ExamGecko
Search Search Login
Home Home / Microsoft / AZ-500

Microsoft AZ-500 Practice Test - Questions Answers, Page 32

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Simulation LAB Task 1 You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.
You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM). A user named User1 is eligible for the Billing administrator role. You need to ensure that the role can only be used for a maximum of two hours. What should you do?
HOTSPOT You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as shown in the following table. You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6. Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You have an Azure key vault named KeyVault1 that contains the items shown in the following table. In KeyVault1 the following events occur in sequence: • item is deleted. • ltem2 and Policy1 are deleted. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
SIMULATION You need to ensure that User2-11641655 has all the key permissions for KeyVault11641655. To complete this task, sign in to the Azure portal and modify the Azure resources.
From Azure Security, you create a custom alert rule. You need to configure which users will receive an email message when the alert is triggered. What should you do?
You have an Azure subscription that uses Microsoft Defender for Cloud. You have accounts for the following cloud services: • Alibaba Cloud • Amazon Web Services (AWS) • Google Cloud Platform (GCP) What can you add to Defender for Cloud?
You have an Azure subscription that uses Microsoft Defender for Cloud. You have an Amazon Web Services (AWS) account. You need to ensure that when you deploy a new AWS Elastic Compute Cloud (EC2) instance, the Microsoft Defender for Servers agent installs automatically. What should you configure first?
You have an Azure subscription that contains the virtual networks shown in the following table. The subscription contains the virtual machines shown in the following table. On NIC1, you configure an application security group named ASG1. On which other network interfaces can you configure ASG1?
You are configuring and securing a network environment. You deploy an Azure virtual machine named VM1 that is configured to analyze network traffic. You need to ensure that all network traffic is routed through VM1. What should you configure?

Question 311

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains the key vaults shown in the following table.

The subscription contains the users shown in the following table.

On June 1, you perform the following actions:

• Delete a key named key1 from KeyVault1.

• Delete a secret named secret 1 from KeyVault2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.


Question 311
Correct answer: Question 311

Question 312

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains a blob container named cont1. Cont1 has the access policies shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.


Question 312
Correct answer: Question 312

Question 313

Report
Export
Collapse

You have an Azure environment.

You need to identify any Azure configurations and workloads that are non-compliant with ISO 27001:2013 standards. What should you use?

A.
Azure Active Directory (Azure AD) Identity Protection
A.
Azure Active Directory (Azure AD) Identity Protection
Answers
B.
Microsoft Defender for Cloud
B.
Microsoft Defender for Cloud
Answers
C.
Microsoft Defender for Identity
C.
Microsoft Defender for Identity
Answers
D.
Microsoft Sentinel
D.
Microsoft Sentinel
Answers
Suggested answer: B

Question 314

Report
Export
Collapse

You have an Azure subscription that contains an Azure SQL database named DB1 in the East US Azure region. You create the storage accounts shown in the following table.

You plan to enable auditing for DB1.

Which storage accounts can you use as the auditing destination for DB1?

A.
storage1 only
A.
storage1 only
Answers
B.
storage1 and storage4 only
B.
storage1 and storage4 only
Answers
C.
Storage2 and storage3 only
C.
Storage2 and storage3 only
Answers
D.
storage1, storage2 and storage3 only
D.
storage1, storage2 and storage3 only
Answers
Suggested answer: C

Question 315

Report
Export
Collapse

You have an Azure subscription that contains an Azure Files share named share1 and a user named User1. Identity-based authentication is configured for share1. User1 attempts to access share1 from a Windows 10 device by using SMB.

Which type of token will Azure Files use to authorize the request?

A.
OAuth 20
A.
OAuth 20
Answers
B.
JSON Web Token (JWT)
B.
JSON Web Token (JWT)
Answers
C.
Kerberos
C.
Kerberos
Answers
D.
SAML
D.
SAML
Answers
Suggested answer: C

Question 316

Report
Export
Collapse

You have an Azure Active Directory (Azure AD) tenant. The tenant contains users that are assigned Azure AD Premium Plan 2 licenses. You have an partner company that has a domain named The fabrikam.com domain contains a user named user'. User' has an email address of [email protected]. You to provide User1 with to the resources in the tenant The solution must meet the following requirements:

user1 must be able to sign in by using the [email protected] credentials You must be able to grant User1 access to the resources in the tenant Administrative effort must be minimized.

What should you do?

A.
Create a user account for user1.
A.
Create a user account for user1.
Answers
B.
Create an invite for User1.
B.
Create an invite for User1.
Answers
C.
To the tenant add fabrikamcom as a custom domain
C.
To the tenant add fabrikamcom as a custom domain
Answers
D.
Set Enable guest self-service sign up via user flows to Yes for the tenant.
D.
Set Enable guest self-service sign up via user flows to Yes for the tenant.
Answers
Suggested answer: B

Question 317

Report
Export
Collapse

You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1 You need to ensure that the members of Group1 sign in by using passwordless authentication What should you do?

A.
Configure the Microsoft Authenticator authentication method policy.
A.
Configure the Microsoft Authenticator authentication method policy.
Answers
B.
Configure the certificate-based authentication (CBA) policy.
B.
Configure the certificate-based authentication (CBA) policy.
Answers
C.
Configure the sign-in risk policy.
C.
Configure the sign-in risk policy.
Answers
D.
Create a Conditional Access policy.
D.
Create a Conditional Access policy.
Answers
Suggested answer: A

Question 318

Report
Export
Collapse

You have an Azure subscription that contains a web app named App1.

Users must be able to select between a Google identity or a Microsoft identity when authenticating to App1. You need to add Google as an identity provider in Azure AD.

Which two pieces of information should you configure? Each correct answer presents part of the solution. Each correct selection is worth one point

A.
a tenant name
A.
a tenant name
Answers
B.
a tenant ID
B.
a tenant ID
Answers
C.
the endpoint URL Of an application
C.
the endpoint URL Of an application
Answers
D.
a client ID
D.
a client ID
Answers
E.
a client secret
E.
a client secret
Answers
Suggested answer: D, E

Explanation:

https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-google

Question 319

Report
Export
Collapse

You have an Azure key vault named Vault1 that stores the resources shown in following table.

Which resources support the creation of a rotation policy?

A.
Key1 Only
A.
Key1 Only
Answers
B.
Cert1 only
B.
Cert1 only
Answers
C.
Key1 and Secret1 only
C.
Key1 and Secret1 only
Answers
D.
Key1 and Cert1 only
D.
Key1 and Cert1 only
Answers
E.
Secret1 and Cert1 only
E.
Secret1 and Cert1 only
Answers
F.
Key1, Secret1, and Cert1
F.
Key1, Secret1, and Cert1
Answers
Suggested answer: C

Question 320

Report
Export
Collapse

You have an Azure subscription that contains a

You need to grant user1 access to blob1. The solution must ensure that the access expires after six days. What should you use?

A.
a shared access policy
A.
a shared access policy
Answers
B.
a shared access signature (SAS)
B.
a shared access signature (SAS)
Answers
C.
role-based access control (RBAC)
C.
role-based access control (RBAC)
Answers
D.
a managed identity
D.
a managed identity
Answers
Suggested answer: C

Explanation:

Depending on how you want to authorize access to blob data in the Azure portal, you'll need specific permissions. In most cases, these permissions are provided via Azure role-based access control (Azure RBAC). For more information about Azure RBAC, see What is Azure role-based access control

(Azure RBAC)?.

https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-data-operations-portal

Total 439 questions
Go to page: of 44
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms