Microsoft AZ-500 Exam Practice Test Instant Access

Question 1

SIMULATION

Lab Task

Task 4

You need to ensure that when administrators deploy resources by using an Azure Resource Manager template, the deployment can access secrets in an Azure key vault named KV31330471.

Asee the task answer with step by step below

Answer : A

Grant permission to the application that is used to deploy the resources to access the secrets in the key vault. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to assign theKey Vault Secrets Userrole to the application at the scope of the key vault or individual secrets.

Enable template deployment for the key vault. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to set theenabledForTemplateDeploymentproperty of the key vault to true.

Reference the secrets in the template by using their resource ID. You can use the listSecrets function to get the resource ID of a secret in the key vault. You need to specify the name of the key vault and the name of the secret as parameters.

Deploy the template by using Azure PowerShell, Azure CLI, or REST API. You can use the New-AzResourceGroupDeployment cmdlet, the az deployment group create command, or the Deployments - Create Or Update REST API to do this. You need to provide the template file or URI and any required parameters.

Question 2

You have an Azure subscription that contains an Azure key vault named Vault1 and a virtual machine named VM1.

VM1 is connected to a virtual network named VNet1.

You need to allow access to Vault1 only from VM1.

What should you do in the Networking settings of Vault1?

AFrom the Firewalls and virtual networks tab, set Allow trusted Microsoft services to bypass this firewall to Yes for Vault1.

BFrom the Firewalls and virtual networks tab, add the IP address of VM1.

CFrom the Firewalls and virtual networks tab, add VNet1.

DFrom the Private endpoint connections tab, create a private endpoint for VM1.

Answer : D

Question 3

You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM).

A user named User1 is eligible for the Billing administrator role.

You need to ensure that the role can only be used for a maximum of two hours.

What should you do?

ACreate a new access review.

BEdit the role assignment settings.

CUpdate the end date of the user assignment

DEdit the role activation settings.

Answer : B

Question 4

You have an Azure subscription that uses Microsoft Defender for Cloud.

You have an Amazon Web Services (AWS) account.

You need to ensure that when you deploy a new AWS Elastic Compute Cloud (EC2) instance, the Microsoft Defender for Servers agent installs automatically.

What should you configure first?

Athe log Analytics agent

Bthe Azure Monitor agent

Cthe native cloud connector

Dthe classic cloud connector

Answer : A

Question 5

You have an Azure subscription that contains a

You need to grant user1 access to blob1. The solution must ensure that the access expires after six days.

What should you use?

Aa shared access policy

Ba shared access signature (SAS)

Crole-based access control (RBAC)

Da managed identity

Answer : B

Depending on how you want to authorize access to blob data in the Azure portal, you'll need specific permissions. In most cases, these permissions are provided via Azure role-based access control (Azure RBAC). For more information about Azure RBAC, seeWhat is Azure role-based access control (Azure RBAC)?.

https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-data-operations-portal

Question 6

From Azure Security Center, you need to deploy SecPol1.

What should you do first?

AEnable Azure Defender.

BCreate an Azure Management group.

CCreate an initiative.

DConfigure continuous export.

Answer : B

https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/security-center/custom-security-policies.md

https://zimmergren.net/create-custom-security-center-recommendation-with-azure-policy/

Question 7

You need to meet the technical requirements for VNetwork1.

What should you do first?

ACreate a new subnet on VNetwork1.

BRemove the NSGs from Subnet11 and Subnet13.

CAssociate an NSG to Subnet12.

DConfigure DDoS protection for VNetwork1.

Answer : A

From scenario: Deploy Azure Firewall to VNetwork1 in Sub2.

Azure firewall needs a dedicated subnet named AzureFirewallSubnet.

https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal

Microsoft AZ-500 Microsoft Azure Security Technologies Exam Practice Test