Skip to Content

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers – 4

The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers

AZ-500 Question 271

Question

You have an Azure subscription that contains the resources shown in the following table:

Name Type
VM1 Virtual machine
VNET1 Virtual network
storage1 Storage account
Vault1 Key vault

You plan to enable Azure Defender for the subscription. Which resources can be protected by using Azure Defender?

A. VM1, VNET1, storage1, and Vault1.
B. VM1, VNET1, and storage1 only.
C. VM1, storage1, and Vault1 only.
D. VM1 and VNET1 only.
E. VM1 and storage1 only.

Answer

A. VM1, VNET1, storage1, and Vault1.

Reference

AZ-500 Question 272

Question

You have an Azure subscription that contains a resource group named RG1 and a security group named ServerAdmins. RG1 contains 10 virtual machines, a virtual network named VNET1, and a network security group (NSG) named NSG1. ServerAdmins can access the virtual machines by using RDP. You need to ensure that NSG1 only allows RDP connections to the virtual machines for a maximum of 60 minutes when a member of ServerAdmins requests access. What should you configure?

A. an Azure policy assigned to RG1
B. a just in time (JIT) VM access policy in Azure Security Center
C. an Azure Active Directory (Azure AD) Privileged Identity Management (PIM) role assignment
D. an Azure Bastion host on VNET1

Answer

B. a just in time (JIT) VM access policy in Azure Security Center

Reference

AZ-500 Question 273

Question

You have a web app named WebApp1. You create a web application firewall (WAF) policy named WAF1. You need to protect WebApp1 by using WAF1. What should you do first?

A. Deploy an Azure Front Door.
B. Add an extension to WebApp1.
C. Deploy Azure Firewall.

Answer

A. Deploy an Azure Front Door.

Explanation

Azure > Networking > Front Door Service > Quickstart: Create a Front Door for a highly available global web application

AZ-500 Question 274

Question

You have an Azure subscription that contains an Azure SQL database named sql1. You plan to audit sql1. You need to configure the audit log destination. The solution must meet the following requirements:

  • Support querying events by using the Kusto query language.
  • Minimize administrative effort.

What should you configure?

A. an event hub
B. a storage account
C. a Log Analytics workspace

Answer

C. a Log Analytics workspace

Reference

AZ-500 Question 275

Question

Drag and Drop
You have an Azure subscription that contains the following resources:

  • A network virtual appliance (NVA) that runs non-Microsoft firewall software and routes all outbound traffic from the virtual machines to the internet.
  • An Azure function that contains a script to manage the firewall rules of the NVA.
  • Azure Security Center standard tier enabled for all virtual machines.
  • An Azure Sentinel workspace.
  • 30 virtual machines.

You need to ensure that when a high-priority alert is generated in Security Center for a virtual machine, an incident is created in Azure Sentinel and then a script is initiated to configure a firewall rule for the NVA. How should you configure Azure Sentinel to meet the requirements? (To answer, drag the appropriate components to the correct requirements. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)

Components:

  • A data connector for Security Center
  • A data connector for the firewall software
  • A playbook
  • A rule
  • A Security Events connector
  • A workbook

Answer Area:

  • Enable alert notifications from Security Center
  • Create an incident
  • Initiate a script to configure the firewall rule

Answer

  • Enable alert notifications from Security Center: A data connector for Security Center
  • Create an incident: A rule
  • Initiate a script to configure the firewall rule: A playbook

Reference

AZ-500 Question 276

Question

SIMULATION –
The developers at your company plan to create a web app named App12345678 and to publish the app to https://www.contoso.com.
You need to perform the following tasks:

  • Ensure that App12345678 is registered to Azure Active Directory (Azure AD).
  • Generate a password for App12345678.

To complete this task, sign in to the Azure portal.

Answer

See the explanation below.

Explanation

Step 1: Register the Application
1. Sign in to your Azure Account through the Azure portal.
2. Select Azure Active Directory.
3. Select App registrations.
4. Select New registration.
5. Name the application 12345678. Select a supported account type, which determines who can use the application. Under Redirect URI, select Web for the type of application you want to create. Enter the URI: https://www.contoso.com , where the access token is sent to.

5. Name the application 12345678. Select a supported account type, which determines who can use the application. Under Redirect URI, select Web for the type of application you want to create. Enter the URI: https://www.contoso.com , where the access token is sent to.

6. Click Register
Step 2: Create a new application secret
If you choose not to use a certificate, you can create a new application secret.
7. Select Certificates & secrets.
8. Select Client secrets -> New client secret.
9. Provide a description of the secret, and a duration. When done, select Add.
After saving the client secret, the value of the client secret is displayed. Copy this value because you aren’t able to retrieve the key later. You provide the key value with the application ID to sign in as the application. Store the key value where your application can retrieve it.

Reference

AZ-500 Question 277

Question

You have an Azure subscription that contains the resources shown in the following table.

Name Type
storage1 Storage account
Vault1 Azure Key vault
Vault2 Azure Key vault

You plan to deploy the virtual machines shown in the following table.

Name Role
VM1 Storage Blob Data Reader for storage 1
Key Vault Reader for Vault1
VM2 Storage Blob Data Reader for storage 1
Key Vault Reader for Vault1
VM3 Storage Blob Data Reader for storage 1
Key Vault Reader for Vault1
Key Vault Reader for Vault2
VM3 Storage Blob Data Reader for storage 1
Key Vault Reader for Vault1
Key Vault Reader for Vault2

You need to assign managed identities to the virtual machines. The solution must meet the following requirements:

  • Assign each virtual machine the required roles.
  • Use the principle of least privilege.

What is the minimum number of managed identities required?

A. 1
B. 2
C. 3
D. 4

Answer

B. 2

Explanation

We have two different sets of required permissions. VM1 and VM2 have the same permission requirements. VM3 and VM4 have the same permission requirements.

A user-assigned managed identity can be assigned to one or many resources. By using user-assigned managed identities, we can create just two managed identities: one with the permission requirements for VM1 and VM2 and the other with the permission requirements for VM3 and VM4.

Reference

AZ-500 Question 278

Question

You have an Azure subscription that contains a web app named App1 and an Azure key vault named Vault1.
You need to configure App1 to store and access the secrets in Vault1.
How should you configure App1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Configure App1 to authenticate by using a:

  • Key
  • Certificate
  • Passphrase
  • User-assigned managed identity
  • System-assigned managed identity

Configure a Key Vault reference for App1 from the:

  • Extensions blade
  • General settings tab
  • TLS/SSL settings tab
  • Application settings tab

Answer

Configure App1 to authenticate by using a: System-assigned managed identity
Configure a Key Vault reference for App1 from the: Application settings tab

Reference

AZ-500 Question 279

Question

You have an Azure subscription that contains the resources shown in the following table.

Name Type Resource group
RG1 Resource group Not applicable
RG2 Resource group Not applicable
RG3 Resource group Not applicable
SQL1 Azure SQL Database RG3

Transparent Data Encryption (TDE) is disabled on SQL1.
You assign polices to the resource groups as shown in the following table.

Name Condition Effect if condition is false Assignment
Policy1 TDE enabled Deny RG1, RG2
Policy2 TDE enabled DeployIfNotExists RG2, RG3
Policy3 TDE enabled Audit RG1

You plan to deploy Azure SQL databases by using an Azure Resource Manager (ARM) template. The databases will be configured as shown in the following table.
NOTE: Each correct selection is worth one point.

Statements:

  • SQL1 will have TDE enabled automatically.
  • The deployment of SQL2 will fail.
  • SQL3 will be deployed and marked as noncompliant.

Answer

  • SQL1 will have TDE enabled automatically: No
  • The deployment of SQL2 will fail: Yes
  • SQL3 will be deployed and marked as noncompliant: Yes

AZ-500 Question 280

Question

You have an Azure subscription that contains the resources shown in the following Table.

Name Type
VM1 Virtual machine
VNET1 Virtual machine
storage1 Storage account
Vault1 Key vault

You plan to enable Microsoft Defender for Cloud for the subscription. Which resources can be protected by using Microsoft Defender for Cloud?

A. VM1, VNET1, and storage1 only
B. VM1, storage1, and Vault1 only
C. VM1.VNET1, storage1, and Vault1
D. VM1 and storage1 only
E. VM1 and VNET only

Answer

C. VM1.VNET1, storage1, and Vault1

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.