KeyVault1 and KeyVault3 only

D.

KeyVault1 KeyVault2 and KeyVault3

Full Access
Question # 17

You plan to implement JIT VM access. Which virtual machines will be supported?

A.

VM1 and VM3 only

B.

VM1. VM2. VM3, and VM4

C.

VM2, VM3, and VM4 only

D.

VM1 only

Full Access
Question # 18

You need to meet the technical requirements for the finance department users.

Which CAPolicy1 settings should you modify?

A.

Cloud apps or actions

B.

Conditions

C.

Grant

D.

Session

Full Access
Question # 19

What is the membership of Group1 and Group2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 20

You are evaluating the security of the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 21

You are evaluating the security of VM1, VM2, and VM3 in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 22

You need to meet the technical requirements for VNetwork1.

What should you do first?

A.

Create a new subnet on VNetwork1.

B.

Remove the NSGs from Subnet11 and Subnet13.

C.

Associate an NSG to Subnet12.

D.

Configure DDoS protection for VNetwork1.

Full Access
Question # 23

: 2 HOTSPOT

Which virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 24

You are evaluating the effect of the application security groups on the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 25

You assign User8 the Owner role for RG4, RG5, and RG6.

In which resource groups can User8 create virtual networks and NSGs? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 26

You need to ensure that User2 can implement PIM.

What should you do first?

A.

Assign User2 the Global administrator role.

B.

Configure authentication methods for contoso.com.

C.

Configure the identity secure score for contoso.com.

D.

Enable multi-factor authentication (MFA) for User2.

Full Access
Question # 27

You have an Azure subscription named Sub1. Sub1 has an Azure Storage account named Storage1 that contains the resources shown in the following table.

You generate a shared access signature (SAS) to connect to the blob service and the file service.

Which tool can you use to access the contents in Container1 and Share! by using the SAS? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 28

You have an Azure subscription that contains a blob container named cont1. Cont1 has the access policies shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

Full Access
Question # 29

You have an Azure subscription that contains an Azure Sentinel workspace.

Azure Sentinel is configured to ingest logs from several Azure workloads. A third-party service management platform is used to manage incidents.

You need to identify which Azure Sentinel components to configure to meet the following requirements:

    When Azure Sentinel identifies a threat, an incident must be created.

    A ticket must be logged in the service management platform when an incident is created in Azure Sentinel.

Which component should you identify for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 30

You are configuring just in time (JIT) VM access to a set of Azure virtual machines.

You need to grant users PowerShell access to the virtual machine by using JIT VM access.

What should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 31

You have an Azure key vault named Vault1 that stores the resources shown in following table.

Which resources support the creation of a rotation policy?

A.

Key1 Only

B.

Cert1 only

C.

Key1 and Secret1 only

D.

Key1 and Cert1 only

E.

Secret1 and Cert1 only

F.

Key1, Secret1, and Cert1

Full Access
Question # 32

You have an Azure subscription that uses Microsoft Defender for Cloud.

You have an Amazon Web Service (AWS) account named AWS1 that is connected to defender for Cloud.

You need to ensure that AWS foundational Security Best Practices. The solution must minimize administrate effort.

What should do you in Defender for Cloud?

A.

Create a new customer assessment.

B.

Assign a built-in assessment.

C.

Assign a built-in compliance standard.

D.

Create a new custom standard.

Full Access
Question # 33

You have an Azure Storage account named storage1 and an Azure virtual machine named VM1. VM1 has a premium SSD managed disk.

You need to enable Azure Disk Encryption for VM1.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange then in the correct order.

Full Access
Question # 34

You have an Azure subscription that contains an Azure Blob storage account bolb1.

You need to configure attribute-based access control (ABAC) for blob1.

Which attributes can you use in access conditions?

A.

blob index tags only

B.

blob index tags and container names only

C.

file extensions and container names only

D.

blob index tags, file extensions, and container names

Full Access
Question # 35

You have an Azure key vault named KeyVault1 that contains the items shown in the following table.

In KeyVault, the following events occur in sequence:

    Item1 is deleted

    Administrator enables soft delete

    Item2 and Policy1 are deleted.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 36

You have an Azure AD tenant that contains the groups shown in the following table.

You assign licenses to the groups as shown in the following table.

On May1, you delete Group1. Group2, and Group3.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 37

You have an Azure subscription that contains a resource group named RG1 and the identities shown in the following table.

You assign Group4 the Contributor role for RG1.

Which identities can you add to Group4 as members?

A.

User1 only

B.

User1 and Group3 only

C.

User1, Group1, and Group3 only

D.

User1, Group2, and Group3 only

E.

User1, Group1, Group2, and Group3

Full Access
Question # 38

You have an Azure subscription that contains a virtual network. The virtual network contains the subnets shown in the following table.

The subscription contains the virtual machines shown in the following table.

You enable just in time (JIT) VM access for all the virtual machines.

You need to identify which virtual machines are protected by JIT.

Which virtual machines should you identify?

A.

VM4 only

B.

VM1 and VM3 only

C.

VM1, VM3 and VM4 only

D.

VM1, VM2, VM3, and VM4

Full Access
Question # 39

You have an Azure subscription that contains the virtual machines shown in the following table.

You create the Azure policies shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Full Access
Question # 40

You have an Azure subscription linked to an Azure Active Directory Premium Plan 1 tenant.

You plan to implement Azure Active Directory (Azure AD) Identity Protection.

You need to ensure that you can configure a user risk policy and a sign-in risk policy.

What should you do first?

A.

Purchase Azure Active Directory Premium Plan 2 licenses for all users.

B.

Register all users for Azure Multi-Factor Authentication (MFA).

C.

Enable security defaults for Azure AD.

D.

Upgrade Azure Security Center to the standard tier.

Full Access
Question # 41

You plan to use Azure Log Analytics to collect logs from 200 servers that run Windows Server 2016.

You need to automate the deployment of the Microsoft Monitoring Agent to all the servers by using an Azure Resource Manager template.

How should you complete the template? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 42

Your company recently created an Azure subscription.

You have been tasked with making sure that a specified user is able to implement Azure AD Privileged Identity Management (PIM).

Which of the following is the role you should assign to the user?

A.

The Global administrator role.

B.

The Security administrator role.

C.

The Password administrator role.

D.

The Compliance administrator role.

Full Access
Question # 43

You have an Azure subscription named Sub1 that contains an Azure Log Analytics workspace named LAW1.

You have 100 on-premises servers that run Windows Server 2012 R2 and Windows Server 2016. The servers connect to LAW1. LAW1 is configured to collect security-related performance counters from the connected servers.

You need to configure alerts based on the data collected by LAW1. The solution must meet the following requirements:

    Alert rules must support dimensions.

    The time it takes to generate an alert must be minimized.

    Alert notifications must be generated only once when the alert is generated and once when the alert is

    resolved.

Which signal type should you use when you create the alert rules?

A.

Log

B.

Log (Saved Query)

C.

Metric

D.

Activity Log

Full Access
Question # 44

You have an Azure subscription that contains a user named User1. User1 is assigned the Reader role for the subscription.

You plan to create a custom role named Role1 and assign Role1 to User1.

You need to ensure that User1 can create and manage application security groups by using the Azure portal.

Which two permissions should you add to Role1? To answer, select the appropriate permission in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 45

Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.

The company develops an application named App1. App1 is registered in Azure AD.

You need to ensure that App1 can access secrets in Azure Key Vault on behalf of the application users.

What should you configure?

A.

an application permission without admin consent

B.

a delegated permission without admin consent

C.

a delegated permission that requires admin consent

D.

an application permission that requires admin consent

Full Access
Question # 46

Lab Task

use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password. place your cursor in the Enter password box and click on the password below.

Azure Username: Userl -28681041@ExamUsers.com

Azure Password: GpOAe4@lDg

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 28681041

Task 1

You need to configure Azure to allow RDP connections from the Internet to a virtual machine named VM1. The solution must minimize the attack surface of VM1.

Full Access
Question # 47

You have an Azure subscription. That contains the virtual machines shown in the following table.

You need to enable file integrity monitoring in Microsoft Defender for Cloud. Which computers will support file integrity monitoring?

A.

Computed only

B.

Computer 1 and Computer2 only

C.

Computed and Computed only

D.

Computer1, Computer2, and Computer3

Full Access
Question # 48

You have an Azure subscription that contains the key vaults shown in the following table.

The subscription contains the users shown in the following table.

On June 1, you perform the following actions:

• Delete a key named key1 from KeyVault1.

• Delete a secret named secret 1 from KeyVault2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Full Access
Question # 49

You have an Azure SQL database.

You implement Always Encrypted.

You need to ensure that application developers can retrieve and decrypt data in the database.

Nantes’s of information should you provide to the developers? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

a stored access policy

B.

a shared access signature (SAS)

C.

the column encryption key

D.

user credentials

E.

the column master key

Full Access
Question # 50

You have an Azure subscription that is linked to an Azure AD tenant and contains the resources shown in the following table.

Which resources can be assigned the Contributor role for VM1?

A.

Managed1 and App1 only

B.

Group1 and Managed1 only

C.

Group1. Managed1, and VM2only

D.

Group1, Managed1, VM1. and App1 only

Full Access
Question # 51

You have a web app named WebApp1.

You create a web application firewall (WAF) policy named WAF1.

You need to protect WebApp1 by using WAF1.

What should you do first?

A.

Deploy an Azure Front Door.

B.

Add an extension to WebApp1.

C.

Deploy Azure Firewall.

Full Access
Question # 52

You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.

You need to use the automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry.

What should you create?

A.

an Azure AD user

B.

a secret in Azure Key Vault

C.

an Azure AD group

D.

a role assignment

Full Access
Question # 53

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You have a hybrid configuration of Azure Active Directory (AzureAD).

You have an Azure HDInsight cluster on a virtual network.

You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.

You need to configure the environment to support the planned authentication.

Solution: You deploy the On-premises data gateway to the on-premises network.

Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 54

On Monday, you configure an email notification in Azure Security Center to notify user user1@contoso.com.

On Tuesday, Security Center generates the security alerts shown in the following table.

How many email notifications will user1@contoso.com receive on Tuesday? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 55

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You have an Azure subscription named Subscription2 that contains the following resources:

    An Azure Sentinel workspace

    An Azure Event Grid instance

You need to ingest the CEF messages from the NVAs to Azure Sentinel.

What should you configure for each subscription? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Full Access
Question # 56

You have an Azure subscription that contains an Azure SQL database named DB1 in the East US Azure region. You create the storage accounts shown in the following table.

You plan to enable auditing for DB1.

Which storage accounts can you use as the auditing destination for DB1?

A.

storage1 only

B.

storage1 and storage4 only

C.

Storage2 and storage3 only

D.

storage1, storage2 and storage3 only

Full Access
Question # 57

You have an Azure resource group that contains 100 virtual machines.

You have an initiative named Initiative1 that contains multiple policy definitions. Initiative1 is assigned to the resource group.

You need to identify which resources do NOT match the policy definitions.

What should you do?

A.

From Azure Security Center, view the Regulatory compliance assessment.

B.

From the Policy blade of the Azure Active Directory admin center, select Compliance.

C.

From Azure Security Center, view the Secure Score.

D.

From the Policy blade of the Azure Active Directory admin center, select Assignments.

Full Access