AZ-500 Practice Exam Tests Latest Updated on Oct-2021
Pass AZ-500 Exam in First Attempt Guaranteed Dumps!
NEW QUESTION 108
You company has an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to create several security alerts by using Azure Monitor.
You need to prepare the Azure subscription for the alerts.
What should you create first?
- A. an Azure Automation account
- B. An Azure Storage account
- C. an Azure event hub
- D. an Azure Log Analytics workspace
Answer: D
Explanation:
https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-create-workspace
NEW QUESTION 109
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Azure Username: [email protected]
Azure Password: Ag1Bh9!#Bd
The following information is for technical support purposes only:
Lab Instance: 10598168



You need to email an alert to a user named [email protected] if the average CPU usage of a virtual machine named VM1 is greater than 70 percent for a period of 15 minutes.
To complete this task, sign in to the Azure portal.
Answer:
Explanation:
See the explanation below.
Explanation
Create an alert rule on a metric with the Azure portal
1. In the portal, locate the resource, here VM1, you are interested in monitoring and select it.
2. Select Alerts (Classic) under the MONITORING section. The text and icon may vary slightly for different resources.
3. Select the Add metric alert (classic) button and fill in the fields as per below, and click OK.
Metric: CPU Percentage
Condition: Greater than
Period: Over last 15 minutes
Notify via: email
Additional administrator email(s): [email protected]
Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-insights-alerts-portal
NEW QUESTION 110
You are evaluating the security of VM1, VM2, and VM3 in Sub2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 111
You have an Azure subscription that contains an Azure key vault named KeyVault1 and the virtual machines shown in the following table.
You set the Key Vault access policy to Enable access to Azure Disk Encryption for volume encryption.
KeyVault1 is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 112
You have an Azure subscription that contains the resources shown in the following table.
User1 is a member of Group1. Group1 and User2 are assigned the Key Vault Contributor role for Vault1.
On January 1, 2019, you create a secret in Vault1. The secret is configured as shown in the exhibit. (Click the Exhibit tab.)
User2 is assigned an access policy to Vault1. The policy has the following configurations:
* Key Management Operations: Get, List, and Restore
* Cryptographic Operations: Decrypt and Unwrap Key
* Secret Management Operations: Get, List, and Restore
Group1 is assigned an access to Vault1. The policy has the following configurations:
* Key Management Operations: Get and Recover
* Secret Management Operations: List, Backup, and Recover
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Answer:
Explanation:
Explanation
NEW QUESTION 113
You have an Azure subscription named Subscription1 that contains the resources shown in the following table.
You need to identify which initiatives and policies you can add to Subscription1 by using Azure Security Center.
What should you identify?
- A. Initiative1 and Initiative2 only
- B. Policy1 and Policy2 only
- C. Initiative1 only
- D. Initiative1, Initiative2, Policy1, and Policy2
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/security-center/custom-security-policies
NEW QUESTION 114
You have an Azure subscription.
You plan to create a storage account.
You need to use customer-managed keys to encrypt the tables in the storage account.
From Azure Cloud Shell, which three cmdlets should you run in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.
Answer:
Explanation:
1 - New-AzStorageAccount
2 - New-AzStorageAccountKey
3 - New-AzStorageTable
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-configure-key-vault?tabs=powershell
NEW QUESTION 115
You need to configure SQLDB1 to meet the data and application requirements.
Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
Step 1: Connect to SQLDB1 by using Microsoft SQL Server Management Studio (SSMS) Step 2: In SQLDB1, create contained database users.
Create a contained user in the database that represents the VM's system-assigned identity.
Step 3: In Azure AD,create a system-assigned managed identity.
A system-assigned identity for a Windows virtual machine (VM) can be used to access an Azure SQL server.
Managed Service Identities are automatically managed by Azure and enable you to authenticate to services that support Azure AD authentication, without needing to insert credentials into your code.
References:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm
NEW QUESTION 116
You have an Azure subscription that contains the Azure virtual machines shown in the following table.
https://www.fast2test.com/AZ-500-practice-test.html 43
Valid Fast2test AZ-500 Exam PDF Dumps - New AZ-500 Real Exam Questions
You create an MDM Security Baseline profile named Profile1.
You need to identify to which virtual machines Profile1 can be applied.
Which virtual machines should you identify?
- A. VM1, VM2, VM3, and VM4
- B. VM1 only
- C. VM1, VM2, and VM3 only
- D. VM1 and VM3 only
Answer: B
Explanation:
Explanation/Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/security-baselines
NEW QUESTION 117
You have an Azure subscription that contains three storage accounts, an Azure SQL managed instance named SQL and three Azure SQL databases. The storage accounts are configured as shown in the following table.
SQ11 has the following settings:
* Auditing: On
* Audit tog destination: storage1
The Azure SQL databases are configured as shown in the following table.
Answer:
Explanation:
NEW QUESTION 118
You need to configure support for Azure Sentinel notebooks to meet the technical requirements.
What is the minimum number of Azure container registries and Azure Machine Learning workspaces required?
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/notebooks
NEW QUESTION 119
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
The tenant contains the named locations shown in the following table.
You create the conditional access policies for a cloud app named App1 as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 120
You need to configure a Microsoft SQL server named Web11597200 only to accept connections from the Subnet0 subnet on the VNET01 virtual network.
To complete this task, sign in to the Azure portal.
Answer:
Explanation:
See the explanation below.
Explanation
You need to allow access to Azure services and configure a virtual network rule for the SQL Server.
* In the Azure portal, type SQL Server in the search box, select SQL Server from the search results then select the server named web11597200. Alternatively, browse to SQL Server in the left navigation pane.
* In the properties of the SQL Server, click Firewalls and virtual networks.
* In the Virtual networks section, click on Add existing. This will open the Create/Update virtual network rule window.
* Give the rule a name such as Allow_VNET01-Subnet0 (it doesn't matter what name you enter for the exam).
* In the Virtual network box, select VNET01.
* In the Subnet name box, select Subnet0.
* Click the OK button to save the rule.
* Back in the Firewall / Virtual Networks window, set the Allow access to Azure services option to On.
NEW QUESTION 121
You have an Azure subscription that contains the virtual networks shown in the following table.
The Azure virtual machines on SpokeVNetSubnet0 can communicate with the computers on the on-premises network.
You plan to deploy an Azure firewall to HubVNet.
You create the following two routing tables:
* RT1: Includes a user-defined route that points to the private IP address of the Azure firewall as a next hop address
* RT2: Disables BGP route propagation and defines the private IP address of the Azure firewall as the default gateway You need to ensure that traffic between SpokeVNetSubnet0 and the on-premises network flows through the Azure firewall.
To which subnet should you associate each route table? To answer, drag the appropriate subnets to the correct route tables. Each subnet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION 122
You create a new Azure subscription that is associated to a new Azure Active Directory (Azure AD) tenant.
You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the Microsoft Azure Management cloud app.
The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.)
The Grant settings for Portal Policy are configured as shown in the Grant exhibit. (Click the Grant tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: No
The Contoso location is excluded
Box 2: Yes
Box 3: Yes
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
NEW QUESTION 123
Your company has an Azure subscription named Subscription1 that contains the users shown in the following table.
The company is sold to a new owner.
The company needs to transfer ownership of Subscription1.
Which user can transfer the ownership and which tool should the user use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1; User2
Billing Administrator
Select Transfer billing ownership for the subscription that you want to transfer.
Enter the email address of a user who's a billing administrator of the account that will be the new owner for the subscription.
Box 2: Azure Account Center
Azure Account Center can be used.
Reference:
https://docs.microsoft.com/en-us/azure/billing/billing-subscription-transfer#transfer-billing-ownership-of-an-azure-subscription
NEW QUESTION 124
You create an Azure subscription with Azure AD Premium P2.
You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure roles.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
1. Verify your identity with MFA
2. Consent to PIM
3. Sign up PIM for AAD Roles
NEW QUESTION 125
You have an Azure Active Directory (Azure AD) tenant that contains the resources shown in the following table.
User2 is the owner of Group2.
The user and group settings for App1 are configured as shown in the following exhibit.
You enable self-service application access for App1 as shown in the following exhibit.
User3 is configured to approve access to Appl.
You need to identify the owners of Group2 and the users of Appl.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-access
NEW QUESTION 126
Your network contains an Active Directory forest named contoso.com. You have an Azure Directory (Azure AD) tenant named contoso.com.
You plan to configure synchronization by using the Express Settings installation option in Azure AD Connect.
You need to identify which roles and groups are required to perform the planned configuration. The solution must use the principle of least privilege.
Which two roles and groups should you identify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. the Domain Admins group in Active Directory
- B. the User administrator role in Azure AD
- C. the Global administrator role in Azure AD
- D. the Security administrator role in Azure AD
- E. the Enterprise Admins group in Active Directory
Answer: C,E
Explanation:
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions
NEW QUESTION 127
......
Microsoft Azure Security Engineer Associate Free Certification Exam Material from RealExamFree with 295 Questions: https://www.realexamfree.com/AZ-500-real-exam-dumps.html
AZ-500 Dumps Full Questions - Exam Study Guide: https://drive.google.com/open?id=1kQoA4U1c2ECzq7_Dy_FGijbIDSwIfc95

