• support@dumpspool.com
SPECIAL LIMITED TIME DISCOUNT OFFER. USE DISCOUNT CODE TO GET 20% OFF DP2021

PDF Only

$35.00 Free Updates Upto 90 Days

  • AZ-500 Dumps PDF
  • 402 Questions
  • Updated On April 15, 2024

PDF + Test Engine

$55.00 Free Updates Upto 90 Days

  • AZ-500 Question Answers
  • 402 Questions
  • Updated On April 15, 2024

Test Engine

$45.00 Free Updates Upto 90 Days

  • AZ-500 Practice Questions
  • 402 Questions
  • Updated On April 15, 2024
Check Our Free Microsoft AZ-500 Online Test Engine Demo.

How to pass Microsoft AZ-500 exam with the help of dumps?

DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest Microsoft AZ-500 Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.

How Do I Know Microsoft AZ-500 Dumps are Worth it?

Did we mention our latest AZ-500 Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.

You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just Microsoft Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!

IT Students Are Using our Microsoft Azure Security Technologies Dumps Worldwide!

It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using Microsoft Azure Security Technologies Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.

How to Get AZ-500 Real Exam Dumps?

Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the AZ-500 exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!

Microsoft AZ-500 Exam Overview:

Aspect Details
Exam Detail Information
Exam Name Microsoft AZ-500
Exam Cost $165 USD
Total Time 180 minutes
Available Languages English, Japanese, Chinese
Passing Marks 700 out of 1000
Exam Provider Microsoft

Microsoft Azure Security Technologies Exam Topics Breakdown

Domain Weight Description
Manage Identity and Access (IAM) 20 Implement and manage Azure Active Directory (AD) users, groups, and permissions.
Implement Platform Protection and Security 25 Implement platform protection, manage security operations, and monitor security.
Manage Security Operations 15 Configure security services, manage security incidents, and implement threat protection.
Secure Data and Applications 30 Configure security for applications, implement security for data, and manage security for storage.
Manage Governance and Compliance 10 Manage security policies, manage compliance, and manage security by using Azure Security Center.
Microsoft AZ-500 Sample Question Answers

Question # 1

You have an Azure subscription that contains the resources shown in the following table. You plan to deploy an Azure Private Link service named APL1.Which resource must you reference during the creation of APL1?

A. VMSS1
B. VM1
C. SQL
D. LB1

Question # 2

You have an Azure AD tenant.You plan to implement an authentication solution to meet the following requirements:• Require number matching.• Display the geographical location when signing in.Which authentication method should you include in the solution?

A. SMS
B. Temporary Access Pass
C. Microsoft Authenticator
D. FID02 security key

Question # 3

You have an Azure subscription that uses Microsoft Defender for Cloud.You have an Amazon Web Services (AWS) account.You need to ensure that when you deploy a new AWS Elastic Compute Cloud (EC2)instance, the Microsoft Defender for Servers agent installs automatically. What should you configure first?

A. the log Analytics agent
B. the Azure Monitor agent
C. the native cloud connector
D. the classic cloud connector

Question # 4

You have an Azure subscription that contains a storage account and an Azure web appnamed App1.App1 connects to an Azure Cosmos DB database named Cosmos1 that uses a privateendpoint named Endpoint1. Endpoint1 has the default settings.You need to validate the name resolution to Cosmos1.Which DNS zone should you use?

A. Endpoint1. Privatelink,blob,core,windows,net
B. Endpoint1. Privatelink,database,azure,com
C. Endpoint1. Privatelink,azurewebsites,net
D. Endpoint1. Privatelink,documents,azure,com

Question # 5

You have an Azure subscription that is linked to an Azure AD tenant and contains theresources shown in the following table. Which resources can be assigned the Contributor role for VM1?

A. Managed1 and App1 only
B. Group1 and Managed1 only
C. Group1. Managed1, and VM2only
D. Group1, Managed1, VM1. and App1 only

Question # 6

You have an Azure subscription that contains a Microsoft Defender External Attack SurfaceManagement (Defender EASM) resource named EASM1. You review the Attack SurfaceSummary dashboard. You need to identify the following insights:• Deprecated technologies that are no longer supported• Infrastructure that will soon expireWhich section of the dashboard should you review?

A. Securing the Cloud
B. Sensitive Services
C. attack surface composition
D. Attack Surface Priorities

Question # 7

You have an Azure subscription that contains an Azure Data Lake Storage account namedsa1.You plan to deploy an app named App1 that will access sa1 and perform operations,including Read. List, Create Directory, and Delete Directory.You need to ensure that App1 can connect securely to sa1 by using a private endpointWhat is the minimum number of private endpoints required for sa1?

A. 1
B. 2
C. 3
D. 4
E. 5

Question # 8

You are troubleshooting a security issue for an Azure Storage account You enable Azure Storage Analytics logs and archive It to a storage account. What should you use to retrievethe diagnostics logs?

A. Azure Storage Explorer
B. SQL query editor in Azure
C. Azure Monitor
D. Azure Cosmos DB explorer

Question # 9

You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant. From the Azure portal, you register an enterprise application.Which additional resource will be created in Azure AD?

A. a service principal
B. an X.509 certificate
C. a managed identity
D. a user account

Question # 10

You have an Azure subscription that uses Microsoft Sentinel. You need to create a Microsoft Sentinel notebook that will use the Guided Investigation - Anomaly Lookup template.What should you create first?

A. an analytics rule
B. a Log Analytics workspace 
C. an Azure Machine Learning workspace
D. a hunting query

Question # 11

You have an Azure Active Directory (Azure AD) tenant that contains a user named Admin1. Admin1 is assigned the Application developer role. You purchase a cloud app named App1 and register App1 in Azure AD. Admin1 reports that the option to enable token encryption for App1 is unavailable. You need to ensure that Admin1 can enable token encryption for App1 in the Azure portal. What should you do?

A. Upload a certificate for App1.
B. Modify the API permissions of App1.
C. Add App1 as an enterprise application.
D. Assign Admin! the Cloud application administrator role.

Question # 12

You have an Azure subscription that contains the users shown in the following table.

A. User2 and User3 only
B. User1 and User2 only
C. User2 only
D. User1 only

Question # 13

You have a web app hosted on an on-premises server that is accessed by using a URL of https://www.contoso.com. You plan to migrate the web app to Azure. You will continue touse https://www.contoso.com. You need to enable HTTPS for the Azure web app. What should you do first?

A. Export the public key from the on-premises server and save the key as a P7b file.
B. Export the private key from the on-premises server and save the key as a PFX file that is encrypted by using TripleDES.
C. Export the public key from the on-premises server and save the key as a CER file.
D. Export the private key from the on-premises server and save the key as a PFX file that is encrypted by using AES256.

Question # 14

What should you identify?

A. Policy1 and Policy2 only
B. Initiative1 only
C. Initiative1 and Initiative2 only
D. Initiative1, Initiative2, Policy1, and Policy2

Question # 15

You perform the following tasks: Assign User1 the Network Contributor role for Subscription1. Assign User2 the Contributor role for RG1. To Subscription1 and RG1, you assign the following policy definition: External accounts with write permissions should be removed from your subscription. What is the Compliance State of the policy assignments?

A. The Compliance State of both policy assignments is Non-compliant.
B. The Compliance State of the policy assignment to Subscription1 is Compliant, and the Compliance State of the policy assignment to RG1 is Non-compliant.
C. The Compliance State of the policy assignment to Subscription1 is Non-compliant, and the Compliance State of the policy assignment to RG1 is Compliant.
D. The Compliance State of both policy assignments is Compliant.

Question # 16

A. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
B. an application security group
C. Azure Active Directory (Azure AD) conditional access
D. just in time (JIT) VM access

Question # 17

A. 1
B. 2
C. 3
D. 4

Question # 18

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect. Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced. Solution: You recommend the use of password hash synchronization and seamless SSO. Does the solution meet the goal?

A. Yes
B. No

Question # 19

You have an Azure subscription that uses Azure Active Directory (Azure AD) Privileged Identity Management (PIM). A PIM user that is assigned the User Access Administrator role reports receiving an authorization error when performing a role assignment or viewing the list of assignments. You need to resolve the issue by ensuring that the PIM service principal has the correctpermissions for the subscription. The solution must use the principle of least privilege. Which role should you assign to the PIM service principle?

A. Contributor
B. User Access Administrator
C. Managed Application Operator
D. Resource Policy Contributor

Question # 20

You have an Azure subscription name Sub1 that contains an Azure Policy definition named Policy1. Policy1 has the following settings: Definition location: Tenant Root GroupCategory: Monitoring You need to ensure that resources that are noncompliant with Policy1 are listed in the Azure Security Center dashboard. What should you do first?

A. Change the Category of Policy1 to Security Center.
B. Add Policy1 to a custom initiative.
C. Change the Definition location of Policy1 to Sub1.
D. Assign Policy1 to Sub1.

Question # 21

You have an Azure Active Directory (Azure AD) tenant named contoso.comYou need to configure diagnostic settings for contoso.com. The solution must meet thefollowing requirements:• Retain loqs for two years.• Query logs by using the Kusto query language• Minimize administrative effort.Where should you store the logs?

A. an Azure Log Analytics workspace 
B. an Azure event hub 
C. an Azure Storage account 

Question # 22

You plan to create an Azure Kubernetes Service (AKS) cluster in an Azure subscription.The manifest of the registered server application is shown in the following exhibit. You need to ensure that the AKS cluster and Azure Active Directory (Azure AD) areintegrated.Which property should you modify in the manifest?

A. accessTokenAcceptedVersion 
B. keyCredentials 
C. groupMembershipClaims 
D. acceptMappedClaims 

Question # 23

You have an Azure subscription that contains an app named App1. App1 has the appregistration shown in the following table. You need to ensure that App1 can read all user calendars and create appointments. Thesolution must use the principle of least privilege.What should you do?

A. Add a new Delegated API permission for Microsoft.Graph Calendars.ReadWrite. 
B. Add a new Application API permission for Microsoft.Graph Calendars.ReadWrite. 
C. Select Grant admin consent. 
D. Add a new Delegated API permission for Microsoft.Graph Calendars.ReadWrite.Shared. 

Question # 24

You have an Azure Active Directory (Azure AD) tenant.You need to prevent nonprivileged Azure AD users from creating service principals inAzure AD.What should you do in the Azure Active Directory admin center of the tenant?

A. From the Properties Wade, set Enable Security defaults to Yes. 
B. From the Properties blade, set Access management fen Azure resources to No 
C. From the User settings blade, set Users can register applications to No 
D. From the User settings blade, set Restrict access to Azure AD administration portal toYes. 

Question # 25

You have an Azure subscription named Sub1.In Azure Security Center, you have a workflow automation named WF1. WF1 is configuredto send an email message to a user named User1.You need to modify WF1 to send email messages to a distribution group named Alerts.What should you use to modify WF1?

A. Azure Application Insights 
B. Azure Monitor 
C. Azure Logic Apps Designer 
D. Azure DevOps 

Question # 26

You have an Azure subscription that contains 100 virtual machines and has Azure SecurityCenter Standard tier enabled.You plan to perform a vulnerability scan of each virtual machine.You need to deploy the vulnerability scanner extension to the virtual machines by using anAzure Resource Manager template.Which two values should you specify in the code to automate the deployment of theextension to the virtual machines? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

A. the user-assigned managed identity 
B. the workspace ID 
C. the Azure Active Directory (Azure AD) ID 
D. the Key Vault managed storage account key 
E. the system-assigned managed identity 
F. the primary shared key 

Question # 27

You have multiple development teams that will create apps in Azure.You plan to create a standard development environment that will be deployed for eachteam.You need to recommend a solution that will enforce resource locks across the developmentenvironments and ensure that the locks are applied in a consistent manner.What should you include in the recommendation?

A. an Azure policy 
B. an Azure Resource Manager template 
C. a management group 
D. an Azure blueprint 

Question # 28

You have an Azure Sentinel deployment.You need to create a scheduled query rule named Rule1.What should you use to define the query rule logic for Rule1?

A. a Transact-SQL statement 
B. a JSON definition 
C. GraphQL 
D. a Kusto query 

Question # 29

You have an app that uses an Azure SQL database.You need to be notified if a SQL injection attack is launched against the database.What should you do?

A. Modify the Diagnostics settings for the database. 
B. Deploy the SQL Health Check solution in Azure Monitor. 
C. Enable Azure Defender for SQL for the database. 
D. Enable server-level auditing for the database. 

Question # 30

You have an Azure subscription that contains the virtual machines shown in the followingtable. All the virtual networks are peered.You deploy Azure Bastion to VNET2.Which virtual machines can be protected by the bastion host?

A. VM1, VM2, VM3, and VM4 
B. VM1, VM2, and VM3 only 
C. VM2 and VM4 only 
D. VM2 only 

Question # 31

Your company has an Active Directory forest with a single domain, namedweylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant withthe same name.After syncing all on-premises identities to Azure AD, you are informed that users with agivenName attribute starting with LAB should not be allowed to sync toAzure AD.Which of the following actions should you take?

A. You should make use of the Synchronization Rules Editor to create an attribute-basedfiltering rule. 
B. You should configure a DNAT rule on the Firewall. 
C. B. You should configure a network traffic filtering rule on the Firewall. 
D. You should make use of Active Directory Users and Computers to create an attributebased filtering rule. 

Question # 32

Note: The question is included in a number of questions that depicts the identicalset-up. However, every question has a distinctive result. Establish if the solutionsatisfies the requirements.Your company has an Active Directory forest with a single domain, namedweylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant withthe same name.You have been tasked with integrating Active Directory and the Azure AD tenant. Youintend to deploy Azure AD Connect.Your strategy for the integration must make sure that password policies and user logonlimitations affect user accounts that are synced to the Azure AD tenant, and that theamount of necessary servers are reduced.Solution: You recommend the use of federation with Active Directory Federation Services(AD FS).Does the solution meet the goal?

A. Yes 
B. No 

Question # 33

Note: This question is part of a series of questions that present the same scenario.Each question in the series contains a unique solution that might meet the statedgoals. Some question sets might have more than one correct solution, while othersmight not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As aresult, these questions will not appear in the review screen.You have an Azure subscription named Sub1.You have an Azure Storage account named sa1 in a resource group named RG1.Users and applications access the blob service and the file service in sa1 by using severalshared access signatures (SASs) and stored access policies.You discover that unauthorized users accessed both the file service and the blob service.You need to revoke all access to sa1.Solution: You regenerate the Azure storage account access keys.Does this meet the goal?

A. Yes 
B. No 

Question # 34

You have an Azure subscription that contains two virtual machines named VM1 and VM2that run Windows Server 2019.You are implementing Update Management in Azure Automation.You plan to create a new update deployment named Update1.You need to ensure that Update! meets the following requirements:• Automatically applies updates to VM1 and VM2.• Automatically adds any new Windows Server 2019 virtual machines to Update1.What should you include in Update1?

A. a security group that has a Membership type of Dynamic Device 
B. a security group that has a Membership type of Assigned 
C. a Kusto query language query 
D. a dynamic group query

Question # 35

You have been tasked with applying conditional access policies for your company’s currentAzure Active Directory (Azure AD).The process involves assessing the risk events and risk levels.Which of the following is the risk level that should be configured for users that have leakedcredentials?

A. None 
B. Low 
C. Medium 
D. High 

Question # 36

You have 10 on-premises servers that run Windows Server 2019.You plan to implement Azure Security Center vulnerability scanning for the servers.What should you install on the servers first?

A. the Security Events data connector in Azure Sentinel 
B. the Microsoft Endpoint Configuration Manager client 
C. the Azure Arc enabled servers Connected Machine agent 
D. the Microsoft Defender for Endpoint agent 

Question # 37

You have an Azure subscription that contains four Azure SQL managed instances.You need to evaluate the vulnerability of the managed instances to SQL injection attacks.What should you do first?

A. Create an Azure Sentinel workspace. 
B. Enable Advanced Data Security. 
C. Add the SQL Health Check solution to Azure Monitor. 
D. Create an Azure Advanced Threat Protection (ATP) instance. 

Question # 38

You have an Azure subscription that contains several Azure SQL databases and an AzureSentinelworkspace.You need to create a saved query in the workspace to find events reported by AdvancedThreat Protection for Azure SQL Database.What should you do?

A. From Azure CLI run the Get-AzOperationalInsightsworkspace cmdlet. 
B. From the Azure SQL Database query editor, create a Transact-SQL query. 
C. From the Azure Sentinel workspace, create a Kusto Query Language query. 
D. From Microsoft SQL Server Management Studio (SSMS), create a Transact-SQL query. 

Question # 39

You plan to deploy an app that will modify the properties of Azure Active Directory (AzureAD) users by using Microsoft Graph. You need to ensure that the app can access AzureAD. What should you configure first?

A. a custom role-based access control (RBAQ role 
B. an external identity 
C. an Azure AD Application Proxy 
D. an app registration 

Question # 40

You have an Azure subscription.You plan to create a workflow automation in Azure Security Center that will automaticallyremediate a security vulnerability.What should you create first?

A. a managed identity 
B. an automation account 
C. an Azure function app 
D. an alert rule 
E. an Azure logic app 

Question # 41

You have an Azure subscription that contains the resources shown in the following table. You plan to enable Azure Defender for the subscription.Which resources can be protected by using Azure Defender?

A. VM1, VNET1, storage1, and Vault1 
B. VM1, VNET1, and storage1 only 
C. VM1, storage1, and Vault1 only 
D. VM1 and VNET1 only 
E. VM1 and storage1 only 

Question # 42

You have an Azure subscription that contains the resources shown in the following table. You need to ensure that ServerAdmins can perform the following tasks:Create virtual machines in RG1 only.Connect the virtual machines to the existing virtual networks in RG2 only.The solution must use the principle of least privilege.Which two role-based access control (RBAC) roles should you assign to ServerAdmins?Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

A. a custom RBAC role for RG2 
B. the Network Contributor role for RG2 
C. the Contributor role for the subscription 
D. a custom RBAC role for the subscription 
E. the Network Contributor role for RG1 
F. the Virtual Machine Contributor role for RG1 

Question # 43

You have an Azure subscription that contains an Azure SQL database named sql1.You plan to audit sql1.You need to configure the audit log destination. The solution must meet the followingrequirements:Support querying events by using the Kusto query language.Minimize administrative effort.What should you configure?

A. an event hub 
B. a storage account 
C. a Log Analytics workspace

Question # 44

You have a Microsoft 365 tenant that uses an Azure Active Directory (Azure AD) tenantThe Azure AD tenant syncs to an on-premises Active Directory domain by using aninstance of Azure AD Connect.You create a new Azure subscriptionYou discover that the synced on-premises user accounts cannot be assigned rotes in thenew subscription.You need to ensure that you can assign Azure and Microsoft 365 roles to the synced AzureAD user accounts.What should you do first?

A. Change the Azure AD tenant used by the new subscription. 
B. Configure the Azure AD tenant used by the new subscription to use pass-throughauthenticate 
C. Configure the Azure AD tenant used by the new subscription to use federatedauthentication. 
D. Configure a second instance of Azure AD Connect. 

Question # 45

Note: The question is included in a number of questions that depicts the identicalset-up. However, every question has a distinctive result. Establish if the solutionsatisfies the requirements.Your company has an Active Directory forest with a single domain, namedweylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant withthe same name.You have been tasked with integrating Active Directory and the Azure AD tenant. Youintend to deploy Azure AD Connect.Your strategy for the integration must make sure that password policies and user logonlimitations affect user accounts that are synced to the Azure AD tenant, and that theamount of necessary servers are reduced.Solution: You recommend the use of pass-through authentication and seamless SSO withpassword hash synchronization.Does the solution meet the goal?

A. Yes 
B. No 

Question # 46

You have the Azure resource shown in the following table. You need to meet the following requirements:* Internet-facing virtual machines must be protected by using network security groups(NSGs).* All the virtual machines must have disk encryption enabled.What is the minimum number of security that you should create in Azure Security Center?

A. 1 
B. 2 
C. 3 
D. 4 

Question # 47

Your company recently created an Azure subscription.You have been tasked with making sure that a specified user is able to implement AzureAD Privileged Identity Management (PIM).Which of the following is the role you should assign to the user?

A. The Global administrator role. 
B. The Security administrator role. 
C. The Password administrator role. 
D. The Compliance administrator role. 

Question # 48

You need to recommend which virtual machines to use to host App1. The solution mustmeet the technical requirements for KeyVault1.Which virtual machines should you use?

A. VM1 only 
B. VM1 and VM2 only 
C. VM1, VM2, and VM4 only 
D. VM1, VM2, VM3. and VM4 

Question # 49

You have been tasked with configuring an access review, which you plan to assigned to a new collection of reviews. You also have to make sure that the reviews can be reviewed byresource owners.You start by creating an access review program and an access review control.You now need to configure the Reviewers.Which of the following should you set Reviewers to?

A. Selected users. 
B. Members (Self). 
C. Group Owners. 
D. Anyone. 

Question # 50

You plan to implement JIT VM access. Which virtual machines will be supported?

A. VM1 and VM3 only 
B. VM1. VM2. VM3, and VM4 
C. VM2, VM3, and VM4 only 
D. VM1 only 

Question # 51

You need to meet the technical requirements for the finance department users.Which CAPolicy1 settings should you modify?

A. Cloud apps or actions 
B. Conditions 
C. Grant 
D. Session 

Question # 52

From Azure Security Center, you need to deploy SecPol1.What should you do first?

A. Enable Azure Defender. 
B. Create an Azure Management group. 
C. Create an initiative. 
D. Configure continuous export. 

Question # 53

You need to encrypt storage1 to meet the technical requirements. Which key vaults canyou use?

A. KeyVault1 only 
B. KeyVaurt2 and KeyVault3 only 
C. KeyVault1 and KeyVault3 only 
D. KeyVault1 KeyVault2 and KeyVault3 

Question # 54

You plan to configure Azure Disk Encryption for VM4 Which key vault can you use to storethe encryption key?

A. KeyVault1 
B. KeyVault3 
C. KeyVault2 

Question # 55

You have an Azure subscription named Sub1 that contains the Azure key vaults shown in the following table.  In Sub1, you create a virtual machine that has the following configurations:• Name:VM1• Size: DS2v2• Resource group: RG1• Region: West Europe• Operating system: Windows Server 2016You plan to enable Azure Disk Encryption on VM1.In which key vaults can you store the encryption key for VM1?

A. Vault1 or Vault3 only
B. Vault1, Vault2, Vault3, or Vault4
C. Vault1 only
D. Vault1 or Vault2 only

Question # 56

You have an Azure subscription linked to an Azure Active Directory Premium Plan 1 tenant.You plan to implement Azure Active Directory (Azure AD) Identity Protection.You need to ensure that you can configure a user risk policy and a sign-in risk policy.What should you do first?

A. Purchase Azure Active Directory Premium Plan 2 licenses for all users.
B. Register all users for Azure Multi-Factor Authentication (MFA).
C. Enable security defaults for Azure AD.
D. Upgrade Azure Security Center to the standard tier.

Question # 57

Your network contains an on-premises Active Directory domain named adatum.com that syncs to AzureActive Directory (Azure AD). Azure AD Connect is installed on a domain member server named Server1.You need to ensure that a domain administrator for the adatum.com domain can modify the synchronizationoptions. The solution must use the principle of least privilege.Which Azure AD role should you assign to the domain administrator?

A. Security administrator
B. Global administrator
C. User administrator

Question # 58

You have an Azure subscription named Subscription1.You need to view which security settings are assigned to Subscription1 by default.Which Azure policy or initiative definition should you review?

A. the Audit diagnostic setting policy definition
B. the Enable Monitoring in Azure Security Center initiative definition
C. the Enable Azure Monitor for VMs initiative definition
D. the Azure Monitor solution ‘Security and Audit’ must be deployed policy definition

Question # 59

You have an Azure subscription.You plan to create a custom role-based access control (RBAC) role that will provide permission to read theAzure Storage account.Which property of the RBAC role definition should you configure?

A. NotActions []
B. DataActions []
C. AssignableScopes []
D. Actions []

Question # 60

You have an Azure Active Din-dory (Azure AD) tenant named contoso.com that contains a user named User1.You plan to publish several apps in the tenant.You need to ensure that User1 can grant admin consent for the published apps.Which two possible user roles can you assign to User! to achieve this goal? Each correct answer presents acomplete solution.NOTE: Each correct selection is worth one point.

A. Application developer
B. Security administrator
C. Application administrator
D. User administrator
E. Cloud application administrator

Question # 61

You have an Azure environment.You need to identify any Azure configurations and workloads that are non-compliant with ISO 27001standards. What should you use?

A. Azure Sentinel
B. Azure Active Directory (Azure AD) Identity Protection
C. Azure Security Center
D. Azure Advanced Threat Protection (ATP)

Question # 62

You have an Azure resource group that contains 100 virtual machines.You have an initiative named Initiative1 that contains multiple policy definitions. Initiative1 is assigned to theresource group.You need to identify which resources do NOT match the policy definitions.What should you do?

A. From Azure Security Center, view the Regulatory compliance assessment.
B. From the Policy blade of the Azure Active Directory admin center, select Compliance.
C. From Azure Security Center, view the Secure Score.
D. From the Policy blade of the Azure Active Directory admin center, select Assignments.

Question # 63

Note: This question is part of a series of questions that present the same scenario. Each question in theseries contains a unique solution that might meet the stated goals. Some question sets might have morethan one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, thesequestions will not appear in the review screen.You use Azure Security Center for the centralized policy management of three Azure subscriptions.You use several policy definitions to manage the security of the subscriptions.You need to deploy the policy definitions as a group to all three subscriptions.Solution: You create an initiative and an assignment that is scoped to the Tenant Root Group managementgroup.Does this meet the goal?

A. Yes
B. No

Question # 64

You have an Azure subscription that contains a user named Adminl1 and a virtual machine named VM1. VM1 runs Windows Server 2019 and was deployed by using an Azure Resource Manager template. VM1 is the member of a backend pool of a public Azure Basic Load Balancer.Admin1 reports that VM1 is listed as Unsupported on the Just in time VM access blade of Azure Security Center.You need to ensure that Admin1 can enable just in time (JIT) VM access for VM1.What should you do? 

A. Create and configure an additional public IP address for VM 1.
B. Replace the Basic Load Balancer with an Azure Standard Load Balancer.
C. Assign an Azure Active Directory Premium Plan 1 license to Admin1.
D. Create and configure a network security group (NSG).

Question # 65

You have an Azure subscription that contains the Azure Log Analytics workspaces shown in the following table.You plan to use Azure Sentinel to monitor Windows Defender Firewall on the virtual machines.Which virtual machines you can connect to Azure Sentinel? 

A. VM1 and VM3 only
B. VM1 Only
C. VM1 and VM2 only
D. VM1, VM2, VM3 and VM4

Question # 66

You have an Azure subscription that contains several Azure SQL databases and an Azure Sentinel workspaceYou need to create a saved query in the workspace to find events reported by Advanced Threat Protection for Azure SQL Database. What should you do? 

A. From Azure CLI run the Get-AzOperationalInsightsworkspace cmdlet.
B. From the Azure SQL Database query editor, create a Transact-SQL query.
C. From the Azure Sentinel workspace, create a Kusto Query Language query.
D. From Microsoft SQL Server Management Studio (SSMS), create a Transact-SQL query.

Question # 67

You have an Azure Active Directory (Azure AD) tenant and a root management group.You create 10 Azure subscriptions and add the subscriptions to the rout management group.You need to create an Azure Blueprints definition that will be stored in the root management group.What should you do first?

A. Add an Azure Policy definition to the root management group.
B. Modify the role-based access control (RBAC) role assignments for the root management group.
C. Create a user-assigned identity.
D. Create a service principal.

Question # 68

You have an Azure subscription that contains 100 virtual machines and has Azure Security Cent,-. Standard tier enabled.You plan to perform a vulnerability scan of each virtual machine.You need to deploy the vulnerability scanner extension to the virtual machines by using an Azure Resource Manager template.Which two values should you specify in the code to automate the deployment of the extension to the virtual machines? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

A. the user assigned managed identity
B. the Key Vault managed storage account Key
C. the Azure Active Directory (Azure AD) ID
D. the system-assigned managed identity
E. the primary shared key
F. the workspace ID

Question # 69

You have the Azure virtual machines shown in the following table. Each virtual machine has a single network interface.You add the network interface of VM1 to an application security group named ASG1.You need to identify the network interfaces of which virtual machines you can add to ASG1.What should you identify?

A. VM2 only
B. VM2, VM3, VM4, and VM5
C. VM2, VM3, and VM5 only
D. Vm2 and Vm3 only

Question # 70

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.When a developer attempts to register an app named App1 in the tenant, the developer receives the error message shown in the following exhibit. You need to ensure that the developer can register App1 in the tenant.What should you do for the tenant?

A. Modify the User settings
B. Set Enable Security default to Yes.
C. Modify the Directory properties.
D. Configure the Consent and permissions settings for enterprise applications.

Question # 71

You have a Azure subscription.You enable Azure Active Directory (Azure AD) Privileged identify (PIM).Your company’s security policy for administrator accounts has the following conditions:* The accounts must use multi-factor authentication (MFA).* The account must use 20-character complex passwords.* The passwords must be changed every 180 days.* The account must be managed by using PIM.You receive alerts about the administrator who have not changed their password during the last 90 days.You need to minimize the number of generated alerts.Which PIM alert should you modify?

A. Roles don’t require multi-factor authentication for activation.
B. Administrator aren’t using their privileged roles
C. Roles are being assigned outside of Privileged identity Management
D. Potential stale accounts in a privileged role.

Question # 72

You have an Azure Active Directory (Azure AD) tenant.You have the deleted objects shown in the following table. On May 4, 2020, you attempt to restore the deleted objects by using the Azure Active Directory admin center. Which two objects can you restore? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.

A. Group1
B. Group2
C. User2
D. User1

Question # 73

You have Azure Resource Manager templates that you use to deploy Azure virtual machines. You need to disable unused Windows features automatically as instances of the virtual machines are provisioned.What should you use?

A. device configuration policies in Microsoft Intune
B. an Azure Desired State Configuration (DSC) virtual machine extension
C. security policies in Azure Security Center
D. Azure Logic Apps

Question # 74

You have a Azure subscription that contains an Azure Container Registry named Registry1. The subscription uses the Standard use tier of Azure Security Center.You upload several container images to Register1.You discover that vulnerability security scans were not performedYou need to ensured that the images are scanned for vulnerabilities when they are uploaded to Registry1.What should you do?

A. From the Azure portal modify the Pricing tier settings.
B. From Azure CLI, lock the container images.
C. Upload the container images by using AzCopy
D. Push the container images to Registry1 by using Docker

Question # 75

You have an Azure subscription that contains an Azure key vault and an Azure Storage account. The key vault contains customer-managed keys. The storage account is configured to use the customer-managed keys stored In the key vault.You plan to store data in Azure by using the following services:* Azure Files* Azure Blob storage* Azure Log Analytics* Azure Table storage* Azure Queue storageWhich two services data encryption by using the keys stored in the key vault? Each correct answer present a complete solution.NOTE: Each correct selection is worth one point.

A. Queue storage
B. Table storage
C. Azure Files
D. Blob storage

Question # 76

You have an Azure subscription that contains the resources shown in the following table.You need to ensure that ServerAdmins can perform the following tasks:Create virtual machine to the existing virtual network in RG2 only.The solution must use the principle of least privilege.Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

A. the Contributor role for the subscription
B. the Network Contributor role for RG2
C. A custom RBAC role for the subscription
D. a custom RBAC role for RG2
E. the Network Contributor role for RG1.
F. the Virtual Machine Contributor role for RG1.

Question # 77

You have an Azure subscription named Subscription1.You deploy a Linux virtual machine named VM1 to Subscription1.You need to monitor the metrics and the logs of VM1.D18912E1457D5D1DDCBD40AB3BF70D5DWhat should you use?

A. the AzurePerformanceDiagnostics extension
B. Azure HDInsight
C. Linux Diagnostic Extension (LAD) 3.0
D. Azure Analysis Services

Question # 78

You have an Azure subscription named Subcription1 that contains an Azure Active Directory (Azure AD) tenant named contosos.com and a resource group named RG1.You create a custom role named Role1 for contoso.com.You need to identify where you can use Role1 for permission delegation.What should you identify?

A. contoso.com only
B. contoso.com and RGT only
C. contoso.com and Subscription1 only
D. contoso.com, RG1, and Subcription1

Question # 79

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to rt As a result, these questions will not appear in the review screen.You have an Azure subscription named Sub1.You have an Azure Storage account named Sa1 in a resource group named RG1.Users and applications access the blob service and the file service in Sal by using several shared access signatures {SASs) and stored access policies.You discover that unauthorized users accessed both the rile service and the blob service.You need to revoke all access to Sa1.Solution: You regenerate the access keys.Does this meet the goal?

A. Yes
B. No

Question # 80

You onboard Azure Sentinel. You connect Azure Sentinel to Azure Security Center.You need to automate the mitigation of incidents in Azure Sentinel. The solution must minimize administrative effort.What should you create?

A. an alert rule
B. a playbook
C. a function app
D. a runbook