AZ-500 Pre-Exam Practice Tests | (Updated 497 Questions)
Valid AZ-500 Exam Q&A PDF - One Year Free Update
Microsoft AZ-500 certification exam is an excellent choice for professionals looking to advance their careers in cloud security. Microsoft Azure Security Technologies certification is highly respected in the industry, and it demonstrates that the holder has the skills and knowledge required to secure Azure environments effectively. It also provides a solid foundation for other Azure certifications, such as the Azure Solutions Architect Expert certification.
NEW QUESTION # 203
You have an Azure SQL database named DB1 that contains a table named Table.
You need to configure DB1 to meet the following requirements;
* Sensitive data in Table1 must be identified automatically.
* Only the first character and last character of the sensitive data must be displayed in query results.
Which two features should you configure? To answer, select the features in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
1. Data Discovery & Classification
2. Dynamic Data Masking
https://learn.microsoft.com/en-us/azure/azure-sql/database/data-discovery-and-classification-overview?
view=azuresql
Data Discovery & Classification is built into Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics. It provides basic capabilities for discovering, classifying, labeling, and reporting the sensitive data in your databases.
NEW QUESTION # 204
You have an Azure subscription that contains the resources shown in the following table.
You need to configure network connectivity to meet the following requirements:
* Communication from VM1 to storage' must traverse an optimized Microsoft backbone network.
* All the outbound traffic from VM1 to the internet must be denied.
* The solution must minimize costs and administrative effort
What should you configure for VNetl and NSG1? To answer, drag the appropriate components to the correct resources. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 205
You have a hybrid configuration of Azure Active Directory (Azure AD).
All users have computers that run Windows 10 and are hybrid Azure AD joined.
You have an Azure SQL database that is configured to support Azure AD authentication.
Database developers must connect to the SQL database by using Microsoft SQL Server Management Studio (SSMS) and authenticate by using their on-premises Active Directory account.
You need to tell the developers which authentication method to use to connect to the SQL database from SSMS. The solution must minimize authentication prompts.
Which authentication method should you instruct the developers to use?
- A. Active Directory - Integrated
- B. Active Directory - Universal with MFA support
- C. Active Directory - Password
- D. SQL Login
Answer: A
Explanation:
Azure AD can be the initial Azure AD managed domain. Azure AD can also be an on-premises Active Directory Domain Services that is federated with the Azure AD.
https://www.fast2test.com/AZ-500-practice-test.html 86
Valid Fast2test AZ-500 Exam PDF Dumps - New AZ-500 Real Exam Questions
Using an Azure AD identity to connect using SSMS or SSDT
The following procedures show you how to connect to a SQL database with an Azure AD identity using SQL Server Management Studio or SQL Server Database Tools.
Active Directory integrated authentication
Use this method if you are logged in to Windows using your Azure Active Directory credentials from a federated domain.
1. Start Management Studio or Data Tools and in the Connect to Server (or Connect to Database Engine) dialog box, in the Authentication box, select Active Directory - Integrated. No password is needed or can be entered because your existing credentials will be presented for the connection.
2. Select the Options button, and on the Connection Properties page, in the Connect to database box, type the name of the user database you want to connect to. (The AD domain name or tenant ID" option is only supported for Universal with MFA connection options, otherwise it is greyed out.) Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?tabs=azure- powershell
NEW QUESTION # 206
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
From Azure AD Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as shown in the following exhibit.
From PIM, you assign the Security Administrator role to the following groups:
Group1: Active assignment type, permanently assigned
Group2: Eligible assignment type, permanently eligible
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
https://docs.microsoft.com/bs-cyrl-ba/azure/active-directory/privileged-identity-management/pim-resource-roles-configure-role-settings
NEW QUESTION # 207
You have an on-premises server named Server1.
You have an Azure subscription that contains a Microsoft Sentinel workspace named Sentinel 1.
You install the Windows Firewall solution in Sentinel1.
You need to use Microsoft Sentinel to monitor Windows Defender Firewall on Server1.
What should you install on Server1, and what should you create in the Azure subscription? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 208
You create an Azure subscription.
You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure AD roles.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
Step 1: Consent to PIM
Step: 2 Verify your identity by using multi-factor authentication (MFA) Click Verify my identity to verify your identity with Azure MFA. You'll be asked to pick an account.
Step 3: Sign up PIM for Azure AD roles
Once you have enabled PIM for your directory, you'll need to sign up PIM to manage Azure AD roles.
References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started
NEW QUESTION # 209
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com.
The company is developing an application named App1. App1 will run as a service on server that runs Windows Server 2016. App1 will authenticate to contoso.com and access Microsoft Graph to read directory data.
You need to delegate the minimum required permissions to App1.
Which three actions should you perform in sequence from the Azure portal? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
Explanation:
Step 1: Create an app registration
First the application must be created/registered.
Step 2: Add an application permission
Application permissions are used by apps that run without a signed-in user present.
Step 3: Grant permissions
NEW QUESTION # 210
You have an Azure Subscription that is linked to an Azure Active Directory (Azure AD). The tenant contains the users shown in the following table.
You have an Azure key vault named Vault1 that has Purge protection set to Disabled. Vault1 contains the access policies shown in the following table.
You create role assignments for Vault1 as shown in the following table.
For each of the following statements, Yes if the statement is true, Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 211
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
Azure AD Privileged Identity Management (PIM) is enabled for the tenant.
In PIM, the Password Administrator role has the following settings:
* Maximum activation duration (hours): 2
* Send email notifying admins of activation: Disable
* Require incident/request ticket number during activation: Disable
* Require Azure Multi-Factor Authentication for activation: Enable
* Require approval to activate this role: Enable
* Selected approver: Group1
You assign users the Password Administrator role as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Yes
Active assignments don't require the member to perform any action to use the role. Members assigned as active have the privileges assigned to the role at all times.
Box 2: No
MFA is disabled for User2 and the setting Require Azure Multi-Factor Authentication for activation is enabled.
Note: Eligible assignments require the member of the role to perform an action to use the role. Actions might include performing a multi-factor authentication (MFA) check, providing a business justification, or requesting approval from designated approvers.
Box 3: Yes
User3 is Group1, which is a Selected Approver Group
Reference:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-resource-roles-
NEW QUESTION # 212
You have an Azure subscription that is linked to a Microsoft Entra tenant. The tenant uses Microsoft Entra ID Protection.
You have 2,000 users that are each assigned a Microsoft Entra ID P2 license.
You plan to use Azure Monitor to generate an alert when a workload identity that is using leaked credentials is detected.
You need to configure the Diagnostic setting to support the planned alert. The solution must minimize administrative effort.
Which log category should you collect, and to
which destination should you send the logs? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 213
You need to create Role1 to meet the platform protection requirements.
How should you complete the role definition of Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Topic 2, Contoso
Technical Requirements
Contoso identifies the following technical requirements:
Deploy Azure Firewall to VNetWork1 in Sub2.
Register an application named App2 in contoso.com.
Whenever possible, use the principle of least privilege.
Enable Azure AD Privileged Identity Management (PIM) for contoso.com
Existing Environment
Azure AD
Contoso.com contains the users shown in the following table.
Contoso.com contains the security groups shown in the following table.
Sub1
Sub1 contains six resource groups named RG1, RG2, RG3, RG4, RG5, and RG6.
User2 creates the virtual networks shown in the following table.
Sub1 contains the locks shown in the following table.
Sub1 contains the Azure policies shown in the following table.
Sub2
Sub2 contains the virtual machines shown in the following table.
All virtual machines have the public IP addresses and the Web Server (IIS) role installed. The firewalls for each virtual machine allow ping requests and web requests.
Sub2 contains the network security groups (NSGs) shown in the following table.
NSG1 has the inbound security rules shown in the following table.
NSG2 has the inbound security rules shown in the following table.
NSG3 has the inbound security rules shown in the following table.
NSG4 has the inbound security rules shown in the following table.
NSG1, NSG2, NSG3, and NSG4 have the outbound security rules shown in the following table.
Contoso identifies the following technical requirements:
Deploy Azure Firewall to VNetwork1 in Sub2.
Register an application named App2 in contoso.com.
Whenever possible, use the principle of least privilege.
Enable Azure AD Privileged Identity Management (PIM) for contoso.com.
NEW QUESTION # 214
Your on-premises network contains the servers shown in the following table.
You have an Azure subscription that contains multiple virtual machines that run either Windows Server 2019 or SLES. You plan to implement adaptive application controls in Microsoft Defender for Cloud. Which operating systems and platforms can you monitor? To answer, select the appropriate options in the answer area.
Answer:
Explanation:
NEW QUESTION # 215
You have the Azure virtual machines shown in the following table.
For which virtual machine can you enable Update Management?
- A. VM2 and VM3 only
- B. VM1, VM2, VM3, and VM4
- C. VM2, VM3, and VM4 only
- D. VM1, VM2, and VM3 only
- E. VM1, VM2, and VM4 only
Answer: E
Explanation:
Section: [none]
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/automation/automation-update-management?toc=%2Fazure%
2Fautomation%2Ftoc.json
NEW QUESTION # 216
You have an Azure subscription that contains a user named User1 and a storage account named storage 1. The storage1 account contains the resources shown in the following table:
User1 is assigned the following roles for storage1:
* Storage Blob Data Reader
* Storage Table Data Contributor
* Storage File Data SMB Share Reader
Answer:
Explanation:
NEW QUESTION # 217
You have an Azure subscription that contains the virtual machines shown in the following table.
You have an Azure Cosmos DB account named cosmos1 configured as shown in the following exhibit.

Answer:
Explanation:
NEW QUESTION # 218
You have an Azure subscription that contains two virtual machines named VM1 and VM2 that run Windows Server 2019.
You are implementing Update Management in Azure Automation.
You plan to create a new update deployment named Update1.
You need to ensure that Update1 meets the following requirements:
* Automatically applies updates to VM1 and VM2.
* Automatically adds any new Windows Server 2019 virtual machines to Update1.
What should you include in Update1?
- A. a security group that has a Membership type of Assigned
- B. a security group that has a Membership type of Dynamic Device
- C. a dynamic group query
- D. a Kusto query language query
Answer: C
Explanation:
Explanation/Reference:
https://docs.microsoft.com/en-us/azure/automation/update-management/configure-groups
NEW QUESTION # 219
You have been tasked with applying conditional access policies for your company's current Azure Active Directory (Azure AD).
The process involves assessing the risk events and risk levels.
Which of the following is the risk level that should be configured for users that have leaked credentials?
- A. Medium
- B. High
- C. None
- D. Low
Answer: B
Explanation:
These six types of events are categorized in to 3 levels of risks - High, Medium & Low:
Table Description automatically generated
Reference:
http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/
NEW QUESTION # 220
You have the hierarchy of Azure resources shown in the following exhibit.
You create the Azure Blueprints definitions shown in the following table.
To which objects can you assign Blueprint1 and Blueprint2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 221
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
Contoso.com contains a group naming policy. The policy has a custom blocked word list rule that includes the word Contoso.
Which users can create a group named Contoso Sales in contoso.com? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-naming-policy
NEW QUESTION # 222
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
Contoso.com contains a group naming policy. The policy has a custom blocked word list rule that includes the word Contoso.
Which users can create a group named Contoso Sales in contoso.com? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-naming-policy
NEW QUESTION # 223
Your on-premises network contains the servers shown in the following table.
You have an Azure subscription That contains multiple virtual machines that run either Windows Server 2019 Of SLES.
Answer:
Explanation:
Explanation:
NEW QUESTION # 224
......
Microsoft Azure Security Technologies Free Update Certification Sample Questions: https://actualtests.test4engine.com/AZ-500-real-exam-questions.html