Skip to Content

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers – 5

The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers

AZ-500 Question 321

Question

HOTSPOT
You have a file named File1.yaml that contains the following contents.

You have a file named File1.yaml that contains the following contents.

You create an Azure container instance named container1 by using File1.yaml.
You need to identify where you can access the values of Variable1 and Variable2.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Variable1:

  • Cannot be accessed
  • Can be accessed from the Azure portal only
  • Can be accessed from inside container1 only
  • Can be accessed from inside container1 and the Azure portal

Variable2:

  • Cannot be accessed
  • Can be accessed from the Azure portal only
  • Can be accessed from inside container1 only
  • Can be accessed from inside container1 and the Azure portal

Answer

Variable1: Can be accessed from inside container1 and the Azure portal
Variable2: Can be accessed from inside container1 only

Reference

AZ-500 Question 322

Question

You have an Azure subscription named Sub1 that contains the resources shown in the following table.

Name Type Region Resource group
Sa1 Azure Storage account East US RG1
VM1 Azure virtual machine East US RG2
KV1 Azure key vault East US 2 RG1
SQL1 Azure SQL database East US 2 RG2

You need to ensure that you can provide VM1 with secure access to a database on SQL1 by using a contained database user.
What should you do?

A. Enable a managed service identity on VM1.
B. Create a secret in KV1.
C. Configure a service endpoint on SQL1.
D. Create a key in KV1.

Answer

B. Create a secret in KV1.

AZ-500 Question 323

Question

You have an Azure subscription that contains a virtual machine named VM1.
You create an Azure key vault that has the following configurations:

  • Name: Vault5
  • Region: West US
  • Resource group: RG1

You need to use Vault5 to enable Azure Disk Encryption on VM1. The solution must support backing up VM1 by using Azure Backup.
Which key vault settings should you configure?

A. Access policies
B. Secrets
C. Keys
D. Locks

Answer

A. Access policies

Reference

AZ-500 Question 324

Question

DRAG DROP
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Subscription named Sub1. Sub1 contains an Azure virtual machine named VM1 that runs Windows Server 2016.
You need to encrypt VM1 disks by using Azure Disk Encryption.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Actions:

  • Configure secrets for the Azure key vault.
  • Create an Azure key vault.
  • Run Set-AzureRmstorageAccount.
  • Configure access policies for the Azure key vault.
  • Run Set-AzureRmVmDiskEnscyptionExtension.

Answer

  • Create an Azure key vault.
  • Configure access policies for the Azure key vault.
  • Run Set-AzureRmVmDiskEnscyptionExtension.

Explanation

AZ-500 Question 325

Question

HOTSPOT
You have the Azure Information Protection conditions shown in the following table.

Name Pattern Case sensitivity
Condition1 White On
Condition2 Black Off

You have the Azure Information Protection labels shown in the following table.

Name Use condition Label is applied
Label1 Condition1 Automatically
Label2 Condition2 Automatically

You have the Azure Information Protection policies shown in the following table.

Name Applies to Use label Set the default label
Global Not applicable None None
Policy1 User1 Label1 None
Policy2 User1 Label2 None

You need to identify how Azure Information Protection will label files.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

If User1 creates a Microsoft Word file that includes the text “Black and White”, the file will be assigned:

  • No label
  • Label1 only
  • Label2 only
  • Label1 and Label2

If User1 creates a Microsoft Notepad file that includes the text “Black and white”, the file will be assigned:

  • No label
  • Label1 only
  • Label2 only
  • Label1 and Label2

Answer

If User1 creates a Microsoft Word file that includes the text “Black and White”, the file will be assigned: Label2 only
If User1 creates a Microsoft Notepad file that includes the text “Black and white”, the file will be assigned: No label

Explanation

Box 1: Label 2 only
How multiple conditions are evaluated when they apply to more than one label
1. The labels are ordered for evaluation, according to their position that you specify in the policy: The label positioned first has the lowest position (least sensitive) and the label positioned last has the highest position (most sensitive).
2. The most sensitive label is applied.
3. The last sublabel is applied.
Box 2: No Label
Automatic classification applies to Word, Excel, and PowerPoint when documents are saved, and apply to Outlook when emails are sent. Automatic classification does not apply to Microsoft Notepad.

Reference

AZ-500 Question 326

Question

HOTSPOT
You need to create an Azure key vault. The solution must ensure that any object deleted from the key vault be retained for 90 days.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Question: You need to create an Azure key vault. The solution must ensure that any object deleted from the key vault be retained for 90 days. How should you complete the command?

Answer

Answer: You need to create an Azure key vault. The solution must ensure that any object deleted from the key vault be retained for 90 days. How should you complete the command?

Explanation

Box 1: -EnablePurgeProtection
If specified, protection against immediate deletion is enabled for this vault; requires soft delete to be enabled as well.
Box 2: -EnableSoftDelete
Specifies that the soft-delete functionality is enabled for this key vault. When soft-delete is enabled, for a grace period, you can recover this key vault and its contents after it is deleted.

Reference

AZ-500 Question 327

Question

DRAG DROP
You have an Azure subscription named Sub1 that contains an Azure Storage account named Contosostorage1 and an Azure key vault named Contosokeyvault1.
You plan to create an Azure Automation runbook that will rotate the keys of Contosostorage1 and store them in Contosokeyvault1.
You need to implement prerequisites to ensure that you can implement the runbook.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:

Actions:

  • Run Set-AzureRmKeyVaultAccessPolicy
  • Create an Azure Automation account.
  • Import PowerShell modules to the Azure Automation account.
  • Create a user-assigned managed identity.
  • Create a connection resource in the Azure Automation account.

Answer

  • Create an Azure Automation account.
  • Import PowerShell modules to the Azure Automation account.
  • Create a connection resource in the Azure Automation account.

Explanation

Step 1: Create an Azure Automation account
Runbooks live within the Azure Automation account and can execute PowerShell scripts.
Step 2: Import PowerShell modules to the Azure Automation account
Under ‘Assets’ from the Azure Automation account Resources section select ‘to add in Modules to the runbook. To execute key vault cmdlets in the runbook, we need to add AzureRM.profile and AzureRM.key vault.
Step 3: Create a connection resource in the Azure Automation account
You can use the sample code below, taken from the AzureAutomationTutorialScript example runbook, to authenticate using the Run As account to manage Resource Manager resources with your runbooks. The AzureRunAsConnection is a connection asset automatically created when we created ‘run as accounts’ above. This can be found under Assets -> Connections. After the authentication code, run the same code above to get all the keys from the vault.
$connectionName = “AzureRunAsConnection” try
{
# Get the connection “AzureRunAsConnection “
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
“Logging in to Azure…”
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint }

AZ-500 Question 328

Question

HOTSPOT
You plan to use Azure Log Analytics to collect logs from 200 servers that run Windows Server 2016.
You need to automate the deployment of the Microsoft Monitoring Agent to all the servers by using an Azure Resource Manager template.
How should you complete the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Question: You need to automate the deployment of the Microsoft Monitoring Agent to all the servers by using an Azure Resource Manager template. How should you complete the template?

Answer

Answer: You need to automate the deployment of the Microsoft Monitoring Agent to all the servers by using an Azure Resource Manager template. How should you complete the template?

Reference

AZ-500 Question 329

Question

HOTSPOT
Which virtual networks in Sub1 can User9 modify and delete in their current state? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Virtual networks that User9 can modify:

  • VNET4 only
  • VNET4 and VNET1 only
  • VNET4, VNET3, and VNET1 only
  • VNET4, VNET3, VNET2, and VNET1

Virtual networks that User9 can delete:

  • VNET4 only
  • VNET4 and VNET1 only
  • VNET4, VNET3, and VNET1 only
  • VNET4, VNET3, VNET2, and VNET1

Answer

Virtual networks that User9 can modify: VNET4 and VNET1 only
Virtual networks that User9 can delete: VNET4 only

Explanation

Box 1: VNET4 and VNET1 only RG1 has only Delete lock, while there are no locks on RG4.
RG2 and RG3 both have Read-only locks.
Box 2: VNET4 only There are no locks on RG4, while the other resource groups have either Delete or Read-only locks.
Note: As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.
CanNotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.
ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
Scenario:
Sub1 contains six resource groups named RG1, RG2, RG3, RG4, RG5, and RG6.
User9 creates the virtual networks shown in the following table.

Name Resource group
VNET1 RG1
VNET2 RG2
VNET3 RG3
VNET4 RG4

Sub1 contains the locks shown in the following table.

Name Set on Lock type
Lock1 RG1 Delete
Lock2 RG2 Read-only
Lock3 RG3 Delete
Lock4 RG4 Read-only

Reference

AZ-500 Question 330

Question

SIMULATION
You need to ensure that web11597200 is protected from malware by using Microsoft Antimalware for Virtual Machines and is scanned every Friday at 01:00.
To complete this task, sign in to the Azure portal.

Answer

See the explanation below.

Explanation

You need to install and configure the Microsoft Antimalware extension on the virtual machine named web11597200.

  1. In the Azure portal, type Virtual Machines in the search box, select Virtual Machines from the search results then select web11597200. Alternatively, browse to Virtual Machines in the left navigation pane.
  2. In the properties of web11597200, click on Extensions.
  3. Click the Add button to add an Extension.
  4. Scroll down the list of extensions and select Microsoft Antimalware.
  5. Click the Create button. This will open the settings pane for the Microsoft Antimalware Extension.
  6. In the Scan day field, select Friday.
  7. In the Scan time field, enter 60. The scan time is measured in minutes after midnight so 60 would be 01:00, 120 would be 02:00 etc.
  8. Click the OK button to save the configuration and install the extension.
    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.