Microsoft AZ-500 Dumps PDF Study Tips And Information 2023

Jonnie Karnath2023-04-14T07:58:01+00:00

Microsoft AZ-500 exam is a highly sought-after certification that can open doors to new job opportunities and career advancements. But passing the exam can be a challenge, especially if you’re not well-prepared. That’s where Certspot comes in with their Microsoft AZ-500 dumps PDF which are designed to help you prepare for the exam by providing you with a realistic testing experience. Microsoft AZ-500 dumps PDF are up-to-date, accurate, and designed to cover all the topics and concepts that you’ll need to know to pass the Microsoft Azure Security Technologies exam. By studying Certspot’s Microsoft AZ-500 dumps PDF, you’ll be able to identify any knowledge gaps and focus your studying efforts on those areas, leading to a better chance of passing the exam.

Page 1 of 4

1. HOTSPOT

You plan to use Azure Sentinel to create an analytic rule that will detect suspicious threats and automate responses.

Which components are required for the rule? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

2. You have an Azure subscription that contains an Azure SQL database named SQL1 and an Azure key vault named KeyVault1.

KeyVault1 stores the keys shown in the following table.

You reed to configure Transparent Data Encryption (TDE). TDE will use a customer-managed key for SQL1?

Key1. Key2 Key3. and Key4

Key1 only

Key2 only

Key1 and key2 only

Key2 and Key3 only

3. You have an Azure web app named webapp1.

You need to configure continuous deployment for webapp1 by using an Azure Repo.

What should you create first?

an Azure Application Insights service

an Azure DevOps organizations

an Azure Storage account

an Azure DevTest Labs lab

4. CORRECT TEXT

You have an Azure subscription that contains the virtual machines shown in the following table.

VNET1, VNET2, and VNET3 are peered with each other. You perform the following actions:

* Create two application security groups named ASG1 and ASG2 in the West US region.

* Add the network interface of VM1 to ASG1.

5. You company has an Azure subscription named Sub1. Sub1 contains an Azure web app named WebApp1 that uses Azure Application Insights. WebApp1 requires users to authenticate by using OAuth 2.0 client secrets.

Developers at the company plan to create a multi-step web test app that preforms synthetic transactions emulating user traffic to Web App1.

You need to ensure that web tests can run unattended.

What should you do first?

In Microsoft Visual Studio, modify the .webtest file.

Upload the .webtest file to Application Insights.

Add a plug-in to the web test app.

6. You have an Azure subscription that contains 100 virtual machines and has Azure Security Cent, -. Standard tier enabled.

You plan to perform a vulnerability scan of each virtual machine.

You need to deploy the vulnerability scanner extension to the virtual machines by using an Azure Resource Manager template.

Which two values should you specify in the code to automate the deployment of the extension to the virtual machines? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

the user assigned managed identity

the Key Vault managed storage account Key

the Azure Active Directory (Azure AD) ID

the system-assigned managed identity

the primary shared key

the workspace ID

7. HOTSPOT

You have an Azure subscription named Subscription1 that contains a resource group named RG1 and a user named User1. User1 is assigned the Owner role for RG1.

You create an Azure Blueprints definition named Blueprint1 that includes a resource group named RG2 as shown in the following exhibit.

You assign Blueprint1 to Subscription1 by using the following settings:

- Lock assignment: Read Only

- Managed Identity: System assigned

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

8. DRAG DROP

You have an Azure Storage account named storage1 and an Azure virtual machine named VM1. VM1 has a premium SSD managed disk.

You need to enable Azure Disk Encryption for VM1.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange then in the correct order.

9. You have an Azure subscription that contains an Azure key vault and an Azure Storage account. The key vault contains customer-managed keys. The storage account is configured to use the customer-managed keys stored In the key vault.

You plan to store data in Azure by using the following services:

* Azure Files

* Azure Blob storage

* Azure Log Analytics

* Azure Table storage

* Azure Queue storage

Which two services data encryption by using the keys stored in the key vault? Each correct answer present a complete solution. NOTE: Each correct selection is worth one point.

Queue storage

Table storage

Azure Files

Blob storage

10. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that contains two users named User1 and User2 and a registered app named App1.

You create an app-specific role named Role1.

You need to assign Role1 to User1 and enable User2 to request access to App1.

Which two settings should you modify? To answer select the appropriate settings in the answer area. NOTE: Each correct selection is worth one pant.

Page 2 of 4

11. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You use Azure Security Center for the centralized policy management of three Azure subscriptions. You use several policy definitions to manage the security of the subscriptions. You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create an initiative and an assignment that is scoped to a management group.

Does this meet the goal?

Yes

12. DRAG DROP

You have an Azure subscription named Sub1.

You have an Azure Active Directory (Azure AD) group named Group1 that contains all the members of your IT team.

You need to ensure that the members of Group1 can stop, start, and restart the Azure virtual machines in Sub1. The solution must use the principle of least privilege.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

13. You have a web app named WebApp1.

You create a web application firewall (WAF) policy named WAF1.

You need to protect WebApp1 by using WAF1.

What should you do first?

Deploy an Azure Front Door.

Add an extension to WebApp1.

Deploy Azure Firewall.

14. You have an Azure subscription.

You configure the subscription to use a different Azure Active Directory (Azure AD) tenant.

What are two possible effects of the change? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Role assignments at the subscription level are lost.

Virtual machine managed identities are lost.

Virtual machine disk snapshots are lost.

Existing Azure resources are deleted.

15. HOTSPOT

You have an Azure subscription that contains the storage accounts shown in the following table.

You need to configure authorization access.

Which authorization types can you use for each storage account? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

16. You have an Azure subscription that contains a Microsoft Defender External Attack Surface Management (Defender EASM) resource named EASM1. EASM1 has discovery enabled and contains several inventory assets.

You need to identify which inventory assets are vulnerable to the most critical web app security risks.

Which Defender EASM dashboard should you use?

Attack Surface Summary

GDPRCompliance

Security Posture

OWASPToplO

17. You are troubleshooting a security issue for an Azure Storage account.

You enable the diagnostic logs for the storage account.

What should you use to retrieve the diagnostics logs?

the Security & Compliance admin center

SQL query editor in Azure

File Explorer in Windows

AzCopy

18. You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud.

You have the management group hierarchy shown in the following exhibit.

You create the definitions shown in the following table.

You need to use Defender for Cloud to add a security policy.

Which definitions can you use as a security policy?

Policy1 only

Policy1 and Initiative1 only

Initiative1 and Initiative2 only

Initiative1, Initiative2, and Initiatives only

Policy1, Initiative1, Initiative2, and Initiative3

19. You have an Azure subscription that contains a virtual machine named VM1.

You create an Azure key vault that has the following configurations:

- Name: Vault5

- Region: West US

- Resource group: RG1

You need to use Vault5 to enable Azure Disk Encryption on VM1. The solution must support backing up VM1 by using Azure Backup.

Which key vault settings should you configure?

Access

Secrets

Keys

Locks policies

20. You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You need to identify which initiatives and policies you can add to Subscription1 by using Azure Security Center.

What should you identify?

Policy1 and Policy2 only

Initiative1 only

Initiative1 and Initiative2 only

Initiative1, Initiative2, Policy1, and Policy2

Page 3 of 4

21. HOTSPOT

You have an Azure subscription that contains a storage account named storage1 and several virtual machines. The storage account and virtual machines are in the same Azure region.

The network configurations of the virtual machines are shown in the following table.

The virtual network subnets have service endpoints defined as shown in the following table.

You configure the following Firewall and virtual networks settings for storage1:

- Allow access from: Selected networks

- Virtual networks: VNET3Subnet3

- Firewall C Address range: 52.233. 129.0/24

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

22. HOTSPOT

You have an Azure Sentinel workspace that has the following data connectors:

- Azure Active Directory Identity Protection

- Common Event Format (CEF)

- Azure Firewall

You need to ensure that data is being ingested from each connector.

From the Logs query window, which table should you query for each connector? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

23. You have an Azure subscription that contains the virtual machines shown in the following table.

From Azure Security Center, you turn on Auto Provisioning.

You deploy the virtual machines shown in the following table.

On which virtual machines is the Log Analytics agent installed?

VM3 only

VM1 and VM3 only

VM3 and VM4 only

VM1, VM2, VM3, and VM4

24. You plan to use Azure Resource Manager templates to perform multiple deployments of identically configured Azure virtual machines. The password for the administrator account of each deployment is stored as a secret in different Azure key vaults.

You need to identify a method to dynamically construct a resource ID that will designate the key vault containing the appropriate secret during each deployment. The name of the key vault and the name of the secret will be provided as inline parameters.

What should you use to construct the resource ID?

a key vault access policy

a linked template

a parameters file

an automation account

25. DRAG DROP

You have an Azure subscription.

You plan to create a storage account.

You need to use customer-managed keys to encrypt the tables in the storage account.

From Azure Cloud Shell, which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.

26. You have an Azure subscription that uses Microsoft Defender for Cloud.

The subscription contains the Azure Policy definitions shown in the following table.

Which definitions can be assigned as a security policy in Defender for Cloud?

Policy1 and Policy2 only

Initiative1 and Initiative2 only

Policy1 and Initiative1 only

Policy2 and Initiative2 only

Policy1, Policy2, Initiative1, and Initiative2

27. You have an Azure subscription that contains an app named App1.

App1 has the app registration shown in the following table.

You need to ensure that App1 can read all user calendars and create appointments. The solution must use the principle of least privilege.

What should you do?

Add a new Delegated API permission for Microsoft.Graph Calendars.ReadWrite.

Add a new Application API permission for Microsoft.Graph Calendars.ReadWrite.

Select Grant admin consent.

Add a new Delegated API permission for Microsoft.Graph Calendars.ReadWrite.Shared.

28. HOTSPOT

You suspect that users are attempting to sign in to resources to which they have no access.

You need to create an Azure Log Analytics query to identify failed user sign-in attempts from the last three days. The results must only show users who had more than five failed sign-in attempts.

How should you configure the query? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

29. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains three security groups named Group1, Group2, and Group3 and the users shown in the following table.

Group3 is a member of Group2.

In contoso.com, you register an enterprise application named App1 that has the following settings:

✑ Owners: User1

✑ Users and groups: Group2

You configure the properties of App1 as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select no. NOTE: Each correct selection is worth one point.

30. You have an Azure subscription linked to an Azure Active Directory Premium Plan 1 tenant. You plan to implement Azure Active Directory (Azure AD) Identity Protection.

You need to ensure that you can configure a user risk policy and a sign-in risk policy.

What should you do first?

Purchase Azure Active Directory Premium Plan 2 licenses for all users.

Enable security defaults for Azure A

Upgrade Azure Security Center to the standard tier.

Page 4 of 4

31. DRAG DROP

Your company has an Azure Active Directory (Azure AD) tenant named contoso.com.

The company is developing an application named App1. App1 will run as a service on server that runs Windows Server 2016. App1 will authenticate to contoso.com and access Microsoft Graph to read directory data.

You need to delegate the minimum required permissions to App1.

Which three actions should you perform in sequence from the Azure portal? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Facebook Twitter LinkedIn Google + Email