Skip to Content

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers – 2

The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers

Question 111

Question

HOTSPOT –
Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. The tenant contains the users shown in the following table.

Name Source
User1 Azure AD
User2 Azure AD
User3 On-premises Active Directory

The tenant contains the groups shown in the following table.

Name Members
Group1 User1, User2, User3
Group2 User2

You configure a multi-factor authentication (MFA) registration policy that has the following settings:

  • Assignments:
    • Include: Group1
    • Exclude: Group2
  • Controls: Require Azure MFA registration
  • Enforce Policy: On

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Statements

  • User1 will be prompted to configure MFA registration during the user’s next Azure AD authentication.
  • User2 must configure MFA during the user’s next Azure AD authentication.
  • User3 will be prompted to configure MFA registration during the user’s next Azure AD authentication.

Answer

  • User1 will be prompted to configure MFA registration during the user’s next Azure AD authentication: Yes
  • User2 must configure MFA during the user’s next Azure AD authentication: No
  • User3 will be prompted to configure MFA registration during the user’s next Azure AD authentication: Yes

Question 112

Question

You have an Azure subscription that contains virtual machines.
You enable just in time (JIT) VM access to all the virtual machines.
You need to connect to a virtual machine by using Remote Desktop.
What should you do first?

A. From Azure Directory (Azure AD) Privileged Identity Management (PIM), activate the Security administrator user role.
B. From Azure Active Directory (Azure AD) Privileged Identity Management (PIM), activate the Owner role for the virtual machine.
C. From the Azure portal, select the virtual machine, select Connect, and then select Request access.
D. From the Azure portal, select the virtual machine and add the Network Watcher Agent virtual machine extension.

Answer

C. From the Azure portal, select the virtual machine, select Connect, and then select Request access.

Reference

Question 113

Question

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Sub1.
You have an Azure Storage account named sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in sa1 by using several shared access signatures (SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to sa1.
Solution: You generate new SASs.
Does this meet the goal?

A. Yes
B. No

Answer

B. No

Explanation

Instead you should create a new stored access policy.
To revoke a stored access policy, you can either delete it, or rename it by changing the signed identifier. Changing the signed identifier breaks the associations between any existing signatures and the stored access policy. Deleting or renaming the stored access policy immediately affects all of the shared access signatures associated with it.

Reference

Question 114

Question

You have an Azure subscription.
You configure the subscription to use a different Azure Active Directory (Azure AD) tenant.
What are two possible effects of the change? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Role assignments at the subscription level are lost.
B. Virtual machine managed identities are lost.
C. Virtual machine disk snapshots are lost.
D. Existing Azure resources are deleted.

Answer

A. Role assignments at the subscription level are lost.
B. Virtual machine managed identities are lost.

Reference

Question 115

Question

HOTSPOT –
You work at a company named Contoso, Ltd. that has the offices shown in the following table.

Name IP address space
Boston 180.15.10.0/24
Seattle 132.32.15.0/24

Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com. All contoso.com users have Azure Multi-Factor Authentication (MFA) enabled. The tenant contains the users shown in the following table.

Name User device Last sign-in During last sign-in, user selected
Don’t ask again for 14 days
User1 Device1 June 1 Yes
User2 Device2 June 3 No

The multi-factor authentication settings for contoso.com are configured as shown in the following exhibit.

The multi-factor authentication settings for contoso.com are configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Statements:

  • When User1 signs in to Device1 from the Seattle office on June 10, the user will be prompted for MFA.
  • When User2 signs in to Device2 from the Boston office on June 5, the user will be prompted for MFA.
  • When User1 signs in to a new device from the Seattle office on June 7, the user will be prompted for MFA.

Answer

  • When User1 signs in to Device1 from the Seattle office on June 10, the user will be prompted for MFA: No
  • When User2 signs in to Device2 from the Boston office on June 5, the user will be prompted for MFA: Yes
  • When User1 signs in to a new device from the Seattle office on June 7, the user will be prompted for MFA: Yes

Question 116

Question

HOTSPOT –
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

Name Multi-factor authentication (MFA) status
User1 Disabled
User2 Disabled
User3 Enforced

In Azure AD Privileged Identity Management (PIM), the Role settings for the Contributor role are configured as shown in the exhibit. (Click the Exhibit tab.)

In Azure AD Privileged Identity Management (PIM), the Role settings for the Contributor role are configured as shown in the exhibit. (Click the Exhibit tab.)

You assign users the Contributor role on May 1, 2019 as shown in the following table.

Name Assignment type
User1 Eligible
User2 Active
User3 Active

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Statements:

  • On May 15, 2019, User1 can activate the Contributor role.
  • On May 15, 2019, User2 can use the Contributor role.
  • On June 15, 2019, User3 can activate the Contributor role.

Answer

  • On May 15, 2019, User1 can activate the Contributor role: Yes
  • On May 15, 2019, User2 can use the Contributor role: Yes
  • On June 15, 2019, User3 can activate the Contributor role: Yes

Reference

Question 117

Question

HOTSPOT –
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

Name Member of Multi-factor authentication (MFA) status
User1 Group1, Group2 Enabled
User2 Group1 Disabled
User3 Group1 Disabled

You create and enforce an Azure AD Identity Protection sign-in risk policy that has the following settings:

  • Assignments: Include Group1, exclude Group2
  • Conditions: Sign-in risk level: Medium and above
  • Access: Allow access, Require multi-factor authentication

You need to identify what occurs when the users sign in to Azure AD.
What should you identify for each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

When User1 signs in from an anonymous IP address, the user will:

  • Be blocked
  • Be prompted for MFA
  • Sign in by using a username and password only

When User2 signs in from an unfamiliar location, the user will:

  • Be blocked
  • Be prompted for MFA
  • Sign in by using a username and password only

When User3 signs in from an infected device, the user will:

  • Be blocked
  • Be prompted for MFA
  • Sign in by using a username and password only

Answer

When User1 signs in from an anonymous IP address, the user will be prompted for MFA
When User2 signs in from an unfamiliar location, the user will be blocked
When User3 signs in from an infected device, the user will be blocked

Reference

Question 118

Question

SIMULATION –
You need to create a new Azure Active Directory (Azure AD) directory named 18928238.onmicrosoft.com and a user named User1 in the new directory.
To complete this task, sign in to the Azure portal.

Answer

See the explanation below.

Explanation

Step 1: Create an Azure Active Directory tenant
1. Browse to the Azure portal and sign in with an account that has an Azure subscription.
2. Select the plus icon (+) and search for Azure Active Directory.

Select the plus icon (+) and search for Azure Active Directory.

3. Select Azure Active Directory in the search results.

Select Azure Active Directory in the search results.

4. Select Create.
5. Provide an Organization name and an Initial domain name (18928238). Then select Create. Your directory is created.

Provide an Organization name and an Initial domain name (18928238). Then select Create. Your directory is created.

6. After directory creation is complete, select the information box to manage your new directory. Next, you’re going to add tenant users.

Step 2: Create an Azure Active Directory tenant user
7. In the Azure portal, make sure you are on the Azure Active Directory fly out.

In the Azure portal, make sure you are on the Azure Active Directory fly out.

8. Under Manage, select Users.

Under Manage, select Users.

9. Select All users and then select + New user.
10. Provide a Name and User name (user1) for the regular user tenant. You can also show the temporary password. When you’re done, select Create.

Name: user1 –
User name: [email protected]

User name: user1@18928238.onmicrosoft.com

Reference

Question 119

Question

SIMULATION –
The developers at your company plan to create a web app named App10598168 and to publish the app to https://www.contoso.com.
You need to perform the following tasks:

  • Ensure that App10598168 is registered to Azure Active Directory (Azure AD).
  • Generate a password for App10598168.

To complete this task, sign in to the Azure portal.

Answer

See the explanation below.

Explanation

Step 1: Register the Application
1. Sign in to your Azure Account through the Azure portal.
2. Select Azure Active Directory.
3. Select App registrations.
4. Select New registration.
5. Name the application App10598168 . Select a supported account type, which determines who can use the application. Under Redirect URI, select Web for the type of application you want to create. Enter the URI: https://www.contoso.com , where the access token is sent to.

Name the application App10598168 . Select a supported account type, which determines who can use the application. Under Redirect URI, select Web for the type of application you want to create.

6. Click Register

Step 2: Create a new application secret
If you choose not to use a certificate, you can create a new application secret.
7. Select Certificates & secrets.
8. Select Client secrets -> New client secret.
9. Provide a description of the secret, and a duration. When done, select Add.

After saving the client secret, the value of the client secret is displayed. Copy this value because you aren’t able to retrieve the key later. You provide the key value with the application ID to sign in as the application. Store the key value where your application can retrieve it.

Reference

Question 120

Question

HOTSPOT –
Your company has an Azure subscription named Subscription1 that contains the users shown in the following table.

Name Role
User1 Global administrator
User2 Billing administrator
User3 Owner
User4 Account Admin

The company is sold to a new owner.
The company needs to transfer ownership of Subscription1.
Which user can transfer the ownership and which tool should the user use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

User:

  • User1
  • User2
  • User3
  • User4

Tool:

  • Azure Account Center
  • Azure Cloud Shell
  • Azure PowerShell
  • Azure Security Center

Answer

User: User2
Tool: Azure Account Center

Explanation

Box 1; User2 –
Billing Administrator –
Select Transfer billing ownership for the subscription that you want to transfer.
Enter the email address of a user who’s a billing administrator of the account that will be the new owner for the subscription.

Box 2: Azure Account Center –
Azure Account Center can be used.

Reference

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker