File Info
| Exam | Microsoft Azure Security Technologies |
| Number | AZ-500 |
| File Name | Microsoft.AZ-500.ExamSurePass.2025-02-04.174q.vcex |
| Size | 15 MB |
| Posted | Feb 04, 2025 |
| Download | Microsoft.AZ-500.ExamSurePass.2025-02-04.174q.vcex |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions. You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create a policy definition and assignments that are scoped to resource groups.
Does this meet the goal?
- Yes
- No
Correct answer: B
Explanation:
References:https://4sysops.com/archives/apply-governance-policy-to-multiple-azure-subscriptions-with-management-groups/ References:
https://4sysops.com/archives/apply-governance-policy-to-multiple-azure-subscriptions-with-management-groups/
Question 2
You plan to use Azure Log Analytics to collect logs from 200 servers that run Windows Server 2016.
You need to automate the deployment of the Microsoft Monitoring Agent to all the servers by using an Azure Resource Manager template.
How should you complete the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
References:https://blogs.technet.microsoft.com/manageabilityguys/2015/11/19/enabling-the-microsoft-monitoring-agent-in-windows-json-templates/ References:
https://blogs.technet.microsoft.com/manageabilityguys/2015/11/19/enabling-the-microsoft-monitoring-agent-in-windows-json-templates/
Question 3
You have an Azure subscription.
You need to create and deploy an Azure policy that meets the following requirements:
- When a new virtual machine is deployed, automatically install a custom security extension.
- Trigger an autogenerated remediation task for non-compliant virtual machines to install the extension.
What should you include in the policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct answer: To work with this question, an Exam Simulator is required.
Question 4
You have an Azure subscription that contains a resource group named RG1 and a security group serverless RG1 contains 10 virtual machine, a virtual network VNET1, and a network security group (NSG) named NSG1. ServerAdmins can access the virtual machines by using RDP.
You need to ensure that NSG1 only RDP connections to the virtual for a maximum of 60 minutes when a member of ServerAdmins requests access.
What should you configure?
- an Azure Active Directory (Azure AD) Privileged identity Management (PIM) role assignment.
- a just in time (JIT) VM access policy in Azure Security Center
- an azure policy assigned to RG1.
- an Azure Bastion host on VNET1.
Correct answer: B
Explanation:
Reference:https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained Reference:
https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained
Question 5
You have an Azure subscription that contains two virtual machines named VM1 and VM2 that run Windows Server 2019.
You are implementing Update Management in Azure Automation. You plan to create a new update deployment named Update1.
You need to ensure that Update! meets the following requirements:
- Automatically applies updates to VM1 and VM2.
- Automatically adds any new Windows Server 2019 virtual machines to Update1.
What should you include in Update1?
- a security group that has a Membership type of Dynamic Device
- a security group that has a Membership type of Assigned
- a Kusto query language query
- a dynamic group query
Correct answer: D
Explanation:
Reference:https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained Reference:
https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained
Question 6
You have an Azure subscription that contains four Azure SQL managed instances.
You need to evaluate the vulnerability of the managed instances to SQL injection attacks. What should you do first?
- Create an Azure Sentinel workspace.
- Enable Advanced Data Security.
- Add the SQL Health Check solution to Azure Monitor.
- Create an Azure Advanced Threat Protection (ATP) instance.
Correct answer: B
Question 7
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to implement an application that will consist of the resources shown in the following table.
Users will authenticate by using their Azure AD user account and access the Cosmos DB account by using resource tokens.
You need to identify which tasks will be implemented in CosmosDB1 and WebApp1. Which task should you identify for each resource? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
CosmosDB1: Create database users and generate resource tokens.Azure Cosmos DB resource tokens provide a safe mechanism for allowing clients to read, write, and delete specific resources in an Azure Cosmos DB account according to the granted permissions.WebApp1: Authenticate Azure AD users and relay resource tokensA typical approach to requesting, generating, and delivering resource tokens to a mobile application is to use a resource token broker. The following diagram shows a high-level overview of how the sample application uses a resource token broker to manage access to the document database data: References:https://docs.microsoft.com/en-us/xamarin/xamarin-forms/data- cloud/cosmosdb/authentication CosmosDB1: Create database users and generate resource tokens.
Azure Cosmos DB resource tokens provide a safe mechanism for allowing clients to read, write, and delete specific resources in an Azure Cosmos DB account according to the granted permissions.
WebApp1: Authenticate Azure AD users and relay resource tokens
A typical approach to requesting, generating, and delivering resource tokens to a mobile application is to use a resource token broker. The following diagram shows a high-level overview of how the sample application uses a resource token broker to manage access to the document database data:
References:
https://docs.microsoft.com/en-us/xamarin/xamarin-forms/data- cloud/cosmosdb/authentication
Question 8
You have an Azure subscription that contains a user named User1 and a storage account named storage 1.
The storage1 account contains the resources shown in the following table:
User1 is assigned the following roles for storage1:
- Storage Blob Data Reader
- Storage Table Data Contributor
- Storage File Data SMB Share Reader
Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
No, Yes, No No, Yes, No
Question 9
You have an Azure Sentinel workspace that has the following data connectors:
- Azure Active Directory Identity Protection
- Common Event Format (CEF)
- Azure Firewall
You need to ensure that data is being ingested from each connector.
From the Logs query window, which table should you query for each connector? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct answer: To work with this question, an Exam Simulator is required.
Question 10
You have an Azure subscription that contains a Microsoft Sentinel workspace.
Microsoft Sentinel is configured to ingest logs from several Azure workloads. A third-party service management platform is used to manage incidents.
You need to identify which Microsoft Sentinel components to configure to meet the following requirements:
- When Microsoft Sentinel identifies a threat an incident must be created.
- A ticket must be logged in the service management platform when an incident is created in Microsoft Sentinel.
Which component should you identify for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct answer: To work with this question, an Exam Simulator is required.
