Microsoft AZ-500 Exam Practice Test Instant Access

Question 1

You have an Azure subscription that contains the virtual networks shown in the following table.

The subscription contains the virtual machines shown in the following table.

On NIC1, you configure an application security group named ASG1.

On which other network interfaces can you configure ASG1?

ANIC2 only

BNIC2, NIC3, NIC4, and NIC5

CNIC2 and NIC3 only

DNIC2, NIC3, and NIC4 only

Answer : C

Only network interfaces in NVET1, which consists of Subnet11 and Subnet12, can be configured in ASG1, as all network interfaces assigned to an application security group have to exist in the same virtual network that the first network interface assigned to the application security group is in.

https://azure.microsoft.com/es-es/blog/applicationsecuritygroups/

Question 2

You have an Azure subscription named Subscription1.

You need to view which security settings are assigned to Subscription1 by default.

Which Azure policy or initiative definition should you review?

Athe Audit diagnostic setting policy definition

Bthe Enable Monitoring in Azure Security Center initiative definition

Cthe Enable Azure Monitor for VMs initiative definition

Dthe Azure Monitor solution 'Security and Audit' must be deployed policy definition

Answer : B

https://docs.microsoft.com/en-us/azure/security-center/tutorial-security-policy

https://docs.microsoft.com/en-us/azure/security-center/policy-reference

Question 3

You have an Azure subscription that uses Microsoft Defender.

You enable the CIS Microsoft Azure Foundations Benchmark v2.0.0 built-in to the subscription.

You need to ensure that when users attempt to assign custom role-based access control (RBAC) roles, they receive a custom error message that includes a link to an internal website. The solution must minimize the impact on other policies.

What should you configure?

Athe effect of the policy

Bthe remediation task of the policy

Ca policy-specific non-compliance message

Dthe default non-compliance message of the built-in

Answer : C

Question 4

You plan to implement JIT VM access. Which virtual machines will be supported?

AVM1 and VM3 only

BVM1. VM2. VM3, and VM4

CVM2, VM3, and VM4 only

DVM1 only

Answer : A

Overview

Question 5

You have a Microsoft Entra tenant that uses Microsoft Entra Permissions Management and contains the accounts shown in the following table:

Which accounts will be listed as assigned to highly privileged roles on the Azure AD insights tab in the Entra Permissions Management portal?

AAdmin1 only

BAdmin2 and Admin3 only

CAdmin2 and Admin4 only

DAdmin1. Admin2, and Admin3 only

EAdmin2. Admin3, and Admin4 only

FAdmin1. Admin2, Admin3. and Admin4

Answer : D

Question 6

You have an Azure subscription.

You plan to create a workflow automation in Azure Security Center that will automatically remediate a security vulnerability.

What should you create first?

Aa managed identity

Ban automation account

Can Azure function app

Dan alert rule

Ean Azure logic app

Answer : E

https://docs.microsoft.com/en-us/azure/security-center/workflow-automation

Question 7

You have an Azure subscription named Sub1 that uses Microsoft Defender for Cloud. You have the management group hierarchy shown in the following exhibit.

You create the definitions shown in the following table.

You need to use Defender for Cloud to add a security policy. Which definitions can you use as a security policy?

APolicy1 only

BPolicy1 and Initiative1 only

CInitiative1 and Initiative2 only

DInitiative1, Initiative2, and Initiatives only

EPolicy1, Initiative1, Initiative2, and Initiative3

Answer : B

Microsoft Azure Security Technologies AZ-500 Exam Practice Test