March Sale Special - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

AZ-500 PDF

$49

$139.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

AZ-500 PDF + Testing Engine

$66.5

$189.99

3 Months Free Update

  • Exam Name: Microsoft Azure Security Technologies
  • Last Update: Mar 27, 2024
  • Questions and Answers: 402
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

AZ-500 Engine

$56

$159.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

AZ-500 Microsoft Azure Security Technologies Questions and Answers

Question # 6

You need to configure SQLDB1 to meet the data and application requirements.

Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

AZ-500 question answer

Full Access
Question # 7

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.

You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.

Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced.

Solution: You recommend the use of federation with Active Directory Federation Services (AD FS).

Does the solution meet the goal?

A.

Yes

B.

No

Full Access
Question # 8

You have an Azure subscription named Sub1 that contains the resources shown in the following table.

AZ-500 question answer

You need to ensure that you can provide VM1 with secure access to a database on SQL1 by using a contained database user.

What should you do?

A.

Enable a managed service identity on VM1.

B.

Create a secret in KV1.

C.

Configure a service endpoint on SQL1.

D.

Create a key in KV1.

Full Access
Question # 9

Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.

After syncing all on-premises identities to Azure AD, you are informed that users with a givenName attribute starting with LAB should not be allowed to sync to

Azure AD.

Which of the following actions should you take?

A.

You should make use of the Synchronization Rules Editor to create an attribute-based filtering rule.

B.

You should configure a DNAT rule on the Firewall.

C.

B. You should configure a network traffic filtering rule on the Firewall.

D.

You should make use of Active Directory Users and Computers to create an attribute-based filtering rule.

Full Access
Question # 10

Your company has two offices in Seattle and New York. Each office connects to the Internet by using a NAT device. The offices use the IP addresses shown in the following table.

AZ-500 question answer

The company has an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

AZ-500 question answer

The MFA service settings are configured as shown in the exhibit. (Click the Exhibit tab.)

AZ-500 question answer

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

AZ-500 question answer

Full Access
Question # 11

You have an Azure Active Directory (Azure AD) tenant. The tenant contains users that are assigned Azure AD Premium Plan 2 licenses.

You have an partner company that has a domain named The fabrikam.com domain contains a user named user'. User' has an email address of userl@tabrikam.com.

You to provide User1 with to the resources in the tenant The solution must meet the following requirements:

  • user1 must be able to sign in by using the userl@fabrikam.com credentials
  • You must be able to grant User1 access to the resources in the tenant
  • Administrative effort must be minimized.

What should you do?

A.

Create a user account for user1.

B.

Create an invite for User1.

C.

To the tenant add fabrikamcom as a custom domain

D.

Set Enable guest self-service sign up via user flows to Yes for the tenant.

Full Access
Question # 12

You have an Azure subscription.

You plan to create a custom role-based access control (RBAC) role that will provide permission to read the Azure Storage account.

Which property of the RBAC role definition should you configure?

A.

NotActions []

B.

DataActions []

C.

AssignableScopes []

D.

Actions []

Full Access
Question # 13

You company has an Azure Active Directory (Azure AD) tenant named contoso.com.

You plan to create several security alerts by using Azure Monitor.

You need to prepare the Azure subscription for the alerts.

What should you create first?

A.

An Azure Storage account

B.

an Azure Log Analytics workspace

C.

an Azure event hub

D.

an Azure Automation account

Full Access
Question # 14

You have an Azure subscription.

You create an Azure Firewall policy that has the rules shown in the following table:

AZ-500 question answer

In which order should the rules be processed? To answer, move all rules from the list of rules to the answer area and arrange them in the correct order.

AZ-500 question answer

Full Access
Question # 15

You are evaluating the security of the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

AZ-500 question answer

Full Access
Question # 16

You plan to deploy a custom policy initiative for Microsoft Defender for Cloud.

You need to identify all the resource groups that have a Delete lock.

How should you complete the policy definition? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-500 question answer

Full Access
Question # 17

You have an Azure virtual machine named VM1.

From Azure Security Center, you get the following high-severity recommendation: “Install endpoint protection solutions on virtual machine”.

You need to resolve the issue causing the high-severity recommendation.

What should you do?

A.

Add the Microsoft Antimalware extension to VM1.

B.

Install Microsoft System Center Security Management Pack for Endpoint Protection on VM1.

C.

Add the Network Watcher Agent for Windows extension to VM1.

D.

Onboard VM1 to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).

Full Access
Question # 18

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.

You use several policy definitions to manage the security of the subscriptions.

You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create an initiative and an assignment that is scoped to the Tenant Root Group management group.

Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 19

You have Azure Resource Manager templates that you use to deploy Azure virtual machines.

You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.

What should you use?

A.

device compliance policies in Microsoft Intune

B.

Azure Automation State Configuration

C.

application security groups

D.

Azure Advisor

Full Access
Question # 20

You have an Azure subscription that contains a resource group named RG1. RG1 contains a virtual machine named VM1 that uses Azure Active Directory (Azure AD) authentication.

You have two custom Azure roles named Role1 and Role2 that are scoped to RG1.

The permissions for Role1 are shown in the following JSON code.

AZ-500 question answer

The permissions for Role2 are shown in the following JSON code.

AZ-500 question answer

You assign the roles to the users shown in the following table.

AZ-500 question answer

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

AZ-500 question answer

Full Access
Question # 21

You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD)

tenant named contoso.com.

An administrator named Admin1 has access to the following identities:

  • An OpenID-enabled user account
  • A Hotmail account
  • An account in contoso.com
  • An account in an Azure AD tenant named fabrikam.com

You plan to use Azure Account Center to transfer the ownership of Sub1 to Admin1.

To which accounts can you transfer the ownership of Sub1?

A.

contoso.com only

B.

contoso.com, fabrikam.com, and Hotmail only

C.

contoso.com and fabrikam.com only

D.

contoso.com, fabrikam.com, Hotmail, and OpenID-enabled user account

Full Access
Question # 22

You have an Azure subscription that contains the storage accounts shown in the following, table.

AZ-500 question answer

You enable Microsoft Defender for Storage.

Which storage services of storages are monitored by Microsoft Defender for Storage, and which storage accounts are protected by Microsoft Defender for Storage? To answer, select the appropriate options in the answer area.

AZ-500 question answer

Full Access
Question # 23

You have an Azure subscription that contains the virtual machines shown in the following table.

AZ-500 question answer

You create the Azure policies shown in the following table.

AZ-500 question answer

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

AZ-500 question answer

Full Access
Question # 24

You have 15 Azure virtual machines in a resource group named RG1.

All virtual machines run identical applications.

You need to prevent unauthorized applications and malware from running on the virtual machines.

What should you do?

A.

Configure Azure Active Directory (Azure AD) Identity Protection.

B.

From Microsoft Defender for Cloud, configure adaptive application controls.

C.

Apply an Azure policy to RGI.

D.

Apply a resource lock to RGI.

Full Access
Question # 25

You have an Azure subscription that contains 100 virtual machines and has Azure Security Cent,-. Standard tier enabled.

You plan to perform a vulnerability scan of each virtual machine.

You need to deploy the vulnerability scanner extension to the virtual machines by using an Azure Resource Manager template.

Which two values should you specify in the code to automate the deployment of the extension to the virtual machines? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

the user assigned managed identity

B.

the Key Vault managed storage account Key

C.

the Azure Active Directory (Azure AD) ID

D.

the system-assigned managed identity

E.

the primary shared key

F.

the workspace ID

Full Access
Question # 26

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You have a hybrid configuration of Azure Active Directory (AzureAD).

You have an Azure HDInsight cluster on a virtual network.

You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.

You need to configure the environment to support the planned authentication.

Solution: You deploy the On-premises data gateway to the on-premises network.

Does this meet the goal?

A.

Yes

B.

No

Full Access
Question # 27

You have an Azure subscription that contains a user named User1. You need to ensure that User1 can create managed identities. The solution must use the principle of least privilege.

What should you do?

A.

Create a resource group and assign User1 to the Managed Identity Contributor role.

B.

Create a management group and assign User1 the Managed Identity Operator role.

C.

Create an organizational unit (OU) and assign User1 the User administrator Azure AD role.

D.

Create management group and assign User1 the Hybrid Identity Administrator Azure AD role.

Full Access
Question # 28

Your network contains an Active Directory forest named contoso.com. You have an Azure Directory (Azure AD) tenant named contoso.com.

You plan to configure synchronization by using the Express Settings installation option in Azure AD Connect.

You need to identify which roles and groups are required to perform the planned configurations. The solution must use the principle of least privilege.

Which two roles and groups should you identify? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

the Domain Admins group in Active Directory

B.

the Security administrator role in Azure AD

C.

the Global administrator role in Azure AD

D.

the User administrator role in Azure AD

E.

the Enterprise Admins group in Active Directory

Full Access
Question # 29

You are evaluating the security of VM1, VM2, and VM3 in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

AZ-500 question answer

Full Access
Question # 30

You are evaluating the security of the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

AZ-500 question answer

Full Access
Question # 31

What is the membership of Group1 and Group2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-500 question answer

Full Access
Question # 32

You assign User8 the Owner role for RG4, RG5, and RG6.

In which resource groups can User8 create virtual networks and NSGs? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-500 question answer

Full Access
Question # 33

You need to meet the technical requirements for VNetwork1.

What should you do first?

A.

Create a new subnet on VNetwork1.

B.

Remove the NSGs from Subnet11 and Subnet13.

C.

Associate an NSG to Subnet12.

D.

Configure DDoS protection for VNetwork1.

Full Access
Question # 34

You need to ensure that User2 can implement PIM.

What should you do first?

A.

Assign User2 the Global administrator role.

B.

Configure authentication methods for contoso.com.

C.

Configure the identity secure score for contoso.com.

D.

Enable multi-factor authentication (MFA) for User2.

Full Access
Question # 35

You are evaluating the effect of the application security groups on the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

AZ-500 question answer

Full Access
Question # 36

: 2 HOTSPOT

Which virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-500 question answer

Full Access
Question # 37

You need to ensure that you can meet the security operations requirements.

What should you do first?

A.

Turn on Auto Provisioning in Security Center.

B.

Integrate Security Center and Microsoft Cloud App Security.

C.

Upgrade the pricing tier of Security Center to Standard.

D.

Modify the Security Center workspace configuration.

Full Access
Question # 38

You need to create Role1 to meet the platform protection requirements.

How should you complete the role definition of Role1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-500 question answer

Full Access
Question # 39

You need to deploy Microsoft Antimalware to meet the platform protection requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-500 question answer

Full Access
Question # 40

You need to meet the technical requirements for the finance department users.

Which CAPolicy1 settings should you modify?

A.

Cloud apps or actions

B.

Conditions

C.

Grant

D.

Session

Full Access
Question # 41

From Azure Security Center, you need to deploy SecPol1.

What should you do first?

A.

Enable Azure Defender.

B.

Create an Azure Management group.

C.

Create an initiative.

D.

Configure continuous export.

Full Access
Question # 42

You implement the planned changes for ASG1 and ASG2.

In which NSGs can you use ASG1. and the network interfaces of which virtual machines can you assign to ASG2?

AZ-500 question answer

Full Access
Question # 43

You need to perform the planned changes for OU2 and User1.

Which tools should you use? To answer, drag the appropriate tools to the correct resources. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

AZ-500 question answer

Full Access
Question # 44

You plan to configure Azure Disk Encryption for VM4. Which key vault can you use to store the encryption key?

A.

KeyVault1

B.

KeyVault3

C.

KeyVault2

Full Access
Question # 45

You plan to implement JIT VM access. Which virtual machines will be supported?

A.

VM1 and VM3 only

B.

VM1. VM2. VM3, and VM4

C.

VM2, VM3, and VM4 only

D.

VM1 only

Full Access
Question # 46

You need to configure support for Azure Sentinel notebooks to meet the technical requirements.

What is the minimum number of Azure container registries and Azure Machine Learning workspaces required?

AZ-500 question answer

Full Access
Question # 47

You need to delegate the creation of RG2 and the management of permissions for RG1. Which users can perform each task? To answer select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

AZ-500 question answer

Full Access
Question # 48

You need to encrypt storage1 to meet the technical requirements. Which key vaults can you use?

A.

KeyVault1 only

B.

KeyVault2 and KeyVault3 only

C.

KeyVault1 and KeyVault3 only

D.

KeyVault1 KeyVault2 and KeyVault3

Full Access