Practice Free AZ-500 Exam Online Questions
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.
SQL1 has the following configurations:
• Auditing: Enabled
• Audit log destination: storage1, Workspace1 DB1 has the following configurations:
• Auditing: Enabled
• Audit log destination: storage2
DB2 has auditing disabled.
Where are the audit logs for DB1 and DB2 stored? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have an Azure subscription.
You create an Azure web app named Contoso1812 that uses an S1 App service plan.
You create a DNS record for www.contoso.com that points to the IP address of Contoso1812.
You need to ensure that users can access Contoso1812 by using the https://www.contoso.com URL.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . Turn on the system-assigned managed identity for Contoso1812.
- B . Add a hostname to Contoso1812.
- C . Scale out the App Service plan of Contoso1812.
- D . Add a deployment slot to Contoso1812.
- E . Scale up the App Service plan of Contoso1812.
- F . Upload a PFX file to Contoso1812
BF
Explanation:
B: You can configure Azure DNS to host a custom domain for your web apps. For example, you can create an Azure web app and have your users access it using either www.contoso.com or contoso.com as a fully qualified domain name (FQDN).
To do this, you have to create three records:
A root "A" record pointing to contoso.com
A root "TXT" record for verification
A "CNAME" record for the www name that points to the A record
F: To use HTTPS, you need to upload a PFX file to the Azure Web App. The PFX file will contain the SSL certificate required for HTTPS.
Reference: https://docs.microsoft.com/en-us/azure/dns/dns-web-sites-custom-Domain
HOTSPOT
You have an Azure subscription that contains the Azure Active Directory (Azure AD) resources shown in the following table.
You create the groups shown in the following table.
Which resources can you add to Group5 and Group6? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have been tasked with configuring an access review, which you plan to assigned to a new collection of reviews. You also have to make sure that the reviews can be reviewed by resource owners.
You start by creating an access review program and an access review control.
You now need to configure the Reviewers.
Which of the following should you set Reviewers to?
- A . Selected users.
- B . Members (Self).
- C . Group Owners.
- D . Anyone.
C
Explanation:
In the Reviewers section, select either one or more people to review all the users in scope. Or you can select to have the members review their own access. If the resource is a group, you can ask the group owners to review.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review
https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-programs-controls
HOTSPOT
You have an Azure subscription that uses Microsoft Defender for Cloud.
Defender for Cloud has the security alerts shown in the following exhibit.
You have an Azure subscription that contains the virtual networks shown in the following table.
The subscription contains the virtual machines shown in the following table.
On NIC1, you configure an application security group named ASG1.
On which other network interfaces can you configure ASG1?
- A . NIC2 only
- B . NIC2, NIC3, NIC4, and NIC5
- C . NIC2 and NIC3 only
- D . NIC2, NIC3, and NIC4 only
C
Explanation:
Only network interfaces in NVET1, which consists of Subnet11 and Subnet12, can be configured in ASG1, as all network interfaces assigned to an application security group have to exist in the same virtual network that the first network interface assigned to the application security group is in.
Reference: https://azure.microsoft.com/es-es/blog/applicationsecuritygroups/
You have an Azure subscription that contains a resource group named RG1 and a security group named ServerAdmins. RG1 contains 10 virtual machines, a virtual network named VNET1, and a network security group JNSG) named NSG1. ServerAdmins can access the virtual machines by using RDP.
You need to ensure that NSG1 only allows RDP connections to the virtual machines for a maximum of 60 minutes when a member of ServerAdmins requests access.
What should you configure?
- A . an Azure policy assigned to RGl
- B . a just in time (JIT) VM access policy in Microsoft Defender for Cloud
- C . an Azure AD Privileged Identity Management (PiM) role assignment
- D . an Azure Bastion host on VNET1
HOTSPOT
You have an Azure subscription that contains a resource group named RG1. RG1 contains a virtual machine named VM1 that uses Azure Active Directory (Azure AD) authentication.
You have two custom Azure roles named Role1 and Role2 that are scoped to RG1.
The permissions for Role1 are shown in the following JSON code.
The permissions for Role2 are shown in the following JSON code.
You assign the roles to the users shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT
You have an Azure subscription that contains an Azure SQL database named SQL1.
You plan to deploy a web app named App1.
You need to provide App1 with read and write access to SQL1.
The solution must meet the following requirements:
✑ Provide App1 with access to SQL1 without storing a password.
✑ Use the principle of least privilege.
✑ Minimize administrative effort.
Which type of account should App1 use to access SQL1, and which database roles should you assign to App1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/app-service/tutorial-connect-msi-sql-database?tabs=windowsclient%2Cdotnet
You have an Azure subscription that contains the resources shown in the following table.
You need to ensure that ServerAdmins can perform the following tasks:
– Create virtual machines in RG1 only.
– Connect the virtual machines to the existing virtual networks in RG2 only.
The solution must use the principle of least privilege.
Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . a custom RBAC role for RG2
- B . the Network Contributor role for RG2
- C . the Contributor role for the subscription
- D . a custom RBAC role for the subscription
- E . the Network Contributor role for RG1
- F . the Virtual Machine Contributor role for RG1
AF
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles