AZ-500 Exam Questions
626 real AZ-500 exam questions with expert-verified answers and explanations. Page 1 of 13.
- Question #1Secure identity and access
Case Study 1 - Litware, Inc Overview Litware, Inc. is a digital media company that has 500 employees in the Chicago area and 20 employees in the San Francisco area. Existing Enviro...
Azure AD GroupsGroup MembershipDynamic GroupsIdentity Management - Question #2Secure networking
Case Study 1 - Litware, Inc Overview Litware, Inc. is a digital media company that has 500 employees in the Chicago area and 20 employees in the San Francisco area. Existing Enviro...
Azure FirewallDNAT RulesNetwork Access ControlVirtual Machine Connectivity - Question #3Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Case Study 1 - Litware, Inc Overview Litware, Inc. is a digital media company that has 500 employees in the Chicago area and 20 employees in the San Francisco area. Existing Enviro...
Microsoft Defender for CloudPricing TiersSecurity ConfigurationOperating System Security - Question #4Secure compute, storage, and databases
Case Study 1 - Litware, Inc Overview Litware, Inc. is a digital media company that has 500 employees in the Chicago area and 20 employees in the San Francisco area. Existing Enviro...
App Service securityHTTPS enforcementClient certificate authenticationWeb application security - Question #5Secure compute, storage, and databases
Case Study 1 - Litware, Inc Overview Litware, Inc. is a digital media company that has 500 employees in the Chicago area and 20 employees in the San Francisco area. Existing Enviro...
Azure securitycase study - Question #6Secure identity and access
Case Study 1 - Litware, Inc Overview Litware, Inc. is a digital media company that has 500 employees in the Chicago area and 20 employees in the San Francisco area. Existing Enviro...
Azure SQL DatabaseAzure AD AuthenticationDatabase SecuritySQL Server Management Studio - Question #7Secure identity and access
Case Study 2 - Contoso, Ltd Overview Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The company hosts its...
Azure AD PIMRole assignmentGlobal AdministratorIdentity governance - Question #9Secure networking
Case Study 2 - Contoso, Ltd Overview Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The company hosts its...
Network Security GroupsAzure NetworkingNetwork ConnectivityFirewall Rules - Question #11Secure identity and access
Case Study 2 - Contoso, Ltd Overview Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The company hosts its...
Azure RBACAzure Resource LocksVirtual NetworksResource Management - Question #12Secure compute, storage, and databases
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some q...
Azure Storage SecurityShared Access Signatures (SAS)Access Revocation - Question #13Secure compute, storage, and databases
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some q...
Azure StorageShared Access Signature (SAS)Stored Access PolicyAccess Revocation - Question #14Secure identity and access
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some q...
Azure HDInsightHybrid IdentityAuthenticationOn-premises data gateway - Question #15Secure identity and access
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some q...
Hybrid IdentitySite-to-Site VPNHDInsight SecurityNetwork Connectivity - Question #16Secure identity and access
Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. You have an Azure subscription named Sub1 that is associated to an Azure Ac...
Azure AD ConnectAuthentication methodsHybrid identityPass-through Authentication (PTA) - Question #17Secure identity and access
Your network contains an on-premises Active Directory domain named corp.contoso.com. You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azur...
Azure AD ConnectSynchronization RulesIdentity ManagementAttribute Filtering - Question #18Secure identity and access
Your company plans to create separate subscriptions for each department. Each subscription will be associated to the same Azure Active Directory (Azure AD) tenant. You need to conf...
Azure BlueprintsRole AssignmentsAzure GovernanceSubscription Management - Question #19Secure compute, storage, and databases
You have an Azure subscription. You create an Azure web app named Contoso1812 that uses an S1 App service plan. URL. Which two actions should you perform? Each correct answer prese...
Azure Web AppsCustom DomainsSSL/TLS CertificatesApp Service Configuration - Question #20Secure networking
You have an Azure subscription named Sub1. Sub1 contains a virtual network named VNet1 that contains one subnet named Subnet1. You create a service endpoint for Subnet1. Subnet1 co...
Service EndpointsContainer NetworkingAzure VNet IntegrationDocker - Question #21Secure compute, storage, and databases
You have Azure Resource Manager templates that you use to deploy Azure virtual machines. You need to disable unused Windows features automatically as instances of the virtual machi...
Azure VMsConfiguration ManagementAzure Automation State ConfigurationDSC - Question #22Secure identity and access
You are configuring an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry. You need to use the auto-generated service principal to authenticate...
AKSACRAzure AD Role AssignmentService Principal - Question #23Secure compute, storage, and databases
You have an Azure virtual machines shown in the following table. You create an Azure Log Analytics workspace named Analytics1 in RG1 in the East US region. Which virtual machines c...
Azure Log AnalyticsVirtual Machine MonitoringData Collection ScopeMulti-Region Monitoring - Question #24Secure networking
You are testing an Azure Kubernetes Service (AKS) cluster. The cluster is configured as shown in the exhibit. You plan to deploy the cluster to production. You disable HTTP applica...
AKS IngressTLS TerminationApplication RoutingNetwork Security - Question #25Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. You are assigned the Global administrator role for th...
Sensitivity LabelsData ClassificationMicrosoft PurviewSensitive Information Types (SITs) - Question #26Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You have an Azure subscription named Sub1. In Azure Security Center, you have a security playbook named Play1. Play1 is configured to send an email message to a user named User1. Y...
Azure Security CenterMicrosoft Defender for CloudSecurity PlaybooksAzure Logic AppsSecurity Automation - Question #27Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You create a new Azure subscription. You need to ensure that you can create custom alert rules in Azure Security Center. Which two actions should you perform? Each correct answer p...
Microsoft Defender for CloudCustom AlertsLog AnalyticsPricing Tiers - Question #28Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
You have an Azure subscription named Sub1 that contains an Azure Log Analytics workspace named LAW1. You have 100 on-premises servers that run Windows Server 2012 R2 and Windows Se...
Azure Monitor AlertsMetric AlertsLog AnalyticsPerformance Counters - Question #29Secure identity and access
Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. The company develops an application named App...
Azure AD ApplicationsDelegated PermissionsAdmin ConsentKey Vault Access - Question #30Secure identity and access
Your company has an Azure subscription named Sub1 that is associated to an Azure Active Directory Azure (Azure AD) tenant named contoso.com. The company develops a mobile applicati...
Azure Active DirectoryApplication RegistrationOAuth 2.0Implicit Grant FlowRedirect URI - Question #31Secure identity and access
From the Azure portal, you are configuring an Azure policy. You plan to assign policies that use the DeployIfNotExist, AuditIfNotExist, Append, and Deny effects. Which effect requi...
Azure PolicyManaged IdentityPolicy EffectsDeployIfNotExist - Question #32Secure identity and access
You have an Azure subscription that contains an Azure key vault named Vault1. In Vault1, you create a secret named Secret1. An application developer registers an application in Azu...
Azure Key VaultSecrets managementApplication accessAccess policies - Question #33Secure compute, storage, and databases
You have an Azure SQL database. You implement Always Encrypted. You need to ensure that application developers can retrieve and decrypt data in the database. Which two pieces of in...
Azure SQL DatabaseAlways EncryptedData EncryptionKey Management - Question #34Secure identity and access
You have a hybrid configuration of Azure Active Directory (Azure AD). All users have computers that run Windows 10 and are hybrid Azure AD joined. You have an Azure SQL database th...
Azure AD AuthenticationHybrid Azure AD JoinSSMSSingle Sign-On - Question #35Secure compute, storage, and databases
You have an Azure SQL Database server named SQL1. You plan to turn on Advanced Threat Protection for SQL1 to detect all threat detection types. Which action will Advanced Threat Pr...
Azure SQL DatabaseAdvanced Threat ProtectionSQL InjectionDatabase Security - Question #36Secure identity and access
Your company uses Azure DevOps. You need to recommend a method to validate whether the code meets the company's quality standards and code review standards. What should you recomme...
Azure DevOpsBranch PoliciesCode QualityCode Review - Question #37Secure compute, storage, and databases
You have an Azure subscription named Subscription1. You deploy a Linux virtual machine named VM1 to Subscription1. You need to monitor the metrics and the logs of VM1. What should...
VM MonitoringLinux DiagnosticsAzure Extensions - Question #38Secure identity and access
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The User administrator role is assigned to a user named Admin1. An external partner has a Micros...
Azure AD B2BExternal collaboration settingsGuest usersRole-based access control - Question #39Implement and manage identity and access - specifically configuring Azure AD Identity Protection risk policies and understanding risk level classifications for conditional access implementation (Microsoft SC-300 / AZ-500)
Drag and Drop Question You are implementing conditional access policies. You must evaluate the existing Azure Active Directory (Azure AD) risk events and risk levels to configure a...
Azure AD Identity ProtectionConditional AccessRisk EventsZero Trust Security - Question #40Manage identity and access - Implement and manage Azure AD Identity Protection policies including user risk and sign-in risk policies with group inclusions and exclusions (Microsoft SC-300 / AZ-500)
Hotspot Question You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table. You create and enforce an Azure AD Ide...
Azure AD Identity ProtectionUser Risk PolicyConditional AccessGroup-based Policy Assignment - Question #41Implement and manage identity governance using Azure Active Directory access reviews, including configuring programs, controls, and reviewer assignments - typically covered under the 'Manage Access Reviews' or 'Identity Governance' domain of the SC-300 or AZ-500 certification.
Drag and Drop Question You need to configure an access review. The review will be assigned to a new collection of reviews and reviewed by resource owners. Which three actions shoul...
Azure AD Access ReviewsIdentity GovernancePrivileged Identity ManagementAzure Active Directory - Question #42Manage identity and access - Implement and manage Azure AD Identity Governance features, specifically configuring and managing access reviews including reviewer assignments and auto-apply settings (AZ-104 / SC-300 / MS-500)
Hotspot Question You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table. You configure an access review...
Azure AD Access ReviewsIdentity GovernanceAzure Active DirectoryPrivileged Identity Management - Question #43Implement and manage identity and access in Azure Active Directory - specifically configuring and enabling Privileged Identity Management (PIM) to secure privileged role access (AZ-500 / SC-300 domain: Manage Identity and Access)
Drag and Drop Question You create an Azure subscription. You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure...
Azure AD Privileged Identity ManagementPIM OnboardingIdentity GovernanceMulti-Factor Authentication - Question #44
Hotspot Question Your company has two offices in Seattle and New York. Each office connects to the Internet by using a NAT device. The offices use the IP addresses shown in the fol...
- Question #45
Hotspot Question You have an Azure Container Registry named Registry1. You add role assignment for Registry1 as shown in the following table. Which users can upload images to Regis...
- Question #46Design and Implement Azure Networking / Configure routing and traffic inspection with Azure Firewall in hub-and-spoke topologies (AZ-700 / AZ-104)
Drag and Drop Question You have an Azure subscription that contains the virtual networks shown in the following table. The Azure virtual machines on SpokeVNetSubnet0 can communicat...
Azure FirewallUser-Defined Routes (UDR)Hub-and-Spoke NetworkingBGP Route Propagation - Question #47
Hotspot Question You have an Azure subscription. The subscription contains Azure virtual machines that run Windows Server 2016. You need to implement a policy to ensure that each v...
- Question #48
Hotspot Question You have an Azure subscription that contains the virtual machines shown in the following table. You create the Azure policies shown in the following table. You cre...
- Question #49
Hotspot Question You have Azure virtual machines that have Update Management enabled. The virtual machines are configured as shown in the following table. You schedule two update d...
- Question #50Implement and manage virtual networking - specifically configuring Network Security Groups (NSGs) and security rules to control inbound and outbound traffic in Azure Virtual Networks, aligning with the AZ-104 'Configure and manage virtual networking' domain objective.
Hotspot Question You have an Azure subscription named Sub1. You create a virtual network that contains one subnet. On the subnet, you provision the virtual machines shown in the fo...
Network Security GroupsAzure Virtual NetworksNetwork Security RulesSubnet Security - Question #53
Hotspot Question You plan to use Azure Log Analytics to collect logs from 200 servers that run Windows Server 2016. You need to automate the deployment of the Microsoft Monitoring...
- Question #54
Hotspot Question You suspect that users are attempting to sign in to resources to which they have no access. You need to create an Azure Log Analytics query to identify failed user...