ExamGecko
Search Search Login
Home Home / Microsoft / AZ-500

Microsoft AZ-500 Practice Test - Questions Answers, Page 8

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Simulation LAB Task 1 You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.
You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM). A user named User1 is eligible for the Billing administrator role. You need to ensure that the role can only be used for a maximum of two hours. What should you do?
HOTSPOT You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as shown in the following table. You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6. Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You have an Azure key vault named KeyVault1 that contains the items shown in the following table. In KeyVault1 the following events occur in sequence: • item is deleted. • ltem2 and Policy1 are deleted. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have an Azure subscription that uses Microsoft Defender for Cloud. You have accounts for the following cloud services: • Alibaba Cloud • Amazon Web Services (AWS) • Google Cloud Platform (GCP) What can you add to Defender for Cloud?
You are configuring and securing a network environment. You deploy an Azure virtual machine named VM1 that is configured to analyze network traffic. You need to ensure that all network traffic is routed through VM1. What should you configure?
From Azure Security, you create a custom alert rule. You need to configure which users will receive an email message when the alert is triggered. What should you do?
HOTSPOT You have an Azure key vault. You need to delegate administrative access to the key vault to meet the following requirements: Provide a user named User1 with the ability to set advanced access policies for the key vault. Provide a user named User2 with the ability to add and delete certificates in the key vault. Use the principle of least privilege. What should you use to assign access to each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You have an Azure subscription that contains the virtual networks shown in the following table. NSG1 and NSG2 both have default rules only. The subscription contains the virtual machines shown in the following table. The subscription contains the web apps shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Simulation LAB Task 6 You need to configure a Microsoft SQL server named Web3l 330471 only to accept connections from the Subnet0 subnet on the VNET01 virtual network.

Question 71

Report
Export
Collapse

You have an Azure subscription that contains as Azure key vault and an Azure Storage account. The key vault contains customer-managed keys. The storage account is configured to use the customer-managed keys stored in the key vault.

You plan to store data in Azure by using the following services:

Azure Files

Azure Blob storage

Azure Log Analytics

Azure Table storage

Azure Queue storage

Which two services support data encryption by using the keys stored in the key vault? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

A.
Table storage
A.
Table storage
Answers
B.
Azure Files
B.
Azure Files
Answers
C.
Blob storage
C.
Blob storage
Answers
D.
Queue storage
D.
Queue storage
Answers
Suggested answer: B, C

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption

Question 72

Report
Export
Collapse

DRAG DROP

You have an Azure subscription.

You plan to create a storage account.

You need to use customer-managed keys to encrypt the tables in the storage account.

From Azure Cloud Shell, which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.


Question 72
Correct answer: Question 72

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-configure-key-vault?tabs=powershell

Question 73

Report
Export
Collapse

HOTSPOT

You have an Azure subscription that contains the following resources:

An Azure key vault

An Azure SQL database named Database1

Two Azure App Service web apps named AppSrv1 and AppSrv2 that are configured to use system-assigned managed identities and access Database1

You need to implement an encryption solution for Database1 that meets the following requirements:

The data in a column named Discount in Database1 must be encrypted so that only AppSrv1 can decrypt the data. AppSrv1 and AppSrv2 must be authorized by using managed identities to obtain cryptographic keys.

How should you configure the encryption settings for Database1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 73
Correct answer: Question 73

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/azure-sql/database/always-encrypted-azure-key-vault-configure?tabs=azure-powershell

Question 74

Report
Export
Collapse

You have an Azure subscription named Sub1. Sub1 contains a virtual network named VNet1 that contains one subnet named Subnet1. You create a service endpoint for Subnet1.

Subnet1 contains an Azure virtual machine named VM1 that runs Ubuntu Server 18.04.

You need to deploy Docker containers to VM1. The containers must be able to access Azure Storage resources and Azure SQL databases by using the service endpoint. What should you do on VM1 before you deploy the container?

A.
Create an application security group and a network security group (NSG).
A.
Create an application security group and a network security group (NSG).
Answers
B.
Edit the docker-compose.yml file.
B.
Edit the docker-compose.yml file.
Answers
C.
Install the container network interface (CNI) plug-in.
C.
Install the container network interface (CNI) plug-in.
Answers
Suggested answer: C

Explanation:

The Azure Virtual Network container network interface (CNI) plug-in installs in an Azure Virtual Machine. The plug-in supports both Linux and Windows platform. The plug-in assigns IP addresses from a virtual network to containers brought up in the virtual machine, attaching them to the virtual network, and connecting them directly to other containers and virtual network resources. The plug-in doesn’t rely on overlay networks, or routes, for connectivity, and provides the same performance as virtual machines. The following picture shows how the plug-in provides Azure Virtual Network capabilities to Pods:

References:

https://docs.microsoft.com/en-us/azure/virtual-network/container-networking-overview

Question 75

Report
Export
Collapse

You have Azure Resource Manager templates that you use to deploy Azure virtual machines.

You need to disable unused Windows features automatically as instances of the virtual machines are provisioned. What should you use?

A.
device configuration policies in Microsoft Intune
A.
device configuration policies in Microsoft Intune
Answers
B.
an Azure Desired State Configuration (DSC) virtual machine extension
B.
an Azure Desired State Configuration (DSC) virtual machine extension
Answers
C.
application security groups
C.
application security groups
Answers
D.
device compliance policies in Microsoft Intune
D.
device compliance policies in Microsoft Intune
Answers
Suggested answer: B

Explanation:

The primary use case for the Azure Desired State Configuration (DSC) extension is to bootstrap a VM to the Azure Automation State Configuration (DSC) service. The service provides benefits that include ongoing management of the VM configuration and integration with other operational tools, such as Azure Monitoring. Using the extension to register VM's to the service provides a flexible solution that even works across Azure subscriptions.

Reference:

https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview

Question 76

Report
Export
Collapse

You are configuring an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry. You need to use the auto-generated service principal to authenticate to the Azure Container Registry. What should you create?

A.
an Azure Active Directory (Azure AD) group
A.
an Azure Active Directory (Azure AD) group
Answers
B.
an Azure Active Directory (Azure AD) role assignment
B.
an Azure Active Directory (Azure AD) role assignment
Answers
C.
an Azure Active Directory (Azure AD) user
C.
an Azure Active Directory (Azure AD) user
Answers
D.
a secret in Azure Key Vault
D.
a secret in Azure Key Vault
Answers
Suggested answer: B

Explanation:

When you create an AKS cluster, Azure also creates a service principal to support cluster operability with other Azure resources. You can use this auto-generated service principal for authentication with an ACR registry. To do so, you need to create an Azure AD role assignment that grants the cluster's service principal access to the container registry. References: https://docs.microsoft.com/bs-latn-ba/azure/container-registry/container-registry-auth-aks

Question 77

Report
Export
Collapse

You have the Azure virtual machines shown in the following table.

You create an Azure Log Analytics workspace named Analytics1 in RG1 in the East US region.

Which virtual machines can be enrolled in Analytics1?

A.
VM1 only
A.
VM1 only
Answers
B.
VM1, VM2, and VM3 only
B.
VM1, VM2, and VM3 only
Answers
C.
VM1, VM2, VM3, and VM4
C.
VM1, VM2, VM3, and VM4
Answers
D.
VM1 and VM4 only
D.
VM1 and VM4 only
Answers
Suggested answer: A

Explanation:

Note: Create a workspace

In the Azure portal, click All services. In the list of resources, type Log Analytics. As you begin typing, the list filters based on your input. Select Log Analytics. Click Create, and then select choices for the following items:

Provide a name for the new Log Analytics workspace, such as DefaultLAWorkspace. OMS workspaces are now referred to as Log Analytics workspaces. Select a Subscription to link to by selecting from the drop-down list if the default selected is not appropriate. For Resource Group, select an existing resource group that contains one or more Azure virtual machines. Select the Location your VMs are deployed to. For additional information, see which regions Log Analytics is available in. Incorrect Answers:

B, C: A Log Analytics workspace provides a geographic location for data storage. VM2 and VM3 are at a different location. D: VM4 is a different resource group.

References: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/manage-access

Question 78

Report
Export
Collapse

You are testing an Azure Kubernetes Service (AKS) cluster. The cluster is configured as shown in the exhibit. (Click the Exhibit tab.)

You plan to deploy the cluster to production. You disable HTTP application routing.

You need to implement application routing that will provide reverse proxy and TLS termination for AKS services by using a single IP address.

What should you do?

A.
Create an AKS Ingress controller.
A.
Create an AKS Ingress controller.
Answers
B.
Install the container network interface (CNI) plug-in.
B.
Install the container network interface (CNI) plug-in.
Answers
C.
Create an Azure Standard Load Balancer.
C.
Create an Azure Standard Load Balancer.
Answers
D.
Create an Azure Basic Load Balancer.
D.
Create an Azure Basic Load Balancer.
Answers
Suggested answer: A

Explanation:

An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and TLS termination for Kubernetes services. References: https://docs.microsoft.com/en-us/azure/aks/ingress-tls

Question 79

Report
Export
Collapse

DRAG DROP

You have an Azure subscription that contains the virtual networks shown in the following table.

The Azure virtual machines on SpokeVNetSubnet0 can communicate with the computers on the on-premises network.

You plan to deploy an Azure firewall to HubVNet.

You create the following two routing tables:

RT1: Includes a user-defined route that points to the private IP address of the Azure firewall as a next hop address RT2: Disables BGP route propagation and defines the private IP address of the Azure firewall as the default gateway

You need to ensure that traffic between SpokeVNetSubnet0 and the on-premises network flows through the Azure firewall.

To which subnet should you associate each route table? To answer, drag the appropriate subnets to the correct route tables. Each subnet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.


Question 79
Correct answer: Question 79

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal#create-the-routes

Question 80

Report
Export
Collapse

HOTSPOT

You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server 2016.

You need to implement a policy to ensure that each virtual machine has a custom antimalware virtual machine extension installed.

How should you complete the policy? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 80
Correct answer: Question 80

Explanation:

Box 1: DeployIfNotExists

DeployIfNotExists executes a template deployment when the condition is met.

Box 2: Template

The details property of the DeployIfNotExists effects has all the subproperties that define the related resources to match and the template deployment to execute. Deployment [required]

This property should include the full template deployment as it would be passed to the Microsoft.Resources/deployment

References:

https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects

Total 439 questions
Go to page: of 44
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms