Skip to Content

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers – 1

The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers

Question 71

Question

You have an Azure subscription that contains a user named User1 and an Azure Container Registry named ContReg1.
You enable content trust for ContReg1.
You need to ensure that User1 can create trusted images in ContReg1. The solution must use the principle of least privilege.
Which two roles should you assign to User1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. AcrQuarantineReader
B. Contributor
C. AcrPush
D. AcrImageSigner
E. AcrQuarantineWriter

Answer

C. AcrPush
D. AcrImageSigner

Reference

Question 72

Question

DRAG DROP –
You have an Azure subscription that contains the following resources:

  • A virtual network named VNET1 that contains two subnets named Subnet1 and Subnet2.
  • A virtual machine named VM1 that has only a private IP address and connects to Subnet1.

You need to ensure that Remote Desktop connections can be established to VM1 from the internet.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange then in the correct order.
Select and Place:

  • Configure a network security group (NSG).
  • Create a network rule collection.
  • Create a NAT rule collection.
  • Create a new subnet.
  • Deploy Azure Application Gateway.
  • Deploy Azure Firewall.

Answer

  • Create a new subnet.
  • Deploy Azure Firewall.
  • Create a NAT rule collection.

Question 73

Question

DRAG DROP –
You have an Azure subscription named Sub1.
You have an Azure Active Directory (Azure AD) group named Group1 that contains all the members of your IT team.
You need to ensure that the members of Group1 can stop, start, and restart the Azure virtual machines in Sub1. The solution must use the principle of least privilege.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

  • Create a JSON file.
  • Run the Update-AzManagementGroup cmdlet.
  • Create an XML file.
  • Run the New-AzRoleDefinition cmdlet.
  • Run the New-AzRoleAssignment cmdlet.

Answer

  • Create a JSON file.
  • Run the New-AzRoleDefinition cmdlet.
  • Run the New-AzRoleAssignment cmdlet.

Question 74

Question

You have the Azure virtual machines shown in the following table.

Name Operating system Status
VM1 Windows Server 2012 Running
VM2 Windows Server 2012 R2 Running
VM3 Windows Server 2016 Stopped
VM4 Ubuntu Server 18.04 LTS Running

For which virtual machines can you enable Update Management?

A. VM2 and VM3 only
B. VM2, VM3, and VM4 only
C. VM1, VM2, and VM4 only
D. VM1, VM2, VM3, and VM4
E. VM1, VM2, and VM3 only

Answer

C. VM1, VM2, and VM4 only

Reference

Question 75

Question

You have an Azure subscription that contains two virtual machines named VM1 and VM2 that run Windows Server 2019.
You are implementing Update Management in Azure Automation.
You plan to create a new update deployment named Update1.
You need to ensure that Update1 meets the following requirements:

  • Automatically applies updates to VM1 and VM2.
  • Automatically adds any new Windows Server 2019 virtual machines to Update1.

What should you include in Update1?

A. a security group that has a Membership type of Assigned
B. a security group that has a Membership type of Dynamic Device
C. a dynamic group query
D. a Kusto query language query

Answer

C. a dynamic group query

Reference

Question 76

Question

You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.
You need to use the automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry.
What should you create?

A. a secret in Azure Key Vault
B. a role assignment
C. an Azure Active Directory (Azure AD) user
D. an Azure Active Directory (Azure AD) group

Answer

B. a role assignment

Reference

Question 77

Question

HOTSPOT –
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

Name Member of group Multi-factor authentication (MFA) status
User1 Group1, Group2 Enabled
User2 Group1 Disabled

You create and enforce an Azure AD Identity Protection sign-in risk policy that has the following settings:

  • Assignments: Include Group1, exclude Group2
  • Conditions: Sign-in risk level: Low and above
  • Access: Allow access, Require multi-factor authentication

You need to identify what occurs when the users sign in to Azure AD.
What should you identify for each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

When User1 signs in from an anonymous IP address, the user will:

  • Be blocked
  • Be prompted for MFA
  • Sign in by using a username and password only

When User2 signs in from an unfamiliar location, the user will:

  • Be blocked
  • Be prompted for MFA
  • Sign in by using a username and password only

Answer

When User1 signs in from an anonymous IP address, the user will: Be prompted for MFA
When User2 signs in from an unfamiliar location, the user will: Be blocked

Reference

Question 78

Question

You have an Azure subscription that contains an app named App1. App1 has the app registration shown in the following table.

API Permisssion Type Admin consent required Status
Microsoft.Graph User.Read Delegated No None
Microsoft.Graph Calendars.Read Delegated No None

You need to ensure that App1 can read all user calendars and create appointments. The solution must use the principle of least privilege.
What should you do?

A. Add a new Delegated API permission for Microsoft.Graph Calendars.ReadWrite.
B. Add a new Application API permission for Microsoft.Graph Calendars.ReadWrite.
C. Select Grant admin consent.
D. Add new Delegated API permission for Microsoft.Graph Calendars.ReadWrite.Shared.

Answer

A. Add a new Delegated API permission for Microsoft.Graph Calendars.ReadWrite.

Reference

Question 79

Question

You have a Microsoft 365 tenant that uses an Azure Active Directory (Azure AD) tenant. The Azure AD tenant syncs to an on-premises Active Directory domain by using an instance of Azure AD Connect.
You create a new Azure subscription.
You discover that the synced on-premises user accounts cannot be assigned roles in the new subscription.
You need to ensure that you can assign Azure and Microsoft 365 roles to the synced Azure AD user accounts.
What should you do fist?

A. Configure the Azure AD tenant used by the new subscription to use pass-through authentication.
B. Configure the Azure AD tenant used by the new subscription to use federated authentication.
C. Change the Azure AD tenant used by the new subscription.
D. Configure a second instance of Azure AD Connect.

Answer

C. Change the Azure AD tenant used by the new subscription.

Question 80

Question

HOTSPOT –
You have an Azure subscription that contains the resources shown in the following table.

Name Type Resource group Location
RG1 Resource group Not applicable West US
Managed1 Managed identity RG1 West US

The subscription is linked to an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

Name Usage location
User1 United States
User2 Germany

You create the groups shown in the following table.

Name Type Member of
Group1 Security Dynamic User
Group2 Microsoft 365 Dynamic User

The membership rules for Group1 and Group2 are configured as shown in the following exhibit.

The membership rules for Group1 and Group2 are configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Statements:

  • User1 is a member of Group1 and Group2.
  • User2 is a member of Group2 only.
  • Managed1 is a member of Group1 and Group2.

Answer

  • User1 is a member of Group1 and Group2: Yes
  • User2 is a member of Group2 only: No
  • Managed1 is a member of Group1 and Group2: No

Reference

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker