Microsoft AZ-500 Practice Test - Questions Answers, Page 39

You have an Azure subscription that contains an Azure Blob storage account bolb1.

You need to configure attribute-based access control (ABAC) for blob1.

Which attributes can you use in access conditions?

You have an Azure subscription that contains the resources show in the following table.

Both VM1 and VM2 connect to VNET1 and are configured to use NSG1.

You need to ensure that only VM1 and VM2 can access DB1.

What should you do?

DRAG DROP

You have an Azure subscription.

You plan to implement Azure DDoS Protection. The solution must meet the following requirement:

* Provide access to DDoS rapid response support during active attacks.

* Project Basic SKU public IP addresses.

You need to recommend which type of DDoS projection to use for each requirement.

What should you recommend? To answer, drag the appropriate DDoS projection types to the correct

requirements. Each DDoS Projection type may be used once, or not at all. You may need to drag the

split bar between panes or scroll to view connect.

NOTE: Each correct selection is worth one point.

Answer:

HOTSPOT

You have an Azure subscription that contains a user named User1. User1 is assigned the Reader role for the subscription.

You plan to create a custom role named Role1 and assign Role1 to User1.

You need to ensure that User1 can create and manage application security groups by using the Azure portal.

Which two permissions should you add to Role1? To answer, select the appropriate permission in the answer area.

NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains an Azure web app named 1 and a virtual machine named VM1. VM1 runs Microsoft SQL Server and is connected to a virtual network named VNet1.

App1, VM1, and Vent are in the US Central Azure region.

You need to ensure that App1 can connect to VM1. The solution must minimize costs.

You have an Azure subscription that contains a storage account and an Azure web app named App1.

App1 connects to an Azure Cosmos DB database named Cosmos1 that uses a private endpoint named Endpoint1. Endpoint1 has the default settings.

You need to validate the name resolution to Cosmos1.

Which DNS zone should you use?

You have an Azure subscription that contains the subnets shown in the following table.

The subscription contains Azure web app named WebApp1 that has the following configurations.

* Region West Us

* Virtual network VNet1

* VNet integration on: Enabled

* Outbound subnet: Subnet11

* Windows plan (West US): ASP1

You plan to deploy an Azure web app named WebApp2 that will have the following settings:

* Region: West US

* VNet integration on-Enabled

* Windows plan (West UAS): WebApp2?

To which subnets can you integrate WebApp2?

You have an Azure AD turned that contains a user named User1.

You purchase an App named App1.

User1 needs to publish App1 by using Azure AD Application Proxy.

Which role should you assign to User1?

DRAG DROP

You have an Azure subscription named Sub1 that contains the storage accounts shown in the following table

The storage3 storage account is encrypted by using customer-managed keys.

YOU need to enable Microsoft Defender for storage to meet the following requirements.

* The storage1 and storage2 account must be include in the defender for storage requirement.

* The storage3 account must be exclude from the Defender for Storage protections.

Which three actions should you perform in sequence? To answer, move the appropriate actions from

the list of actions to the answer area and them in the correct order.