Microsoft AZ-500 Practice Test - Questions Answers, Page 43
Question list
List of questions
Related questions
You have an Azure subscription that contains the virtual machines shown in the following table.
You are configuring Microsoft Defender for Servers.
You plan to enable adaptive application controls to create an allowlist of known-safe apps on the virtual machines. Which virtual machines support the use of adaptive application controls?
HOTSPOT
You have a hybrid Microsoft Entra tenant named contoso.com that contains a user named Used and the servers shown in the following table.
The tenant is linked to an Azure subscription that contains a storage account named storage1. The storage1 account contains a file share named share1.
User1 is assigned the Storage File Data SMB Share Contributor role for storage1.
The Security protocol settings for the file shares of storage1 are configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
HOTSPOT
You have a Microsoft Entra tenant that contains the users shown in the following table.
You configure a Conditional Access policy that has the following settings:
* Name: CAPolicy1
* Assignments
o Users or workload identities: Group1
o Target resources: All cloud apps
* Access controls
o Grant access: Require multifactor authentication
From Microsoft Authenticator settings for the tenant, the Enable and Target settings are configured as shown in the Enable and Target exhibit. (Click the Enable and Target tab.)
From Microsoft Authenticator settings for the tenant, the Configure settings are configured as shown in the Configure exhibit. (Click the Configure tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a virtual network named VNet1. The subscription contains an Azure App Service web app named App1.
You have an Azure Front Door profile named AFD1 that has an Azure Web Application Firewall (WAF) policy.
You need to ensure that all inbound traffic to App1 is filtered through AFD1.
What should you do?
For VNet1, configure network security group (NSG) rules.
For App1, configure the HTTP headers filter settings.
For App1, enable virtual network integration.
Configure Microsoft Entra application proxy.
You have an Azure subscription that contains a managed identity named Identity1 and the Azure key vaults shown in the following table.
Key Vault1 contains an access policy that grants Identity1 the following key permissions:
* Get
* List
* Wrap
* Unwrap
You need to provide Identity1 with the same permissions for KeyVault2. The solution must use the principle of least privilege.
Which role should you assign to Identity1?
Key Vault Crypto Service Encryption User
Key Vault Crypto User
Key Vault Reader
Key Vault Crypto Officer
HOTSPOT
You have a Microsoft Entra tenant named contoso.com.
You collaborate with a partner organization that has a Microsoft Entra tenant named fabrikam.com. Fabrikam.com has multi-factor authentication (MFA) enabled for all users.
Contoso.com has the Cross-tenant access settings configured as shown in the Cross-tenant access settings exhibit. (Click the Cross-tenant access settings:
Contoso.com has the External collaboration settings configured as shown in the External collaboration settings exhibit. (Click the External collaboration settings tab.)
You create a Conditional Access policy that has the following settings:
* Name: CAPolicy1
* Assignments
o Guest or external users: B2B collaboration guest users
o Target resources
Include: All cloud apps o Access controls
Grant access
Require device to be marked as compliant
Require multi-factor authentication
Enable policy: On
For each of the following statements, select Yes if the statement is true, otherwise select No.
NOTE: Each correct section is worth one point.
HOTSPOT
Your network contains an on-premises Active Directory domain named adatum.com that syncs to a Microsoft Entra tenant.
The Microsoft Entra tenant contains the users shown in the following table.
You configure the Microsoft Entra Password Protection settings for adatum.com as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have a Microsoft Entra tenant that contains three users named User1, User2, and User3.
You configure Microsoft Entra Password Protection as shown in the following exhibit.
The users perform the following tasks:
* User1 attempts to reset her password to COntOsO
* User2 attempts to reset her password to F@brikamHQ
* User3 attempts to reset her password to PrOduct123.
Which password reset attempts fail?
User1 only
User2only
User3 only
User1 and User3 only
User1, User2, and User3
You have an Azure subscription that contains an Azure key vault named Vault1 and a virtual machine named VM1. VM1 has the Key Vault VM extension installed.
For Vault1, you rotate the keys, secrets, and certificates.
What will be updated automatically on VM1?
the keys only
the secrets only
the certificates only
the keys and secrets only
the secrets and certificates only
the keys, secrets, and certificates
HOTSPOT
You have an Azure subscription.
You plan to deploy the virtual machines shown in the following table.
You need to identify the virtual machines and operating systems that can be deployed as confidential virtual machines?
Which Windows virtual machines and which Linux virtual machines should you identify?
Question