Skip to Content

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers – 2

The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers

Question 101

Question

You have an Azure subscription named Subcription1 that contains an Azure Active Directory (Azure AD) tenant named contoso.com and a resource group named RG1.
You create a custom role named Role1 for contoso.com.
Where you can use Role1 for permission delegation?

A. contoso.com only
B. contoso.com and RG1 only
C. contoso.com and Subscription1 only
D. contoso.com, RG1, and Subscription1

Answer

D. contoso.com, RG1, and Subscription1

Question 102

Question

SIMULATION –
You need to create a new Azure Active Directory (Azure AD) directory named 10317806.onmicrosoft.com. The new directory must contain a user named user10317806 who is configured to sign in by using Azure Multi-Factor Authentication (MFA).

Answer

See the explanation below.

Explanation

To create a new Azure AD tenant:
1. Browse to the Azure portal and sign in with an account that has an Azure subscription.
2. Select the plus icon (+) and search for Azure Active Directory.

Select the plus icon (+) and search for Azure Active Directory.

3. Select Azure Active Directory in the search results.

Select Azure Active Directory in the search results.

4. Select Create.

5. Provide an Organization name (10317806) and an Initial domain name (10317806). Then select Create. This will create the directory named 10317806.onmicrosoft.com.

Provide an Organization name and an Initial domain name (18928238). Then select Create. Your directory is created.

6. After directory creation is complete, select the information box to manage your new directory.

To create the user:
1. In the Azure portal, make sure you are on the Azure Active Directory fly out.

In the Azure portal, make sure you are on the Azure Active Directory fly out.

If not, select the Azure Active Directory icon from the left services navigation.

If not, select the Azure Active Directory icon from the left services navigation.

2. Under Manage, select Users.

Under Manage, select Users.

3. Select All users and then select + New user.
4. Provide a Name and User name (user10317806) for the user. When you’re done, select Create.

To enable MFA:
1. In the Azure portal, make sure you are on the Azure Active Directory fly out.

In the Azure portal, make sure you are on the Azure Active Directory fly out.

If not, select the Azure Active Directory icon from the left services navigation.

If not, select the Azure Active Directory icon from the left services navigation.

2. Under Manage, select Users.

Under Manage, select Users.

3. Click on the Multi-Factor Authentication link.
4. Tick the checkbox next to the user’s name and click the Enable link.

Reference

Question 103

Question

You have the Azure virtual machines shown in the following table.

Name Location Connected to
VM1 West US 2 VNET1/Subnet1
VM2 West US 2 VNET1/Subnet1
VM3 West US 2 VNET1/Subnet2
VM4 East US 2 VNET2/Subnet3
VM5 West US 2 VNET5/Subnet5

Each virtual machine has a single network interface.
You add the network interface of VM1 to an application security group named ASG1.
You need to identify the network interfaces of which virtual machines you can add to ASG1.
What should you identify?

A. VM2 only
B. VM2 and VM3 only
C. VM2, VM3, VM4, and VM5
D. VM2, VM3, and VM5 only

Answer

B. VM2 and VM3 only

Reference

Question 104

Question

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant and a user named User1.
The App registrations settings for the tenant are configured as shown in the following exhibit.

The App registrations settings for the tenant are configured as shown in the following exhibit.

You plan to deploy an app named App1.
You need to ensure that User1 can register App1 in Azure AD. The solution must use the principle of least privilege.
Which role should you assign to User1?

A. App Configuration Data Owner for the subscription
B. Managed Application Contributor for the subscription
C. Cloud application administrator in Azure AD
D. Application developer in Azure AD

Answer

D. Application developer in Azure AD

Reference

Question 105

Question

You have an Azure subscription that is associated with an Azure Active Directory (Azure AD) tenant.
When a developer attempts to register an app named App1 in the tenant, the developer receives the error message shown in the following exhibit.

You need to ensure that the developer can register App1 in the tenant.
What should you do for the tenant?
A. Modify the Directory properties.
B. Set Enable Security defaults to Yes.
C. Configure the Consent and permissions settings for enterprise applications.
D. Modify the User settings.

Answer

D. Modify the User settings.

Reference

Question 106

Question

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named User1.
You plan to publish several apps in the tenant.
You need to ensure that User1 can grant admin consent for the published apps.
Which two possible user roles can you assign to User1 to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Security administrator
B. Cloud application administrator
C. Application administrator
D. User administrator
E. Application developer

Answer

B. Cloud application administrator
C. Application administrator

Reference

Question 107

Question

HOTSPOT –
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

Name Type In resource group
8372f433-2dcd-4361-b5ef-5b188fed87d0 Subscription ID Not applicable
RG1 Resource group Not applicable
VM1 Virtual machine RG1
VNET1 Virtual network RG1
storage1 Storage account RG1
User1 User account Not applicable

You create an Azure role by using the following JSON file.

You create an Azure role by using the following JSON file.

You assign Role1 to User1 for RG1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Statements:

  • User1 can create a new virtual machine in RG1.
  • User1 can modify the properties of storage1.
  • User1 can attach the network interface of VM1 to VNET1.

Answer

  • User1 can create a new virtual machine in RG1: Yes
  • User1 can modify the properties of storage1: No
  • User1 can attach the network interface of VM1 to VNET1: No

Reference

  • Azure > Role-based access control > Azure built-in roles > Compute

Question 108

Question

You have an Azure Active Directory (Azure AD) tenant.
You have the deleted objects shown in the following table.

Name Type Deleted on
Group1 Security group April 5, 2020
Group2 Office 365 group April 5, 2020
User1 User March 25, 2020
User2 User April 30, 2020

On May 4, 2020, you attempt to restore the deleted objects by using the Azure Active Directory admin center.
Which two objects can you restore? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Group1
B. Group2
C. User2
D. User1

Answer

B. Group2
C. User2

Explanation

Deleted users and deleted Office 365 groups are available for restore for 30 days.
You cannot restore a deleted security group.

Reference

Question 109

Question

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
The User administrator role is assigned to a user named Admin1.
An external partner has a Microsoft account that uses the [email protected] sign in.
Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: `Unable to invite user [email protected] Generic authorization exception.`
You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.
What should you do?

A. From the Roles and administrators blade, assign the Security administrator role to Admin1.
B. From the Organizational relationships blade, add an identity provider.
C. From the Custom domain names blade, add a custom domain.
D. From the Users blade, modify the External collaboration settings.

Answer

D. From the Users blade, modify the External collaboration settings.

Explanation

You need to allow guest invitations in the External collaboration settings.

Question 110

Question

SIMULATION –
The developers at your company plan to publish an app named App11641655 to Azure.
You need to ensure that the app is registered to Azure Active Directory (Azure AD). The registration must use the sign-on URLs of https://app.contoso.com.
To complete this task, sign in to the Azure portal and modify the Azure resources.

Answer

See the explanation below.

Explanation

Step 1: Register the Application
1. Sign in to your Azure Account through the Azure portal.
2. Select Azure Active Directory.
3. Select App registrations.
4. Select New registration.
5. Name the application App11641655. Select a supported account type, which determines who can use the application. Under Redirect URI, select Web for the type of application you want to create. Enter the URI: https://app.contoso.com, where the access token is sent to.

5. Name the application App11641655. Select a supported account type, which determines who can use the application. Under Redirect URI, select Web for the type of application you want to create. Enter the URI: https://app.contoso.com , where the access token is sent to.

6. Click Register

Reference

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker