Skip to Content

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers – 4 Part 1

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam, Microsoft

The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers

AZ-500 Question 251

Question

Your organization has a Microsoft SQL Server 2019 database. The database is hosted on an Azure virtual machine (VM). There is a web application that uses the database as its data store. The page speed of customers shopping is cart is noticeably slow. What will you do if you want tp know what stored is being called when customers access this page?

A. Choose Display Estimated Execution Plan from the Query menu.
B. Choose Include Actual Execution Plan from the Query menu.
C. Create a SQL Server Profiler trace.
D. Call the SET SHOWPLAN TEXT statement in Query Analyzer.

Answer

C. Create a SQL Server Profiler trace.

AZ-500 Question 252

Question

You work for a company running five Windows Server 2012 R2 virtual machines (VMs). The VMs are located in the Azure West Europe region. The VMs were originally deployed from the Azure marketplace. There is presently a n antivirus solution installed and is expected to become end of life soon. The company wants to now replace the old antivirus solution with Microsoft Antimalware. You are required to enable Microsoft Antimalware on each VM and do it with zero manual interaction. What would be your next step of action?

A. Add the Microsoft Antimalware extension on each VM using the Azure portal.
B. Download the Microsoft Antimalware MSI package and install it manually on each VM.
C. Use the Install-WindowsFeature command on each VM to install the Microsoft Antimalware feature.
D. Download the Microsoft Antimalware MSI package and install it on each VM by using the Desired State Configuration (DSC).

Answer

A. Add the Microsoft Antimalware extension on each VM using the Azure portal.

AZ-500 Question 253

Question

There are six Azure virtual machines (VMs)in your organization. The VMs are running Linux. Your organization has a line-of-business (LOB) application and these six VMs form the web tier of this LOB application. You want the key application services to start programmatically. Which of the following do you think you should use?

A. Application security group (ASG).
B. Custom script extension.
C. Webjob.
D. Login App.

Answer

B. Custom script extension.

AZ-500 Question 254

Question

Your organization stores Docker images for internal development using Azure Container Registry. You are required to configure the registry in such a way that a registry name is needed by developers to log into the registry and an access key is required as the password. What would be your step of action?

A. Create a system-assigned managed identity.
B. Define a service endpoint for the registry.
C. Assign the developers to the AcrPull role-based access control (RBAC) role.
D. Enable the admin user in the registry.

Answer

D. Enable the admin user in the registry.

AZ-500 Question 255

Question

VNet1 is an Azure virtual network (VNet) where several development servers of the company are running. There development team has numerous Docker images stored in a private repository. These container images are planned to be deployed in Azure using Azure Container Instances (ACI). You need to restrict access to these containers to VNet1. What will be your next step of action?

A. Deploy the container instances into VNet1.
B. Use a managed identity with the container instances.
C. Modify the role-based access control (RBAC) permissions on the container instances.
D. Add a Domain Name System (DNS) name label to each container instance.

Answer

A. Deploy the container instances into VNet1.

AZ-500 Question 256

Question

HotSpot
You have an Azure Sentinel workspace that has the following data connectors:

  • Azure Active Directory Identity Protection
  • Common Event Format (CEF)
  • Azure Firewall

You need to ensure that data is being ingested from each connector. From the Logs query window, which table should you query for each connector? (To answer, select the appropriate options in the answer area.)

Azure Active Directory Identity Protection:

  • AzureDiagnostics
  • CommonSecurityLog
  • SecurityAlert
  • SecurityEvent
  • Syslog

Azure Firewall:

  • AzureDiagnostics
  • CommonSecurityLog
  • SecurityAlert
  • SecurityEvent
  • Syslog

CEF:

  • AzureDiagnostics
  • CommonSecurityLog
  • SecurityAlert
  • SecurityEvent
  • Syslog

Answer

Azure Active Directory Identity Protection: SecurityAlert
Azure Firewall: AzureDiagnostics
CEF: CommonSecurityLog

Explanation

AZ-500 Question 257

Question

You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. You are assigned the Global administrator role for the tenant. You are responsible for managing Azure Security Center settings. You need to create a custom sensitivity label. What should you do first?

A. Create a custom sensitive information type.
B. Elevate access for global administrators in Azure AD.
C. Upgrade the pricing tier of the Security Center to Standard.
D. Enable integration with Microsoft Cloud App Security.

Answer

A. Create a custom sensitive information type.

Explanation

First, you need to create a new sensitive information type because you can’t directly modify the default rules.

Reference

AZ-500 Question 258

Question

You have an Azure subscription named Sub1. In Azure Security Center, you have a security playbook named Play1. Play1 is configured to send an email message to a user named User1. You need to modify Play1 to send email messages to a distribution group named Alerts. What should you use to modify Play1?

A. Azure DevOps
B. Azure Application Insights
C. Azure Monitor
D. Azure Logic Apps Designer

Answer

D. Azure Logic Apps Designer

Explanation

You can change an existing playbook in Security Center to add an action, or conditions. To do that you just need to click on the name of the playbook that you want to change, in the Playbooks tab, and Logic App Designer opens up.

Reference

AZ-500 Question 259

Question

You have an Azure SQL database. You implement Always Encrypted. You need to ensure that application developers can retrieve and decrypt data in the database. Which two pieces of information should you provide to the developers? (Each correct answer presents part of the solution. Choose two.)

A. a stored access policy
B. a shared access signature (SAS)
C. the column encryption key
D. user credentials
E. the column master key

Answer

C. the column encryption key
E. the column master key

Explanation

Always Encrypted uses two types of keys: column encryption keys and column master keys. A column encryption key is used to encrypt data in an encrypted column. A column master key is a key-protecting key that encrypts one or more column encryption keys.

Reference

AZ-500 Question 260

Question

Your company uses Azure DevOps. You need to recommend a method to validate whether the code meets the company’s quality standards and code review standards. What should you recommend implementing in Azure DevOps?

A. branch folders
B. branch permissions
C. branch policies
D. branch locking

Answer

C. branch policies

Explanation

Branch policies help teams protect their important branches of development. Policies enforce your team’s code quality and change management standards.

Reference