ExamGecko
Search Search Login
Home Home / Microsoft / AZ-500

Microsoft AZ-500 Practice Test - Questions Answers, Page 18

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Simulation LAB Task 1 You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.
You are testing an Azure Kubernetes Service (AKS) cluster. The cluster is configured as shown in the exhibit. (Click the Exhibit tab.) You plan to deploy the cluster to production. You disable HTTP application routing. You need to implement application routing that will provide reverse proxy and TLS termination for AKS services by using a single IP address. What should you do?
HOTSPOT You have an Azure subscription that contains the resources shown in the following table. Transparent Data Encryption (TDE) is disabled on SQL1. You assign policies to the resource groups as shown in the following table. You plan to deploy Azure SQL databases by using an Azure Resource Manager (ARM) template. The databases will be configured as shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as shown in the following table. You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6. Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM). A user named User1 is eligible for the Billing administrator role. You need to ensure that the role can only be used for a maximum of two hours. What should you do?
You have an Azure subscription that contains the virtual networks shown in the following table. The subscription contains the virtual machines shown in the following table. On NIC1, you configure an application security group named ASG1. On which other network interfaces can you configure ASG1?
You are configuring and securing a network environment. You deploy an Azure virtual machine named VM1 that is configured to analyze network traffic. You need to ensure that all network traffic is routed through VM1. What should you configure?
From Azure Security, you create a custom alert rule. You need to configure which users will receive an email message when the alert is triggered. What should you do?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Subscription. The subscription contains 50 virtual machines that run Windows Server 2012 R2 or Windows Server 2016. You need to deploy Microsoft Antimalware to the virtual machines. Solution: You add an extension to each virtual machine. Does this meet the goal?
You have Azure Resource Manager templates that you use to deploy Azure virtual machines. You need to disable unused Windows features automatically as instances of the virtual machines are provisioned. What should you use?

Question 171

Report
Export
Collapse

HOTSPOT

Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. The tenant contains the users shown in the following table.

The tenant contains the groups shown in the following table.

You configure a multi-factor authentication (MFA) registration policy that has the following settings:

Assignments:

- Include: Group1

- Exclude Group2

Controls: Require Azure MFA registration

Enforce Policy: On

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 171
Correct answer: Question 171

Question 172

Report
Export
Collapse

SIMULATION

The developers at your company plan to publish an app named App11641655 to Azure.

You need to ensure that the app is registered to Azure Active Directory (Azure AD). The registration must use the sign-on URLs of https://app.contoso.com.

To complete this task, sign in to the Azure portal and modify the Azure resources.

A.
A.
Answers
Suggested answer: A

Explanation:

Answer: A

Explanation:

Step 1: Register the Application

1. Sign in to your Azure Account through the Azure portal.

2. Select Azure Active Directory.

3. Select App registrations.

4. Select New registration.

5. Name the application App11641655. Select a supported account type, which determines who can use the application. Under Redirect URI, select Web for the type of application you want to create. Enter the URI: https://app.contoso.com , where the access token is sent to.

6. Click Register

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal

Question 173

Report
Export
Collapse

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.

The User administrator role is assigned to a user named Admin1.

An external partner has a Microsoft account that uses the [email protected] sign in.

Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: “Unable to invite user [email protected] Generic authorization exception.”

You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.

What should you do?

A.
From the Roles and administrators blade, assign the Security administrator role to Admin1.
A.
From the Roles and administrators blade, assign the Security administrator role to Admin1.
Answers
B.
From the Organizational relationships blade, add an identity provider.
B.
From the Organizational relationships blade, add an identity provider.
Answers
C.
From the Custom domain names blade, add a custom domain.
C.
From the Custom domain names blade, add a custom domain.
Answers
D.
From the Users blade, modify the External collaboration settings.
D.
From the Users blade, modify the External collaboration settings.
Answers
Suggested answer: D

Question 174

Report
Export
Collapse

You have an Azure Active Directory (Azure AD) tenant.

You have the deleted objects shown in the following table.

On May 4, 2020, you attempt to restore the deleted objects by using the Azure Active Directory admin center.

Which two objects can you restore? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A.
Group1
A.
Group1
Answers
B.
Group2
B.
Group2
Answers
C.
User2
C.
User2
Answers
D.
User1
D.
User1
Answers
Suggested answer: B, C

Explanation:

Deleted users and deleted Office 365 groups are available for restore for 30 days.

You cannot restore a deleted security group.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-restore-deleted

Question 175

Report
Export
Collapse

HOTSPOT

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You create an Azure role by using the following JSON file.

You assign Role1 to User1 for RG1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 175
Correct answer: Question 175

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#compute

Question 176

Report
Export
Collapse

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named User1.

You plan to publish several apps in the tenant.

You need to ensure that User1 can grant admin consent for the published apps.

Which two possible user roles can you assign to User1 to achieve this goal? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A.
Security administrator
A.
Security administrator
Answers
B.
Cloud application administrator
B.
Cloud application administrator
Answers
C.
Application administrator
C.
Application administrator
Answers
D.
User administrator
D.
User administrator
Answers
E.
Application developer
E.
Application developer
Answers
Suggested answer: B, C

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent

Question 177

Report
Export
Collapse

You have an Azure subscription that is associated with an Azure Active Directory (Azure AD) tenant.

When a developer attempts to register an app named App1 in the tenant, the developer receives the error message shown in the following exhibit.

You need to ensure that the developer can register App1 in the tenant.

What should you do for the tenant?

A.
Modify the Directory properties.
A.
Modify the Directory properties.
Answers
B.
Set Enable Security defaults to Yes.
B.
Set Enable Security defaults to Yes.
Answers
C.
Configure the Consent and permissions settings for enterprise applications.
C.
Configure the Consent and permissions settings for enterprise applications.
Answers
D.
Modify the User settings.
D.
Modify the User settings.
Answers
Suggested answer: D

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are-added

Question 178

Report
Export
Collapse

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant and a user named User1.

The App registrations settings for the tenant are configured as shown in the following exhibit.

You plan to deploy an app named App1.

You need to ensure that User1 can register App1 in Azure AD. The solution must use the principle of least privilege.

Which role should you assign to User1?

A.
App Configuration Data Owner for the subscription
A.
App Configuration Data Owner for the subscription
Answers
B.
Managed Application Contributor for the subscription
B.
Managed Application Contributor for the subscription
Answers
C.
Cloud application administrator in Azure AD
C.
Cloud application administrator in Azure AD
Answers
D.
Application developer in Azure AD
D.
Application developer in Azure AD
Answers
Suggested answer: D

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task

Question 179

Report
Export
Collapse

You have the Azure virtual machines shown in the following table.

Each virtual machine has a single network interface.

You add the network interface of VM1 to an application security group named ASG1.

You need to identify the network interfaces of which virtual machines you can add to ASG1.

What should you identify?

A.
VM2 only
A.
VM2 only
Answers
B.
VM2 and VM3 only
B.
VM2 and VM3 only
Answers
C.
VM2, VM3, VM4, and VM5
C.
VM2, VM3, VM4, and VM5
Answers
D.
VM2, VM3, and VM5 only
D.
VM2, VM3, and VM5 only
Answers
Suggested answer: B

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/virtual-network/application-security-groups

Question 180

Report
Export
Collapse

SIMULATION

You need to create a new Azure Active Directory (Azure AD) directory named 10317806.onmicrosoft.com. The new directory must contain a user named user10317806 who is configured to sign in by using Azure Multi-Factor Authentication (MFA).

A.
A.
Answers
Suggested answer: A

Explanation:

Answer: A

Explanation:

To create a new Azure AD tenant:

1. Browse to the Azure portal and sign in with an account that has an Azure subscription.

2. Select the plus icon (+) and search for Azure Active Directory.

3. Select Azure Active Directory in the search results.

4. Select Create.

5. Provide an Organization name (10317806) and an Initial domain name (10317806). Then select Create. This will create the directory named 10317806.onmicrosoft.com.

6. After directory creation is complete, select the information box to manage your new directory.

To create the user:

1. In the Azure portal, make sure you are on the Azure Active Directory fly out.

If not, select the Azure Active Directory icon from the left services navigation.

2. Under Manage, select Users.

3. Select All users and then select + New user.

4. Provide a Name and User name (user10317806) for the user. When you're done, select Create.

To enable MFA:

1. In the Azure portal, make sure you are on the Azure Active Directory fly out.

If not, select the Azure Active Directory icon from the left services navigation.

2. Under Manage, select Users.

3. Click on the Multi-Factor Authentication link.

4. Tick the checkbox next to the user’s name and click the Enable link.

Reference:

https://docs.microsoft.com/en-us/power-bi/developer/create-an-azure-active-directory-tenant

Total 439 questions
Go to page: of 44
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms