Practice Free AZ-500 Exam Online Questions
You have an Azure subscription that contains the resources shown in the following Table.
You plan to enable Microsoft Defender for Cloud for the subscription.
Which resources can be protected by using Microsoft Defender for Cloud?
- A . VM1, VNET1, and storage1 only
- B . VM1, storage1, and Vault1 only
- C . VM1.VNET1, storage1, and Vault1
- D . VM1 and storage1 only
- E . VM1 and VNET only
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Sub1.
You have an Azure Storage account named Sa1 in a resource group named RG1.
Users and applications access the blob service and the file service in Sa1 by using several shared access signatures (SASs) and stored access policies.
You discover that unauthorized users accessed both the file service and the blob service.
You need to revoke all access to Sa1.
Solution: You create a lock on Sa1.
Does this meet the goal?
- A . Yes
- B . No
You create a new Azure subscription.
You need to ensure that you can create custom alert rules in Azure Security Center.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Onboard Azure Active Directory (Azure AD) Identity Protection.
- B . Create an Azure Storage account.
- C . Implement Azure Advisor recommendations.
- D . Create an Azure Log Analytics workspace.
- E . Upgrade the pricing tier of Security Center to Standard.
You have 10 on-premises servers that run Windows Server 2019.
You plan to implement Azure Security Center vulnerability scanning for the servers.
What should you install on the servers first?
- A . the Security Events data connector in Azure Sentinel
- B . the Microsoft Endpoint Configuration Manager client
- C . the Azure Arc enabled servers Connected Machine agent
- D . the Microsoft Defender for Endpoint agent
You have 10 on-premises servers that run Windows Server 2019.
You plan to implement Azure Security Center vulnerability scanning for the servers.
What should you install on the servers first?
- A . the Security Events data connector in Azure Sentinel
- B . the Microsoft Endpoint Configuration Manager client
- C . the Azure Arc enabled servers Connected Machine agent
- D . the Microsoft Defender for Endpoint agent
HOTSPOT
You have an Azure subscription named Sub1 that contains the resources shown in the following table.
You need to enable Microsoft Defender for Cloud for storage accounts and virtual machines.
At which levels can you enable Defender for Cloud for the storage accounts and the virtual machines? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point
HOTSPOT
You have a Microsoft Entra tenant named contoso.com that contains the users shown in the following table.
You add enterprise applications to contoso.com as shown in the following table.
You need to Identify which users can grant admin consent for App1 and App2.
You have been tasked with configuring an access review, which you plan to assigned to a new collection of reviews. You also have to make sure that the reviews can be reviewed by resource owners.
You start by creating an access review program and an access review control.
You now need to configure the Reviewers.
Which of the following should you set Reviewers to?
- A . Selected users.
- B . Members (Self).
- C . Group Owners.
- D . Anyone.
HOTSPOT
You have an Azure Sentinel workspace that contains an Azure Active Directory (Azure AD) connector, an Azure Log Analytics query named Query1 and a playbook named Playbook1.
Query1 returns a subset of security events generated by Azure AD.
You plan to create an Azure Sentinel analytic rule based on Query1 that will trigger Playbook1.
You need to ensure that you can add Playbook1 to the new rule.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains a resource group named RG1 and the network security groups (NSGs) shown in the following table.
You create the Azure policy shown in the following exhibit.
You assign the policy to RG1.
What will occur if you assign the policy to NSG1 and NSG2?
- A . Flow logs will be enabled for NSG1 and NSG2.
- B . Flow logs will be enabled for NSG2 only.
- C . Flow logs will be disabled for NSG1 and NSG2.
- D . Flow logs will be enabled for NSG1 only.