Informing all candidates for the 2022-2023 Microsoft Azure Security Technologies Exam: Use the latest updated Lead4Pass az-500 dumps: https://www.leads4pass.com/az-500.html to help you pass the exam successfully.
az-500 dumps contain 388 exam questions and answers, free updates for 365 days, and a 15% discount with promo code “Microsoft”.
Also, read some free Lead4Pass az-500 dumps exam questions and answers online
Number of exam questions | Exam name | Exam code | Last updated |
15 | Microsoft Azure Security Technologies | AZ-500 | az-500 dumps |
Question 1:
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen.
You use Azure Security Center for the centralized policy management of three Azure subscriptions.
You use several policy definitions to manage the security of the subscriptions.
You need to deploy the policy definitions as a group to all three subscriptions.
Solution: You create an initiative and an assignment that is scoped to a management group.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
References: https://docs.microsoft.com/en-us/azure/governance/policy/overview
Question 2:
You have an Azure Active Directory (Azure AD) tenant named Contoso.com and an Azure Kubernetes Service (AKS) cluster AKS1.
You discover that AKS1 cannot be accessed by user accounts from Contoso.com.
You need to ensure AKS1 can be accessed by user accounts from Contoso.com. The solution must minimize administrative effort.
What should you do first?
A. From Azure recreate AKS1.
B. From AKS1, upgrade the version of Kubernetes.
C. From Azure AD, implement Azure AD Premium.
D. From Azure AD, configure the User settings
Correct Answer: A
Reference: https://docs.microsoft.com/en-us/azure/aks/azure-ad-integration-cli
Question 3:
HOTSPOT
You are configuring just-in-time (JIT) VM access to a set of Azure virtual machines.
You need to grant users PowerShell access to the virtual machine by using JIT VM access.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 4:
You create an Azure subscription with Azure AD Premium P2.
You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure AD roles.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Question 5:
You have a web app named WebApp1.
You create a web application firewall (WAF) policy named WAF1.
You need to protect WebApp1 by using WAF1.
What should you do first?
A. Deploy an Azure Front Door.
B. Add an extension to WebApp1.
C. Deploy Azure Firewall.
Correct Answer: A
References: https://docs.microsoft.com/en-us/azure/frontdoor/quickstart-create-front-door
Question 6:
What is the membership of Group 1 and Group 2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Explanation:
Box 1: User1, User2, User3, User4
Contains “ON” is true for Montreal (User1), MONTREAL (User2), London (User 3), and Ontario (User4) as string and regex operations are not case sensitive.
Box 2: Only User3
Match “*on” is only true for London (User3).
Scenario:
Contoso.com contains the users shown in the following table.
Contoso.com contains the security groups shown in the following table.
References: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
Question 7:
You have an Azure subscription.
You plan to create a custom role-based access control (RBAC) role that will provide permission to read the Azure Storage account.
Which property of the RBAC role definition should you configure?
A. NotActions []
B. DataActions []
C. AssignableScopes []
D. Actions []
Correct Answer: D
To `Read a storage account\’, ie. list the blobs in the storage account, you need an `Action\’ permission. To read the data in a storage account, ie. open a blob, you need a `DataAction\’ permission.
Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/role-definitions
Question 8:
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named User1.
You plan to publish several apps in the tenant.
You need to ensure that User1 can grant admin consent for the published apps.
Which two possible user roles can you assign to User1 to achieve this goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Security Administrator
B. Cloud application administrator
C. Application administrator
D. User administrator
E. Application developer
Correct Answer: BC
Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent
Question 9:
You create a new Azure subscription that is associated with a new Azure Active Directory (Azure AD) tenant.
You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the Microsoft Azure Management cloud app.
The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.)
The Grant settings for Portal Policy are configured as shown in the Grant exhibit. (Click the Grant tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: No The Contoso location is excluded Box 2: Yes
Box 3: Yes Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
Question 10:
You have an Azure subscription that contains the Azure virtual machines shown in the following table.
You create an MDM Security Baseline profile named Profile1.
You need to identify to which virtual machines Profile1 can be applied.
Which virtual machines should you identify?
A. VM1 only
B. VM1, VM2, and VM3 only
C. VM1 and VM3 only
D. VM1, VM2, VM3, and VM4
Correct Answer: A
Reference: https://docs.microsoft.com/en-us/mem/intune/protect/security-baselines
Question 11:
SIMULATION
You need to prevent administrative users from accidentally deleting a virtual network named VNET1. The administrative users must be allowed to modify the settings of VNET1.
To complete this task, sign in to the Azure portal.
A. See the below.
Correct Answer: A
Explanation:
Locking prevents other users in your organization from accidentally deleting or modifying critical resources, such as Azure subscriptions, resource groups, or resources.
Note: In Azure, the term resource refers to an entity managed by Azure. For example, virtual machines, virtual networks, and storage accounts are all referred to as Azure resources.
1. In the Settings blade for virtual network VNET, select Locks.
2. To add a lock, select Add.
3. For Lock type select Delete lock, and click OK
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources
Question 12:
You onboard Azure Sentinel. You connect Azure Sentinel to Azure Security Center.
You need to automate the mitigation of incidents in Azure Sentinel. The solution must minimize administrative effort.
What should you create?
A. an alert rule
B. a playbook
C. a function app
D. a runbook
Correct Answer: B
Reference: https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook
Question 13:
You need to deploy Microsoft Antimalware to meet the platform protection requirements. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Question 14:
You create an Azure subscription.
You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure AD roles.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Step 1: Consent to PIM
Step: 2 Verify your identity by using multi-factor authentication (MFA)
Click Verify my identity to verify your identity with Azure MFA. You\’ll be asked to pick an account.
Step 3: Sign up PIM for Azure AD roles
Once you have enabled PIM for your directory, you\’ll need to sign up for PIM to manage Azure AD roles.
References:
Question 15:
DRAG DROP
You have an Azure Storage account named storage1 and an Azure virtual machine named VM1. VM1 has a premium SSD-managed disk.
You need to enable Azure Disk Encryption for VM1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-key-vault
…
Lead4Pass az-500 dumps meet the 2022-2023 Microsoft Azure Security Technologies certification exam criteria, download 2022-2023 az-500 dumps https://www.leads4pass.com/az-500.html,
Practice the latest 388 exam questions to help you pass the exam successfully on the first attempt.