Skip to Content

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers – 1

The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers

Question 21

Question

DRAG DROP –
You are configuring network connectivity for two Azure virtual networks named VNET1 and VNET2.
You need to implement VPN gateways for the virtual networks to meet the following requirements:

  • VNET1 must have six site-to-site connections that use BGP.
  • VNET2 must have 12 site-to-site connections that use BGP.
  • Costs must be minimized.

Which VPN gateway SKU should you use for each virtual network? To answer, drag the appropriate SKUs to the correct networks. Each SKU may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

SKUs:

  • Basic
  • VpnGw1
  • VpnGw2
  • VpnGw3

Answer

VNET1: VpnGw1
VNET2: VpnGw1

Reference

  • Azure > Networking > VPN Gateway > What is VPN Gateway? > Gateway SKUs

Question 22

Question

You plan to deploy Azure container instances.
You have a containerized application that is comprised of two containers: an application container and a validation container. The application container is monitored by the validation container. The validation container performs security checks by making requests to the application container and waiting for responses after every transaction.
You need to ensure that the application container and the validation container are scheduled to be deployed together. The containers must communicate to each other only on ports that are not externally exposed.
What should you include in the deployment?

A. application security groups
B. network security groups (NSGs)
C. management groups
D. container groups

Answer

D. container groups

Explanation

Azure Container Instances supports the deployment of multiple containers onto a single host using a container group. A container group is useful when building an application sidecar for logging, monitoring, or any other configuration where a service needs a second attached process.

Reference

Question 23

Question

You have a web app hosted on an on-premises server that is accessed by using a URL of https://www.contoso.com.
You plan to migrate the web app to Azure. You will continue to use https://www.contoso.com.
You need to enable HTTPS for the Azure web app.
What should you do first?

A. Export the public key from the on-premises server and save the key as a P7b file.
B. Export the private key from the on-premises server and save the key as a PFX file that is encrypted by using TripleDES.
C. Export the public key from the on-premises server and save the key as a CER file.
D. Export the private key from the on-premises server and save the key as a PFX file that is encrypted by using AES256.

Answer

B. Export the private key from the on-premises server and save the key as a PFX file that is encrypted by using TripleDES.

Reference

Question 24

Question

You have 15 Azure virtual machines in a resource group named RG1.
All the virtual machines run identical applications.
You need to prevent unauthorized applications and malware from running on the virtual machines.
What should you do?

A. Apply an Azure policy to RG1.
B. From Azure Security Center, configure adaptive application controls.
C. Configure Azure Active Directory (Azure AD) Identity Protection.
D. Apply a resource lock to RG1.

Answer

B. From Azure Security Center, configure adaptive application controls.

Explanation

Adaptive application control is an intelligent, automated end-to-end application whitelisting solution from Azure Security Center. It helps you control which applications can run on your Azure and non-Azure VMs (Windows and Linux), which, among other benefits, helps harden your VMs against malware. Security
Center uses machine learning to analyze the applications running on your VMs and helps you apply the specific whitelisting rules using this intelligence.

Reference

Question 25

Question

You have an Azure subscription that contains the virtual networks shown in the following table.

Name Region Subnet
VNET1 West US Subnet11 and Subnet12
VNET2 West US 2 Subnet21
VNET3 East US Subnet31

The subscription contains the virtual machines shown in the following table.

Name Network interface Connected to
VM1 NIC1 Subnet11
VM2 NIC2 Subnet11
VM3 NIC3 Subnet12
VM4 NIC4 Subnet21
VM5 NIC5 Subnet31

On NIC1, you configure an application security group named ASG1.
On which other network interfaces can you configure ASG1?

A. NIC2 only
B. NIC2, NIC3, NIC4, and NIC5
C. NIC2 and NIC3 only
D. NIC2, NIC3, and NIC4 only

Answer

C. NIC2 and NIC3 only

Explanation

Only network interfaces in NVET1, which consists of Subnet11 and Subnet12, can be configured in ASG1, as all network interfaces assigned to an application security group have to exist in the same virtual network that the first network interface assigned to the application security group is in.

Reference

Question 26

Question

HOTSPOT –
You have a network security group (NSG) bound to an Azure subnet.
You run Get-AzNetworkSecurityRuleConfig and receive the output shown in the following exhibit.

You run Get-AzNetworkSecurityRuleConfig and receive the output shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

Traffic destined for an Azure Storage account is [answer choice]:

  • able to connect to East US
  • able to connect to East US 2
  • able to connect to West Europe
  • Prevented from connecting to all regions

FTP connections from 1.2.3.4 to 10.0.0.10/32 are [answer choice]:

  • allowed
  • dropped
  • forwarded

Answer

Traffic destined for an Azure Storage account is able to connect to East US 2.
FTP connections from 1.2.3.4 to 10.0.0.10/32 are allowed.

Explanation

Box 1: able to connect to East US 2
The StorageEA2Allow has DestinationAddressPrefix {Storage/EastUS2}

Box 2: allowed –
TCP Port 21 controls the FTP session. Contoso_FTP has SourceAddressPrefix {1.2.3.4/32} and DestinationAddressPrefix {10.0.0.5/32}
Note:
The Get-AzureRmNetworkSecurityRuleConfig cmdlet gets a network security rule configuration for an Azure network security group.
Security rules in network security groups enable you to filter the type of network traffic that can flow in and out of virtual network subnets and network interfaces.

Reference

Question 27

Question

You are configuring and securing a network environment.
You deploy an Azure virtual machine named VM1 that is configured to analyze network traffic.
You need to ensure that all network traffic is routed through VM1.
What should you configure?

A. a system route
B. a network security group (NSG)
C. a user-defined route

Answer

C. a user-defined route

Explanation

Although the use of system routes facilitates traffic automatically for your deployment, there are cases in which you want to control the routing of packets through a virtual appliance. You can do so by creating user defined routes that specify the next hop for packets flowing to a specific subnet to go to your virtual appliance instead, and enabling IP forwarding for the VM running as the virtual appliance.

Note: User Defined Routes –
For most environments you will only need the system routes already defined by Azure. However, you may need to create a route table and add one or more routes in specific cases, such as:

  • Force tunneling to the Internet via your on-premises network.
  • Use of virtual appliances in your Azure environment.
  • In the scenarios above, you will have to create a route table and add user defined routes to it.

Reference

Question 28

Question

From Azure Security Center, you create a custom alert rule.
You need to configure which users will receive an email message when the alert is triggered.
What should you do?

A. From Azure Monitor, create an action group.
B. From Security Center, modify the Security policy settings of the Azure subscription.
C. From Azure Active Directory (Azure AD), modify the members of the Security Reader role group.
D. From Security Center, modify the alert rule.

Answer

A. From Azure Monitor, create an action group.

Reference

Question 29

Question

You have an Azure subscription that contains an Azure Container Registry named Registry1. Azure Defender is enabled in the subscription.
You upload several container images to Registry1.
You discover that vulnerability security scans were not performed.
You need to ensure that the container images are scanned for vulnerabilities when they are uploaded to Registry1.
What should you do?

A. From the Azure portal, modify the Pricing tier settings.
B. From Azure CLI, lock the container images.
C. Upload the container images by using AzCopy.
D. Push the container images to Registry1 by using Docker.

Answer

A. From the Azure portal, modify the Pricing tier settings.

Question 30

Question

You have an Azure Active Directory (Azure AD) tenant named Contoso.com and an Azure Kubernetes Service (AKS) cluster AKS1.
You discover that AKS1 cannot be accessed by using accounts from Contoso.com.
You need to ensure AKS1 can be accessed by using accounts from Contoso.com. The solution must minimize administrative effort.
What should you do first?

A. From Azure, recreate AKS1.
B. From AKS1, upgrade the version of Kubernetes.
C. From Azure AD, implement Azure AD Premium P2
D. From Azure AD, configure the User settings.

Answer

A. From Azure, recreate AKS1.

Reference

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker