The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.
Table of Contents
- AZ-500 Question 281
- Question
- Answer
- Reference
- AZ-500 Question 282
- Question
- Answer
- AZ-500 Question 283
- Question
- Answer
- AZ-500 Question 284
- Question
- Answer
- Explanation
- Reference
- AZ-500 Question 285
- Question
- Answer
- AZ-500 Question 286
- Question
- Answer
- AZ-500 Question 287
- Question
- Answer
- Reference
- AZ-500 Question 288
- Question
- Answer
- Explanation
- Reference
- AZ-500 Question 289
- Question
- Answer
- Reference
- AZ-500 Question 290
- Question
- Answer
- Reference
AZ-500 Question 281
Question
You plan to deploy an app that will modify the properties of Azure Active Directory (Azure AD) users by using Microsoft Graph. You need to ensure that the app can access Azure AD. What should you configure first?
A. a custom role-based access control (RBAC) role
B. an external identity
C. an Azure AD Application Proxy
D. an app registration
Answer
D. an app registration
Reference
- Azure > Active Directory > Develop > How and why applications are added to Azure AD
AZ-500 Question 282
Question
You have an Azure subscription that uses Microsoft Sentinel.
You need to create a Microsoft Sentinel notebook that will use the Guided Investigation – Anomaly Lookup template.
What should you create first?
A. an analytics rule
B. a Log Analytics workspace
C. an Azure Machine Learning workspace
D. a hunting query
Answer
A. an analytics rule
AZ-500 Question 283
Question
You have an Azure subscription that contains four Azure SQL managed instances.
You need to evaluate the vulnerability of the managed instances to SQL injection attacks.
What should you do first?
A. Create an Azure Sentinel workspace.
B. Enable Advanced Data Security.
C. Add the SQL Health Check solution to Azure Monitor.
D. Create an Azure Advanced Threat Protection (ATP) instance.
Answer
B. Enable Advanced Data Security.
AZ-500 Question 284
Question
You have an Azure subscription named Sub1.
In Azure Security Center, you have a security playbook named Play1. Play1 is configured to send an email message to a user named User1.
You need to modify Play1 to send email messages to a distribution group named Alerts.
What should you use to modify Play1?
A. Azure DevOps
B. Azure Application Insights
C. Azure Monitor
D. Azure Logic Apps Designer
Answer
D. Azure Logic Apps Designer
Explanation
You can change an existing playbook in Security Center to add an action, or conditions. To do that you just need to click on the name of the playbook that you want to change, in the Playbooks tab, and Logic App Designer opens up.
Reference
- Azure > Security > Microsoft Defender for Cloud > Automate responses to Microsoft Defender for Cloud triggers
AZ-500 Question 285
Question
You have an Azure Subscription that is linked to an Azure Active Directory (Azure AD). The tenant contains the users shown in the following table.
| Name | Role | Member of |
|---|---|---|
| User1 | Security administrator | Group1 |
| User2 | Network Contributor | Group2 |
| User3 | Key Vault Contributor | Group1, Group2 |
You have an Azure key vault named Vault1 that has Purge protection set to Disabled. Vault1 contains the access policies shown in the following table.
| Name | Key permission | Secret permission | Certificate permission |
|---|---|---|---|
| Group1 | Purge | Purge | Purge |
| Group2 | Select all | Select all | Select all |
You create role assignments for Vault1 as shown in the following table.
| Name | Role |
|---|---|
| User1 | None |
| User2 | Key Vault Reader |
| User3 | User Access Administrator |
For each of the following statements, Yes if the statement is true, Otherwise, select No.
NOTE: Each correct selection is worth one point.
Statements:
- User1 can set Purge protection to Enable for Vault1.
- User2 can configure firewalls and virtual networks for Vault1.
- User3 can add access policies for Vault1.
Answer
- User1 can set Purge protection to Enable for Vault1: Yes
- User2 can configure firewalls and virtual networks for Vault1: No
- User3 can add access policies for Vault1: No
AZ-500 Question 286
Question
You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.
You need to ensure that User1 can create and manage administrative units. The solution must use the principle of least privilege.
Which role should you assign to User1?
A. Privileged role administrator
B. Helpdesk administrator
C. Global administrator
D. Security administrator
Answer
A. Privileged role administrator
AZ-500 Question 287
Question
You have the Azure virtual machines shown in the following table.
| Name | Operating system | State |
|---|---|---|
| VM1 | Windows Server 2008 R2 Service Pack 1 (SP1) | Running |
| VM2 | Windows Server 2012 R2 | Running |
| VM3 | Windows Server 2016 | Stopped |
| VM4 | Ubuntu Server 18.04 LTS | Running |
For which virtual machine can you enable Update Management?
A. VM2 and VM3 only
B. VM2, VM3, and VM4 only
C. VM1, VM2, and VM4 only
D. VM1, VM2, VM3, and VM4
E. VM1, VM2, and VM3 only
Answer
C. VM1, VM2, and VM4 only
Reference
- Azure > Automation > Update Management overview
AZ-500 Question 288
Question
Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory Azure (Azure AD) tenant named contoso.com.
The company develops a mobile application named App1. App1 uses the OAuth 2 implicit grant type to acquire Azure AD access tokens.
You need to register App1 in Azure AD.
What information should you obtain from the developer to register the application?
A. a redirect URI
B. a reply URL
C. a key
D. an application ID
Answer
A. a redirect URI
Explanation
For Native Applications you need to provide a Redirect URI, which Azure AD will use to return token responses.
Reference
- Azure > Active Directory > Develop > Microsoft identity platform and OAuth 2.0 authorization code flow
AZ-500 Question 289
Question
You have an Azure Active Directory (Azure AD) tenant named Contoso.com and an Azure Service (AKS) cluster AKS1.
You discover that AKS1 cannot be accessed by using accounts from Contoso.com You need to ensure AKS1 can be accessed by using accounts from Contoso.com The solution must minimize administrative effort.
What should you do first?
A. From Azure recreate AKS1.
B. From AKS1, upgrade the version of Kubernetes.
C. From Azure AD, implement Azure AD Premium P2.
D. From Azure AD, configure the User settings.
Answer
A. From Azure recreate AKS1.
Reference
- Azure > AKS > Integrate Azure Active Directory with Azure Kubernetes Service using the Azure CLI (legacy)
AZ-500 Question 290
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create an initiative and an assignment that is scoped to the Tenant Root Group management group.
Does this meet the goal?
A. Yes
B. No
Answer
A. Yes
Reference
- Azure > Governance > Policy > What is Azure Policy?