Microsoft AZ-500 Exam Practice Test Instant Access

Question 1

You have an Azure subscription. The subscription contains a virtual network named VNet1 that contains the subnets shown in the following table.

The subscription contains the function apps shown in the following table.

The outbound traffic of which app is controlled by using NSG1?

AApp4 only

BApp3 and App4 only

CApp2, App3, and App4 only

DApp1, App2, App3, andApp4

Answer : D

Question 2

You have a Microsoft Entra tenant that uses Microsoft Entra Permissions Management and contains the accounts shown in the following table:

Which accounts will be listed as assigned to highly privileged roles on the Azure AD insights tab in the Entra Permissions Management portal?

AAdmin1 only

BAdmin2 and Admin3 only

CAdmin2 and Admin4 only

DAdmin1. Admin2, and Admin3 only

EAdmin2. Admin3, and Admin4 only

FAdmin1. Admin2, Admin3. and Admin4

Answer : D

Question 3

You have an Azure subscription that contains an Azure key vault named Vault1 and a virtual machine named VM1. VM1 has the Key Vault VM extension installed.

For Vault1, you rotate the keys, secrets, and certificates.

What will be updated automatically on VM1?

Athe keys only

Bthe secrets only

Cthe certificates only

Dthe keys and secrets only

Ethe secrets and certificates only

Fthe keys, secrets, and certificates

Answer : C

Question 4

You have a Microsoft Entra tenant that contains three users named User1, User2, and User3.

You configure Microsoft Entra Password Protection as shown in the following exhibit.

The users perform the following tasks:

* User1 attempts to reset her password to COntOsO

* User2 attempts to reset her password to F@brikamHQ

* User3 attempts to reset her password to PrOduct123.

Which password reset attempts fail?

AUser1 only

BUser2only

CUser3 only

DUser1 and User3 only

EUser1, User2, and User3

Answer : E

Question 5

You have an Azure subscription that contains the virtual machines shown in the following table.

You are configuring Microsoft Defender for Servers.

You plan to enable adaptive application controls to create an allowlist of known-safe apps on the virtual machines. Which virtual machines support the use of adaptive application controls?

AVM1 and VM2 only

BVM2 and VM4 only

CVM2 and VM3 only

DVM1, VM2, VM3, and VM4

Answer : D

Question 6

Lab Task

Task 4

You need to ensure that when administrators deploy resources by using an Azure Resource Manager template, the deployment can access secrets in an Azure key vault named KV31330471.

Asee the task answer with step by step below

Answer : A

Grant permission to the application that is used to deploy the resources to access the secrets in the key vault. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to assign theKey Vault Secrets Userrole to the application at the scope of the key vault or individual secrets.

Enable template deployment for the key vault. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to set theenabledForTemplateDeploymentproperty of the key vault to true.

Reference the secrets in the template by using their resource ID. You can use the listSecrets function to get the resource ID of a secret in the key vault. You need to specify the name of the key vault and the name of the secret as parameters.

Deploy the template by using Azure PowerShell, Azure CLI, or REST API. You can use the New-AzResourceGroupDeployment cmdlet, the az deployment group create command, or the Deployments - Create Or Update REST API to do this. You need to provide the template file or URI and any required parameters.

Question 7

Lab Task

Task 3

You need to ensure that a user named Danny-31330471 can sign in to any SQL database on a Microsoft SQL server named web31330471 by using SQL Server Management Studio (SSMS) and Azure AD credentials.

Asee the task answer with step by step below

Answer : A

Create and register an Azure AD application. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to specify a name, such as SQLServerCTP1, and select the supported account types, such as Accounts in this organization directory only.

Grant application permissions. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to assign theDirectory.Read.Allpermission to the application and grant admin consent for your organization.

Create and assign a certificate. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to create a self-signed certificate and upload it to the application. You also need to store the certificate in Azure Key Vault and grant access policies to the application and your SQL Server.

Configure Azure AD authentication for SQL Server through Azure portal. You can use the Azure portal to do this. You need to select your SQL Server resource and enable Azure AD authentication. You also need to select your Azure AD application as theAzure AD adminfor your SQL Server.

Create logins and users. You can use SSMS or Transact-SQL to do this. You need to connect to your SQL Server as the Azure AD admin and create a login for Danny-31330471. You also need to create a user for Danny-31330471 in each database that he needs access to.

Connect with a supported authentication method. You can use SSMS or SqlClient to do this. You need to specify theAuthenticationconnection property in the connection string asActive Directory PasswordorActive Directory Integrated. You also need to provide the username and password of Danny-31330471.

Microsoft AZ-500 Microsoft Azure Security Technologies Exam Practice Test