Microsoft AZ-500 Exam Practice Test Instant Access

Question 1

Lab Task

Task 5

A user named Debbie has the Azure app installed on her mobile device.

You need to ensure that debbie@contoso.com is alerted when a resource lock is deleted.

Asee the task answer with step by step below

Answer : A

Create an Azure Resource Manager service principal. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to specify a name and a role for the service principal, such as Contributor.

Grant permission to the service principal to access the secrets in the key vault. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to assign theKey Vault Secrets Userrole to the service principal at the scope of the key vault or individual secrets.

Enable template deployment for the key vault. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to set theenabledForTemplateDeploymentproperty of the key vault to true.

Reference the secrets in the template by using their resource ID. You can use the listSecrets function to get the resource ID of a secret in the key vault. You need to specify the name of the key vault and the name of the secret as parameters.

Deploy the template by using Azure PowerShell, Azure CLI, or REST API. You can use the New-AzResourceGroupDeployment cmdlet, the az deployment group create command, or the Deployments - Create Or Update REST API to do this. You need to provide the template file or URI and any required parameters. You also need to provide the credentials of the service principal.

Question 2

Lab Task

Task 4

You need to ensure that when administrators deploy resources by using an Azure Resource Manager template, the deployment can access secrets in an Azure key vault named KV31330471.

Asee the task answer with step by step below

Answer : A

Grant permission to the application that is used to deploy the resources to access the secrets in the key vault. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to assign theKey Vault Secrets Userrole to the application at the scope of the key vault or individual secrets.

Question 3

Lab Task

Task 2

You need to ensure that the events in the NetworkSecurityGroupRuleCounter log of the VNETOI-Subnet0-NSG network security group (NSG) are stored in the Iogs31330471 Azure Storage account for 30 days.

Asee the task answer with step by step below

Answer : A

Enable diagnostic resource logging for the NSG. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to select theRule countercategory under Logs and choose theIogs31330471storage account as the destination.

Configure the retention policy for the storage account to keep the logs for 30 days. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to specify thedaysparameter as 30 for the Set-AzStorageServiceProperty cmdlet or the az storage logging update command.

View and analyze the logs in the storage account. You can use any tool that can read JSON files, such as Azure Storage Explorer or Visual Studio Code.You can also export the logs to any visualization tool, SIEM solution, or IDS of your choice

Question 4

Lab Task

Task 1

You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.

Asee the task answer with step by step below

Answer : A

You need to configure the Network Security Group that is associated with subnet0.

1. In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET1. Alternatively, browse to

Virtual Networks in the left navigation pane.

2. In the properties of VNET1, click on Subnets. This will display the subnets in VNET1 and the Network Security Group associated to each subnet. Note the name of the Network Security Group associated to Subnet0.

3. Type Network Security Groups into the search box and select the Network Security Group associated with Subnet0.

4. In the properties of the Network Security Group, click on Inbound Security Rules.

5. Click the Add button to add a new rule.

6. In the Source field, select Service Tag.

7. In the Source Service Tag field, select Internet.

8. Leave the Source port ranges and Destination field as the default values (* and All).

9. In the Destination port ranges field, enter 7777.

10.Change the Protocol to TCP.

11.Leave the Action option as Allow.

12.Change the Priority to 100.

13.Change the Name from the default Port_8080 to something more descriptive such as Allow_TCP_7777_from_Internet. The name cannot contain spaces.

14.Click the Add button to save the new rule.

Question 5

You have an Azure subscription.

You need to deploy an Azure virtual WAN to meet the following requirements:

* Create three secured virtual hubs located in the East US, West US, and North Europe Azure regions.

* Ensure that security rules sync between the regions.

What should you use?

AAzure Firewall Manager

BAzure Virtual Network Manager

CAzure Network Function Manager

DAzure Front Door

Answer : A

Question 6

You have an Azure subscription that uses Microsoft Defender for Cloud. You have accounts for the following cloud services:

* Alibaba Cloud

* Amazon Web Services (AWS)

* Google Cloud Platform (GCP)

What can you add to Defender for Cloud?

AAWS only

BAlibaba Cloud and AWS only

CAlibaba Good and GCP only

DAWS and GCP only

EAlibaba Cloud, AWS. and GCP

Answer : D

Question 7

You have an Azure subscription that uses Microsoft Defender for Cloud.

You have an Amazon Web Services (AWS) account.

You need to ensure that when you deploy a new AWS Elastic Compute Cloud (EC2) instance, the Microsoft Defender for Servers agent installs automatically.

What should you configure first?

Athe log Analytics agent

Bthe Azure Monitor agent

Cthe native cloud connector

Dthe classic cloud connector

Answer : A

Microsoft AZ-500 Microsoft Azure Security Technologies Exam Practice Test