Exampass – unlimited lifetime access to IT training Exams and Certifications in PDF and Exam Engine formats, along with 1800+ other exams and updates

[2021.4] New! Prep Actual Microsoft AZ-500 Exam Questions For Free Share

Valid Microsoft AZ-500 questions shared by Pass4itsure for helping to pass the Microsoft AZ-500 exam! Get the newest Pass4itsure Microsoft AZ-500 exam dumps with VCE and PDF here: https://www.pass4itsure.com/az-500.html (250 Q&As Dumps).

[Free PDF] Microsoft AZ-500 pdf Q&As https://drive.google.com/file/d/12KOk5TpWLuZHDwU08CqIfNYkTJxidjsr/view?usp=sharing

Suitable for AZ-500 complete Microsoft learning pathway

The content is rich and diverse, and learning will not become boring. You can learn in multiple ways through the Microsoft AZ-500 exam.

  1. Download 
  2. Answer practice questions, the actual Microsoft AZ-500 test

Microsoft AZ-500 Microsoft Azure Security Technologies

Free Microsoft AZ-500 dumps download

[PDF] Free Microsoft AZ-500 dumps pdf download https://drive.google.com/file/d/12KOk5TpWLuZHDwU08CqIfNYkTJxidjsr/view?usp=sharing

Pass4itsure offers the latest Microsoft AZ-500 practice test free of charge 1-13

QUESTION 1
You have 10 virtual machines on a single subnet that has a single network security group (NSG). You need to log the
network traffic to an Azure Storage account.
What should you do?
A. Install the Network Performance Monitor solution.
B. Create an Azure Log Analytics workspace.
C. Enable diagnostic logging for the NSG.
D. Enable NSG flow logs.
Correct Answer: D
A network security group (NSG) enables you to filter inbound traffic to, and outbound traffic from, a virtual machine
(VM). You can log network traffic that flows through an NSG with Network Watcher\\’s NSG flow log capability. Steps
include:
1.
Create a VM with a network security group
2.
Enable Network Watcher and register the Microsoft.Insights provider
3.
Enable a traffic flow log for an NSG, using Network Watcher\\’s NSG flow log capability
4.
Download logged data
5.
View logged data
Reference: https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal

QUESTION 2
You company has an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to create several security alerts by using Azure Monitor.
You need to prepare the Azure subscription for the alerts.
What should you create first?
A. An Azure Storage account
B. an Azure Log Analytics workspace
C. an Azure event hub
D. an Azure Automation account
Correct Answer: B

QUESTION 3
HOTSPOT
You have an Azure subscription that contains an Azure key vault named KeyVault1 and the virtual machines shown in
the following table.

AZ-500 exam questions-q3

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

AZ-500 exam questions-q3-2

QUESTION 4
You have a hybrid configuration of Azure Active Directory (Azure AD).
All users have computers that run Windows 10 and are hybrid Azure AD joined.
You have an Azure SQL database that is configured to support Azure AD authentication.
Database developers must connect to the SQL database by using Microsoft SQL Server Management Studio (SSMS)
and authenticate by using their on-premises Active Directory account.
You need to tell the developers which authentication method to use to connect to the SQL database from SSMS. The
solution must minimize authentication prompts.
Which authentication method should you instruct the developers to use?
A. SQL Login
B. Active Directory – Universal with MFA support
C. Active Directory – Integrated
D. Active Directory – Password
Correct Answer: C
Azure AD can be the initial Azure AD managed domain. Azure AD can also be an on-premises Active Directory Domain
Services that is federated with the Azure AD.
Using an Azure AD identity to connect using SSMS or SSDT
The following procedures show you how to connect to a SQL database with an Azure AD identity using SQL Server
Management Studio or SQL Server Database Tools.
Active Directory integrated authentication
Use this method if you are logged in to Windows using your Azure Active Directory credentials from a federated
domain.
1.
Start Management Studio or Data Tools and in the Connect to Server (or Connect to Database Engine) dialog box, in
the Authentication box, select Active Directory – Integrated. No password is needed or can be entered because your
existing credentials will be presented for the connection.
2.
Select the Options button, and on the Connection Properties page, in the Connect to database box, type the name of
the user database you want to connect to. (The AD domain name or tenant ID” option is only supported for Universal
with MFA connection options, otherwise, it is greyed out.)

az-500 exam questions-q4

References: https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/sql-database/sql-database-aadauthentication-configure.md


QUESTION 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create an initiative and an assignment that is scoped to a management group.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Reference: https://docs.microsoft.com/en-us/azure/governance/policy/overview


QUESTION 6
HOTSPOT
You have an Azure subscription that contains the virtual machines shown in the following table.

az-500 exam questions-q6

Subnet1 and Subnet2 have a Microsoft.Storage service endpoint configured.
You have an Azure Storage account named storageacc1 that is configured as shown in the following exhibit.

az-500 exam questions-q6-2

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:

AZ-500 exam questions-q6-3

Correct Answer:

az-500 exam questions-q6-4

Box 1: Yes
The public IP of VM1 is allowed through the firewall.
Box 2: No
The allowed virtual network list is empty so VM2 cannot access storageacc1 directly. The public IP address of VM2 is
not in the allowed IP list so VM2 cannot access storageacc1 over the Internet.
Box 3: No
The allowed virtual network list is empty so VM3 cannot access storageacc1 directly. VM3 does not have a public IP
address so it cannot access storageacc1 over the Internet.
Reference:
https://docs.microsoft.com/en-gb/azure/storage/common/storage-network-security

QUESTION 7
You need to deploy Microsoft Antimalware to meet the platform protection requirements. What should you do? To
answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:

az-500 exam questions-q7

Correct Answer:

AZ-500 exam questions-q7-2

QUESTION 8
You have an Azure subscription linked to an Azure Active Directory Premium Plan 1 tenant.
You plan to implement Azure Active Directory (Azure AD) Identity Protection.
You need to ensure that you can configure a user risk policy and a sign-in risk policy.
What should you do first?
A. Purchase Azure Active Directory Premium Plan 2 licenses for all users.
B. Register all users for Azure Multi-Factor Authentication (MFA).
C. Enable security defaults for Azure AD.
D. Upgrade Azure Security Center to the standard tier.
Correct Answer: A
Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-risk-based-sspr-mfa


QUESTION 9
HOTSPOT
Which virtual networks in Sub1 can User9 modify and delete in their current state? To answer, select the appropriate
options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

AZ-500 exam questions-q9

Box 1: VNET4 and VNET1 only
RG1 has only Delete lock, while there are no locks on RG4.
RG2 and RG3 both have Read-only locks.
Box 2: VNET4 only
There are no locks on RG4, while the other resource groups have either Delete or Read-only locks.
Note: As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in
your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete
or
ReadOnly. In the portal, the locks are called Delete and Read-only respectively.
1.
CanNotDelete means authorized users can still read and modify a resource, but they can\\’t delete the resource.
2.
ReadOnly means authorized users can read a resource, but they can\\’t delete or update the resource. Applying this
lock is similar to restricting all authorized users to the permissions granted by the Reader role.
Scenario:
Sub1 contains six resource groups named RG1, RG2, RG3, RG4, RG5, and RG6.
User9 creates the virtual networks shown in the following table.

AZ-500 exam questions-q9-2

Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

QUESTION 10
DRAG DROP
You have five Azure subscriptions linked to a single Azure Active Directory (Azure AD) tenant.
You create an Azure Policy initiative named SecurityPolicyInitiative1.
You identify which standard role assignments must be configured on all new resource groups.
You need to enforce SecurityPolicyInitiative1 and the role assignments when a new resource group is created.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.

az-500 exam questions-q10

Reference: https://docs.microsoft.com/en-us/azure/governance/blueprints/create-blueprint-portal https://docs.microsoft.com/en-us/azure/azure-australia/azure-policy


QUESTION 11
You have an Azure subscription that contains 100 virtual machines and has Azure Security Center Standard tier
enabled.
You plan to perform a vulnerability scan of each virtual machine.
You need to deploy the vulnerability scanner extension to the virtual machines by using an Azure Resource Manager
template.
Which two values should you specify in the code to automate the deployment of the extension to the virtual machines?
Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. the user assigned managed identity
B. the Key Vault managed storage account Key
C. the Azure Active Directory (Azure AD) ID
D. the system-assigned managed identity
E. the primary shared key
F. the workspace ID
Correct Answer: AC

QUESTION 12
SIMULATION
You need to configure a virtual network named VNET2 to meet the following requirements:
1.
Administrators must be prevented from deleting VNET2 accidentally.
2.
Administrators must be able to add subnets to VNET2 regularly.
To complete this task, sign in to the Azure portal and modify the Azure resources.
A. See the below.
Correct Answer: A
Locking prevents other users in your organization from accidentally deleting or modifying critical resources, such as
Azure subscription, resource group, or resource.
Note: In Azure, the term resource refers to an entity managed by Azure. For example, virtual machines, virtual networks,
and storage accounts are all referred to as Azure resources.
1.
In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select
VNET2. Alternatively, browse to Virtual Networks in the left navigation pane.
2.
In the Settings blade for virtual network VNET2, select Locks.
3.
To add a lock, select Add.
4.
For Lock type select Delete lock, and click OK

az-500 exam questions-q12

az-500 exam questions-q12-2

Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources


QUESTION 13
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.
When a developer attempts to register an app named App1 in the tenant, the developer receives the error message
shown in the following exhibit.

az-500 exam questions-q13

You need to ensure that the developer can register App1 in the tenant. What should you do for the tenant?
A. Modify the User settings
B. Set Enable Security default to Yes.
C. Modify the Directory properties.
D. Configure the Consent and permissions settings for enterprise applications.
Correct Answer: A
Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-areadded

Microsoft AZ-500 exam question video

Pass4itsure Microsoft exam dumps discount code share

Pass4itsure Microsoft exam dumps discount code

Summarize:

[Q1-Q13] Free Microsoft AZ-500 pdf download https://drive.google.com/file/d/12KOk5TpWLuZHDwU08CqIfNYkTJxidjsr/view?usp=sharing

Share all the resources: Latest Microsoft AZ-500 practice questions, latest Microsoft AZ-500 pdf dumps. The latest updated Microsoft AZ-500 dumps https://www.pass4itsure.com/az-500.html Study hard and practices a lot. This will help you prepare for the Microsoft AZ-500 exam. Good luck!