ExamGecko
Search Search Login
Home Home / Microsoft / AZ-500

Microsoft AZ-500 Practice Test - Questions Answers, Page 33

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Simulation LAB Task 1 You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.
You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM). A user named User1 is eligible for the Billing administrator role. You need to ensure that the role can only be used for a maximum of two hours. What should you do?
HOTSPOT You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as shown in the following table. You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6. Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You have an Azure key vault named KeyVault1 that contains the items shown in the following table. In KeyVault1 the following events occur in sequence: • item is deleted. • ltem2 and Policy1 are deleted. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
From Azure Security, you create a custom alert rule. You need to configure which users will receive an email message when the alert is triggered. What should you do?
You have an Azure subscription that uses Microsoft Defender for Cloud. You have accounts for the following cloud services: • Alibaba Cloud • Amazon Web Services (AWS) • Google Cloud Platform (GCP) What can you add to Defender for Cloud?
You have an Azure subscription that uses Microsoft Defender for Cloud. You have an Amazon Web Services (AWS) account. You need to ensure that when you deploy a new AWS Elastic Compute Cloud (EC2) instance, the Microsoft Defender for Servers agent installs automatically. What should you configure first?
SIMULATION You need to ensure that User2-11641655 has all the key permissions for KeyVault11641655. To complete this task, sign in to the Azure portal and modify the Azure resources.
You have an Azure subscription that contains the virtual networks shown in the following table. The subscription contains the virtual machines shown in the following table. On NIC1, you configure an application security group named ASG1. On which other network interfaces can you configure ASG1?
You are configuring and securing a network environment. You deploy an Azure virtual machine named VM1 that is configured to analyze network traffic. You need to ensure that all network traffic is routed through VM1. What should you configure?

Question 321

Report
Export
Collapse

You have an Azure subscription that contains an Azure key vault.

You need to configure maximum number of days for Which new keys are valid. The solution must minimize administrative effort. What should you use?

A.
Key Vault properties
A.
Key Vault properties
Answers
B.
Azure Policy
B.
Azure Policy
Answers
C.
Azure Purview
C.
Azure Purview
Answers
D.
Azure Blueprints
D.
Azure Blueprints
Answers
Suggested answer: B

Question 322

Report
Export
Collapse

You have an Azure key vault named Vault1 that stores the resources shown in the following table.

Which resources support the creation of a rotation policy?

A.
Key 1 only
A.
Key 1 only
Answers
B.
Cert1 only
B.
Cert1 only
Answers
C.
Key1 and Secret1 only
C.
Key1 and Secret1 only
Answers
D.
Key1 and Cert1 only
D.
Key1 and Cert1 only
Answers
E.
Secret1 and Cert1 only
E.
Secret1 and Cert1 only
Answers
F.
Key1, Secret1, and Cert1
F.
Key1, Secret1, and Cert1
Answers
Suggested answer: A

Question 323

Report
Export
Collapse

You have an Azure subscription that contains an Azure SQL server named SQL1. SQL1 contains. You need to use Microsoft Defender for Cloud to complete a vulnerability assessment for DB1. What should you do first?

A.
From Advanced Threat Protection types, select SQL injection vulnerability.
A.
From Advanced Threat Protection types, select SQL injection vulnerability.
Answers
B.
Configure the Send scan report to setting.
B.
Configure the Send scan report to setting.
Answers
C.
Set Periodic recurring scans to ON.
C.
Set Periodic recurring scans to ON.
Answers
D.
Enable the Microsoft Defender for SQL plan.
D.
Enable the Microsoft Defender for SQL plan.
Answers
Suggested answer: A

Question 324

Report
Export
Collapse

You have an Azure AD tenant that contains 500 users and an administrative unit named AU1.

From the Azure Active Directory admin center, you plan to add the users to AU1 by using Bulk add members. You need to create and upload a file for the bulk add.

What should you include in the file?

A.
only the display name of each user
A.
only the display name of each user
Answers
B.
only the user principal name (UPN) of each user
B.
only the user principal name (UPN) of each user
Answers
C.
only the object identifier of each user
C.
only the object identifier of each user
Answers
D.
only the user principal name (UPN) and object identifier of each user
D.
only the user principal name (UPN) and object identifier of each user
Answers
E.
Only the user principal name (UPN) and display name of each user
E.
Only the user principal name (UPN) and display name of each user
Answers
Suggested answer: E

Question 325

Report
Export
Collapse

You have an Azure subscription that contains a user named User1. You need to ensure that User1 can create managed identities. The solution must use the principle of least privilege. What should you do?

A.
Create a resource group and assign User1 to the Managed Identity Contributor role.
A.
Create a resource group and assign User1 to the Managed Identity Contributor role.
Answers
B.
Create a management group and assign User1 the Managed Identity Operator role.
B.
Create a management group and assign User1 the Managed Identity Operator role.
Answers
C.
Create an organizational unit (OU) and assign User1 the User administrator Azure AD role.
C.
Create an organizational unit (OU) and assign User1 the User administrator Azure AD role.
Answers
D.
Create management group and assign User1 the Hybrid Identity Administrator Azure AD role.
D.
Create management group and assign User1 the Hybrid Identity Administrator Azure AD role.
Answers
Suggested answer: A

Question 326

Report
Export
Collapse

You have an on-premises network and an Azure subscription.

You have the Microsoft SQL Server instances shown in the following table.

You plan to implement Microsoft Defender for SQL.

Which SQL Server instances will be protected by Microsoft Defender for SQL?

A.
sql1 and sql2 only
A.
sql1 and sql2 only
Answers
B.
sql1, sql2, andsql3 only
B.
sql1, sql2, andsql3 only
Answers
C.
sql1 sql2 and so.14 only
C.
sql1 sql2 and so.14 only
Answers
D.
sql1, sql2, sql3, and sql4
D.
sql1, sql2, sql3, and sql4
Answers
Suggested answer: D

Question 327

Report
Export
Collapse

You have an Azure subscription that contains an Azure Data Lake Storage Gen2 account named storage1. You deploy an Azure Synapse Analytics workspace named synapsews1 to a managed virtual network. You need to enable access from synapsews1 to storage1. What should you configure?

A.
a virtual network gateway
A.
a virtual network gateway
Answers
B.
a network security group (NSG)
B.
a network security group (NSG)
Answers
C.
a private endpoint
C.
a private endpoint
Answers
D.
peering
D.
peering
Answers
Suggested answer: C

Question 328

Report
Export
Collapse

You have an Azure subscription.

You create a new virtual network named VNet1.

You plan to deploy an Azure web app named App1 that will use VNet1 and will be reachable by using private IP addresses. The solution must support inbound and outbound network traffic. What should you do?

A.
Create an Azure App Service Hybrid Connection.
A.
Create an Azure App Service Hybrid Connection.
Answers
B.
Configure regional virtual network integration.
B.
Configure regional virtual network integration.
Answers
C.
Create an App Service Environment
C.
Create an App Service Environment
Answers
D.
Create an Azure application gateway.
D.
Create an Azure application gateway.
Answers
Suggested answer: D

Question 329

Report
Export
Collapse

You have an Azure subscription that contains an instance of Azure Firewall Standard named AzFWL

You need to identify whether you can use the following features with AzFW1:

• TLS inspection

• Threat intelligence

• The network intrusion detection and prevention systems (IDPS)

What can you use?

A.
TLS inspection only
A.
TLS inspection only
Answers
B.
threat intelligence only
B.
threat intelligence only
Answers
C.
TLS inspection and the IDPS only
C.
TLS inspection and the IDPS only
Answers
D.
threat intelligence and the IDPS only
D.
threat intelligence and the IDPS only
Answers
E.
TLS inspection, threat intelligence, and the IDPS
E.
TLS inspection, threat intelligence, and the IDPS
Answers
Suggested answer: E

Question 330

Report
Export
Collapse

You have an Azure subscription that contains a storage account named storage1 and a virtual machine named VM1. VM1 is connected to a virtual network named VNet1 that contains one subnet and uses Azure DNS.

You need to ensure that VM1 connects to storage! by using a private IP address. The solution must minimize administrative effort. What should you do?

A.
For storage1, disable public network access.
A.
For storage1, disable public network access.
Answers
B.
Create an Azure Private DNS zone.
B.
Create an Azure Private DNS zone.
Answers
C.
On VNet1. create a new subnet.
C.
On VNet1. create a new subnet.
Answers
D.
For storage1, create a new private endpoint.
D.
For storage1, create a new private endpoint.
Answers
Suggested answer: D
Total 439 questions
Go to page: of 44
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms