[Feb 29, 2024] AZ-500 Sample with Accurate & Updated Questions [Q166-Q186]

Share

[Feb 29, 2024] AZ-500 Sample with Accurate & Updated Questions

AZ-500 Exam Info and Free Practice Test | ExamCost

NEW QUESTION # 166
You have an Azure subscription named Sub 1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

Each user is assigned an Azure AD Premium ?2 license.
You plan lo onboard and configure Azure AD identity Protection.
Which users can onboard Azure AD Identity Protection, remediate users, and configure policies? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point

Answer:

Explanation:

Explanation


NEW QUESTION # 167
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You create and enforce an Azure AD Identity Protection user risk policy that has the following settings:
* Assignment: Include Group1, Exclude Group2
* Conditions: Sign-in risk of Medium and above
* Access: Allow access, Require password change
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: Yes
User1 is member of Group1. Sign in from unfamiliar location is risk level Medium.
Box 2: Yes
User2 is member of Group1. Sign in from anonymous IP address is risk level Medium.
Box 3: No
Sign-ins from IP addresses with suspicious activity is low.
Note:

Azure AD Identity protection can detect six types of suspicious sign-in activities:
* Users with leaked credentials
* Sign-ins from anonymous IP addresses
* Impossible travel to atypical locations
* Sign-ins from infected devices
* Sign-ins from IP addresses with suspicious activity
* Sign-ins from unfamiliar locations
These six types of events are categorized in to 3 levels of risks - High, Medium & Low:
References:
http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/


NEW QUESTION # 168
You create a new Azure subscription that is associated to a new Azure Active Directory (Azure AD) tenant.
You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the Microsoft Azure Management cloud app.
The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.)

The Grant settings for Portal Policy are configured as shown in the Grant exhibit. (Click the Grant tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition


NEW QUESTION # 169
You need to deploy AKS1 to meet the platform protection requirements.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration


NEW QUESTION # 170
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create a policy definition and assignments that are scoped to resource groups.
Does this meet the goal?

  • A. No
  • B. Yes

Answer: A

Explanation:
References:
https://4sysops.com/archives/apply-governance-policy-to-multiple-azure-subscriptions-with-management-groups/


NEW QUESTION # 171
You have an Azure subscription that contains the virtual machines shown in the following table.

VNET1, VNET2, and VNET3 are peered with each other. You perform the following actions:
* Create two application security groups named ASG1 and ASG2 in the West US region.
* Add the network interface of VM1 to ASG1.

Answer:

Explanation:
Answer as below.


NEW QUESTION # 172
You need to create an Azure key vault. The solution must ensure that any object deleted from the key vault be retained for 90 days.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/new-azurermkeyvault


NEW QUESTION # 173
You need to enable Advanced Data Security for the SQLdb1 Azure SQL database. The solution must ensure that Azure Advanced Threat Protection (ATP) alerts are sent to [email protected].
To complete this task, sign in to the Azure portal and modify the Azure resources.

Answer:

Explanation:
In the Azure portal, type SQL in the search box, select SQL databases from the search results then select SQLdb1. Alternatively, browse to SQL databases in the left navigation pane.
In the properties of SQLdb1, scroll down to the Security section and select Advanced data security.
Click on the Settings icon.
Tick the Enable Advanced Data Security at the database level checkbox.
Click Yes at the confirmation prompt.
In the Storage account select a storage account if one isn't selected by default.
Under Advanced Threat Protection Settings, enter [email protected] in the Send alerts to box.
Click the Save button to save the changes.
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/advanced-data-security


NEW QUESTION # 174
You are evaluating the effect of the application security groups on the network communication between the virtual machines in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 175
You have an Azure Active Directory (Azure AD) tenant that contains the resources shown in the following table.

User2 is the owner of Group2.
The user and group settings for App1 are configured as shown in the following exhibit.

You enable self-service application access for App1 as shown in the following exhibit.

User3 is configured to approve access to Appl.
You need to identify the owners of Group2 and the users of Appl.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-access


NEW QUESTION # 176
You need to deploy AKS1 to meet the platform protection requirements.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

Answer:

Explanation:

Explanation

Scenario: Azure AD users must be to authenticate to AKS1 by using their Azure AD credentials.
Litewire plans to deploy AKS1, which is a managed AKS (Azure Kubernetes Services) cluster.
Step 1: Create a server application
To provide Azure AD authentication for an AKS cluster, two Azure AD applications are created. The first application is a server component that provides user authentication.
Step 2: Create a client application
The second application is a client component that's used when you're prompted by the CLI for authentication.
This client application uses the server application for the actual authentication of the credentials provided by the client.
Step 3: Deploy an AKS cluster.
Use the az group create command to create a resource group for the AKS cluster.
Use the az aks create command to deploy the AKS cluster.
Step 4: Create an RBAC binding.
Before you use an Azure Active Directory account with an AKS cluster, you must create role-binding or cluster role-binding. Roles define the permissions to grant, and bindings apply them to desired users. These assignments can be applied to a given namespace, or across the entire cluster.
Reference:
https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration


NEW QUESTION # 177
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
An administrator named Admin1 has access to the following identities:
* An OpenID-enabled user account
* A Hotmail account
* An account in contoso.com
* An account in an Azure AD tenant named fabrikam.com
You plan to use Azure Account Center to transfer the ownership of Sub1 to Admin1.
To which accounts can you transfer the ownership of Sub1?

  • A. contoso.com and fabrikam.com only
  • B. contoso.com, fabrikam.com, and Hotmail only
  • C. contoso.com, fabrikam.com, Hotmail, and OpenID-enabled user account
  • D. contoso.com only

Answer: A

Explanation:
Explanation
When you transfer billing ownership of your subscription to an account in another Azure AD tenant, you can move the subscription to the new account's tenant. If you do so, all users, groups, or service principals who had role based access (RBAC) to manage subscriptions and its resources lose their access. Only the user in the new account who accepts your transfer request will have access to manage the resources.
Reference:
https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer
https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer#transferring-subscription-to-anaccou


NEW QUESTION # 178
You suspect that users are attempting to sign in to resources to which they have no access.
You need to create an Azure Log Analytics query to identify failed user sign-in attempts from the last three days. The results must only show users who had more than five failed sign-in attempts.
How should you configure the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/examples


NEW QUESTION # 179
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

From Azure AD Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as shown in the following exhibit.

From PIM, you assign the Security Administrator role to the following groups:
Group1: Active assignment type, permanently assigned
Group2: Eligible assignment type, permanently eligible
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: Yes
Eligible Type: A role assignment that requires a user to perform one or more actions to use the role. If a user has been made eligible for a role, that means they can activate the role when they need to perform privileged tasks. There's no difference in the access given to someone with a permanent versus an eligible role assignment. The only difference is that some people don't need that access all the time.
You can choose from two assignment duration options for each assignment type (eligible and active) when you configure settings for a role. These options become the default maximum duration when a user is assigned to the role in Privileged Identity Management.
Use the Activation maximum duration slider to set the maximum time, in hours, that a role stays active before it expires. This value can be from one to 24 hours.
Box 2: Yes
Active Type: A role assignment that doesn't require a user to perform any action to use the role. Users assigned as active have the privileges assigned to the role Box 3: Yes User3 is member of Group2.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
https://docs.microsoft.com/bs-cyrl-ba/azure/active-directory/privileged-identity-management/pim-resource-role


NEW QUESTION # 180
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.

You have an Azure subscription named Subscription2 that contains the following resources:
An Azure Sentinel workspace
An Azure Event Grid instance
You need to ingest the CEF messages from the NVAs to Azure Sentinel.
What should you configure for each subscription? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:


NEW QUESTION # 181
You have an Azure Active Directory (Azure AD) tenant named contoso.com
You need to configure diagnostic settings for contoso.com. The solution must meet the following requirements:
* Retain loqs for two years.
* Query logs by using the Kusto query language
* Minimize administrative effort.
Where should you store the logs?

  • A. an Azure event hub
  • B. an Azure Log Analytics workspace
  • C. an Azure Storage account

Answer: B

Explanation:
Explanation
https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-queries


NEW QUESTION # 182
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

You create a resource group named RG1.
Which users can modify the permissions for RG1 and which users can create virtual networks in RG1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: Only an owner can change permissions on resources.
Box 2: A Contributor can create/modify/delete anything in the subscription but cannot change permissions.


NEW QUESTION # 183
You have an Azure subscription that contains a virtual network. The virtual network contains the subnets shown in the following table.

The subscription contains the virtual machines shown in the following table.

You enable just in time (JIT) VM access for all the virtual machines.
You need to identify which virtual machines are protected by JIT.
Which virtual machines should you identify?

  • A. VM1, VM3 and VM4 only
  • B. VM1, VM2, VM3, and VM4
  • C. VM4 only
  • D. VM1 and VM3 only

Answer: A

Explanation:
Explanation
An NSG needs to be enabled, either at the VM level or the subnet level.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time


NEW QUESTION # 184
You have an Azure subscription that contains a user named User1 and a storage account named storage 1. The storage1 account contains the resources shown in the following table:

User1 is assigned the following roles for storage1:
* Storage Blob Data Reader
* Storage Table Data Contributor
* Storage File Data SMB Share Reader

Answer:

Explanation:


NEW QUESTION # 185
You have a network security group (NSG) bound to an Azure subnet.
You run Get-AzureRmNetworkSecurityRuleConfig and receive the output shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group


NEW QUESTION # 186
......


Microsoft AZ-500 certification exam is highly regarded in the industry and is recognized by employers as an indicator of a candidate's expertise in securing Azure environments. Holding this certification can help professionals stand out in a competitive job market and can lead to higher salaries and more job opportunities. Additionally, the knowledge and skills gained from preparing for AZ-500 exam can help professionals improve their performance in their current roles and contribute to the success of their organizations.


Earning the Microsoft AZ-500 certification demonstrates your expertise in securing Azure cloud services and can help you advance your career in the cloud security field. Microsoft Azure Security Technologies certification is also a prerequisite for other advanced Azure certifications, such as the Microsoft Certified: Azure Security Engineer Associate.

 

Pass Microsoft AZ-500 Premium Files Test Engine pdf - Free Dumps Collection: https://www.examcost.com/AZ-500-practice-exam.html

New 2024 Realistic AZ-500 Dumps Test Engine Exam Questions in here: https://drive.google.com/open?id=1rIUhh6X5hSWVx7qjRaY1kcXzCJ1w5oxB