Microsoft AZ-500 Exam Practice Test Instant Access

Question 1

You have an Azure subscription that contains the resources shown in the following table.

You need to configure AFW1 to only allow traffic from VM1 to storage accounts in the West US Azure region. The solution must minimize administrative effort.

What should you configure?

Aa DNAT rule

Ba network rule

Can SNAT private IP address range

Dan application rule

Answer : B

Question 2

You have an Azure subscription that uses Microsoft Defender for Cloud.

You have an Amazon Web Services (AWS) account.

You need to add the AWS account to Defender for Cloud.

What should you do first?

AFrom the Azure portal, add the AWS enterprise application.

BFrom the AWS account, enable a security hub.

CFrom Defender for Cloud, configure the Security solutions settings.

DFrom Defender for Cloud, configure the Environment settings.

Answer : D

Question 3

You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.

You need to use the automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry.

What should you create?

Aan Azure AD user

Ba secret in Azure Key Vault

Can Azure AD group

Da role assignment

Answer : D

Question 4

You have an Azure subscription that is linked to an Azure AD tenant and contains the resources shown in the following table.

Which resources can be assigned the Contributor role for VM1?

AManaged1 and App1 only

BGroup1 and Managed1 only

CGroup1. Managed1, and VM2only

DGroup1, Managed1, VM1. and App1 only

Answer : A

Question 5

You have an Azure AD tenant.

You plan to implement an authentication solution to meet the following requirements:

* Require number matching.

* Display the geographical location when signing in.

Which authentication method should you include in the solution?

ASMS

BTemporary Access Pass

CMicrosoft Authenticator

DFID02 security key

Answer : B

Question 6

Lab Task

Task 5

A user named Debbie has the Azure app installed on her mobile device.

You need to ensure that debbie@contoso.com is alerted when a resource lock is deleted.

Asee the task answer with step by step below

Answer : A

Create an Azure Resource Manager service principal. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to specify a name and a role for the service principal, such as Contributor.

Grant permission to the service principal to access the secrets in the key vault. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to assign theKey Vault Secrets Userrole to the service principal at the scope of the key vault or individual secrets.

Enable template deployment for the key vault. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to set theenabledForTemplateDeploymentproperty of the key vault to true.

Reference the secrets in the template by using their resource ID. You can use the listSecrets function to get the resource ID of a secret in the key vault. You need to specify the name of the key vault and the name of the secret as parameters.

Deploy the template by using Azure PowerShell, Azure CLI, or REST API. You can use the New-AzResourceGroupDeployment cmdlet, the az deployment group create command, or the Deployments - Create Or Update REST API to do this. You need to provide the template file or URI and any required parameters. You also need to provide the credentials of the service principal.

Question 7

Lab Task

Task 4

You need to ensure that when administrators deploy resources by using an Azure Resource Manager template, the deployment can access secrets in an Azure key vault named KV31330471.

Asee the task answer with step by step below

Answer : A

Grant permission to the application that is used to deploy the resources to access the secrets in the key vault. You can use the Azure portal, Azure PowerShell, or the Azure CLI to do this. You need to assign theKey Vault Secrets Userrole to the application at the scope of the key vault or individual secrets.

Microsoft AZ-500 Microsoft Azure Security Technologies Exam Practice Test