Ask Question
Microsoft AZ-500 Practice Test - Questions Answers, Page 29
List of questions
Question 281
HOTSPOT
You have an Azure subscription that contains the storage accounts shown in the following table.
You need to configure authorization access.
Which authorization types can you use for each storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/storage/common/authorize-data-access 0CB84EF020870C137158A568970423A4
Question 282
HOTSPOT
You have an Azure subscription that contains an Azure SQL database named SQL1.
You plan to deploy a web app named App1.
You need to provide App1 with read and write access to SQL1. The solution must meet the following requirements:
Provide App1 with access to SQL1 without storing a password.
Use the principle of least privilege. Minimize administrative effort.
Which type of account should App1 use to access SQL1, and which database roles should you assign to App1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:
https://docs.microsoft.com/en-us/azure/app-service/tutorial-connect-msi-sql-database?tabs=windowsclient%2Cdotnet
Question 283
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that contains two users named User1 and User2 and a registered app named App1. You create an app-specific role named Role1.
You need to assign Role1 to User1 and enable User2 to request access to App1.
Which two settings should you modify? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Roles and administrators
Here you will find Role1 and be able to assign User1 to the role.
Box 2: Self Service
Under Self Service, there is an option to “Allow users to request access to this application”.
Question 284
You have an Azure subscription that contains the resources shown in the following table.
You plan to deploy the virtual machines shown in the following table.
You need to assign managed identities to the virtual machines. The solution must meet the following requirements:
Assign each virtual machine the required roles. Use the principle of least privilege.
What is the minimum number of managed identities required?
Explanation:
We have two different sets of required permissions. VM1 and VM2 have the same permission requirements. VM3 and VM4 have the same permission requirements.
A user-assigned managed identity can be assigned to one or many resources. By using user-assigned managed identities, we can create just two managed identities: one with the permission requirements for VM1 and VM2 and the other with the permission requirements for VM3 and VM4.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
Question 285
SIMULATION
You need to ensure that a user named user2-12345678 can manage the properties of the virtual machines in the RG1lod12345678 resource group. The solution must use the principle of least privilege.
To complete this task, sign in to the Azure portal.
Explanation:
Answer: A
Explanation:
1. Sign in to the Azure portal.
2. Browse to Resource Groups.
3. Select the RG1lod12345678 resource group.
4. Select Access control (IAM).
5. Select Add > role assignment.
6. Select Virtual Machine Contributor (you can filter the list of available roles by typing ‘virtual’ in the search box) then click Next.
7. Select the +Select members option and select user2-12345678 then click the Select button.
8. Click the Review + assign button twice.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=current
Question 286
SIMULATION
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password. place your cursor in the Enter password box and click on the password below. Azure Username: Userl [email protected]
Azure Password: GpOAe4@lDg
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab. The following information is for technical support purposes only:
Lab Instance: 28681041
Task 10
You need to create a new Azure AD directory named 28681041.onmicrosoft.com. The new directory must contain a new user named [email protected].
Explanation:
Answer: A
Explanation:
The first step is to create the Azure Active Directory tenant.
To create a new Azure AD directory named 28681041.onmicrosoft.com that contains a new user
named [email protected], you can follow these steps:
In the Azure portal, search for and select Azure Active Directory.
In the left pane, select Domains.
Select Add domain.
In the Add a custom domain pane, enter the following information:
Domain name: Enter the domain name you want to use. For example, 28681041.onmicrosoft.com.
Add domain: Select Add domain.
In the left pane, select Users.
Select New user.
In the New user pane, enter the following information:
User name: Enter the user name you want to use. For example, [email protected].
Name: Enter the name of the user.
Password: Enter a password for the user.
Groups: Select the groups you want the user to be a member of.
Select Create.
You can find more information on these topics in the following Microsoft documentation:
Add a custom domain name to Azure Active Directory
Create a new user in your organization - Azure Active Directory
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-access-create-new-tenant https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory
Question 287
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.
Transparent Data Encryption (TDE) is disabled on SQL1.
You assign policies to the resource groups as shown in the following table.
You plan to deploy Azure SQL databases by using an Azure Resource Manager (ARM) template. The databases will be configured as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Explanation:
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects
Question 288
You have an Azure subscription that contains an Azure SQL database named SQL1 and an Azure key vault namedKeyVault1. KeyVault1 stores the keys shown in the following table. You need to configure Transparent Data Encryption (TDE). TDE will use a customer-managed key for SQL1.
Which keys can you use?
Explanation:
The key must be an asymmetric, RSA or RSA HSM key. The supported key lengths are 2048-bit and 3072-bit.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-overview
Question 289
SIMULATION
You need to create a web app named Intranet12345678 and enable users to authenticate to the web app by using Azure Active Directory (Azure AD). To complete this task, sign in to the Azure portal.
Explanation:
Answer: A
Explanation:
1. In the Azure portal, type App services in the search box and select App services from the search results. 2. Click the Create app service button to create a new app service.
3. In the Resource Group section, click the Create new link to create a new resource group.
4. Give the resource group a name such as Intranet12345678RG and click OK.
5. In the Instance Details section, enter Intranet12345678 in the Name field.
6. In the Runtime stack field, select any runtime stack such as .NET Core 3.1.
7. Click the Review + create button.
8. Click the Create button to create the web app.
9. Click the Go to resource button to open the properties of the new web app.
10.In the Settings section, click on Authentication / Authorization.
11.Click the App Service Authentication slider to set it to On.
12.In the Action to take when request is not authentication box, select Log in with Azure Active Directory. 13.Click Save to save the changes.
Question 290
HOTSPOT
You have an Azure subscription that contains a resource group named RG1. RG1 contains a storage account named storage1.
You have two custom Azure roles named Role1 and Role2 that are scoped to RG1.
The permissions for Role1 are shown in the following JSON code.
The permissions for Role2 are shown in the following JSON code.
You assign the roles to the users shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
15
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
40
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
.png)
Question