AZ-500 Online Dumps Boost Your Career

1. You have an Azure subscription that is linked to an Azure AD tenant and contains the resources shown in the following table.





Which resources can be assigned the Contributor role for VM1?

2. HOTSPOT

You have an Azure subscription named Subscription1 that contains the resources shown in the following table.





You have an Azure subscription named Subscription2 that contains the following resources:

- An Azure Sentinel workspace

- An Azure Event Grid instance

You need to ingest the CEF messages from the NVAs to Azure Sentinel.

What should you configure for each subscription? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

3. You have an Azure subscription that uses Microsoft Defender for Cloud.

The subscription contains the Azure Policy definitions shown in the following table.





Which definitions can be assigned as a security policy in Defender for Cloud?

4. You have an Azure subscription named Subscription1 that contains a resource group named RG1 and the users shown in the following table.





You perform the following tasks:

- Assign User1 the Network Contributor role for Subscription1.

- Assign User2 the Contributor role for RG1.

To Subscription1 and RG1, you assign the following policy definition: External accounts with write permissions should be removed from your subscription.

What is the Compliance State of the policy assignments?

5. Lab Task

Task 6

You need to configure a Microsoft SQL server named Web3l 330471 only to accept connections from the Subnet0 subnet on the VNET01 virtual network.

6. You have an Azure resource group that contains 100 virtual machines.

You have an initiative named Initiative1 that contains multiple policy definitions. Initiative1 is assigned to the resource group.

You need to identify which resources do NOT match the policy definitions.

What should you do?

7. You have an Azure subscription that contains virtual machines. You enable just in time (JIT) VM access to all the virtual machines. You need to connect to a virtual machine by using Remote Desktop.

What should you do first?

8. You have an Azure subscription that contains a

You need to grant user1 access to blob1. The solution must ensure that the access expires after six days.

What should you use?

9. You have an Azure subscription that contains the resources shown in the following table.





You need to ensure that ServerAdmins can perform the following tasks:

- Create virtual machine to the existing virtual network in RG2 only.

- The solution must use the principle of least privilege.

Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

10. HOTSPOT

You have the hierarchy of Azure resources shown in the following exhibit.





RG1, RG2, and RG3 are resource groups.

RG2 contains a virtual machine named VM1.

You assign role-based access control (RBAC) roles to the users shown in the following table.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

11. You have an Azure subscription that uses Microsoft Sentinel.

You need to create a Microsoft Sentinel notebook that will use the Guided Investigation - Anomaly Lookup template.

What should you create first?

12. HOTSPOT

Your on-premises network contains the servers shown in the following table.





You have an Azure subscription that contains multiple virtual machines that run either Windows Server 2019 or SLES. You plan to implement adaptive application controls in Microsoft Defender for Cloud.

Which operating systems and platforms can you monitor? To answer, select the appropriate options in the answer area.

13. You have an Azure subscription that contains an Azure Data Lake Storage Gen2 account named storage1. You deploy an Azure Synapse Analytics workspace named synapsews1 to a managed virtual network. You need to enable access from synapsews1 to storage1.

What should you configure?

14. DRAG DROP

You have an Azure subscription that contains an Azure web app named Appl.

You plan to configure a Conditional Access policy for Appl.

The solution must meet the following requirements:

• Only allow access to App1 from Windows devices.

• Only allow devices that are marked as compliant to access Appl.

Which Conditional Access policy settings should you configure? To answer, drag the appropriate settings to the correct requirements. Each setting may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

15. You have an Azure virtual machines shown in the following table.





You create an Azure Log Analytics workspace named Analytics1 in RG1 in the East US region.

Which virtual machines can be enrolled in Analytics1?

16. You have an Azure subscription that contains an app named App1.

App1 has the app registration shown in the following table.





You need to ensure that App1 can read all user calendars and create appointments. The solution must use the principle of least privilege.

What should you do?

17. You have an Azure subscription that contains two virtual machines named VM1 and VM2 that run Windows Server 2019.

You are implementing Update Management in Azure Automation.

You plan to create a new update deployment named Update1.

You need to ensure that Update! meets the following requirements:

• Automatically applies updates to VM1 and VM2.

• Automatically adds any new Windows Server 2019 virtual machines to Update1.

What should you include in Update1?

18. HOTSPOT

You have an Azure subscription that contains the virtual machines shown in the following table.

Subnet1 and Subnet2 have a network security group {NSG).

The NSG has an outbound rule that has the following configurations:

• Port; Any

• Source: Any

• Priority: 100

• Action: Deny

• Protocol: Any

• Destination: Storage

The subscription contains a storage account named storage1.

You create a private endpoint named Private1 that has the following settings:

• Resource type: Microsoft.Storage/storageAccounts

• Resource: storage1

• Target sub-resource: blob

• Virtual network: VNet1

• Subnet: Subnet1

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

19. HOTSPOT

You work at a company named Contoso, Ltd. that has the offices shown in the following table.





Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com. All contoso.com users have Azure Multi-Factor Authentication (MFA) enabled.

The tenant contains the users shown in the following table.





The multi-factor settings for contoso.com are configured as shown in the following exhibit.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

20. You have an Azure AD tenant.

You plan to implement an authentication solution to meet the following requirements:

• Require number matching.

• Display the geographical location when signing in.

Which authentication method should you include in the solution?

21. Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.

The company develops an application named App1. App1 is registered in Azure AD.

You need to ensure that App1 can access secrets in Azure Key Vault on behalf of the application users.

What should you configure?

22. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.





In Azure AD Privileged Identity Management (PIM), the Role settings for the Contributor role are configured as shown in the exhibit. (Click the Exhibit tab.)





You assign users the Contributor role on May 1, 2019 as shown in the following table.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

23. HOTSPOT

You have an Azure subscription that contains the virtual networks shown in the following table.

The subscription contains the virtual machines shown in the following table.

You have a storage account named contoso2024 that contains the following resources:

• A container named Contained that contains a file named File1

• A file share named Share1 that contains a file named File2

You create a private endpoint for contoso2024 as shown in the following exhibit.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

24. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.

You use several policy definitions to manage the security of the subscriptions.

You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create a policy initiative and assignments that are scoped to resource groups.

Does this meet the goal?

25. Your company recently created an Azure subscription.

You have been tasked with making sure that a specified user is able to implement Azure AD Privileged Identity Management (PIM).

Which of the following is the role you should assign to the user?

26. You have an Azure subscription that contains an Azure Files share named share1 and a user named User1. Identity-based authentication is configured for share1.

User1 attempts to access share1 from a Windows 10 device by using SMB.

Which type of token will Azure Files use to authorize the request?

27. You have an Azure subscription.

You create a new virtual network named VNet1.

You plan to deploy an Azure web app named App1 that will use VNet1 and will be reachable by using private IP addresses. The solution must support inbound and outbound network traffic.

What should you do?

28. You have a Microsoft Entra tenant that contains a user named User1.

You plan to enable passwordless authentication for the tenant.

You need to ensure that User1 can enable the combined registration experience. The solution must use the principle of least privilege.

Which role should you assign to User1?

29. You have an Azure subscription that contains the storage accounts shown in the following, table.





You enable Microsoft Defender for Storage.

Which storage services of storages are monitored by Microsoft Defender for Storage, and which storage accounts are protected by Microsoft Defender for Storage? To answer, select the appropriate options in the answer area.

30. You have an Azure subscription that contains a virtual network.

The virtual network contains the subnets shown in the following table.





The subscription contains the virtual machines shown in the following table.





You enable just in time (JIT) VM access for all the virtual machines.

You need to identify which virtual machines are protected by JIT.

Which virtual machines should you identify?

31. HOTSPOT

You have the role assignments shown in the following exhibit.





Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

32. You have an Azure environment.

You need to identify any Azure configurations and workloads that are non-compliant with ISO 27001 standards.

What should you use?

33. HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.





SQL1 has the following configurations:

• Auditing: Enabled

• Audit log destination: storage1, Workspace1 DB1 has the following configurations:

• Auditing: Enabled

• Audit log destination: storage2

DB2 has auditing disabled.

Where are the audit logs for DB1 and DB2 stored? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

34. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Active Directory forest with a single domain, named weylandindustries.com.

They also have an Azure Active Directory (Azure AD) tenant with the same name.

You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.

Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced.

Solution: You recommend the use of pass-through authentication and seamless SSO with password hash synchronization.

Does the solution meet the goal?

35. You have an Azure subscription named Subscription1.

You deploy a Linux virtual machine named VM1 to Subscription1.

You need to monitor the metrics and the logs of VM1.

What should you use?

36. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.





Azure AD Privileged Identity Management (PIM) is enabled for the tenant.

In PIM, the Password Administrator role has the following settings:

✑ Maximum activation duration (hours): 2

✑ Send email notifying admins of activation: Disable

✑ Require incident/request ticket number during activation: Disable

✑ Require Azure Multi-Factor Authentication for activation: Enable

✑ Require approval to activate this role: Enable

✑ Selected approver: Group1

You assign users the Password Administrator role as shown in the following table.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

37. DRAG DROP

Your company has an Azure Active Directory (Azure AD) tenant named contoso.com.

The company is developing an application named App1. App1 will run as a service on server that runs Windows Server 2016. App1 will authenticate to contoso.com and access Microsoft Graph to read directory data.

You need to delegate the minimum required permissions to App1.

Which three actions should you perform in sequence from the Azure portal? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

38. You have an Azure subscription that contains the virtual machines shown in the following table.





From Azure Security Center, you turn on Auto Provisioning.

You deploy the virtual machines shown in the following table.





On which virtual machines is the Log Analytics agent installed?

39. HOTSPOT

You need to configure support for Azure Sentinel notebooks to meet the technical requirements.

What is the minimum number of Azure container registries and Azure Machine Learning workspaces required?

40. You have an Azure SQL Database server named SQL1.

You plan to turn on Advanced Threat Protection for SQL1 to detect all threat detection types.

Which action will Advanced Threat Protection detect as a threat?

41. HOTSPOT

You have an Azure subscription that contains the following resources:

• An Azure key vault

• An Azure SQL database named Database1

• Two Azure App Service web apps named AppSrv1 and AppSrv2 that are configured to use system-assigned managed identities and access Database1

You need to implement an encryption solution for Database1 that meets the following requirements:

• The data in a column named Discount in Database1 must be encrypted so that only AppSrv1 can decrypt the data.

• AppSrv1 and AppSrv2 must be authorized by using managed identities to obtain cryptographic keys.

How should you configure the encryption settings fa Database1 To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

42. You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant and a user named User1.

The App registrations settings for the tenant are configured as shown in the following exhibit.





You plan to deploy an app named App1.

You need to ensure that User1 can register App1 in Azure AD. The solution must use the principle of least privilege.

Which role should you assign to User1?

43. You have an Azure subscription.

You plan to create a workflow automation in Azure Security Center that will automatically remediate a security vulnerability.

What should you create first?

44. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a hybrid configuration of Azure Active Directory (Azure AD).

You have an Azure HDInsight cluster on a virtual network.

You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.

You need to configure the environment to support the planned authentication.

Solution: You deploy an Azure AD Application Proxy.

Does this meet the goal?

45. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.





From Azure AD Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as shown in the following exhibit.





From PIM, you assign the Security Administrator role to the following groups:

- Group1: Active assignment type, permanently assigned

- Group2: Eligible assignment type, permanently eligible

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

46. You have an Azure subscription that contains an Azure SQL database named DB1 in the East US Azure region.

You create the storage accounts shown in the following table.





You plan to enable auditing for DB1.

Which storage accounts can you use as the auditing destination for DB1?

47. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a hybrid configuration of Azure Active Directory (AzureAD).

You have an Azure HDInsight cluster on a virtual network.

You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.

You need to configure the environment to support the planned authentication.

Solution: You deploy the On-premises data gateway to the on-premises network.

Does this meet the goal?

48. DRAG DROP

You are configuring network connectivity for two Azure virtual networks named VNET1 and VNET2.

You need to implement VPN gateways for the virtual networks to meet the following requirements:

* VNET1 must have six site-to-site connections that use BGP.

* VNET2 must have 12 site-to-site connections that use BGP.

* Costs must be minimized.

Which VPN gateway SKI) should you use for each virtual network? To answer, drag the appropriate SKUs to the correct networks. Each SKU may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point

49. Lab Task

use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password. place your cursor in the Enter password box and click on the password below.

Azure Username: Userl [email protected]

Azure Password: GpOAe4@lDg

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 28681041

Task 10

You need to create a new Azure AD directory named 28681041.onmicrosoft.com. The new directory must contain a new user named [email protected].

50. You have an Azure subscription that contains the resources show in the following table.





Both VM1 and VM2 connect to VNET1 and are configured to use NSG1.

You need to ensure that only VM1 and VM2 can access DB1.

What should you do?

51. You are troubleshooting a security issue for an Azure Storage account.

You enable the diagnostic logs for the storage account.

What should you use to retrieve the diagnostics logs?

52. HOTSPOT

On Monday, you configure an email notification in Azure Security Center to notify user [email protected].

On Tuesday, Security Center generates the security alerts shown in the following table.





How many email notifications will [email protected] receive on Tuesday? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

53. Lab Task

use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password. place your cursor in the Enter password box and click on the password below.

Azure Username: Userl [email protected]

Azure Password: GpOAe4@lDg

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 28681041

Task 7

You need to collect all the audit failure data from the security log of a virtual machine named VM1 to an Azure Storage account. To complete this task, sign in to the Azure portal.

54. You have an Azure subscription that contains the resources shown in the following table.





You plan to deploy the virtual machines shown in the following table.





You need to assign managed identities to the virtual machines.

The solution must meet the following requirements:

- Assign each virtual machine the required roles.

- Use the principle of least privilege.

What is the minimum number of managed identities required?

55. HOTSPOT

You have an Azure Sentinel workspace that has the following data connectors:

- Azure Active Directory Identity Protection

- Common Event Format (CEF)

- Azure Firewall

You need to ensure that data is being ingested from each connector.

From the Logs query window, which table should you query for each connector? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

56. You have an Azure subscription.

You create an Azure web app named Contoso1812 that uses an S1 App service plan.

You create a DNS record for www.contoso.com that points to the IP address of Contoso1812.

You need to ensure that users can access Contoso1812 by using the https://www.contoso.com URL.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

57. You have an Azure AD tenant that contains the users shown in the following table.





You need to ensure that the users cannot create app passwords. The solution must ensure that User1 can continue to use the Mail and Calendar app.

What should you do?

58. You have an Azure subscription linked to an Azure Active Directory Premium Plan 1 tenant.

You plan to implement Azure Active Directory (Azure AD) Identity Protection.

You need to ensure that you can configure a user risk policy and a sign-in risk policy.

What should you do first?

59. You have an Azure subscription.

You need to deploy an Azure virtual WAN to meet the following requirements:

• Create three secured virtual hubs located in the East US, West US, and North Europe Azure regions.

• Ensure that security rules sync between the regions.

What should you use?

60. You are collecting events from Azure virtual machines to an Azure Log Analytics workspace. You plan to create alerts based on the collected events

You need to identify which Azure services can be used to create the alerts.

Which two services should you identify? Each correct answer presents a complete solution NOTE: Each correct selection is worth one point.

61. Your company plans to create separate subscriptions for each department. Each subscription will be

associated to the same Azure Active Directory (Azure AD) tenant.

You need to configure each subscription to have the same role assignments.

What should you use?

62. You create a new Azure subscription.

You need to ensure that you can create custom alert rules in Azure Security Center.

Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

63. HOTSPOT

You have an Azure Container Registry named Registry1.

You add role assignment for Registry1 as shown in the following table.





Which users can upload images to Registry1 and download images from Registry1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

64. HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.





You perform the following tasks:

- Create a managed identity named Managed1.

- Create a Microsoft 365 group named Group1.

You need to identify which service principals were created and which identities can be assigned the Reader role for RG1.

What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

65. From Azure Security, you create a custom alert rule.

You need to configure which users will receive an email message when the alert is triggered.

What should you do?

66. You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.

You need to use the automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry.

What should you create?

67. HOTSPOT

You have a Microsoft Entra tenant that contains the users shown in the following table.





You configure the Temporary Access Pass settings as shown in the following exhibit.





You add the Temporary Access Pass authentication method to Admin2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

68. HOTSPOT

You have an Azure subscription that contains the storage accounts shown in the following table.





You need to configure authorization access.

Which authorization types can you use for each storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

69. You have three on-premises servers named Server1, Server2, and Server3 that run Windows Server1 and Server2 and located on the Internal network. Server3 is located on the premises network. All servers have access to Azure.

From Azure Sentinel, you install a Windows firewall data connector.

You need to collect Microsoft Defender Firewall data from the servers for Azure Sentinel.

What should you do?

70. HOTSPOT

You have an Azure subscription named Sub1.

You create a virtual network that contains one subnet.

On the subnet, you provision the virtual machines shown in the following table.





Currently, you have not provisioned any network security groups (NSGs).

You need to implement network security to meet the following requirements:

- Allow traffic to VM4 from VM3 only.

- Allow traffic from the Internet to VM1 and VM2 only.

- Minimize the number of NSGs and network security rules.

How many NSGs and network security rules should you create? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

71. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains three security groups named Group1, Group2, and Group3 and the users shown in the following table.





Group3 is a member of Group2.

In contoso.com, you register an enterprise application named App1 that has the following settings:

✑ Owners: User1

✑ Users and groups: Group2

You configure the properties of App1 as shown in the following exhibit.





For each of the following statements, select Yes if the statement is true. Otherwise, select no. NOTE: Each correct selection is worth one point.

72. HOTSPOT

You have an Azure subscription that contains the following Azure firewall:

• Name: Fw1

• Azure region: UK West

• Private IP address: 10.1.3.4

• Public IP address: 23.236.62.147

The subscription contains. The virtual networks shown in the following table.





The subscription contains the subnets shown in the following table.





The subscription contains the routes shown in the following table.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

73. You have an Azure subscription that contains a resource group named RG1 and a security group serverless RG1 contains 10 virtual machine, a virtual network VNET1, and a network security group (NSG) named NSG1. ServerAdmins can access the virtual machines by using RDP.

You need to ensure that NSG1 only RDP connections to the virtual for a maximum of 60 minutes when a member of ServerAdmins requests access.

What should you configure?

74. You need to ensure that users can access VM0. The solution must meet the platform protection requirements.

What should you do?

75. You have an Azure subscription named Sub1 that contains the resources shown in the following table.





You need to ensure that you can provide VM1 with secure access to a database on SQL1 by using a contained database user.

What should you do?

76. HOTSPOT

On Monday, you configure an email notification in Microsoft Defender for Cloud to notify user1 @contoso.com about alerts that have a severity level of Low, Medium, or High.

On Tuesday, Microsoft Defender for Cloud generates the security alerts shown in the following table.





How many email notifications will user1 @contoso.com receive on Tuesday? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

77. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Subscription. The subscription contains 50 virtual machines that run Windows Server 2012 R2 or Windows Server 2016.

You need to deploy Microsoft Antimalware to the virtual machines.

Solution: You connect to each virtual machine and add a Windows feature.

Does this meet the goal?

78. You have an Azure subscription that contains the Azure virtual machines shown in the following table.





You create an MDM Security Baseline profile named Profile1.

You need to identify to which virtual machines Profile1 can be applied.

Which virtual machines should you identify?

79. You have an Azure Active Directory (Azure AD) tenant.

You need to prevent nonprivileged Azure AD users from creating service principals in Azure AD.

What should you do in the Azure Active Directory admin center of the tenant?

80. You have an Azure subscription that contains the virtual networks shown in the following table.





The subscription contains the virtual machines shown in the following table.





On NIC1, you configure an application security group named ASG1.

On which other network interfaces can you configure ASG1?

81. HOTSPOT

You have Azure virtual machines that have Update Management enabled.

The virtual machines are configured as shown in the following table.





You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6.

Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

82. You have an Azure Sentinel deployment.

You need to create a scheduled query rule named Rule1.

What should you use to define the query rule logic for Rule1?

83. You have an Azure subscription name Sub1 that contains an Azure Policy definition named Policy1.

Policy1 has the following settings:

- Definition location: Tenant Root Group

- Category: Monitoring

You need to ensure that resources that are noncompliant with Policy1 are listed in the Azure Security Center dashboard.

What should you do first?

84. You have an Azure AD tenant that contains 500 users and an administrative unit named AU1.

From the Azure Active Directory admin center, you plan to add the users to AU1 by using Bulk add members.

You need to create and upload a file for the bulk add.

What should you include in the file?

85. HOTSPOT

You implement the planned changes for ASG1 and ASG2.

In which NSGs can you use ASG1. and the network interfaces of which virtual machines can you assign to ASG2?

86. DRAG DROP

You have an Azure subscription that contains an Azure SQL database named SQLDB1.

SQLDB1 contains the columns shown in the following table.





For the Email and Birthday columns, you implement dynamic data masking by using the default masking function.

Which value will the users see in each column? To answer, drag the appropriate values to the correct columns. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

87. You have an Azure subscription that contains a virtual network named VNet1 VNet1 contains a single subnet. The subscription contains a virtual machine named VM1 that is connected to VNet1.

You plan to deploy an Azure SQL managed instance named SQL1.

You need to ensure that VM1 can access SQL1.

Which three components should you create? Each correct answer presents pan of the solution. NOTE: Each correct selection is worth one point.

88. You have an Azure subscription that contains an Azure Blob storage account bolb1.

You need to configure attribute-based access control (ABAC) for blob1.

Which attributes can you use in access conditions?

89. You have an Azure web app named WebApp1.

You upload a certificate to WebApp1.

You need to make the certificate accessible to the app code of WebApp1.

What should you do?

90. You have been tasked with configuring an access review, which you plan to assigned to a new collection of reviews. You also have to make sure that the reviews can be reviewed by resource owners.

You start by creating an access review program and an access review control.

You now need to configure the Reviewers.

Which of the following should you set Reviewers to?

91. You are troubleshooting a security issue for an Azure Storage account You enable Azure Storage Analytics logs and archive It to a storage account.

What should you use to retrieve the diagnostics logs?

92. Lab Task

use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password. place your cursor in the Enter password box and click on the password below.

Azure Username: Userl [email protected]

Azure Password: GpOAe4@lDg

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 28681041

Task 9

You need to ensure that the rg1lod28681041n1 Azure Storage account is encrypted by using a key stored in the KeyVault28681041 Azure key vault.

93. You have an Azure Active Directory (Azure AD) tenant named contoso.com

You need to configure diagnostic settings for contoso.com.

The solution must meet the following requirements:

• Retain loqs for two years.

• Query logs by using the Kusto query language

• Minimize administrative effort.

Where should you store the logs?

94. You have an Azure subscription that contains the resources shown in the following table.





You need to ensure that ServerAdmins can perform the following tasks:

- Create virtual machines in RG1 only.

- Connect the virtual machines to the existing virtual networks in RG2 only.

The solution must use the principle of least privilege.

Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

95. You have an Azure subscription that contains the resources shown in the following Table.





You plan to enable Microsoft Defender for Cloud for the subscription.

Which resources can be protected by using Microsoft Defender for Cloud?

96. You company has an Azure subscription named Sub1. Sub1 contains an Azure web app named WebApp1 that uses Azure Application Insights. WebApp1 requires users to authenticate by using OAuth 2.0 client secrets.

Developers at the company plan to create a multi-step web test app that preforms synthetic transactions emulating user traffic to Web App1.

You need to ensure that web tests can run unattended.

What should you do first?

97. Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Active Directory forest with a single domain, named weylandindustries.com.

They also have an Azure Active Directory (Azure AD) tenant with the same name.

You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.

Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced.

Solution: You recommend the use of password hash synchronization and seamless SSO.

Does the solution meet the goal?

98. You have Azure Resource Manager templates that you use to deploy Azure virtual machines.

You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.

What should you use?

99. You have an Azure subscription that contains a user named Adminl1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer.

Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center.

You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1.

What should you do?

100. You have an Azure subscription that uses Microsoft Defender for Cloud.

You have an Amazon Web Service (AWS) account named AWS1 that is connected to defender for Cloud.

You need to ensure that AWS foundational Security Best Practices. The solution must minimize administrate effort.

What should do you in Defender for Cloud?

101. HOTSPOT

You suspect that users are attempting to sign in to resources to which they have no access.

You need to create an Azure Log Analytics query to identify failed user sign-in attempts from the last three days. The results must only show users who had more than five failed sign-in attempts.

How should you configure the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

102. You plan to deploy an app that will modify the properties of Azure Active Directory (Azure AD) users by using Microsoft Graph. You need to ensure that the app can access Azure AD.

What should you configure first?

103. DRAG DROP

You are implementing conditional access policies.

You must evaluate the existing Azure Active Directory (Azure AD) risk events and risk levels to configure and implement the policies.

You need to identify the risk level of the following risk events:

- Users with leaked credentials

- Impossible travel to atypical locations

- Sign ins from IP addresses with suspicious activity

Which level should you identify for each risk event? To answer, drag the appropriate levels to the correct risk events. Each level may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

104. HOTSPOT

You have an Azure AD tenant named contoso.com that has Azure AD Premium P1 licenses.

You need to create a group named Group1 that will be assigned the Global reader role.

Which portal should you use to create Group1 and which type of group should you create? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

105. HOTSPOT

You need to delegate the creation of RG2 and the management of permissions for RG1.

Which users can perform each task? To answer select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

106. HOTSPOT

You have an Azure subscription mat contains a resource group named RG1. RG1 contains a storage account named storage1.

You have two custom Azure rotes named Role1 and Role2 that are scoped to RG1.

The permissions for Role1 are shown in the following JSON code.

107. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.

You use several policy definitions to manage the security of the subscriptions.

You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create an initiative and an assignment that is scoped to the Tenant Root Group management group.

Does this meet the goal?

108. HOTSPOT

Your company has an Azure subscription named Subscription1 that contains the users shown in the following table.





The company is sold to a new owner.

The company needs to transfer ownership of Subscription1.

Which user can transfer the ownership and which tool should the user use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

109. HOTSPOT

You have an Azure subscription that contains three storage accounts, an Azure SQL managed instance named SQL and three Azure SQL databases.

The storage accounts are configured as shown in the following table.

SQ11 has the following settings:

• Auditing: On

• Audit tog destination: storage1

The Azure SQL databases are configured as shown in the following table.

110. HOTSPOT

You have an Azure AD tenant that contains the groups shown in the following table.





You assign licenses to the groups as shown in the following table.





On May1, you delete Group1. Group2, and Group3.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

111. DRAG DROP

You have an Azure Storage account named storage1 and an Azure virtual machine named VM1. VM1 has a premium SSD managed disk.

You need to enable Azure Disk Encryption for VM1.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange then in the correct order.

112. HOTSPOT

You create an alert rule that has the following settings:

✑ Resource: RG1

✑ Condition: All Administrative operations

✑ Actions: Action groups configured for this alert rule: ActionGroup1

✑ Alert rule name: Alert1

You create an action rule that has the following settings:

✑ Scope: VM1

✑ Filter criteria: Resource Type = "Virtual Machines"

✑ Define on this scope: Suppression

✑ Suppression config: From now (always)

✑ Name: ActionRule1

For each of the following statements, select Yes if the statement is true. Otherwise, select No. Note: Each correct selection is worth one point.

113. You have an Azure Active Directory (Azure AD) tenant that contains a user named Admin1. Admin1 is assigned the Application developer role.

You purchase a cloud app named App1 and register App1 in Azure AD.

Admin1 reports that the option to enable token encryption for App1 is unavailable.

You need to ensure that Admin1 can enable token encryption for App1 in the Azure portal.

What should you do?

114. HOTSPOT

You are evaluating the security of the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

115. You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.

When a developer attempts to register an app named App1 in the tenant, the developer receives the error message shown in the following exhibit.





You need to ensure that the developer can register App1 in the tenant.

What should you do for the tenant?

116. Lab Task

Task 7

You need to ensure that connections through an Azure Application Gateway named Homepage-AGW are inspected for malicious requests.

117. From Azure Security Center, you enable Azure Container Registry vulnerability scanning of the images in Registry1.

You perform the following actions:

- Push a Windows image named Image1 to Registry1.

- Push a Linux image named Image2 to Registry1.

- Push a Windows image named Image3 to Registry1.

- Modify Image1 and push the new image as Image4 to Registry1.

- Modify Image2 and push the new image as Image5 to Registry1.

Which two images will be scanned for vulnerabilities? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

118. You plan to deploy Azure container instances.

You have a containerized application that validates credit cards. The application is comprised of two containers: an application container and a validation container.

The application container is monitored by the validation container. The validation container performs security checks by making requests to the application container and waiting for responses after every transaction.

You need to ensure that the application container and the validation container are scheduled to be deployed together. The containers must communicate to each other only on ports that are not externally exposed.

What should you include in the deployment?

119. HOTSPOT

You have an Azure subscription that has a managed identity named identity and is linked to an Azure Active Directory (Azure AD) tenant.

The tenant contains the resources shown in the following table.





Which resources can be added to AU1 and AU2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

120. You have an Azure subscription that contains the virtual machines shown in the following table.





VNET1, VNET2, and VNET3 are peered with each other.

You perform the following actions:

* Create two application security groups named ASG1 and ASG2 in the West US region.

* Add the network interface of VM1 to ASG1.

121. You have an Azure subscription that contains the resources shown in the following table.





You need to configure storage1 to regenerate keys automatically every 90 days.

Which cmdlet should you run?

122. DRAG DROP

You have an Azure subscription that contains the resources shown in the following table.





You need to configure network connectivity to meet the following requirements:

• Communication from VM1 to storage' must traverse an optimized Microsoft backbone network.

• All the outbound traffic from VM1 to the internet must be denied.

• The solution must minimize costs and administrative effort

What should you configure for VNetl and NSG1? To answer, drag the appropriate components to the correct resources. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.