Practice Free AZ-500 Exam Online Questions
You have an Azure subscription that contains an Azure key vault named Vault1.
In Vault1, you create a secret named Secret1.
An application developer registers an application in Azure Active Directory (Azure AD).
You need to ensure that the application can use Secret1.
What should you do?
- A . In Azure AD, create a role.
- B . In Azure Key Vault, create a key.
- C . In Azure Key Vault, create an access policy.
- D . In Azure AD, enable Azure AD Application Proxy.
C
Explanation:
"You may need to configure the target resource to allow access from your application. For example, if you request a token to Key Vault, you need to make sure you have added an access policy that includes your application’s identity. Otherwise, your calls to Key Vault will be rejected, even if they include the token" https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet
You plan to use Azure Resource Manager templates to perform multiple deployments of identically configured Azure virtual machines. The password for the administrator account of each deployment is stored as a secret in different Azure key vaults.
You need to identify a method to dynamically construct a resource ID that will designate the key vault
containing the appropriate secret during each deployment. The name of the key vault and the name of the
secret will be provided as inline parameters.
What should you use to construct the resource ID?
- A . a key vault access policy
- B . a linked template
- C . a parameters file
- D . an automation account
C
Explanation:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/key-vault-parameter?tabs=azure-cli#reference-secrets-with-dynamic-id
DRAG DROP
You create an Azure subscription with Azure AD Premium P2.
You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure roles.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Explanation:
You have an Azure subscription named Subscription1 that is linked to a Microsoft Entra tenant named contoso.com and a resource group named RG1.
You create a custom role named Role1 in contoso.com.
Where can you use Role1 for permission delegation?
- A . contoso.com only
- B . contoso.com and RG1 only
- C . contoso.com and Subscription 1 only
- D . contoso.com. RG1. and Subscription1
You have an Azure subscription that contains several Azure SQL databases and an Azure Sentinel workspace.
You need to create a saved query in the workspace to find events reported by Advanced Threat Protection for Azure SQL Database.
What should you do?
- A . From Azure CLI run the Get-AzOperationalInsightsworkspace cmdlet.
- B . From the Azure SQL Database query editor, create a Transact-SQL query.
- C . From the Azure Sentinel workspace, create a Kusto Query Language query.
- D . From Microsoft SQL Server Management Studio (SSMS), create a Transact-SQL query.
SIMULATION
Lab Task
use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password. place your cursor in the Enter password box and click on the password below.
Azure Username: User1 -28681041@ExamUsers.com
Azure Password: GpOAe4@lDg
If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 28681041
Task 8
You need to prevent HTTP connections to the rg1lod28681041n1 Azure Storage account.
In the Azure portal, search for and select the storage account named rg1lod28681041n1.
In the left pane, select Firewalls and virtual networks.
In the Firewalls and virtual networks pane, select Selected networks.
In the Selected networks pane, select Add existing virtual network.
In the Add existing virtual network pane, select the virtual network that does not allow HTTP connections.
Select Add.
You have a Microsoft Entra tenant that contains a user named User1.
You plan to enable passwordless authentication for the tenant.
You need to ensure that User1 can enable the combined registration experience. The solution must use the principle of least privilege.
Which role should you assign to User1?
- A . Security Administrator
- B . Global Administrator
- C . Privileged Role Administrator
- D . Authentication Administrator
HOTSPOT
You have an Azure Subscription that is linked to an Azure Active Directory (Azure AD).
The tenant contains the users shown in the following table.
You have an Azure key vault named Vault1 that has Purge protection set to Disabled.
Vault1 contains the access policies shown in the following table.
You create role assignments for Vault1 as shown in the following table.
For each of the following statements, Yes if the statement is true, Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT
You have an Azure subscription that contains an Azure key vault and an Azure SQL database named SQL1.
You generate a key named Key1.
You need to enable Transparent Data Encryption (TDE) for SQL1 by using Key1.
Which two settings should you modify for Key1? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You have an Azure subscription that contains an Azure key vault and an Azure SQL database named SQL1.
You generate a key named Key1.
You need to enable Transparent Data Encryption (TDE) for SQL1 by using Key1.
Which two settings should you modify for Key1? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.