The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.
Table of Contents
- AZ-500 Question 101
- Question
- Answer
- AZ-500 Question 102
- Question
- Answer
- Explanation
- Reference
- AZ-500 Question 103
- Question
- Answer
- Reference
- AZ-500 Question 104
- Question
- Answer
- Reference
- AZ-500 Question 105
- Question
- Answer
- Reference
- AZ-500 Question 106
- Question
- Answer
- Reference
- AZ-500 Question 107
- Question
- Answer
- Reference
- AZ-500 Question 108
- Question
- Answer
- Explanation
- Reference
- AZ-500 Question 109
- Question
- Answer
- Explanation
- AZ-500 Question 110
- Question
- Answer
- Explanation
- Reference
AZ-500 Question 101
Question
You have an Azure subscription named Subcription1 that contains an Azure Active Directory (Azure AD) tenant named contoso.com and a resource group named RG1.
You create a custom role named Role1 for contoso.com.
Where you can use Role1 for permission delegation?
A. contoso.com only
B. contoso.com and RG1 only
C. contoso.com and Subscription1 only
D. contoso.com, RG1, and Subscription1
Answer
D. contoso.com, RG1, and Subscription1
AZ-500 Question 102
Question
SIMULATION –
You need to create a new Azure Active Directory (Azure AD) directory named 10317806.onmicrosoft.com. The new directory must contain a user named user10317806 who is configured to sign in by using Azure Multi-Factor Authentication (MFA).
Answer
See the explanation below.
Explanation
To create a new Azure AD tenant:
1. Browse to the Azure portal and sign in with an account that has an Azure subscription.
2. Select the plus icon (+) and search for Azure Active Directory.
3. Select Azure Active Directory in the search results.
4. Select Create.
5. Provide an Organization name (10317806) and an Initial domain name (10317806). Then select Create. This will create the directory named 10317806.onmicrosoft.com.
6. After directory creation is complete, select the information box to manage your new directory.
To create the user:
1. In the Azure portal, make sure you are on the Azure Active Directory fly out.
If not, select the Azure Active Directory icon from the left services navigation.
2. Under Manage, select Users.
3. Select All users and then select + New user.
4. Provide a Name and User name (user10317806) for the user. When you’re done, select Create.
To enable MFA:
1. In the Azure portal, make sure you are on the Azure Active Directory fly out.
If not, select the Azure Active Directory icon from the left services navigation.
2. Under Manage, select Users.
3. Click on the Multi-Factor Authentication link.
4. Tick the checkbox next to the user’s name and click the Enable link.
Reference
- Power Platform > Power BI > Developer > Embedded analytics > Create an Azure Active Directory tenant to use with Power BI
AZ-500 Question 103
Question
You have the Azure virtual machines shown in the following table.
| Name | Location | Connected to |
|---|---|---|
| VM1 | West US 2 | VNET1/Subnet1 |
| VM2 | West US 2 | VNET1/Subnet1 |
| VM3 | West US 2 | VNET1/Subnet2 |
| VM4 | East US 2 | VNET2/Subnet3 |
| VM5 | West US 2 | VNET5/Subnet5 |
Each virtual machine has a single network interface.
You add the network interface of VM1 to an application security group named ASG1.
You need to identify the network interfaces of which virtual machines you can add to ASG1.
What should you identify?
A. VM2 only
B. VM2 and VM3 only
C. VM2, VM3, VM4, and VM5
D. VM2, VM3, and VM5 only
Answer
B. VM2 and VM3 only
Reference
- Azure > Networking > Virtual Network > Application security groups
AZ-500 Question 104
Question
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant and a user named User1.
The App registrations settings for the tenant are configured as shown in the following exhibit.
You plan to deploy an app named App1.
You need to ensure that User1 can register App1 in Azure AD. The solution must use the principle of least privilege.
Which role should you assign to User1?
A. App Configuration Data Owner for the subscription
B. Managed Application Contributor for the subscription
C. Cloud application administrator in Azure AD
D. Application developer in Azure AD
Answer
D. Application developer in Azure AD
Reference
- Azure > Active Directory > Least privileged roles by task in Azure Active Directory
AZ-500 Question 105
Question
You have an Azure subscription that is associated with an Azure Active Directory (Azure AD) tenant.
When a developer attempts to register an app named App1 in the tenant, the developer receives the error message shown in the following exhibit.
You need to ensure that the developer can register App1 in the tenant.
What should you do for the tenant?
A. Modify the Directory properties.
B. Set Enable Security defaults to Yes.
C. Configure the Consent and permissions settings for enterprise applications.
D. Modify the User settings.
Answer
D. Modify the User settings.
Reference
- Azure > Active Directory > Develop > How and why applications are added to Azure AD
AZ-500 Question 106
Question
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named User1.
You plan to publish several apps in the tenant.
You need to ensure that User1 can grant admin consent for the published apps.
Which two possible user roles can you assign to User1 to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Security administrator
B. Cloud application administrator
C. Application administrator
D. User administrator
E. Application developer
Answer
B. Cloud application administrator
C. Application administrator
Reference
- Azure > Active Directory > Application management > Grant tenant-wide admin consent to an application
AZ-500 Question 107
Question
HOTSPOT –
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
| Name | Type | In resource group |
|---|---|---|
| 8372f433-2dcd-4361-b5ef-5b188fed87d0 | Subscription ID | Not applicable |
| RG1 | Resource group | Not applicable |
| VM1 | Virtual machine | RG1 |
| VNET1 | Virtual network | RG1 |
| storage1 | Storage account | RG1 |
| User1 | User account | Not applicable |
You create an Azure role by using the following JSON file.
You assign Role1 to User1 for RG1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Statements:
- User1 can create a new virtual machine in RG1.
- User1 can modify the properties of storage1.
- User1 can attach the network interface of VM1 to VNET1.
Answer
- User1 can create a new virtual machine in RG1: Yes
- User1 can modify the properties of storage1: No
- User1 can attach the network interface of VM1 to VNET1: No
Reference
- Azure > Role-based access control > Azure built-in roles > Compute
AZ-500 Question 108
Question
You have an Azure Active Directory (Azure AD) tenant.
You have the deleted objects shown in the following table.
| Name | Type | Deleted on |
|---|---|---|
| Group1 | Security group | April 5, 2020 |
| Group2 | Office 365 group | April 5, 2020 |
| User1 | User | March 25, 2020 |
| User2 | User | April 30, 2020 |
On May 4, 2020, you attempt to restore the deleted objects by using the Azure Active Directory admin center.
Which two objects can you restore? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Group1
B. Group2
C. User2
D. User1
Answer
B. Group2
C. User2
Explanation
Deleted users and deleted Office 365 groups are available for restore for 30 days.
You cannot restore a deleted security group.
Reference
- Azure > Active Directory > Restore a deleted Microsoft 365 group in Azure Active Directory
AZ-500 Question 109
Question
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
The User administrator role is assigned to a user named Admin1.
An external partner has a Microsoft account that uses the [email protected] sign in.
Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: `Unable to invite user [email protected] Generic authorization exception.`
You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.
What should you do?
A. From the Roles and administrators blade, assign the Security administrator role to Admin1.
B. From the Organizational relationships blade, add an identity provider.
C. From the Custom domain names blade, add a custom domain.
D. From the Users blade, modify the External collaboration settings.
Answer
D. From the Users blade, modify the External collaboration settings.
Explanation
You need to allow guest invitations in the External collaboration settings.
AZ-500 Question 110
Question
SIMULATION –
The developers at your company plan to publish an app named App11641655 to Azure.
You need to ensure that the app is registered to Azure Active Directory (Azure AD). The registration must use the sign-on URLs of https://app.contoso.com.
To complete this task, sign in to the Azure portal and modify the Azure resources.
Answer
See the explanation below.
Explanation
Step 1: Register the Application
1. Sign in to your Azure Account through the Azure portal.
2. Select Azure Active Directory.
3. Select App registrations.
4. Select New registration.
5. Name the application App11641655. Select a supported account type, which determines who can use the application. Under Redirect URI, select Web for the type of application you want to create. Enter the URI: https://app.contoso.com, where the access token is sent to.
6. Click Register
Reference
- Azure > Active Directory > Develop > Use the portal to create an Azure AD application and service principal that can access resources