Skip to Content

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers – 1

The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers

Question 81

Question

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

Name Type In resource group
cont1 Container instance RG1
VNET1 Virtual network RG1
App1 App Service app RG1
VM1 Virtual machine RG1
User1 User Not applicable

You create a custom RBAC role in Subscription1 by using the following JSON file.

You create a custom RBAC role in Subscription1 by using the following JSON file.

You assign Role1 to User1 on RG1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Statements:

  • User1 can add VM1 to VNET1.
  • User1 can start and stop App1.
  • User1 can start and stop cont1.

Answer

  • User1 can add VM1 to VNET1: No
  • User1 can start and stop App1: No
  • User1 can start and stop cont1: No

Reference

  • Azure > Role-based access control > Azure resource provider operations > Microsoft.Compute

Question 82

Question

You plan to deploy an app that will modify the properties of Azure Active Directory (Azure AD) users by using Microsoft Graph.
You need to ensure that the app can access Azure AD.
What should you configure first?

A. an app registration
B. an external identity
C. a custom role-based access control (RBAC) role
D. an Azure AD Application Proxy

Answer

A. an app registration

Reference

Question 83

Question

You have an Azure Active Directory (Azure AD) tenant that contains a user named Admin1. Admin1 is assigned the Application developer role.
You purchase a cloud app named App1 and register App1 in Azure AD.
Admin1 reports that the option to enable token encryption for App1 is unavailable.
You need to ensure that Admin1 can enable token encryption for App1 in the Azure portal.
What should you do?

A. Upload a certificate for App1.
B. Modify the API permissions of App1.
C. Add App1 as an enterprise application.
D. Assign Admin1 the Cloud application administrator role.

Answer

C. Add App1 as an enterprise application.

Explanation

This is a tricky one because uploading a certificate is also required. However, the question states that the Token Encryption option is unavailable. This is because the app is not added as an enterprise application. When the app is added as an enterprise application, the Token Encryption option will be available.
Then you can upload the certificate.

Reference

Question 84

Question

You have an Azure subscription that uses Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
A PIM user that is assigned the User Access Administrator role reports receiving an authorization error when performing a role assignment or viewing the list of assignments.
You need to resolve the issue by ensuring that the PIM service principal has the correct permissions for the subscription. The solution must use the principle of least privilege.
Which role should you assign to the PIM service principle?

A. Contributor
B. User Access Administrator
C. Managed Application Operator
D. Resource Policy Contributor

Answer

B. User Access Administrator

Question 85

Question

HOTSPOT –
Your company has an Azure subscription named Subscription1. Subscription1 is associated with the Azure Active Directory tenant that includes the users shown in the following table.

Name Role
User1 Global administrator
User2 Billing administrator
User3 Owner
User4 Account Admin

The company is sold to a new owner.
The company needs to transfer ownership of Subscription1.
Which user can transfer the ownership and which tool should the user use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

User:

  • User1
  • User2
  • User3
  • User4

Tool:

  • Azure Account Center
  • Azure Cloud Shell
  • Azure PowerShell
  • Azure Security Center

Answer

User: User1
Tool: Azure Account Center

Reference

Question 86

Question

HOTSPOT –
Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure Active Directory (Azure AD).
The Azure AD tenant contains the users shown in the following table.

Name Source Password
User1 Azure AD Adatum123
User2 Azure AD N2w3rT0Gue33
User3 On-premises Active Directory ComplexPassword33

You configure the Authentication methods `” Password Protection settings for adatum.com as shown in the following exhibit.

You configure the Authentication methods `

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Statements:

  • User1 will be prompted to change the password on the next sign-in.
  • User2 can change the password to @[email protected]_C0mpleX123.
  • User3 can change the password to Adatum123!.

Answer

  • User1 will be prompted to change the password on the next sign-in: No
  • User2 can change the password to @[email protected]_C0mpleX123: Yes
  • User3 can change the password to Adatum123!: Yes

Reference

Question 87

Question

You have an Azure subscription that contains the resources shown in the following table.

Name Type Description
RG1 Resource group Used to store virtual machines
RG2 Resource group Used to store virtual networks
ServerAdmins Security group Used to manage virtual machines

You need to ensure that ServerAdmins can perform the following tasks:

  • Create virtual machines in RG1 only.
  • Connect the virtual machines to the existing virtual networks in RG2 only.

The solution must use the principle of least privilege.
Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. a custom RBAC role for RG2
B. the Network Contributor role for RG2
C. the Contributor role for the subscription
D. a custom RBAC role for the subscription
E. the Network Contributor role for RG1
F. the Virtual Machine Contributor role for RG1

Answer

A. a custom RBAC role for RG2
F. the Virtual Machine Contributor role for RG1

Reference

Question 88

Question

HOTSPOT –
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains three security groups named Group1, Group2, and Group3 and the users shown in the following table.

Name Role Member of
User1 Application administrator Group1
User2 Application developer Group2
User3 Cloud application administrator Group3

Group3 is a member of Group2.
In contoso.com, you register an enterprise application named App1 that has the following settings:

  • Owners: User1
  • Users and groups: Group2

You configure the properties of App1 as shown in the following exhibit.

You configure the properties of App1 as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select no.
NOTE: Each correct selection is worth one point.
Hot Area:

Statements:

  • User1 has App1 listed on his My Apps portal.
  • User2 has App1 listed on her My Apps portal.
  • User3 has App1 listed on her My Apps portal.

Answer

  • User1 has App1 listed on his My Apps portal: Yes
  • User2 has App1 listed on her My Apps portal: Yes
  • User3 has App1 listed on her My Apps portal: No

Reference

Question 89

Question

HOTSPOT –
You have an Azure subscription that contains the Azure Active Directory (Azure AD) resources shown in the following table.

Name Description
User1 User
Group1 Security group that has a Membership type of Dynamic Device
Managed1 Managed identity
App1 Enterprise application

You create the groups shown in the following table.

Name Description
Group5 Security group that has a Membership type of Assigned
Group6 Microsoft 365 group that has a Membership type of Assigned

Which resources can you add to Group5 and Group6? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Group5:

  • User1 only
  • User1 and Group1 only
  • User1, Group1, and Managed1 only
  • User1, Group1, Managed1, and App1

Group6:

  • User1 only
  • User1 and Group1 only
  • User1, Group1, and Managed1 only
  • User1, Group1, Managed1, and App1

Answer

Group5: User1, Group1, Managed1, and App1
Group6: User1 only

Question 90

Question

HOTSPOT –
You have an Azure subscription that contains the custom roles shown in the following table.

Name Type
Role1 Azure Active Directory (Azure AD)
Role2 Azure subscription

In the Azure portal, you plan to create new custom roles by cloning existing roles. The new roles will be configured as shown in the following table.

Name Type
Role3 Azure AD
Role4 Azure subscription

Which roles can you clone to create each new role? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Role3:

  • Role1 only
  • Built-in Azure AD roles only
  • Role1 and built-in Azure AD roles only
  • Role1, built-in Azure AD roles, and built-in Azure subscription roles

Role4:

  • Role2 only
  • Built-in Azure AD roles only
  • Role2 and built-in Azure subscription roles only
  • Role2, built-in Azure subscription roles, and built-in Azure AD roles

Answer

Role3: Role1 only
Role4: Role2 and built-in Azure subscription roles only

Reference

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker