Ask Question
AZ-500: Microsoft Azure Security Technologies
Microsoft
Exam Questions:
442
.png)
2.370 Learners
The Microsoft Certified: Azure Security Technologies (AZ-500) exam is a crucial certification for anyone aiming to advance their career in cloud security on Microsoft Azure. Our topic is your ultimate resource for AZ-500 practice test shared by individuals who have successfully passed the exam. These practice tests provide real-world scenarios and invaluable insights to help you ace your preparation.
Why Use AZ-500 Practice Test?
-
Real Exam Experience: Our practice test accurately replicates the format and difficulty of the actual Microsoft AZ-500 exam, providing you with a realistic preparation experience.
-
Identify Knowledge Gaps: Practicing with these tests helps you identify areas where you need more study, allowing you to focus your efforts effectively.
-
Boost Confidence: Regular practice with exam-like questions builds your confidence and reduces test anxiety.
-
Track Your Progress: Monitor your performance over time to see your improvement and adjust your study plan accordingly.
Key Features of AZ-500 Practice Test:
-
Up-to-Date Content: Our community ensures that the questions are regularly updated to reflect the latest exam objectives and technology trends.
-
Detailed Explanations: Each question comes with detailed explanations, helping you understand the correct answers and learn from any mistakes.
-
Comprehensive Coverage: The practice test covers all key topics of the Microsoft AZ-500 exam, including identity and access management, security operations, threat protection, and more.
-
Customizable Practice: Create your own practice sessions based on specific topics or difficulty levels to tailor your study experience to your needs.
Exam number: AZ-500
Exam name: Microsoft Certified: Azure Security Technologies
Length of test: 100 minutes
Exam format: Multiple-choice and multiple-response questions.
Exam language: English
Number of questions in the actual exam: Maximum of 40-60 questions
Passing score: 700/1000
Use the member-shared Microsoft AZ-500 Practice Test to ensure you’re fully prepared for your certification exam. Start practicing today and take a significant step towards achieving your certification goals!
Related questions
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Subscription. The subscription contains 50 virtual machines that run Windows Server 2012 R2 or Windows Server 2016.
You need to deploy Microsoft Antimalware to the virtual machines.
Solution: You add an extension to each virtual machine.
Does this meet the goal?
Explanation:
You can use Visual Studio to enable and configure the Microsoft Antimalware service. This entails selecting Microsoft Antimalware extension from the dropdown list under Installed Extensions and click Add to configure with default antimalware configuration.
References:
https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware
Simulation LAB
Task 1
You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.
Unlock Premium Member
You have Azure Resource Manager templates that you use to deploy Azure virtual machines.
You need to disable unused Windows features automatically as instances of the virtual machines are provisioned. What should you use?
Explanation:
The primary use case for the Azure Desired State Configuration (DSC) extension is to bootstrap a VM to the Azure Automation State Configuration (DSC) service. The service provides benefits that include ongoing management of the VM configuration and integration with other operational tools, such as Azure Monitoring. Using the extension to register VM's to the service provides a flexible solution that even works across Azure subscriptions.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview
You are configuring and securing a network environment.
You deploy an Azure virtual machine named VM1 that is configured to analyze network traffic.
You need to ensure that all network traffic is routed through VM1.
What should you configure?
Explanation:
Although the use of system routes facilitates traffic automatically for your deployment, there are cases in which you want to control the routing of packets through a virtual appliance. You can do so by creating user defined routes that specify the next hop for packets flowing to a specific subnet to go to your virtual appliance instead, and enabling IP forwarding for the VM running as the virtual appliance.
Note: User Defined Routes
For most environments you will only need the system routes already defined by Azure. However, you may need to create a route table and add one or more routes in specific cases, such as:
Force tunneling to the Internet via your on-premises network.
Use of virtual appliances in your Azure environment.
In the scenarios above, you will have to create a route table and add user defined routes to it.
Reference:
https://github.com/uglide/azure-content/blob/master/articles/virtual-network/virtual-networks-udr-overview.md
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.
Transparent Data Encryption (TDE) is disabled on SQL1.
You assign policies to the resource groups as shown in the following table.
You plan to deploy Azure SQL databases by using an Azure Resource Manager (ARM) template. The databases will be configured as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Explanation:
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects
You have an Azure subscription that contains the Azure virtual machines shown in the following table.
You create an MDM Security Baseline profile named Profile1.
You need to identify to which virtual machines Profile1 can be applied.
Which virtual machines should you identify?
Explanation:
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/security-baselines
HOTSPOT
You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as shown in the following table.
You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6.
Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:
Update1: VM1 and VM2 only
VM3: Windows Server 2016 West US RG2
Update2: VM4 and VM5 only
VM6: CentOS 7.5 East US RG1
For Linux, the machine must have access to an update repository. The update repository can be private or public.
References:
https://docs.microsoft.com/en-us/azure/automation/automation-update-management
You are testing an Azure Kubernetes Service (AKS) cluster. The cluster is configured as shown in the exhibit. (Click the Exhibit tab.)
You plan to deploy the cluster to production. You disable HTTP application routing.
You need to implement application routing that will provide reverse proxy and TLS termination for AKS services by using a single IP address.
What should you do?
Explanation:
An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and TLS termination for Kubernetes services. References: https://docs.microsoft.com/en-us/azure/aks/ingress-tls
HOTSPOT
You have an Azure subscription that contains the following resources:
An Azure key vault
An Azure SQL database named Database1
Two Azure App Service web apps named AppSrv1 and AppSrv2 that are configured to use system-assigned managed identities and access Database1
You need to implement an encryption solution for Database1 that meets the following requirements:
The data in a column named Discount in Database1 must be encrypted so that only AppSrv1 can decrypt the data. AppSrv1 and AppSrv2 must be authorized by using managed identities to obtain cryptographic keys.
How should you configure the encryption settings for Database1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/always-encrypted-azure-key-vault-configure?tabs=azure-powershell
HOTSPOT
You have an Azure key vault.
You need to delegate administrative access to the key vault to meet the following requirements:
Provide a user named User1 with the ability to set advanced access policies for the key vault.
Provide a user named User2 with the ability to add and delete certificates in the key vault.
Use the principle of least privilege.
What should you use to assign access to each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:
User1: RBAC
RBAC is used as the Key Vault access control mechanism for the management plane. It would allow a user with the proper identity to:
set Key Vault access policies
create, read, update, and delete key vaults
set Key Vault tags
Note: Role-based access control (RBAC) is a system that provides fine-grained access management of Azure resources. Using RBAC, you can segregate duties within your team and grant only the amount of access to users that they need to perform their jobs.
User2: A key vault access policy
A key vault access policy is the access control mechanism to get access to the key vault data plane. Key Vault access policies grant permissions separately to keys, secrets, and certificates.
References:
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault
Question