Skip to Content

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers – 1

The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers

Question 91

Question

HOTSPOT –
You have a management group named Group1 that contains an Azure subscription named sub1. Sub1 has a subscription ID of 11111111-1234-1234-1234-1111111111.
You need to create a custom Azure role-based access control (RBAC) role that will delegate permissions to manage the tags on all the objects in Group1.
What should you include in the role definition of Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Resource provider:

  • Microsoft.Authorization
  • Microsoft.Resources
  • Microsoft.Support

Assignable scope:

  • /
  • /Group1
  • /Subscriptions/11111111-1234-1234-1234-1111111111

Answer

Resource provider: Microsoft.Resources
Assignable scope: /Subscriptions/11111111-1234-1234-1234-1111111111

Explanation

Note: Assigning a custom RBAC role as the Management Group level is currently in preview only. So, for now the answer to the assignable scope is the subscription level.

Reference

Question 92

Question

HOTSPOT –
You have an Azure Active Directory (Azure AD) tenant that contains the resources shown in the following table.

Name Type
User1 User
User2 User
User3 User
Group1 Security group
Group2 Security group
App1 Enterprise application

User2 is the owner of Group2.
The user and group settings for App1 are configured as shown in the following exhibit.

The user and group settings for App1 are configured as shown in the following exhibit.

You enable self-service application access for App1 as shown in the following exhibit.

You enable self-service application access for App1 as shown in the following exhibit.

User3 is configured to approve access to App1.
After you enable self-service application access for App1, who will be configured as the Group2 owner and who will be configured as the App1 users? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Group2 owners:

  • User2 only
  • User3 only
  • User1 and User2 only
  • User2 and User3 only
  • User1, User2, and User3

App1 users:

  • Group1 members only
  • Group2 members only
  • Group1 and Group2 members only
  • Group1 and Group2 members and User1 only
  • Group1 and Group2 members, User1, and User3 only

Answer

Group2 owners: User2 only
App1 users: Group1 and Group2 members only

Reference

Question 93

Question

You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant.
From the Azure portal, you register an enterprise application.
Which additional resource will be created in Azure AD?

A. a service principal
B. an X.509 certificate
C. a managed identity
D. a user account

Answer

A. a service principal

Reference

Question 94

Question

HOTSPOT –
You plan to implement an Azure function named Function1 that will create new storage accounts for containerized application instances.
You need to grant Function1 the minimum required privileges to create the storage accounts. The solution must minimize administrative effort.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Assign role to:

  • A group account
  • A system-assigned managed identity
  • A user account
  • A user-assigned managed identity

Role assignment to create:

  • Built-in role assignment
  • Classic administrator role assignment
  • Custom role-based access control (RBAC) role assignment

Answer

Assign role to: A system-assigned managed identity
Role assignment to create: Custom role-based access control (RBAC) role assignment

Reference

Question 95

Question

HOTSPOT –
You have the hierarchy of Azure resources shown in the following exhibit.

You have the hierarchy of Azure resources shown in the following exhibit.

RG1, RG2, and RG3 are resource groups.
RG2 contains a virtual machine named VM2.
You assign role-based access control (RBAC) roles to the users shown in the following table.

Name Role Added to resource
User1 Contributor Tenant Root Group
User2 Virtual Machine Contributor Subscription2
User3 Virtual Machine Administrator Login RG2

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Statements:

  • User1 can deploy virtual machines to RG1.
  • User2 can delete VM2.
  • User3 can reset the password of the built-in Administrator account of VM2.

Answer

  • User1 can deploy virtual machines to RG1: Yes
  • User2 can delete VM2: Yes
  • User3 can reset the password of the built-in Administrator account of VM2: No

Question 96

Question

You have an Azure subscription linked to an Azure Active Directory Premium Plan 1 tenant.
You plan to implement Azure Active Directory (Azure AD) Identity Protection.
You need to ensure that you can configure a user risk policy and a sign-in risk policy.
What should you do first?

A. Purchase Azure Active Directory Premium Plan 2 licenses for all users.
B. Register all users for Azure Multi-Factor Authentication (MFA).
C. Enable security defaults for Azure AD.
D. Upgrade Azure Security Center to the standard tier.

Answer

A. Purchase Azure Active Directory Premium Plan 2 licenses for all users.

Reference

Question 97

Question

You have an Azure subscription.
You plan to create a custom role-based access control (RBAC) role that will provide permission to read the Azure Storage account.
Which property of the RBAC role definition should you configure?

A. NotActions []
B. DataActions []
C. AssignableScopes []
D. Actions []

Answer

D. Actions []

Explanation

To “Read a storage account”, ie. list the blobs in the storage account, you need an “Action” permission.
To read the data in a storage account, ie. open a blob, you need a “DataAction” permission.

Reference

Question 98

Question

You have an Azure subscription that contains the users shown in the following table.

Name Subscription role Azure Active Directory (Azure AD) user role Multi-factor authentication (MFA) status
User1 Owner Authentication administrator Enabled
User2 None Global administrator Enforced
User3 None Global administrator Disabled

Which users can enable Azure AD Privileged Identity Management (PIM)?
A. User2 and User3 only
B. User1 and User2 only
C. User2 only
D. User1 only

Answer

D. User1 only

Reference

Question 99

Question

Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure Active Directory (Azure AD). Azure AD Connect is installed on a domain member server named Server1.
You need to ensure that a domain administrator for the adatum.com domain can modify the synchronization options. The solution must use the principle of least privilege.
Which Azure AD role should you assign to the domain administrator?

A. Security administrator
B. Global administrator
C. User administrator

Answer

B. Global administrator

Reference

Question 100

Question

You have an Azure subscription.
You enable Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
Your company’s security policy for administrator accounts has the following conditions:

  • The accounts must use multi-factor authentication (MFA).
  • The accounts must use 20-character complex passwords.
  • The passwords must be changed every 180 days.
  • The accounts must be managed by using PIM.

You receive multiple alerts about administrators who have not changed their password during the last 90 days.
You need to minimize the number of generated alerts.
Which PIM alert should you modify?

A. Roles are being assigned outside of Privileged Identity Management
B. Roles don’t require multi-factor authentication for activation
C. Administrators aren’t using their privileged roles
D. Potential stale accounts in a privileged role

Answer

D. Potential stale accounts in a privileged role

Reference

Azure > Active Directory > Privileged Identity Management > Configure security alerts for Azure AD roles in Privileged Identity Management

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker