Skip to Content

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers – 5

The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.

AZ-500 Microsoft Azure Security Technologies Exam Questions and Answers

AZ-500 Question 331

Question

SIMULATION
You need to collect all the audit failure data from the security log of a virtual machine named VM1 to an Azure Storage account.
To complete this task, sign in to the Azure portal.
This task might take several minutes to complete You can perform other tasks while the task completes.

Answer

See the explanation below.

Explanation

Step 1: Create a workspace Azure Monitor can collect data directly from your Azure virtual machines into a Log Analytics workspace for detailed analysis and correlation.
1. In the Azure portal, select All services. In the list of resources, type Log Analytics. As you begin typing, the list filters based on your input. Select Log Analytics workspaces.

In the Azure portal, select All services. In the list of resources, type Log Analytics. As you begin typing, the list filters based on your input. Select Log Analytics workspaces.

2. Select Create, and then select choices for the following items:

Select Create, and then select choices for the following items:

3. After providing the required information on the Log Analytics workspace pane, select OK.
While the information is verified and the workspace is created, you can track its progress under Notifications from the menu.

Step 2: Enable the Log Analytics VM Extension Installing the Log Analytics VM extension for Windows and Linux allows Azure Monitor to collect data from your Azure VMs.

  1. In the Azure portal, select All services found in the upper left-hand corner. In the list of resources, type Log Analytics. As you begin typing, the list filters based on your input. Select Log Analytics workspaces.
  2. In your list of Log Analytics workspaces, select DefaultWorkspace (the name you created in step 1).
  3. On the left-hand menu, under Workspace Data Sources, select Virtual machines.
  4. In the list of Virtual machines, select a virtual machine you want to install the agent on. Notice that the Log Analytics connection status for the VM indicates that it is Not connected.
  5. In the details for your virtual machine, select Connect. The agent is automatically installed and configured for your Log Analytics workspace. This process takes a few minutes, during which time the Status shows Connecting.

After you install and connect the agent, the Log Analytics connection status will be updated with This workspace.

Reference

AZ-500 Question 332

Question

HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.

Name Type Region Resource group
SQL1 Azure SQL database East US RG1
Analytics1 Azure Log Analytics Workspace East US RG1
Analytics2 Azure Log Analytics Workspace East US RG2
Analytics3 Azure Log Analytics Workspace West Europe RG1

You create the Azure Storage accounts shown in the following table.

Name Region Resource group Storage account type Access tier (default)
Storage1 East US RG1 Blob Cool
Storage2 East US RG2 General purpose V1 Not applicable
Storage3 West Europe RG1 General purpose V2 Hot

You need to configure auditing for SQL1.
Which storage accounts and Log Analytics workspaces can you use as the audit log destination? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Storage accounts that can be used as the audit log destination:

  • Storage1 only
  • Storage2 only
  • Storage1 and Storage2 only
  • Storage1, Storage2, and Storage3

Log Analytics workspaces that can be used as the audit log destination:

  • Analytics1 only
  • Analytics1 and Analytics2 only
  • Analytics1 and Analytics3 only
  • Analytics1, Analytics2, and Analytics3

Answer

Storage accounts that can be used as the audit log destination: Storage2 only
Log Analytics workspaces that can be used as the audit log destination: Analytics1, Analytics2, and Analytics3

AZ-500 Question 333

Question

SIMULATION
You need to ensure that the events in the NetworkSecurityGroupRuleCounter log of the VNET01-Subnet0-NSG network security group (NSG) are stored in the logs11597200 Azure Storage account for 30 days.
To complete this task, sign in to the Azure portal.

Answer

See the explanation below.

Explanation

You need to configure the diagnostic logging for the NetworkSecurityGroupRuleCounter log.

  1. In the Azure portal, type Network Security Groups in the search box, select Network Security Groups from the search results then select VNET01-Subnet0-NSG. Alternatively, browse to Network Security Groups in the left navigation pane.
  2. In the properties of the Network Security Group, click on Diagnostic Settings.
  3. Click on the Add diagnostic setting link.
  4. Provide a name in the Diagnostic settings name field. It doesn’t matter what name you provide for the exam.
  5. In the Log section, select NetworkSecurityGroupRuleCounter.
  6. In the Destination details section, select Archive to a storage account.
  7. In the Storage account field, select the logs11597200 storage account.
  8. In the Retention (days) field, enter 30.
  9. Click the Save button to save the changes.

AZ-500 Question 334

Question

You are collecting events from Azure virtual machines to an Azure Log Analytics workspace.
You plan to create alerts based on the collected events.
You need to identify which Azure services can be used to create the alerts.
Which two services should you identify? Each correct answer presents a complete solution NOTE: Each correct selection is worth one point.

A. Azure Monitor
B. Azure Security Center
C. Azure Analytics Services
D. Azure Sentinel
E. Azure Advisor

Answer

A. Azure Monitor
D. Azure Sentinel

AZ-500 Question 335

Question

HOTSPOT
You plan to use Azure Sentinel to create an analytic rule that will detect suspicious threats and automate responses.
Which components are required for the rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Detect suspicious threats:

  • A Kusto query language query
  • A Transact-SQL query
  • An Azure PowerShell query
  • An Azure Sentinel playbook

Automate responses:

  • An Azure Function app
  • An Azure PowerShell script
  • An Azure Sentinel playbook
  • An Azure Sentinel workbook

Answer

Detect suspicious threats: A Kusto query language query
Automate responses: An Azure Sentinel playbook

Reference

AZ-500 Question 336

Question

HOTSPOT
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

Name Role
Admin1 Global administrator
Admin2 Group administrator
Admin3 User administrator

Contoso.com contains a group naming policy. The policy has a custom blocked word list rule that includes the word Contoso.
Which users can create a group named Contoso Sales in contoso.com? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Users who can create a security group named Contoso Sales:

  • Admin1 only
  • Admin1 and Admin2 only
  • Admin1 and Admin3 only
  • Admin1, Admin2, and Admin3

Users who can create an Office 365 group named Contoso Sales:

  • Admin1 only
  • Admin1 and Admin2 only
  • Admin1 and Admin3 only
  • Admin1, Admin2, and Admin3

Answer

Users who can create a security group named Contoso Sales: Admin1 and Admin3 only
Users who can create an Office 365 group named Contoso Sales: Admin1 and Admin3 only

Reference

AZ-500 Question 337

Question

HOTSPOT
You have an Azure subscription that contains the following resources:

  • An Azure key vault
  • An Azure SQL database named Database1

Two Azure App Service web apps named AppSrv1 and AppSrv2 that are configured to use system-assigned managed identities and access Database1 You need to implement an encryption solution for Database1 that meets the following requirements:

  • The data in a column named Discount in Database1 must be encrypted so that only AppSrv1 can decrypt the data.
  • AppSrv1 and AppSrv2 must be authorized by using managed identities to obtain cryptographic keys.

How should you configure the encryption settings for Database1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

To configure the encryption of Database1:

  • Always Encrypted by using Azure Key Vault.
  • Always Encrypted by using the Windows Certificate Store.
  • Transparent Data Encryption (TDE) by using Azure Key Vault integration.
  • Transparent Data Encryption (TDE) by using Bring Your Own Key (BYOK).

To obtain the cryptographic keys:

  • Create an access policy in Azure Key Vault.
  • Generate a key on an HSM device.
  • Import App Service certificates to AppSrv1 and AppSrv2.
  • Register an enterprise application in Azure AD.

Answer

To configure the encryption of Database1: Always Encrypted by using Azure Key Vault.
To obtain the cryptographic keys: Generate a key on an HSM device.

Reference

AZ-500 Question 338

Question

You have an Azure environment.
You need to identify any Azure configurations and workloads that are non-compliant with ISO 27001 standards.
What should you use?

A. Azure Sentinel
B. Azure Active Directory (Azure AD) Identity Protection
C. Azure Security Center
D. Azure Advanced Threat Protection (ATP)

Answer

C. Azure Security Center

Reference

AZ-500 Question 339

Question

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Subscription named Sub1.
You have an Azure Storage account named Sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in Sa1 by using several shared access signatures (SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to Sa1.
Solution: You create a new stored access policy.
Does this meet the goal?

A. Yes

Answer

A. Yes

Explanation

To revoke a stored access policy, you can either delete it, or rename it by changing the signed identifier. Changing the signed identifier breaks the associations between any existing signatures and the stored access policy. Deleting or renaming the stored access policy immediately effects all of the shared access signatures associated with it.

Reference

AZ-500 Question 340

Question

You have an Azure Active Directory (Azure AD) tenant that contains two users named User1 and User2 and a registered app named App1.
You create an app-specific role named Role1.
You need to assign Role1 to User1 and enable User2 to request access to Appl.
Which two settings should you modify? To answer select the appropriate settings in the answer area
NOTE: Each correct selection is worth one point.

Owners
Roles and administrators (Preview)
Users and groups
Single sign-on
Provisioning
Application proxy
Self-service
Conditional Access
Permissions
Token encryption
Sign-ins
Usage & insights

Answer

Application proxy
Self-service

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.