ExamGecko
Search Search Login
Home Home / Microsoft / AZ-500

Microsoft AZ-500 Practice Test - Questions Answers, Page 29

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Simulation LAB Task 1 You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.
You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM). A user named User1 is eligible for the Billing administrator role. You need to ensure that the role can only be used for a maximum of two hours. What should you do?
HOTSPOT You have an Azure key vault named KeyVault1 that contains the items shown in the following table. In KeyVault1 the following events occur in sequence: • item is deleted. • ltem2 and Policy1 are deleted. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have an Azure subscription that uses Microsoft Defender for Cloud. You have accounts for the following cloud services: • Alibaba Cloud • Amazon Web Services (AWS) • Google Cloud Platform (GCP) What can you add to Defender for Cloud?
From Azure Security, you create a custom alert rule. You need to configure which users will receive an email message when the alert is triggered. What should you do?
HOTSPOT You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as shown in the following table. You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6. Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
SIMULATION You need to ensure that User2-11641655 has all the key permissions for KeyVault11641655. To complete this task, sign in to the Azure portal and modify the Azure resources.
You have an Azure subscription that contains the virtual networks shown in the following table. The subscription contains the virtual machines shown in the following table. On NIC1, you configure an application security group named ASG1. On which other network interfaces can you configure ASG1?
You have an Azure subscription that uses Microsoft Defender for Cloud. You have an Amazon Web Services (AWS) account. You need to ensure that when you deploy a new AWS Elastic Compute Cloud (EC2) instance, the Microsoft Defender for Servers agent installs automatically. What should you configure first?
You are configuring and securing a network environment. You deploy an Azure virtual machine named VM1 that is configured to analyze network traffic. You need to ensure that all network traffic is routed through VM1. What should you configure?

Question 281

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains the storage accounts shown in the following table.

You need to configure authorization access.

Which authorization types can you use for each storage account? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 281
Correct answer: Question 281

Explanation:

Reference: https://docs.microsoft.com/en-us/azure/storage/common/authorize-data-access 0CB84EF020870C137158A568970423A4

Question 282

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains an Azure SQL database named SQL1.

You plan to deploy a web app named App1.

You need to provide App1 with read and write access to SQL1. The solution must meet the following requirements:

Provide App1 with access to SQL1 without storing a password.

Use the principle of least privilege. Minimize administrative effort.

Which type of account should App1 use to access SQL1, and which database roles should you assign to App1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 282
Correct answer: Question 282

Explanation:

https://docs.microsoft.com/en-us/azure/app-service/tutorial-connect-msi-sql-database?tabs=windowsclient%2Cdotnet

Question 283

Report
Export
Collapse

HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that contains two users named User1 and User2 and a registered app named App1. You create an app-specific role named Role1.

You need to assign Role1 to User1 and enable User2 to request access to App1.

Which two settings should you modify? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.


Question 283
Correct answer: Question 283

Explanation:

Box 1: Roles and administrators

Here you will find Role1 and be able to assign User1 to the role.

Box 2: Self Service

Under Self Service, there is an option to “Allow users to request access to this application”.

Question 284

Report
Export
Collapse

You have an Azure subscription that contains the resources shown in the following table.

You plan to deploy the virtual machines shown in the following table.

You need to assign managed identities to the virtual machines. The solution must meet the following requirements:

Assign each virtual machine the required roles. Use the principle of least privilege.

What is the minimum number of managed identities required?

A.
1
A.
1
Answers
B.
2
B.
2
Answers
C.
3
C.
3
Answers
D.
4
D.
4
Answers
Suggested answer: B

Explanation:

We have two different sets of required permissions. VM1 and VM2 have the same permission requirements. VM3 and VM4 have the same permission requirements.

A user-assigned managed identity can be assigned to one or many resources. By using user-assigned managed identities, we can create just two managed identities: one with the permission requirements for VM1 and VM2 and the other with the permission requirements for VM3 and VM4.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

Question 285

Report
Export
Collapse

SIMULATION

You need to ensure that a user named user2-12345678 can manage the properties of the virtual machines in the RG1lod12345678 resource group. The solution must use the principle of least privilege.

To complete this task, sign in to the Azure portal.

A.
A.
Answers
Suggested answer: A

Explanation:

Answer: A

Explanation:

1. Sign in to the Azure portal.

2. Browse to Resource Groups.

3. Select the RG1lod12345678 resource group.

4. Select Access control (IAM).

5. Select Add > role assignment.

6. Select Virtual Machine Contributor (you can filter the list of available roles by typing ‘virtual’ in the search box) then click Next.

7. Select the +Select members option and select user2-12345678 then click the Select button.

8. Click the Review + assign button twice.

Reference:

https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=current

Question 286

Report
Export
Collapse

SIMULATION

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password. place your cursor in the Enter password box and click on the password below. Azure Username: Userl [email protected]

Azure Password: GpOAe4@lDg

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab. The following information is for technical support purposes only:

Lab Instance: 28681041

Task 10

You need to create a new Azure AD directory named 28681041.onmicrosoft.com. The new directory must contain a new user named [email protected].

A.
A.
Answers
Suggested answer: A

Explanation:

Answer: A

Explanation:

The first step is to create the Azure Active Directory tenant.

To create a new Azure AD directory named 28681041.onmicrosoft.com that contains a new user

named [email protected], you can follow these steps:

In the Azure portal, search for and select Azure Active Directory.

In the left pane, select Domains.

Select Add domain.

In the Add a custom domain pane, enter the following information:

Domain name: Enter the domain name you want to use. For example, 28681041.onmicrosoft.com.

Add domain: Select Add domain.

In the left pane, select Users.

Select New user.

In the New user pane, enter the following information:

User name: Enter the user name you want to use. For example, [email protected].

Name: Enter the name of the user.

Password: Enter a password for the user.

Groups: Select the groups you want the user to be a member of.

Select Create.

You can find more information on these topics in the following Microsoft documentation:

Add a custom domain name to Azure Active Directory

Create a new user in your organization - Azure Active Directory

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-access-create-new-tenant https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory

Question 287

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.

Transparent Data Encryption (TDE) is disabled on SQL1.

You assign policies to the resource groups as shown in the following table.

You plan to deploy Azure SQL databases by using an Azure Resource Manager (ARM) template. The databases will be configured as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 287
Correct answer: Question 287

Explanation:

https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects

Question 288

Report
Export
Collapse

You have an Azure subscription that contains an Azure SQL database named SQL1 and an Azure key vault namedKeyVault1. KeyVault1 stores the keys shown in the following table. You need to configure Transparent Data Encryption (TDE). TDE will use a customer-managed key for SQL1.

Which keys can you use?

A.
Key2 only
A.
Key2 only
Answers
B.
Key1 only
B.
Key1 only
Answers
C.
Key2 and Key3 only
C.
Key2 and Key3 only
Answers
D.
Key1, Key2, Key3, and Key4
D.
Key1, Key2, Key3, and Key4
Answers
E.
Key1 and Key2 only
E.
Key1 and Key2 only
Answers
Suggested answer: E

Explanation:

The key must be an asymmetric, RSA or RSA HSM key. The supported key lengths are 2048-bit and 3072-bit.

Reference:

https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview

Question 289

Report
Export
Collapse

SIMULATION

You need to create a web app named Intranet12345678 and enable users to authenticate to the web app by using Azure Active Directory (Azure AD). To complete this task, sign in to the Azure portal.

A.
A.
Answers
Suggested answer: A

Explanation:

Answer: A

Explanation:

1. In the Azure portal, type App services in the search box and select App services from the search results. 2. Click the Create app service button to create a new app service.

3. In the Resource Group section, click the Create new link to create a new resource group.

4. Give the resource group a name such as Intranet12345678RG and click OK.

5. In the Instance Details section, enter Intranet12345678 in the Name field.

6. In the Runtime stack field, select any runtime stack such as .NET Core 3.1.

7. Click the Review + create button.

8. Click the Create button to create the web app.

9. Click the Go to resource button to open the properties of the new web app.

10.In the Settings section, click on Authentication / Authorization.

11.Click the App Service Authentication slider to set it to On.

12.In the Action to take when request is not authentication box, select Log in with Azure Active Directory. 13.Click Save to save the changes.

Question 290

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains a resource group named RG1. RG1 contains a storage account named storage1.

You have two custom Azure roles named Role1 and Role2 that are scoped to RG1.

The permissions for Role1 are shown in the following JSON code.

The permissions for Role2 are shown in the following JSON code.

You assign the roles to the users shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 290
Correct answer: Question 290

Explanation:

Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles

Total 439 questions
Go to page: of 44
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms