[Sep-2024] Exam Sure Pass Microsoft Certification with AZ-500 exam questions [Q221-Q237]

Posted On September 15, 2024

[Sep-2024] Exam Sure Pass Microsoft Certification with AZ-500 exam questions

Real Microsoft AZ-500 Exam Questions Study Guide

Microsoft Azure is a widely popular cloud computing platform that is relied upon by businesses around the world. As more and more companies move their operations to the cloud, the need for skilled Azure professionals has never been greater. One such certification that is highly valued in the industry is the Microsoft AZ-500 (Microsoft Azure Security Technologies) certification exam.

NO.221 You have an Azure subscription that contains an Azure key vault and an Azure Storage account. The key vault contains customer-managed keys. The storage account is configured to use the customer-managed keys stored In the key vault.
You plan to store data in Azure by using the following services:
* Azure Files
* Azure Blob storage
* Azure Log Analytics
* Azure Table storage
* Azure Queue storage
Which two services data encryption by using the keys stored in the key vault? Each correct answer present a complete solution.
NOTE: Each correct selection is worth one point.

Queue storage

Table storage

Azure Files

Blob storage

https://docs.microsoft.com/en-us/azure/storage/common/account-encryption-key-create?tabs=portal

NO.222 You have an Azure subscription that contains a Microsoft Defender External Attack Surface Management (Defender EASM) resource named EASM1. EASM1 has discovery enabled and contains several inventory assets.
You need to identify which inventory assets are vulnerable to the most critical web app security risks.
Which Defender EASM dashboard should you use?

Attack Surface Summary

GDPRCompliance

Security Posture

OWASPToplO

NO.223 You are configuring network connectivity for two Azure virtual networks named VNET1 and VNET2.
You need to implement VPN gateways for the virtual networks to meet the following requirements:
* VNET1 must have six site-to-site connections that use BGP.
* VNET2 must have 12 site-to-site connections that use BGP.
* Costs must be minimized.
Which VPN gateway SKI) should you use for each virtual network? To answer, drag the appropriate SKUs to the correct networks. Each SKU may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point

Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#gwsku

NO.224 You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You need to identify which initiatives and policies you can add to Subscription1 by using Azure Security Center.
What should you identify?

Policy1 and Policy2 only

Initiative1 only

Initiative1 and Initiative2 only

Initiative1, Initiative2, Policy1, and Policy2

Reference:
https://docs.microsoft.com/en-us/azure/security-center/custom-security-policies

NO.225 You have the Azure virtual machines shown in the following table.

For which virtual machine can you enable Update Management?

VM2 and VM3 only

VM2, VM3, and VM4 only

VM1, VM2, and VM4 only

VM1, VM2, VM3, and VM4

VM1, VM2, and VM3 only

Explanation
References:
https://docs.microsoft.com/en-us/azure/automation/automation-update-management?toc=%2Fazure%2Fautomati

NO.226 You have an Azure subscription named Sub1. Sub1 has an Azure Storage account named Storage1 that contains the resources shown in the following table.

You generate a shared access signature (SAS) to connect to the blob service and the file service.
Which tool can you use to access the contents in Container1 and Share! by using the SAS? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

NO.227 You are evaluating the security of VM1, VM2, and VM3 in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Explanation:

NO.228 You need to deploy AKS1 to meet the platform protection requirements.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

Explanation:

Scenario: Azure AD users must be to authenticate to AKS1 by using their Azure AD credentials.
Litewire plans to deploy AKS1, which is a managed AKS (Azure Kubernetes Services) cluster.
Step 1: Create a server application
To provide Azure AD authentication for an AKS cluster, two Azure AD applications are created. The first application is a server component that provides user authentication.
Step 2: Create a client application
The second application is a client component that’s used when you’re prompted by the CLI for authentication.
This client application uses the server application for the actual authentication of the credentials provided by the client.
Step 3: Deploy an AKS cluster.
Use the az group create command to create a resource group for the AKS cluster.
Use the az aks create command to deploy the AKS cluster.
Step 4: Create an RBAC binding.
Before you use an Azure Active Directory account with an AKS cluster, you must create role-binding or cluster role-binding. Roles define the permissions to grant, and bindings apply them to desired users. These assignments can be applied to a given namespace, or across the entire cluster.
Reference:
https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration

NO.229 You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

From Azure AD Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as shown in the following exhibit.

From PIM, you assign the Security Administrator role to the following groups:
* Group1: Active assignment type, permanently assigned
* Group2: Eligible assignment type, permanently eligible
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Explanation

Box 1: Yes
Eligible Type: A role assignment that requires a user to perform one or more actions to use the role. If a user has been made eligible for a role, that means they can activate the role when they need to perform privileged tasks. There’s no difference in the access given to someone with a permanent versus an eligible role assignment. The only difference is that some people don’t need that access all the time.
You can choose from two assignment duration options for each assignment type (eligible and active) when you configure settings for a role. These options become the default maximum duration when a user is assigned to the role in Privileged Identity Management.
Use the Activation maximum duration slider to set the maximum time, in hours, that a role stays active before it expires. This value can be from one to 24 hours.
Box 2: Yes
Active Type: A role assignment that doesn’t require a user to perform any action to use the role. Users assigned as active have the privileges assigned to the role Box 3: Yes User3 is member of Group2.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
https://docs.microsoft.com/bs-cyrl-ba/azure/active-directory/privileged-identity-management/pim-resource-roles

NO.230 You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as shown in the following table.

You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6.
Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Explanation

Update1: VM1 and VM2 only
VM3: Windows Server 2016 West US RG2
Update2: VM4 and VM5 only
VM6: CentOS 7.5 East US RG1
For Linux, the machine must have access to an update repository. The update repository can be private or public.
References:
https://docs.microsoft.com/en-us/azure/automation/automation-update-management

NO.231 You have an Azure subscription that contains an Azure SQL server named SQL1. SQL1 contains. You need to use Microsoft Defender for Cloud to complete a vulnerability assessment for DB1. What should you do first?

From Advanced Threat Protection types, select SQL injection vulnerability.

Configure the Send scan report to setting.

Set Periodic recurring scans to ON.

Enable the Microsoft Defender for SQL plan.

NO.232 You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.
You need to use automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry.
What should you create?

a secret in Azure Key Vault

a role assignment

an Azure Active Directory (Azure AD) user

an Azure Active Directory (Azure AD) group

Reference:
https://docs.microsoft.com/en-us/azure/aks/kubernetes-service-principal

NO.233 You have an Azure subscription that contains the following resources:
* A network virtual appliance (NVA) that runs non-Microsoft firewall software and routes all outbound traffic from the virtual machines to the internet
* An Azure function that contains a script to manage the firewall rules of the NVA
* Azure Security Center standard tier enabled for all virtual machines
* An Azure Sentinel workspace
* 30 virtual machines
You need to ensure that when a high-priority alert is generated in Security Center for a virtual machine, an incident is created in Azure Sentinel and then a script is initiated to configure a firewall rule for the NVA.
How should you configure Azure Sentinel to meet the requirements? To answer, drag the appropriate components to the correct requirements. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Explanation

Reference:
https://docs.microsoft.com/en-us/azure/sentinel/create-incidents-from-alerts
https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-security-center

NO.234 You have 20 Azure subscriptions and a security group named Group1. The subscriptions are children of the root management group.
Each subscription contains a resource group named RG1.
You need to ensure that for each subscription RG1 meets the following requirements:
The members of Group1 are assigned the Owner role.
The modification of permissions to RG1 is prevented.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

NO.235 You need to configure a virtual network named VNET2 to meet the following requirements:
Administrators must be prevented from deleting VNET2 accidentally.
Administrators must be able to add subnets to VNET2 regularly.
To complete this task, sign in to the Azure portal and modify the Azure resources.

Locking prevents other users in your organization from accidentally deleting or modifying critical resources, such as Azure subscription, resource group, or resource.
Note: In Azure, the term resource refers to an entity managed by Azure. For example, virtual machines, virtual networks, and storage accounts are all referred to as Azure resources.
1. In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET2. Alternatively, browse to Virtual Networks in the left navigation pane.
2. In the Settings blade for virtual network VNET2, select Locks.

3. To add a lock, select Add.

4. For Lock type select Delete lock, and click OK
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

NO.236 You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
An administrator named Admin1 has access to the following identities:
An OpenID-enabled user account
A Hotmail account
An account in contoso.com
An account in an Azure AD tenant named fabrikam.com
You plan to use Azure Account Center to transfer the ownership of Sub1 to Admin1.
To which accounts can you transfer the ownership of Sub1?

contoso.com only

contoso.com, fabrikam.com, and Hotmail only

contoso.com and fabrikam.com only

contoso.com, fabrikam.com, Hotmail, and OpenID-enabled user account

Explanation
When you transfer billing ownership of your subscription to an account in another Azure AD tenant, you can move the subscription to the new account’s tenant. If you do so, all users, groups, or service principals who had role based access (RBAC) to manage subscriptions and its resources lose their access. Only the user in the new account who accepts your transfer request will have access to manage the resources.
Reference:
https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer
https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer#transferring-subscription-to-anacco

NO.237 You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to implement an application that will consist of the resources shown in the following table.

Users will authenticate by using their Azure AD user account and access the Cosmos DB account by using resource tokens.
You need to identify which tasks will be implemented in CosmosDB1 and WebApp1.
Which task should you identify for each resource? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Reference:
https://docs.microsoft.com/en-us/xamarin/xamarin-forms/data-cloud/cosmosdb/authentication

Loading …

Microsoft AZ-500 certification exam covers a variety of topics, including security management, identity and access management, platform protection, data and application protection, and incident response. These topics are essential for professionals who are responsible for securing cloud environments and ensuring that sensitive data and applications are protected from unauthorized access.

Updated and Accurate AZ-500 Questions for passing the exam Quickly: https://www.exams4sures.com/Microsoft/AZ-500-practice-exam-dumps.html