Home / Microsoft / AZ-500 / List of questions

Ask Question

Microsoft AZ-500 Practice Test - Questions Answers, Page 7

List of questions

Question 61

You have an Azure web app named WebApp1.

You upload a certificate to WebApp1.

You need to make the certificate accessible to the app code of WebApp1.

What should you do?

Add a user-assigned managed identity to WebApp1.

Add an app setting to the WebApp1 configuration.

Enable system-assigned managed identity for the WebApp1.

Configure the TLS/SSL binding for WebApp1.

Show Answer Comment (0)

Question 62

HOTSPOT

You have the Azure key vaults shown in the following table.

Microsoft AZ-500 image Question 35 87500 10022024015441000000

KV1 stores a secret named Secret1 and a key for a managed storage account named Key1.

You back up Secret1 and Key1.

To which key vaults can you restore each backup? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Microsoft AZ-500 image Question 62 87500 10022024015441000

Show Answer Comment (0)

Correct answer: Microsoft AZ-500 image answer Question 62 87500 10022024015441000

Explanation:

The backups can only be restored to key vaults in the same subscription and same geography. You can restore to a different region in the same geography.

asked 02/10/2024

David Brun

40 questions

Question 63

HOTSPOT

You have an Azure subscription that contains a web app named App1 and an Azure key vault named Vault1.

You need to configure App1 to store and access the secrets in Vault1.

How should you configure App1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Microsoft AZ-500 image Question 63 87501 10022024015441000

Show Answer Comment (0)

Correct answer: Microsoft AZ-500 image answer Question 63 87501 10022024015441000

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet

asked 02/10/2024

Joseph Lewis

50 questions

Question 64

HOTSPOT

You have an Azure key vault named KeyVault1 that contains the items shown in the following table.

Microsoft AZ-500 image Question 37 87502 10022024015441000000

In KeyVault1, the following events occur in sequence:

Item1 is deleted.

Item2 and Policy1 are deleted.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Microsoft AZ-500 image Question 64 87502 10022024015441000

Show Answer Comment (0)

Correct answer: Microsoft AZ-500 image answer Question 64 87502 10022024015441000

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview

asked 02/10/2024

Vaniko Batiashvili

34 questions

Question 65

HOTSPOT

You have an Azure Storage account that contains a blob container named container1 and a client application named App1.

You need to enable App1 access to container1 by using Azure Active Directory (Azure AD) authentication.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Microsoft AZ-500 image Question 65 87503 10022024015441000

Show Answer Comment (0)

Correct answer: Microsoft AZ-500 image answer Question 65 87503 10022024015441000

Explanation:

Reference:

https://azure.microsoft.com/en-in/blog/announcing-the-preview-of-aad-authentication-for-storage/

https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/storage/common/storage-auth-aad-rbac-portal.md

asked 02/10/2024

bebo here

51 questions

Question 66

HOTSPOT

You have an Azure subscription that contains an Azure key vault named ContosoKey1.

You create users and assign them roles as shown in the following table.

Microsoft AZ-500 image Question 39 87504 10022024015441000000

You need to identify which users can perform the following actions:

Delegate permissions for ContsosKey1.

Configure network access to ContosoKey1.

Which users should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Microsoft AZ-500 image Question 66 87504 10022024015441000

Show Answer Comment (0)

Correct answer: Microsoft AZ-500 image answer Question 66 87504 10022024015441000

Explanation:

Reference:

https://docs.microsoft.com/en-gb/azure/key-vault/general/rbac-guide

asked 02/10/2024

Mogamat Davids

42 questions

Question 67

You have an Azure subscription that contains four Azure SQL managed instances.

You need to evaluate the vulnerability of the managed instances to SQL injection attacks.

What should you do first?

Create an Azure Sentinel workspace.

Enable Advanced Data Security.

Add the SQL Health Check solution to Azure Monitor.

Create an Azure Advanced Threat Protection (ATP) instance.

Show Answer Comment (0)

Question 68

DRAG DROP

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains a user named User1.

You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains an Azure Storage account named storage1. Storage1 contains an Azure file share named share1.

Currently, the domain and the tenant are not integrated.

You need to ensure that User1 can access share1 by using his domain credentials.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Microsoft AZ-500 image Question 68 87506 10022024015441000

Show Answer Comment (0)

Correct answer: Microsoft AZ-500 image answer Question 68 87506 10022024015441000

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-enable

asked 02/10/2024

David Rossi

36 questions

Question 69

You have an Azure subscription that contains an Azure SQL database named sql1.

You plan to audit sql1.

You need to configure the audit log destination. The solution must meet the following requirements:

Support querying events by using the Kusto query language.

Minimize administrative effort.

What should you configure?

an event hub

a storage account

a Log Analytics workspace

Show Answer Comment (0)

Question 70

HOTSPOT

You have an Azure subscription that contains the storage accounts shown in the following table.

Microsoft AZ-500 image Question 43 87508 10022024015441000000

You enable Azure Defender for Storage.

Which storage services of storage5 are monitored by Azure Defender for Storage, and which storage accounts are protected by Azure Defender for Storage? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Microsoft AZ-500 image Question 70 87508 10022024015441000

Show Answer Comment (0)

Correct answer: Microsoft AZ-500 image answer Question 70 87508 10022024015441000

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/azure-defender-storage-configure?tabs=azure-security-center

asked 02/10/2024

Nelson Mira

50 questions

Total 442 questions

5 6 7 8 9

Go to page: of 45

Question

Case Study

Question 61 (0)

You have an Azure web app named WebApp1. You upload a certificate to WebApp1. You need to make the certificate accessible to the app code of WebApp1. What should you do?

Question 62 (0)

HOTSPOT You have the Azure key vaults shown in the following table. KV1 stores a secret named Secret1 and a key for a managed storage account named Key1. You back up Secret1 and Key1. To which

Question 63 (0)

HOTSPOT You have an Azure subscription that contains a web app named App1 and an Azure key vault named Vault1. You need to configure App1 to store and access the secrets in Vault1. How should you

Question 64 (0)

HOTSPOT You have an Azure key vault named KeyVault1 that contains the items shown in the following table. In KeyVault1, the following events occur in sequence: Item1 is deleted. Item2 and Poli

Question 65 (0)

HOTSPOT You have an Azure Storage account that contains a blob container named container1 and a client application named App1. You need to enable App1 access to container1 by using Azure Active Di

Question 66 (0)

HOTSPOT You have an Azure subscription that contains an Azure key vault named ContosoKey1. You create users and assign them roles as shown in the following table. You need to identify which use

Question 67 (0)

You have an Azure subscription that contains four Azure SQL managed instances. You need to evaluate the vulnerability of the managed instances to SQL injection attacks. What should you do first?

Question 68 (0)

DRAG DROP Your network contains an on-premises Active Directory domain named contoso.com. The domain contains a user named User1. You have an Azure subscription that is linked to an Azure Active D

Question 69 (0)

You have an Azure subscription that contains an Azure SQL database named sql1. You plan to audit sql1. You need to configure the audit log destination. The solution must meet the following require

Question 70 (0)

HOTSPOT You have an Azure subscription that contains the storage accounts shown in the following table. You enable Azure Defender for Storage. Which storage services of storage5 are monitored b

Related questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure Subscription. The subscription contains 50 virtual machines that run Windows Server 2012 R2 or Windows Server 2016. You need to deploy Microsoft Antimalware to the virtual machines. Solution: You add an extension to each virtual machine. Does this meet the goal?

Simulation LAB Task 1 You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.

You have Azure Resource Manager templates that you use to deploy Azure virtual machines. You need to disable unused Windows features automatically as instances of the virtual machines are provisioned. What should you use?

You are configuring and securing a network environment. You deploy an Azure virtual machine named VM1 that is configured to analyze network traffic. You need to ensure that all network traffic is routed through VM1. What should you configure?

HOTSPOT You have an Azure subscription that contains the resources shown in the following table. Transparent Data Encryption (TDE) is disabled on SQL1. You assign policies to the resource groups as shown in the following table. You plan to deploy Azure SQL databases by using an Azure Resource Manager (ARM) template. The databases will be configured as shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains the Azure virtual machines shown in the following table. You create an MDM Security Baseline profile named Profile1. You need to identify to which virtual machines Profile1 can be applied. Which virtual machines should you identify?

HOTSPOT You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as shown in the following table. You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6. Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You are testing an Azure Kubernetes Service (AKS) cluster. The cluster is configured as shown in the exhibit. (Click the Exhibit tab.) You plan to deploy the cluster to production. You disable HTTP application routing. You need to implement application routing that will provide reverse proxy and TLS termination for AKS services by using a single IP address. What should you do?

HOTSPOT You have an Azure key vault. You need to delegate administrative access to the key vault to meet the following requirements: Provide a user named User1 with the ability to set advanced access policies for the key vault. Provide a user named User2 with the ability to add and delete certificates in the key vault. Use the principle of least privilege. What should you use to assign access to each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

HOTSPOT You have an Azure subscription that contains the following resources: An Azure key vault An Azure SQL database named Database1 Two Azure App Service web apps named AppSrv1 and AppSrv2 that are configured to use system-assigned managed identities and access Database1 You need to implement an encryption solution for Database1 that meets the following requirements: The data in a column named Discount in Database1 must be encrypted so that only AppSrv1 can decrypt the data. AppSrv1 and AppSrv2 must be authorized by using managed identities to obtain cryptographic keys. How should you configure the encryption settings for Database1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Export

with questions and answers will be exported as:

VPLUS file

PDF file (Demo 30 questions)

Highest scored 'comment-votes'

Your question list is being generated. We'll email you once it’s ready.

If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].