Microsoft AZ-500 Exam Dumps

You have an Azure environment.You need to identify any Azure configurations and workloads that are non-compliant with ISO 27001:2013 standards.What should you use?

A. Azure Active Directory (Azure AD) Identity Protection
B. Microsoft Defender for Cloud
C. Microsoft Defender for Identity
D. Microsoft Sentinel

Answer: B

Lab Taskuse the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password. place your cursor in the Enter password box and click on the password below.Azure Username: Userl -28681041@ExamUsers.comAzure Password: GpOAe4@lDgIf the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 28681041Task 7You need to collect all the audit failure data from the security log of a virtual machine named VM1 to an Azure Storage account. To complete this task, sign in to the Azure portal.Check below steps in explanation for Task

Answer: .

You have an Azure subscription that contains an Azure SQL server named SQL1. SQL1 contains. You need to use Microsoft Defender for Cloud to complete a vulnerability assessment for DB1. What should you do first?

A. From Advanced Threat Protection types, select SQL injection vulnerability.
B. Configure the Send scan report to setting.
C. Set Periodic recurring scans to ON.
D. Enable the Microsoft Defender for SQL plan

Answer: A

Lab Taskuse the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password. place your cursor in the Enter password box and click on the password below.Azure Username: Userl -28681041@ExamUsers.comAzure Password: GpOAe4@lDgIf the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 28681041Task 9You need to ensure that the rg1lod28681041n1 Azure Storage account is encrypted by using a key stored in the KeyVault28681041 Azure key vault.Check below steps in explanation for Task.

Answer: .

You have an Azure subscription that contains a storage account named storage1 and a virtual machine named VM1.VM1 is connected to a virtual network named VNet1 that contains one subnet and uses Azure DNS.You need to ensure that VM1 connects to storage! by using a private IP address. The solution must minimize administrative effort.What should you do?

A. For storage1, disable public network access.
B. Create an Azure Private DNS zone.
C. On VNet1. create a new subnet.
D. For storage1, create a new private endpoint

Answer: D

You have an Azure subscription that contains a user named User1. You need to ensure that User1 can create managed identities. The solution must use the principle of least privilege.What should you do?

A. Create a resource group and assign User1 to the Managed Identity Contributor role.
B. Create a management group and assign User1 the Managed Identity Operator role.
C. Create an organizational unit (OU) and assign User1 the User administrator Azure AD role.
D. Create management group and assign User1 the Hybrid Identity Administrator Azure AD role.

Answer: A

You plan to implement JIT VM access. Which virtual machines will be supported?

A. VM1 and VM3 only 
B. VM1. VM2. VM3, and VM4 
C. VM2, VM3, and VM4 only 
D. VM1 only 

Answer: A

You need to meet the technical requirements for the finance department users.Which CAPolicy1 settings should you modify?

A. Cloud apps or actions 
B. Conditions 
C. Grant 
D. Session 

Answer: D

From Azure Security Center, you need to deploy SecPol1.What should you do first?

A. Enable Azure Defender. 
B. Create an Azure Management group. 
C. Create an initiative. 
D. Configure continuous export. 

Answer: C

You need to encrypt storage1 to meet the technical requirements. Which key vaults canyou use?

A. KeyVault1 only 
B. KeyVaurt2 and KeyVault3 only 
C. KeyVault1 and KeyVault3 only 
D. KeyVault1 KeyVault2 and KeyVault3 

Answer: B

You plan to configure Azure Disk Encryption for VM4 Which key vault can you use to storethe encryption key?

A. KeyVault1 
B. KeyVault3 
C. KeyVault2 

Answer: C

You are troubleshooting a security issue for an Azure Storage account You enable Azure Storage Analytics logs and archive It to a storage account. What should you use to retrievethe diagnostics logs?

A. Azure Storage Explorer
B. SQL query editor in Azure
C. Azure Monitor
D. Azure Cosmos DB explorer

Answer: A

You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant. From the Azure portal, you register an enterprise application.Which additional resource will be created in Azure AD?

A. a service principal
B. an X.509 certificate
C. a managed identity
D. a user account

Answer: A

You have an Azure subscription that uses Microsoft Sentinel. You need to create a Microsoft Sentinel notebook that will use the Guided Investigation - Anomaly Lookup template.What should you create first?

A. an analytics rule
B. a Log Analytics workspace 
C. an Azure Machine Learning workspace
D. a hunting query

Answer: A

You have an Azure Active Directory (Azure AD) tenant that contains a user named Admin1. Admin1 is assigned the Application developer role. You purchase a cloud app named App1 and register App1 in Azure AD. Admin1 reports that the option to enable token encryption for App1 is unavailable. You need to ensure that Admin1 can enable token encryption for App1 in the Azure portal. What should you do?

A. Upload a certificate for App1.
B. Modify the API permissions of App1.
C. Add App1 as an enterprise application.
D. Assign Admin! the Cloud application administrator role.

Answer: C

You need to create a new Azure Active Directory (Azure AD) directory named 12345678.onmicrosoft.com. The new directory must contain a new user named user1@12345678.onmicrosoft.com. To complete this task, sign in to the Azure portal. 

Answer: .

You have a web app hosted on an on-premises server that is accessed by using a URL of https://www.contoso.com. You plan to migrate the web app to Azure. You will continue touse https://www.contoso.com. You need to enable HTTPS for the Azure web app. What should you do first?

A. Export the public key from the on-premises server and save the key as a P7b file.
B. Export the private key from the on-premises server and save the key as a PFX file that is encrypted by using TripleDES.
C. Export the public key from the on-premises server and save the key as a CER file.
D. Export the private key from the on-premises server and save the key as a PFX file that is encrypted by using AES256.

Answer: B

You need to ensure that a user named user2-12345678 can manage the properties of the virtual machines in the RG1lod12345678 resource group. The solution must use the principle of least privilege. To complete this task, sign in to the Azure portal. 

Answer: .

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect. Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced. Solution: You recommend the use of password hash synchronization and seamless SSO. Does the solution meet the goal?

A. Yes
B. No

Answer: B

You have an Azure subscription that uses Azure Active Directory (Azure AD) Privileged Identity Management (PIM). A PIM user that is assigned the User Access Administrator role reports receiving an authorization error when performing a role assignment or viewing the list of assignments. You need to resolve the issue by ensuring that the PIM service principal has the correctpermissions for the subscription. The solution must use the principle of least privilege. Which role should you assign to the PIM service principle?

A. Contributor
B. User Access Administrator
C. Managed Application Operator
D. Resource Policy Contributor

Answer: B

You have an Azure subscription name Sub1 that contains an Azure Policy definition named Policy1. Policy1 has the following settings: Definition location: Tenant Root GroupCategory: Monitoring You need to ensure that resources that are noncompliant with Policy1 are listed in the Azure Security Center dashboard. What should you do first?

A. Change the Category of Policy1 to Security Center.
B. Add Policy1 to a custom initiative.
C. Change the Definition location of Policy1 to Sub1.
D. Assign Policy1 to Sub1.

Answer: D

You have an Azure Active Directory (Azure AD) tenant named contoso.comYou need to configure diagnostic settings for contoso.com. The solution must meet thefollowing requirements:• Retain loqs for two years.• Query logs by using the Kusto query language• Minimize administrative effort.Where should you store the logs?

A. an Azure Log Analytics workspace 
B. an Azure event hub 
C. an Azure Storage account 

Answer: A

You have an Azure Active Directory (Azure AD) tenant.You need to prevent nonprivileged Azure AD users from creating service principals inAzure AD.What should you do in the Azure Active Directory admin center of the tenant?

A. From the Properties Wade, set Enable Security defaults to Yes. 
B. From the Properties blade, set Access management fen Azure resources to No 
C. From the User settings blade, set Users can register applications to No 
D. From the User settings blade, set Restrict access to Azure AD administration portal toYes. 

Answer: D

You have an Azure subscription named Sub1.In Azure Security Center, you have a workflow automation named WF1. WF1 is configuredto send an email message to a user named User1.You need to modify WF1 to send email messages to a distribution group named Alerts.What should you use to modify WF1?

A. Azure Application Insights 
B. Azure Monitor 
C. Azure Logic Apps Designer 
D. Azure DevOps 

Answer: C

You have an Azure subscription that contains 100 virtual machines and has Azure SecurityCenter Standard tier enabled.You plan to perform a vulnerability scan of each virtual machine.You need to deploy the vulnerability scanner extension to the virtual machines by using anAzure Resource Manager template.Which two values should you specify in the code to automate the deployment of theextension to the virtual machines? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

A. the user-assigned managed identity 
B. the workspace ID 
C. the Azure Active Directory (Azure AD) ID 
D. the Key Vault managed storage account key 
E. the system-assigned managed identity 
F. the primary shared key 

Answer: A,C

You have multiple development teams that will create apps in Azure.You plan to create a standard development environment that will be deployed for eachteam.You need to recommend a solution that will enforce resource locks across the developmentenvironments and ensure that the locks are applied in a consistent manner.What should you include in the recommendation?

A. an Azure policy 
B. an Azure Resource Manager template 
C. a management group 
D. an Azure blueprint 

Answer: D