Skip to Content

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers – 1

The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers

Question 1

Question

You are troubleshooting a security issue for an Azure Storage account.
You enable the diagnostic logs for the storage account.
What should you use to retrieve the diagnostics logs?

A. the Security & Compliance admin center
B. Azure Security Center
C. Azure Cosmos DB explorer
D. AzCopy

Answer

D. AzCopy

Explanation

If you want to download the metrics for long-term storage or to analyze them locally, you must use a tool or write some code to read the tables. You must download the minute metrics for analysis. The tables do not appear if you list all the tables in your storage account, but you can access them directly by name.

Many storage-browsing tools are aware of these tables and enable you to view them directly (see Azure Storage Client Tools for a list of available tools).

Microsoft provides several graphical user interface (GUI) tools for working with the data in your Azure Storage account. All of the tools outlined in the following table are free.

Azure Storage client tool Supported platforms Block Blob Page Blob Append Blob Tables Queues Files
Azure portal Web Yes Yes Yes Yes Yes Yes
Azure Storage Explorer Windows, OSX Yes Yes Yes Yes Yes Yes
Microsoft Visual Studio Cloud Explorer Windows Yes Yes Yes Yes Yes No

Note: There are several versions of this question in the exam. The questions in the exam have two different correct answers:

  1. Azure Storage Explorer
  2. AZCopy

Other incorrect answer options you may see on the exam include the following:

  1. SQL query editor in Azure
  2. File Explorer in Windows
  3. Azure Monitor

Reference

Question 2

Question

You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You need to configure diagnostic settings for contoso.com. The solution must meet the following requirements:

  • Retain logs for two years.
  • Query logs by using the Kusto query language.
  • Minimize administrative effort.

Where should you store the logs?

A. an Azure event hub
B. an Azure Log Analytics workspace
C. an Azure Storage account

Answer

B. an Azure Log Analytics workspace

Question 3

Question

You onboard Azure Sentinel. You connect Azure Sentinel to Azure Security Center.
You need to automate the mitigation of incidents in Azure Sentinel. The solution must minimize administrative effort.
What should you create?

A. an alert rule
B. a playbook
C. a function app
D. a runbook

Answer

B. a playbook

Reference

Question 4

Question

You have an Azure subscription named Subscription1.
You deploy a Linux virtual machine named VM1 to Subscription1.
You need to monitor the metrics and the logs of VM1.
What should you use?

A. the AzurePerformanceDiagnostics extension
B. Azure HDInsight
C. Linux Diagnostic Extension (LAD) 3.0
D. Azure Analysis Services

Answer

C. Linux Diagnostic Extension (LAD) 3.0

Reference

Question 5

Question

You company has an Azure subscription named Sub1. Sub1 contains an Azure web app named WebApp1 that uses Azure Application Insights. WebApp1 requires users to authenticate by using OAuth 2.0 client secrets.
Developers at the company plan to create a multi-step web test app that preforms synthetic transactions emulating user traffic to Web App1.
You need to ensure that web tests can run unattended.
What should you do first?

A. In Microsoft Visual Studio, modify the .webtest file.
B. Upload the .webtest file to Application Insights.
C. Register the web test app in Azure AD.
D. Add a plug-in to the web test app.

Answer

B. Upload the .webtest file to Application Insights.

Question 6

Question

Your company has an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to create several security alerts by using Azure Monitor.
You need to prepare the Azure subscription for the alerts.
What should you create first?

A. an Azure Storage account
B. an Azure Log Analytics workspace
C. an Azure event hub
D. an Azure Automation account

Answer

B. an Azure Log Analytics workspace

Question 7

Question

You have an Azure Storage account named storage1 that has a container named container1.
You need to prevent the blobs in container1 from being modified.
What should you do?

A. From container1, change the access level.
B. From container1, add an access policy.
C. From container1, modify the Access Control (IAM) settings.
D. From storage1, enable soft delete for blobs.

Answer

B. From container1, add an access policy.

Reference

Question 8

Question

HOTSPOT –
You have an Azure subscription named Sub1. Sub1 has an Azure Storage account named storage1 that contains the resources shown in the following table.

Name Type
Container1 Blob container
Share1 File share

You generate a shared access signature (SAS) to connect to the blob service and the file service.
Which tool can you use to access the contents in Container1 and Share1 by using the SAS? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Tools for Container1:

  • Robocopy.exe
  • Azure Storage Explorer
  • File Explorer

Tools for Share1:

  • Robocopy.exe
  • Azure Storage Explorer
  • File Explorer

Answer

Tools for Container1: Azure Storage Explorer
Tools for Share1: Azure Storage Explorer

Question 9

Question

HOTSPOT –
You have an Azure subscription that contains the resources shown in the following table.

Name Type Region Resource group
SQL1 Azure SQL database East US RG1
Analytics1 Azure Log Analytics workspace East US RG1
Analytics2 Azure Log Analytics workspace East US RG2
Analytics3 Azure Log Analytics workspace West Europe RG1

You create the Azure Storage accounts shown in the following table.

Name Region Resource group Storage account type Access tier (default)
Storage1 East US RG1 Blob Cool
Storage2 East US RG2 General purpose V1 Not applicable
Storage3 West Europe RG1 General purpose V2 Hot

You need to configure auditing for SQL1.
Which storage accounts and Log Analytics workspaces can you use as the audit log destination? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Storage accounts that can be used as the audit log destination:

  • Storage1 only
  • Storage2 only
  • Storage1 and Storage2 only
  • Storage1, Storage2, Storage3

Log Analytics workspace that can be used as the audit log destination:

  • Analyrics1 only
  • Analyrics1 and Analyrics2 only
  • Analyrics1 and Analyrics3 only
  • Analyrics1, Analyrics2, and Analyrics3

Answer

Storage accounts that can be used as the audit log destination: Storage2 only
Log Analytics workspace that can be used as the audit log destination: Analyrics1, Analyrics2, and Analyrics3

Question 10

Question

HOTSPOT –
You are configuring just in time (JIT) VM access to a Windows Server 2019 Azure virtual machine.
You need to grant users PowerShell access to the virtual machine by using JIT VM access.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Permission that must be granted to users on VM:

  • Read
  • Update
  • View
  • Write

TCP port that must be allowed:

  • 22
  • 25
  • 3389
  • 5986

Answer

Permission that must be granted to users on VM: Write
TCP port that must be allowed: 5986

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.