This page was exported from Free Exams Dumps Materials [ http://exams.dumpsmaterials.com ] Export date:Thu Nov 21 12:20:09 2024 / +0000 GMT ___________________________________________________ Title: Get Instant Access to AZ-500 Practice Exam Questions [Q196-Q218] --------------------------------------------------- Get Instant Access to AZ-500 Practice Exam Questions Reliable Study Materials & Testing Engine for AZ-500 Exam Success! The candidates for Microsoft AZ-500 will be tested on four different domains. They should understand each component of the topics before attempting the exam. The highlights of these areas are as follows: Securing Data & Applications: 20-25%This topic of the Microsoft AZ-500 exam will measure the ability of the candidates to configure security for storage, which includes configuring access control and key management for storage accounts, configuring Azure AD authentication for Azure Storage and Azure AD Domain Services authentication for different Azure Files. It also evaluates the skills of the learners associated with configuring security for different databases and configuring and managing Key Vault. Implementing Platform Protection: 15-20%This section requires that the examinees develop competence in applying advanced network security, which includes securing connectivity of virtual networks, configuring NSG and ASGs, Web Application Firewall, Azure Front Door Service, firewall on storage accounts, and implementing DDoS protection and Service Endpoints. It also measures their skills in configuring advanced security for computing. Managing Security Operations: 25-30%Here the test takers are required to develop their knowledge and skills in monitoring security with the use of Azure Monitor. This covers their expertise in creating and customizing alerts, monitoring security logs with Azure Monitor, and configuring diagnostic logging & log retention. The students also need to have competence in monitoring security with the use of Azure Security Center; configuring security policies; monitoring security with the use of Azure Sentinel. Managing Identity & Access: 30-35%This subject area will measure one's skills in managing Azure AD identities, including configuring and managing security for service principals, Azure AD directory groups, Azure AD users, password write-back, and authentication methods. It will also evaluate the competence in configuring secure access through the use of Azure Active Directory, managing application access, and managing access control.   Q196. You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.Azure AD Privileged Identity Management (PIM) is enabled for the tenant.In PIM, the Password Administrator role has the following settings:* Maximum activation duration (hours): 2* Send email notifying admins of activation: Disable* Require incident/request ticket number during activation: Disable* Require Azure Multi-Factor Authentication for activation: Enable* Require approval to activate this role: Enable* Selected approver: Group1You assign users the Password Administrator role as shown in the following table.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Explanation:Box 1: YesActive assignments don’t require the member to perform any action to use the role. Members assigned as active have the privileges assigned to the role at all times.Box 2: NoMFA is disabled for User2 and the setting Require Azure Multi-Factor Authentication for activation is enabled.Note: Eligible assignments require the member of the role to perform an action to use the role. Actions might include performing a multi-factor authentication (MFA) check, providing a business justification, or requesting approval from designated approvers.Box 3: YesUser3 is Group1, which is a Selected Approver GroupReference:https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-resource-roles-assign-rolesQ197. You need to deploy Microsoft Antimalware to meet the platform protection requirements.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationScenario: Microsoft Antimalware must be installed on the virtual machines in RG1.RG1 is a resource group that contains Vnet1, VM0, and VM1.Box 1: DeployIfNotExistsDeployIfNotExists executes a template deployment when the condition is met.Azure policy definition AntimalwareReference:https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effectsQ198. Which virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Explanation:Box 1: VNET4 and VNET1 onlyRG1 has only Delete lock, while there are no locks on RG4.RG2 and RG3 both have Read-only locks.Box 2: VNET4 onlyThere are no locks on RG4, while the other resource groups have either Delete or Read-only locks.Note: As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.CanNotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.Scenario:User2 is a Security administrator.Sub1 contains six resource groups named RG1, RG2, RG3, RG4, RG5, and RG6.User2 creates the virtual networks shown in the following table.Sub1 contains the locks shown in the following table.References:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resourcesQ199. You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.The tenant contains the named locations shown in the following table.You create the conditional access policies for a cloud app named App1 as shown in the following table.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Q200. Your company has an Azure subscription named Subscription1 that contains the users shown in the following table.The company is sold to a new owner.The company needs to transfer ownership of Subscription1.Which user can transfer the ownership and which tool should the user use? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationBox 1; User2Billing AdministratorSelect Transfer billing ownership for the subscription that you want to transfer.Enter the email address of a user who’s a billing administrator of the account that will be the new owner for the subscription.Box 2: Azure Account CenterAzure Account Center can be used.Reference:https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer#transfer-billing-ownership-of-an-azuQ201. You create a new Azure subscription that is associated to a new Azure Active Directory (Azure AD) tenant.You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the Microsoft Azure Management cloud app.The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.)The Grant settings for Portal Policy are configured as shown in the Grant exhibit. (Click the Grant tab.)For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-conditionQ202. You plan to use Azure Log Analytics to collect logs from 200 servers that run Windows Server 2016.You need to automate the deployment of the Microsoft Monitoring Agent to all the servers by using an Azure Resource Manager template.How should you complete the template? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationReferences:https://blogs.technet.microsoft.com/manageabilityguys/2015/11/19/enabling-the-microsoft-monitoring-agent-in-wQ203. You plan to configure Azure Disk Encryption for VM4. Which key vault can you use to store the encryption key?  KeyVault1  KeyVault3  KeyVault2 ExplanationThe key vault needs to be in the same subscription and same region as the VM.VM4 is in West US. KeyVault1 is the only key vault in the same region as the VM.Reference:https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vaultQ204. You are evaluating the security of the network communication between the virtual machines in Sub2.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Explanation:Box 1: YesNSG1 has the inbound security rules shown in the following table.Box 2: YesBox 3: NoNote:Sub2 contains the virtual machines shown in the following table.Q205. You have Azure Resource Manager templates that you use to deploy Azure virtual machines.You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.What should you use?  device configuration policies in Microsoft Intune  an Azure Desired State Configuration (DSC) virtual machine extension  security policies in Azure Security Center  Azure Logic Apps The primary use case for the Azure Desired State Configuration (DSC) extension is to bootstrap a VM to the Azure Automation State Configuration (DSC) service. The service provides benefits that include ongoing management of the VM configuration and integration with other operational tools, such as Azure Monitoring.Using the extension to register VM’s to the service provides a flexible solution that even works across Azure subscriptions.Reference:https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-overview Manage security operations Testlet 1 Case Study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other question on this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next sections of the exam. After you begin a new section, you cannot return to this section.To start the case studyTo display the first question on this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.OverviewContoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.The company hosts its entire server infrastructure in Azure.Contoso has two Azure subscriptions named Sub1 and Sub2. Both subscriptions are associated to an Azure Active Directory (Azure AD) tenant named contoso.com.Existing EnvironmentAzure ADContoso.com contains the users shown in the following table.Contoso.com contains the security groups shown in the following table.Sub1Sub1 contains six resource groups named RG1, RG2, RG3, RG4, RG5, and RG6.User9 creates the virtual networks shown in the following table.Sub1 contains the locks shown in the following table.Sub1 contains the Azure policies shown in the following table.Sub2Sub2 contains the virtual networks shown in the following table.Sub2 contains the virtual machines shown in the following table.All virtual machines have public IP addresses and the Web Server (IIS) role installed. The firewalls for each virtual machine allow ping requests and web requests.Sub2 contains the network security groups (NSGs) shown in the following table.NSG1 has the inbound security rules shown in the following table.NSG2 has the inbound security rules shown in the following table.NSG3 has the inbound security rules shown in the following table.NSG4 has the inbound security rules shown in the following table.NSG1, NSG2, NSG3, and NSG4 have the outbound security rules shown in the following table.Technical requirementsContoso identifies the following technical requirements:* Deploy Azure Firewall to VNetwork1 in Sub2.* Register an application named App2 in contoso.com.* Whenever possible, use the principle of least privilege.* Enable Azure AD Privileged Identity Management (PIM) for contoso.com.Manage security operationsQuestion Set 2Q206. You have an Azure subscription that contains the storage accounts shown in the following table.You need to configure authorization access.Which authorization types can you use for each storage account? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/storage/common/authorize-data-accessQ207. You have an Azure subscription that contains a virtual network. The virtual network contains the subnets shown in the following table.The subscription contains the virtual machines shown in the following table.You enable just in time (JIT) VM access for all the virtual machines.You need to identify which virtual machines are protected by JIT.Which virtual machines should you identify?  VM4 only  VM1 and VM3 only  VM1, VM3 and VM4 only  VM1, VM2, VM3, and VM4 ExplanationAn NSG needs to be enabled, either at the VM level or the subnet level.Reference:https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-timeQ208. You have an Azure Active Directory (Azure AD) tenant that contains the resources shown in the following table.User2 is the owner of Group2.The user and group settings for App1 are configured as shown in the following exhibit.You enable self-service application access for App1 as shown in the following exhibit.User3 is configured to approve access to Appl.You need to identify the owners of Group2 and the users of Appl.What should you identify? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Reference:https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-accessQ209. You are configuring just in time (JIT) VM access to a set of Azure virtual machines.You need to grant users PowerShell access to the virtual machine by using JIT VM access.What should you configure? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Explanation1. Read permission2. 5986https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained#what-permissions-are-needed-to-cQ210. You need to perform the planned changes for OU2 and User1.Which tools should you use? To answer, drag the appropriate tools to the correct resources. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point. Q211. You create an Azure subscription.You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure AD roles.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. 1 – Consert to PIM.2 – Verify your identity by using multi-factor authentication (MFA)3 – Sign up PIM for Azure AD rolesReference:https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-startedQ212. You have an Azure subscription named Subcription1 that contains the resources shown in the following table.You have an Azure subscription named Subcription2 that contains the following resources:An Azure Sentinel workspaceAn Azure Event Grid instanceYou need to ingest the CEF messages from the NVAs to Azure Sentinel.NOTE: Each correct selection is worth one point. Q213. You have an Azure Active Directory (Azure AD) tenant and a root management group.You create 10 Azure subscriptions and add the subscriptions to the root management group.You need to create an Azure Blueprints definition that will be stored in the root management group.What should you do first?  Modify the role-based access control (RBAC) role assignments for the root management group.  Add an Azure Policy definition to the root management group.  Create a user-assigned identity.  Create a service principal. Explanation/Reference:https://docs.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-adminQ214. You have 20 Azure subscriptions and a security group named Group1. The subscriptions are children of the root management group.Each subscription contains a resource group named RG1.You need to ensure that for each subscription RG1 meets the following requirements:The members of Group1 are assigned the Owner role.The modification of permissions to RG1 is prevented.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. Q215. You are evaluating the security of VM1, VM2, and VM3 in Sub2.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Q216. Your company has two offices in Seattle and New York. Each office connects to the Internet by using a NAT device. The offices use the IP addresses shown in the following table.The company has an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.The MFA service settings are configured as shown in the exhibit. (Click the Exhibit tab.)For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Explanation:Box 2: NoUse of Microsoft Authenticator is not required.Note: Microsoft Authenticator is a multifactor app for mobile devices that generates time-based codes used during the Two-Step Verification process.Box 3: NoThe New York IP address subnet is included in the “skip multi-factor authentication for request.References:https://www.cayosoft.com/difference-enabling-enforcing-mfa/Q217. You need to configure SQLDB1 to meet the data and application requirements.Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. 1 – From the Azure portal, create an Azure AD administrator for LitwareSQLServer12 – onnect to SQLDB1 by using SSMS3 – In SQLDB1, create contained database usersQ218. You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.In Azure AD Privileged Identity Management (PIM), the Role settings for the Contributor role are configured as shown in the exhibit. (Click the Exhibit tab.)You assign users the Contributor role on May 1, 2019 as shown in the following table.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. References:https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-assign-roles Loading … Validate your Skills with Updated AZ-500 Exam Questions & Answers and Test Engine: https://www.dumpsmaterials.com/AZ-500-real-torrent.html --------------------------------------------------- Images: https://exams.dumpsmaterials.com/wp-content/plugins/watu/loading.gif https://exams.dumpsmaterials.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2023-10-18 10:55:27 Post date GMT: 2023-10-18 10:55:27 Post modified date: 2023-10-18 10:55:27 Post modified date GMT: 2023-10-18 10:55:27