Skip to Content

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers – 5 Part 2

The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers

AZ-500 Question 341

Question

SIMULATION –
You need to ensure that connections through an Azure Application Gateway named Homepage-AGW are inspected for malicious requests.
To complete this task, sign in to the Azure portal.
You do not need to wait for the task to complete.

Answer

See the explanation below.

Explanation

You need to enable the Web Application Firewall on the Application Gateway.

  1. In the Azure portal, type Application gateways in the search box, select Application gateways from the search results then select the gateway named Homepage-AGW. Alternatively, browse to
  2. Application Gateways in the left navigation pane.
  3. In the properties of the application gateway, click on Web application firewall.
  4. For the Tier setting, select WAF V2.
  5. In the Firewall status section, click the slider to switch to Enabled.
  6. In the Firewall mode section, click the slider to switch to Prevention.
  7. Click Save to save the changes.

AZ-500 Question 342

Question

You have an Azure web app named webapp1.
You need to configure continuous deployment for webapp1 by using an Azure Repo.
What should you create first?

A. an Azure DevTest Labs lab
B. an Azure DevOps organizations
C. an Azure Application Insights service
D. an Azure Storage account

Answer

B. an Azure DevOps organizations

Explanation

To use Azure Repos, make sure your Azure DevOps organization is linked to your Azure subscription.

Reference

AZ-500 Question 343

Question

You have a hybrid configuration of Azure Active Directory (Azure AD). You have an Azure SQL Database instance that is configured to support Azure AD authentication.
Database developers must connect to the database instance and authenticate by using their on-premises Active Directory account.
You need to ensure that developers can connect to the instance by using Microsoft SQL Server Management Studio. The solution must minimize authentication prompts.
Which authentication method should you recommend?

A. Active Directory – Password
B. Active Directory – Universal with MFA support
C. SQL Server Authentication
D. Active Directory – Integrated

Answer

A. Active Directory – Password

Explanation

Use Active Directory password authentication when connecting with an Azure AD principal name using the Azure AD managed domain.
Use this method to authenticate to SQL DB/DW with Azure AD for native or federated Azure AD users. A native user is one explicitly created in Azure AD and being authenticated using user name and password, while a federated user is a Windows user whose domain is federated with Azure AD. The latter method (using user & password) can be used when a user wants to use their windows credential, but their local machine is not joined with the domain (for example, using a remote access). In this case, a Windows user can indicate their domain account and password and can authenticate to SQL DB/DW using federated credentials.
Incorrect Answers:
D: Use Active Directory integrated authentication if you are logged in to Windows using your Azure Active Directory credentials from a federated domain.

Reference

AZ-500 Question 344

Question

You have the Azure resource shown in the following table.

Name Type Parent
Management1 Management group Tenant Root Group
Subscription1 Subscription Management1
RG1 Resource group Subscription1
RG2 Resource group Subscription1
VM1 Virtual machine RG1
VM2 Virtual machine RG2

You need to meet the following requirements:

  • Internet-facing virtual machines must be protected by using network security groups (NSGs).
  • All the virtual machines must have disk encryption enabled.

What is the minimum number of security that you should create in Azure Security Center?

A. 4
B. 2
C. 3
D. 1

Answer

A. 4

AZ-500 Question 345

Question

You have an Azure subscription that contains the storage accounts shown in the following table.

Name Type
storage1 Azure Blob storage
storage2 Azure Files SMB
storage3 Azure Table storage

You need to configure authorization access.
Which authorization types can you use for each storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

storage1:

  • Shared Key only
  • Shared access signature (SAS) only
  • Azure Active Directory (Azure AD) only
  • Shared Key and shared access signature (SAS) only
  • Shared Key, shared access signature (SAS), and Azure Active Directory (Azure AD)

storage2:

  • Shared Key only
  • Shared access signature (SAS) only
  • Shared Key and shared access signature (SAS) only

storage3:

  • Shared Key only
  • Shared access signature (SAS) only
  • Azure Active Directory (Azure AD) only
  • Shared Key and shared access signature (SAS) only
  • Shared Key, shared access signature (SAS), and Azure Active Directory (Azure AD)

Answer

storage1: Shared Key, shared access signature (SAS), and Azure Active Directory (Azure AD)
storage2: Shared Key only
storage3: Shared Key, shared access signature (SAS), and Azure Active Directory (Azure AD)

Explanation

AZ-500 Question 346

Question

You are troubleshooting a security issue for an Azure Storage account You enable Azure Storage Analytics logs and archive It to a storage account. What should you use to retrieve the diagnostics logs?

A. Azure Monitor
B. SQL query editor in Azure
C. Azure Storage Explorer
D. Azure Cosmos DB explorer

Answer

C. Azure Storage Explorer

AZ-500 Question 347

Question

You plan to configure Azure Disk Encryption for VM4 Which key vault can you use to store the encryption key?

A. KeyVault1
B. KeyVault3
C. KeyVault2

Answer

A. KeyVault1

Explanation

The key vault needs to be in the same subscription and same region as the VM.
VM4 is in West US. KeyVault1 is the only key vault in the same region as the VM.

Reference

AZ-500 Question 348

Question

You have an Azure subscription that contains the virtual machines shown in the following table.

Name Operating system
VM1 Windows Server 2016
VM2 Ubuntu Server 18.04 LTS

From Azure Security Center, you turn on Auto Provisioning.
You deploy the virtual machines shown in the following table.

Name Operating system
VM3 Windows Server 2016
VM4 Ubuntu Server 18.04 LTS

On which virtual machines is the Microsoft Monitoring agent installed?

A. VM3 only
B. VM1 and VM3 only
C. VM3 and VM4 only
D. VM1, VM2, VM3, and VM4

Answer

D. VM1, VM2, VM3, and VM4

Explanation

When automatic provisioning is enabled, Security Center provisions the Microsoft Monitoring Agent on all supported Azure VMs and any new ones that are created.

Supported Operating systems include: Ubuntu 14.04 LTS (x86/x64), 16.04 LTS (x86/x64), and 18.04 LTS (x64) and Windows Server 2008 R2, 2012, 2012 R2, 2016, version 1709 and 1803.

Reference

AZ-500 Question 349

Question

SIMULATION
You plan to use Azure Disk Encryption for several virtual machine disks.
You need to ensure that Azure Disk Encryption can retrieve secrets from the KeyVault11641655 Azure key vault.
To complete this task, sign in to the Azure portal and modify the Azure resources.

Answer

See the explanation below.

Explanation

1. In the Azure portal, type Key Vaults in the search box, select Key Vaults from the search results then select KeyVault11641655. Alternatively, browse to Key Vaults in the left navigation pane.

2. In the Key Vault properties, scroll down to the Settings section and select Access Policies.

3. Select the Azure Disk Encryption for volume encryption.

Select the Azure Disk Encryption for volume encryption.

4. Click Save to save the changes.

AZ-500 Question 350

Question

You have an Azure resource group that contains 100 virtual machines.
You have an initiative named Initiative1 that contains multiple policy definitions. Initiative1 is assigned to the resource group.
You need to identify which resources do NOT match the policy definitions.
What should you do?

A. From Azure Security Center, view the Regulatory compliance assessment.
B. From the Policy blade of the Azure Active Directory admin center, select Compliance.
C. From Azure Security Center, view the Secure Score.
D. From the Policy blade of the Azure Active Directory admin center, select Assignments.

Answer

B. From the Policy blade of the Azure Active Directory admin center, select Compliance.

Explanation

  • Azure > Governance > Policy > Get compliance data of Azure resources > Portal