Microsoft AZ-500 Exam Practice Test Instant Access

Question 1

You have an Azure subscription named Sub1 that has Security defaults disabled. The subscription contains the following users:

* Five users that have owner permissions for Sub1.

* Ten users that have owner permissions for Azure resources.

None of the users have multi-factor authentication (MFA) enabled.

Sub1 has the secure score as shown in the Secure Score exhibit. (Click the Secure Score tab.)

You plan to enable MFA for the following users:

* Five users that have owner permissions for Sub1.

* Five users that have owner permissions for Azure resources.

By how many points will the secure score increase after you perform the planned changes?

C7.5

D10

E14

Answer : C

Question 2

You have an Azure subscription that contains the subnets shown in the following table.

The subscription contains Azure web app named WebApp1 that has the following configurations.

* Region West Us

* Virtual network VNet1

* VNet integration on: Enabled

* Outbound subnet: Subnet11

* Windows plan (West US): ASP1

You plan to deploy an Azure web app named WebApp2 that will have the following settings:

* Region: West US

* VNet integration on-Enabled

* Windows plan (West UAS): WebApp2?

To which subnets can you integrate WebApp2?

ASubnet11 only

BSubnet2 only

CSubnet11 or subnet12 only

DSubnet2 or Subnet21 only

ESubnet11, subnet2, or Subnet21

Answer : C

Question 3

You have an Azure subscription that contains a storage account and an Azure web app named App1.

App1 connects to an Azure Cosmos DB database named Cosmos1 that uses a private endpoint named Endpoint1. Endpoint1 has the default settings.

You need to validate the name resolution to Cosmos1.

Which DNS zone should you use?

AEndpoint1. Privatelink,blob,core,windows,net

BEndpoint1. Privatelink,database,azure,com

CEndpoint1. Privatelink,azurewebsites,net

DEndpoint1. Privatelink,documents,azure,com

Answer : D

Question 4

You have an Azure subscription that contains an Azure web app named 1 and a virtual machine named VM1. VM1 runs Microsoft SQL Server and is connected to a virtual network named VNet1. App1, VM1, and Vent are in the US Central Azure region.

You need to ensure that App1 can connect to VM1. The solution must minimize costs.

ANAT gateway integration

BAzure Front Door

Cregional virtual network integration

Dgateway-required virtual network integration

EAzure Application Gateway integration

Answer : C

Question 5

You have an Azure subscription that contains the resources show in the following table.

Both VM1 and VM2 connect to VNET1 and are configured to use NSG1.

You need to ensure that only VM1 and VM2 can access DB1.

What should you do?

AAdd the IP address range of VNET1 to the Firewall setting of DB1.

BFor NSG1, configure a rule that has a service tag.

CCreate an application security group.

DConfigure DB1 to allow access from only VNET1.

Answer : B

Question 6

You have an Azure subscription that uses Microsoft Defender for Cloud.

You have an Amazon Web Services (AWS) account.

You need to ensure that when you deploy a new AWS Elastic Compute Cloud (EC2) instance, the Microsoft Defender for Servers agent installs automatically.

What should you configure first?

Athe log Analytics agent

Bthe Azure Monitor agent

Cthe native cloud connector

Dthe classic cloud connector

Answer : A

Question 7

You have an Azure AD tenant that contains the users shown in the following table.

You need to ensure that the users cannot create app passwords. The solution must ensure that User1 can continue to use the Mail and Calendar app.

What should you do?

AAssign User! the Authentication Policy Administrator role.

BEnable Azure AD Password Protection.

CConfigure a multi-factor authentication (MFA) registration policy.

DCreate a new app registration.

Answer : C

Microsoft AZ-500 Microsoft Azure Security Technologies Exam Practice Test