Weekend Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

AZ-500 Microsoft Azure Security Technologies Questions and Answers

Questions 4

Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure Active Directory (Azure AD). Azure AD Connect is installed on a domain member server named Server1.

You need to ensure that a domain administrator for the adatum.com domain can modify the synchronization options. The solution must use the principle of least privilege.

Which Azure AD role should you assign to the domain administrator?

Options:

A.

Security administrator

B.

Global administrator

C.

User administrator

Buy Now
Questions 5

You have an Azure Storage account that contains a blob container named container1 and a client application named App1.

You need to enable App1 access to container1 by using Azure Active Directory (Azure AD) authentication.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-500 Question 5

Options:

Buy Now
Questions 6

You have an Azure subscription that contains the resources shown in the following table.

AZ-500 Question 6

You perform the following tasks:

Create a managed identity named Managed1.

Create a Microsoft 365 group named Group1.

You need to identify which service principals were created and which identities can be assigned the Reader role for RG1. What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

AZ-500 Question 6

Options:

Buy Now
Questions 7

You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com.

You are assigned the Global administrator role for the tenant. You are responsible for managing Azure Security Center settings.

You need to create a custom sensitivity label.

What should you do first?

Options:

A.

Create a custom sensitive information type.

B.

Elevate access for global administrators in Azure AD.

C.

Upgrade the pricing tier of the Security Center to Standard.

D.

Enable integration with Microsoft Cloud App Security.

Buy Now
Questions 8

You are evaluating the security of VM1, VM2, and VM3 in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

AZ-500 Question 8

Options:

Buy Now
Questions 9

You need to meet the technical requirements for the finance department users.

Which CAPolicy1 settings should you modify?

Options:

A.

Cloud apps or actions

B.

Conditions

C.

Grant

D.

Session

Buy Now
Questions 10

You assign User8 the Owner role for RG4, RG5, and RG6.

In which resource groups can User8 create virtual networks and NSGs? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-500 Question 10

Options:

Buy Now
Questions 11

You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server 2016.

You need to implement a policy to ensure that each virtual machine has a custom antimalware virtual machine extension installed.

How should you complete the policy? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-500 Question 11

Options:

Buy Now
Questions 12

You have 15 Azure virtual machines in a resource group named RG1.

All virtual machines run identical applications.

You need to prevent unauthorized applications and malware from running on the virtual machines.

What should you do?

Options:

A.

Configure Azure Active Directory (Azure AD) Identity Protection.

B.

From Microsoft Defender for Cloud, configure adaptive application controls.

C.

Apply an Azure policy to RGI.

D.

Apply a resource lock to RGI.

Buy Now
Questions 13

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

AZ-500 Question 13

From Azure AD Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as shown in the following exhibit.

AZ-500 Question 13

From PIM, you assign the Security Administrator role to the following groups:

    Group1: Active assignment type, permanently assigned

    Group2: Eligible assignment type, permanently eligible

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

AZ-500 Question 13

Options:

Buy Now
Questions 14

You implement the planned changes for ASG1 and ASG2.

In which NSGs can you use ASG1. and the network interfaces of which virtual machines can you assign to ASG2?

AZ-500 Question 14

Options:

Buy Now
Questions 15

You plan to implement JIT VM access. Which virtual machines will be supported?

Options:

A.

VM1 and VM3 only

B.

VM1. VM2. VM3, and VM4

C.

VM2, VM3, and VM4 only

D.

VM1 only

Buy Now
Questions 16

You need to delegate the creation of RG2 and the management of permissions for RG1. Which users can perform each task? To answer select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

AZ-500 Question 16

Options:

Buy Now
Questions 17

From Azure Security Center, you need to deploy SecPol1.

What should you do first?

Options:

A.

Enable Azure Defender.

B.

Create an Azure Management group.

C.

Create an initiative.

D.

Configure continuous export.

Buy Now
Questions 18

You need to perform the planned changes for OU2 and User1.

Which tools should you use? To answer, drag the appropriate tools to the correct resources. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

AZ-500 Question 18

Options:

Buy Now
Questions 19

You need to encrypt storage1 to meet the technical requirements. Which key vaults can you use?

Options:

A.

KeyVault1 only

B.

KeyVault2 and KeyVault3 only

C.

KeyVault1 and KeyVault3 only

D.

KeyVault1 KeyVault2 and KeyVault3

Buy Now
Questions 20

You have the hierarchy of Azure resources shown in the following exhibit.

AZ-500 Question 20

RG1, RG2, and RG3 are resource groups.

RG2 contains a virtual machine named VM1.

You assign role-based access control (RBAC) roles to the users shown in the following table.

AZ-500 Question 20

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

AZ-500 Question 20

Options:

Buy Now
Questions 21

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You have a hybrid configuration of Azure Active Directory (AzureAD).

You have an Azure HDInsight cluster on a virtual network.

You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials.

You need to configure the environment to support the planned authentication.

Solution: You create a site-to-site VPN between the virtual network and the on-premises network.

Does this meet the goal?

Options:

A.

Yes

B.

No

Buy Now
Questions 22

You have a Microsoft 365 tenant that uses an Azure Active Directory (Azure AD) tenant The Azure AD tenant syncs to an on-premises Active Directory domain by using an instance of Azure AD Connect.

You create a new Azure subscription

You discover that the synced on-premises user accounts cannot be assigned rotes in the new subscription.

You need to ensure that you can assign Azure and Microsoft 365 roles to the synced Azure AD user accounts.

What should you do first?

Options:

A.

Change the Azure AD tenant used by the new subscription.

B.

Configure the Azure AD tenant used by the new subscription to use pass-through authenticate

C.

Configure the Azure AD tenant used by the new subscription to use federated authentication.

D.

Configure a second instance of Azure AD Connect.

Buy Now
Questions 23

You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM).

A user named User1 is eligible for the Billing administrator role.

You need to ensure that the role can only be used for a maximum of two hours.

What should you do?

Options:

A.

Create a new access review.

B.

Edit the role assignment settings.

C.

Update the end date of the user assignment

D.

Edit the role activation settings.

Buy Now
Questions 24

You have an Azure subscription that contains the resources shown in the following table.

AZ-500 Question 24

You need to ensure that ServerAdmins can perform the following tasks:

Create virtual machine to the existing virtual network in RG2 only.

The solution must use the principle of least privilege.

Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

the Contributor role for the subscription

B.

the Network Contributor role for RG2

C.

A custom RBAC role for the subscription

D.

a custom RBAC role for RG2

E.

the Network Contributor role for RG1.

F.

the Virtual Machine Contributor role for RG1.

Buy Now
Questions 25

You are troubleshooting a security issue for an Azure Storage account.

You enable the diagnostic logs for the storage account.

What should you use to retrieve the diagnostics logs?

Options:

A.

Azure Storage Explorer

B.

SQL query editor in Azure

C.

File Explorer in Windows

D.

Azure Security Center

Buy Now
Questions 26

You have an Azure Active Directory (Azure AD) tenant.

You need to prevent nonprivileged Azure AD users from creating service principals in Azure AD.

What should you do in the Azure Active Directory admin center of the tenant?

Options:

A.

From the Properties Wade, set Enable Security defaults to Yes.

B.

From the Properties blade, set Access management fen Azure resources to No

C.

From the User settings blade, set Users can register applications to No

D.

From the User settings blade, set Restrict access to Azure AD administration portal to Yes.

Buy Now
Questions 27

NO: 19 DRAG DROP

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Subscription named Sub1. Sub1 contains an Azure virtual machine named VM1 that runs Windows Server 2016.

You need to encrypt VM1 disks by using Azure Disk Encryption.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

AZ-500 Question 27

Options:

Buy Now
Questions 28

You need to configure WebApp1 to meet the data and application requirements.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Options:

A.

Upload a public certificate.

B.

Turn on the HTTPS Only protocol setting.

C.

Set the Minimum TLS Version protocol setting to 1.2.

D.

Change the pricing tier of the App Service plan.

E.

Turn on the Incoming client certificates protocol setting.

Buy Now
Questions 29

You need to meet the identity and access requirements for Group1.

What should you do?

Options:

A.

Add a membership rule to Group1.

B.

Delete Group1. Create a new group named Group1 that has a membership type of Office 365. Add users and devices to the group.

C.

Modify the membership rule of Group1.

D.

Change the membership type of Group1 to Assigned. Create two groups that have dynamic memberships. Add the new groups to Group1.

Buy Now
Questions 30

You need to deploy Microsoft Antimalware to meet the platform protection requirements.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-500 Question 30

Options:

Buy Now
Questions 31

You need to ensure that the Azure AD application registration and consent configurations meet the identity and access requirements.

What should you use in the Azure portal? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-500 Question 31

Options:

Buy Now
Questions 32

You need to ensure that you can meet the security operations requirements.

What should you do first?

Options:

A.

Turn on Auto Provisioning in Security Center.

B.

Integrate Security Center and Microsoft Cloud App Security.

C.

Upgrade the pricing tier of Security Center to Standard.

D.

Modify the Security Center workspace configuration.

Buy Now
Questions 33

You need to create Role1 to meet the platform protection requirements.

How should you complete the role definition of Role1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-500 Question 33

Options:

Buy Now
Questions 34

You need to ensure that users can access VM0. The solution must meet the platform protection requirements.

What should you do?

Options:

A.

Move VM0 to Subnet1.

B.

On Firewall, configure a network traffic filtering rule.

C.

Assign RT1 to AzureFirewallSubnet.

D.

On Firewall, configure a DNAT rule.

Buy Now
Questions 35

You need to configure SQLDB1 to meet the data and application requirements.

Which three actions should you recommend be performed in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

AZ-500 Question 35

Options:

Buy Now
Questions 36

: 2 HOTSPOT

Which virtual networks in Sub1 can User2 modify and delete in their current state? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-500 Question 36

Options:

Buy Now
Questions 37

You are evaluating the effect of the application security groups on the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

AZ-500 Question 37

Options:

Buy Now
Questions 38

You are evaluating the security of the network communication between the virtual machines in Sub2.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

AZ-500 Question 38

Options:

Buy Now
Questions 39

You need to ensure that User2 can implement PIM.

What should you do first?

Options:

A.

Assign User2 the Global administrator role.

B.

Configure authentication methods for contoso.com.

C.

Configure the identity secure score for contoso.com.

D.

Enable multi-factor authentication (MFA) for User2.

Buy Now
Questions 40

What is the membership of Group1 and Group2? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

AZ-500 Question 40

Options:

Buy Now
Questions 41

You need to meet the technical requirements for VNetwork1.

What should you do first?

Options:

A.

Create a new subnet on VNetwork1.

B.

Remove the NSGs from Subnet11 and Subnet13.

C.

Associate an NSG to Subnet12.

D.

Configure DDoS protection for VNetwork1.

Buy Now
Questions 42

You plan to configure Azure Disk Encryption for VM4. Which key vault can you use to store the encryption key?

Options:

A.

KeyVault1

B.

KeyVault3

C.

KeyVault2

Buy Now
Questions 43

You need to configure support for Azure Sentinel notebooks to meet the technical requirements.

What is the minimum number of Azure container registries and Azure Machine Learning workspaces required?

AZ-500 Question 43

Options:

Buy Now
Questions 44

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You use Azure Security Center for the centralized policy management of three Azure subscriptions.

You use several policy definitions to manage the security of the subscriptions.

You need to deploy the policy definitions as a group to all three subscriptions.

Solution: You create a resource graph and an assignment that is scoped to a management group.

Does this meet the goal?

Options:

A.

Yes

B.

No

Buy Now
Questions 45

You have an Azure subscription that contains a resource group named RG1 and the network security groups (NSGs) shown in the following table.

AZ-500 Question 45

You create the Azure policy shown in the following exhibit.

AZ-500 Question 45

You assign the policy to RG1.

What will occur if you assign the policy to NSG1 and NSG2?

Options:

A.

Flow logs will be enabled for NSG1 and NSG2.

B.

Flow logs will be enabled for NSG2 only.

C.

Flow logs will be disabled for NSG1 and NSG2.

D.

Flow logs will be enabled for NSG1 only.

Buy Now
Questions 46

You have an Azure web app named WebApp1.

You upload a certificate to WebApp1.

You need to make the certificate accessible to the app code of WebApp1.

What should you do?

Options:

A.

Add a user-assigned managed identity to WebApp1.

B.

Add an app setting to the WebApp1 configuration.

C.

Enable system-assigned managed identity for the WebApp1.

D.

Configure the TLS/SSL binding for WebApp1.

Buy Now
Questions 47

Lab Task

use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password. place your cursor in the Enter password box and click on the password below.

Azure Username: Userl -28681041@ExamUsers.com

Azure Password: GpOAe4@lDg

If the Azure portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 28681041

Task 10

You need to create a new Azure AD directory named 28681041.onmicrosoft.com. The new directory must contain a new user named user1@28681041.onmicrosoft.com.

Options:

Buy Now
Questions 48

You have an Azure SQL database named DB1 that contains a table named Table.

You need to configure DB1 to meet the following requirements;

• Sensitive data in Table1 must be identified automatically.

• Only the first character and last character of the sensitive data must be displayed in query results.

Which two features should you configure? To answer, select the features in the answer area.

NOTE: Each correct selection is worth one point.

AZ-500 Question 48

Options:

Buy Now
Questions 49

You need to deploy AKS1 to meet the platform protection requirements.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.

AZ-500 Question 49

Options:

Buy Now
Questions 50

You have an Azure subscription named Subcription1 that contains the resources shown in the following table.

AZ-500 Question 50

You have an Azure subscription named Subcription2 that contains the following resources:

    An Azure Sentinel workspace

    An Azure Event Grid instance

You need to ingest the CEF messages from the NVAs to Azure Sentinel.

NOTE: Each correct selection is worth one point.

AZ-500 Question 50

Options:

Buy Now
Questions 51

You have an Azure subscription that uses Microsoft Defender for Cloud.

You plan to use the Secure Score Over Time workbook.

You need to configure the Continuous export settings for the Defender for Cloud data.

Which two settings should you configure? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

AZ-500 Question 51

Options:

Buy Now
Questions 52

You have an Azure subscription that contains the resources shown in the following Table.

AZ-500 Question 52

You plan to enable Microsoft Defender for Cloud for the subscription. Which resources can be protected by using Microsoft Defender for Cloud?

Options:

A.

VM1, VNET1, and storage1 only

B.

VM1, storage1, and Vault1 only

C.

VM1.VNET1, storage1, and Vault1

D.

VM1 and storage1 only

E.

VM1 and VNET only

Buy Now
Exam Code: AZ-500
Exam Name: Microsoft Azure Security Technologies
Last Update: Jul 13, 2025
Questions: 464

PDF + Testing Engine

$65.27  $186.49

Testing Engine

$52.32  $149.49
buy now AZ-500 testing engine

PDF (Q&A)

$48.12  $137.49
buy now AZ-500 pdf