The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.
Table of Contents
- AZ-500 Question 151
- Question
- Answer
- Explanation
- Reference
- AZ-500 Question 152
- Question
- Answer
- Explanation
- Reference
- AZ-500 Question 153
- Question
- Answer
- AZ-500 Question 154
- Question
- Answer
- Reference
- AZ-500 Question 155
- Question
- Answer
- Explanation
- Reference
- AZ-500 Question 156
- Question
- Answer
- Explanation
- Reference
- AZ-500 Question 157
- Question
- Answer
- Explanation
- Reference
- AZ-500 Question 158
- Question
- Answer
- Reference
- AZ-500 Question 159
- Question
- Answer
- Explanation
- Reference
- AZ-500 Question 160
- Question
- Answer
- Reference
AZ-500 Question 151
Question
You need to consider the underlined segment to establish whether it is accurate.
Your Azure Active Directory Azure (Azure AD) tenant has an Azure subscription linked to it.
Your developer has created a mobile application that obtains Azure AD access tokens using the OAuth 2 implicit grant type.
The mobile application must be registered in Azure AD.
You require a redirect URI from the developer for registration purposes.
Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.
A. No adjustment required
B. a secret
C. a login hint
D. a client ID
Answer
A. No adjustment required
Explanation
For Native Applications you need to provide a Redirect URI, which Azure AD will use to return token responses.
Reference
- Azure > Active Directory > Develop > Microsoft identity platform and OAuth 2.0 authorization code flow
AZ-500 Question 152
Question
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company’s Azure subscription is linked to their Azure Active Directory (Azure AD) tenant.
After an internally developed application is registered in Azure AD, you are tasked with making sure that the application has the ability to access Azure Key Vault secrets on application the users’ behalf.
Solution: You configure a delegated permission with no admin consent.
Does the solution meet the goal?
A. Yes
B. No
Answer
A. Yes
Explanation
Delegated permissions – Your client application needs to access the web API as the signed-in user, but with access limited by the selected permission. This type of permission can be granted by a user unless the permission requires administrator consent.
Reference
- Azure > Active Directory > Develop > Quickstart: Configure a client application to access a web API
AZ-500 Question 153
Question
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company’s Azure subscription is linked to their Azure Active Directory (Azure AD) tenant.
After an internally developed application is registered in Azure AD, you are tasked with making sure that the application has the ability to access Azure Key Vault secrets on application the users’ behalf.
Solution: You configure a delegated permission with admin consent.
Does the solution meet the goal?
A. Yes
B. No
Answer
B. No
AZ-500 Question 154
Question
You have been tasked with making sure that you are able to modify the operating system security configurations via Azure Security Center.
To achieve your goal, you need to have the correct pricing tier for Azure Security Center in place.
Which of the following is the pricing tier required?
A. Advanced
B. Premium
C. Standard
D. Free
Answer
C. Standard
Reference
- Azure > Security > Microsoft Defender for Cloud > Microsoft Defender for Cloud’s enhanced security features
AZ-500 Question 155
Question
Your company’s Azure subscription includes a hundred virtual machines that have Azure Diagnostics enabled.
You have been tasked with analyzing the security events of a Windows Server 2016 virtual machine. You have already accessed Azure Monitor.
Which of the following options should you use?
A. Application Log
B. Metrics
C. Activity Log
D. Logs
Answer
D. Logs
Explanation
Log Integration collects Azure diagnostics from your Windows virtual machines, Azure activity logs, Azure Security Center alerts, and Azure resource provider logs. This integration provides a unified dashboard for all your assets, whether they’re on-premises or in the cloud, so that you can aggregate, correlate, analyze, and alert for security events.
Reference
- Azure > Security > Fundamentals > Azure security logging and auditing
AZ-500 Question 156
Question
Your company’s Azure subscription includes a hundred virtual machines that have Azure Diagnostics enabled.
You have been tasked with retrieving the identity of the user that removed a virtual machine fifteen days ago. You have already accessed Azure Monitor.
Which of the following options should you use?
A. Application Log
B. Metrics
C. Activity Log
D. Logs
Answer
C. Activity Log
Explanation
Azure activity logs provide insight into the operations that were performed on resources in your subscription. Activity logs were previously known as “audit logs” or “operational logs,” because they report control-plane events for your subscriptions.
Reference
- Azure > Security > Fundamentals > Azure security logging and auditing
AZ-500 Question 157
Question
Your company’s Azure subscription includes an Azure Log Analytics workspace.
Your company has a hundred on-premises servers that run either Windows Server 2012 R2 or Windows Server 2016, and is linked to the Azure Log Analytics workspace. The Azure Log Analytics workspace is set up to gather performance counters associated with security from these linked servers.
You have been tasked with configuring alerts according to the information gathered by the Azure Log Analytics workspace.
You have to make sure that alert rules allow for dimensions, and that alert creation time should be kept to a minimum. Furthermore, a single alert notification must be created when the alert is created and when the alert is sorted out.
You need to make use of the necessary signal type when creating the alert rules.
Which of the following is the option you should use?
A. You should make use of the Activity log signal type.
B. You should make use of the Application Log signal type.
C. You should make use of the Metric signal type.
D. You should make use of the Audit Log signal type.
Answer
C. You should make use of the Metric signal type.
Explanation
Metric alerts in Azure Monitor provide a way to get notified when one of your metrics cross a threshold. Metric alerts work on a range of multi-dimensional platform metrics, custom metrics, Application Insights standard and custom metrics.
Note: Signals are emitted by the target resource and can be of several types. Metric, Activity log, Application Insights, and Log.
Reference
- Azure > Azure Monitor > Create, view, and manage metric alerts using Azure Monitor
AZ-500 Question 158
Question
After creating a new Azure subscription, you are tasked with making sure that custom alert rules can be created in Azure Security Center.
You have created an Azure Storage account.
Which of the following is the action you should take?
A. You should make sure that Azure Active Directory (Azure AD) Identity Protection is removed.
B. You should create a DLP policy.
C. You should create an Azure Log Analytics workspace.
D. You should make sure that Security Center has the necessary tier configured.
Answer
C. You should create an Azure Log Analytics workspace.
Reference
- Azure > Security > Microsoft Defender for Cloud > What is Microsoft Defender for Cloud?
AZ-500 Question 159
Question
Your company uses Azure DevOps with branch policies configured.
Which of the following is TRUE with regards to branch policies? (Choose all that apply.)
A. It enforces your team’s change management standards.
B. It controls who can read and update the code in a branch.
C. It enforces your team’s code quality.
D. It places a branch into a read-only state.
Answer
A. It enforces your team’s change management standards.
C. It enforces your team’s code quality.
Explanation
Branch policies help teams protect their important branches of development. Policies enforce your team’s code quality and change management standards.
Reference
- Azure Repos > Git > Branches & forks > Manage branches > Branch policies and settings
AZ-500 Question 160
Question
You have a sneaking suspicion that there are users trying to sign in to resources which are inaccessible to them.
You decide to create an Azure Log Analytics query to confirm your suspicions. The query will detect unsuccessful user sign-in attempts from the last few days.
You want to make sure that the results only show users who had failed to sign-in more than five times.
Which of the following should be included in your query?
A. The EventID and CountIf() parameters.
B. The ActivityID and CountIf() parameters.
C. The EventID and Count() parameters.
D. The ActivityID and Count() parameters.
Answer
C. The EventID and Count() parameters.
Reference
- Azure > Azure Data Explorer > Kusto > Kusto Query Language > Samples for Kusto Queries