Practice Free AZ-500 Exam Online Questions
You have an Azure subscription that contains several Azure SQL databases and an Azure Sentinel workspace.
You need to create a saved query in the workspace to find events reported by Advanced Threat
Protection for Azure SQL Database.
What should you do?
- A . From Azure CLI run the Get-AzOperationalInsightsworkspace cmdlet.
- B . From the Azure SQL Database query editor, create a Transact-SQL query.
- C . From the Azure Sentinel workspace, create a Kusto Query Language query.
- D . From Microsoft SQL Server Management Studio (SSMS), create a Transact-SQL query.
HOTSPOT
You have a Microsoft Entra tenant that contains the users shown in the following table.
You configure the Temporary Access Pass settings as shown in the following exhibit.
You add the Temporary Access Pass authentication method to Admin2.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You plan to use Azure Resource Manager templates to perform multiple deployments of identically configured Azure virtual machines. The password for the administrator account of each deployment is stored as a secret in different Azure key vaults.
You need to identify a method to dynamically construct a resource ID that will designate the key vault containing the appropriate secret during each deployment. The name of the key vault and the name of the secret will be provided as inline parameters.
What should you use to construct the resource ID?
- A . a key vault access policy
- B . a linked template
- C . a parameters file
- D . an automation account
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain.
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to deploy Azure AD Connect and to integrate Active Directory and the Azure AD tenant.
You need to recommend an integration solution that meets the following requirements:
Ensures that password policies and user logon restrictions apply to user accounts that are synced to the Tenant Minimizes the number of servers required for the solution.
Which authentication method should you include in the recommendation?
- A . federated identity with Active Directory Federation Services (AD FS)
- B . password hash synchronization with seamless single sign-on (SSO)
- C . pass-through authentication with seamless single sign-on (SSO)
You have an Azure subscription that contains an instance of Azure Firewall Standard named AzFWL
You need to identify whether you can use the following features with AzFW1:
• TLS inspection
• Threat intelligence
• The network intrusion detection and prevention systems (IDPS)
What can you use?
- A . TLS inspection only
- B . threat intelligence only
- C . TLS inspection and the IDPS only
- D . threat intelligence and the IDPS only
- E . TLS inspection, threat intelligence, and the IDPS
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create a policy definition and assignments that are scoped to resource groups.
Does this meet the goal?
- A . Yes
- B . No
You have an Azure subscription that contains a virtual network.
The virtual network contains the subnets shown in the following table.
The subscription contains the virtual machines shown in the following table.
You enable just in time (JIT) VM access for all the virtual machines.
You need to identify which virtual machines are protected by JIT.
Which virtual machines should you identify?
- A . VM4 only
- B . VM1 and VM3 only
- C . VM1, VM3 and VM4 only
- D . VM1, VM2, VM3, and VM4
HOTSPOT
You have an Azure key vault named KeyVault1 that contains the items shown in the following table.
In KeyVault1 the following events occur in sequence:
• item is deleted.
• ltem2 and Policy1 are deleted.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have an Azure subscription that uses Microsoft Defender.
You enable the CIS Microsoft Azure Foundations Benchmark v2.0.0 built-in to the subscription.
You need to ensure that when users attempt to assign custom role-based access control (RBAC) roles, they receive a custom error message that includes a link to an internal website. The solution must minimize the impact on other policies.
What should you configure?
- A . the effect of the policy
- B . the remediation task of the policy
- C . a policy-specific non-compliance message
- D . the default non-compliance message of the built-in
HOTSPOT
You have a Microsoft Entra tenant that contains the users shown in the following table.
You configure a Conditional Access policy that has the following settings:
• Name: CAPolicy1
• Assignments
o Users or workload identities: Group1
o Target resources: All cloud apps
• Access controls
o Grant access: Require multifactor authentication
From Microsoft Authenticator settings for the tenant, the Enable and Target settings are configured as shown in the Enable and Target exhibit. (Click the Enable and Target tab.)
From Microsoft Authenticator settings for the tenant, the Configure settings are configured as shown in the Configure exhibit. (Click the Configure tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
