Practice Free AZ-500 Exam Online Questions
You have an Azure subscription that contains an Azure key vault.
You need to configure maximum number of days for Which new keys are valid. The solution must minimize administrative effort.
What should you use?
- A . Key Vault properties
- B . Azure Policy
- C . Azure Purview
- D . Azure Blueprints
DRAG DROP
You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) data connector.
You are threat hunting suspicious traffic from a specific IP address.
You need to annotate an intermediate event stored in the workspace and be able to reference the IP address when navigating through the investigation graph.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
DRAG DROP
You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) data connector.
You are threat hunting suspicious traffic from a specific IP address.
You need to annotate an intermediate event stored in the workspace and be able to reference the IP address when navigating through the investigation graph.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
HOTSPOT
You assign User8 the Owner role for RG4, RG5, and RG6.
In which resource groups can User8 create virtual networks and NSGs? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You have a Microsoft Entra tenant named contoso.com.
You collaborate with a partner organization that has a Microsoft Entra tenant named fabrikam.com.
Fabrikam.com has multi-factor authentication (MFA) enabled for all users.
Contoso.com has the Cross-tenant access settings configured as shown in the Cross-tenant access settings exhibit. (Click the Cross-tenant access settings:
Contoso.com has the External collaboration settings configured as shown in the External collaboration settings exhibit. (Click the External collaboration settings tab.)
You create a Conditional Access policy that has the following settings:
• Name: CAPolicy1
• Assignments
o Guest or external users: B2B collaboration guest users
o Target resources
■ Include: All cloud apps o Access controls
■ Grant access
■ Require device to be marked as compliant
■ Require multi-factor authentication
■ Enable policy: On
For each of the following statements, select Yes if the statement is true, otherwise select No. NOTE: Each correct section is worth one point.
HOTSPOT
You have Azure virtual machines that have Update Management enabled.
The virtual machines are configured as shown in the following table.
You schedule two update deployments named Update1 and Update2. Update1 updates VM3.
Update2 updates VM6.
Which additional virtual machines can be updated by using Update1 and Update2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You have a management group named MG1 that contains an Azure subscription named Sub1.
Sub1 contains the resources shown in the following table.
You create an Azure Virtual Network Manager instance named AVNM1 that has the following configurations:
• Management scope: MG1
• Network groups:
o Name: Group1
■ Group members: VNet1
• Security admin configuration:
o Name: SAT
o Rule collections:
■ Name: SACollection1
■ Target network groups: Group1
■ Security admin rules:
■ Name: SARule1
■ Priority: 500
■ Action: Deny
■ Direction: Inbound
■ Source type: Any
■ Source port *
SA1 is deployed to all Azure regions.
You create a Virtual Network Manager instance named AVNM2 that has the following configurations:
• Management scope: Sub1
• Network groups:
o Name: Group2
■ Group members: VNet1
• Security admin configuration:
o Name: SA2
o Rule collections:
■ Name: SACollection2
■ Target network groups: Group2
■ Security admin rules:
■ Name: SARule2
■ Priority: 500
■ Action: Always allow
■ Direction: Inbound
■ Source type: Any
■ Source port: *
SA2 is deployed to all Azure regions.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE Each correct selection is worth one point.
You have an Azure subscription name Sub1 that contains an Azure Policy definition named Policy1.
Policy1 has the following settings:
– Definition location: Tenant Root Group
– Category: Monitoring
You need to ensure that resources that are noncompliant with Policy1 are listed in the Azure Security Center dashboard.
What should you do first?
- A . Change the Category of Policy1 to Security Center.
- B . Add Policy1 to a custom initiative.
- C . Change the Definition location of Policy1 to Sub1.
- D . Assign Policy1 to Sub1.
HOTSPOT
You have an Azure subscription that contains a storage account named contoso2023.
You need to perform the following tasks:
• Verify that identity-based authentication over SMB is enabled.
• Only grant users access to contoso2023 in the year 2023.
Which two settings should you use? To answer, select the appropriate settings in the answer area NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains an Azure SQL server named SQL1. SQL1 contains. You need to use Microsoft Defender for Cloud to complete a vulnerability assessment for DB1.
What should you do first?
- A . From Advanced Threat Protection types, select SQL injection vulnerability.
- B . Configure the Send scan report to setting.
- C . Set Periodic recurring scans to ON.
- D . Enable the Microsoft Defender for SQL plan.