The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.
Table of Contents
- AZ-500 Question 161
- Question
- Answer
- Reference
- AZ-500 Question 162
- Question
- Answer
- Reference
- AZ-500 Question 163
- Question
- Answer
- AZ-500 Question 164
- Question
- Answer
- Reference
- AZ-500 Question 165
- Question
- Answer
- Explanation
- Reference
- AZ-500 Question 166
- Question
- Answer
- Reference
- AZ-500 Question 167
- Question
- Answer
- Reference
- AZ-500 Question 168
- Question
- Answer
- Reference
- AZ-500 Question 169
- Question
- Answer
- Reference
- AZ-500 Question 170
- Question
- Answer
- Reference
AZ-500 Question 161
Question
You have a sneaking suspicion that there are users trying to sign in to resources which are inaccessible to them.
You decide to create an Azure Log Analytics query to confirm your suspicions. The query will detect unsuccessful user sign-in attempts from the last few days.
You want to make sure that the results only show users who had failed to sign-in more than five times.
Which of the following should be included in your query?
A. The EventID and CountIf() parameters.
B. The ActivityID and CountIf() parameters.
C. The EventID and Count() parameters.
D. The ActivityID and Count() parameters.
Answer
C. The EventID and Count() parameters.
Reference
- Azure > Azure Data Explorer > Kusto > Kusto Query Language > Samples for Kusto Queries
AZ-500 Question 162
Question
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has Azure subscription linked to their Azure Active Directory (Azure AD) tenant.
As a Global administrator for the tenant, part of your responsibilities involves managing Azure Security Center settings.
You are currently preparing to create a custom sensitivity label.
Solution: You start by creating a custom sensitive information type.
Does the solution meet the goal?
A. Yes
B. No
Answer
A. Yes
Reference
- Microsoft 365 > Manage information protection > Customize a built-in sensitive information type
AZ-500 Question 163
Question
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has Azure subscription linked to their Azure Active Directory (Azure AD) tenant.
As a Global administrator for the tenant, part of your responsibilities involves managing Azure Security Center settings.
You are currently preparing to create a custom sensitivity label.
Solution: You start by altering the pricing tier of the Security Center.
Does the solution meet the goal?
A. Yes
B. No
Answer
B. No
AZ-500 Question 164
Question
You want to gather logs from a large number of Windows Server 2016 computers using Azure Log Analytics.
You are configuring an Azure Resource Manager template to deploy the Microsoft Monitoring Agent to all the servers automatically.
Which of the following should be included in the template? (Choose all that apply.)
A. WorkspaceID
B. AzureADApplicationID
C. WorkspaceKey
D. StorageAccountKey
Answer
A. WorkspaceID
C. WorkspaceKey
Reference
- Micrsoft Docs > Blog Archive > The Manageability Guys > Enabling the Microsoft Monitoring Agent in Windows JSON Templates
AZ-500 Question 165
Question
You need to consider the underlined segment to establish whether it is accurate.
You have configured an Azure Kubernetes Service (AKS) cluster in your testing environment.
You are currently preparing to deploy the cluster to the production environment.
After disabling HTTP application routing, you want to replace it with an application routing solution that allows for reverse proxy and TLS termination for AKS services via a solitary IP address.
You must create an AKS Ingress controller.
Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.
A. No adjustment required.
B. a network security group
C. an application security group
D. an Azure Basic Load Balancer
Answer
A. No adjustment required.
Explanation
An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and TLS termination for Kubernetes services.
Reference
AZ-500 Question 166
Question
You have an Azure virtual machine that runs Ubuntu 16.04-DAILY-LTS.
You plan to deploy and configure an Azure Key vault, and enable Azure Disk Encryption for the virtual machine.
Which of the following is TRUE with regards to Azure Disk Encryption for a Linux VM?
A. It is NOT supported for basic tier VMs.
B. It is NOT supported for standard tier VMs.
C. OS drive encryption for Linux virtual machine scale sets is supported.
D. Custom image encryption is supported.
Answer
A. It is NOT supported for basic tier VMs.
Reference
- Azure > Virtual Machines > Linux > Azure Disk Encryption scenarios on Linux VMs
AZ-500 Question 167
Question
You have an Azure virtual machine that runs Windows Server R2.
You plan to deploy and configure an Azure Key vault, and enable Azure Disk Encryption for the virtual machine.
Which of the following is TRUE with regards to Azure Disk Encryption for a Windows VM?
A. It is supported for basic tier VMs.
B. It is supported for standard tier VMs.
C. It is supported for VMs configured with software-based RAID systems.
D. It is supported for VMs configured with Storage Spaces Direct (S2D).
Answer
B. It is supported for standard tier VMs.
Reference
- Azure > Virtual Machines > Windows > Azure Disk Encryption scenarios on Windows VMs
AZ-500 Question 168
Question
You have been tasked with delegate administrative access to your company’s Azure key vault.
You have to make sure that a specific user is able to add and delete certificates in the key vault. You also have to make sure that access is assigned based on the principle of least privilege.
Which of the following options should you use to achieve your goal?
A. A key vault access policy
B. Azure policy
C. Azure AD Privileged Identity Management (PIM)
D. Azure DevOps
Answer
A. A key vault access policy
Reference
- Azure > Security > Key Vault > General > Azure Key Vault security
AZ-500 Question 169
Question
You have been tasked with delegate administrative access to your company’s Azure key vault.
You have to make sure that a specific user can set advanced access policies for the key vault. You also have to make sure that access is assigned based on the principle of least privilege.
Which of the following options should you use to achieve your goal?
A. Azure Information Protection
B. RBAC
C. Azure AD Privileged Identity Management (PIM)
D. Azure DevOps
Answer
B. RBAC
Reference
- Azure > Security > Key Vault > General > Azure Key Vault security
AZ-500 Question 170
Question
Your company has an Azure subscription that includes two virtual machines, named VirMac1 and VirMac2, which both have a status of Stopped (Deallocated).
The virtual machines belong to different resource groups, named ResGroup1 and ResGroup2.
You have also created two Azure policies that are both configured with the virtualMachines resource type. The policy configured for ResGroup1 has a policy definition of Not allowed resource types, while the policy configured for ResGroup2 has a policy definition of Allowed resource types.
You then create a Read-only resource lock on VirMac1, as well as a Read-only resource lock on ResGroup2.
Which of the following is TRUE with regards to the scenario? (Choose all that apply.)
A. You will be able to start VirMac1.
B. You will NOT be able to start VirMac1.
C. You will be able to create a virtual machine in ResGroup2.
D. You will NOT be able to create a virtual machine in ResGroup2.
Answer
B. You will NOT be able to start VirMac1.
C. You will be able to create a virtual machine in ResGroup2.
Reference
- Azure > Governance > Blueprints> Understand resource locking in Azure Blueprints