File Info
| Exam | Microsoft Azure Security Technologies |
| Number | AZ-500 |
| File Name | Microsoft.AZ-500.ExamSurePass.2025-03-27.348q.vcex |
| Size | 28 MB |
| Posted | Mar 27, 2025 |
| Download | Microsoft.AZ-500.ExamSurePass.2025-03-27.348q.vcex |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions. You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create a policy definition and assignments that are scoped to resource groups.
Does this meet the goal?
- Yes
- No
Correct answer: B
Explanation:
References:https://4sysops.com/archives/apply-governance-policy-to-multiple-azure-subscriptions-with-management-groups/ References:
https://4sysops.com/archives/apply-governance-policy-to-multiple-azure-subscriptions-with-management-groups/
Question 2
You have an Azure subscription named Sub1.
In Azure Security Center, you have a workflow automation named WF1. WF1 is configured to send an email message to a user named User1.
You need to modify WF1 to send email messages to a distribution group named Alerts. What should you use to modify WF1?
- Azure Application Insights
- Azure Monitor
- Azure Logic Apps Designer
- Azure DevOps
Correct answer: C
Explanation:
Reference:https://docs.microsoft.com/en-us/azure/security-center/workflow-automationhttps://docs.microsoft.com/en-us/learn/modules/resolve-threats-with-azure-security-center/6-exerciseconfigure-playbook Reference:
https://docs.microsoft.com/en-us/azure/security-center/workflow-automation
https://docs.microsoft.com/en-us/learn/modules/resolve-threats-with-azure-security-center/6-exerciseconfigure-playbook
Question 3
You plan to use Azure Log Analytics to collect logs from 200 servers that run Windows Server 2016.
You need to automate the deployment of the Microsoft Monitoring Agent to all the servers by using an Azure Resource Manager template.
How should you complete the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
References:https://blogs.technet.microsoft.com/manageabilityguys/2015/11/19/enabling-the-microsoft-monitoring-agent-in-windows-json-templates/ References:
https://blogs.technet.microsoft.com/manageabilityguys/2015/11/19/enabling-the-microsoft-monitoring-agent-in-windows-json-templates/
Question 4
You have Azure Resource Manager templates that you use to deploy Azure virtual machines.
You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.
What should you use?
- device compliance policies in Microsoft Intune
- Azure Automation State Configuration
- application security groups
- Azure Advisor
Correct answer: B
Explanation:
You can use Azure Automation State Configuration to manage Azure VMs (both Classic and Resource Manager), on-premises VMs, Linux machines, AWS VMs, and on-premises physical machines.Note: Azure Automation State Configuration provides a DSC pull server similar to the Windows Feature DSCService so that target nodes automatically receive configurations, conform to the desired state, and report back on their compliance. The built-in pull server in Azure Automation eliminates the need to set up and maintain your own pull server. Azure Automation can target virtual or physical Windows or Linux machines, in the cloud or on- premises.References:https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started You can use Azure Automation State Configuration to manage Azure VMs (both Classic and Resource Manager), on-premises VMs, Linux machines, AWS VMs, and on-premises physical machines.
Note: Azure Automation State Configuration provides a DSC pull server similar to the Windows Feature DSCService so that target nodes automatically receive configurations, conform to the desired state, and report back on their compliance. The built-in pull server in Azure Automation eliminates the need to set up and maintain your own pull server. Azure Automation can target virtual or physical Windows or Linux machines, in the cloud or on- premises.
References:
https://docs.microsoft.com/en-us/azure/automation/automation-dsc-getting-started
Question 5
You plan to create an Azure Kubernetes Service (AKS) cluster in an Azure subscription. The manifest of the registered server application is shown in the following exhibit.
You need to ensure that the AKS cluster and Azure Active Directory (Azure AD) are integrated.
Which property should you modify in the manifest?
- accessTokenAcceptedVersion
- keyCredentials
- groupMembershipClaims
- acceptMappedClaims
Correct answer: C
Explanation:
Reference:https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration-clihttps://www.codeproject.com/Articles/3211864/Operation-and-Maintenance-of-AKS- Applications Reference:
https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration-cli
https://www.codeproject.com/Articles/3211864/Operation-and-Maintenance-of-AKS- Applications
Question 6
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
You create and enforce an Azure AD Identity Protection sign-in risk policy that has the following settings:
- Assignments: Include Group1, exclude Group2
- Conditions: Sign-in risk level: Medium and above
- Access Allow access, Require multi-factor authentication
You need to identify what occurs when the users sign in to Azure AD.
What should you identify for each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct answer: To work with this question, an Exam Simulator is required.
Explanation:
References:http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policieshttps://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity- protection-risks References:
http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity- protection-risks
Question 7
You have an Azure subscription named Sub1. Sub1 has an Azure Storage account named Storage1 that contains the resources shown in the following table.
You generate a shared access signature (SAS) to connect to the blob service and the file service.
Which tool can you use to access the contents in Container1 and Share! by using the SAS? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct answer: To work with this question, an Exam Simulator is required.
Question 8
You have an Azure subscription.
You need to create and deploy an Azure policy that meets the following requirements:
- When a new virtual machine is deployed, automatically install a custom security extension.
- Trigger an autogenerated remediation task for non-compliant virtual machines to install the extension.
What should you include in the policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct answer: To work with this question, an Exam Simulator is required.
Question 9
You have an Azure subscription that contains a resource group named RG1 and a security group serverless RG1 contains 10 virtual machine, a virtual network VNET1, and a network security group (NSG) named NSG1. ServerAdmins can access the virtual machines by using RDP.
You need to ensure that NSG1 only RDP connections to the virtual for a maximum of 60 minutes when a member of ServerAdmins requests access.
What should you configure?
- an Azure Active Directory (Azure AD) Privileged identity Management (PIM) role assignment.
- a just in time (JIT) VM access policy in Azure Security Center
- an azure policy assigned to RG1.
- an Azure Bastion host on VNET1.
Correct answer: B
Explanation:
Reference:https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained Reference:
https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained
Question 10
You have an Azure subscription that contains two virtual machines named VM1 and VM2 that run Windows Server 2019.
You are implementing Update Management in Azure Automation. You plan to create a new update deployment named Update1.
You need to ensure that Update! meets the following requirements:
- Automatically applies updates to VM1 and VM2.
- Automatically adds any new Windows Server 2019 virtual machines to Update1.
What should you include in Update1?
- a security group that has a Membership type of Dynamic Device
- a security group that has a Membership type of Assigned
- a Kusto query language query
- a dynamic group query
Correct answer: D
Explanation:
Reference:https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained Reference:
https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained
