ExamGecko
Search Search Login
Home Home / Microsoft / AZ-500

Microsoft AZ-500 Practice Test - Questions Answers, Page 31

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Simulation LAB Task 1 You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.
You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM). A user named User1 is eligible for the Billing administrator role. You need to ensure that the role can only be used for a maximum of two hours. What should you do?
HOTSPOT You have an Azure key vault named KeyVault1 that contains the items shown in the following table. In KeyVault1 the following events occur in sequence: • item is deleted. • ltem2 and Policy1 are deleted. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as shown in the following table. You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6. Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
SIMULATION You need to ensure that User2-11641655 has all the key permissions for KeyVault11641655. To complete this task, sign in to the Azure portal and modify the Azure resources.
From Azure Security, you create a custom alert rule. You need to configure which users will receive an email message when the alert is triggered. What should you do?
You have an Azure subscription that uses Microsoft Defender for Cloud. You have accounts for the following cloud services: • Alibaba Cloud • Amazon Web Services (AWS) • Google Cloud Platform (GCP) What can you add to Defender for Cloud?
You have an Azure subscription that uses Microsoft Defender for Cloud. You have an Amazon Web Services (AWS) account. You need to ensure that when you deploy a new AWS Elastic Compute Cloud (EC2) instance, the Microsoft Defender for Servers agent installs automatically. What should you configure first?
You have an Azure subscription that contains the virtual networks shown in the following table. The subscription contains the virtual machines shown in the following table. On NIC1, you configure an application security group named ASG1. On which other network interfaces can you configure ASG1?
You are configuring and securing a network environment. You deploy an Azure virtual machine named VM1 that is configured to analyze network traffic. You need to ensure that all network traffic is routed through VM1. What should you configure?

Question 301

Report
Export
Collapse

You have an Azure subscription that contains an Azure SQL Database logic server named SQL1 and an Azure virtual machine named VM1. VM1 uses a private IP address only. The Firewall and virtual networks settings for SQL1 are shown in the following exhibit.

You need to ensure that VM1 can connect to SQL1. The solution must use the principle of least privilege. What should you do?

A.
Add an existing virtual network.
A.
Add an existing virtual network.
Answers
B.
Set Connection Policy to Proxy.
B.
Set Connection Policy to Proxy.
Answers
C.
Create a new firewall rule.
C.
Create a new firewall rule.
Answers
D.
Set Allow Azure services and resources to access this server to Yes.
D.
Set Allow Azure services and resources to access this server to Yes.
Answers
Suggested answer: C

Question 302

Report
Export
Collapse

You have an Azure subscription that contains an Azure key vault. The role assignments for the key vault are shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

A.
A.
Answers
Suggested answer: A

Question 303

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains a resource group named RG1. RG1 contains a virtual machine named VM1 that uses Azure Active Directory (Azure AD) authentication. You have two custom Azure roles named Role1 and Role2 that are scoped to RG1.

The permissions for Role1 are shown in the following JSON code.

The permissions for Role2 are shown in the following JSON code.

You assign the roles to the users shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 303
Correct answer: Question 303

Question 304

Report
Export
Collapse

You have an Azure subscription that contains a resource group named RG1 and the network security groups (NSGs) shown in the following table.

You create the Azure policy shown in the following exhibit.

You assign the policy to RG1.

What will occur if you assign the policy to NSG1 and NSG2?

A.
Flow logs will be enabled for NSG1 and NSG2.
A.
Flow logs will be enabled for NSG1 and NSG2.
Answers
B.
Flow logs will be enabled for NSG2 only
B.
Flow logs will be enabled for NSG2 only
Answers
C.
Flow logs will be disabled for NSG1 and NSG2.
C.
Flow logs will be disabled for NSG1 and NSG2.
Answers
D.
Flow logs will be enabled for NSG1 only.
D.
Flow logs will be enabled for NSG1 only.
Answers
Suggested answer: B

Question 305

Report
Export
Collapse

You have a Microsoft Sentinel deployment.

You need to connect a third-party security solution to the deployment. The third-party solution will send Common Event Format (CER-formatted messages. What should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

A.
A.
Answers
Suggested answer: A

Question 306

Report
Export
Collapse

You have an Azure subscription that contains an Azure SQL database named SQL1 and an Azure key vault named KeyVault1. KeyVault1 stores the keys shown in the following table.

You reed to configure Transparent Data Encryption (TDE). TDE will use a customer-managed key for SQL1?

A.
Key1. Key2 Key3. and Key4
A.
Key1. Key2 Key3. and Key4
Answers
B.
Key1 only
B.
Key1 only
Answers
C.
Key2 only
C.
Key2 only
Answers
D.
Key1 and key2 only
D.
Key1 and key2 only
Answers
E.
Key2 and Key3 only
E.
Key2 and Key3 only
Answers
Suggested answer: E

Question 307

Report
Export
Collapse

You have an Azure subscription that contains the storage accounts shown in the following, table.

You enable Microsoft Defender for Storage.

Which storage services of storages are monitored by Microsoft Defender for Storage, and which storage accounts are protected by Microsoft Defender for Storage? To answer, select the appropriate options in the answer area.

A.
A.
Answers
Suggested answer: A

Question 308

Report
Export
Collapse

HOTSPOT

You have a management group named MG1 that contains an Azure subscription and a resource group named RG1. RG1 contains a virtual machine named VM1. You have the custom Azure roles shown in the following table.

The permissions for Role1 are shown in the following role definition file.

You assign the roles to the users shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No

NOTE: Each correct selection is worth one point.


Question 308
Correct answer: Question 308

Question 309

Report
Export
Collapse

You have an Azure subscription that contains the virtual machines shown in the following table.

VNET1, VNET2, and VNET3 are peered with each other. You perform the following actions:

* Create two application security groups named ASG1 and ASG2 in the West US region.

* Add the network interface of VM1 to ASG1.

A.
A.
Answers
Suggested answer: A

Question 310

Report
Export
Collapse

You have 15 Azure virtual machines in a resource group named RG1.

All virtual machines run identical applications.

You need to prevent unauthorized applications and malware from running on the virtual machines.

What should you do?

A.
Configure Azure Active Directory (Azure AD) Identity Protection.
A.
Configure Azure Active Directory (Azure AD) Identity Protection.
Answers
B.
From Microsoft Defender for Cloud, configure adaptive application controls.
B.
From Microsoft Defender for Cloud, configure adaptive application controls.
Answers
C.
Apply an Azure policy to RGI.
C.
Apply an Azure policy to RGI.
Answers
D.
Apply a resource lock to RGI.
D.
Apply a resource lock to RGI.
Answers
Suggested answer: B

Explanation:

Microsoft Defender for Cloud helps you prevent, detect, and respond to threats. Defender for Cloud gives you increased visibility into, and control over, the security of your Azure resources. It provides integrated security monitoring and policy management across your Azure subscriptions. It helps detect threats that might otherwise go unnoticed, and works with a broad ecosystem of security solutions. Defender for Cloud helps you optimize and monitor the security of your virtual machines by:

Providing security recommendations for the virtual machines. Example recommendations include:

apply system updates, configure ACLs endpoints, enable antimalware, enable network security groups, and apply disk encryption. Monitoring the state of your virtual machines.

https://learn.microsoft.com/en-us/azure/security/fundamentals/virtual-machines-overview

Total 439 questions
Go to page: of 44
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms