Microsoft AZ-500 Exam Practice Test Instant Access

Question 1

You have an Azure subscription that contains a SQL Server on Azure Virtual Machines instance named SQt1 and a Microsoft Sentinel workspace named Sentinel1.

You need to monitor security incidents on SQL1 by using Sentinel1.

What should you do first?

AOn SQL1, enable SQL1 Server audit.

BOn SQL1. install the Connected Machine agent for Azure Arc-enabled servers.

CFrom the Azure portal, create a Log Analytics workspace.

DFrom Sentinel1, enable VM insights.

Answer : A

Question 2

You have an Azure subscription named Subscription1 that is linked to a Microsoft Entra tenant named contoso.com and a resource group named RG1.

You create a custom role named Role1 in contoso.com.

Where can you use Role1 for permission delegation?

Acontoso.com only

Bcontoso.com and RG1 only

Ccontoso.com and Subscription 1 only

Dcontoso.com. RG1. and Subscription!

Answer : D

Question 3

You have an Azure subscription that contains a managed identity named Identity1 and the Azure key vaults shown in the following table.

Key Vault1 contains an access policy that grants Identity1 the following key permissions:

* Get

* List

* Wrap

* Unwrap

You need to provide Identity1 with the same permissions for KeyVault2. The solution must use the principle of least privilege.

Which role should you assign to Identity1?

AKey Vault Crypto Service Encryption User

BKey Vault Crypto User

CKey Vault Reader

DKey Vault Crypto Officer

Answer : D

Question 4

You have an Azure subscription that contains a virtual network named VNet1. The subscription contains an Azure App Service web app named App1.

You have an Azure Front Door profile named AFD1 that has an Azure Web Application Firewall (WAF) policy.

You need to ensure that all inbound traffic to App1 is filtered through AFD1.

What should you do?

AFor VNet1, configure network security group (NSG) rules.

BFor App1, configure the HTTP headers filter settings.

CFor App1, enable virtual network integration.

DConfigure Microsoft Entra application proxy.

Answer : B

Question 5

You have an Azure subscription that contains an Azure Kubernetes Service (AKS) cluster named AKS1.

You have an Azure container registry that stores container images that were deployed by using Azure DevOps Microsoft-hosted agents.

You need to ensure that administrators can access AKS1 only from specific networks. The solution must minimize administrative effort.

What should you configure for AKS1?

Aan Application Gateway Ingress Controller (AGIC)

Ba private cluster

Cauthorized IP address ranges

Da private endpoint

Answer : C

Question 6

You have an Azure AD turned that contains a user named User1.

You purchase an App named App1.

User1 needs to publish App1 by using Azure AD Application Proxy.

Which role should you assign to User1?

AHybrid identity Administrator

BCloud App Security Administrator

CApplication Administrator

DCloud Application Administrate

Answer : C

Question 7

You have an Azure subscription that uses Microsoft Defender for Cloud.

You have an Amazon Web Service (AWS) account named AWS1 that is connected to defender for Cloud.

You need to ensure that AWS foundational Security Best Practices. The solution must minimize administrate effort.

What should do you in Defender for Cloud?

ACreate a new customer assessment.

BAssign a built-in assessment.

CAssign a built-in compliance standard.

DCreate a new custom standard.

Answer : C

Microsoft AZ-500 Microsoft Azure Security Technologies Exam Practice Test