Lead4Pass AZ-500 dumps are verified and audited by a Microsoft professional team, and they really meet the requirements of the AZ-500 certification exam, covering more than 95% of the exam questions in the exam room!
And, offer the most popular study methods: AZ-500 dumps PDF, and AZ-500 dumps VCE, both study formats contain the latest certification exam questions and answers!
Therefore, the best exam solution is to use AZ-500 dumps with PDF and VCE formats: https://www.leads4pass.com/az-500.html (452 Q&A), to help you practice easily and achieve exam success.
What’s more! Part of the Lead4Pass AZ-500 dumps exam questions online for free download: https://drive.google.com/file/d/12HPlwPFA8bYwDTYmJWUuclxtHvF2q-I2/
You can also practice some of the Lead4Pass AZ-500 dumps exam questions online
| Type | Number of exam questions | Exam name | Exam code | Last updated |
| Free | 15 | Microsoft Azure Security Technologies | AZ-500 | AZ-500 dumps |
Question 1:
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
You create and enforce an Azure AD Identity Protection user risk policy that has the following settings:
1.
Assignment: Include Group1, Exclude Group2
2.
Conditions: Sign-in risk of Medium and above
3.
Access: Allow access, Require password change
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Yes
User1 is a member of Group1. Sign-in from an unfamiliar location is a risk level Medium.
Box 2: Yes
User 2 is a member of Group 1. Sign-in from the anonymous IP address is a risk level Medium.
Box 3: No
Sign-ins from IP addresses with suspicious activity are low.
Note:
Azure AD Identity Protection can detect six types of suspicious sign-in activities: Users with leaked credentials Sign-ins from anonymous IP addresses Impossible travel to atypical locations Sign-ins from infected devices Sign-ins from IP addresses with suspicious activity Sign-ins from unfamiliar locations
These six types of events are categorized into 3 levels of risks – High, Medium, and; Low
References: http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/
Question 2:
You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.
You configure an access review named Review1 as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: User3 only
Use the Members (self) option to have the users review their own role assignments.
Box 2: User3 will receive a confirmation request
Use the Should reviewer does not respond list to specify what happens for users that are not reviewed by the reviewer within the review period. This setting does not impact users who have been reviewed by the reviewers manually. If the final
reviewer\’s decision is Deny, then the user\’s access will be removed.
No change – Leave user\’s access unchanged
Remove access – Remove user\’s access
Approve access – Approve user\’s access
Take recommendations – Take the system\’s recommendation on denying or approving the user\’s continued access
References:
Question 3:
Your company has two offices in Seattle and New York. Each office connects to the Internet by using a NAT device. The offices use the IP addresses shown in the following table.
The company has an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.
The MFA service settings are configured as shown in the exhibit. (Click the Exhibit tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 2: No
The use of Microsoft Authenticator is not required.
Note: Microsoft Authenticator is a multifactor app for mobile devices that generates time-based codes used during the Two-Step Verification process.
Box 3: No
The New York IP address subnet is included in the “skip multi-factor authentication for request.
References:
https://www.cayosoft.com/difference-enabling-enforcing-mfa/
Question 4:
You have an Azure Container Registry named Registry1.
You add role assignment for Registry1 as shown in the following table.
Which users can upload images to Registry1 and download images from Registry1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: User1 and User4 only
Owner, Contributor and AcrPush can push images.
Box 2: User1, User2, and User4
All, except AcrImagineSigner, can download/pull images.
References: https://docs.microsoft.com/bs-latn-ba/azure/container-registry/container-registry-roles
Question 5:
You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server 2016.
You need to implement a policy to ensure that each virtual machine has a custom antimalware virtual machine extension installed.
How should you complete the policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: DeployIfNotExists
DeployIfNotExists executes a template deployment when the condition is met.
Box 2: Template
The details property of the DeployIfNotExists effects has all the sub-properties that define the related resources to match and the template deployment to execute.
Deployment [required]
This property should include the full template deployment as it would be passed to Microsoft.Resources/deployment
References:
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects
Question 6:
You have an Azure subscription that contains the virtual machines shown in the following table.
You create the Azure policies shown in the following table.
You create the resource locks shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
1.) cannot perform write operation because the following scope(s) are locked:
\’subscriptions/xxxx/resourceGroups/xxx\’ Please remove the lock and try again.
2.) When creating a VM in a resource group with a Read Only lock an error is shown:
“The selected resource group is read-only”
3.) Because of the read-only lock virtual machines cannot be started nor stopped when the lock is added after the machine started. (not part of this use case, but still good to know.
The article referenced in the answer states differently because that is scoped to blueprints.
The Lock Resources page states the following regarding starting VMs:
“A ReadOnly lock on a resource group that contains a virtual machine prevents all users from starting or restarting the virtual machine. These operations require a POST request.”
References:
https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
Question 7:
You have an Azure subscription named Sub1.
You create a virtual network that contains one subnet. On the subnet, you provision the virtual machines shown in the following table.
Currently, you have not provisioned any network security groups (NSGs). You need to implement network security to meet the following requirements:
1.
Allow traffic to VM4 from VM3 only.
2.
Allow traffic from the Internet to VM1 and VM2 only.
3.
Minimize the number of NSGs and network security rules.
How many NSGs and network security rules should you create? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
NSGs: 2
Network security rules: 3
Note 2: You cannot specify multiple service tags or application groups) in a security rule.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Question 8:
You have an Azure key vault.
You need to delegate administrative access to the key vault to meet the following requirements:
1.
Provide a user named User1 with the ability to set advanced access policies for the key vault.
2.
Provide a user named User2 with the ability to add and delete certificates in the key vault.
3.
Use the principle of least privilege.
What should you use to assign access to each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
User1: RBAC
RBAC is used as the Key Vault access control mechanism for the management plane. It would allow a user with the proper identity to:
1.
set Key Vault access policies
2.
create, read, update, and delete key vaults
3.
set Key Vault tags
Note: Role-based access control (RBAC) is a system that provides fine-grained access management of Azure resources. Using RBAC, you can segregate duties within your team and grant only the amount of access to users that they need to
perform their jobs.
User2: A key vault access policy
A key vault access policy is the access control mechanism to get access to the key vault data plane. Key Vault access policies grant permissions separately to keys, secrets, and certificates.
References:
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault
Question 9:
You have two Azure virtual machines in the East US2 region as shown in the following table.
You deploy and configure an Azure Key vault.
You need to ensure that you can enable Azure Disk Encryption on VM1 and VM2.
What should you modify on each virtual machine? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
VM1: The Tier
The Tier needs to be upgraded to standard.
Disk Encryption for Windows and Linux IaaS VMs is in General Availability in all Azure public regions and Azure Government regions for Standard VMs and VMs with Azure Premium Storage.
VM2: The type
Need to change the VM type to any of A, D, DS, G, GS, F, and so on, series IaaS VMs.
Not the operating system version: Ubuntu 16.04 is supported.
References:
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-overview
Question 10:
You plan to use Azure Log Analytics to collect logs from 200 servers that run Windows Server 2016.
You need to automate the deployment of the Microsoft Monitoring Agent to all the servers by using an Azure Resource Manager template.
How should you complete the template? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 11:
You suspect that users are attempting to sign in to resources to which they have no access.
You need to create an Azure Log Analytics query to identify failed user sign-in attempts from the last three days. The results must only show users who had more than five failed sign in attempts.
How should you configure the query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
The following example identifies user accounts that failed to log in more than five times in the last day, and when they last attempted to log in.
let timeframe = 1d; SecurityEvent | where TimeGenerated > ago(1d) | where AccountType == \’User\’ and EventID == 4625 // 4625 – failed log in | summarize failed_login_attempts=count(), latest_failed_login=arg_max(TimeGenerated, Account) by Account | where failed_login_attempts > 5 | project-away Account1
References: https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/examples
Question 12:
You have an Azure subscription named Sub1 that is associated with an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to implement an application that will consist of the resources shown in the following table.
Users will authenticate by using their Azure AD user account and access the Cosmos DB account by using resource tokens.
You need to identify which tasks will be implemented in CosmosDB1 and WebApp1.
Which task should you identify for each resource? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
CosmosDB1: Create database users and generate resource tokens.
Azure Cosmos DB resource tokens provide a safe mechanism for allowing clients to read, write, and delete specific resources in an Azure Cosmos DB account according to the granted permissions.
WebApp1: Authenticate Azure AD users and relay resource tokens
A typical approach to requesting, generating, and delivering resource tokens to a mobile application is to use a resource token broker. The following diagram shows a high-level overview of how the sample application uses a resource token
broker to manage access to the document database data:
References: https://docs.microsoft.com/en-us/xamarin/xamarin-forms/data-cloud/cosmosdb/authentication
Question 13:
You need to create an Azure key vault. The solution must ensure that any object deleted from the key vault is retained for 90 days.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: -EnablePurgeProtection
If specified, protection against immediate deletion is enabled for this vault; requires soft deletion to be enabled as well.
Box 2: -EnableSoftDelete
Specifies that the soft-delete functionality is enabled for this key vault. When soft-delete is enabled, for a grace period, you can recover this key vault and its contents after it is deleted.
References:
https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/new-azurermkeyvault
Question 14:
You have the Azure Information Protection conditions shown in the following table.
You have the Azure Information Protection labels shown in the following table.
You need to identify how Azure Information Protection will label files.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: Label 2 only How multiple conditions are evaluated when they apply to more than one label
1.
The labels are ordered for evaluation, according to the position that you specify in the policy: The label positioned first has the lowest position (least sensitive) and the label positioned last has the highest position (most sensitive).
2.
The most sensitive label is applied.
3.
The last sublabel is applied.
Box 2: No Label
The automatic classification applies to Word, Excel, and PowerPoint when documents are saved and apply to Outlook when emails are sent. The automatic classification does not apply to Microsoft Notepad.
References:
https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-classification
Question 15:
HOTSPOT
You have an Azure subscription that contains the resources shown in the following table.
VM1 and VM2 are stopped.
You create an alert rule that has the following settings:
1.
Resource: RG1
2.
Condition: All Administrative operations
3.
Actions: Action groups configured for this alert rule: ActionGroup1
4.
Alert rule name: Alert1
You create an action rule that has the following settings:
1.
Scope: VM1
2.
Filter criteria: Resource Type = “Virtual Machines”
3.
Define this scope: Suppression
4.
Suppression config: From now (always)
5.
Name: ActionRule1
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Note: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1:
The scope for the action rule is set to VM1 and is set to suppress alerts indefinitely.
Box 2:
The scope for the action rule is not set to VM2.
Box 3:
Adding a tag is not an administrative operation.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-action-rules
You have an Azure subscription that contains an Azure key vault named Vault1. On January 1, 2019, Vault1 stores the following secrets.
Lead4Pass AZ-500 dumps share two study materials for free: you can download them online and practice exams online!
Now! Download the AZ-500 best practice solution! Use Lead4Pass AZ-500 dumps with PDF and VCE: https://www.leads4pass.com/az-500.html Contains 452 latest exam questions and answers to help you pass the exam 100%.
