Microsoft AZ-500 Exam Practice Test Instant Access

Question 1

You have an Azure subscription that contains the subnets shown in the following table.

The subscription contains Azure web app named WebApp1 that has the following configurations.

* Region West Us

* Virtual network VNet1

* VNet integration on: Enabled

* Outbound subnet: Subnet11

* Windows plan (West US): ASP1

You plan to deploy an Azure web app named WebApp2 that will have the following settings:

* Region: West US

* VNet integration on-Enabled

* Windows plan (West UAS): WebApp2?

To which subnets can you integrate WebApp2?

ASubnet11 only

BSubnet2 only

CSubnet11 or subnet12 only

DSubnet2 or Subnet21 only

ESubnet11, subnet2, or Subnet21

Answer : C

Question 2

You have an Azure subscription that contains a storage account and an Azure web app named App1.

App1 connects to an Azure Cosmos DB database named Cosmos1 that uses a private endpoint named Endpoint1. Endpoint1 has the default settings.

You need to validate the name resolution to Cosmos1.

Which DNS zone should you use?

AEndpoint1. Privatelink,blob,core,windows,net

BEndpoint1. Privatelink,database,azure,com

CEndpoint1. Privatelink,azurewebsites,net

DEndpoint1. Privatelink,documents,azure,com

Answer : D

Question 3

You have an Azure subscription that contains an Azure web app named 1 and a virtual machine named VM1. VM1 runs Microsoft SQL Server and is connected to a virtual network named VNet1. App1, VM1, and Vent are in the US Central Azure region.

You need to ensure that App1 can connect to VM1. The solution must minimize costs.

ANAT gateway integration

BAzure Front Door

Cregional virtual network integration

Dgateway-required virtual network integration

EAzure Application Gateway integration

Answer : C

Question 4

You have an Azure subscription that contains the resources show in the following table.

Both VM1 and VM2 connect to VNET1 and are configured to use NSG1.

You need to ensure that only VM1 and VM2 can access DB1.

What should you do?

AAdd the IP address range of VNET1 to the Firewall setting of DB1.

BFor NSG1, configure a rule that has a service tag.

CCreate an application security group.

DConfigure DB1 to allow access from only VNET1.

Answer : B

Question 5

You have an Azure subscription that contains an Azure Blob storage account bolb1.

You need to configure attribute-based access control (ABAC) for blob1.

Which attributes can you use in access conditions?

Ablob index tags only

Bblob index tags and container names only

Cfile extensions and container names only

Dblob index tags, file extensions, and container names

Answer : A

Question 6

You have an Azure AD tenant that contains the users shown in the following table.

You need to ensure that the users cannot create app passwords. The solution must ensure that User1 can continue to use the Mail and Calendar app.

What should you do?

AAssign User! the Authentication Policy Administrator role.

BEnable Azure AD Password Protection.

CConfigure a multi-factor authentication (MFA) registration policy.

DCreate a new app registration.

Answer : C

Question 7

You have an Azure subscription that contains a resource group named RG1 and a security group named ServerAdmins. RG1 contains 10 virtual machines, a virtual network named VNET1, and a network security group JNSG) named NSG1. ServerAdmins can access the virtual machines by using RDP.

You need to ensure that NSG1 only allows RDP connections to the virtual machines for a maximum of 60 minutes when a member of ServerAdmins requests access.

What should you configure?

Aan Azure policy assigned to RGl

Ba just in time (JIT) VM access policy in Microsoft Defender for Cloud

Can Azure AD Privileged Identity Management (PiM) role assignment

Dan Azure Bastion host on VNET1

Answer : B

Microsoft AZ-500 Microsoft Azure Security Technologies Exam Practice Test