Microsoft AZ-500 Exam Questions Instant Access

Question 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a hybrid configuration of Azure Active Directory (Azure AD).

You have an Azure HDInsight cluster on a virtual network.

You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.

You need to configure the environment to support the planned authentication.

Solution: You deploy Azure Active Directory Domain Services (Azure AD DS) to the Azure subscription.

Does this meet the goal?

AYes

BNo

Answer : A

https://docs.microsoft.com/en-us/azure/hdinsight/domain-joined/apache-domain-joined-configure-using-azure-adds

Question 2

SIMULATION

Lab Task

use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password. place your cursor in the Enter password box and click on the password below.

Azure Username: Userl -28681041@ExamUsers.com

Azure Password: GpOAe4@lDg

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 28681041

Task 8

You need to prevent HTTP connections to the rg1lod28681041n1 Azure Storage account.

ACheck belows teps in explanation for Task

Answer : A

To prevent HTTP connections to the rg1lod28681041n1 Azure Storage account, you can follow these steps:

In the Azure portal, search for and select the storage account named rg1lod28681041n1.

In the left pane, selectFirewalls and virtual networks.

In the Firewalls and virtual networks pane, selectSelected networks.

In the Selected networks pane, selectAdd existing virtual network.

In the Add existing virtual network pane, select the virtual network that does not allow HTTP connections.

SelectAdd.

Question 3

You have a Microsoft Entra tenant named contoso.com that contains a user named User1.

You register an app named App1 in contoso.com and create an app role named Role1.

You need to assign Role1 to User1.

What should you configure on the Enterprise applications blade of App1 in the Microsoft Entra admin center?

AAPI permissions

BApp roles

CUsers and groups

DRoles and administrators

Answer : C

Question 4

You plan to create an Azure Kubernetes Service (AKS) cluster in an Azure subscription.

The manifest of the registered server application is shown in the following exhibit.

You need to ensure that the AKS cluster and Azure Active Directory (Azure AD) are integrated.

Which property should you modify in the manifest?

AaccessTokenAcceptedVersion

BkeyCredentials

CgroupMembershipClaims

DacceptMappedClaims

Answer : C

https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration-cli

https://www.codeproject.com/Articles/3211864/Operation-and-Maintenance-of-AKS-Applications

Question 5

You have an Azure subscription that contains a resource group named RG1 and a security group serverless RG1 contains 10 virtual machine, a virtual network VNET1, and a network security group (NSG) named NSG1. ServerAdmins can access the virtual machines by using RDP.

You need to ensure that NSG1 only RDP connections to the virtual for a maximum of 60 minutes when a member of ServerAdmins requests access.

What should you configure?

Aan Azure Active Directory (Azure AD) Privileged identity Management (PIM) role assignment.

Ba just in time (JIT) VM access policy in Azure Security Center

Can azure policy assigned to RG1.

Dan Azure Bastion host on VNET1.

Answer : B

https://docs.microsoft.com/en-us/azure/security-center/just-in-time-explained

Question 6

You have an Azure Active Directory (Azure AD) tenant named contoso.com

You need to configure diagnostic settings for contoso.com. The solution must meet the following requirements:

* Retain loqs for two years.

* Query logs by using the Kusto query language

* Minimize administrative effort.

Where should you store the logs?

Aan Azure Log Analytics workspace

Ban Azure event hub

Can Azure Storage account

Answer : A

https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-queries

Question 7

You have an Azure subscription that contains four Azure SQL managed instances.

You need to evaluate the vulnerability of the managed instances to SQL injection attacks.

What should you do first?

ACreate an Azure Sentinel workspace.

BEnable Advanced Data Security.

CAdd the SQL Health Check solution to Azure Monitor.

DCreate an Azure Advanced Threat Protection (ATP) instance.

Answer : B

Microsoft Azure Security Technologies AZ-500 Exam Questions