Microsoft AZ-500 Exam Practice Test Instant Access

Question 1

You have an Azure subscription that uses Microsoft Defender for Cloud.

You have an Amazon Web Services (AWS) account.

You need to add the AWS account to Defender for Cloud.

What should you do first?

AFrom the Azure portal, add the AWS enterprise application.

BFrom the AWS account, enable a security hub.

CFrom Defender for Cloud, configure the Security solutions settings.

DFrom Defender for Cloud, configure the Environment settings.

Answer : D

Question 2

You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.

You need to use the automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry.

What should you create?

Aan Azure AD user

Ba secret in Azure Key Vault

Can Azure AD group

Da role assignment

Answer : D

Question 3

You have an Azure subscription that is linked to an Azure AD tenant and contains the resources shown in the following table.

Which resources can be assigned the Contributor role for VM1?

AManaged1 and App1 only

BGroup1 and Managed1 only

CGroup1. Managed1, and VM2only

DGroup1, Managed1, VM1. and App1 only

Answer : A

Question 4

You have an Azure AD tenant.

You plan to implement an authentication solution to meet the following requirements:

* Require number matching.

* Display the geographical location when signing in.

Which authentication method should you include in the solution?

ASMS

BTemporary Access Pass

CMicrosoft Authenticator

DFID02 security key

Answer : B

Question 5

You have an Azure AD turned that contains a user named User1.

You purchase an App named App1.

User1 needs to publish App1 by using Azure AD Application Proxy.

Which role should you assign to User1?

AHybrid identity Administrator

BCloud App Security Administrator

CApplication Administrator

DCloud Application Administrate

Answer : C

Question 6

You have an Azure subscription that uses Microsoft Defender for Cloud.

You have an Amazon Web Service (AWS) account named AWS1 that is connected to defender for Cloud.

You need to ensure that AWS foundational Security Best Practices. The solution must minimize administrate effort.

What should do you in Defender for Cloud?

ACreate a new customer assessment.

BAssign a built-in assessment.

CAssign a built-in compliance standard.

DCreate a new custom standard.

Answer : C

Question 7

Lab Task

Task 5

A user named Debbie has the Azure app installed on her mobile device.

You need to ensure that debbie@contoso.com is alerted when a resource lock is deleted.

Asee the task answer with step by step below

Answer : A

Create an Azure Resource Manager service principal. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to specify a name and a role for the service principal, such as Contributor.

Grant permission to the service principal to access the secrets in the key vault. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to assign theKey Vault Secrets Userrole to the service principal at the scope of the key vault or individual secrets.

Enable template deployment for the key vault. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to set theenabledForTemplateDeploymentproperty of the key vault to true.

Reference the secrets in the template by using their resource ID. You can use the listSecrets function to get the resource ID of a secret in the key vault. You need to specify the name of the key vault and the name of the secret as parameters.

Deploy the template by using Azure PowerShell, Azure CLI, or REST API. You can use the New-AzResourceGroupDeployment cmdlet, the az deployment group create command, or the Deployments - Create Or Update REST API to do this. You need to provide the template file or URI and any required parameters. You also need to provide the credentials of the service principal.

Microsoft AZ-500 Microsoft Azure Security Technologies Exam Practice Test