Microsoft AZ-500 Microsoft Azure Security Technologies Exam Practice Test

Page: 1 / 14
Total 460 questions
Question 1

You have an Azure subscription.

You create an Azure web app named Contoso1812 that uses an S1 App service plan.

You create a DNS record for www.contoso.com that points to the IP address of Contoso1812.

You need to ensure that users can access Contoso1812 by using the https://www.contoso.com URL.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.



Answer : B, F

B: You can configure Azure DNS to host a custom domain for your web apps. For example, you can create an Azure web app and have your users access it

using either www.contoso.com or contoso.com as a fully qualified domain name (FQDN). To do this, you have to create three records:

A root 'A' record pointing to contoso.com

A root 'TXT' record for verification

A 'CNAME' record for the www name that points to the A record

F: To use HTTPS, you need to upload a PFX file to the Azure Web App. The PFX file will contain the SSL certificate required for HTTPS.


Domain

Question 2

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.

Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.

You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.

Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced.

Solution: You recommend the use of federation with Active Directory Federation Services (AD FS).

Does the solution meet the goal?



Answer : B

A federated authentication system relies on an external trusted system to authenticate users. Some companies want to reuse their existing federated system investment with their Azure AD hybrid identity solution. The maintenance and management of the federated system falls outside the control of Azure AD. It's up to the organization by using the federated system to make sure it's deployed securely and can handle the authentication load.


https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta

Question 3

You have 10 on-premises servers that run Windows Server 2019.

You plan to implement Azure Security Center vulnerability scanning for the servers.

What should you install on the servers first?



Answer : C


https://docs.microsoft.com/en-us/azure/azure-arc/servers/agent-overview

https://docs.microsoft.com/en-us/azure/security-center/deploy-vulnerability-assessment-vm

Question 4

You have an Azure subscription named Sub1 that has Security defaults disabled. The subscription contains the following users:

* Five users that have owner permissions for Sub1.

* Ten users that have owner permissions for Azure resources.

None of the users have multi-factor authentication (MFA) enabled.

Sub1 has the secure score as shown in the Secure Score exhibit. (Click the Secure Score tab.)

You plan to enable MFA for the following users:

* Five users that have owner permissions for Sub1.

* Five users that have owner permissions for Azure resources.

By how many points will the secure score increase after you perform the planned changes?



Answer : C


Question 5

You have 15 Azure virtual machines in a resource group named RG1.

All virtual machines run identical applications.

You need to prevent unauthorized applications and malware from running on the virtual machines.

What should you do?



Answer : B

Microsoft Defender for Cloud helps you prevent, detect, and respond to threats. Defender for Cloud gives you increased visibility into, and control over, the security of your Azure resources. It provides integrated security monitoring and policy management across your Azure subscriptions. It helps detect threats that might otherwise go unnoticed, and works with a broad ecosystem of security solutions.

Defender for Cloud helps you optimize and monitor the security of your virtual machines by:

Providingsecurity recommendationsfor the virtual machines. Example recommendations include: apply system updates, configure ACLs endpoints, enable antimalware, enable network security groups, and apply disk encryption.

Monitoring the state of your virtual machines.

https://learn.microsoft.com/en-us/azure/security/fundamentals/virtual-machines-overview


Question 6

You need to encrypt storage1 to meet the technical requirements. Which key vaults can you use?



Answer : B

The storage account and the key vault must be in the same region and in the same Azure Active Directory (Azure AD) tenant, but they can be in different subscriptions.

Storage1 is in the West US region. KeyVault1 is the only key vault in the same region.


https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview

Question 7

You have an Azure subscription that contains an Azure key vault. The role assignments for the key vault are shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.



Answer : A

Answer is as image below.


Page:    1 / 14   
Total 460 questions