ExamGecko
Search Search Login
Home Home / Microsoft / AZ-500

Microsoft AZ-500 Practice Test - Questions Answers, Page 41

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Simulation LAB Task 1 You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.
You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM). A user named User1 is eligible for the Billing administrator role. You need to ensure that the role can only be used for a maximum of two hours. What should you do?
HOTSPOT You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as shown in the following table. You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6. Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You have an Azure key vault named KeyVault1 that contains the items shown in the following table. In KeyVault1 the following events occur in sequence: • item is deleted. • ltem2 and Policy1 are deleted. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You are configuring and securing a network environment. You deploy an Azure virtual machine named VM1 that is configured to analyze network traffic. You need to ensure that all network traffic is routed through VM1. What should you configure?
From Azure Security, you create a custom alert rule. You need to configure which users will receive an email message when the alert is triggered. What should you do?
HOTSPOT You have an Azure key vault. You need to delegate administrative access to the key vault to meet the following requirements: Provide a user named User1 with the ability to set advanced access policies for the key vault. Provide a user named User2 with the ability to add and delete certificates in the key vault. Use the principle of least privilege. What should you use to assign access to each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Simulation LAB Task 6 You need to configure a Microsoft SQL server named Web3l 330471 only to accept connections from the Subnet0 subnet on the VNET01 virtual network.
You have an Azure subscription that uses Microsoft Defender for Cloud. You have accounts for the following cloud services: • Alibaba Cloud • Amazon Web Services (AWS) • Google Cloud Platform (GCP) What can you add to Defender for Cloud?
SIMULATION You need to ensure that User2-11641655 has all the key permissions for KeyVault11641655. To complete this task, sign in to the Azure portal and modify the Azure resources.

Question 401

Report
Export
Collapse

DRAG DROP

You have an Azure subscription.

You create an Azure Firewall policy that has the rules shown in the following table:

In which order should the rules be processed? To answer, move all rules from the list of rules to the answer area and arrange them in the correct order.

Question 401
Correct answer: Question 401

Explanation:

Rule 1

Rule 2

Rule 3

Rule 4

Rule 5


Question 402

Report
Export
Collapse

You have an Azure subscription that contains an Azure Data Lake Storage account named sa1.

You plan to deploy an app named Appl that will access sa1 and perform operations, including Read. List, Create Directory, and Delete Directory.

You need to ensure that Appl can connect securely to sa1 by using a private endpoint

What is the minimum number of private endpoints required for sa1 ?

A.
1
A.
1
Answers
B.
2
B.
2
Answers
C.
3
C.
3
Answers
D.
4
D.
4
Answers
E.
5
E.
5
Answers
Suggested answer: A

Explanation:

A private endpoint is a network interface that connects you privately and securely to a service that's powered by Azure Private Link. By enabling a private endpoint, you're bringing the service into your virtual network. You only need one private endpoint for each service that you want to access privately, such as Azure Data Lake Storage. You can create a private endpoint for your Azure Data Lake Storage account named sa1 by following the steps inthis article.

What is a private endpoint? - Azure Private Link

Private Endpoints for Azure Storage are now Generally Available

Step-by-Step: How to Configure a Private Endpoint to Secure Azure ...

Question 403

Report
Export
Collapse

HOTSPOT

You have an Azure subscription named Sub1 that contains the resources shown in the following table.

You need to enable Microsoft Defender for Cloud for storage accounts and virtual machines.

At which levels can you enable Defender for Cloud for the storage accounts and the virtual machines? To answer, select the appropriate options in the answer area

NOTE: Each correct selection is worth one point


Question 403
Correct answer: Question 403

Question 404

Report
Export
Collapse

HOTSPOT

You have an Azure AD tenant that contains the groups shown in the following table.

You assign licenses to the groups as shown in the following table.

On May1, you delete Group1. Group2, and Group3.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 404
Correct answer: Question 404

Question 405

Report
Export
Collapse

You have an Azure subscription that is linked to an Azure AD tenant and contains the resources shown in the following table.

Which resources can be assigned the Contributor role for VM1?

A.
Managed1 and App1 only
A.
Managed1 and App1 only
Answers
B.
Group1 and Managed1 only
B.
Group1 and Managed1 only
Answers
C.
Group1. Managed1, and VM2only
C.
Group1. Managed1, and VM2only
Answers
D.
Group1, Managed1, VM1. and App1 only
D.
Group1, Managed1, VM1. and App1 only
Answers
Suggested answer: A

Question 406

Report
Export
Collapse

DRAG DROP

You have an on-premises datacenter.

You have an Azure subscription that contains a virtual machine named VM1. VM1 is connected to a virtual network named VNet1. VNet1 is connected to the on-premises datacenter by using a Site-to-Site (S2S) VPN.

You plan to create an Azure storage account named storage1 and deploy an Azure web app named App1.

You need to ensure that network communication to each resource meets the following requirements:

* Connections to App1 must be allowed only from corporate network NAT addresses.

* Connections from VNet1 to storage1 must use the Microsoft backbone network.

* The solution must minimize costs.

What should you configure for each resource? To answer, drag the appropriate components to the correct resources. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.


Question 406
Correct answer: Question 406

Question 407

Report
Export
Collapse

You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.

You need to use the automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry.

What should you create?

A.
an Azure AD user
A.
an Azure AD user
Answers
B.
a secret in Azure Key Vault
B.
a secret in Azure Key Vault
Answers
C.
an Azure AD group
C.
an Azure AD group
Answers
D.
a role assignment
D.
a role assignment
Answers
Suggested answer: D

Question 408

Report
Export
Collapse

You have an Azure subscription named Sub1. Sub1 contains a virtual network named VNet1 that contains one subnet named Subnet1.

Subnet1 contains an Azure virtual machine named VM1 that runs Ubuntu Server 20.04.

You create a service endpoint for Microsoft. Storage in Subnet1.

You need to ensure that when you deploy Docker containers to VM1, the containers can access Azure Storage resources by using the service endpoint.

What should you do on VM1 before you deploy the container?

A.
Create an application security group and a network security group (NSG).
A.
Create an application security group and a network security group (NSG).
Answers
B.
Install the container network interface (CNI) plug-in.
B.
Install the container network interface (CNI) plug-in.
Answers
C.
Edit the docker-compose.ym1 file.
C.
Edit the docker-compose.ym1 file.
Answers
Suggested answer: B

Question 409

Report
Export
Collapse

You have an Azure subscription that uses Microsoft Defender for Cloud.

You have an Amazon Web Services (AWS) account.

You need to add the AWS account to Defender for Cloud.

What should you do first?

A.
From the Azure portal, add the AWS enterprise application.
A.
From the Azure portal, add the AWS enterprise application.
Answers
B.
From the AWS account, enable a security hub.
B.
From the AWS account, enable a security hub.
Answers
C.
From Defender for Cloud, configure the Security solutions settings.
C.
From Defender for Cloud, configure the Security solutions settings.
Answers
D.
From Defender for Cloud, configure the Environment settings.
D.
From Defender for Cloud, configure the Environment settings.
Answers
Suggested answer: D

Question 410

Report
Export
Collapse

HOTSPOT

You have a Microsoft Entra tenant that contains the users shown in the following table.

You configure the Temporary Access Pass settings as shown in the following exhibit.

You add the Temporary Access Pass authentication method to Admin2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.


Question 410
Correct answer: Question 410
Total 439 questions
Go to page: of 44
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms