Microsoft AZ-500 Practice Test - Questions Answers, Page 44

You have an Azure subscription named Subscription1 that is linked to a Microsoft Entra tenant named contoso.com and a resource group named RG1.

You create a custom role named Role1 in contoso.com.

Where can you use Role1 for permission delegation?

You have an Azure subscription that contains a SQL Server on Azure Virtual Machines instance named SQt1 and a Microsoft Sentinel workspace named Sentinel1.

You need to monitor security incidents on SQL1 by using Sentinel1.

What should you do first?

You have an Azure subscription that contains an Azure App Service app named App1, an Azure container instance named AC1. and a storage account named storage1. AC1 hosts an app named App2.

Users send requests to App1 by using a URL of https:/app1.contoso.com/echo/resource-cache? param1 =sample. App1 calls App2. which retrieves data from storage1.

You need to ensure that a security alert will be generated when connections are detected from anomalous IP addresses. Which Microsoft Defender for Cloud service should you use?

HOTSPOT

You have an Azure subscription that contains the virtual networks shown in the following table.

The subscription contains the subnets shown in the following table.

You plan to create an Azure web app named WebApp2 that will have the following configurations:

* Region: East US

* VNet integration: Enabled

* Scale out; Autoscale to up to 10 instances

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

HOTSPOT

Your on-premises network contains an Active Directory Domain Services (AD DS) domain and the devices shown in the following table.

You have a hybrid Microsoft Entra tenant that contains a synced user named User1.

You have an Azure subscription that contains the Azure Files shares shown in the following table.

Used is assigned the Storage File Data SMB Share Contributor role tor storage1 and storage2.

The Security settings for Share! are configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise. Select No.

NOTE: Each correct selection is worth one point.

You have an Azure subscription. The subscription contains a virtual network named VNet1 that contains the subnets shown in the following table.

The subscription contains the function apps shown in the following table.

The outbound traffic of which app is controlled by using NSG1?

You have an Azure subscription that contains an Azure Kubernetes Service (AKS) cluster named AKS1.

You have an Azure container registry that stores container images that were deployed by using Azure DevOps Microsoft-hosted agents.

You need to ensure that administrators can access AKS1 only from specific networks. The solution must minimize administrative effort.

What should you configure for AKS1?

HOTSPOT

You have an Azure subscription.

You plan to deploy a virtual machine named VM1.

You need to use confidential disk encryption on VM1.

Which virtual machine series should you use for VM1, and which type of disks can be encrypted by using confidential disk encryption? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.