Posted in AZ-500 Microsoft Azure Security Technologies az-500 Microsoft Azure Security Technologies azure az-500 azure az-500 dumps azure az-500 exam dumps azure az-500 practice test azure az-500 questions Microsoft Microsoft AZ-500 Microsoft AZ-500 microsoft az-500 azure security technologies microsoft az-500 braindump microsoft az-500 dumps microsoft az-500 exam dumps microsoft az-500 pdf microsoft az-500 practice test microsoft az-500 practice test microsoft az-500 study guide Microsoft Azure Security Engineer Associate Microsoft Role-based

AZ-500: Microsoft Azure Security Technologies – Solution

AZ-500: Microsoft Azure Security Technologies – Solution

Welcome everyone to visit,

I hope everyone gets their wish!!

Today I plan to write some exam details/online exercises/solutions – AZ-500.

First of all, you should understand the AZ-500: Microsoft Azure Security Technologies exam details.

Specifically, you need to understand the powerful functions of Security Technologies (including Manage identity and access, Implement platform protection, Manage security operations, and Secure data and applications).
Thereby improving work efficiency. Let me take you briefly on the details of how to pass the exam, study materials or links, etc.

AZ-500 exam practice questions:

QUESTION 1

You have an Azure subscription that contains a virtual machine named VM1.
You create an Azure key vault that has the following configurations:
Name: Vault5 Region: West US Resource group: RG1
You need to use Vault5 to enable Azure Disk Encryption on VM1. The solution must support backing up VM1 by using
Azure Backup.
Which key vault settings should you configure?

A. Access policies
B. Secrets
C. Keys
D. Locks

Correct Answer: A

References: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault

QUESTION 2

You have an Azure subscription that contains an Azure key vault and an Azure Storage account. The key vault contains
customer-managed keys. The storage account is configured to use the customer-managed keys stored In the key vault.
You plan to store data in Azure by using the following services:

* Azure Files
* Azure Blob storage
* Azure Log Analytics
* Azure Table storage
* Azure Queue storage

Which two services data encryption by using the keys stored in the key vault? Each correct answer presents a complete
solution. NOTE: Each correct selection is worth one point.

A. Queue storage
B. Table storage
C. Azure Files
D. Blob storage

Correct Answer: AD

QUESTION 3

You need to meet the technical requirements for VNetwork1. What should you do first?

A. Create a new subnet on VNetwork1.
B. Remove the NSGs from Subnet11 and Subnet13.
C. Associate an NSG to Subnet12.
D. Configure DDoS protection for VNetwork1.

Correct Answer: A

From scenario: Deploy Azure Firewall to VNetwork1 in Sub2.
The azure firewall needs a dedicated subnet named AzureFirewallSubnet.
References: https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal

QUESTION 4

DRAG-DROP
You are configuring network connectivity for two Azure virtual networks named VNET1 and VNET2.
You need to implement VPN gateways for the virtual networks to meet the following requirements:

1. VNET1 must have six site-to-site connections that use BGP.
2. VNET2 must have 12 site-to-site connections that use BGP.
3. Costs must be minimized.

Which VPN gateway SKU should you use for each virtual network? To answer, drag the appropriate SKUs to the correct
networks. Each SKU may be used once, more than once, or not at all. You may need to drag the split bar between
panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Select and Place:

az-500 questions q4

Correct Answer:

az-500 questions q4-1

QUESTION 5

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create a resource graph and an assignment that is scoped to a management group.
Does this meet the goal?

A. Yes
B. No

Correct Answer: B

Management groups in Microsoft Azure solve the problem of needing to impose governance policy on more than one
Azure subscription simultaneously. However, you need to use an initiative, not a resource graph to bundle the policy
definitions into a group that can be applied to the management group.
References: https://4sysops.com/archives/apply-governance-policy-to-multiple-azure-subscriptions-with-managementgroups/

More free AZ-500 exam practice questions for free download: https://drive.google.com/file/d/1SpYwEOBd6fFkhoTXuOfe5c7jYjg_B6Pj/view?usp=sharing

Prepare:

  1. Learn through Microsoft Event:

There are many resources to prepare for this exam, but the best I can find is a Microsoft Event or a webinar.
There are two advantages to participating in this event.

  • You will prepare for the exam for free, covering every topic.
  • You will get an exam voucher or coupon, which can be used when arranging the exam. This coupon provides you with a 100% discount on exam fees, and you can only use one coupon once. Therefore, basically, you do not need to pay any fees/fees for the exam.

2. Learn through the Microsoft Learning Path:

Although you participated in a Microsoft event, you may want to re-examine your knowledge or skills. In this case, the Microsoft learning path is the best. There are two ways to follow this learning path.

  1. Free online: Here you can learn at your own pace – Microsoft Learning Path for AZ-500
  2. Instructor Guidance-Paid
  3. Exam exercises: After you take the Microsoft Event or take the exam through the Microsoft Learning Path, you may want to practice the test questions. Find links to practice questions below:

https://www.lead4pass.com/az-500.html
On this website, you can get the latest updated AZ-500 exam dump. All questions can be used to practice the exam and its answers. Most of the questions actually come from the exam.

https://www.facebook.com/ExamcoopM
If you want to get the latest practice questions anytime, anywhere, you can go to the link above. There are exam questions-answers.

Exam format:

  • Number of questions: Most Microsoft certification exams usually contain 40-60 questions; however, the number may vary from exam to exam
  • Including: single selection, multiple selection, matching, selecting the appropriate option from the drop-down list, the necessary sequence of operations to perform a specific task, etc.
  • Duration: 60 minutes
  • Minimum score required to pass the exam: 700
  • The score is calculated in the range of 0-1000. So in short, you need to get a score of 70% to pass this exam.
  • The exam is conducted on the Pearson VUE application.
  • After the exam is over, you will immediately see your scorecard on the screen, and you will also receive it by mail.
  • The certificate is generated in your Microsoft account dashboard (the account you used to register for the exam)-the certificate section. From here you can download the certificate in pdf format.

Posted in az-500 Microsoft Azure Security Technologies Microsoft Microsoft AZ-500 microsoft az-500 azure security technologies microsoft az-500 braindump microsoft az-500 exam dumps microsoft az-500 practice test microsoft az-500 study guide Microsoft Role-based

[May 2021] Get 13 free Microsoft AZ-500 exam practice test questions

microsoft az-500 exam questions

Successfully passing the Microsoft AZ-500 exam to obtain certification makes it easy for you to become a top talent.” Microsoft Azure AZ-500 contains many latest technologies:
manage identity and access; implement platform protection; manage security operations, and secure data and applications”

It is not a simple matter to obtain Microsoft Azure AZ-500 certification: first, you need to pay the exam fee of 165 dollars, secondly, you need to learn a lot of professional knowledge for the exam, and finally, you need to take the exam. This kind of process does not guarantee that you will pass the exam. Every year, many people cannot pass the exam smoothly!

I’m not trying to discourage everyone’s confidence, I just say that the Microsoft Azure AZ-500 exam is not easy!
So I share 13 valid Microsoft AZ-500 exam questions for free to help you improve your skills and exam experience!
All the exam questions I shared are the latest updates! All AZ-500 exam dumps come from Lead4pass.com!
Lead4pass will help you save a lot of money and help you pass the exam successfully for the first time! And we have the best exam credibility! You are not the first to need us!

Table Of Content:

  1. Download Microsoft AZ-500 exam pdf online
  2. Microsoft AZ-500 exam video from Youtube
  3. The latest updated Microsoft AZ-500 exam practice questions
  4. Microsoft AZ-500 Exam Certification Coupon Code 2021

Microsoft AZ-500 exam pdf online for free

Share the Microsoft AZ-500 Dumps PDF for free From Lead4pass AZ-500 Dumps part of the distraction collected on Google Drive shared by Lead4pass
https://drive.google.com/file/d/1KywKeJhoZqDdfBr094YSz3Pwh_8eyeUr/

Latest Lead4pass AZ-500 Youtube

Share the latest Microsoft AZ-500 exam practice questions and answers for free from Led4Pass Dumps viewed online by Youtube Videos

Microsoft Azure AZ-500 exam practice question and answer online practice exam from Lead4pass

QUESTION 1
SIMULATION
You need to prevent administrative users from accidentally deleting a virtual network named VNET1. The administrative
users must be allowed to modify the settings of VNET1.
To complete this task, sign in to the Azure portal.
A. See the below.
Correct Answer: A
Explanation:
Locking prevents other users in your organization from accidentally deleting or modifying critical resources, such as
Azure subscription, resource group, or resource.
Note: In Azure, the term resource refers to an entity managed by Azure. For example, virtual machines, virtual networks,
and storage accounts are all referred to as Azure resources.
1. In the Settings blade for virtual network VNET, select Locks

microsoft az-500 certification exam q1

2.To add a lock, select Add.

microsoft az-500 certification exam q1-1

3. For Lock type select Delete lock, and click OK
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

 

QUESTION 2
HOTSPOT
You have an Azure subscription that contains an Azure Sentinel workspace.
Azure Sentinel is configured to ingest logs from several Azure workloads. A third-party service management platform is
used to manage incidents.
You need to identify which Azure Sentinel components to configure to meet the following requirements:
1.
When Azure Sentinel identifies a threat, an incident must be created.
2.
A ticket must be logged in the service management platform when an incident is created in Azure Sentinel.
Which component should you identify for each requirement? To answer, select the appropriate options in the answer
area.
NOTE: Each correct selection is worth one point.
Hot Area:

microsoft az-500 certification exam q2

Correct Answer:

microsoft az-500 certification exam q2-1

Reference: https://docs.microsoft.com/en-us/azure/sentinel/create-incidents-from-alerts https://docs.microsoft.com/enus/azure/sentinel/tutorial-respond-threats-playbook

 

QUESTION 3
You have an Azure subscription that contains the resources shown in the following table.microsoft az-500 certification exam q3

User1 is a member of Group1. Group1 and User2 are assigned the Key Vault Contributor role for Vault1.
On January 1, 2019, you create a secret in Vault1. The secret is configured as shown in the exhibit. (Click the Exhibit
tab.)

microsoft az-500 certification exam q3-1

User2 is assigned an access policy to Vault1. The policy has the following configurations:
Key Management Operations: Get, List, and Restore Cryptographic Operations: Decrypt and Unwrap Key Secret
Management Operations: Get, List, and Restore
Group1 is assigned access to Vault1. The policy has the following configurations:
Key Management Operations: Get and Recover Secret Management Operations: List, Backup, and Recover
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:

microsoft az-500 certification exam q3-2

 

QUESTION 4
You are collecting events from Azure virtual machines to an Azure Log Analytics workspace.
You plan to create alerts based on the collected events.
You need to identify which Azure services can be used to create the alerts.
Which two services should you identify? Each correct answer presents a complete solution
NOTE: Each correct selection is worth one point.
A. Azure Monitor
B. Azure Security Center
C. Azure Analytics Services
D. Azure Sentinel
E. Azure Advisor
Correct Answer: AD

 

QUESTION 5
Your company has two offices in Seattle and New York. Each office connects to the Internet by using a NAT device. The
offices use the IP addresses shown in the following table.microsoft az-500 certification exam q5

The MFA service settings are configured as shown in the exhibit. (Click the Exhibit tab.)

microsoft az-500 certification exam q5-1

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.
Hot Area:

microsoft az-500 certification exam q5-2

Correct Answer:

microsoft az-500 certification exam q5-3

Box 2: No
Use of Microsoft Authenticator is not required.
Note: Microsoft Authenticator is a multifactor app for mobile devices that generates time-based codes used during the
Two-Step Verification process.
Box 3: No
The New York IP address subnet is included in the “skip multi-factor authentication for request.
References:
https://www.cayosoft.com/difference-enabling-enforcing-mfa/

 

QUESTION 6
You are evaluating the security of the network communication between the virtual machines in Sub2. For each of the
following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth
one point.
Hot Area:microsoft az-500 certification exam q6

Box 1: Yes
NSG1 has the inbound security rules shown in the following table.

microsoft az-500 certification exam q6-1

NSG2 has the inbound security rules shown in the following table.

microsoft az-500 certification exam q6-2

Box 2: Yes
Box 3: No
Note:
Sub2 contains the virtual machines shown in the following table.

microsoft az-500 certification exam q6-3

 

QUESTION 7
You need to ensure that User2 can implement PIM. What should you do first?
A. Assign User2 the global administrator role.
B. Configure authentication methods for contoso.com.
C. Configure the identity secure score for contoso.com.
D. Enable multi-factor authentication (MFA) for User2.
Correct Answer: A
To start using PIM in your directory, you must first enable PIM.
1. Sign in to the Azure portal as a Global Administrator of your directory.
You must be a Global Administrator with an organizational account (for example, @yourdomain.com), not a Microsoft
account (for example, @outlook.com), to enable PIM for a directory.
Scenario: Technical requirements include: Enable Azure AD Privileged Identity Management (PIM) for contoso.com
References:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-getting-started

 

QUESTION 8
You have an Azure virtual machine shown in the following table.
You create an Azure Log Analyticsmicrosoft az-500 certification exam q8

You create an Azure Log Analytics workspace named Analytics1 in RG1 in the East US region. Which virtual machines
can be enrolled in Analytics1?
A. VM1 only
B. VM1, VM2, and VM3 only
C. VM1, VM2, VM3, and VM4
D. VM1 and VM4 only
Correct Answer: A
Note: Create a workspace
1.
In the Azure portal, click All services. In the list of resources, type Log Analytics. As you begin typing, the list filters
based on your input. Select Log Analytics.
2.
Click Create, and then select choices for the following items:
Provide a name for the new Log Analytics workspace, such as DefaultLAWorkspace. OMS workspaces are now
referred to as Log Analytics workspaces.
Select a Subscription to link to by selecting from the drop-down list if the default selected is not appropriate.
For the Resource Group, select an existing resource group that contains one or more Azure virtual machines.
Select the Location your VMs are deployed to. For additional information, see which regions Log Analytics is available
in.
Incorrect Answers:
B, C: A Log Analytics workspace provides a geographic location for data storage. VM2 and VM3 are at a different
location.
D: VM4 is a different resource group.
References: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/manage-access

 

QUESTION 9
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.microsoft az-500 certification exam q9

You create and enforce an Azure AD Identity Protection sign-in risk policy that has the following settings:
1.
Assignments: Include Group1, exclude Group2
2.
Conditions: Sign-in risk level: Medium and above
3.
Access Allow access, Require multi-factor authentication
You need to identify what occurs when the users sign in to Azure AD.
What should you identify for each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

microsoft az-500 certification exam q9-1

Correct Answer:

microsoft az-500 certification exam q9-2

References: http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditionalaccesspolicies/ https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identityprotection-policies
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identityprotection-risks

 

QUESTION 10
HOTSPOT
You have a file named File1.yaml that contains the following contents.microsoft az-500 certification exam q10

You create an Azure container instance named container1 by using File1.yaml.
You need to identify where you can access the values of Variable1 and Variable2.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

microsoft az-500 certification exam q10-1

Correct Answer:

microsoft az-500 certification exam q10-2

Reference: https://docs.microsoft.com/en-us/azure/container-instances/container-instances-environment-variables

 

QUESTION 11
You create a new Azure subscription that is associated with a new Azure Active Directory (Azure AD) tenant.
You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the
Microsoft Azure Management cloud app.
The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.)

microsoft az-500 certification exam q11

The Grant settings for Portal Policy are configured as shown in the Grant exhibit. (Click the Grant tab.)

microsoft az-500 certification exam q11-1

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.
Hot Area:

microsoft az-500 certification exam q11-2

Correct Answer:

microsoft az-500 certification exam q11-3

Box 1: No The Contoso location is excluded Box 2: Yes
Box 3: Yes Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

 

QUESTION 12
You have a web app named WebApp1.
You create a web application firewall (WAF) policy named WAF1.
You need to protect WebApp1 by using WAF1.
What should you do first?
A. Deploy an Azure Front Door.
B. Add an extension to WebApp1.
C. Deploy Azure Firewall.
Correct Answer: A
References: https://docs.microsoft.com/en-us/azure/frontdoor/quickstart-create-front-door

 

QUESTION 13
You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.
You need to use automatically generated service principal for the AKS cluster to authenticate to the Azure Container
Registry.
What should you create?
A. a secret in Azure Key Vault
B. a role assignment
C. an Azure Active Directory (Azure AD) user
D. an Azure Active Directory (Azure AD) group
Correct Answer: B
References: https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal

Get the latest and complete Microsoft Azure AZ-500 exam dumps! Help you pass the first exam successfully! Click here for more…

Microsoft Azure AZ-500 Exam Certification Coupon Code 2021

microsoft coupon code

You have read my entire article, and I have already told you how to successfully pass the Microsoft Azure AZ-500 exam.
You can choose: https://www.lead4pass.com/az-500.html and go directly to AZ-500 Exam dumps channel! Get your key to successfully pass the exam!
Wish you be happy!

ps.
Get free Microsoft AZ-500 dumps PDF online: https://drive.google.com/file/d/1KywKeJhoZqDdfBr094YSz3Pwh_8eyeUr/

Posted in az-500 Microsoft Azure Security Technologies Microsoft AZ-500 microsoft az-500 azure security technologies microsoft az-500 braindump microsoft az-500 exam dumps microsoft az-500 practice test microsoft az-500 study guide Microsoft Role-based

[MAR 2021] Microsoft AZ-500 exam dumps and online practice questions are available from Lead4Pass

The latest updated Microsoft AZ-500 exam dumps and free AZ-500 exam practice questions and answers! Latest updates from Lead4Pass Microsoft AZ-500 Dumps PDF and AZ-500 Dumps VCE, Lead4Pass AZ-500 exam questions updated and answers corrected! Get the full Microsoft AZ-500 dumps from https://www.lead4pass.com/az-500.html (VCE&PDF)

Latest AZ-500 PDF for free

Share the Microsoft AZ-500 Dumps PDF for free From Lead4pass AZ-500 Dumps part of the distraction collected on Google Drive shared by Lead4pass
https://drive.google.com/file/d/1ZTuEy5t-Bem6PA2L9VKGS_2am_QS88pT/

The latest updated Microsoft AZ-500 Exam Practice Questions and Answers Online Practice Test is free to share from Lead4Pass (Q1-Q13)

QUESTION 1
DRAG DROP
You have an Azure Storage account named storage1 and an Azure virtual machine named VM1. VM1 has a premium
SSD-managed disk.
You need to enable Azure Disk Encryption for VM1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.
Select and Place:

[2021.3] lead4pass az-500 practice test q1

Correct Answer:

[2021.3] lead4pass az-500 practice test q1-1

Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault

 

QUESTION 2
SIMULATION
You need to configure network connectivity between a virtual network named VNET1 and a virtual network named
VNET2. The solution must ensure that virtual machines connected to VNET1 can communicate with virtual machines
connected to VNET2.
To complete this task, sign in to the Azure portal and modify the Azure resources.
A. See the below.
Correct Answer: A
You need to configure VNet Peering between the two networks. The question states, “The solution must ensure that
virtual machines connected to VNET1 can communicate with virtual machines connected to VNET2”. It doesn\\’t says the
VMs on VNET2 should be able to communicate with VMs on VNET1. Therefore, we need to configure the peering to
allow just one-way communication.
1.
In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select
VNET1. Alternatively, browse Virtual Networks in the left navigation pane.
2.
In the properties of VNET1, click on Peerings.
3.
In the Peerings blade, click Add to add a new peering.
4.
In the Name of the peering from VNET1 to a remote virtual network box, enter a name such as VNET1-VNET2 (this is the
name that the peering will be displayed as in VNET1)
5.
In the Virtual Network box, select VNET2.
6.
In the Name of the peering from the remote virtual network to the VNET1 box, enter a name such as VNET2-VNET1 (this is the
name that the peering will be displayed as in VNET2). There is an option Allow virtual network access from VNET to
the remote virtual network. This should be left as Enabled.
7.
For the option Allow virtual network access from the remote network to VNET1, click the slider button to Disabled.
8.
Click the OK button to save the changes.
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering

 

QUESTION 3
SIMULATION
You plan to use Azure Disk Encryption for several virtual machine disks.
You need to ensure that Azure Disk Encryption can retrieve secrets from the KeyVault11641655 Azure key vault.
To complete this task, sign in to the Azure portal and modify the Azure resources.
A. See the below.
Correct Answer: A
1.
In the Azure portal, type Key Vaults in the search box, select Key Vaults from the search results then select
KeyVault11641655. Alternatively, browse to Key Vaults in the left navigation pane.
2.
In the Key Vault properties, scroll down to the Settings section and select Access Policies.
3.
Select the Azure Disk Encryption for volume encryption
4.
Click Save to save the changes.[2021.3] lead4pass az-500 practice test q3

 

QUESTION 4
You have an Azure subscription named Subcription1 that contains an Azure Active Directory (Azure AD) tenant named
contoso.com and a resource group named RG1.
You create a custom role named Role1 for contoso.com.
You need to identify where you can use Role1 for permission delegation.
What should you identify?
A. contoso.com only
B. contoso.com and RGT only
C. contoso.com and Subscription1 only
D. contoso.com, RG1, and Subcription1
Correct Answer: D

 

QUESTION 5
DRAG DROP
You have an Azure subscription that contains the following resources:
1.
A virtual network named VNET1 contains two subnets named Subnet1 and Subnet2.
2.
A virtual machine named VM1 has only a private IP address and connects to Subnet1.
You need to ensure that Remote Desktop connections can be established to VM1 from the internet.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.
Select and Place:[2021.3] lead4pass az-500 practice test q5

Correct Answer:

[2021.3] lead4pass az-500 practice test q5-1

 

QUESTION 6
You need to deploy AKS1 to meet the platform protection requirements.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to
the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Select and Place: [2021.3] lead4pass az-500 practice test q6

Correct Answer:

[2021.3] lead4pass az-500 practice test q6-1

 

QUESTION 7
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.[2021.3] lead4pass az-500 practice test q7

From Azure AD Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as
shown in the following exhibit.

[2021.3] lead4pass az-500 practice test q7-1

From PIM, you assign the Security Administrator role to the following groups:
1.
Group1: Active assignment type, permanently assigned
2.
Group2: Eligible assignment type, permanently eligible
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

[2021.3] lead4pass az-500 practice test q7-2

Box 1: Yes
Eligible Type: A role assignment that requires a user to perform one or more actions to use the role. If a user has been
made eligible for a role, that means they can activate the role when they need to perform privileged tasks. There\\’s no
difference in the access given to someone with a permanent versus an eligible role assignment. The only difference is
that some people don\\’t need that access all the time.
You can choose from two assignment duration options for each assignment type (eligible and active) when you
configure settings for a role. These options become the default maximum duration when a user is assigned to the role
in
Privileged Identity Management.
Use the Activation maximum duration slider to set the maximum time, in hours, that a role stays active before it expires.
This value can be from one to 24 hours.
Box 2: Yes
Active Type: A role assignment that doesn\\’t require a user to perform any action to use the role. Users assigned as
active have the privileges assigned to the role
Box 3: Yes
User3 is a member of Group2.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
https://docs.microsoft.com/bs-cyrl-ba/azure/active-directory/privileged-identity-management/pim-resource-rolesconfigure-role-settings

 

QUESTION 8
DRAG DROP
You have an Azure subscription named Sub1.
You have an Azure Active Directory (Azure AD) group named Group1 that contains all the members of your IT team.
You need to ensure that the members of Group1 can stop, start, and restart the Azure virtual machines in Sub1. the solution must use the principle of least privilege.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
[2021.3] lead4pass az-500 practice test q8

Correct Answer:

[2021.3] lead4pass az-500 practice test q8-1

References: https://www.petri.com/cloud-security-create-custom-rbac-role-microsoft-azure

 

QUESTION 9
HOTSPOT
You have an Azure subscription named Subcription1 that contains the resources shown in the following table.[2021.3] lead4pass az-500 practice test q9

You have an Azure subscription named Subcription2 that contains the following resources:
1. An Azure Sentinel workspace
2. An Azure Event Grid instance
You need to ingest the CEF messages from the NVAs to Azure Sentinel.
NOTE: Each correct selection is worth one point.
Hot Area:

[2021.3] lead4pass az-500 practice test q9-1

Correct Answer:

[2021.3] lead4pass az-500 practice test q9-2 [2021.3] lead4pass az-500 practice test q9-3

 

QUESTION 10
You have an Azure subscription that contains a virtual machine named VM1.
You create an Azure key vault that has the following configurations:
Name: Vault5 Region: West US Resource group: RG1
You need to use Vault5 to enable Azure Disk Encryption on VM1. The solution must support backing up VM1 by using
Azure Backup.
Which key vault settings should you configure?
A. Access policies
B. Secrets
C. Keys
D. Locks
Correct Answer: A
References: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault

 

QUESTION 11
You have the Azure virtual machines shown in the following table.[2021.3] lead4pass az-500 practice test q11

Each virtual machine has a single network interface.
You add the network interface of VM1 to an application security group named ASG1.
You need to identify the network interfaces of which virtual machines you can add to ASG1.
What should you identify?
A. VM2 only
B. VM2, VM3, VM4, and VM5
C. VM2, VM3, and VM5 only
D. VM2 and VM3 only
Correct Answer: D
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/application-security-groups

 

QUESTION 12
HOTSPOT
You need to ensure that the Azure AD application registration and consent configurations meet the identity and access
requirements.
What should you use in the Azure portal? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:[2021.3] lead4pass az-500 practice test q12

Correct Answer:

[2021.3] lead4pass az-500 practice test q12-1

Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-user-consent

 

QUESTION 13
SIMULATION
You need to add the network interface of a virtual machine named VM1 to an application security group named ASG1.
To complete this task, sign in to the Azure portal.
A. See the below.
Correct Answer: A
1.
In the Search resources, services, and docs box at the top of the portal, begin typing the name of a virtual machine,
VM1 has a network interface that you want to add to or remove from, an application security group.
2.
When the name of your VM appears in the search results, select it.
3.
Under SETTINGS, select Networking. Select Configure the application security groups, select the application security
groups that you want to add the network interface to, or unselect the application security groups that you want to
remove the network interface from, and then select Save.
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface


Fulldumps shares the latest updated Microsoft AZ-500 exam exercise questions, AZ-500 dumps pdf for free.
All exam questions and answers come from the Lead4pass exam dumps shared part! Lead4pass updates throughout the year and shares a portion of your exam questions for free to help you understand the exam content and enhance your exam experience!
Get the full Microsoft AZ-500 exam dumps questions at https://www.lead4pass.com/az-500.html (pdf&vce)

ps.
Get free Microsoft AZ-500 dumps PDF online: https://drive.google.com/file/d/1ZTuEy5t-Bem6PA2L9VKGS_2am_QS88pT/

Posted in az-500 Microsoft Azure Security Technologies Microsoft Microsoft AZ-500 microsoft az-500 azure security technologies microsoft az-500 braindump microsoft az-500 exam dumps microsoft az-500 practice test microsoft az-500 study guide Microsoft Role-based

[Jan 2021] Microsoft az-500 exam dumps and online practice questions are available from Lead4Pass

The latest updated Microsoft az-500 exam dumps and free az-500 exam practice questions and answers! Latest updates from Lead4Pass Microsoft az-500 Dumps PDF and az-500 Dumps VCE, Lead4Pass az-500 exam questions updated and answers corrected!
Get the full Microsoft az-500 dumps from https://www.lead4pass.com/az-500.html (VCE&PDF)

Latest az-500 PDF for free

Share the Microsoft az-500 Dumps PDF for free From Lead4pass az-500 Dumps part of the distraction collected on Google Drive shared by Lead4pass
https://drive.google.com/file/d/12-RJDaQX5B8Xb9ZalvpgnjZekSGjleXS/

Latest Lead4pass az-500 Youtube

Share the latest Microsoft az-500 exam practice questions and answers for free from Led4Pass Dumps viewed online by Youtube Videos

The latest updated Microsoft az-500 Exam Practice Questions and Answers Online Practice Test is free to share from Lead4Pass (Q1-Q13)

QUESTION 1
You need to meet the identity and access requirements for Group1. What should you do?
A. Add a membership rule to Group1.
B. Delete Group1. Create a new group named Group1 that has a membership type of Office 365. Add users and
devices to the group.
C. Modify the membership rule of Group1.
D. Change the membership type of Group1 to Assigned. Create two groups that have dynamic memberships. Add the
new groups to Group1.
Correct Answer: B
Incorrect Answers:
A, C: You can create a dynamic group for devices or for users, but you can\\’t create a rule that contains both users and
devices.
D: For an assigned group, you can only add individual members.
Scenario:
Litware identifies the following identity and access requirements: All San Francisco users and their devices must be
members of Group1.
The tenant currently contains this group:lead4pass az-500 practice test q1

References: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal

 

QUESTION 2
You have 10 virtual machines on a single subnet that has a single network security group (NSG).
You need to log the network traffic to an Azure Storage account.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Install the Network Performance Monitor solution.
B. Enable Azure Network Watcher.
C. Enable diagnostic logging for the NSG.
D. Enable NSG flow logs.
E. Create an Azure Log Analytics workspace.
Correct Answer: BD
A network security group (NSG) enables you to filter inbound traffic to, and outbound traffic from, a virtual machine
(VM). You can log network traffic that flows through an NSG with Network Watcher\\’s NSG flow log capability. Steps
include: Create a VM with a network security group Enable Network Watcher and register the Microsoft.Insights provider
Enable a traffic flow log for an NSG, using Network Watcher\\’s NSG flow log capability Download logged data View
logged data
Reference: https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal

 

QUESTION 3
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear on the review screen.
You have an Azure Subscription named Sub1.
You have an Azure Storage account named Sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in Sa1 by using several shared access signatures
(SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to Sa1.
Solution: You generate new SASs.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Instead, you should create a new stored access policy.
To revoke a stored access policy, you can either delete it or rename it by changing the signed identifier. Changing the
signed identifier breaks the associations between any existing signatures and the stored access policy. Deleting or
renaming the stored access policy immediately affects all of the shared access signatures associated with it.
References: https://docs.microsoft.com/en-us/rest/api/storageservices/Establishing-a-Stored-Access-Policy

 

QUESTION 4
You have an Azure Container Registry named Registry1.
You add role assignment for Registry1 as shown in the following table.lead4pass az-500 practice test q4

Which users can upload images to Registry1 and download images from Registry1? To answer, select the appropriate
options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:

lead4pass az-500 practice test q4-1

Correct Answer:

lead4pass az-500 practice test q4-2

Box 1: User1 and User4 only
Owner, Contributor, and AcrPush can push images.
Box 2: User1, User2, and User4
All, except AcrImagineSigner, can download/pull images.

lead4pass az-500 practice test q4-3

References: https://docs.microsoft.com/bs-latn-ba/azure/container-registry/container-registry-roles

 

QUESTION 5
You need to create an Azure key vault. The solution must ensure that any object deleted from the key vault be retained
for 90 days.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:lead4pass az-500 practice test q5

Correct Answer:

lead4pass az-500 practice test q5-1

Box 1: -EnablePurgeProtection
If specified, protection against immediate deletion is enabled for this vault; requires soft delete to be enabled as well.
Box 2: -EnableSoftDelete
Specifies that the soft-delete functionality is enabled for this key vault. When soft-delete is enabled, for a grace period,
you can recover this key vault and its contents after it is deleted.
References:
https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/new-azurermkeyvault

 

QUESTION 6
Exhibit tab.)
You are testing an Azure Kubernetes Service (AKS) cluster. The cluster is configured as shown in the exhibit. (Click thelead4pass az-500 practice test q6

You plan to deploy the cluster to production. You disable HTTP application routing.
You need to implement application routing that will provide reverse proxy and TLS termination for AKS services by using
a single IP address.
What should you do?
A. Create an AKS Ingress controller.
B. Install the container network interface (CNI) plug-in.
C. Create an Azure Standard Load Balancer.
D. Create an Azure Basic Load Balancer.
Correct Answer: A
An ingress controller is a piece of software that provides reverse proxy, configurable traffic routing, and TLS termination
for Kubernetes services.
References: https://docs.microsoft.com/en-us/azure/aks/ingress-tls

 

QUESTION 7
You create a new Azure subscription.
You need to ensure that you can create custom alert rules in Azure Security Center.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Onboard Azure Active Directory (Azure AD) Identity Protection.
B. Create an Azure Storage account.
C. Implement Azure Advisor recommendations.
D. Create an Azure Log Analytics workspace.
E. Upgrade the pricing tier of Security Center to Standard.
Correct Answer: BD
D: You need to write permission in the workspace that you select to store your custom alert.
References: https://docs.microsoft.com/en-us/azure/security-center/security-center-custom-alert

 

QUESTION 8
You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the
following table.lead4pass az-500 practice test q8

You configure an access review named Review1 as shown in the following exhibit.

lead4pass az-500 practice test q8-1

Use the drop-down menus to select the answer choice that completes each statement based on the information
presented in the graphic. NOTE: Each correct selection is worth one point.
Hot Area:

lead4pass az-500 practice test q8-2

Box 1: User3 only
Use the Members (self) option to have the users review their own role assignments.
Box 2: User3 will receive a confirmation request
Use the Should reviewer not respond list to specify what happens for users that are not reviewed by the reviewer within
the review period. This setting does not impact users who have been reviewed by the reviewers manually. If the final
reviewer\\’s decision is Deny, then the user\\’s access will be removed.
No change – Leave user\\’s access unchanged
Remove access – Remove user\\’s access
Approve access – Approve user\\’s access
Take recommendations – Take the system\\’s recommendation on denying or approving the user\\’s continued access
References:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-start-securityreview


QUESTION 9
You need to ensure that User2 can implement PIM. What should you do first?
A. Assign User2 the global administrator role.
B. Configure authentication methods for contoso.com.
C. Configure the identity secure score for contoso.com.
D. Enable multi-factor authentication (MFA) for User2.
Correct Answer: A
To start using PIM in your directory, you must first enable PIM.
1. Sign in to the Azure portal as a Global Administrator of your directory.
You must be a Global Administrator with an organizational account (for example, @yourdomain.com), not a Microsoft
account (for example, @outlook.com), to enable PIM for a directory.
Scenario: Technical requirements include: Enable Azure AD Privileged Identity Management (PIM) for contoso.com
References:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-getting-started

 

QUESTION 10
You assign User8 the Owner role for RG4, RG5, and RG6.
In which resource groups can User8 create virtual networks and NSGs? To answer, select the appropriate options in the
answer area.
NOTE: Each correct selection is worth one point.
Hot Area:lead4pass az-500 practice test q10

Correct Answer:

lead4pass az-500 practice test q10-1

Box 1: RG4 only
Virtual Networks are not allowed for Rg5 and Rg6.
Box 2: Rg4, Rg5, and Rg6
Scenario:
Contoso has two Azure subscriptions named Sub1 and Sub2.
Sub1 contains six resource groups named RG1, RG2, RG3, RG4, RG5, and RG6.
You assign User8 the Owner role for RG4, RG5, and RG6
User8 city Sidney, Role: None
Note: A network security group (NSG) contains a list of security rules that allow or deny network traffic to resources
connected to Azure Virtual Networks (VNet). NSGs can be associated with subnets, individual VMs (classic), or individual
network interfaces (NIC) attached to VMs (Resource Manager).
References:
https://docs.microsoft.com/en-us/azure/governance/policy/overview

 

QUESTION 11
You need to configure SQLDB1 to meet the data and application requirements.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from
the list of actions to the answer area and arrange them in the correct order.
Select and Place:lead4pass az-500 practice test q11

Correct Answer:

lead4pass az-500 practice test q11-1

Step 1: Connect to SQLDB1 by using Microsoft SQL Server Management Studio (SSMS)
Step 2: In SQLDB1, create contained database users.
Create a contained user in the database that represents the VM\\’s system-assigned identity.
Step 3: In Azure AD, create a system-assigned managed identity.
A system-assigned identity for a Windows virtual machine (VM) can be used to access an Azure SQL server. Managed
Service Identities are automatically managed by Azure and enable you to authenticate to services that support Azure
AD
authentication, without needing to insert credentials into your code.
References:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-accesssql

 

QUESTION 12
You have an Azure subscription named Sub1. Sub1 contains an Azure virtual machine named VM1 that runs Windows
Server 2016.
You need to encrypt VM1 disks by using Azure Disk Encryption.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.
Select and Place:lead4pass az-500 practice test q12

References: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/encrypt-disks

 

QUESTION 13
You suspect that users are attempting to sign in to resources to which they have no access.
You need to create an Azure Log Analytics query to identify failed user sign-in attempts from the last three days. The
results must only show users who had more than five failed sign-in attempts.
How should you configure the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:lead4pass az-500 practice test q13

The following example identifies user accounts that failed to log in more than five times in the last day, and when they
last attempted to log in.
let timeframe = 1d; SecurityEvent | where TimeGenerated > ago(1d) | where AccountType == \\’User\\’ and EventID ==
4625 // 4625 – failed log in | summarize failed_login_attempts=count(), latest_failed_login=arg_max(TimeGenerated,
Account) by Account | where failed_login_attempts > 5 | project-away Account1
References: https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/examples


Fulldumps shares the latest updated Microsoft az-500 exam exercise questions, az-500 dumps pdf, and Youtube video learning for free.
All exam questions and answers come from the Lead4pass exam dumps shared part! Lead4pass updates throughout the year and shares a portion of your exam questions for free to help you understand the exam content and enhance your exam experience!
Get the full Microsoft az-500 exam readiness dumps questions at https://www.lead4pass.com/az-500.html (pdf&vce)

ps.
Get free Microsoft az-500 dumps PDF online: https://drive.google.com/file/d/12-RJDaQX5B8Xb9ZalvpgnjZekSGjleXS/