The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.
Question 241
You have an Azure Active Directory (Azure AD) tenant named contoso1812.onmicrosoft.com that contains the users shown in the following table.
| Name | Username | Type |
|---|---|---|
| User1 | [email protected] | Member |
| User2 | [email protected] | Member |
| User3 | [email protected] | Member |
| User4 | [email protected] | Guest |
You create an Azure Information Protection label named Label1. The Protection settings for Label1 are configured as shown in the exhibit. (Click the Exhibit tab.)
Label1 is applied to a file named File1.
For each of the following statements, select Yes if the statement is true, Otherwise, select No.
NOTE: Each correct selection is worth one point.
Statements:
- User1 can print File1.
- User3 can print File1.
- User4 can print File1.
Answer
- User1 can print File1: Yes
- User3 can print File1: Yes
- User4 can print File1: No
Question 242
You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as shown in the following table.
| Name | Operating system | Region | Resource group |
|---|---|---|---|
| VM1 | Windows Server 2012 | East US | RG1 |
| VM2 | Windows Server 2012 R2 | West US | RG1 |
| VM3 | Windows Server 2016 | West US | RG2 |
| VM4 | Ubuntu Server 18.04 LTS | West US | RG2 |
| VM5 | Red Hat Enterprise Linux 7.4 | East US | RG1 |
| VM6 | CentOS 7.5 | East US | RG1 |
You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6.
Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Update1:
- VM2 only
- VM4 only
- VM1 and VM2 only
- VM1, VM2, VM4, VM5, and VM6
Update2:
- VM5 only
- VM1 and VM5 only
- VM4 and VM5 only
- VM1, VM2, and VM5 only
- VM1, VM2, VM3, VM4, and VM5
Answer
Update1: VM2 only
Update2: VM1 and VM5 only
Question 243
SIMULATION –
You need to ensure that User2-11641655 has all the key permissions for KeyVault11641655.
To complete this task, sign in to the Azure portal and modify the Azure resources.
Explanation
- You need to assign the user the Key Vault Secrets Officer role.
- In the Azure portal, type Key Vaults in the search box, select Key Vaults from the search results then select KeyVault11641655. Alternatively, browse to Key Vaults in the left navigation pane.
- In the key vault properties, select Access control (IAM).
- In the Add a role assignment section, click the Add button.
- In the Role box, select the Key Vault Secrets Officer role from the drop-down list.
- In the Select box, start typing User2-11641655 and select User2-11641655 from the search results.
- Click the Save button to save the changes.
Question 244
You have an Azure SQL Database server named SQL1.
You plan to turn on Advanced Threat Protection for SQL1 to detect all threat detection types.
Which action will Advanced Threat Protection detect as a threat?
A. A user updates more than 50 percent of the records in a table.
* B. A user attempts to sign as SELECT * from table1.
C. A user is added to the db_owner database role.
D. A user deletes more than 100 records from the same table.
Explanation
Advanced Threat Protection can detect potential SQL injections: This alert is triggered when an active exploit happens against an identified application vulnerability to SQL injection. This means the attacker is trying to inject malicious SQL statements using the vulnerable application code or stored procedures.
Question 245
You have an Azure subscription named Subscription1 that contains a resource group named RG1 and the users shown in the following table.
You perform the following tasks:
Assign User1 the Network Contributor role for Subscription1.
Assign User2 the Contributor role for RG1.
To Subscription1 and RG1, you assign the following policy definition: External accounts with write permissions should be removed from your subscription.
What is the Compliance State of the policy assignments?
* A. The Compliance State of both policy assignments is Non-compliant.
B. The Compliance State of the policy assignment to Subscription1 is Compliant, and the Compliance State of the policy assignment to RG1 is Non-compliant.
C. The Compliance State of the policy assignment to Subscription1 is Non-compliant, and the Compliance State of the policy assignment to RG1 is Compliant.
D. The Compliance State of both policy assignments is Compliant.
Question 246
You have an Azure subscription.
You plan to create a storage account.
You need to use customer-managed keys to encrypt the tables in the storage account.
From Azure Cloud Shell, which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
Cmdlets:
- New-AzStorageAccountKey
- New-AzStorageTable
- Register-AzProviderFeature
- New-AzStorageAccount
- Register-AzResourceProvider
Answer
- New-AzStorageAccount
- New-AzStorageAccountKey
- New-AzStorageTable
Question 247
Note: scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create a policy definition and assignments that are scoped to resource groups.
Does this meet the goal?
A. Yes
* B. No
Question 248
You have an Azure key vault named KeyVault1 that contains the items shown in the following table.
| Name | Type |
|---|---|
| Item1 | Key |
| Item2 | Secret |
| Policy1 | Access policy |
In KeyVault, the following events occur in sequence:
- Item1 is deleted
- Administrator enables soft delete
- Item2 and Policy1 are deleted.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Statements:
- You can recover Policy1.
- You can add a new key named Item1.
- You can add a new secret named Item2.
Answer
- You can recover Policy1: No
- You can add a new key named Item1: Yes
- You can add a new secret named Item2: No
Question 249
You have an Azure Sentinel deployment. You need to create a scheduled query rule named Rule1. What should you use to define the query rule logic for Rule1?
A. a Transact-SQL statement
B. a JSON definition
C. GraphQL
* D. a Kusto query
Question 250
Your company has an Azure SQL database. The database also consists of sensitive data. You want the prevent sensitive data from appearing as plain text inside the database system. What would be your step of action?
A. Configure Dynamic Data Masking (DDM).
B. Enable Advanced Data Security (ADS).
* C. Configure Always Encrypted.
D. Enable Transparent Data Encryption (TDE).