Microsoft AZ-500 Exam Practice Test Instant Access

Question 1

You have an Azure subscription that contains virtual machines.

You enable just in time (JIT) VM access to all the virtual machines.

You need to connect to a virtual machine by using Remote Desktop.

What should you do first?

AFrom Azure Directory (Azure AD) Privileged Identity Management (PIM), activate the Security administrator user role.

BFrom Azure Active Directory (Azure AD) Privileged Identity Management (PIM), activate the Owner role for the virtual machine.

CFrom the Azure portal, select the virtual machine, select Connect, and then select Request access.

DFrom the Azure portal, select the virtual machine and add the Network Watcher Agent virtual machineextension.

Answer : C

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/connect-logon

Question 2

You have an on-premises network and an Azure subscription.

You have the Microsoft SQL Server instances shown in the following table.

You plan to implement Microsoft Defender for SQL.

Which SQL Server instances will be protected by Microsoft Defender for SQL?

Asql1 and sql2 only

Bsql1, sql2, andsql3 only

Csql1 sql2 and so.14 only

Dsql1, sql2, sql3, and sql4

Answer : D

Question 3

You have an Azure subscription.

You configure the subscription to use a different Azure Active Directory (Azure AD) tenant.

What are two possible effects of the change? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

ARole assignments at the subscription level are lost.

BVirtual machine managed identities are lost.

CVirtual machine disk snapshots are lost.

DExisting Azure resources are deleted.

Answer : A, B

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory

Question 4

You have an Azure subscription that uses Microsoft Defender.

You enable the CIS Microsoft Azure Foundations Benchmark v2.0.0 built-in to the subscription.

You need to ensure that when users attempt to assign custom role-based access control (RBAC) roles, they receive a custom error message that includes a link to an internal website. The solution must minimize the impact on other policies.

What should you configure?

Athe effect of the policy

Bthe remediation task of the policy

Ca policy-specific non-compliance message

Dthe default non-compliance message of the built-in

Answer : C

Question 5

You have an Azure subscription that contains an Azure Files share named share1 and a user named User1. Identity-based authentication is configured for share1.

User1 attempts to access share1 from a Windows 10 device by using SMB.

Which type of token will Azure Files use to authorize the request?

AOAuth 20

BJSON Web Token (JWT)

CKerberos

DSAML

Answer : C

https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable?tabs=azure-portal

Question 6

You have an Azure subscription named Sub1. Sub1 contains a virtual network named VNet1 that contains one subnet named Subnet1.

You create a service endpoint for Subnet1.

Subnet1 contains an Azure virtual machine named VM1 that runs Ubuntu Server 18.04.

You need to deploy Docker containers to VM1. The containers must be able to access Azure Storage resources and Azure SQL databases by using the service endpoint.

ACreate an application security group and a network security group (NSG).

BEdit the docker-compose.yml file.

CInstall the container network interface (CNI) plug-in.

Answer : C

The Azure Virtual Network container network interface (CNI) plug-in installs in an Azure Virtual Machine. The plug-in supports both Linux and Windows platform.

The plug-in assigns IP addresses from a virtual network to containers brought up in the virtual machine, attaching them to the virtual network, and connecting them directly to other containers and virtual network resources. The plug-in doesn't rely on overlay networks, or routes, for connectivity, and provides the same performance as virtual machines.

The following picture shows how the plug-in provides Azure Virtual Network capabilities to Pods:

https://docs.microsoft.com/en-us/azure/virtual-network/container-networking-overview

Question 7

From Azure Security Center, you enable Azure Container Registry vulnerability scanning of the images in

Registry1.

You perform the following actions:

Push a Windows image named Image1 to Registry1.

Push a Linux image named Image2 to Registry1.

Push a Windows image named Image3 to Registry1.

Modify Image1 and push the new image as Image4 to Registry1.

Modify Image2 and push the new image as Image5 to Registry1.

Which two images will be scanned for vulnerabilities? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

AImage4

BImage2

CImage1

DImage3

EImage5

Answer : B, C

Microsoft Azure Security Technologies AZ-500 Exam Practice Test