microsoft az-500 exam questions

Successfully passing the Microsoft AZ-500 exam to obtain certification makes it easy for you to become a top talent.” Microsoft Azure AZ-500 contains many latest technologies:
manage identity and access; implement platform protection; manage security operations, and secure data and applications”

It is not a simple matter to obtain Microsoft Azure AZ-500 certification: first, you need to pay the exam fee of 165 dollars, secondly, you need to learn a lot of professional knowledge for the exam, and finally, you need to take the exam. This kind of process does not guarantee that you will pass the exam. Every year, many people cannot pass the exam smoothly!

I’m not trying to discourage everyone’s confidence, I just say that the Microsoft Azure AZ-500 exam is not easy!
So I share 13 valid Microsoft AZ-500 exam questions for free to help you improve your skills and exam experience!
All the exam questions I shared are the latest updates! All AZ-500 exam dumps come from Lead4pass.com!
Lead4pass will help you save a lot of money and help you pass the exam successfully for the first time! And we have the best exam credibility! You are not the first to need us!

Table Of Content:

  1. Download Microsoft AZ-500 exam pdf online
  2. Microsoft AZ-500 exam video from Youtube
  3. The latest updated Microsoft AZ-500 exam practice questions
  4. Microsoft AZ-500 Exam Certification Coupon Code 2021

Microsoft AZ-500 exam pdf online for free

Share the Microsoft AZ-500 Dumps PDF for free From Lead4pass AZ-500 Dumps part of the distraction collected on Google Drive shared by Lead4pass
https://drive.google.com/file/d/1KywKeJhoZqDdfBr094YSz3Pwh_8eyeUr/

Latest Lead4pass AZ-500 Youtube

Share the latest Microsoft AZ-500 exam practice questions and answers for free from Led4Pass Dumps viewed online by Youtube Videos

https://youtube.com/watch?v=I3y-NUF7nOk

Microsoft Azure AZ-500 exam practice question and answer online practice exam from Lead4pass

QUESTION 1
SIMULATION
You need to prevent administrative users from accidentally deleting a virtual network named VNET1. The administrative
users must be allowed to modify the settings of VNET1.
To complete this task, sign in to the Azure portal.
A. See the below.
Correct Answer: A
Explanation:
Locking prevents other users in your organization from accidentally deleting or modifying critical resources, such as
Azure subscription, resource group, or resource.
Note: In Azure, the term resource refers to an entity managed by Azure. For example, virtual machines, virtual networks,
and storage accounts are all referred to as Azure resources.
1. In the Settings blade for virtual network VNET, select Locks

microsoft az-500 certification exam q1

2.To add a lock, select Add.

microsoft az-500 certification exam q1-1

3. For Lock type select Delete lock, and click OK
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

 

QUESTION 2
HOTSPOT
You have an Azure subscription that contains an Azure Sentinel workspace.
Azure Sentinel is configured to ingest logs from several Azure workloads. A third-party service management platform is
used to manage incidents.
You need to identify which Azure Sentinel components to configure to meet the following requirements:
1.
When Azure Sentinel identifies a threat, an incident must be created.
2.
A ticket must be logged in the service management platform when an incident is created in Azure Sentinel.
Which component should you identify for each requirement? To answer, select the appropriate options in the answer
area.
NOTE: Each correct selection is worth one point.
Hot Area:

microsoft az-500 certification exam q2

Correct Answer:

microsoft az-500 certification exam q2-1

Reference: https://docs.microsoft.com/en-us/azure/sentinel/create-incidents-from-alerts https://docs.microsoft.com/enus/azure/sentinel/tutorial-respond-threats-playbook

 

QUESTION 3
You have an Azure subscription that contains the resources shown in the following table.microsoft az-500 certification exam q3

User1 is a member of Group1. Group1 and User2 are assigned the Key Vault Contributor role for Vault1.
On January 1, 2019, you create a secret in Vault1. The secret is configured as shown in the exhibit. (Click the Exhibit
tab.)

microsoft az-500 certification exam q3-1

User2 is assigned an access policy to Vault1. The policy has the following configurations:
Key Management Operations: Get, List, and Restore Cryptographic Operations: Decrypt and Unwrap Key Secret
Management Operations: Get, List, and Restore
Group1 is assigned access to Vault1. The policy has the following configurations:
Key Management Operations: Get and Recover Secret Management Operations: List, Backup, and Recover
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:

microsoft az-500 certification exam q3-2

 

QUESTION 4
You are collecting events from Azure virtual machines to an Azure Log Analytics workspace.
You plan to create alerts based on the collected events.
You need to identify which Azure services can be used to create the alerts.
Which two services should you identify? Each correct answer presents a complete solution
NOTE: Each correct selection is worth one point.
A. Azure Monitor
B. Azure Security Center
C. Azure Analytics Services
D. Azure Sentinel
E. Azure Advisor
Correct Answer: AD

 

QUESTION 5
Your company has two offices in Seattle and New York. Each office connects to the Internet by using a NAT device. The
offices use the IP addresses shown in the following table.microsoft az-500 certification exam q5

The MFA service settings are configured as shown in the exhibit. (Click the Exhibit tab.)

microsoft az-500 certification exam q5-1

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.
Hot Area:

microsoft az-500 certification exam q5-2

Correct Answer:

microsoft az-500 certification exam q5-3

Box 2: No
Use of Microsoft Authenticator is not required.
Note: Microsoft Authenticator is a multifactor app for mobile devices that generates time-based codes used during the
Two-Step Verification process.
Box 3: No
The New York IP address subnet is included in the “skip multi-factor authentication for request.
References:
https://www.cayosoft.com/difference-enabling-enforcing-mfa/

 

QUESTION 6
You are evaluating the security of the network communication between the virtual machines in Sub2. For each of the
following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth
one point.
Hot Area:microsoft az-500 certification exam q6

Box 1: Yes
NSG1 has the inbound security rules shown in the following table.

microsoft az-500 certification exam q6-1

NSG2 has the inbound security rules shown in the following table.

microsoft az-500 certification exam q6-2

Box 2: Yes
Box 3: No
Note:
Sub2 contains the virtual machines shown in the following table.

microsoft az-500 certification exam q6-3

 

QUESTION 7
You need to ensure that User2 can implement PIM. What should you do first?
A. Assign User2 the global administrator role.
B. Configure authentication methods for contoso.com.
C. Configure the identity secure score for contoso.com.
D. Enable multi-factor authentication (MFA) for User2.
Correct Answer: A
To start using PIM in your directory, you must first enable PIM.
1. Sign in to the Azure portal as a Global Administrator of your directory.
You must be a Global Administrator with an organizational account (for example, @yourdomain.com), not a Microsoft
account (for example, @outlook.com), to enable PIM for a directory.
Scenario: Technical requirements include: Enable Azure AD Privileged Identity Management (PIM) for contoso.com
References:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-getting-started

 

QUESTION 8
You have an Azure virtual machine shown in the following table.
You create an Azure Log Analyticsmicrosoft az-500 certification exam q8

You create an Azure Log Analytics workspace named Analytics1 in RG1 in the East US region. Which virtual machines
can be enrolled in Analytics1?
A. VM1 only
B. VM1, VM2, and VM3 only
C. VM1, VM2, VM3, and VM4
D. VM1 and VM4 only
Correct Answer: A
Note: Create a workspace
1.
In the Azure portal, click All services. In the list of resources, type Log Analytics. As you begin typing, the list filters
based on your input. Select Log Analytics.
2.
Click Create, and then select choices for the following items:
Provide a name for the new Log Analytics workspace, such as DefaultLAWorkspace. OMS workspaces are now
referred to as Log Analytics workspaces.
Select a Subscription to link to by selecting from the drop-down list if the default selected is not appropriate.
For the Resource Group, select an existing resource group that contains one or more Azure virtual machines.
Select the Location your VMs are deployed to. For additional information, see which regions Log Analytics is available
in.
Incorrect Answers:
B, C: A Log Analytics workspace provides a geographic location for data storage. VM2 and VM3 are at a different
location.
D: VM4 is a different resource group.
References: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/manage-access

 

QUESTION 9
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.microsoft az-500 certification exam q9

You create and enforce an Azure AD Identity Protection sign-in risk policy that has the following settings:
1.
Assignments: Include Group1, exclude Group2
2.
Conditions: Sign-in risk level: Medium and above
3.
Access Allow access, Require multi-factor authentication
You need to identify what occurs when the users sign in to Azure AD.
What should you identify for each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

microsoft az-500 certification exam q9-1

Correct Answer:

microsoft az-500 certification exam q9-2

References: http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditionalaccesspolicies/ https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identityprotection-policies
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identityprotection-risks

 

QUESTION 10
HOTSPOT
You have a file named File1.yaml that contains the following contents.microsoft az-500 certification exam q10

You create an Azure container instance named container1 by using File1.yaml.
You need to identify where you can access the values of Variable1 and Variable2.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

microsoft az-500 certification exam q10-1

Correct Answer:

microsoft az-500 certification exam q10-2

Reference: https://docs.microsoft.com/en-us/azure/container-instances/container-instances-environment-variables

 

QUESTION 11
You create a new Azure subscription that is associated with a new Azure Active Directory (Azure AD) tenant.
You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the
Microsoft Azure Management cloud app.
The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.)

microsoft az-500 certification exam q11

The Grant settings for Portal Policy are configured as shown in the Grant exhibit. (Click the Grant tab.)

microsoft az-500 certification exam q11-1

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.
Hot Area:

microsoft az-500 certification exam q11-2

Correct Answer:

microsoft az-500 certification exam q11-3

Box 1: No The Contoso location is excluded Box 2: Yes
Box 3: Yes Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

 

QUESTION 12
You have a web app named WebApp1.
You create a web application firewall (WAF) policy named WAF1.
You need to protect WebApp1 by using WAF1.
What should you do first?
A. Deploy an Azure Front Door.
B. Add an extension to WebApp1.
C. Deploy Azure Firewall.
Correct Answer: A
References: https://docs.microsoft.com/en-us/azure/frontdoor/quickstart-create-front-door

 

QUESTION 13
You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.
You need to use automatically generated service principal for the AKS cluster to authenticate to the Azure Container
Registry.
What should you create?
A. a secret in Azure Key Vault
B. a role assignment
C. an Azure Active Directory (Azure AD) user
D. an Azure Active Directory (Azure AD) group
Correct Answer: B
References: https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal

Get the latest and complete Microsoft Azure AZ-500 exam dumps! Help you pass the first exam successfully! Click here for more…

Microsoft Azure AZ-500 Exam Certification Coupon Code 2021

microsoft coupon code

You have read my entire article, and I have already told you how to successfully pass the Microsoft Azure AZ-500 exam.
You can choose: https://www.leads4pass.com/az-500.html and go directly to AZ-500 Exam dumps channel! Get your key to successfully pass the exam!
Wish you be happy!

ps.
Get free Microsoft AZ-500 dumps PDF online: https://drive.google.com/file/d/1KywKeJhoZqDdfBr094YSz3Pwh_8eyeUr/