Skip to Content

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers – 3 Part 2

By: Author Alex Lim

Posted on

Categories Exam

The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers

Question 221

You have an Azure subscription that contains an Azure Sentinel workspace.
Azure Sentinel is configured to ingest logs from several Azure workloads. A third-party service management platform is used to manage incidents.
You need to identify which Azure Sentinel components to configure to meet the following requirements:
When Azure Sentinel identifies a threat, an incident must be created.
A ticket must be logged in the service management platform when an incident is created in Azure Sentinel.
Which component should you identify for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

When Azure Sentinel identifies a threat, an incident must be created:

  • Analytics
  • Data connectors
  • Playbooks
  • Workbooks

A ticket must be logged in the service management platform when an incident is created in Azure Sentinel:

  • Analytics
  • Data connectors
  • Playbooks
  • Workbooks

Answer

When Azure Sentinel identifies a threat, an incident must be created: Analytics
A ticket must be logged in the service management platform when an incident is created in Azure Sentinel: Playbooks

Question 222

You create a new Azure subscription.
You need to ensure that you can create custom alert rules in Azure Security Center.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Onboard Azure Active Directory (Azure AD) Identity Protection.
B. Create an Azure Storage account.
C. Implement Azure Advisor recommendations.
* D. Create an Azure Log Analytics workspace.
* E. Upgrade the pricing tier of Security Center to Standard.

Explanation

You need write permission in the workspace that you select to store your custom alert.

Question 223

Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username: [email protected]
Azure Password: Ag1Bh9!#Bd
The following information is for technical support purposes only:
Lab Instance: 10598168

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your username, place your cursor in the Sign in box and click on the username below.

You need to email an alert to a user named [email protected] if the average CPU usage of a virtual machine named VM1 is greater than 70 percent for a period of 15 minutes.
To complete this task, sign in to the Azure portal.

Explanation

Create an alert rule on a metric with the Azure portal

  1. In the portal, locate the resource, here VM1, you are interested in monitoring and select it.
  2. Select Alerts (Classic) under the MONITORING section. The text and icon may vary slightly for different resources.
  3. Select the Add metric alert (classic) button and fill in the fields as per below, and click OK.

Metric: CPU Percentage
Condition: Greater than
Period: Over last 15 minutes
Notify via: email
Additional administrator email(s): [email protected]

Select the Add metric alert (classic) button and fill in the fields as per below, and click OK.

Question 224

You have an Azure subscription named Sub1 that contains an Azure Log Analytics workspace named LAW1.
You have 100 on-premises servers that run Windows Server 2012 R2 and Windows Server 2016. The servers connect to LAW1. LAW1 is configured to collect security-related performance counters from the connected servers.
You need to configure alerts based on the data collected by LAW1. The solution must meet the following requirements:

  • Alert rules must support dimensions.
  • The time it takes to generate an alert must be minimized.
  • Alert notifications must be generated only once when the alert is generated and once when the alert is resolved.

Which signal type should you use when you create the alert rules?

A. Log
B. Log (Saved Query)
* C. Metric
D. Activity Log

Explanation

Metric alerts in Azure Monitor provide a way to get notified when one of your metrics cross a threshold. Metric alerts work on a range of multi-dimensional platform metrics, custom metrics, Application Insights standard and custom metrics.
Note: Signals are emitted by the target resource and can be of several types. Metric, Activity log, Application Insights, and Log.

Question 225

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create a resource graph and an assignment that is scoped to a management group.
Does this meet the goal?

A. Yes
* B. No

Question 226

You have an Azure subscription named Subcription1 that contains an Azure Active Directory (Azure AD) tenant named contosos.com and a resource group named RG1.
You create a custom role named Role1 for contoso.com.
You need to identify where you can use Role1 for permission delegation.
What should you identify?

* A. contoso.com only
B. contoso.com and RGT only
C. contoso.com and Subscription1 only
D. contoso.com, RG1, and Subcription1

Question 227

You have an Azure subscription named Sub1 that contains the Azure key vaults shown in the following table.

Name Region Resource group
Vault1 West Europe RG1
Vault2 East US RG1
Vault3 West Europe RG2
Vault4 East US RG2

In Sub1, you create a virtual machine that has the following configurations:

  • Name: VM1
  • Size: DS2v2
  • Resource group: RG1
  • Region: West Europe
  • Operating system: Windows Server 2016

You plan to enable Azure Disk Encryption on VM1.
In which key vaults can you store the encryption key for VM1?

* A. Vault1 or Vault3 only
B. Vault1, Vault2, Vault3, or Vault4
C. Vault1 only
D. Vault1 or Vault2 only

Explanation

Your key vault and VMs must be in the same subscription. Also, to ensure that encryption secrets don’t cross regional boundaries, Azure Disk Encryption requires the Key Vault and the VMs to be co-located in the same region.

Question 228

On Monday, you configure an email notification in Azure Security Center to notify user [email protected].
On Tuesday, Security Center generates the security alerts shown in the following table.

Time Description Severity
01:00 Failed RDP brute force attack Medium
01:01 Successful RDP brute force attack High
06:10 Suspicious process executed High
09:00 Malicious SQL activity High
11:15 Network communication with a malicious machine detected Low
13:30 Suspicious process executed High
14:00 Failed RDP attack Medium
16:01 Successful RDP brute force attack High
23:20 Possible outgoing spam activity detected Low
23:25 Modified system binary discovered in dump file High
23:30 Malicious SQL activity High

How many email notifications will [email protected] receive on Tuesday? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Total number of Security Center email notifications about an RDP brute force attack on Tuesday:

  • 1
  • 2
  • 3
  • 4

Total number of Security Center email notifications on Tuesday:

  • 3
  • 4
  • 6
  • 9
  • 11

Answer

Total number of Security Center email notifications about an RDP brute force attack on Tuesday: 4
Total number of Security Center email notifications on Tuesday: 11

Question 229

You have an Azure subscription name Sub1 that contains an Azure Policy definition named Policy1. Policy1 has the following settings:

  • Definition location: Tenant Root Group
  • Category: Monitoring

You need to ensure that resources that are noncompliant with Policy1 are listed in the Azure Security Center dashboard.
What should you do first?

A. Change the Category of Policy1 to Security Center.
B. Add Policy1 to a custom initiative.
C. Change the Definition location of Policy1 to Sub1.
* D. Assign Policy1 to Sub1.

Question 230

Which virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Virtual networks that User2 can modify:

  • VNET4 only
  • VNET4 and VNET1 only
  • VNET4, VNET3, and VNET1 only
  • VNET4, VNET3, VNET2, and VNET1

Virtual networks that User2 can delete:

  • VNET4 only
  • VNET4 and VNET1 only
  • VNET4, VNET3, and VNET1 only
  • VNET4, VNET3, VNET2, and VNET1

Answer

Virtual networks that User2 can modify: VNET4 and VNET1 only
Virtual networks that User2 can delete: VNET4 only