Download the Latest AZ-500 Dumps - 2024 AZ-500 Exam Questions [Q57-Q74]

Rate this post

Download the Latest AZ-500 Dumps – 2024 AZ-500 Exam Questions

Latest Microsoft AZ-500 Certification Practice Test Questions

What are the requirements for the Microsoft AZ-500 exam?

The potential candidates for this certification exam are Azure Security Engineers. These specialists serve as the members of a bigger team that works on Cloud-based security and management or hybrid environments. Although the test has no official prerequisites, it is recommended that the students have a good understanding of the exam topics. The applicants should also have the skills in automation and scripting as well as an extensive understanding of networking and virtualization. It’s also important that the individuals get familiar with Cloud capabilities as well as Azure services and products and other products and services offered by Microsoft.

The Microsoft AZ-500 exam consists of approximately 40-60 multiple-choice questions that need to be completed within 150 minutes. AZ-500 exam is available in multiple languages, including English, Japanese, Chinese, and Spanish. AZ-500 exam can be taken at any Microsoft testing center or online, making it easy to take for professionals who have a busy schedule.

To pass the Microsoft AZ-500 exam, candidates need to have a strong understanding of Azure security technologies and best practices. They should be able to identify and mitigate security risks, implement security controls, and monitor and respond to security incidents. In addition, candidates should have hands-on experience with Azure security tools and services, such as Azure Security Center, Azure Active Directory, Azure Information Protection, and Azure Key Vault. By obtaining this certification, professionals can enhance their career prospects and demonstrate their expertise in Azure security to potential employers.

NO.57 You have an Azure subscription that contains an Azure Sentinel workspace.
Azure Sentinel is configured to ingest logs from several Azure workloads. A third-party service management platform is used to manage incidents.
You need to identify which Azure Sentinel components to configure to meet the following requirements:
When Azure Sentinel identifies a threat, an incident must be created.
A ticket must be logged in the service management platform when an incident is created in Azure Sentinel.
Which component should you identify for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/create-incidents-from-alerts
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook

NO.58 You have an Azure subscription that contains the users shown in the following table.

Which users can enable Azure AD Privileged Identity Management (PIM)?

User2 and User3 only

User1 and User2 only

User2 only

User1 only

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-deployment-plan

NO.59 You have two Azure virtual machines in the East US2 region as shown in the following table.

You deploy and configure an Azure Key vault.
You need to ensure that you can enable Azure Disk Encryption on VM1 and VM2.
What should you modify on each virtual machine? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Explanation

VM1: The Tier
The Tier needs to be upgraded to standard.
Disk Encryption for Windows and Linux IaaS VMs is in General Availability in all Azure public regions and Azure Government regions for Standard VMs and VMs with Azure Premium Storage.
VM2: The type
Need to change the VMtype to any of A, D, DS, G, GS, F, and so on, series IaaS VMs.
Not the operating system version: Ubuntu 16.04 is supported.
References:
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-overview
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-faq#bkmk_LinuxOSSupport

NO.60 You have the Azure key vaults shown in the following table.

KV1 stores a secret named Secret1 and a key for a managed storage account named Key1.
You back up Secret1 and Key1.
To which key vaults can you restore each backup? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

NO.61 You have a Microsoft Sentinel deployment.
You need to connect a third-party security solution to the deployment. The third-party solution will send Common Event Format (CER-formatted messages.
What should you include in the solution? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

NO.62 You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

You configure an access review named Review1 as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Explanation

Box 1: User3 only
Use the Members (self) option to have the users review their own role assignments.
Box 2: User3 will receive a confirmation request
Use the Should reviewer not respond list to specify what happens for users that are not reviewed by the reviewer within the review period. This setting does not impact users who have been reviewed by the reviewers manually. If the final reviewer’s decision is Deny, then the user’s access will be removed.
No change – Leave user’s access unchanged
Remove access – Remove user’s access
Approve access – Approve user’s access
Take recommendations – Take the system’s recommendation on denying or approving the user’s continued access References:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-start-se

NO.63 You have an Azure Active Directory (Azure AD) tenant named Contoso.com and an Azure Kubernetes Service (AKS) cluster AKS1.
You discover that AKS1 cannot be accessed by using accounts from Contoso.com.
You need to ensure AKS1 can be accessed by using accounts from Contoso.com. The solution must minimize administrative effort.
What should you do first?

From Azure recreate AKS1.

From AKS1, upgrade the version of Kubernetes.

From Azure AD, implement Azure AD Premium.

From Azure AD, configure the User settings.

Explanation/Reference:
https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration-cli

NO.64 You are evaluating the security of the network communication between the virtual machines in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

NO.65 You have an Azure subscription that contains the resources shown in the following table.

You create the Azure Storage accounts shown in the following table.

You need to configure auditing for SQL1.
Which storage accounts and Log Analytics workspaces can you use as the audit log destination? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Explanation

NO.66 You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You create a custom RBAC role in Subscription1 by using the following JSON file.

You assign Role1 to User1 on RG1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftcompute

NO.67 You have an Azure subscription that contains the virtual machines shown in the following table.

You create the Azure policies shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Explanation:

References:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking

NO.68 Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
The company develops an application named App1. App1 is registered in Azure AD.
You need to ensure that App1 can access secrets in Azure Key Vault on behalf of the application users.
What should you configure?

an application permission without admin consent

a delegated permission without admin consent

a delegated permission that requires admin consent

an application permission that requires admin consent

Delegated permissions – Your client application needs to access the web API as the signed-in user, but with access limited by the selected permission. This type of permission can be granted by a user unless the permission requires administrator consent.

NO.69 You have an Azure subscription that contains a user named User1 and an Azure Container Registry named ConReg1.
You enable content trust for ContReg1.
You need to ensure that User1 can create trusted images in ContReg1. The solution must use the principle of least privilege.
Which two roles should you assign to User1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

AcrQuarantineReader

Contributor

AcrPush

AcrImageSigner

AcrQuarantineWriter

Section: [none]
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-content-trust
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-roles

NO.70 You have an Azure subscription that contains the virtual machines shown in the following table.

Subnet1 and Subnet2 have a Microsoft.Storage service endpoint configured.
You have an Azure Storage account named storageacc1 that is configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Reference:
https://docs.microsoft.com/en-gb/azure/storage/common/storage-network-security

NO.71 You have an Azure subscription named Sub1. Sub1 has an Azure Storage account named Storage1 that contains the resources shown in the following table.

You generate a shared access signature (SAS) to connect to the blob service and the file service.
Which tool can you use to access the contents in Container1 and Share! by using the SAS? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Explanation

NO.72 You have an Azure subscription that contains the Azure Log Analytics workspaces shown in the following table.

You create the virtual machines shown in the following table.

You plan to use Azure Sentinel to monitor Windows Defender Firewall on the virtual machines.
Which virtual machines you can connect to Azure Sentinel?

VM1 and VM3 only

VM1 Only

VM1 and VM2 only

VM1, VM2, VM3 and VM4

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/connect-windows-firewall

NO.73 : 2 HOTSPOT
Which virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Explanation

Box 1: VNET4 and VNET1 only
RG1 has only Delete lock, while there are no locks on RG4.
RG2 and RG3 both have Read-only locks.
Box 2: VNET4 only
There are no locks on RG4, while the other resource groups have either Delete or Read-only locks.
Note: As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.
* CanNotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.
* ReadOnly means authorized users can read a resource, but they can’t delete or update the resource.
Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
Scenario:
User2 is a Security administrator.
Sub1 contains six resource groups named RG1, RG2, RG3, RG4, RG5, and RG6.
User2 creates the virtual networks shown in the following table.

Sub1 contains the locks shown in the following table.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

NO.74 Your network contains an on-premises Active Directory domain named contoso.com. The domain contains a user named User1.
You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains an Azure Storage account named storage1. Storage1 contains an Azure file share named share1.
Currently, the domain and the tenant are not integrated.
You need to ensure that User1 can access share1 by using his domain credentials.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-compliance-dashboard

Loading …

Verified AZ-500 Dumps Q&As – 1 Year Free & Quickly Updates: https://www.dumpstorrent.com/AZ-500-exam-dumps-torrent.html

Download the Latest AZ-500 Dumps – 2024 AZ-500 Exam Questions [Q57-Q74]

What are the requirements for the Microsoft AZ-500 exam?

admin

Leave a Reply Cancel reply