This page was exported from Free Exams Dumps Materials [ http://exams.dumpsmaterials.com ]
Export date: Thu Nov 21 12:24:38 2024 / +0000 GMT

Get Instant Access to AZ-500 Practice Exam Questions [Q196-Q218]




Get Instant Access to AZ-500 Practice Exam Questions

Reliable Study Materials & Testing Engine for AZ-500 Exam Success!


The candidates for Microsoft AZ-500 will be tested on four different domains. They should understand each component of the topics before attempting the exam. The highlights of these areas are as follows:

  • Securing Data & Applications: 20-25%

    This topic of the Microsoft AZ-500 exam will measure the ability of the candidates to configure security for storage, which includes configuring access control and key management for storage accounts, configuring Azure AD authentication for Azure Storage and Azure AD Domain Services authentication for different Azure Files. It also evaluates the skills of the learners associated with configuring security for different databases and configuring and managing Key Vault.

  • Implementing Platform Protection: 15-20%

    This section requires that the examinees develop competence in applying advanced network security, which includes securing connectivity of virtual networks, configuring NSG and ASGs, Web Application Firewall, Azure Front Door Service, firewall on storage accounts, and implementing DDoS protection and Service Endpoints. It also measures their skills in configuring advanced security for computing.

  • Managing Security Operations: 25-30%

    Here the test takers are required to develop their knowledge and skills in monitoring security with the use of Azure Monitor. This covers their expertise in creating and customizing alerts, monitoring security logs with Azure Monitor, and configuring diagnostic logging & log retention. The students also need to have competence in monitoring security with the use of Azure Security Center; configuring security policies; monitoring security with the use of Azure Sentinel.

  • Managing Identity & Access: 30-35%

    This subject area will measure one's skills in managing Azure AD identities, including configuring and managing security for service principals, Azure AD directory groups, Azure AD users, password write-back, and authentication methods. It will also evaluate the competence in configuring secure access through the use of Azure Active Directory, managing application access, and managing access control.

 

Q196. You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

Azure AD Privileged Identity Management (PIM) is enabled for the tenant.
In PIM, the Password Administrator role has the following settings:
* Maximum activation duration (hours): 2
* Send email notifying admins of activation: Disable
* Require incident/request ticket number during activation: Disable
* Require Azure Multi-Factor Authentication for activation: Enable
* Require approval to activate this role: Enable
* Selected approver: Group1
You assign users the Password Administrator role as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Q197. You need to deploy Microsoft Antimalware to meet the platform protection requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Q198. Which virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Q199. You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

The tenant contains the named locations shown in the following table.

You create the conditional access policies for a cloud app named App1 as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Q200. Your company has an Azure subscription named Subscription1 that contains the users shown in the following table.

The company is sold to a new owner.
The company needs to transfer ownership of Subscription1.
Which user can transfer the ownership and which tool should the user use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Q201. You create a new Azure subscription that is associated to a new Azure Active Directory (Azure AD) tenant.
You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the Microsoft Azure Management cloud app.
The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.)

The Grant settings for Portal Policy are configured as shown in the Grant exhibit. (Click the Grant tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Q202. You plan to use Azure Log Analytics to collect logs from 200 servers that run Windows Server 2016.
You need to automate the deployment of the Microsoft Monitoring Agent to all the servers by using an Azure Resource Manager template.
How should you complete the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Q203. You plan to configure Azure Disk Encryption for VM4. Which key vault can you use to store the encryption key?

 
 
 

Q204. You are evaluating the security of the network communication between the virtual machines in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Q205. You have Azure Resource Manager templates that you use to deploy Azure virtual machines.
You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.
What should you use?

 
 
 
 

Q206. You have an Azure subscription that contains the storage accounts shown in the following table.

You need to configure authorization access.
Which authorization types can you use for each storage account? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Q207. You have an Azure subscription that contains a virtual network. The virtual network contains the subnets shown in the following table.

The subscription contains the virtual machines shown in the following table.

You enable just in time (JIT) VM access for all the virtual machines.
You need to identify which virtual machines are protected by JIT.
Which virtual machines should you identify?

 
 
 
 

Q208. You have an Azure Active Directory (Azure AD) tenant that contains the resources shown in the following table.

User2 is the owner of Group2.
The user and group settings for App1 are configured as shown in the following exhibit.

You enable self-service application access for App1 as shown in the following exhibit.

User3 is configured to approve access to Appl.
You need to identify the owners of Group2 and the users of Appl.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Q209. You are configuring just in time (JIT) VM access to a set of Azure virtual machines.
You need to grant users PowerShell access to the virtual machine by using JIT VM access.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Q210. You need to perform the planned changes for OU2 and User1.
Which tools should you use? To answer, drag the appropriate tools to the correct resources. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Q211. You create an Azure subscription.
You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure AD roles.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Q212. You have an Azure subscription named Subcription1 that contains the resources shown in the following table.

You have an Azure subscription named Subcription2 that contains the following resources:
An Azure Sentinel workspace
An Azure Event Grid instance
You need to ingest the CEF messages from the NVAs to Azure Sentinel.
NOTE: Each correct selection is worth one point.

Q213. You have an Azure Active Directory (Azure AD) tenant and a root management group.
You create 10 Azure subscriptions and add the subscriptions to the root management group.
You need to create an Azure Blueprints definition that will be stored in the root management group.
What should you do first?

 
 
 
 

Q214. You have 20 Azure subscriptions and a security group named Group1. The subscriptions are children of the root management group.
Each subscription contains a resource group named RG1.
You need to ensure that for each subscription RG1 meets the following requirements:
The members of Group1 are assigned the Owner role.
The modification of permissions to RG1 is prevented.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Q215. You are evaluating the security of VM1, VM2, and VM3 in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Q216. Your company has two offices in Seattle and New York. Each office connects to the Internet by using a NAT device. The offices use the IP addresses shown in the following table.

The company has an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

The MFA service settings are configured as shown in the exhibit. (Click the Exhibit tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Q217. You need to configure SQLDB1 to meet the data and application requirements.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Q218. You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

In Azure AD Privileged Identity Management (PIM), the Role settings for the Contributor role are configured as shown in the exhibit. (Click the Exhibit tab.)

You assign users the Contributor role on May 1, 2019 as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.


Validate your Skills with Updated AZ-500 Exam Questions & Answers and Test Engine: https://www.dumpsmaterials.com/AZ-500-real-torrent.html

Post date: 2023-10-18 10:55:27
Post date GMT: 2023-10-18 10:55:27
Post modified date: 2023-10-18 10:55:27
Post modified date GMT: 2023-10-18 10:55:27