Where can I get the latest Azure az-500 exam exercise questions? LearnExam shares the latest az-500 exam dump, az-500 pdf. And online hands-on testing free to improve skills and experience, 98.5% test pass rate choose Lead4pass az-500 dumps:https://www.leads4pass.com/az-500.html (Latest updated)
Microsoft Azure az-500 exam pdf free download
[PDF Q1-Q13] Free Microsoft az-500 pdf dumps download from Google Drive: https://drive.google.com/open?id=13khk-WKOMoD-XIb8Z84uPTP4GsmBF7On
Exam AZ-500: Microsoft Azure Security Technologies: https://docs.microsoft.com/en-us/learn/certifications/exams/az-500
Skills measured
- NOTE: The bullets that appear below each of the skills measured in the document below are intended to illustrate how we are assessing that skill. This list is not definitive or exhaustive.
- Manage identity and access (20-25%)
- Implement platform protection (35-40%)
- Manage security operations (15-20%)
- Secure data and applications (30-35%)
Real and effective Microsoft Azure az-500 exam Practice Questions
QUESTION 1
You have an Azure subscription named Sub1 that contains the resources shown in the following table.
You need to ensure that you can provide VM1 with secure access to a database on SQL1 by using a contained
database user. What should you do?
A. Enable a managed service identity on VM1.
B. Create a secret in KV1.
C. Configure a service endpoint on SQL1.
D. Create a key in KV1.
Correct Answer: B
QUESTION 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear on the review screen.
You have a hybrid configuration of the Azure Active Directory (Azure AD).
You have an Azure HDInsight cluster on a virtual network.
You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.
You need to configure the environment to support the planned authentication.
Solution: You deploy Azure Active Directory Domain Services (Azure AD DS) to the Azure subscription.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Instead, you connect HDInsight to your on-premises network by using Azure Virtual Networks and a VPN gateway.
Note: To allow HDInsight and resources in the joined network to communicate by name, you must perform the following
actions:
Create an Azure Virtual Network.
Create a custom DNS server in the Azure Virtual Network.
Configure the virtual network to use the custom DNS server instead of the default Azure Recursive Resolver.
Configure forwarding between the custom DNS server and your on-premises DNS server.
References:
https://docs.microsoft.com/en-us/azure/hdinsight/connect-on-premises-network
QUESTION 3
You have an Azure SQL Database server named SQL1.
You plan to turn on Advanced Threat Protection for SQL1 to detect all threat detection types.
Which action will Advanced Threat Protection detect as a threat?
A. A user updates more than 50 percent of the records in a table.
B. A user attempts to sign as select * from table1.
C. A user is added to the db_owner database role.
D. A user deletes more than 100 records from the same table.
Correct Answer: B
Advanced Threat Protection can detect potential SQL injections: This alert is triggered when an active exploit happens
against an identified application vulnerability to SQL injection. This means the attacker is trying to inject malicious SQL
statements using the vulnerable application code or stored procedures.
References: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-threat-detection-overview
QUESTION 4
You have 10 virtual machines on a single subnet that has a single network security group (NSG).
You need to log the network traffic to an Azure Storage account.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Install the Network Performance Monitor solution.
B. Enable Azure Network Watcher.
C. Enable diagnostic logging for the NSG.
D. Enable NSG flow logs.
E. Create an Azure Log Analytics workspace.
Correct Answer: BD
A network security group (NSG) enables you to filter inbound traffic to, and outbound traffic from, a virtual machine
(VM). You can log network traffic that flows through an NSG with Network Watcher\\’s NSG flow log capability. Steps
include: Create a VM with a network security group Enable Network Watcher and register the Microsoft.Insights provider
Enable a traffic flow log for an NSG, using Network Watcher\\’s NSG flow log capability Download logged data View
logged data
Reference: https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal
QUESTION 5
Your company plans to create separate subscriptions for each department. Each subscription will be associated to the
same Azure Active Directory (Azure AD) tenant.
You need to configure each subscription to have the same role assignments. What should you use?
A. Azure Security Center
B. Azure Policy
C. Azure AD Privileged Identity Management (PIM)
D. Azure Blueprints
Correct Answer: D
Just as a blueprint allows an engineer or an architect to sketch a project\\’s design parameters, Azure Blueprints
enables cloud architects and central information technology groups to define a repeatable set of Azure resources that
implements and adheres to an organization\\’s standards, patterns, and requirements.
Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such
as: Role Assignments Policy Assignments Azure Resource Manager templates Resource Groups
Reference: https://docs.microsoft.com/en-us/azure/governance/blueprints/overview
QUESTION 6
You have an Azure virtual machine shown in the following table.
You create an Azure Log Analytics workspace named Analytics1 in RG1 in the East US region. Which virtual machines
can be enrolled in Analytics1?
A. VM1 only
B. VM1, VM2, and VM3 only
C. VM1, VM2, VM3, and VM4
D. VM1 and VM4 only
Correct Answer: A
Note: Create a workspace
In the Azure portal, click All services. In the list of resources, type Log Analytics. As you begin typing, the list filters
based on your input. Select Log Analytics.
Click Create, and then select choices for the following items:
Provide a name for the new Log Analytics workspace, such as DefaultLAWorkspace. OMS workspaces are now
referred to as Log Analytics workspaces.
Select a Subscription to link to by selecting from the drop-down list if the default selected is not appropriate.
For Resource Group, select an existing resource group that contains one or more Azure virtual machines.
Select the Location your VMs are deployed to. For additional information, see which regions Log Analytics is available
in.
Incorrect Answers:
B, C: A Log Analytics workspace provides a geographic location for data storage. VM2 and VM3 are at a different
location.
D: VM4 is a different resource group.
References: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/manage-access
QUESTION 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear on the review screen.
You have an Azure Subscription named Sub1.
You have an Azure Storage account named Sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in Sa1 by using several shared access signatures
(SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to Sa1.
Solution: You create a new stored access policy.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
To revoke a stored access policy, you can either delete it or rename it by changing the signed identifier. Changing the
signed identifier breaks the associations between any existing signatures and the stored access policy. Deleting or
renaming the stored access policy immediately affects all of the shared access signatures associated with it.
References: https://docs.microsoft.com/en-us/rest/api/storageservices/Establishing-a-Stored-Access-Policy
QUESTION 8
You are implementing conditional access policies.
You must evaluate the existing Azure Active Directory (Azure AD) risk events and risk levels to configure and implement
the policies.
You need to identify the risk level of the following risk events: Users with leaked credentials Impossible travel to atypical
locations Sign-ins from IP addresses with suspicious activity
Which level should you identify for each risk event? To answer, drag the appropriate levels to the correct risk events.
Each level may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll
to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Correct Answer:
QUESTION 9
You have an Azure subscription that contains the virtual networks shown in the following table.
The Azure virtual machines on SpokeVNetSubnet0 can communicate with the computers on the on-premises network.
You plan to deploy an Azure firewall to HubVNet.
You create the following two routing tables:
RT1: Includes a user-defined route that points to the private IP address of the Azure firewall as a next-hop address RT2:
Disables BGP route propagation and defines the private IP address of the Azure firewall as the default gateway
You need to ensure that traffic between SpokeVNetSubnet0 and the on-premises network flows through the Azure
firewall.
To which subnet should you associate each route table? To answer, drag the appropriate subnets to the correct route
tables. Each subnet may be used once, more than once, or not at all. You may need to drag the split bar between panes
or
scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
Correct Answer:
QUESTION 10
You have an Azure subscription that contains a virtual machine named VM1.
You create an Azure key vault that has the following configurations:
Name: Vault5
Region: West US
Resource group: RG1
You need to use Vault5 to enable Azure Disk Encryption on VM1. The solution must support backing up VM1 by using
Azure Backup.
Which key vault settings should you configure?
A. Access policies
B. Secrets
C. Keys
D. Locks
Correct Answer: A
References: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault
QUESTION 11
You create resources in an Azure subscription as shown in the following table.
VNET1 contains two subnets named Subnet1 and Subnet2. Subnet1 has a network ID of 10.0.0.0/24. Subnet2 has a
network ID of 10.1.1.0/24. Contoso1901 is configured as shown in the exhibit. (Click the Exhibit tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Yes
Access from Subnet1 is allowed.
Box 2: No
No access from Subnet2 is allowed.
Box 3: Yes
Access from IP address 193.77.10.2 is allowed.
QUESTION 12
You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as
shown in the following table.
You schedule two update deployments named Update1 and Update2. Update1 updates VM3. Update2 updates VM6.
Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate
options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Update1: VM1 and VM2 only VM3: Windows Server 2016 West US RG2
Update2: VM4 and VM5 only VM6: CentOS 7.5 East US RG1
For Linux, the machine must have access to an update repository. The update repository can be private or public.
References: https://docs.microsoft.com/en-us/azure/automation/automation-update-management
QUESTION 13
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named
contoso.com.
An administrator named Admin1 has access to the following identities:
An OpenID-enabled user account
A Hotmail account An account in contoso.com An account in an Azure AD tenant named fabrikam.com
You plan to use Azure Account Center to transfer the ownership of Sub1 to Admin1. To which accounts can you transfer
the ownership of Sub1?
A. contoso.com only
B. contoso.com, fabrikam.com, and Hotmail only
C. contoso.com and fabrikam.com only
D. contoso.com, fabrikam.com, Hotmail, and OpenID-enabled user account
Correct Answer: C
When you transfer billing ownership of your subscription to an account in another Azure AD tenant, you can move the
subscription to the new account\\’s tenant. If you do so, all users, groups, or service principals who had role-based
access (RBAC) to manage subscriptions and its resources lose their access. Only the user in the new account who
accepts your transfer request will have access to manage the resources.
Reference: https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer
https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer#transferring-subscription-to-an-account-inanother-azure-ad-tenant
Share lead4pass discount codes for free 2020
Lead4Pass Reviews
Lead4pass offers the latest exam exercise questions for free! Microsoft exam questions are updated throughout the year.
Lead4Pass has many professional exam experts! Guaranteed valid passing of the exam! The highest pass rate, the highest cost-effective!
Help you pass the exam easily on your first attempt.
What you need to know:
LearnExam shares the latest Microsoft az-500 exam dumps,az-500 pdf,az-500 exam exercise questions for free. You can improve your skills and exam experience online to get complete exam questions and answers guaranteed to pass the exam we recommend Lead4Pass az-500 exam dumps
Latest update Lead4pass az-500 exam dumps: https://www.leads4pass.com/az-500.html (142 Q&As)
[Q1-Q13 PDF] Free Microsoft az-500 pdf dumps download from Google Drive: https://drive.google.com/open?id=13khk-WKOMoD-XIb8Z84uPTP4GsmBF7On
