Posted in AZ-500 Microsoft Azure Security Technologies az-500 Microsoft Azure Security Technologies azure az-500 azure az-500 dumps azure az-500 exam dumps azure az-500 practice test azure az-500 questions Microsoft Microsoft AZ-500 Microsoft AZ-500 microsoft az-500 azure security technologies microsoft az-500 braindump microsoft az-500 dumps microsoft az-500 exam dumps microsoft az-500 pdf microsoft az-500 practice test microsoft az-500 practice test microsoft az-500 study guide Microsoft Azure Security Engineer Associate Microsoft Role-based

AZ-500: Microsoft Azure Security Technologies – Solution

AZ-500: Microsoft Azure Security Technologies – Solution

Welcome everyone to visit,

I hope everyone gets their wish!!

Today I plan to write some exam details/online exercises/solutions – AZ-500.

First of all, you should understand the AZ-500: Microsoft Azure Security Technologies exam details.

Specifically, you need to understand the powerful functions of Security Technologies (including Manage identity and access, Implement platform protection, Manage security operations, and Secure data and applications).
Thereby improving work efficiency. Let me take you briefly on the details of how to pass the exam, study materials or links, etc.

AZ-500 exam practice questions:

QUESTION 1

You have an Azure subscription that contains a virtual machine named VM1.
You create an Azure key vault that has the following configurations:
Name: Vault5 Region: West US Resource group: RG1
You need to use Vault5 to enable Azure Disk Encryption on VM1. The solution must support backing up VM1 by using
Azure Backup.
Which key vault settings should you configure?

A. Access policies
B. Secrets
C. Keys
D. Locks

Correct Answer: A

References: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault

QUESTION 2

You have an Azure subscription that contains an Azure key vault and an Azure Storage account. The key vault contains
customer-managed keys. The storage account is configured to use the customer-managed keys stored In the key vault.
You plan to store data in Azure by using the following services:

* Azure Files
* Azure Blob storage
* Azure Log Analytics
* Azure Table storage
* Azure Queue storage

Which two services data encryption by using the keys stored in the key vault? Each correct answer presents a complete
solution. NOTE: Each correct selection is worth one point.

A. Queue storage
B. Table storage
C. Azure Files
D. Blob storage

Correct Answer: AD

QUESTION 3

You need to meet the technical requirements for VNetwork1. What should you do first?

A. Create a new subnet on VNetwork1.
B. Remove the NSGs from Subnet11 and Subnet13.
C. Associate an NSG to Subnet12.
D. Configure DDoS protection for VNetwork1.

Correct Answer: A

From scenario: Deploy Azure Firewall to VNetwork1 in Sub2.
The azure firewall needs a dedicated subnet named AzureFirewallSubnet.
References: https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal

QUESTION 4

DRAG-DROP
You are configuring network connectivity for two Azure virtual networks named VNET1 and VNET2.
You need to implement VPN gateways for the virtual networks to meet the following requirements:

1. VNET1 must have six site-to-site connections that use BGP.
2. VNET2 must have 12 site-to-site connections that use BGP.
3. Costs must be minimized.

Which VPN gateway SKU should you use for each virtual network? To answer, drag the appropriate SKUs to the correct
networks. Each SKU may be used once, more than once, or not at all. You may need to drag the split bar between
panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Select and Place:

az-500 questions q4

Correct Answer:

az-500 questions q4-1

QUESTION 5

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create a resource graph and an assignment that is scoped to a management group.
Does this meet the goal?

A. Yes
B. No

Correct Answer: B

Management groups in Microsoft Azure solve the problem of needing to impose governance policy on more than one
Azure subscription simultaneously. However, you need to use an initiative, not a resource graph to bundle the policy
definitions into a group that can be applied to the management group.
References: https://4sysops.com/archives/apply-governance-policy-to-multiple-azure-subscriptions-with-managementgroups/

More free AZ-500 exam practice questions for free download: https://drive.google.com/file/d/1SpYwEOBd6fFkhoTXuOfe5c7jYjg_B6Pj/view?usp=sharing

Prepare:

  1. Learn through Microsoft Event:

There are many resources to prepare for this exam, but the best I can find is a Microsoft Event or a webinar.
There are two advantages to participating in this event.

  • You will prepare for the exam for free, covering every topic.
  • You will get an exam voucher or coupon, which can be used when arranging the exam. This coupon provides you with a 100% discount on exam fees, and you can only use one coupon once. Therefore, basically, you do not need to pay any fees/fees for the exam.

2. Learn through the Microsoft Learning Path:

Although you participated in a Microsoft event, you may want to re-examine your knowledge or skills. In this case, the Microsoft learning path is the best. There are two ways to follow this learning path.

  1. Free online: Here you can learn at your own pace – Microsoft Learning Path for AZ-500
  2. Instructor Guidance-Paid
  3. Exam exercises: After you take the Microsoft Event or take the exam through the Microsoft Learning Path, you may want to practice the test questions. Find links to practice questions below:

https://www.lead4pass.com/az-500.html
On this website, you can get the latest updated AZ-500 exam dump. All questions can be used to practice the exam and its answers. Most of the questions actually come from the exam.

https://www.facebook.com/ExamcoopM
If you want to get the latest practice questions anytime, anywhere, you can go to the link above. There are exam questions-answers.

Exam format:

  • Number of questions: Most Microsoft certification exams usually contain 40-60 questions; however, the number may vary from exam to exam
  • Including: single selection, multiple selection, matching, selecting the appropriate option from the drop-down list, the necessary sequence of operations to perform a specific task, etc.
  • Duration: 60 minutes
  • Minimum score required to pass the exam: 700
  • The score is calculated in the range of 0-1000. So in short, you need to get a score of 70% to pass this exam.
  • The exam is conducted on the Pearson VUE application.
  • After the exam is over, you will immediately see your scorecard on the screen, and you will also receive it by mail.
  • The certificate is generated in your Microsoft account dashboard (the account you used to register for the exam)-the certificate section. From here you can download the certificate in pdf format.

Posted in AZ-500 Microsoft Azure Security Technologies azure az-500 azure az-500 dumps azure az-500 exam dumps azure az-500 practice test azure az-500 questions Microsoft Microsoft AZ-500 microsoft az-500 dumps microsoft az-500 pdf microsoft az-500 practice test Microsoft Azure Security Engineer Associate

[September 2020] New Microsoft AZ-500 Brain dumps and online practice tests are shared from Lead4Pass (latest Updated)

The latest Microsoft AZ-500 dumps by Lead4Pass helps you pass the AZ-500 exam for the first time! Lead4Pass Latest Update Microsoft AZ-500 VCE Dump and AZ-500 PDF Dumps, Lead4Pass AZ-500 Exam Questions Updated, Answers corrected! Get the latest LeadPass AZ-500 dumps with Vce and PDF: https://www.lead4pass.com/az-500.html (Q&As: 203 dumps)

[Free AZ-500 PDF] Microsoft AZ-500 Dumps PDF can be collected on Google Drive shared by Lead4Pass: https://drive.google.com/file/d/1zbpomewbVYQK6t2wFwxYtIyde1qhArS6/

[Lead4pass AZ-500 Youtube] Microsoft AZ-500 Dumps can be viewed on Youtube shared by Lead4Pass.

Microsoft AZ-500 Online Exam Practice Questions

QUESTION 1
You have an Azure subscription that contains 100 virtual machines. Azure Diagnostics is enabled on all the virtual
machines.
You are planning the monitoring of Azure services in the subscription.
You need to retrieve the following details:
Identify the user who deleted a virtual machine three weeks ago.
Query the security events of a virtual machine that runs Windows Server 2016.
What should you use in Azure Monitor? To answer, drag the appropriate configuration settings to the correct details.
Each configuration setting may be used once, more than once, or not at all. You may need to drag the split bar between
panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

lead4pass az-500 exam questions q1

QUESTION 2
You have an Azure subscription that contains the virtual machines shown in the following table.

lead4pass az-500 exam questions q2

On which virtual machines is the Log Analytics agent installed?
A. VM3 only
B. VM1 and VM3 only
C. VM3 and VM4 only
D. VM1, VM2, VM3, and VM4
Correct Answer: D
When automatic provisioning is On, Security Center provisions the Log Analytics Agent on all supported Azure VMs and
any new ones that are created.
Supported Operating systems include: Ubuntu 14.04 LTS (x86/x64), 16.04 LTS (x86/x64), and 18.04 LTS (x64) and
Windows Server 2008 R2, 2012, 2012 R2, 2016, version 1709 and 1803
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection

QUESTION 3
You have an Azure key vault.
You need to delegate administrative access to the key vault to meet the following requirements:
Provide a user named User1 with the ability to set advanced access policies for the key vault.
Provide a user named User2 with the ability to add and delete certificates in the key vault. Use the principle of least privilege.
What should you use to assign access to each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

lead4pass az-500 exam questions q3

Correct Answer:

lead4pass az-500 exam questions q3-1

User1: RBAC
RBAC is used as the Key Vault access control mechanism for the management plane. It would allow a user with the
proper identity to:
set Key Vault access policies
create, read, update, and delete key vaults
set Key Vault tags
Note: Role-based access control (RBAC) is a system that provides fine-grained access management of Azure
resources. Using RBAC, you can segregate duties within your team and grant only the amount of access to users that
they need to
perform their jobs.
User2: A key vault access policy
A key vault access policy is the access control mechanism to get access to the key vault data plane. Key Vault access
policies grant permissions separately to keys, secrets, and certificates.
References: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault

QUESTION 4
You need to configure WebApp1 to meet the data and application requirements.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct
selection is worth one point.
A. Upload a public certificate.
B. Turn on the HTTPS Only protocol setting.
C. Set the Minimum TLS Version protocol setting to 1.2.
D. Change the pricing tier of the App Service plan.
E. Turn on the Incoming client certificates protocol setting.
Correct Answer: AC
A: To configure Certificates for use in Azure Websites Applications you need to upload a public Certificate.
C: Over time, multiple versions of TLS have been released to mitigate different vulnerabilities. TLS 1.2 is the most
current version available for apps running on Azure App Service. Incorrect Answers:
B: We need to support the Http URL as well. Note: 

lead4pass az-500 exam questions q4

References: https://docs.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth
https://azure.microsoft.com/en-us/updates/app-service-and-functions-hosted-apps-can-now-update-tls-versions/

QUESTION 5
From the Azure portal, you are configuring an Azure policy.
You plan to assign policies that use the DeployIfNotExist, AuditIfNotExist, Append, and Deny effects.
Which effect requires a managed identity for the assignment?
A. AuditIfNotExist
B. Append
C. DeployIfNotExist
D. Deny

Correct Answer: C
When Azure Policy runs the template in the deployIfNotExists policy definition, it does so using a managed identity.
References: https://docs.microsoft.com/bs-latn-ba/azure/governance/policy/how-to/remediate-resources

QUESTION 6
You are configuring an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.
You need to use the auto-generated service principal to authenticate to the Azure Container Registry.
What should you create?
A. an Azure Active Directory (Azure AD) group
B. an Azure Active Directory (Azure AD) role assignment
C. an Azure Active Directory (Azure AD) user
D. a secret in Azure Key Vault
Correct Answer: B
When you create an AKS cluster, Azure also creates a service principal to support cluster operability with other Azure
resources. You can use this auto-generated service principal for authentication with an ACR registry. To do so, you
need to create an Azure AD role assignment that grants the cluster\\’s service principal access to the container registry.
References: https://docs.microsoft.com/bs-latn-ba/azure/container-registry/container-registry-auth-aks

QUESTION 7
You need to meet the identity and access requirements for Group1. What should you do?
A. Add a membership rule to Group1.
B. Delete Group1. Create a new group named Group1 that has a membership type of Office 365. Add users and
devices to the group.
C. Modify the membership rule of Group1.
D. Change the membership type of Group1 to Assigned. Create two groups that have dynamic memberships. Add the
new groups to Group1.
Correct Answer: B
Incorrect Answers:
A, C: You can create a dynamic group for devices or for users, but you can\\’t create a rule that contains both users and
devices.
D: For the assigned group you can only add individual members.

Scenario:
Litware identifies the following identity and access requirements: All San Francisco users and their devices must be
members of Group1.
The tenant currently contains this group:

lead4pass az-500 exam questions q7

References: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal

QUESTION 8
Your network contains an on-premises Active Directory domain named corp.contoso.com.
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named
contoso.com.
You sync all on-premises identities to Azure AD.
You need to prevent users who have a given name attribute that starts with TEST from being synced to Azure AD. The solution must minimize administrative effort.
What should you use?
A. Synchronization Rules Editor
B. Web Service Configuration Tool
C. the Azure AD Connect wizard
D. Active Directory Users and Computers
Correct Answer: A
Use the Synchronization Rules Editor and write an attribute-based filtering rule.
References: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-change-theconfiguration

QUESTION 9
Exhibit tab.)
You are testing an Azure Kubernetes Service (AKS) cluster. The cluster is configured as shown in the exhibit. (Click the

lead4pass az-500 exam questions q9

You plan to deploy the cluster to production. You disable HTTP application routing.
You need to implement application routing that will provide reverse proxy and TLS termination for AKS services by using
a single IP address.
What should you do?
A. Create an AKS Ingress controller.
B. Install the container network interface (CNI) plug-in.
C. Create an Azure Standard Load Balancer.
D. Create an Azure Basic Load Balancer.
Correct Answer: A
An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and TLS termination
for Kubernetes services.
References: https://docs.microsoft.com/en-us/azure/aks/ingress-tls

QUESTION 10
Your company plans to create separate subscriptions for each department. Each subscription will be associated with the
same Azure Active Directory (Azure AD) tenant.
You need to configure each subscription to have the same role assignments. What should you use?

A. Azure Security Center
B. Azure Policy
C. Azure AD Privileged Identity Management (PIM)
D. Azure Blueprints
Correct Answer: D
Just as a blueprint allows an engineer or an architect to sketch a project\\’s design parameters, Azure Blueprints
enables cloud architects and central information technology groups to define a repeatable set of Azure resources that
implements and adheres to an organization\\’s standards, patterns, and requirements.
Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such
as: Role Assignments Policy Assignments Azure Resource Manager templates Resource Groups
Reference: https://docs.microsoft.com/en-us/azure/governance/blueprints/overview

QUESTION 11
You have an Azure subscription named Sub1 that contains an Azure Storage account named Contosostorage1 and an
Azure key vault named Contosokeyvault1.
You plan to create an Azure Automation runbook that will rotate the keys of Contosostorage1 and store them in
Contosokeyvault1.
You need to implement prerequisites to ensure that you can implement the runbook.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.
Select and Place:

lead4pass az-500 exam questions q11

Correct Answer:

lead4pass az-500 exam questions q11-1

Step 1: Create an Azure Automation account
Runbooks live within the Azure Automation account and can execute PowerShell scripts.
Step 2: Import PowerShell modules to the Azure Automation account Under `Assets\\’ from the Azure Automation account Resources section select `to add in Modules to the runbook. To
execute key vault cmdlets in the runbook, we need to add AzureRM.profile and AzureRM.key vault.
Step 3: Create a connection resource in the Azure Automation account
You can use the sample code below, taken from the AzureAutomationTutorialScript example runbook, to authenticate
using the Run As account to manage Resource Manager resources with your runbooks. The AzureRunAsConnection is
a
connection asset automatically created when we created `run as accounts\\’ above. This can be found under Assets ->
Connections. After the authentication code, run the same code above to get all the keys from the vault.
$connectionName = “AzureRunAsConnection”
try
{
# Get the connection “AzureRunAsConnection “
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
“Logging in to Azure…”
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
References:
https://www.rahulpnath.com/blog/accessing-azure-key-vault-from-azure-runbook/

QUESTION 12
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named
contoso.com.
You are assigned the Global administrator role for the tenant. You are responsible for managing Azure Security Center
settings.
You need to create a custom sensitivity label.
What should you do?
A. Create a custom sensitive information type.
B. Elevate access for global administrators in Azure AD.

C. Change Azure Security Center to use Standard-tier-pricing.
D. Enable integration with Microsoft Cloud App Security.
Correct Answer: A
First, you need to create a new sensitive information type because you can\\’t directly modify the default rules.
References: https://docs.microsoft.com/en-us/office365/securitycompliance/customize-a-built-in-sensitive-informationtype

QUESTION 13
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear on the review screen.
You have an Azure Subscription. The subscription contains 50 virtual machines that run Windows Server 2012 R2 or
Windows Server 2016.
You need to deploy Microsoft Antimalware to the virtual machines.
Solution: You connect to each virtual machine and add a Windows feature.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Microsoft Antimalware is deployed as an extension and not a feature.
References: https://docs.microsoft.com/en-us/azure/security/fundamentals/antimalware


latest updated Microsoft AZ-500 exam questions from the Lead4Pass AZ-500 dumps! 100% pass the AZ-500 exam! Download Lead4Pass AZ-500 VCE and PDF dumps: https://www.lead4pass.com/az-500.html (Q&As: 203 dumps)

Get free Microsoft AZ-500 dumps PDF online: https://drive.google.com/file/d/1zbpomewbVYQK6t2wFwxYtIyde1qhArS6/