ExamGecko
Search Search Login
Home Home / Microsoft / AZ-500

Microsoft AZ-500 Practice Test - Questions Answers, Page 24

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Simulation LAB Task 1 You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.
You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM). A user named User1 is eligible for the Billing administrator role. You need to ensure that the role can only be used for a maximum of two hours. What should you do?
HOTSPOT You have an Azure key vault named KeyVault1 that contains the items shown in the following table. In KeyVault1 the following events occur in sequence: • item is deleted. • ltem2 and Policy1 are deleted. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as shown in the following table. You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6. Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure subscription that uses Microsoft Defender for Cloud. You have accounts for the following cloud services: • Alibaba Cloud • Amazon Web Services (AWS) • Google Cloud Platform (GCP) What can you add to Defender for Cloud?
SIMULATION You need to ensure that User2-11641655 has all the key permissions for KeyVault11641655. To complete this task, sign in to the Azure portal and modify the Azure resources.
You have an Azure subscription that contains the virtual networks shown in the following table. The subscription contains the virtual machines shown in the following table. On NIC1, you configure an application security group named ASG1. On which other network interfaces can you configure ASG1?
From Azure Security, you create a custom alert rule. You need to configure which users will receive an email message when the alert is triggered. What should you do?
You are testing an Azure Kubernetes Service (AKS) cluster. The cluster is configured as shown in the exhibit. (Click the Exhibit tab.) You plan to deploy the cluster to production. You disable HTTP application routing. You need to implement application routing that will provide reverse proxy and TLS termination for AKS services by using a single IP address. What should you do?
You have an Azure subscription that uses Microsoft Defender for Cloud. You have an Amazon Web Services (AWS) account. You need to ensure that when you deploy a new AWS Elastic Compute Cloud (EC2) instance, the Microsoft Defender for Servers agent installs automatically. What should you configure first?

Question 231

Report
Export
Collapse

HOTSPOT

You have the hierarchy of Azure resources shown in the following exhibit.

You create the Azure Blueprints definitions shown in the following table.

To which objects can you assign Blueprint1 and Blueprint2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 231
Correct answer: Question 231

Explanation:

Blueprints can only be assigned to subscriptions.

Question 232

Report
Export
Collapse

You have an Azure subscription that contains the Azure Log Analytics workspaces shown in the following table.

You create the virtual machines shown in the following table.

You plan to use Azure Sentinel to monitor Windows Defender Firewall on the virtual machines.

Which virtual machines you can connect to Azure Sentinel?

A.
VM1 only
A.
VM1 only
Answers
B.
VM1 and VM3 only
B.
VM1 and VM3 only
Answers
C.
VM1, VM2, VM3, and VM4
C.
VM1, VM2, VM3, and VM4
Answers
D.
VM1 and VM2 only
D.
VM1 and VM2 only
Answers
Suggested answer: C

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/sentinel/connect-windows-firewall

Question 233

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains a user named Admin1 and a resource group named RG1.

In Azure Monitor, you create the alert rules shown in the following table.

Admin1 performs the following actions on RG1:

Adds a virtual network named VNET1

Adds a Delete lock named Lock1

Which rules will trigger an alert as a result of the actions of Admin1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 233
Correct answer: Question 233

Question 234

Report
Export
Collapse

You have an Azure subscription that contains 100 virtual machines and has Azure Security Center Standard tier enabled.

You plan to perform a vulnerability scan of each virtual machine.

You need to deploy the vulnerability scanner extension to the virtual machines by using an Azure Resource Manager template.

Which two values should you specify in the code to automate the deployment of the extension to the virtual machines? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

A.
the user-assigned managed identity
A.
the user-assigned managed identity
Answers
B.
the workspace ID
B.
the workspace ID
Answers
C.
the Azure Active Directory (Azure AD) ID
C.
the Azure Active Directory (Azure AD) ID
Answers
D.
the Key Vault managed storage account key
D.
the Key Vault managed storage account key
Answers
E.
the system-assigned managed identity
E.
the system-assigned managed identity
Answers
F.
the primary shared key
F.
the primary shared key
Answers
Suggested answer: A, C

Question 235

Report
Export
Collapse

You have an Azure subscription that contains a user named Admin1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer.

Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center.

You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1.

What should you do?

A.
Create and configure a network security group (NSG).
A.
Create and configure a network security group (NSG).
Answers
B.
Create and configure an additional public IP address for VM1.
B.
Create and configure an additional public IP address for VM1.
Answers
C.
Replace the Basic Load Balancer with an Azure Standard Load Balancer.
C.
Replace the Basic Load Balancer with an Azure Standard Load Balancer.
Answers
D.
Assign an Azure Active Directory Premium Plan 1 license to Admin1.
D.
Assign an Azure Active Directory Premium Plan 1 license to Admin1.
Answers
Suggested answer: A

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-config-asc%2Cjit-request-asc

Question 236

Report
Export
Collapse

HOTSPOT

You have an Azure Sentinel workspace that contains an Azure Active Directory (Azure AD) connector, an Azure Log Analytics query named Query1 and a playbook named Playbook1.

Query1 returns a subset of security events generated by Azure AD.

You plan to create an Azure Sentinel analytic rule based on Query1 that will trigger Playbook1.

You need to ensure that you can add Playbook1 to the new rule.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 236
Correct answer: Question 236

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-custom

https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook

Question 237

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.

An IP address of 10.1.0.4 is assigned to VM5. VM5 does not have a public IP address.

VM5 has just in time (JIT) VM access configured as shown in the following exhibit.

You enable JIT VM access for VM5.

NSG1 has the inbound rules shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 237
Correct answer: Question 237

Question 238

Report
Export
Collapse

You have an Azure Active Directory (Azure AD) tenant and a root management group.

You create 10 Azure subscriptions and add the subscriptions to the root management group.

You need to create an Azure Blueprints definition that will be stored in the root management group.

What should you do first?

A.
Modify the role-based access control (RBAC) role assignments for the root management group.
A.
Modify the role-based access control (RBAC) role assignments for the root management group.
Answers
B.
Add an Azure Policy definition to the root management group.
B.
Add an Azure Policy definition to the root management group.
Answers
C.
Create a user assigned identity.
C.
Create a user assigned identity.
Answers
D.
Create a service principal.
D.
Create a service principal.
Answers
Suggested answer: A

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin

Question 239

Report
Export
Collapse

HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

Contoso.com contains a group naming policy. The policy has a custom blocked word list rule that includes the word Contoso.

Which users can create a group named Contoso Sales in contoso.com? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 239
Correct answer: Question 239

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-naming-policy

Question 240

Report
Export
Collapse

DRAG DROP

You have five Azure subscriptions linked to a single Azure Active Directory (Azure AD) tenant.

You create an Azure Policy initiative named SecurityPolicyInitiative1.

You identify which standard role assignments must be configured on all new resource groups.

You need to enforce SecurityPolicyInitiative1 and the role assignments when a new resource group is created.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.


Question 240
Correct answer: Question 240

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/governance/blueprints/create-blueprint-portal

https://docs.microsoft.com/en-us/azure/azure-australia/azure-policy

Total 439 questions
Go to page: of 44
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms