Lead4Pass AZ-500 dumps with PDF and VCE are the best practice solution for the exam

az-500 dumps

Lead4Pass AZ-500 dumps are verified and audited by a Microsoft professional team, and they really meet the requirements of the AZ-500 certification exam, covering more than 95% of the exam questions in the exam room!

And, offer the most popular study methods: AZ-500 dumps PDF, and AZ-500 dumps VCE, both study formats contain the latest certification exam questions and answers!

Therefore, the best exam solution is to use AZ-500 dumps with PDF and VCE formats: https://www.leads4pass.com/az-500.html (452 Q&A), to help you practice easily and achieve exam success.

What’s more! Part of the Lead4Pass AZ-500 dumps exam questions online for free download: https://drive.google.com/file/d/12HPlwPFA8bYwDTYmJWUuclxtHvF2q-I2/

You can also practice some of the Lead4Pass AZ-500 dumps exam questions online

TypeNumber of exam questionsExam nameExam codeLast updated
Free15Microsoft Azure Security TechnologiesAZ-500AZ-500 dumps
Question 1:

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

AZ-500 dumps practice questions 1

You create and enforce an Azure AD Identity Protection user risk policy that has the following settings:

1.

Assignment: Include Group1, Exclude Group2

2.

Conditions: Sign-in risk of Medium and above

3.

Access: Allow access, Require password change

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

AZ-500 dumps practice questions 1-1

Correct Answer:

AZ-500 dumps practice answers 1

Box 1: Yes

User1 is a member of Group1. Sign-in from an unfamiliar location is a risk level Medium.

Box 2: Yes

User 2 is a member of Group 1. Sign-in from the anonymous IP address is a risk level Medium.

Box 3: No

Sign-ins from IP addresses with suspicious activity are low.

Note:

AZ-500 dumps practice answers 1-1

Azure AD Identity Protection can detect six types of suspicious sign-in activities: Users with leaked credentials Sign-ins from anonymous IP addresses Impossible travel to atypical locations Sign-ins from infected devices Sign-ins from IP addresses with suspicious activity Sign-ins from unfamiliar locations

These six types of events are categorized into 3 levels of risks – High, Medium, and; Low

References: http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/


Question 2:

You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

AZ-500 dumps practice questions 2

You configure an access review named Review1 as shown in the following exhibit.

AZ-500 dumps practice questions 2-1

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Hot Area:

AZ-500 dumps practice questions 2-2

Correct Answer:

AZ-500 dumps practice answers 2

Box 1: User3 only

Use the Members (self) option to have the users review their own role assignments.

Box 2: User3 will receive a confirmation request

Use the Should reviewer does not respond list to specify what happens for users that are not reviewed by the reviewer within the review period. This setting does not impact users who have been reviewed by the reviewers manually. If the final

reviewer\’s decision is Deny, then the user\’s access will be removed.

No change – Leave user\’s access unchanged

Remove access – Remove user\’s access

Approve access – Approve user\’s access

Take recommendations – Take the system\’s recommendation on denying or approving the user\’s continued access

References:

https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-start-security-review


Question 3:

Your company has two offices in Seattle and New York. Each office connects to the Internet by using a NAT device. The offices use the IP addresses shown in the following table.

AZ-500 dumps practice questions 5

The company has an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

AZ-500 dumps practice questions 3-1

The MFA service settings are configured as shown in the exhibit. (Click the Exhibit tab.)

AZ-500 dumps practice questions 3-2

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Hot Area:

AZ-500 dumps practice questions 3-3

Correct Answer:

AZ-500 dumps practice answers 3

Box 2: No

The use of Microsoft Authenticator is not required.

Note: Microsoft Authenticator is a multifactor app for mobile devices that generates time-based codes used during the Two-Step Verification process.

Box 3: No

The New York IP address subnet is included in the “skip multi-factor authentication for request.

References:

https://www.cayosoft.com/difference-enabling-enforcing-mfa/


Question 4:

You have an Azure Container Registry named Registry1.

You add role assignment for Registry1 as shown in the following table.

AZ-500 dumps practice questions 4

Which users can upload images to Registry1 and download images from Registry1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Hot Area:

AZ-500 dumps practice questions 4-1

Correct Answer:

AZ-500 dumps practice answers 4

Box 1: User1 and User4 only

Owner, Contributor and AcrPush can push images.

Box 2: User1, User2, and User4

All, except AcrImagineSigner, can download/pull images.

AZ-500 dumps practice questions 4-2

References: https://docs.microsoft.com/bs-latn-ba/azure/container-registry/container-registry-roles


Question 5:

You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server 2016.

You need to implement a policy to ensure that each virtual machine has a custom antimalware virtual machine extension installed.

How should you complete the policy? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

AZ-500 dumps practice questions 5

Correct Answer:

AZ-500 dumps practice answers 5

Box 1: DeployIfNotExists

DeployIfNotExists executes a template deployment when the condition is met.

Box 2: Template

The details property of the DeployIfNotExists effects has all the sub-properties that define the related resources to match and the template deployment to execute.

Deployment [required]

This property should include the full template deployment as it would be passed to Microsoft.Resources/deployment

References:

https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects


Question 6:

You have an Azure subscription that contains the virtual machines shown in the following table.

AZ-500 dumps practice questions 6

You create the Azure policies shown in the following table.

AZ-500 dumps practice questions 6-1

You create the resource locks shown in the following table.

AZ-500 dumps practice questions 6-2

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Hot Area:

AZ-500 dumps practice questions 6-3

Correct Answer:

AZ-500 dumps practice answers 6

1.) cannot perform write operation because the following scope(s) are locked:

\’subscriptions/xxxx/resourceGroups/xxx\’ Please remove the lock and try again.

2.) When creating a VM in a resource group with a Read Only lock an error is shown:

“The selected resource group is read-only”

3.) Because of the read-only lock virtual machines cannot be started nor stopped when the lock is added after the machine started. (not part of this use case, but still good to know.

The article referenced in the answer states differently because that is scoped to blueprints.

The Lock Resources page states the following regarding starting VMs:

“A ReadOnly lock on a resource group that contains a virtual machine prevents all users from starting or restarting the virtual machine. These operations require a POST request.”

References:

https://docs.microsoft.com/en-us/azure/governance/blueprints/concepts/resource-locking

https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources


Question 7:

You have an Azure subscription named Sub1.

You create a virtual network that contains one subnet. On the subnet, you provision the virtual machines shown in the following table.

AZ-500 dumps practice questions 7

Currently, you have not provisioned any network security groups (NSGs). You need to implement network security to meet the following requirements:

1.

Allow traffic to VM4 from VM3 only.

2.

Allow traffic from the Internet to VM1 and VM2 only.

3.

Minimize the number of NSGs and network security rules.

How many NSGs and network security rules should you create? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

AZ-500 dumps practice questions 7-1

Correct Answer:

AZ-500 dumps practice answers 7

NSGs: 2

Network security rules: 3

Note 2: You cannot specify multiple service tags or application groups) in a security rule.

References:

https://docs.microsoft.com/en-us/azure/virtual-network/security-overview


Question 8:

You have an Azure key vault.

You need to delegate administrative access to the key vault to meet the following requirements:

1.

Provide a user named User1 with the ability to set advanced access policies for the key vault.

2.

Provide a user named User2 with the ability to add and delete certificates in the key vault.

3.

Use the principle of least privilege.

What should you use to assign access to each user? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

AZ-500 dumps practice questions 8

Correct Answer:

AZ-500 dumps practice answers 8

User1: RBAC

RBAC is used as the Key Vault access control mechanism for the management plane. It would allow a user with the proper identity to:

1.

set Key Vault access policies

2.

create, read, update, and delete key vaults

3.

set Key Vault tags

Note: Role-based access control (RBAC) is a system that provides fine-grained access management of Azure resources. Using RBAC, you can segregate duties within your team and grant only the amount of access to users that they need to

perform their jobs.

User2: A key vault access policy

A key vault access policy is the access control mechanism to get access to the key vault data plane. Key Vault access policies grant permissions separately to keys, secrets, and certificates.

References:

https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault


Question 9:

You have two Azure virtual machines in the East US2 region as shown in the following table.

AZ-500 dumps practice questions 9

You deploy and configure an Azure Key vault.

You need to ensure that you can enable Azure Disk Encryption on VM1 and VM2.

What should you modify on each virtual machine? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

AZ-500 dumps practice questions 9-1

Correct Answer:

AZ-500 dumps practice answers 9

VM1: The Tier

The Tier needs to be upgraded to standard.

Disk Encryption for Windows and Linux IaaS VMs is in General Availability in all Azure public regions and Azure Government regions for Standard VMs and VMs with Azure Premium Storage.

VM2: The type

Need to change the VM type to any of A, D, DS, G, GS, F, and so on, series IaaS VMs.

Not the operating system version: Ubuntu 16.04 is supported.

References:

https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-overview

https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-faq#bkmk_LinuxOSSupport


Question 10:

You plan to use Azure Log Analytics to collect logs from 200 servers that run Windows Server 2016.

You need to automate the deployment of the Microsoft Monitoring Agent to all the servers by using an Azure Resource Manager template.

How should you complete the template? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

AZ-500 dumps practice questions 10

Correct Answer:

AZ-500 dumps practice answers 10

Reference: https://blogs.technet.microsoft.com/manageabilityguys/2015/11/19/enabling-the-microsoft-monitoring-agent-in-windows-json-templates/


Question 11:

You suspect that users are attempting to sign in to resources to which they have no access.

You need to create an Azure Log Analytics query to identify failed user sign-in attempts from the last three days. The results must only show users who had more than five failed sign in attempts.

How should you configure the query? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

AZ-500 dumps practice questions 11

Correct Answer:

AZ-500 dumps practice answers 11

The following example identifies user accounts that failed to log in more than five times in the last day, and when they last attempted to log in.

let timeframe = 1d; SecurityEvent | where TimeGenerated > ago(1d) | where AccountType == \’User\’ and EventID == 4625 // 4625 – failed log in | summarize failed_login_attempts=count(), latest_failed_login=arg_max(TimeGenerated, Account) by Account | where failed_login_attempts > 5 | project-away Account1

References: https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/examples


Question 12:

You have an Azure subscription named Sub1 that is associated with an Azure Active Directory (Azure AD) tenant named contoso.com.

You plan to implement an application that will consist of the resources shown in the following table.

AZ-500 dumps practice questions 12

Users will authenticate by using their Azure AD user account and access the Cosmos DB account by using resource tokens.

You need to identify which tasks will be implemented in CosmosDB1 and WebApp1.

Which task should you identify for each resource? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

AZ-500 dumps practice questions 12-1

Correct Answer:

AZ-500 dumps practice answers 12

CosmosDB1: Create database users and generate resource tokens.

Azure Cosmos DB resource tokens provide a safe mechanism for allowing clients to read, write, and delete specific resources in an Azure Cosmos DB account according to the granted permissions.

WebApp1: Authenticate Azure AD users and relay resource tokens

A typical approach to requesting, generating, and delivering resource tokens to a mobile application is to use a resource token broker. The following diagram shows a high-level overview of how the sample application uses a resource token

broker to manage access to the document database data:

AZ-500 dumps practice answers 12-1

References: https://docs.microsoft.com/en-us/xamarin/xamarin-forms/data-cloud/cosmosdb/authentication


Question 13:

You need to create an Azure key vault. The solution must ensure that any object deleted from the key vault is retained for 90 days.

How should you complete the command? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

AZ-500 dumps practice questions 13

Correct Answer:

AZ-500 dumps practice answers 13

Box 1: -EnablePurgeProtection

If specified, protection against immediate deletion is enabled for this vault; requires soft deletion to be enabled as well.

Box 2: -EnableSoftDelete

Specifies that the soft-delete functionality is enabled for this key vault. When soft-delete is enabled, for a grace period, you can recover this key vault and its contents after it is deleted.

References:

https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/new-azurermkeyvault


Question 14:

You have the Azure Information Protection conditions shown in the following table.

AZ-500 dumps practice questions 14

You have the Azure Information Protection labels shown in the following table.

AZ-500 dumps practice questions 14-1

You need to identify how Azure Information Protection will label files.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

AZ-500 dumps practice questions 14-2

Correct Answer:

AZ-500 dumps practice answers 14

Box 1: Label 2 only How multiple conditions are evaluated when they apply to more than one label

1.

The labels are ordered for evaluation, according to the position that you specify in the policy: The label positioned first has the lowest position (least sensitive) and the label positioned last has the highest position (most sensitive).

2.

The most sensitive label is applied.

3.

The last sublabel is applied.

Box 2: No Label

The automatic classification applies to Word, Excel, and PowerPoint when documents are saved and apply to Outlook when emails are sent. The automatic classification does not apply to Microsoft Notepad.

References:

https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-classification


Question 15:

HOTSPOT

You have an Azure subscription that contains the resources shown in the following table.

AZ-500 dumps practice questions 15

VM1 and VM2 are stopped.

You create an alert rule that has the following settings:

1.

Resource: RG1

2.

Condition: All Administrative operations

3.

Actions: Action groups configured for this alert rule: ActionGroup1

4.

Alert rule name: Alert1

You create an action rule that has the following settings:

1.

Scope: VM1

2.

Filter criteria: Resource Type = “Virtual Machines”

3.

Define this scope: Suppression

4.

Suppression config: From now (always)

5.

Name: ActionRule1

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Note: Each correct selection is worth one point.

Hot Area:

Correct Answer:

AZ-500 dumps practice answers 15

Box 1:

The scope for the action rule is set to VM1 and is set to suppress alerts indefinitely.

Box 2:

The scope for the action rule is not set to VM2.

Box 3:

Adding a tag is not an administrative operation.

References:

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-action-rules

You have an Azure subscription that contains an Azure key vault named Vault1. On January 1, 2019, Vault1 stores the following secrets.

AZ-500 dumps practice answers 15-1


 

Lead4Pass AZ-500 dumps share two study materials for free: you can download them online and practice exams online!

Now! Download the AZ-500 best practice solution! Use Lead4Pass AZ-500 dumps with PDF and VCE: https://www.leads4pass.com/az-500.html Contains 452 latest exam questions and answers to help you pass the exam 100%.

Author

  • ExamDumpsbase

    ExamDumpsBase: Free Microsoft Azure, Dynamics 365, Microsoft 365, Microsoft Graph, Windows, Microsoft Power Platform and other IT certification preparation materials to help you test and practice online, And share the advice for passing the exam, for more questions, you can send an email to [email protected]

    View all posts
ExamDumpsBase: Free Microsoft Azure, Dynamics 365, Microsoft 365, Microsoft Graph, Windows, Microsoft Power Platform and other IT certification preparation materials to help you test and practice online, And share the advice for passing the exam, for more questions, you can send an email to [email protected]