The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.
Table of Contents
- AZ-500 Question 71
- Question
- Answer
- Reference
- AZ-500 Question 72
- Question
- Answer
- AZ-500 Question 73
- Question
- Answer
- AZ-500 Question 74
- Question
- Answer
- Reference
- AZ-500 Question 75
- Question
- Answer
- Reference
- AZ-500 Question 76
- Question
- Answer
- Reference
- AZ-500 Question 77
- Question
- Answer
- Reference
- AZ-500 Question 78
- Question
- Answer
- Reference
- AZ-500 Question 79
- Question
- Answer
- AZ-500 Question 80
- Question
- Answer
- Reference
AZ-500 Question 71
Question
You have an Azure subscription that contains a user named User1 and an Azure Container Registry named ContReg1.
You enable content trust for ContReg1.
You need to ensure that User1 can create trusted images in ContReg1. The solution must use the principle of least privilege.
Which two roles should you assign to User1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. AcrQuarantineReader
B. Contributor
C. AcrPush
D. AcrImageSigner
E. AcrQuarantineWriter
Answer
C. AcrPush
D. AcrImageSigner
Reference
- Azure > Container Registry > Content trust in Azure Container Registry
- Azure > Container Registry > Azure Container Registry roles and permissions
AZ-500 Question 72
Question
DRAG DROP –
You have an Azure subscription that contains the following resources:
- A virtual network named VNET1 that contains two subnets named Subnet1 and Subnet2.
- A virtual machine named VM1 that has only a private IP address and connects to Subnet1.
You need to ensure that Remote Desktop connections can be established to VM1 from the internet.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange then in the correct order.
Select and Place:
- Configure a network security group (NSG).
- Create a network rule collection.
- Create a NAT rule collection.
- Create a new subnet.
- Deploy Azure Application Gateway.
- Deploy Azure Firewall.
Answer
- Create a new subnet.
- Deploy Azure Firewall.
- Create a NAT rule collection.
AZ-500 Question 73
Question
DRAG DROP –
You have an Azure subscription named Sub1.
You have an Azure Active Directory (Azure AD) group named Group1 that contains all the members of your IT team.
You need to ensure that the members of Group1 can stop, start, and restart the Azure virtual machines in Sub1. The solution must use the principle of least privilege.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
- Create a JSON file.
- Run the Update-AzManagementGroup cmdlet.
- Create an XML file.
- Run the New-AzRoleDefinition cmdlet.
- Run the New-AzRoleAssignment cmdlet.
Answer
- Create a JSON file.
- Run the New-AzRoleDefinition cmdlet.
- Run the New-AzRoleAssignment cmdlet.
AZ-500 Question 74
Question
You have the Azure virtual machines shown in the following table.
| Name | Operating system | Status |
|---|---|---|
| VM1 | Windows Server 2012 | Running |
| VM2 | Windows Server 2012 R2 | Running |
| VM3 | Windows Server 2016 | Stopped |
| VM4 | Ubuntu Server 18.04 LTS | Running |
For which virtual machines can you enable Update Management?
A. VM2 and VM3 only
B. VM2, VM3, and VM4 only
C. VM1, VM2, and VM4 only
D. VM1, VM2, VM3, and VM4
E. VM1, VM2, and VM3 only
Answer
C. VM1, VM2, and VM4 only
Reference
- Azure > Automation > Update Management overview
AZ-500 Question 75
Question
You have an Azure subscription that contains two virtual machines named VM1 and VM2 that run Windows Server 2019.
You are implementing Update Management in Azure Automation.
You plan to create a new update deployment named Update1.
You need to ensure that Update1 meets the following requirements:
- Automatically applies updates to VM1 and VM2.
- Automatically adds any new Windows Server 2019 virtual machines to Update1.
What should you include in Update1?
A. a security group that has a Membership type of Assigned
B. a security group that has a Membership type of Dynamic Device
C. a dynamic group query
D. a Kusto query language query
Answer
C. a dynamic group query
Reference
- Azure > Automation > Use dynamic groups with Update Management
AZ-500 Question 76
Question
You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.
You need to use the automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry.
What should you create?
A. a secret in Azure Key Vault
B. a role assignment
C. an Azure Active Directory (Azure AD) user
D. an Azure Active Directory (Azure AD) group
Answer
B. a role assignment
Reference
- Azure > AKS > Service principals with Azure Kubernetes Service (AKS)
AZ-500 Question 77
Question
HOTSPOT –
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
| Name | Member of group | Multi-factor authentication (MFA) status |
|---|---|---|
| User1 | Group1, Group2 | Enabled |
| User2 | Group1 | Disabled |
You create and enforce an Azure AD Identity Protection sign-in risk policy that has the following settings:
- Assignments: Include Group1, exclude Group2
- Conditions: Sign-in risk level: Low and above
- Access: Allow access, Require multi-factor authentication
You need to identify what occurs when the users sign in to Azure AD.
What should you identify for each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
When User1 signs in from an anonymous IP address, the user will:
- Be blocked
- Be prompted for MFA
- Sign in by using a username and password only
When User2 signs in from an unfamiliar location, the user will:
- Be blocked
- Be prompted for MFA
- Sign in by using a username and password only
Answer
When User1 signs in from an anonymous IP address, the user will: Be prompted for MFA
When User2 signs in from an unfamiliar location, the user will: Be blocked
Reference
- Azure > Active Directory > Identity protection > Identity Protection policies
- Azure > Active Directory > Identity protection > What is risk?
AZ-500 Question 78
Question
You have an Azure subscription that contains an app named App1. App1 has the app registration shown in the following table.
| API | Permisssion | Type | Admin consent required | Status |
|---|---|---|---|---|
| Microsoft.Graph | User.Read | Delegated | No | None |
| Microsoft.Graph | Calendars.Read | Delegated | No | None |
You need to ensure that App1 can read all user calendars and create appointments. The solution must use the principle of least privilege.
What should you do?
A. Add a new Delegated API permission for Microsoft.Graph Calendars.ReadWrite.
B. Add a new Application API permission for Microsoft.Graph Calendars.ReadWrite.
C. Select Grant admin consent.
D. Add new Delegated API permission for Microsoft.Graph Calendars.ReadWrite.Shared.
Answer
A. Add a new Delegated API permission for Microsoft.Graph Calendars.ReadWrite.
Reference
- Authentication and authorization > Microsoft Graph permissions reference > Calendars permissions
AZ-500 Question 79
Question
You have a Microsoft 365 tenant that uses an Azure Active Directory (Azure AD) tenant. The Azure AD tenant syncs to an on-premises Active Directory domain by using an instance of Azure AD Connect.
You create a new Azure subscription.
You discover that the synced on-premises user accounts cannot be assigned roles in the new subscription.
You need to ensure that you can assign Azure and Microsoft 365 roles to the synced Azure AD user accounts.
What should you do fist?
A. Configure the Azure AD tenant used by the new subscription to use pass-through authentication.
B. Configure the Azure AD tenant used by the new subscription to use federated authentication.
C. Change the Azure AD tenant used by the new subscription.
D. Configure a second instance of Azure AD Connect.
Answer
C. Change the Azure AD tenant used by the new subscription.
AZ-500 Question 80
Question
HOTSPOT –
You have an Azure subscription that contains the resources shown in the following table.
| Name | Type | Resource group | Location |
|---|---|---|---|
| RG1 | Resource group | Not applicable | West US |
| Managed1 | Managed identity | RG1 | West US |
The subscription is linked to an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
| Name | Usage location |
|---|---|
| User1 | United States |
| User2 | Germany |
You create the groups shown in the following table.
| Name | Type | Member of |
|---|---|---|
| Group1 | Security | Dynamic User |
| Group2 | Microsoft 365 | Dynamic User |
The membership rules for Group1 and Group2 are configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Statements:
- User1 is a member of Group1 and Group2.
- User2 is a member of Group2 only.
- Managed1 is a member of Group1 and Group2.
Answer
- User1 is a member of Group1 and Group2: Yes
- User2 is a member of Group2 only: No
- Managed1 is a member of Group1 and Group2: No
Reference
- Azure > Active Directory > Dynamic membership rules for groups in Azure Active Directory