The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.
Table of Contents
- AZ-500 Question 341
- Question
- Answer
- Explanation
- AZ-500 Question 342
- Question
- Answer
- Explanation
- Reference
- AZ-500 Question 343
- Question
- Answer
- Explanation
- Reference
- AZ-500 Question 344
- Question
- Answer
- AZ-500 Question 345
- Question
- Answer
- Explanation
- AZ-500 Question 346
- Question
- Answer
- AZ-500 Question 347
- Question
- Answer
- Explanation
- Reference
- AZ-500 Question 348
- Question
- Answer
- Explanation
- Reference
- AZ-500 Question 349
- Question
- Answer
- Explanation
- AZ-500 Question 350
- Question
- Answer
- Explanation
AZ-500 Question 341
Question
SIMULATION –
You need to ensure that connections through an Azure Application Gateway named Homepage-AGW are inspected for malicious requests.
To complete this task, sign in to the Azure portal.
You do not need to wait for the task to complete.
Answer
See the explanation below.
Explanation
You need to enable the Web Application Firewall on the Application Gateway.
- In the Azure portal, type Application gateways in the search box, select Application gateways from the search results then select the gateway named Homepage-AGW. Alternatively, browse to
- Application Gateways in the left navigation pane.
- In the properties of the application gateway, click on Web application firewall.
- For the Tier setting, select WAF V2.
- In the Firewall status section, click the slider to switch to Enabled.
- In the Firewall mode section, click the slider to switch to Prevention.
- Click Save to save the changes.
AZ-500 Question 342
Question
You have an Azure web app named webapp1.
You need to configure continuous deployment for webapp1 by using an Azure Repo.
What should you create first?
A. an Azure DevTest Labs lab
B. an Azure DevOps organizations
C. an Azure Application Insights service
D. an Azure Storage account
Answer
B. an Azure DevOps organizations
Explanation
To use Azure Repos, make sure your Azure DevOps organization is linked to your Azure subscription.
Reference
- Azure > App Service > Web Apps > Continuous deployment to Azure App Service
AZ-500 Question 343
Question
You have a hybrid configuration of Azure Active Directory (Azure AD). You have an Azure SQL Database instance that is configured to support Azure AD authentication.
Database developers must connect to the database instance and authenticate by using their on-premises Active Directory account.
You need to ensure that developers can connect to the instance by using Microsoft SQL Server Management Studio. The solution must minimize authentication prompts.
Which authentication method should you recommend?
A. Active Directory – Password
B. Active Directory – Universal with MFA support
C. SQL Server Authentication
D. Active Directory – Integrated
Answer
A. Active Directory – Password
Explanation
Use Active Directory password authentication when connecting with an Azure AD principal name using the Azure AD managed domain.
Use this method to authenticate to SQL DB/DW with Azure AD for native or federated Azure AD users. A native user is one explicitly created in Azure AD and being authenticated using user name and password, while a federated user is a Windows user whose domain is federated with Azure AD. The latter method (using user & password) can be used when a user wants to use their windows credential, but their local machine is not joined with the domain (for example, using a remote access). In this case, a Windows user can indicate their domain account and password and can authenticate to SQL DB/DW using federated credentials.
Incorrect Answers:
D: Use Active Directory integrated authentication if you are logged in to Windows using your Azure Active Directory credentials from a federated domain.
Reference
- Microsoft Docs > Shared concepts > Security > Azure AD Authentication > Configure and manage Azure AD authentication with Azure SQL
AZ-500 Question 344
Question
You have the Azure resource shown in the following table.
Name | Type | Parent |
---|---|---|
Management1 | Management group | Tenant Root Group |
Subscription1 | Subscription | Management1 |
RG1 | Resource group | Subscription1 |
RG2 | Resource group | Subscription1 |
VM1 | Virtual machine | RG1 |
VM2 | Virtual machine | RG2 |
You need to meet the following requirements:
- Internet-facing virtual machines must be protected by using network security groups (NSGs).
- All the virtual machines must have disk encryption enabled.
What is the minimum number of security that you should create in Azure Security Center?
A. 4
B. 2
C. 3
D. 1
Answer
A. 4
AZ-500 Question 345
Question
You have an Azure subscription that contains the storage accounts shown in the following table.
Name | Type |
---|---|
storage1 | Azure Blob storage |
storage2 | Azure Files SMB |
storage3 | Azure Table storage |
You need to configure authorization access.
Which authorization types can you use for each storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
storage1:
- Shared Key only
- Shared access signature (SAS) only
- Azure Active Directory (Azure AD) only
- Shared Key and shared access signature (SAS) only
- Shared Key, shared access signature (SAS), and Azure Active Directory (Azure AD)
storage2:
- Shared Key only
- Shared access signature (SAS) only
- Shared Key and shared access signature (SAS) only
storage3:
- Shared Key only
- Shared access signature (SAS) only
- Azure Active Directory (Azure AD) only
- Shared Key and shared access signature (SAS) only
- Shared Key, shared access signature (SAS), and Azure Active Directory (Azure AD)
Answer
storage1: Shared Key, shared access signature (SAS), and Azure Active Directory (Azure AD)
storage2: Shared Key only
storage3: Shared Key, shared access signature (SAS), and Azure Active Directory (Azure AD)
Explanation
- Azure > Storage > Authorize access to data in Azure Storage
AZ-500 Question 346
Question
You are troubleshooting a security issue for an Azure Storage account You enable Azure Storage Analytics logs and archive It to a storage account. What should you use to retrieve the diagnostics logs?
A. Azure Monitor
B. SQL query editor in Azure
C. Azure Storage Explorer
D. Azure Cosmos DB explorer
Answer
C. Azure Storage Explorer
AZ-500 Question 347
Question
You plan to configure Azure Disk Encryption for VM4 Which key vault can you use to store the encryption key?
A. KeyVault1
B. KeyVault3
C. KeyVault2
Answer
A. KeyVault1
Explanation
The key vault needs to be in the same subscription and same region as the VM.
VM4 is in West US. KeyVault1 is the only key vault in the same region as the VM.
Reference
- Azure > Virtual Machines > Windows > Create and configure a key vault for Azure Disk Encryption on a Windows VM
AZ-500 Question 348
Question
You have an Azure subscription that contains the virtual machines shown in the following table.
Name | Operating system |
---|---|
VM1 | Windows Server 2016 |
VM2 | Ubuntu Server 18.04 LTS |
From Azure Security Center, you turn on Auto Provisioning.
You deploy the virtual machines shown in the following table.
Name | Operating system |
---|---|
VM3 | Windows Server 2016 |
VM4 | Ubuntu Server 18.04 LTS |
On which virtual machines is the Microsoft Monitoring agent installed?
A. VM3 only
B. VM1 and VM3 only
C. VM3 and VM4 only
D. VM1, VM2, VM3, and VM4
Answer
D. VM1, VM2, VM3, and VM4
Explanation
When automatic provisioning is enabled, Security Center provisions the Microsoft Monitoring Agent on all supported Azure VMs and any new ones that are created.
Supported Operating systems include: Ubuntu 14.04 LTS (x86/x64), 16.04 LTS (x86/x64), and 18.04 LTS (x64) and Windows Server 2008 R2, 2012, 2012 R2, 2016, version 1709 and 1803.
Reference
- Azure > Security > Microsoft Defender for Cloud > FAQ – General questions about Microsoft Defender for Cloud
AZ-500 Question 349
Question
SIMULATION
You plan to use Azure Disk Encryption for several virtual machine disks.
You need to ensure that Azure Disk Encryption can retrieve secrets from the KeyVault11641655 Azure key vault.
To complete this task, sign in to the Azure portal and modify the Azure resources.
Answer
See the explanation below.
Explanation
1. In the Azure portal, type Key Vaults in the search box, select Key Vaults from the search results then select KeyVault11641655. Alternatively, browse to Key Vaults in the left navigation pane.
2. In the Key Vault properties, scroll down to the Settings section and select Access Policies.
3. Select the Azure Disk Encryption for volume encryption.
4. Click Save to save the changes.
AZ-500 Question 350
Question
You have an Azure resource group that contains 100 virtual machines.
You have an initiative named Initiative1 that contains multiple policy definitions. Initiative1 is assigned to the resource group.
You need to identify which resources do NOT match the policy definitions.
What should you do?
A. From Azure Security Center, view the Regulatory compliance assessment.
B. From the Policy blade of the Azure Active Directory admin center, select Compliance.
C. From Azure Security Center, view the Secure Score.
D. From the Policy blade of the Azure Active Directory admin center, select Assignments.
Answer
B. From the Policy blade of the Azure Active Directory admin center, select Compliance.
Explanation
- Azure > Governance > Policy > Get compliance data of Azure resources > Portal