Skip to Content

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers – 5

The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers

AZ-500 Question 301

Question

You have an Azure subscription.
You plan to create a workflow automation in Azure Security Center that will automatically remediate a security vulnerability.
What should you create first?

A. a managed identity
B. an automation account
C. an Azure function app
D. an alert rule
E. an Azure logic app

Answer

E. an Azure logic app

Reference

AZ-500 Question 302

Question

HOTSPOT –
You have the Azure key vaults shown in the following table.

Name Location Azure subscription name
KV1 West US Subscription1
KV2 West US Subscription1
KV3 East US Subscription1
KV4 West US Subscription2
KV5 East US Subscription2

KV1 stores a secret named Secret1 and a key for a managed storage account named Key1.
You back up Secret1 and Key1.
To which key vaults can you restore each backup? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

You can restore the Secret1 backup to:

  • KV1 only
  • KV1 and KV2 only
  • KV1, KV2 and KV3 only
  • KV1, KV2 and KV4 only
  • KV1, KV2, KV3, KV4, and KV5

You can restore the Key1 backup to:

  • KV1 only
  • KV1 and KV2 only
  • KV1, KV2 and KV3 only
  • KV1, KV2 and KV4 only
  • KV1, KV2, KV3, KV4, and KV5

Answer

You can restore the Secret1 backup to: KV1, KV2 and KV3 only
You can restore the Key1 backup to: KV1, KV2 and KV3 only

Explanation

The backups can only be restored to key vaults in the same subscription and same geography. You can restore to a different region in the same geography.

AZ-500 Question 303

Question

You have an Azure subscription that contains a resource group named RG1 and a security group serverless RG1 contains 10 virtual machine, a virtual network VNET1, and a network security group (NSG) named NSG1. ServerAdmins can access the virtual machines by using RDP.

You need to ensure that NSG1 only RDP connections to the virtual for a maximum of 60 minutes when a member of ServerAdmins requests access.

What should you configure?

A. an Azure Active Directory (Azure AD) Privileged identity Management (PIM) role assignment.
B. a just in time (JIT) VM access policy in Azure Security Center
C. an azure policy assigned to RG1.
D. an Azure Bastion host on VNET1.

Answer

A. an Azure Active Directory (Azure AD) Privileged identity Management (PIM) role assignment.

AZ-500 Question 304

Question

You have an Azure subscription that contains an Azure key vault and an Azure Storage account. The key vault contains customer-managed keys. The storage account is configured to use the customer-managed keys stored In the key vault.

You plan to store data in Azure by using the following services:

  • Azure Files
  • Azure Blob storage
  • Azure Log Analytics
  • Azure Table storage
  • Azure Queue storage

Which two services data encryption by using the keys stored in the key vault? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

A. Queue storage
B. Table storage
C. Azure Files
D. Blob storage

Answer

A. Queue storage
D. Blob storage

AZ-500 Question 305

Question

You have a Azure subscription that contains an Azure Container Registry named Registry1. The subscription uses the Standard use tier of Azure Security Center.

You upload several container images to Register1.

You discover that vulnerability security scans were not performed

You need to ensured that the images are scanned for vulnerabilities when they are uploaded to Registry1.

What should you do?

A. From the Azure portal modify the Pricing tier settings.
B. From Azure CLI, lock the container images.
C. Upload the container images by using AzCopy
D. Push the container images to Registry1 by using Docker

Answer

C. Upload the container images by using AzCopy

AZ-500 Question 306

Question

You have an Azure Active Directory (Azure AD) tenant.
You need to prevent nonprivileged Azure AD users from creating service principals in Azure AD.
What should you do in the Azure Active Directory admin center of the tenant?

A. From the Properties Wade, set Enable Security defaults to Yes.
B. From the Properties blade, set Access management fen Azure resources to No
C. From the User settings blade, set Users can register applications to No
D. From the User settings blade, set Restrict access to Azure AD administration portal to Yes.

Answer

D. From the User settings blade, set Restrict access to Azure AD administration portal to Yes.

AZ-500 Question 307

Question

HOTSPOT
You assign User8 the Owner role for RG4, RG5, and RG6.
In which resource groups can User8 create virtual networks and NSGs? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

User8 can create virtual networks in:

  • RG4 only
  • RG6 only
  • RG4 and RG6 only
  • RG4, RG5, and RG6

User8 can create NSGs in:

  • RG4 only
  • RG4 and RG5 only
  • RG4 and RG6 only
  • RG4, RG5, and RG6

Answer

User8 can create virtual networks in: RG4 only
User8 can create NSGs in: RG4, RG5, and RG6

Explanation

Box 1: RG4 only
Virtual Networks are not allowed for Rg5 and Rg6.
Box 2: Rg4, Rg5, and Rg6
Scenario:
Contoso has two Azure subscriptions named Sub1 and Sub2.
Sub1 contains six resource groups named RG1, RG2, RG3, RG4, RG5, and RG6.
You assign User8 the Owner role for RG4, RG5, and RG6
User8 city Sidney, Role: None
Note: A network security group (NSG) contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet). NSGs can be associated to subnets, individual VMs (classic), or individual network interfaces (NIC) attached to VMs (Resource Manager).

Reference

AZ-500 Question 308

Question

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain.
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to deploy Azure AD Connect and to integrate Active Directory and the Azure AD tenant.
You need to recommend an integration solution that meets the following requirements:
Ensures that password policies and user logon restrictions apply to user accounts that are synced to the tenant Minimizes the number of servers required for the solution.
Which authentication method should you include in the recommendation?

A. federated identity with Active Directory Federation Services (AD FS)
B. password hash synchronization with seamless single sign-on (SSO)
C. pass-through authentication with seamless single sign-on (SSO)

Answer

B. password hash synchronization with seamless single sign-on (SSO)

Explanation

Password hash synchronization requires the least effort regarding deployment, maintenance, and infrastructure. This level of effort typically applies to organizations that only need their users to sign in to Office 365, SaaS apps, and other
Azure AD-based resources. When turned on, password hash synchronization is part of the Azure AD Connect sync process and runs every two minutes.
Incorrect Answers:
A: A federated authentication system relies on an external trusted system to authenticate users. Some companies want to reuse their existing federated system investment with their Azure AD hybrid identity solution. The maintenance and management of the federated system falls outside the control of Azure AD. It’s up to the organization by using the federated system to make sure it’s deployed securely and can handle the authentication load.
C: For pass-through authentication, you need one or more (we recommend three) lightweight agents installed on existing servers. These agents must have access to your on-premises Active Directory Domain Services, including your onpremises AD domain controllers. They need outbound access to the Internet and access to your domain controllers. For this reason, it’s not supported to deploy the agents in a perimeter network.
Pass-through Authentication requires unconstrained network access to domain controllers. All network traffic is encrypted and limited to authentication requests.

Reference

AZ-500 Question 309

Question

DRAG DROP
You have an Azure subscription that contains 100 virtual machines. Azure Diagnostics is enabled on all the virtual machines.
You are planning the monitoring of Azure services in the subscription.
You need to retrieve the following details:
Identify the user who deleted a virtual machine three weeks ago.
Query the security events of a virtual machine that runs Windows Server 2016.
What should you use in Azure Monitor? To answer, drag the appropriate configuration settings to the correct details. Each configuration setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Settings:

  • Activity log
  • Logs
  • Metrics
  • Service Health

Answer Area:

  • Identify the user who deleted a virtual machine three weeks ago.
  • Query the security events of a virtual machine that runs Windows Server 2016.

Answer

  • Identify the user who deleted a virtual machine three weeks ago: Activity Log
  • Query the security events of a virtual machine that runs Windows Server 2016: Logs

Explanation

Box1: Activity log
Azure activity logs provide insight into the operations that were performed on resources in your subscription. Activity logs were previously known as “audit logs” or “operational logs,” because they report control-plane events for your subscriptions.
Activity logs help you determine the “what, who, and when” for write operations (that is, PUT, POST, or DELETE).
Box 2: Logs
Log Integration collects Azure diagnostics from your Windows virtual machines, Azure activity logs, Azure Security Center alerts, and Azure resource provider logs. This integration provides a unified dashboard for all your assets, whether they’re on-premises or in the cloud, so that you can aggregate, correlate, analyze, and alert for security events.

Reference

AZ-500 Question 310

Question

HOTSPOT
You plan to use Azure Monitor Logs to collect logs from 200 servers that run Windows Server 2016.
You need to automate the deployment of the Log Analytics Agent to all the servers by using an Azure Resource Manager template.
How should you complete the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Question: You need to automate the deployment of the Log Analytics Agent to all the servers by using an Azure Resource Manager template. How should you complete the template?

Answer

Answer: You need to automate the deployment of the Log Analytics Agent to all the servers by using an Azure Resource Manager template. How should you complete the template?

Reference

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.