The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.
Table of Contents
- AZ-500 Question 81
- Question
- Answer
- Reference
- AZ-500 Question 82
- Question
- Answer
- Reference
- AZ-500 Question 83
- Question
- Answer
- Explanation
- Reference
- AZ-500 Question 84
- Question
- Answer
- AZ-500 Question 85
- Question
- Answer
- Reference
- AZ-500 Question 86
- Question
- Answer
- Reference
- AZ-500 Question 87
- Question
- Answer
- Reference
- AZ-500 Question 88
- Question
- Answer
- Reference
- AZ-500 Question 89
- Question
- Answer
- AZ-500 Question 90
- Question
- Answer
- Reference
AZ-500 Question 81
Question
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
| Name | Type | In resource group |
|---|---|---|
| cont1 | Container instance | RG1 |
| VNET1 | Virtual network | RG1 |
| App1 | App Service app | RG1 |
| VM1 | Virtual machine | RG1 |
| User1 | User | Not applicable |
You create a custom RBAC role in Subscription1 by using the following JSON file.
You assign Role1 to User1 on RG1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Statements:
- User1 can add VM1 to VNET1.
- User1 can start and stop App1.
- User1 can start and stop cont1.
Answer
- User1 can add VM1 to VNET1: No
- User1 can start and stop App1: No
- User1 can start and stop cont1: No
Reference
- Azure > Role-based access control > Azure resource provider operations > Microsoft.Compute
AZ-500 Question 82
Question
You plan to deploy an app that will modify the properties of Azure Active Directory (Azure AD) users by using Microsoft Graph.
You need to ensure that the app can access Azure AD.
What should you configure first?
A. an app registration
B. an external identity
C. a custom role-based access control (RBAC) role
D. an Azure AD Application Proxy
Answer
A. an app registration
Reference
- Azure > Active Directory > Develop > How and why applications are added to Azure AD
AZ-500 Question 83
Question
You have an Azure Active Directory (Azure AD) tenant that contains a user named Admin1. Admin1 is assigned the Application developer role.
You purchase a cloud app named App1 and register App1 in Azure AD.
Admin1 reports that the option to enable token encryption for App1 is unavailable.
You need to ensure that Admin1 can enable token encryption for App1 in the Azure portal.
What should you do?
A. Upload a certificate for App1.
B. Modify the API permissions of App1.
C. Add App1 as an enterprise application.
D. Assign Admin1 the Cloud application administrator role.
Answer
C. Add App1 as an enterprise application.
Explanation
This is a tricky one because uploading a certificate is also required. However, the question states that the Token Encryption option is unavailable. This is because the app is not added as an enterprise application. When the app is added as an enterprise application, the Token Encryption option will be available.
Then you can upload the certificate.
Reference
- Azure > Active Directory > Application management > Configure Azure Active Directory SAML token encryption
AZ-500 Question 84
Question
You have an Azure subscription that uses Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
A PIM user that is assigned the User Access Administrator role reports receiving an authorization error when performing a role assignment or viewing the list of assignments.
You need to resolve the issue by ensuring that the PIM service principal has the correct permissions for the subscription. The solution must use the principle of least privilege.
Which role should you assign to the PIM service principle?
A. Contributor
B. User Access Administrator
C. Managed Application Operator
D. Resource Policy Contributor
Answer
B. User Access Administrator
AZ-500 Question 85
Question
HOTSPOT –
Your company has an Azure subscription named Subscription1. Subscription1 is associated with the Azure Active Directory tenant that includes the users shown in the following table.
| Name | Role |
|---|---|
| User1 | Global administrator |
| User2 | Billing administrator |
| User3 | Owner |
| User4 | Account Admin |
The company is sold to a new owner.
The company needs to transfer ownership of Subscription1.
Which user can transfer the ownership and which tool should the user use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
User:
- User1
- User2
- User3
- User4
Tool:
- Azure Account Center
- Azure Cloud Shell
- Azure PowerShell
- Azure Security Center
Answer
User: User1
Tool: Azure Account Center
Reference
- Manage accounts and subscriptions > Transfer billing ownership of an Azure subscription to another account
AZ-500 Question 86
Question
HOTSPOT –
Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure Active Directory (Azure AD).
The Azure AD tenant contains the users shown in the following table.
| Name | Source | Password |
|---|---|---|
| User1 | Azure AD | Adatum123 |
| User2 | Azure AD | N2w3rT0Gue33 |
| User3 | On-premises Active Directory | ComplexPassword33 |
You configure the Authentication methods `” Password Protection settings for adatum.com as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Statements:
- User1 will be prompted to change the password on the next sign-in.
- User2 can change the password to @d@tum_C0mpleX123.
- User3 can change the password to Adatum123!.
Answer
- User1 will be prompted to change the password on the next sign-in: No
- User2 can change the password to @d@tum_C0mpleX123: Yes
- User3 can change the password to Adatum123!: Yes
Reference
- Azure > Active Directory > Authentication > Plan and deploy on-premises Azure Active Directory Password Protection
- Azure > Active Directory > Authentication > Eliminate bad passwords using Azure Active Directory Password Protection
AZ-500 Question 87
Question
You have an Azure subscription that contains the resources shown in the following table.
| Name | Type | Description |
|---|---|---|
| RG1 | Resource group | Used to store virtual machines |
| RG2 | Resource group | Used to store virtual networks |
| ServerAdmins | Security group | Used to manage virtual machines |
You need to ensure that ServerAdmins can perform the following tasks:
- Create virtual machines in RG1 only.
- Connect the virtual machines to the existing virtual networks in RG2 only.
The solution must use the principle of least privilege.
Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. a custom RBAC role for RG2
B. the Network Contributor role for RG2
C. the Contributor role for the subscription
D. a custom RBAC role for the subscription
E. the Network Contributor role for RG1
F. the Virtual Machine Contributor role for RG1
Answer
A. a custom RBAC role for RG2
F. the Virtual Machine Contributor role for RG1
Reference
- Azure > Role-based access control > Azure built-in roles
AZ-500 Question 88
Question
HOTSPOT –
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains three security groups named Group1, Group2, and Group3 and the users shown in the following table.
| Name | Role | Member of |
|---|---|---|
| User1 | Application administrator | Group1 |
| User2 | Application developer | Group2 |
| User3 | Cloud application administrator | Group3 |
Group3 is a member of Group2.
In contoso.com, you register an enterprise application named App1 that has the following settings:
- Owners: User1
- Users and groups: Group2
You configure the properties of App1 as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select no.
NOTE: Each correct selection is worth one point.
Hot Area:
Statements:
- User1 has App1 listed on his My Apps portal.
- User2 has App1 listed on her My Apps portal.
- User3 has App1 listed on her My Apps portal.
Answer
- User1 has App1 listed on his My Apps portal: Yes
- User2 has App1 listed on her My Apps portal: Yes
- User3 has App1 listed on her My Apps portal: No
Reference
- Azure > Active Directory > Application management > Assign users and groups to an application
AZ-500 Question 89
Question
HOTSPOT –
You have an Azure subscription that contains the Azure Active Directory (Azure AD) resources shown in the following table.
| Name | Description |
|---|---|
| User1 | User |
| Group1 | Security group that has a Membership type of Dynamic Device |
| Managed1 | Managed identity |
| App1 | Enterprise application |
You create the groups shown in the following table.
| Name | Description |
|---|---|
| Group5 | Security group that has a Membership type of Assigned |
| Group6 | Microsoft 365 group that has a Membership type of Assigned |
Which resources can you add to Group5 and Group6? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Group5:
- User1 only
- User1 and Group1 only
- User1, Group1, and Managed1 only
- User1, Group1, Managed1, and App1
Group6:
- User1 only
- User1 and Group1 only
- User1, Group1, and Managed1 only
- User1, Group1, Managed1, and App1
Answer
Group5: User1, Group1, Managed1, and App1
Group6: User1 only
AZ-500 Question 90
Question
HOTSPOT –
You have an Azure subscription that contains the custom roles shown in the following table.
| Name | Type |
|---|---|
| Role1 | Azure Active Directory (Azure AD) |
| Role2 | Azure subscription |
In the Azure portal, you plan to create new custom roles by cloning existing roles. The new roles will be configured as shown in the following table.
| Name | Type |
|---|---|
| Role3 | Azure AD |
| Role4 | Azure subscription |
Which roles can you clone to create each new role? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Role3:
- Role1 only
- Built-in Azure AD roles only
- Role1 and built-in Azure AD roles only
- Role1, built-in Azure AD roles, and built-in Azure subscription roles
Role4:
- Role2 only
- Built-in Azure AD roles only
- Role2 and built-in Azure subscription roles only
- Role2, built-in Azure subscription roles, and built-in Azure AD roles
Answer
Role3: Role1 only
Role4: Role2 and built-in Azure subscription roles only
Reference
- Azure > Active Directory > Create and assign a custom role in Azure Active Directory
- Azure > Role-based access control > Create or update Azure custom roles using the Azure portal