ExamGecko
Login
Home / Microsoft / AZ-500 / List of questions
Ask Question

Microsoft AZ-500 Practice Test - Questions Answers, Page 19

Add to Whishlist

List of questions

Question 181

Report Export Collapse

You have an Azure subscription named Subcription1 that contains an Azure Active Directory (Azure AD) tenant named contoso.com and a resource group named RG1.

You create a custom role named Role1 for contoso.com.

Where you can use Role1 for permission delegation?

Become a Premium Member for full access
  Unlock Premium Member

Question 182

Report Export Collapse

You have an Azure subscription.

You enable Azure Active Directory (Azure AD) Privileged Identity Management (PIM).

Your company’s security policy for administrator accounts has the following conditions:

The accounts must use multi-factor authentication (MFA).

The accounts must use 20-character complex passwords.

The passwords must be changed every 180 days.

The accounts must be managed by using PIM.

You receive multiple alerts about administrators who have not changed their password during the last 90 days.

You need to minimize the number of generated alerts.

Which PIM alert should you modify?

Become a Premium Member for full access
  Unlock Premium Member

Question 183

Report Export Collapse

Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure Active Directory (Azure AD). Azure AD Connect is installed on a domain member server named Server1.

You need to ensure that a domain administrator for the adatum.com domain can modify the synchronization options. The solution must use the principle of least privilege. Which Azure AD role should you assign to the domain administrator?

Become a Premium Member for full access
  Unlock Premium Member

Question 184

Report Export Collapse

You have an Azure subscription that contains the users shown in the following table.

Microsoft AZ-500 image Question 50 87297 10022024015440000000

Which users can enable Azure AD Privileged Identity Management (PIM)?

Become a Premium Member for full access
  Unlock Premium Member

Question 185

Report Export Collapse

You have an Azure subscription.

You plan to create a custom role-based access control (RBAC) role that will provide permission to read the Azure Storage account.

Which property of the RBAC role definition should you configure?

Become a Premium Member for full access
  Unlock Premium Member

Question 186

Report Export Collapse

You have an Azure subscription linked to an Azure Active Directory Premium Plan 1 tenant.

You plan to implement Azure Active Directory (Azure AD) Identity Protection.

You need to ensure that you can configure a user risk policy and a sign-in risk policy.

What should you do first?

Become a Premium Member for full access
  Unlock Premium Member

Question 187

Report Export Collapse

HOTSPOT

You have the hierarchy of Azure resources shown in the following exhibit.

Microsoft AZ-500 image Question 53 87300 10022024015440000000

RG1, RG2, and RG3 are resource groups.

RG2 contains a virtual machine named VM1.

You assign role-based access control (RBAC) roles to the users shown in the following table.

Microsoft AZ-500 image Question 53 87300 10022024015440000000

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Become a Premium Member for full access
  Unlock Premium Member

Question 188

Report Export Collapse

HOTSPOT

You plan to implement an Azure function named Function1 that will create new storage accounts for containerized application instances.

You need to grant Function1 the minimum required privileges to create the storage accounts. The solution must minimize administrative effort.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Become a Premium Member for full access
  Unlock Premium Member

Question 189

Report Export Collapse

You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant.

You need to grant Function1 the minimum required privileges.

Which additional resource will be created in Azure AD?

Become a Premium Member for full access
  Unlock Premium Member

Question 190

Report Export Collapse

HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that contains the resources shown in the following table.

Microsoft AZ-500 image Question 56 87303 10022024015440000000

User2 is the owner of Group2.

The user and group settings for App1 are configured as shown in the following exhibit.

Microsoft AZ-500 image Question 56 87303 10022024015440000000

You enable self-service application access for App1 as shown in the following exhibit.

Microsoft AZ-500 image Question 56 87303 10022024015440000000

User3 is configured to approve access to Appl.

You need to identify the owners of Group2 and the users of Appl.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Become a Premium Member for full access
  Unlock Premium Member
Total 442 questions
Go to page: of 45
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Subscription. The subscription contains 50 virtual machines that run Windows Server 2012 R2 or Windows Server 2016. You need to deploy Microsoft Antimalware to the virtual machines. Solution: You add an extension to each virtual machine. Does this meet the goal?
Simulation LAB Task 1 You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.
You have Azure Resource Manager templates that you use to deploy Azure virtual machines. You need to disable unused Windows features automatically as instances of the virtual machines are provisioned. What should you use?
You are configuring and securing a network environment. You deploy an Azure virtual machine named VM1 that is configured to analyze network traffic. You need to ensure that all network traffic is routed through VM1. What should you configure?
HOTSPOT You have an Azure subscription that contains the resources shown in the following table. Transparent Data Encryption (TDE) is disabled on SQL1. You assign policies to the resource groups as shown in the following table. You plan to deploy Azure SQL databases by using an Azure Resource Manager (ARM) template. The databases will be configured as shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the Azure virtual machines shown in the following table. You create an MDM Security Baseline profile named Profile1. You need to identify to which virtual machines Profile1 can be applied. Which virtual machines should you identify?
HOTSPOT You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as shown in the following table. You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6. Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You are testing an Azure Kubernetes Service (AKS) cluster. The cluster is configured as shown in the exhibit. (Click the Exhibit tab.) You plan to deploy the cluster to production. You disable HTTP application routing. You need to implement application routing that will provide reverse proxy and TLS termination for AKS services by using a single IP address. What should you do?
HOTSPOT You have an Azure key vault. You need to delegate administrative access to the key vault to meet the following requirements: Provide a user named User1 with the ability to set advanced access policies for the key vault. Provide a user named User2 with the ability to add and delete certificates in the key vault. Use the principle of least privilege. What should you use to assign access to each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You have an Azure subscription that contains the following resources: An Azure key vault An Azure SQL database named Database1 Two Azure App Service web apps named AppSrv1 and AppSrv2 that are configured to use system-assigned managed identities and access Database1 You need to implement an encryption solution for Database1 that meets the following requirements: The data in a column named Discount in Database1 must be encrypted so that only AppSrv1 can decrypt the data. AppSrv1 and AppSrv2 must be authorized by using managed identities to obtain cryptographic keys. How should you configure the encryption settings for Database1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.