Microsoft AZ-500 Exam Questions Instant Access

Question 1

You need to implement the planned change for VM1 to access storage1.

The solution must meet the technical requirements.

What should you do first?

AConfigure a system-assigned managed identity on VM1.

BConfigure federated identity credentials for ID1.

CAssign the Storage Blob Data Reader role to storage 1.

DAssign ID1 to VM1.

EAdd a role assignment condition to storage1.

Answer : A

Question 2

SIMULATION

Lab Task

Task 1

You need to ensure that connections from the Internet to VNET1\subnet0 are allowed only over TCP port 7777. The solution must use only currently deployed resources.

Asee the task answer with step by step below

Answer : A

You need to configure the Network Security Group that is associated with subnet0.

1. In the Azure portal, type Virtual Networks in the search box, select Virtual Networks from the search results then select VNET1. Alternatively, browse to

Virtual Networks in the left navigation pane.

2. In the properties of VNET1, click on Subnets. This will display the subnets in VNET1 and the Network Security Group associated to each subnet. Note the name of the Network Security Group associated to Subnet0.

3. Type Network Security Groups into the search box and select the Network Security Group associated with Subnet0.

4. In the properties of the Network Security Group, click on Inbound Security Rules.

5. Click the Add button to add a new rule.

6. In the Source field, select Service Tag.

7. In the Source Service Tag field, select Internet.

8. Leave the Source port ranges and Destination field as the default values (* and All).

9. In the Destination port ranges field, enter 7777.

10.Change the Protocol to TCP.

11.Leave the Action option as Allow.

12.Change the Priority to 100.

13.Change the Name from the default Port_8080 to something more descriptive such as Allow_TCP_7777_from_Internet. The name cannot contain spaces.

14.Click the Add button to save the new rule.

Question 3

Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.

After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.

You have an Azure subscription that contains the resources shown in the following table.

You have The users shown in the following table.

You create an Azure SQL managed instance named SQL1 and enable Microsoft Entra-only authentication. You need to ensure that both User1 and User2 are set as the Microsoft Entra admin for SQL1.

Solution: You set Group1 as the Microsoft Entra admin for SQL1.

Does this meet the goal?

AYes

BNo

Answer : A

Question 4

You have an Azure subscription that contains an Azure key vault named Vault1 and a virtual machine named VM1.

VM1 is connected to a virtual network named VNet1.

You need to allow access to Vault1 only from VM1.

What should you do in the Networking settings of Vault1?

AFrom the Firewalls and virtual networks tab, set Allow trusted Microsoft services to bypass this firewall to Yes for Vault1.

BFrom the Firewalls and virtual networks tab, add the IP address of VM1.

CFrom the Firewalls and virtual networks tab, add VNet1.

DFrom the Private endpoint connections tab, create a private endpoint for VM1.

Answer : D

Question 5

You have an Azure subscription that contains an Azure SQL database named sql1.

You plan to audit sql1.

You need to configure the audit log destination. The solution must meet the following requirements:

Support querying events by using the Kusto query language.

Minimize administrative effort.

What should you configure?

Aan event hub

Ba storage account

Ca Log Analytics workspace

Answer : C

https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-log-analytics-wizard

Question 6

From Azure Security Center, you need to deploy SecPol1.

What should you do first?

AEnable Azure Defender.

BCreate an Azure Management group.

CCreate an initiative.

DConfigure continuous export.

Answer : B

https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/security-center/custom-security-policies.md

https://zimmergren.net/create-custom-security-center-recommendation-with-azure-policy/

Question 7

You have an Azure subscription that contains an Azure key vault. The role assignments for the key vault are shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

ASee the answe rbelow at Explanation

Answer : A

Answer is as image below.

Microsoft Azure Security Technologies AZ-500 Exam Questions