ExamGecko
Home Home / Microsoft / AZ-500

Microsoft AZ-500 Practice Test - Questions Answers, Page 3

Question list
Search
Search

List of questions

Search

Related questions











HOTSPOT

You are evaluating the effect of the application security groups on the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 21
Correct answer: Question 21

Explanation:

Box 1: No. VM4 is in Subnet13 which has NSG3 attached to it.

VM1 is in ASG1. NSG3 would only allow ICMP pings from ASG2 but not ASG1. Only TCP traffic is allowed from ASG1.

NSG3 has the inbound security rules shown in the following table.

Box 2: Yes.

VM2 is in ASG2. Any protocol is allowed from ASG2 so ICMP ping would be allowed.

Box3. VM1 is in ASG1. TCP traffic is allowed from ASG1 so VM1 could connect to the web server as connections to the web server would be on ports TCP 80 or TCP 443.

You need to meet the technical requirements for VNetwork1.

What should you do first?

A.
Create a new subnet on VNetwork1.
A.
Create a new subnet on VNetwork1.
Answers
B.
Remove the NSGs from Subnet11 and Subnet13.
B.
Remove the NSGs from Subnet11 and Subnet13.
Answers
C.
Associate an NSG to Subnet12.
C.
Associate an NSG to Subnet12.
Answers
D.
Configure DDoS protection for VNetwork1.
D.
Configure DDoS protection for VNetwork1.
Answers
Suggested answer: A

Explanation:

From scenario: Deploy Azure Firewall to VNetwork1 in Sub2.

Azure firewall needs a dedicated subnet named AzureFirewallSubnet.

References:

https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal

HOTSPOT

You are evaluating the security of VM1, VM2, and VM3 in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 23
Correct answer: Question 23

Explanation:

VM1: Yes. NSG2 applies to VM1 and this allows inbound traffic on port 80.

VM2: No. NSG2 and NSG1 apply to VM2. NSG2 allows the inbound traffic on port 80 but NSG1 does not allow it. VM3: Yes. There are no NSGs applying to VM3 so all ports will be open.

DRAG DROP

You need to perform the planned changes for OU2 and User1.

Which tools should you use? To answer, drag the appropriate tools to the correct resources. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.


Question 24
Correct answer: Question 24

You need to meet the technical requirements for the finance department users.

Which CAPolicy1 settings should you modify?

A.
Cloud apps or actions
A.
Cloud apps or actions
Answers
B.
Conditions
B.
Conditions
Answers
C.
Grant
C.
Grant
Answers
D.
Session
D.
Session
Answers
Suggested answer: D

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime

HOTSPOT

You need to delegate the creation of RG2 and the management of permissions for RG1.

Which users can perform each task? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 26
Correct answer: Question 26

Explanation:

Box 1: Admin3 only

The Contributor role has the necessary write permissions to create the resource group.

Box 2: Admin4 only

You need Owner level access to be able to manage permissions. The Contributor role can do most things but cannot modify permissions on existing objects.

You need to ensure that you can meet the security operations requirements. What should you do first?

A.
Turn on Auto Provisioning in Security Center.
A.
Turn on Auto Provisioning in Security Center.
Answers
B.
Integrate Security Center and Microsoft Cloud App Security.
B.
Integrate Security Center and Microsoft Cloud App Security.
Answers
C.
Upgrade the pricing tier of Security Center to Standard.
C.
Upgrade the pricing tier of Security Center to Standard.
Answers
D.
Modify the Security Center workspace configuration.
D.
Modify the Security Center workspace configuration.
Answers
Suggested answer: C

Explanation:

The Standard tier extends the capabilities of the Free tier to workloads running in private and other public clouds, providing unified security management and threat protection across your hybrid cloud workloads. The Standard tier also adds advanced threat detection capabilities, which uses built-in behavioral analytics and machine learning to identify attacks and zero-days exploits, access and application controls to reduce exposure to network attacks and malware, and more.

Scenario: Security Operations Requirements

Litware must be able to customize the operating system security configurations in Azure Security Center.

Reference:

https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing

Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. The company develops an application named App1. App1 is registered in Azure AD.

You need to ensure that App1 can access secrets in Azure Key Vault on behalf of the application users. What should you configure?

A.
an application permission without admin consent
A.
an application permission without admin consent
Answers
B.
a delegated permission without admin consent
B.
a delegated permission without admin consent
Answers
C.
a delegated permission that requires admin consent
C.
a delegated permission that requires admin consent
Answers
D.
an application permission that requires admin consent
D.
an application permission that requires admin consent
Answers
Suggested answer: B

Explanation:

Delegated permissions - Your client application needs to access the web API as the signed-in user, but with access limited by the selected permission. This type of permission can be granted by a user unless the permission requires administrator consent.

Incorrect Answers:

A, D: Application permissions - Your client application needs to access the web API directly as itself (no user context). This type of permission requires administrator consent and is also not available for public (desktop and mobile) client applications.

References: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis

Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory Azure (Azure AD) tenant named contoso.com. The company develops a mobile application named App1. App1 uses the OAuth 2 implicit grant type to acquire Azure AD access tokens. You need to register App1 in Azure AD.

What information should you obtain from the developer to register the application?

A.
a redirect URI
A.
a redirect URI
Answers
B.
a reply URL
B.
a reply URL
Answers
C.
a key
C.
a key
Answers
D.
an application ID
D.
an application ID
Answers
Suggested answer: A

Explanation:

For Native Applications you need to provide a Redirect URI, which Azure AD will use to return token responses. References: https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code

From the Azure portal, you are configuring an Azure policy.

You plan to assign policies that use the DeployIfNotExist, AuditIfNotExist, Append, and Deny effects. Which effect requires a managed identity for the assignment?

A.
AuditIfNotExist
A.
AuditIfNotExist
Answers
B.
Append
B.
Append
Answers
C.
DeployIfNotExist
C.
DeployIfNotExist
Answers
D.
Deny
D.
Deny
Answers
Suggested answer: C

Explanation:

When Azure Policy runs the template in the deployIfNotExists policy definition, it does so using a managed identity. References: https://docs.microsoft.com/bs-latn-ba/azure/governance/policy/how-to/remediate-resources

Total 439 questions
Go to page: of 44