ExamGecko
Search Search Login
Home Home / Microsoft / AZ-500

Microsoft AZ-500 Practice Test - Questions Answers, Page 20

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Simulation LAB Task 1 You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.
You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM). A user named User1 is eligible for the Billing administrator role. You need to ensure that the role can only be used for a maximum of two hours. What should you do?
HOTSPOT You have an Azure key vault named KeyVault1 that contains the items shown in the following table. In KeyVault1 the following events occur in sequence: • item is deleted. • ltem2 and Policy1 are deleted. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as shown in the following table. You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6. Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure subscription that uses Microsoft Defender for Cloud. You have accounts for the following cloud services: • Alibaba Cloud • Amazon Web Services (AWS) • Google Cloud Platform (GCP) What can you add to Defender for Cloud?
SIMULATION You need to ensure that User2-11641655 has all the key permissions for KeyVault11641655. To complete this task, sign in to the Azure portal and modify the Azure resources.
You have an Azure subscription that contains the virtual networks shown in the following table. The subscription contains the virtual machines shown in the following table. On NIC1, you configure an application security group named ASG1. On which other network interfaces can you configure ASG1?
From Azure Security, you create a custom alert rule. You need to configure which users will receive an email message when the alert is triggered. What should you do?
You are testing an Azure Kubernetes Service (AKS) cluster. The cluster is configured as shown in the exhibit. (Click the Exhibit tab.) You plan to deploy the cluster to production. You disable HTTP application routing. You need to implement application routing that will provide reverse proxy and TLS termination for AKS services by using a single IP address. What should you do?
You have an Azure subscription that uses Microsoft Defender for Cloud. You have an Amazon Web Services (AWS) account. You need to ensure that when you deploy a new AWS Elastic Compute Cloud (EC2) instance, the Microsoft Defender for Servers agent installs automatically. What should you configure first?

Question 191

Report
Export
Collapse

HOTSPOT

You have a management group named Group1 that contains an Azure subscription named sub1. Sub1 has a subscription ID of 11111111-1234-1234-1234-1111111111.

You need to create a custom Azure role-based access control (RBAC) role that will delegate permissions to manage the tags on all the objects in Group1.

What should you include in the role definition of Role1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 191
Correct answer: Question 191

Explanation:

Note: Assigning a custom RBAC role as the Management Group level is currently in preview only. So, for now the answer to the assignable scope is the subscription level.

Reference:

https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations

https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles

https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal#step-5-assignable-scopes

Question 192

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains the custom roles shown in the following table.

In the Azure portal, you plan to create new custom roles by cloning existing roles. The new roles will be configured as shown in the following table.

Which roles can you clone to create each new role? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 192
Correct answer: Question 192

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/roles/custom-create

https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal

Question 193

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains the Azure Active Directory (Azure AD) resources shown in the following table.

You create the groups shown in the following table.

Which resources can you add to Group5 and Group6? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 193
Correct answer: Question 193

Question 194

Report
Export
Collapse

HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains three security groups named Group1, Group2, and Group3 and the users shown in the following table.

Group3 is a member of Group2.

In contoso.com, you register an enterprise application named App1 that has the following settings:

Owners: User1

Users and groups: Group2

You configure the properties of App1 as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select no.

NOTE: Each correct selection is worth one point.


Question 194
Correct answer: Question 194

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/assign-user-or-group-access-portal

Question 195

Report
Export
Collapse

You have an Azure subscription that contains the resources shown in the following table.

You need to ensure that ServerAdmins can perform the following tasks:

Create virtual machines in RG1 only.

Connect the virtual machines to the existing virtual networks in RG2 only.

The solution must use the principle of least privilege.

Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.
a custom RBAC role for RG2
A.
a custom RBAC role for RG2
Answers
B.
the Network Contributor role for RG2
B.
the Network Contributor role for RG2
Answers
C.
the Contributor role for the subscription
C.
the Contributor role for the subscription
Answers
D.
a custom RBAC role for the subscription
D.
a custom RBAC role for the subscription
Answers
E.
the Network Contributor role for RG1
E.
the Network Contributor role for RG1
Answers
F.
the Virtual Machine Contributor role for RG1
F.
the Virtual Machine Contributor role for RG1
Answers
Suggested answer: A, F

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

Question 196

Report
Export
Collapse

HOTSPOT

Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure Active Directory (Azure AD).

The Azure AD tenant contains the users shown in the following table.

You configure the Authentication methods – Password Protection settings for adatum.com as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 196
Correct answer: Question 196

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-deploy

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad

Question 197

Report
Export
Collapse

HOTSPOT

Your company has an Azure subscription named Subscription1. Subscription1 is associated with the Azure Active Directory tenant that includes the users shown in the following table.

The company is sold to a new owner.

The company needs to transfer ownership of Subscription1.

Which user can transfer the ownership and which tool should the user use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 197
Correct answer: Question 197

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/billing-subscription-transfer

Question 198

Report
Export
Collapse

You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. You are assigned the Global administrator role for the tenant. You are responsible for managing Azure Security Center settings. You need to create a custom sensitivity label.

What should you do first?

A.
Create a custom sensitive information type.
A.
Create a custom sensitive information type.
Answers
B.
Elevate access for global administrators in Azure AD.
B.
Elevate access for global administrators in Azure AD.
Answers
C.
Upgrade the pricing tier of the Security Center to Standard.
C.
Upgrade the pricing tier of the Security Center to Standard.
Answers
D.
Enable integration with Microsoft Cloud App Security.
D.
Enable integration with Microsoft Cloud App Security.
Answers
Suggested answer: A

Explanation:

First, you need to create a new sensitive information type because you can't directly modify the default rules. References: https://docs.microsoft.com/en-us/office365/securitycompliance/customize-a-built-in-sensitive-information-type

Question 199

Report
Export
Collapse

You have an Azure subscription named Sub1.

In Azure Security Center, you have a security playbook named Play1. Play1 is configured to send an email message to a user named User1. You need to modify Play1 to send email messages to a distribution group named Alerts.

What should you use to modify Play1?

A.
Azure DevOps
A.
Azure DevOps
Answers
B.
Azure Application Insights
B.
Azure Application Insights
Answers
C.
Azure Monitor
C.
Azure Monitor
Answers
D.
Azure Logic Apps Designer
D.
Azure Logic Apps Designer
Answers
Suggested answer: D

Explanation:

You can change an existing playbook in Security Center to add an action, or conditions. To do that you just need to click on the name of the playbook that you want to change, in the Playbooks tab, and Logic App Designer opens up. References: https://docs.microsoft.com/en-us/azure/security-center/security-center-playbooks

Question 200

Report
Export
Collapse

You create a new Azure subscription.

You need to ensure that you can create custom alert rules in Azure Security Center.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.
Onboard Azure Active Directory (Azure AD) Identity Protection.
A.
Onboard Azure Active Directory (Azure AD) Identity Protection.
Answers
B.
Create an Azure Storage account.
B.
Create an Azure Storage account.
Answers
C.
Implement Azure Advisor recommendations.
C.
Implement Azure Advisor recommendations.
Answers
D.
Create an Azure Log Analytics workspace.
D.
Create an Azure Log Analytics workspace.
Answers
E.
Upgrade the pricing tier of Security Center to Standard.
E.
Upgrade the pricing tier of Security Center to Standard.
Answers
Suggested answer: B, D

Explanation:

D: You need write permission in the workspace that you select to store your custom alert.

References: https://docs.microsoft.com/en-us/azure/security-center/security-center-custom-alert

Total 439 questions
Go to page: of 44
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms