Skip to Content

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers – 4 Part 1

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam, Microsoft

The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers

AZ-500 Question 261

Question

You use Azure Security Center for the centralized policy management of three Azure subscriptions. You use several policy definitions to manage the security of the subscriptions. You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create an initiative and an assignment that is scoped to a management group.
Does this meet the goal?

A. Yes
B. No

Answer

A. Yes

Reference

AZ-500 Question 262

Question

You have an Azure virtual machine named VM1. From Azure Security Center, you get the following high-severity recommendation: “Install endpoint protection solutions on virtual machine”. You need to resolve the issue causing the high-severity recommendation. What should you do?

A. Add the Microsoft Antimalware extension to VM1.
B. Install Microsoft System Center Security Management Pack for Endpoint Protection on VM1.
C. Add the Network Watcher Agent for Windows extension to VM1.
D. Onboard VM1 to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).

Answer

A. Add the Microsoft Antimalware extension to VM1.

Reference

AZ-500 Question 263

Question

You have an Azure web app named WebApp1. You upload a certificate to WebApp1. You need to make the certificate accessible to the app code of WebApp1. What should you do?

A. Add a user-assigned managed identity to WebApp1.
B. Add an app setting to the WebApp1 configuration.
C. Enable system-assigned managed identity for the WebApp1.
D. Configure the TLS/SSL binding for WebApp1.

Answer

B. Add an app setting to the WebApp1 configuration.

Reference

AZ-500 Question 264

Question

You have an Azure subscription that contains 100 virtual machines and has Azure Security Center Standard tier enabled. You plan to perform a vulnerability scan of each virtual machine. You need to deploy the vulnerability scanner extension to the virtual machines by using an Azure Resource Manager template. Which two values should you specify in the code to automate the deployment of the extension to the virtual machines? (Each correct answer presents part of the solution. Choose two.)

A. the user-assigned managed identity
B. the workspace ID
C. the Azure Active Directory (Azure AD) ID
D. the Key Vault managed storage account key
E. the system-assigned managed identity
F. the primary shared key

Answer

A. the user-assigned managed identity
C. the Azure Active Directory (Azure AD) ID

AZ-500 Question 265

Question

You have an Azure subscription that contains a user named Admin1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer. Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center. You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1. What should you do?

A. Create and configure a network security group (NSG).
B. Create and configure an additional public IP address for VM1.
C. Replace the Basic Load Balancer with an Azure Standard Load Balancer.
D. Assign an Azure Active Directory Premium Plan 1 license to Admin1.

Answer

A. Create and configure a network security group (NSG).

Reference

AZ-500 Question 266

Question

You have an Azure Active Directory (Azure AD) tenant and a root management group. You create 10 Azure subscriptions and add the subscriptions to the root management group. You need to create an Azure Blueprints definition that will be stored in the root management group. What should you do first?

A. Modify the role-based access control (RBAC) role assignments for the root management group.
B. Add an Azure Policy definition to the root management group.
C. Create a user assigned identity.
D. Create a service principal.

Answer

A. Modify the role-based access control (RBAC) role assignments for the root management group.

Reference

AZ-500 Question 267

Question

You have three on-premises servers named Server1, Server2, and Server3 that run Windows. Server1 and Server2 and located on the Internal network. Server3 is located on the premises network. All servers have access to Azure. From Azure Sentinel, you install a Windows firewall data connector. You need to collect Microsoft Defender Firewall data from the servers for Azure Sentinel. What should you do?

A. Create an event subscription from Server1, Server2 and Server3.
B. Install the On-premises data gateway on each server.
C. Install the Microsoft Agent on each server.
D. Install the Microsoft Agent on Server1 and Server2 install the on-premises data gateway on Server3.

Answer

C. Install the Microsoft Agent on each server.

Reference

  • Azure > Security > Microsoft Sentinel > Find your Microsoft Sentinel data connector > Windows Firewall

AZ-500 Question 268

Question

Hotspot
You have an Azure Sentinel workspace that contains an Azure Active Directory (Azure AD) connector, an Azure Log Analytics query named Query1 and a playbook named Playbook1. Query1 returns a subset of security events generated by Azure AD. You plan to create an Azure Sentinel analytic rule based on Query1 that will trigger Playbook1. You need to ensure that you can add Playbook1 to the new rule. What should you do? (To answer, select the appropriate options in the answer area.)

Create the rule and set the type to:

  • Fusion
  • Microsoft Security incident creation
  • Scheduled

Configure the playbook to include:

  • A managed connector
  • A system-assigned managed identity
  • A trigger
  • Diagnostic settings

Answer

Create the rule and set the type to: Scheduled
Configure the playbook to include: A trigger

Reference

AZ-500 Question 269

Question

Drag and Drop
You have five Azure subscriptions linked to a single Azure Active Directory (Azure AD) tenant. You create an Azure Policy initiative named SecurityPolicyInitiative1. You identify which standard role assignments must be configured on all new resource groups. You need to enforce SecurityPolicyInitiative1 and the role assignments when a new resource group is created. Which three actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)

Actions:

  • Publish an Azure Blueprints version
  • Assign an Azure blueprint
  • Create a policy assignment
  • Create a custom role-based access control (RBAC) role
  • Create a dedicated management subscription
  • Create an Azure Blueprints definition
  • Create an initiative assignment

Answer

  • Create an Azure Blueprints definition
  • Publish an Azure Blueprints version
  • Assign an Azure blueprint

Reference

AZ-500 Question 270

Question

You are troubleshooting a security issue for an Azure Storage account. You enable the diagnostic logs for the storage account. What should you use to retrieve the diagnostics logs?

A. Azure Security Center
B. Azure Monitor
C. the Security Admin Center
D. Azure Storage Explorer

Answer

B. Azure Monitor

Reference