AZ-500 Online Dumps Boost Your Career

Category:

Comments:

0 Comments

Post Date:

March 19, 2023

The AZ-500 Microsoft Azure Security Technologies certification exam is challenging, and it's natural to feel anxious and nervous before taking the exam. Practicing with AZ-500 dumps questions can help alleviate this anxiety by boosting your confidence. As you practice and become more familiar with the exam format and content, you'll feel more confident in your abilities, which can help you perform better on the actual AZ-500 exam. Practicing with AZ-500 questions can increase your chances of success in the certification exam. Practice free Microsoft AZ-500 exam dumps below.

Page 1 of 14

1. You have Azure Resource Manager templates that you use to deploy Azure virtual machines.

You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.

What should you use?

security policies in Azure Security Center

Azure Logic Apps

an Azure Desired State Configuration (DSC) virtual machine extension

Azure Advisor

2. HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.

VNet1 contains the subnets shown in the following table.

You plan to use the Azure portal to deploy an Azure firewall named AzFW1 to VNet1.

Which resource group and subnet can you use to deploy AzFW1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

3. SIMULATION

Lab Task

use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password. place your cursor in the Enter password box and click on the password below.

Azure Username: User1 [email protected]

Azure Password: GpOAe4@lDg

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 28681041

Task 7

You need to collect all the audit failure data from the security log of a virtual machine named VM1 to an Azure Storage account. To complete this task, sign in to the Azure portal.

4. HOTSPOT

You have an Azure subscription that contains the virtual networks shown in the following table.

NSG1 and NSG2 both have default rules only.

The subscription contains the virtual machines shown in the following table.

The subscription contains the web apps shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

5. You need to ensure that you can meet the security operations requirements.

What should you do first?

Turn on Auto Provisioning in Security Center.

Integrate Security Center and Microsoft Cloud App Security.

Upgrade the pricing tier of Security Center to Standard.

Modify the Security Center workspace configuration.

6. DRAG DROP

You have an Azure subscription.

You plan to create a storage account.

You need to use customer-managed keys to encrypt the tables in the storage account.

From Azure Cloud Shell, which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.

7. You have an Azure subscription that contains the Azure Log Analytics workspaces shown in the following table.

You create the virtual machines shown in the following table.

You plan to use Azure Sentinel to monitor Windows Defender Firewall on the virtual machines.

Which virtual machines you can connect to Azure Sentinel?

VM1 and VM3 only

VM1 Only

VM1 and VM2 only

VM1, VM2, VM3 and VM4

8. HOTSPOT

You have a Microsoft Entra tenant named contoso.com.

You collaborate with a partner organization that has a Microsoft Entra tenant named fabrikam.com.

Fabrikam.com has multi-factor authentication (MFA) enabled for all users.

Contoso.com has the Cross-tenant access settings configured as shown in the Cross-tenant access settings exhibit. (Click the Cross-tenant access settings:

Contoso.com has the External collaboration settings configured as shown in the External collaboration settings exhibit. (Click the External collaboration settings tab.)

You create a Conditional Access policy that has the following settings:

• Name: CAPolicy1

• Assignments

o Guest or external users: B2B collaboration guest users

o Target resources

■ Include: All cloud apps o Access controls

■ Grant access

■ Require device to be marked as compliant

■ Require multi-factor authentication

■ Enable policy: On

For each of the following statements, select Yes if the statement is true, otherwise select No. NOTE: Each correct section is worth one point.

9. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

From Azure AD Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as shown in the following exhibit.

From PIM, you assign the Security Administrator role to the following groups:

- Group1: Active assignment type, permanently assigned

- Group2: Eligible assignment type, permanently eligible

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

10. DRAG DROP

You have three Azure subscriptions and a user named User1.

You need to provide User1 with the ability to manage and view costs for the resources across all three subscriptions. The solution must use the principle of least privilege.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

Page 2 of 14

11. You have an Azure SQL Database server named SQL1.

You plan to turn on Advanced Threat Protection for SQL1 to detect all threat detection types.

Which action will Advanced Threat Protection detect as a threat?

A user updates more than 50 percent of the records in a table.

A user attempts to sign as SELECT * from table1.

A user is added to the db_owner database role.

A user deletes more than 100 records from the same table.

12. HOTSPOT

You have an Azure subscription that contains an Azure key vault named Vault1.

On January 1, 2019, Vault1 stores the following secrets.

Which can each secret be used by an application? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

13. You have an Azure subscription.

You plan to create a custom role-based access control (RBAC) role that will provide permission to read the Azure Storage account.

Which property of the RBAC role definition should you configure?

NotActions []

DataActions []

AssignableScopes []

Actions []

14. You have an Azure subscription and the computers shown in the following table.

You need to perform a vulnerability scan of the computers by using Microsoft Defender for Cloud.

Which computers can you scan?

VM1 only

VM1 and VM2 only

Server1 and VMSS1.0 only

VM1, VM2, and Server1 only

VM1, VM2, Server1, and VMSS1.0

15. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You create and enforce an Azure AD Identity Protection user risk policy that has the following settings:

- Assignment: Include Group1, Exclude Group2

- Conditions: Sign-in risk of Medium and above

- Access: Allow access, Require password change

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

16. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

Contoso.com contains a group naming policy. The policy has a custom blocked word list rule that includes the word Contoso.

Which users can create a group named Contoso Sales in contoso.com? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

17. You have an Azure Active Directory (Azure AD) tenant named Contoso.com and an Azure Service (AKS) cluster AKS1.

You discover that AKS1 cannot be accessed by using accounts from Contoso.com

You need to ensure AKS1 can be accessed by using accounts from Contoso.com The solution must minimize administrative effort.

What should you do first?

From Azure recreate AKS1,

From AKS1, upgrade the version of Kubermetes.

From Azure AD, implement Azure AD Premium P2.

From Azure AD, configure the User settings

18. You have an Azure subscription linked to an Azure Active Directory Premium Plan 1 tenant.

You plan to implement Azure Active Directory (Azure AD) Identity Protection.

You need to ensure that you can configure a user risk policy and a sign-in risk policy.

What should you do first?

Purchase Azure Active Directory Premium Plan 2 licenses for all users.

Enable security defaults for Azure A

Upgrade Azure Security Center to the standard tier.

19. HOTSPOT

You need to configure support for Azure Sentinel notebooks to meet the technical requirements.

What is the minimum number of Azure container registries and Azure Machine Learning workspaces required?

20. You have an Azure subscription named Subscription1 that is linked to a Microsoft Entra tenant named contoso.com and a resource group named RG1.

You create a custom role named Role1 in contoso.com.

Where can you use Role1 for permission delegation?

contoso.com only

contoso.com and RG1 only

contoso.com and Subscription 1 only

contoso.com. RG1. and Subscription1

Page 3 of 14

21. From Azure Security, you create a custom alert rule.

You need to configure which users will receive an email message when the alert is triggered.

What should you do?

From Azure Monitor, create an action group.

From Security Center, modify the Security policy settings of the Azure subscription.

From Azure Active Directory (Azure AD). modify the members of the Security Reader role group.

From Security Center, modify the alert rule.

22. You have 15 Azure virtual machines in a resource group named RG1.

All virtual machines run identical applications.

You need to prevent unauthorized applications and malware from running on the virtual machines.

What should you do?

Configure Azure Active Directory (Azure AD) Identity Protection.

From Microsoft Defender for Cloud, configure adaptive application controls.

Apply an Azure policy to RG

Apply a resource lock to RG

23. Which Azure feature should be used to manage hybrid identities?

Azure Active Directory B2C

Azure Active Directory Connect

Azure Information Protection

Azure Key Vault

24. You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You need to identify which initiatives and policies you can add to Subscription1 by using Azure Security Center.

What should you identify?

Policy1 and Policy2 only

Initiative1 only

Initiative1 and Initiative2 only

Initiative1, Initiative2, Policy1, and Policy2

25. HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.

Transparent Data Encryption (TDE) is disabled on SQL1.

You assign polices to the resource groups as shown in the following table.

You plan to deploy Azure SQL databases by using an Azure Resource Manager (ARM) template. The databases will be configured as shown in the following table. NOTE: Each correct selection is worth one point.

26. You have an Azure subscription that contains a Microsoft Defender External Attack Surface Management (Defender EASM) resource named EASM1. You review the Attack Surface Summary dashboard.

You need to identify the following insights:

• Deprecated technologies that are no longer supported

• Infrastructure that will soon expire

Which section of the dashboard should you review?

Securing the Cloud

Sensitive Services

attack surface composition

Attack Surface Priorities

27. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains three security groups named Group1, Group2, and Group3 and the users shown in the following table.

Group3 is a member of Group2.

In contoso.com, you register an enterprise application named App1 that has the following settings:

✑ Owners: User1

✑ Users and groups: Group2

You configure the properties of App1 as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select no. NOTE: Each correct selection is worth one point.

28. HOTSPOT

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You create an Azure role by using the following JSON file.

You assign Role1 to User1 for RG1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

29. You plan to use Azure Resource Manager templates to perform multiple deployments of identically configured Azure virtual machines. The password for the administrator account of each deployment is stored as a secret in different Azure key vaults.

You need to identify a method to dynamically construct a resource ID that will designate the key vault

containing the appropriate secret during each deployment. The name of the key vault and the name of the

secret will be provided as inline parameters.

What should you use to construct the resource ID?

a key vault access policy

a linked template

a parameters file

an automation account

30. HOTSPOT

You have the hierarchy of Azure resources shown in the following exhibit.

You create the Azure Blueprints definitions shown in the following table.

To which objects can you assign Blueprint1 and Blueprint2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Page 4 of 14

31. DRAG DROP

You have an Azure subscription that contains the resources shown in the following table.

You need to configure network connectivity to meet the following requirements:

• Communication from VM1 to storage' must traverse an optimized Microsoft backbone network.

• All the outbound traffic from VM1 to the internet must be denied.

• The solution must minimize costs and administrative effort

What should you configure for VNet1 and NSG1? To answer, drag the appropriate components to the correct resources. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

32. You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.

You need to use the automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry.

What should you create?

an Azure AD user

a secret in Azure Key Vault

an Azure AD group

a role assignment

33. You have a hybrid configuration of Azure Active Directory (Azure AD).

All users have computers that run Windows 10 and are hybrid Azure AD joined.

You have an Azure SQL database that is configured to support Azure AD authentication.

Database developers must connect to the SQL database by using Microsoft SQL Server Management Studio (SSMS) and authenticate by using their on-premises Active Directory account.

You need to tell the developers which authentication method to use to connect to the SQL database from SSMS. The solution must minimize authentication prompts.

Which authentication method should you instruct the developers to use?

SQL Login

Active Directory C Universal with MFA support

Active Directory C Integrated

Active Directory C Password

34. HOTSPOT

You have an Azure subscription that contains a storage account named contoso2023.

You need to perform the following tasks:

• Verify that identity-based authentication over SMB is enabled.

• Only grant users access to contoso2023 in the year 2023.

Which two settings should you use? To answer, select the appropriate settings in the answer area NOTE: Each correct selection is worth one point.

35. You have an Azure subscription that contains a SQL Server on Azure Virtual Machines instance named SQt1 and a Microsoft Sentinel workspace named Sentinel1.

You need to monitor security incidents on SQL1 by using Sentinel1.

What should you do first?

On SQL1, enable SQL1 Server audit.

On SQL1. install the Connected Machine agent for Azure Arc-enabled servers.

From the Azure portal, create a Log Analytics workspace.

From Sentinel1, enable VM insights.

36. HOTSPOT

You suspect that users are attempting to sign in to resources to which they have no access.

You need to create an Azure Log Analytics query to identify failed user sign-in attempts from the last three days. The results must only show users who had more than five failed sign-in attempts.

How should you configure the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

37. HOTSPOT

You have an Azure subscription that contains a virtual network named VNet1.

VNet1 contains the subnets shown in the following table.

The subscription contains the virtual machines shown in the following table.

VM3 contains a service that listens for connections on port 8080.

For VM1, you configure just-in-time (JIT) VM access as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE; Each correct selection is worth one point.

38. You have an Azure subscription that contains an Azure SQL server named sqlsrv1 and an Azure SQL database named DB1. Sqlsrv1 is configured for Microsoft Entra authentication only.

You have the Microsoft Entra identities shown in the following table.

Which users can create scoped credentials for DB1?

User1 only

User1 and User2 only

User1, User2, and User3

39. DRAG DROP

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Subscription named Sub1. Sub1 contains an Azure virtual machine named VM1 that runs Windows Server 2016.

You need to encrypt VM1 disks by using Azure Disk Encryption.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

40. You have an Azure Active Directory (Azure AD) tenant that contains a group named Group1

You need to ensure that the members of Group1 sign in by using passwordless authentication

What should you do?

Configure the Microsoft Authenticator authentication method policy.

Configure the certificate-based authentication (CBA) policy.

Configure the sign-in risk policy.

Create a Conditional Access policy.

Page 5 of 14

41. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a hybrid configuration of Azure Active Directory (AzureAD).

You have an Azure HDInsight cluster on a virtual network.

You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.

You need to configure the environment to support the planned authentication.

Solution: You create a site-to-site VPN between the virtual network and the on-premises network.

Does this meet the goal?

Yes

42. You have 10 virtual machines on a single subnet that has a single network security group (NSG).

You need to log the network traffic to an Azure Storage account.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Install the Network Performance Monitor solution.

Enable Azure Network Watcher.

Enable diagnostic logging for the NS

Enable NSG flow logs.

Create an Azure Log Analytics workspace.

43. HOTSPOT

You need to ensure that the Azure AD application registration and consent configurations meet the identity and access requirements.

What should you use in the Azure portal? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

44. HOTSPOT

You have an Azure subscription that contains an Azure firewall named AzFW1. AzFW1 has a firewall policy named FWPolicy1.

You need to add rule collections to FWPolicy1 to meet the following requirements:

• Allow traffic based on the FQDN of the destination.

• Allow TCP traffic.

Which types of rule collections should you add for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

45. You have an Azure subscription.

You plan to map an online infrastructure and perform vulnerability scanning for the following:

• ASNs

• Hostnames

• IP addresses

• SSL certificates What should you use?

Microsoft Defender for Cloud

Microsoft Defender for Identity

Microsoft Defender for Endpoint

Microsoft Defender External Attack Surface Management (Defender EASM)

46. HOTSPOT

Your on-premises network contains an Active Directory Domain Services (AD DS) domain and the devices shown in the following table.

You have a hybrid Microsoft Entra tenant that contains a synced user named User1.

You have an Azure subscription that contains the Azure Files shares shown in the following table.

Used is assigned the Storage File Data SMB Share Contributor role tor storage1 and storage2.

The Security settings for Share! are configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise. Select No. NOTE: Each correct selection is worth one point.

47. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure subscription that contains an Azure Kubernetes Service (AKS) cluster named AKS1 and an Azure container registry named AZCR1.

You need to ensure that AKS1 can deploy container images stored in AZCR1.

Solution: You assign the AcrPush role-based access control (RBAC) role to the system-assigned managed identity of AKS1.

Does this meet the requirement?

Yes

48. You have an Azure AD tenant that contains 500 users and an administrative unit named AU1.

From the Azure Active Directory admin center, you plan to add the users to AU1 by using Bulk add members.

You need to create and upload a file for the bulk add.

What should you include in the file?

only the display name of each user

only the user principal name (UPN) of each user

only the object identifier of each user

only the user principal name (UPN) and object identifier of each user

Only the user principal name (UPN) and display name of each user

49. You have the Azure resource shown in the following table.

You need to meet the following requirements:

* Internet-facing virtual machines must be protected by using network security groups (NSGs).

* All the virtual machines must have disk encryption enabled.

What is the minimum number of security that you should create in Azure Security Center?

50. You have an Azure subscription that contains an Azure SQL database named DB1 in the East US Azure region.

You create the storage accounts shown in the following table.

You plan to enable auditing for DB1.

Which storage accounts can you use as the auditing destination for DB1?

storage1 only

storage1 and storage4 only

Storage2 and storage3 only

storage1, storage2 and storage3 only

Page 6 of 14

51. You have an Azure subscription that contains the resources shown in the following table.

You plan to deploy an Azure Private Link service named APL1.

Which resource must you reference during the creation of APL1?

VMSS1

VM1

SQL

LB1

52. You have an Azure subscription that contains a web app named App1.

Users must be able to select between a Google identity or a Microsoft identity when authenticating to App1.

You need to add Google as an identity provider in Azure AD.

Which two pieces of information should you configure? Each correct answer presents part of the solution. Each correct selection is worth one point

a tenant name

a tenant ID

the endpoint URL Of an application

a client ID

a client secret

53. You have an Azure subscription that contains the resources shown in the following table.

You need to ensure that ServerAdmins can perform the following tasks:

- Create virtual machines in RG1 only.

- Connect the virtual machines to the existing virtual networks in RG2 only.

The solution must use the principle of least privilege.

Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

a custom RBAC role for RG2

the Network Contributor role for RG2

the Contributor role for the subscription

a custom RBAC role for the subscription

the Network Contributor role for RG1

the Virtual Machine Contributor role for RG1

54. You have an Azure subscription that contains an Azure SQL Database logic server named SQL! and an Azure virtual machine named VM1. VM1 uses a private IP address only.

The Firewall and virtual networks settings for SQL1 are shown in the following exhibit.

You need to ensure that VM1 can connect to SQL1. The solution must use the principle of least privilege.

What should you do?

Add an existing virtual network.

Set Connection Policy to Proxy.

Create a new firewall rule.

Set Allow Azure services and resources to access this server to Yes.

55. HOTSPOT

You have a Microsoft Entra tenant that contains the users shown in the following table.

You create and enforce a Microsoft Entra Identity Protection sign-in risk policy that has the following settings:

• Assignments: Include Group1, exclude Group2

• Conditions: Sign-in risk level: Low and above

• Access: Allow access, Require multi-factor authentication

You need to identify what occurs when the users sign in to Microsoft Entra ID.

What should you identify for each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

56. You have an Azure subscription that contains the virtual networks shown in the following table.

The subscription contains the virtual machines shown in the following table.

On NIC1, you configure an application security group named ASG1.

On which other network interfaces can you configure ASG1?

NIC2 only

NIC2, NIC3, NIC4, and NIC5

NIC2 and NIC3 only

NIC2, NIC3, and NIC4 only

57. HOTSPOT

You have an Azure subscription named Sub1 and use Microsoft Defender for Cloud. Sub1 contains a user named User1 and a resource group named RG1. RG1 contains a Log Analytics workspace named Workspace1.

You need to ensure that User1 can modify Azure Logic Apps workflows triggered in response to security incidents. The solution must follow the principle of least privilege.

Which role should you assign to User1. and to which resource should you assign the role? To answer, select the appropriate options in the answer area. NOTE; Each correct selection is worth one point.

58. From Azure Security Center, you enable Azure Container Registry vulnerability scanning of the images in Registry1.

You perform the following actions:

- Push a Windows image named Image1 to Registry1.

- Push a Linux image named Image2 to Registry1.

- Push a Windows image named Image3 to Registry1.

- Modify Image1 and push the new image as Image4 to Registry1.

- Modify Image2 and push the new image as Image5 to Registry1.

Which two images will be scanned for vulnerabilities? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Image4

Image2

Image1

Image3

Image5

59. DRAG DROP

You need to deploy AKS1 to meet the platform protection requirements.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

60. Your on-premises network contains a Hyper-V virtual machine named VM1. You need to use Azure Arc to onboard VM1 to Microsoft Defender for Cloud.

What should you install first?

the Azure Monitor agent

the Azure Connected Machine agent

the Log Analytics agent

the guest configuration agent

Page 7 of 14

61. You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant.

From the Azure portal, you register an enterprise application.

Which additional resource will be created in Azure AD?

a service principal

509 certificate

a managed identity

a user account

62. DRAG DROP

You need to configure SQLDB1 to meet the data and application requirements.

Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

63. HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.

You perform the following tasks:

- Create a managed identity named Managed1.

- Create a Microsoft 365 group named Group1.

You need to identify which service principals were created and which identities can be assigned the Reader role for RG1.

What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

64. You have an Azure Active Directory (Azure AD) tenant named contoso.com

You need to configure diagnostic settings for contoso.com.

The solution must meet the following requirements:

• Retain loqs for two years.

• Query logs by using the Kusto query language

• Minimize administrative effort.

Where should you store the logs?

an Azure Log Analytics workspace

an Azure event hub

an Azure Storage account

65. HOTSPOT

You have an Azure subscription named Sub1 that contains the resources shown in the following table.

You need to enable Microsoft Defender for Cloud for storage accounts and virtual machines.

At which levels can you enable Defender for Cloud for the storage accounts and the virtual machines? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

66. You need to meet the technical requirements for the finance department users.

Which CAPolicy1 settings should you modify?

Cloud apps or actions

Conditions

Grant

Session

67. HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.

SQL1 has the following configurations:

• Auditing: Enabled

• Audit log destination: storage1, Workspace1 DB1 has the following configurations:

• Auditing: Enabled

• Audit log destination: storage2

DB2 has auditing disabled.

Where are the audit logs for DB1 and DB2 stored? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

68. You have an Azure subscription that contains an Azure App Service app named App1, an Azure container instance named AC1. and a storage account named storage1. AC1 hosts an app named App2.

Users send requests to App1 by using a URL of https:/app1.contoso.com/echo/resource-cache? param1 =sample. App1 calls App2. which retrieves data from storage1.

You need to ensure that a security alert will be generated when connections are detected from anomalous IP addresses.

Which Microsoft Defender for Cloud service should you use?

Microsoft Defender for App Service

Microsoft Defender for APIs

Microsoft Defender for Storage

Microsoft Defender for Containers

69. Which of these services is NOT involved in controlling network traffic to and from Azure resources?

Azure Firewalls

Network Security Groups

Azure Front Door

Azure Active Directory

70. HOTSPOT

You have an Azure subscription that contains a user named User1 and a storage account named storage 1.

The storage1 account contains the resources shown in the following table:

User1 is assigned the following roles for storage1:

• Storage Blob Data Reader

• Storage Table Data Contributor

• Storage File Data SMB Share Reader

Page 8 of 14

71. HOTSPOT

You create an alert rule that has the following settings:

✑ Resource: RG1

✑ Condition: All Administrative operations

✑ Actions: Action groups configured for this alert rule: ActionGroup1

✑ Alert rule name: Alert1

You create an action rule that has the following settings:

✑ Scope: VM1

✑ Filter criteria: Resource Type = "Virtual Machines"

✑ Define on this scope: Suppression

✑ Suppression config: From now (always)

✑ Name: ActionRule1

For each of the following statements, select Yes if the statement is true. Otherwise, select No. Note: Each correct selection is worth one point.

72. HOTSPOT

You have an Azure subscription named Sub 1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.

The tenant contains the users shown in the following table.

Each user is assigned an Azure AD Premium P2 license.

You plan to onboard and configure Azure AD identity Protection.

Which users can onboard Azure AD Identity Protection, remediate users, and configure policies? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

73. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.

You use several policy definitions to manage the security of the subscriptions.

You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create a resource graph and an assignment that is scoped to a management group.

Does this meet the goal?

Yes

74. You have an Azure Active Directory (Azure AD) tenant. The tenant contains users that are assigned Azure AD Premium Plan 2 licenses.

You have an partner company that has a domain named The fabrikam.com domain contains a user named user'. User' has an email address of [email protected].

You to provide User1 with to the resources in the tenant.

The solution must meet the following requirements:

- user1 must be able to sign in by using the [email protected] credentials

- You must be able to grant User1 access to the resources in the tenant

- Administrative effort must be minimized.

What should you do?

Create a user account for user1.

Create an invite for User1.

To the tenant add fabrikamcom as a custom domain

Set Enable guest self-service sign up via user flows to Yes for the tenant.

75. SIMULATION

Lab Task

use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password. place your cursor in the Enter password box and click on the password below.

Azure Username: User1 [email protected]

Azure Password: GpOAe4@lDg

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 28681041

Task 2

You need to add the network interface of a virtual machine named VM1 to an application security group named ASG1.

76. DRAG DROP

You have an Azure subscription named Sub1 that contains an Azure Log Analytics workspace named LAW1.

You have 500 Azure virtual machines that run Windows Server 2016 and are enrolled in LAW1.

You plan to add the System Update Assessment solution to LAW1.

You need to ensure that System Update Assessment-related logs are uploaded to LAW1 from 100 of the virtual machines only.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

77. HOTSPOT

You have an Azure subscription that contains an Azure SQL database named SQL1.

You plan to deploy a web app named App1.

You need to provide App1 with read and write access to SQL1.

The solution must meet the following requirements:

✑ Provide App1 with access to SQL1 without storing a password.

✑ Use the principle of least privilege.

✑ Minimize administrative effort.

Which type of account should App1 use to access SQL1, and which database roles should you assign to App1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

78. HOTSPOT

You have an Azure subscription that contains the virtual machines shown in the following table.

You create the Azure policies shown in the following table.

You create the resource locks shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

79. To configure role-based access control, what should you primarily use in Azure?

Azure Policies

Access Control (IAM)

Azure Blueprints

Azure Management Groups

80. You are troubleshooting a security issue for an Azure Storage account.

You enable the diagnostic logs for the storage account.

What should you use to retrieve the diagnostics logs?

Azure Storage Explorer

SQL query editor in Azure

File Explorer in Windows

Azure Security Center

Page 9 of 14

81. You have an Azure subscription that contains virtual machines. You enable just in time (JIT) VM access to all the virtual machines. You need to connect to a virtual machine by using Remote Desktop.

What should you do first?

From Azure Directory (Azure AD) Privileged Identity Management (PIM), activate the Security administrator user role.

From Azure Active Directory (Azure AD) Privileged Identity Management (PIM), activate the Owner role for the virtual machine.

From the Azure portal, select the virtual machine, select Connect, and then select Request access.

From the Azure portal, select the virtual machine and add the Network Watcher Agent virtual machine extension.

82. DRAG DROP

You are configuring network connectivity for two Azure virtual networks named VNET1 and VNET2.

You need to implement VPN gateways for the virtual networks to meet the following requirements:

* VNET1 must have six site-to-site connections that use BGP.

* VNET2 must have 12 site-to-site connections that use BGP.

* Costs must be minimized.

Which VPN gateway SKI) should you use for each virtual network? To answer, drag the appropriate SKUs to the correct networks. Each SKU may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point

83. HOTSPOT

You need to create an Azure key vault. The solution must ensure that any object deleted from the key vault be retained for 90 days.

How should you complete the command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

84. You have 15 Azure virtual machines in a resource group named RG1.

All virtual machines run identical applications.

You need to prevent unauthorized applications and malware from running on the virtual machines.

What should you do?

Apply an Azure policy to RG1.

From Azure Security Center, configure adaptive application controls.

Configure Azure Active Directory (Azure AD) Identity Protection.

Apply a resource lock to RG1.

85. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.

You use several policy definitions to manage the security of the subscriptions.

You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create an initiative and an assignment that is scoped to the Tenant Root Group management group.

Does this meet the goal?

Yes

86. HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.

You create the Azure Storage accounts shown in the following table.

You need to configure auditing for SQL1.

Which storage accounts and Log Analytics workspaces can you use as the audit log destination? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

87. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.

You use several policy definitions to manage the security of the subscriptions.

You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create a policy initiative and assignments that are scoped to resource groups.

Does this meet the goal?

Yes

88. You need to meet the technical requirements for VNetwork1.

What should you do first?

Create a new subnet on VNetwork1.

Remove the NSGs from Subnet11 and Subnet13.

Associate an NSG to Subnet12.

Configure DDoS protection for VNetwork1.

89. You have Azure Resource Manager templates that you use to deploy Azure virtual machines.

You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.

What should you use?

device compliance policies in Microsoft Intune

Azure Automation State Configuration

application security groups

Azure Advisor

90. DRAG DROP

You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) data connector.

You are threat hunting suspicious traffic from a specific IP address.

You need to annotate an intermediate event stored in the workspace and be able to reference the IP address when navigating through the investigation graph.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Page 10 of 14

91. You have an Azure subscription that uses Microsoft Defender for Cloud.

You have an Amazon Web Services (AWS) account.

You need to ensure that when you deploy a new AWS Elastic Compute Cloud (EC2) instance, the Microsoft Defender for Servers agent installs automatically.

What should you configure first?

the log Analytics agent

the Azure Monitor agent

the native cloud connector

the classic cloud connector

92. You have an Azure subscription that contains a managed identity named Identity1 and the Azure key vaults shown in the following table.

Key Vault1 contains an access policy that grants Identity1 the following key permissions:

• Get

• List

• Wrap

• Unwrap

You need to provide Identity1 with the same permissions for KeyVault2. The solution must use the principle of least privilege.

Which role should you assign to Identity1?

Key Vault Crypto Service Encryption User

Key Vault Crypto User

Key Vault Reader

Key Vault Crypto Officer

93. HOTSPOT

You have 20 Azure subscriptions and a security group named Group1. The subscriptions are children of the root management group.

Each subscription contains a resource group named RG1.

You need to ensure that for each subscription RG1 meets the following requirements:

The members of Group1 are assigned the Owner role.

The modification of permissions to RG1 is prevented.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

94. HOTSPOT

You have an Azure Sentinel workspace that contains an Azure Active Directory (Azure AD) connector, an Azure Log Analytics query named Query1 and a playbook named Playbook1.

Query1 returns a subset of security events generated by Azure AD.

You plan to create an Azure Sentinel analytic rule based on Query1 that will trigger Playbook1.

You need to ensure that you can add Playbook1 to the new rule.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

95. You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.

When a developer attempts to register an app named App1 in the tenant, the developer receives the error message shown in the following exhibit.

You need to ensure that the developer can register App1 in the tenant.

What should you do for the tenant?

Modify the User settings

Set Enable Security default to Yes.

Modify the Directory properties.

Configure the Consent and permissions settings for enterprise applications.

96. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Active Directory forest with a single domain, named weylandindustries.com.

They also have an Azure Active Directory (Azure AD) tenant with the same name.

You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.

Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced.

Solution: You recommend the use of password hash synchronization and seamless SSO.

Does the solution meet the goal?

Yes

97. HOTSPOT

Which virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

98. HOTSPOT

You have an Azure AD tenant named contoso.com that has Azure AD Premium P1 licenses.

You need to create a group named Group1 that will be assigned the Global reader role.

Which portal should you use to create Group1 and which type of group should you create? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

99. You have an Azure subscription that contains a key vault and an Azure SQL server.

You need to deploy an Azure SQL database that uses Transparent Data Encryption (TDE) and a customer-managed key.

What should you create before you deploy the database?

An app registration

A standard general-purpose v2 storage account

A user-assigned managed identity

A user account that is assigned the SQL Security Manager role

100. HOTSPOT

You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.

You plan to implement an application that will consist of the resources shown in the following table.

Users will authenticate by using their Azure AD user account and access the Cosmos DB account by using resource tokens.

You need to identify which tasks will be implemented in CosmosDB1 and WebApp1.

Which task should you identify for each resource? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Page 11 of 14

101. HOTSPOT

You assign User8 the Owner role for RG4, RG5, and RG6.

In which resource groups can User8 create virtual networks and NSGs? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

102. You have an Azure subscription.

You need to deploy an Azure virtual WAN to meet the following requirements:

• Create three secured virtual hubs located in the East US, West US, and North Europe Azure regions.

• Ensure that security rules sync between the regions.

What should you use?

Azure Firewall Manager

Azure Virtual Network Manager

Azure Network Function Manager

Azure Front Door

103. HOTSPOT

Your company has an Azure subscription named Subscription1.

Subscription1 is associated with the Azure Active Directory tenant that includes the users shown in the following table.

The company is sold to a new owner.

The company needs to transfer ownership of Subscription1.

Which user can transfer the ownership and which tool should the user use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

104. You have an on-premises network and an Azure subscription.

You have the Microsoft SQL Server instances shown in the following table.

You plan to implement Microsoft Defender for SQL.

Which SQL Server instances will be protected by Microsoft Defender for SQL?

sql1 and sql2 only

sql1, sql2, andsql3 only

sql1 sql2 and so.14 only

sql1, sql2, sql3, and sql4

105. Topic 4, Mix Questions

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You have an Azure Subscription named Sub1.

You have an Azure Storage account named Sa1 in a resource group named RG1.

Users and applications access the blob service and the file service in Sa1 by using several shared access signatures (SASs) and stored access policies.

You discover that unauthorized users accessed both the file service and the blob service.

You need to revoke all access to Sa1.

Solution: You generate new SASs.

Does this meet the goal?

Yes

106. HOTSPOT

You have an Azure subscription that contains the following Azure firewall:

• Name: Fw1

• Azure region: UK West

• Private IP address: 10.1.3.4

• Public IP address: 23.236.62.147

The subscription contains.

The virtual networks shown in the following table.

The subscription contains the subnets shown in the following table.

The subscription contains the routes shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

107. You have an Azure subscription that contains a virtual network named VNet1 VNet1 contains a single subnet. The subscription contains a virtual machine named VM1 that is connected to VNet1.

You plan to deploy an Azure SQL managed instance named SQL1.

You need to ensure that VM1 can access SQL1.

Which three components should you create? Each correct answer presents pan of the solution. NOTE: Each correct selection is worth one point.

a virtual network gateway

a network security group (NSG)

a route table

a subnet

a network security perimeter

108. DRAG DROP

You have two Azure subscriptions named Sub1 and Sub2. Sub1 contains a resource group named RG1 and an Azure policy named Policy1.

You need to remediate the non-compliant resources in Sub1 based on Policy1.

How should you complete the PowerShell script? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

109. You need to encrypt storage1 to meet the technical requirements.

Which key vaults can you use?

KeyVault1 only

KeyVault2 and KeyVault3 only

KeyVault1 and KeyVault3 only

KeyVault1 KeyVault2 and KeyVault3

110. HOTSPOT

You have an Azure subscription that contains a resource group named RG1. RG1 contains a virtual machine named VM1 that uses Azure Active Directory (Azure AD) authentication.

You have two custom Azure roles named Role1 and Role2 that are scoped to RG1.

The permissions for Role1 are shown in the following JSON code.

The permissions for Role2 are shown in the following JSON code.

You assign the roles to the users shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Page 12 of 14

111. You have an Azure subscription that contains the virtual machines shown in the following table.

You are configuring Microsoft Defender for Servers.

You plan to enable adaptive application controls to create an allowlist of known-safe apps on the virtual machines.

Which virtual machines support the use of adaptive application controls?

VM1 and VM2 only

VM2 and VM4 only

VM2 and VM3 only

VM1, VM2, VM3, and VM4

112. You have an Azure Active Directory (Azure AD) tenant.

You have the deleted objects shown in the following table.

On May 4, 2020, you attempt to restore the deleted objects by using the Azure Active Directory admin center.

Which two objects can you restore? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Group1

Group2

User2

User1

113. You have an Azure subscription that contains an Azure Data Lake Storage Gen2 account named storage1. You deploy an Azure Synapse Analytics workspace named synapsews1 to a managed virtual network. You need to enable access from synapsews1 to storage1.

What should you configure?

a virtual network gateway

a network security group (NSG)

a private endpoint

peering

114. What is the first step in deploying a HSM-backed key in Azure Key Vault for use with Azure Disk Encryption?

Import the key to Azure Key Vault

Generate a key within Azure Key Vault

Enable soft delete on Azure Key Vault

Configure access policies on Azure Key Vault

115. You have an Azure Sentinel deployment.

You need to create a scheduled query rule named Rule1.

What should you use to define the query rule logic for Rule1?

a Transact-SQL statement

a JSON definition

GraphQL

a Kusto query

116. HOTSPOT

You have an Azure subscription named Sub1.

You create a virtual network that contains one subnet.

On the subnet, you provision the virtual machines shown in the following table.

Currently, you have not provisioned any network security groups (NSGs).

You need to implement network security to meet the following requirements:

- Allow traffic to VM4 from VM3 only.

- Allow traffic from the Internet to VM1 and VM2 only.

- Minimize the number of NSGs and network security rules.

How many NSGs and network security rules should you create? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

117. You have an Azure subscription that contains an Azure web app named 1 and a virtual machine named VM1. VM1 runs Microsoft SQL Server and is connected to a virtual network named VNet1. App1, VM1, and Vent are in the US Central Azure region.

You need to ensure that App1 can connect to VM1. The solution must minimize costs.

NAT gateway integration

Azure Front Door

regional virtual network integration

gateway-required virtual network integration

Azure Application Gateway integration

118. You have an Azure subscription that contains the resources shown in the following table.

You plan to enable Azure Defender for the subscription.

Which resources can be protected by using Azure Defender?

VM1, VNET1, storage1, and Vault1

VM1, VNET1, and storage1 only

VM1, storage1, and Vault1 only

VM1 and VNET1 only

VM1 and storage1 only

119. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

The tenant contains the named locations shown in the following table.

You create the conditional access policies for a cloud app named App1 as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

120. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

Azure AD Privileged Identity Management (PIM) is enabled for the tenant.

In PIM, the Password Administrator role has the following settings:

✑ Maximum activation duration (hours): 2

✑ Send email notifying admins of activation: Disable

✑ Require incident/request ticket number during activation: Disable

✑ Require Azure Multi-Factor Authentication for activation: Enable

✑ Require approval to activate this role: Enable

✑ Selected approver: Group1

You assign users the Password Administrator role as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Page 13 of 14

121. You have an Azure virtual machine named VM1.

From Azure Security Center, you get the following high-severity recommendation: “Install endpoint protection solutions on virtual machine”.

You need to resolve the issue causing the high-severity recommendation.

What should you do?

Add the Microsoft Antimalware extension to VM1.

Install Microsoft System Center Security Management Pack for Endpoint Protection on VM1.

Add the Network Watcher Agent for Windows extension to VM1.

Onboard VM1 to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).

122. HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.

Transparent Data Encryption (TDE) is disabled on SQL1.

You assign policies to the resource groups as shown in the following table.

You plan to deploy Azure SQL databases by using an Azure Resource Manager (ARM) template.

The databases will be configured as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

123. You have an Azure key vault named Vault1 that stores the resources shown in the following table.

Which resources support the creation of a rotation policy?

Key 1 only

Cert1 only

Key1 and Secret1 only

Key1 and Cert1 only

Secret1 and Cert1 only

Key1, Secret1, and Cert1

124. You have an Azure subscription that uses Microsoft Defender for Cloud.

You have accounts for the following cloud services:

• Alibaba Cloud

• Amazon Web Services (AWS)

• Google Cloud Platform (GCP)

What can you add to Defender for Cloud?

AWS only

Alibaba Cloud and AWS only

Alibaba Good and GCP only

AWS and GCP only

Alibaba Cloud, AW

and GCP

125. You have a web app named WebApp1.

You create a web application firewall (WAF) policy named WAF1.

You need to protect WebApp1 by using WAF1.

What should you do first?

Deploy an Azure Front Door.

Add an extension to WebApp1.

Deploy Azure Firewall.

126. DRAG DROP

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains a user named User1.

You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains an Azure Storage account named storage1. Storage1 contains an Azure file share named share1.

Currently, the domain and the tenant are not integrated.

You need to ensure that User1 can access share1 by using his domain credentials.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

127. You have a hybrid configuration of Azure Active Directory (Azure AD). You have an Azure SQL Database instance that is configured to support Azure AD authentication.

Database developers must connect to the database instance and authenticate by using their on-premises Active Directory account.

You need to ensure that developers can connect to the instance by using Microsoft SQL Server Management

Studio. The solution must minimize authentication prompts.

Which authentication method should you recommend?

Active Directory - Password

Active Directory - Universal with MFA support

SQL Server Authentication

Active Directory - Integrated

128. You company has an Azure subscription named Sub1. Sub1 contains an Azure web app named WebApp1 that uses Azure Application Insights. WebApp1 requires users to authenticate by using OAuth 2.0 client secrets.

Developers at the company plan to create a multi-step web test app that preforms synthetic transactions emulating user traffic to Web App1.

You need to ensure that web tests can run unattended.

What should you do first?

In Microsoft Visual Studio, modify the .webtest file.

Upload the .webtest file to Application Insights.

Add a plug-in to the web test app.

129. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

The tenant contains the users shown in the following table.

You configure an access review named Review1 as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

130. You have the Azure virtual machines shown in the following table.

For which virtual machine can you enable Update Management?

VM2 and VM3 only

VM2, VM3, and VM4 only

VM1, VM2, and VM4 only

VM1, VM2, VM3, and VM4

VM1, VM2, and VM3 only

Page 14 of 14

131. Your network contains an on-premises Active Directory domain named corp.contoso.com.

You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.

You sync all on-premises identities to Azure AD.

You need to prevent users who have a givenName attribute that starts with TEST from being synced to Azure AD. The solution must minimize administrative effort.

What should you use?

Synchronization Rules Editor

Web Service Configuration Tool

the Azure AD Connect wizard

Active Directory Users and Computers

132. HOTSPOT

You have an Azure subscription that contains the virtual machines shown in the following table.

You create the Azure policies shown in the following table.

You create the resource locks shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

133. You have an Azure subscription that contains an Azure Kubernetes Service (AKS) cluster named AKS1.

You have an Azure container registry that stores container images that were deployed by using Azure DevOps Microsoft-hosted agents.

You need to ensure that administrators can access AKS1 only from specific networks. The solution must minimize administrative effort.

What should you configure for AKS1?

an Application Gateway Ingress Controller (AGIC)

a private cluster

authorized IP address ranges

a private endpoint

134. DRAG DROP

You have an Azure Storage account named storage1 and an Azure virtual machine named VM1. VM1 has a premium SSD managed disk.

You need to enable Azure Disk Encryption for VM1.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange then in the correct order.

135. You have an Azure subscription that uses Microsoft Defender for Cloud.

You have an Amazon Web Services (AWS) account.

You need to add the AWS account to Defender for Cloud.

What should you do first?

From the Azure portal, add the AWS enterprise application.

From the AWS account, enable a security hub.

From Defender for Cloud, configure the Security solutions settings.

From Defender for Cloud, configure the Environment settings.

136. You have an Azure web app named webapp1.

You need to configure continuous deployment for webapp1 by using an Azure Repo.

What should you create first?

an Azure Application Insights service

an Azure DevOps organization

an Azure Storage account

an Azure DevTest Labs lab

137. You have an Azure subscription that contains an Azure App Services web app named WebApp1.

WebApp1 is accessed by users in multiple Azure regions.

You need to secure access to WebApp1.

The solution must meet the following requirements:

* Protect against common web vulnerabilities.

* Optimize the routing of traffic from different regions.

What should you use?

Azure Application Gateway

Azure Content Delivery Network (CDN)

Azure Firewall

Azure Front Door Premium

138. You have an Azure subscription.

You create an Azure web app named Contoso1812 that uses an S1 App service plan.

You create a DNS record for www.contoso.com that points to the IP address of Contoso1812.

You need to ensure that users can access Contoso1812 by using the https://www.contoso.com URL.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Turn on the system-assigned managed identity for Contoso1812.

Add a hostname to Contoso1812.

Scale out the App Service plan of Contoso1812.

Add a deployment slot to Contoso1812.

Scale up the App Service plan of Contoso1812.

Upload a PFX file to Contoso1812

TAGS:

AZ-500, AZ-500 exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Get AZ-500 Dumps Full Version

Q&As: 462
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

AZ-500 Online Dumps Boost Your Career

Related

Posts

Pass SC-401 Exam to Get Microsoft Certification

Online DP-700 Exam Dumps Help You Build Confidence

Advance Your Career by Using Online MB-280 Dumps

Improve Your Knowledge with AZ-900 Exam Dumps

About Us

EMAIL

Services

Opening Hours