Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free and Premium Microsoft AZ-500 Dumps Questions Answers

Page: 1 / 12
Total 425 questions

Microsoft Azure Security Technologies Questions and Answers

Question 1

You need to configure WebApp1 to meet the data and application requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Upload a public certificate.

B.

Turn on the HTTPS Only protocol setting.

C.

Set the Minimum TLS Version protocol setting to 1.2.

D.

Change the pricing tier of the App Service plan.

E.

Turn on the Incoming client certificates protocol setting.

Buy Now
Question 2

You need to deploy Microsoft Antimalware to meet the platform protection requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 3

You need to deploy AKS1 to meet the platform protection requirements.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

Options:

Question 4

You need to ensure that users can access VM0. The solution must meet the platform protection requirements.

What should you do?

Options:

A.

Move VM0 to Subnet1.

B.

On Firewall, configure a network traffic filtering rule.

C.

Assign RT1 to AzureFirewallSubnet.

D.

On Firewall, configure a DNAT rule.

Question 5

You need to create Role1 to meet the platform protection requirements.

How should you complete the role definition of Role1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 6

You need to configure SQLDB1 to meet the data and application requirements.

Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Options:

Question 7

You need to ensure that the Azure AD application registration and consent configurations meet the identity and access requirements.

What should you use in the Azure portal? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 8

You need to ensure that you can meet the security operations requirements.

What should you do first?

Options:

A.

Turn on Auto Provisioning in Security Center.

B.

Integrate Security Center and Microsoft Cloud App Security.

C.

Upgrade the pricing tier of Security Center to Standard.

D.

Modify the Security Center workspace configuration.

Question 9

You need to meet the identity and access requirements for Group1.

What should you do?

Options:

A.

Add a membership rule to Group1.

B.

Delete Group1. Create a new group named Group1 that has a membership type of Office 365. Add users and devices to the group.

C.

Modify the membership rule of Group1.

D.

Change the membership type of Group1 to Assigned. Create two groups that have dynamic memberships. Add the new groups to Group1.

Question 10

You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.

You plan to implement an application that will consist of the resources shown in the following table.

Users will authenticate by using their Azure AD user account and access the Cosmos DB account by using resource tokens.

You need to identify which tasks will be implemented in CosmosDB1 and WebApp1.

Which task should you identify for each resource? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 11

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You have an Azure subscription named Subscription2 that contains the following resources:

    An Azure Sentinel workspace

    An Azure Event Grid instance

You need to ingest the CEF messages from the NVAs to Azure Sentinel.

What should you configure for each subscription? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 12

Your on-premises network contains the servers shown in the following table.

You have an Azure subscription That contains multiple virtual machines that run either Windows Server 2019 Of SLES.

Options:

Question 13

You have an Azure subscription named Sub1. Sub1 contains a virtual network named VNet1 that contains one subnet named Subnet1.

Subnet1 contains an Azure virtual machine named VM1 that runs Ubuntu Server 20.04.

You create a service endpoint for Microsoft. Storage in Subnet1.

You need to ensure that when you deploy Docker containers to VM1, the containers can access Azure Storage resources by using the service endpoint.

What should you do on VM1 before you deploy the container?

Options:

A.

Create an application security group and a network security group (NSG).

B.

Install the container network interface (CNI) plug-in.

C.

Edit the docker-compose.ym1 file.

Question 14

You have an Azure subscription that contains an Azure key vault named Vault1.

In Vault1, you create a secret named Secret1.

An application developer registers an application in Azure Active Directory (Azure AD).

You need to ensure that the application can use Secret1.

What should you do?

Options:

A.

In Azure AD, create a role.

B.

In Azure Key Vault, create a key.

C.

In Azure Key Vault, create an access policy.

D.

In Azure AD, enable Azure AD Application Proxy.

Question 15

You have an Azure subscription that contains a storage account and an Azure web app named App1.

App1 connects to an Azure Cosmos DB database named Cosmos1 that uses a private endpoint named Endpoint1. Endpoint1 has the default settings.

You need to validate the name resolution to Cosmos1.

Which DNS zone should you use?

Options:

A.

Endpoint1. Privatelink,blob,core,windows,net

B.

Endpoint1. Privatelink,database,azure,com

C.

Endpoint1. Privatelink,azurewebsites,net

D.

Endpoint1. Privatelink,documents,azure,com

Question 16

You have an Azure subscription that contains a storage account named storage1 and a virtual machine named VM1.

VM1 is connected to a virtual network named VNet1 that contains one subnet and uses Azure DNS.

You need to ensure that VM1 connects to storage1 by using a private IP address. The solution must minimize administrative effort.

What should you do?

Options:

A.

For storage1, disable public network access.

B.

Create an Azure Private DNS zone.

C.

On VNet1. create a new subnet.

D.

For storage1, create a new private endpoint.

Question 17

You have an Azure subscription named Subscription1 that contains a resource group named RG1 and the users shown in the following table.

You perform the following tasks:

    Assign User1 the Network Contributor role for Subscription1.

    Assign User2 the Contributor role for RG1.

To Subscription1 and RG1, you assign the following policy definition: External accounts with write permissions should be removed from your subscription.

What is the Compliance State of the policy assignments?

Options:

A.

The Compliance State of both policy assignments is Non-compliant.

B.

The Compliance State of the policy assignment to Subscription1 is Compliant, and the Compliance State of the policy assignment to RG1 is Non-compliant.

C.

The Compliance State of the policy assignment to Subscription1 is Non-compliant, and the Compliance State of the policy assignment to RG1 is Compliant.

D.

The Compliance State of both policy assignments is Compliant.

Question 18

You have a Microsoft Sentinel deployment.

You need to connect a third-party security solution to the deployment. The third-party solution will send Common Event Format (CER-formatted messages.

What should you include in the solution? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 19

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You have a hybrid configuration of Azure Active Directory (AzureAD).

You have an Azure HDInsight cluster on a virtual network.

You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.

You need to configure the environment to support the planned authentication.

Solution: You create a site-to-site VPN between the virtual network and the on-premises network.

Does this meet the goal?

Options:

A.

Yes

B.

No

Question 20

You have an Azure Active directory tenant that syncs with an Active Directory Domain Services (AD DS) domain.

You plan to create an Azure file share that will contain folders and files.

Which identity store can you use to assign permissions to the Azure file share and folders within the share? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 21

You have an Azure AD turned that contains a user named User1.

You purchase an App named App1.

User1 needs to publish App1 by using Azure AD Application Proxy.

Which role should you assign to User1?

Options:

A.

Hybrid identity Administrator

B.

Cloud App Security Administrator

C.

Application Administrator

D.

Cloud Application Administrate

Question 22

You have an Azure subscription named Sub1 that contains the resources shown in the following table.

You need to ensure that you can provide VM1 with secure access to a database on SQL1 by using a contained database user.

What should you do?

Options:

A.

Enable a managed service identity on VM1.

B.

Create a secret in KV1.

C.

Configure a service endpoint on SQL1.

D.

Create a key in KV1.

Question 23

You have an Azure subscription that has a managed identity named identity and is linked to an Azure Active Directory (Azure AD) tenant. The tenant contains the resources shown in the following table.

Which resources can be added to AUI and AU2? To answer, select the appropriate options in the answer area.

Which resources can be added to AU1 and AU2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 24

You have an Azure key vault named KeyVault1 that contains the items shown in the following table.

In KeyVault1 the following events occur in sequence:

• item is deleted.

• ltem2 and Policy1 are deleted.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

ui

Options:

Question 25

You have an Azure subscription that contains the subnets shown in the following table.

The subscription contains Azure web app named WebApp1 that has the following configurations.

* Region West Us

* Virtual network VNet1

* VNet integration on: Enabled

* Outbound subnet: Subnet11

* Windows plan (West US): ASP1

You plan to deploy an Azure web app named WebApp2 that will have the following settings:

* Region: West US

* VNet integration on-Enabled

* Windows plan (West UAS): WebApp2?

To which subnets can you integrate WebApp2?

Options:

A.

Subnet11 only

B.

Subnet2 only

C.

Subnet11 or subnet12 only

D.

Subnet2 or Subnet21 only

E.

Subnet11, subnet2, or Subnet21

Question 26

You have an Azure Sentinel workspace that contains an Azure Active Directory (Azure AD) connector, an Azure Log Analytics query named Query1 and a playbook named Playbook1.

Query1 returns a subset of security events generated by Azure AD.

You plan to create an Azure Sentinel analytic rule based on Query1 that will trigger Playbook1.

You need to ensure that you can add Playbook1 to the new rule.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 27

You have a web app hosted on an on-premises server that is accessed by using a URL of You plan to migrate the web app to Azure. You will continue to use You need to enable HTTPS for the Azure web app. What should you do first?

Options:

A.

Export the public key from the on-premises server and save the key as a P7b file.

B.

Export the private key from the on-premises server and save the key as a PFX file that is encrypted by using TripleDES.

C.

Export the public key from the on-premises server and save the key as a CER file.

D.

Export the private key from the on-premises server and save the key as a PFX file that is encrypted by using AES256.

Question 28

Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.

The company develops an application named App1. App1 is registered in Azure AD.

You need to ensure that App1 can access secrets in Azure Key Vault on behalf of the application users.

What should you configure?

Options:

A.

an application permission without admin consent

B.

a delegated permission without admin consent

C.

a delegated permission that requires admin consent

D.

an application permission that requires admin consent

Question 29

You have an Azure subscription that contains an Azure Data Lake Storage account named sa1.

You plan to deploy an app named App1 that will access sa1 and perform operations, including Read. List, Create Directory, and Delete Directory.

You need to ensure that App1 can connect securely to sa1 by using a private endpoint

What is the minimum number of private endpoints required for sa1?

Options:

A.

1

B.

2

C.

3

D.

4

E.

5

Question 30

You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.

You are assigned the Global administrator role for the tenant. You are responsible for managing Azure Security Center settings.

You need to create a custom sensitivity label.

What should you do first?

Options:

A.

Create a custom sensitive information type.

B.

Elevate access for global administrators in Azure AD.

C.

Upgrade the pricing tier of the Security Center to Standard.

D.

Enable integration with Microsoft Cloud App Security.

Question 31

You have an Azure Storage account named storage1 and an Azure virtual machine named VM1. VM1 has a premium SSD managed disk.

You need to enable Azure Disk Encryption for VM1.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange then in the correct order.

Options:

Question 32

You have an Azure subscription that contains the resources shown in the following table.

SQL1 has the following configurations:

• Auditing: Enabled

• Audit log destination: storage1, Workspace1

DB1 has the following configurations:

• Auditing: Enabled

• Audit log destination: storage2

DB2 has auditing disabled.

Where are the audit logs for DB1 and DB2 stored? To answer, select the appropriate options in the answer area

NOTE: Each correct selection is worth one point.

Options:

Question 33

You are evaluating the security of the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Question 34

You are evaluating the security of VM1, VM2, and VM3 in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Question 35

You need to ensure that User2 can implement PIM.

What should you do first?

Options:

A.

Assign User2 the Global administrator role.

B.

Configure authentication methods for contoso.com.

C.

Configure the identity secure score for contoso.com.

D.

Enable multi-factor authentication (MFA) for User2.

Question 36

: 2 HOTSPOT

Which virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 37

You are evaluating the effect of the application security groups on the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Question 38

You need to meet the technical requirements for VNetwork1.

What should you do first?

Options:

A.

Create a new subnet on VNetwork1.

B.

Remove the NSGs from Subnet11 and Subnet13.

C.

Associate an NSG to Subnet12.

D.

Configure DDoS protection for VNetwork1.

Question 39

You assign User8 the Owner role for RG4, RG5, and RG6.

In which resource groups can User8 create virtual networks and NSGs? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 40

What is the membership of Group1 and Group2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 41

You implement the planned changes for ASG1 and ASG2.

In which NSGs can you use ASG1. and the network interfaces of which virtual machines can you assign to ASG2?

Options:

Question 42

You need to perform the planned changes for OU2 and User1.

Which tools should you use? To answer, drag the appropriate tools to the correct resources. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Options:

Question 43

You need to delegate the creation of RG2 and the management of permissions for RG1. Which users can perform each task? To answer select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

Options:

Question 44

You need to configure support for Azure Sentinel notebooks to meet the technical requirements.

What is the minimum number of Azure container registries and Azure Machine Learning workspaces required?

Options:

Question 45

You need to meet the technical requirements for the finance department users.

Which CAPolicy1 settings should you modify?

Options:

A.

Cloud apps or actions

B.

Conditions

C.

Grant

D.

Session

Question 46

You need to encrypt storage1 to meet the technical requirements. Which key vaults can you use?

Options:

A.

KeyVault1 only

B.

KeyVault2 and KeyVault3 only

C.

KeyVault1 and KeyVault3 only

D.

KeyVault1 KeyVault2 and KeyVault3

Question 47

You plan to configure Azure Disk Encryption for VM4. Which key vault can you use to store the encryption key?

Options:

A.

KeyVault1

B.

KeyVault3

C.

KeyVault2

Question 48

You plan to implement JIT VM access. Which virtual machines will be supported?

Options:

A.

VM1 and VM3 only

B.

VM1. VM2. VM3, and VM4

C.

VM2, VM3, and VM4 only

D.

VM1 only

Question 49

From Azure Security Center, you need to deploy SecPol1.

What should you do first?

Options:

A.

Enable Azure Defender.

B.

Create an Azure Management group.

C.

Create an initiative.

D.

Configure continuous export.

Page: 1 / 12
Total 425 questions